googleauth 0.6.7 → 0.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/googleauth/credentials.rb +8 -0
- data/lib/googleauth/credentials_loader.rb +21 -8
- data/lib/googleauth/json_key_reader.rb +2 -1
- data/lib/googleauth/service_account.rb +15 -8
- data/lib/googleauth/user_refresh.rb +6 -1
- data/lib/googleauth/version.rb +1 -1
- data/spec/googleauth/credentials_spec.rb +7 -1
- data/spec/googleauth/get_application_default_spec.rb +3 -0
- data/spec/googleauth/service_account_spec.rb +49 -2
- data/spec/googleauth/user_refresh_spec.rb +27 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 105a3281fcd2fa4a6a90f122c62e3f852f9c116172edd83c9ac759a93ff8ba78
|
4
|
+
data.tar.gz: 40078f9fc7910a259496f600d84a50d97722e62cf5c125a9c74f1994a2620553
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8693833fa1fe3ae6a95e24e35131167ff0a8ecca9704038c93939d181360f9b75bb8d0987914daaf2cd804d7ae82b49e78df3a2d8084fc4dc8d0a620e2b7d21b
|
7
|
+
data.tar.gz: 8d1658ef226f85c084b317454bd24dda581eb439d89946fcbc1b3fa2f9393a086bb5b668cd2ba18d8eb8feb3323682101907651ce51aae3273de14c350d5f8f1
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
## 0.7.1 (2018/10/25)
|
2
|
+
|
3
|
+
* Make load_gcloud_project_id module function.
|
4
|
+
|
5
|
+
## 0.7.0 (2018/10/24)
|
6
|
+
|
7
|
+
* Add project_id instance variable to UserRefreshCredentials, ServiceAccountCredentials, and Credentials.
|
8
|
+
|
1
9
|
## 0.6.7 (2018/10/16)
|
2
10
|
|
3
11
|
* Update memoist dependency to ~> 0.16.
|
@@ -27,6 +27,8 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
+
# rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity, MethodLength
|
31
|
+
|
30
32
|
require 'forwardable'
|
31
33
|
require 'json'
|
32
34
|
require 'signet/oauth_2/client'
|
@@ -46,6 +48,7 @@ module Google
|
|
46
48
|
DEFAULT_PATHS = [].freeze
|
47
49
|
|
48
50
|
attr_accessor :client
|
51
|
+
attr_reader :project_id
|
49
52
|
|
50
53
|
# Delegate client methods to the client object.
|
51
54
|
extend Forwardable
|
@@ -56,19 +59,24 @@ module Google
|
|
56
59
|
def initialize(keyfile, options = {})
|
57
60
|
scope = options[:scope]
|
58
61
|
verify_keyfile_provided! keyfile
|
62
|
+
@project_id = options['project_id'] || options['project']
|
59
63
|
if keyfile.is_a? Signet::OAuth2::Client
|
60
64
|
@client = keyfile
|
65
|
+
@project_id ||= keyfile.project_id if keyfile.respond_to? :project_id
|
61
66
|
elsif keyfile.is_a? Hash
|
62
67
|
hash = stringify_hash_keys keyfile
|
63
68
|
hash['scope'] ||= scope
|
64
69
|
@client = init_client hash
|
70
|
+
@project_id ||= (hash['project_id'] || hash['project'])
|
65
71
|
else
|
66
72
|
verify_keyfile_exists! keyfile
|
67
73
|
json = JSON.parse ::File.read(keyfile)
|
68
74
|
json['scope'] ||= scope
|
75
|
+
@project_id ||= (json['project_id'] || json['project'])
|
69
76
|
@client = init_client json
|
70
77
|
end
|
71
78
|
CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id
|
79
|
+
@project_id ||= CredentialsLoader.load_gcloud_project_id
|
72
80
|
@client.fetch_access_token!
|
73
81
|
end
|
74
82
|
|
@@ -39,14 +39,17 @@ module Google
|
|
39
39
|
# credentials files on the file system.
|
40
40
|
module CredentialsLoader
|
41
41
|
extend Memoist
|
42
|
-
ENV_VAR
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
42
|
+
ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS'.freeze
|
43
|
+
PRIVATE_KEY_VAR = 'GOOGLE_PRIVATE_KEY'.freeze
|
44
|
+
CLIENT_EMAIL_VAR = 'GOOGLE_CLIENT_EMAIL'.freeze
|
45
|
+
CLIENT_ID_VAR = 'GOOGLE_CLIENT_ID'.freeze
|
46
|
+
CLIENT_SECRET_VAR = 'GOOGLE_CLIENT_SECRET'.freeze
|
47
|
+
REFRESH_TOKEN_VAR = 'GOOGLE_REFRESH_TOKEN'.freeze
|
48
|
+
ACCOUNT_TYPE_VAR = 'GOOGLE_ACCOUNT_TYPE'.freeze
|
49
|
+
PROJECT_ID_VAR = 'GOOGLE_PROJECT_ID'.freeze
|
50
|
+
GCLOUD_POSIX_COMMAND = 'gcloud'.freeze
|
51
|
+
GCLOUD_WINDOWS_COMMAND = 'gcloud.cmd'.freeze
|
52
|
+
GCLOUD_CONFIG_COMMAND = 'config config-helper --format json'.freeze
|
50
53
|
|
51
54
|
CREDENTIALS_FILE_NAME = 'application_default_credentials.json'.freeze
|
52
55
|
NOT_FOUND_ERROR =
|
@@ -136,6 +139,16 @@ module Google
|
|
136
139
|
end
|
137
140
|
module_function :warn_if_cloud_sdk_credentials
|
138
141
|
|
142
|
+
def load_gcloud_project_id
|
143
|
+
gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
|
144
|
+
gcloud = GCLOUD_POSIX_COMMAND unless OS.windows?
|
145
|
+
config = MultiJson.load(`#{gcloud} #{GCLOUD_CONFIG_COMMAND}`)
|
146
|
+
config['configuration']['properties']['core']['project']
|
147
|
+
rescue
|
148
|
+
warn 'Unable to determine project id.'
|
149
|
+
end
|
150
|
+
module_function :load_gcloud_project_id
|
151
|
+
|
139
152
|
private
|
140
153
|
|
141
154
|
def service_account_env_vars?
|
@@ -38,7 +38,8 @@ module Google
|
|
38
38
|
json_key = MultiJson.load(json_key_io.read)
|
39
39
|
raise 'missing client_email' unless json_key.key?('client_email')
|
40
40
|
raise 'missing private_key' unless json_key.key?('private_key')
|
41
|
-
|
41
|
+
project_id = json_key['project_id']
|
42
|
+
[json_key['private_key'], json_key['client_email'], project_id]
|
42
43
|
end
|
43
44
|
end
|
44
45
|
end
|
@@ -50,6 +50,7 @@ module Google
|
|
50
50
|
TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
|
51
51
|
extend CredentialsLoader
|
52
52
|
extend JsonKeyReader
|
53
|
+
attr_reader :project_id
|
53
54
|
|
54
55
|
# Creates a ServiceAccountCredentials.
|
55
56
|
#
|
@@ -58,17 +59,20 @@ module Google
|
|
58
59
|
def self.make_creds(options = {})
|
59
60
|
json_key_io, scope = options.values_at(:json_key_io, :scope)
|
60
61
|
if json_key_io
|
61
|
-
private_key, client_email = read_json_key(json_key_io)
|
62
|
+
private_key, client_email, project_id = read_json_key(json_key_io)
|
62
63
|
else
|
63
64
|
private_key = unescape ENV[CredentialsLoader::PRIVATE_KEY_VAR]
|
64
65
|
client_email = ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
|
66
|
+
project_id = ENV[CredentialsLoader::PROJECT_ID_VAR]
|
65
67
|
end
|
68
|
+
project_id ||= CredentialsLoader.load_gcloud_project_id
|
66
69
|
|
67
70
|
new(token_credential_uri: TOKEN_CRED_URI,
|
68
71
|
audience: TOKEN_CRED_URI,
|
69
72
|
scope: scope,
|
70
73
|
issuer: client_email,
|
71
|
-
signing_key: OpenSSL::PKey::RSA.new(private_key)
|
74
|
+
signing_key: OpenSSL::PKey::RSA.new(private_key),
|
75
|
+
project_id: project_id)
|
72
76
|
end
|
73
77
|
|
74
78
|
# Handles certain escape sequences that sometimes appear in input.
|
@@ -81,6 +85,7 @@ module Google
|
|
81
85
|
end
|
82
86
|
|
83
87
|
def initialize(options = {})
|
88
|
+
@project_id = options[:project_id]
|
84
89
|
super(options)
|
85
90
|
end
|
86
91
|
|
@@ -126,6 +131,7 @@ module Google
|
|
126
131
|
EXPIRY = 60
|
127
132
|
extend CredentialsLoader
|
128
133
|
extend JsonKeyReader
|
134
|
+
attr_reader :project_id
|
129
135
|
|
130
136
|
# make_creds proxies the construction of a credentials instance
|
131
137
|
#
|
@@ -144,14 +150,15 @@ module Google
|
|
144
150
|
def initialize(options = {})
|
145
151
|
json_key_io = options[:json_key_io]
|
146
152
|
if json_key_io
|
147
|
-
private_key,
|
153
|
+
@private_key, @issuer, @project_id =
|
154
|
+
self.class.read_json_key(json_key_io)
|
148
155
|
else
|
149
|
-
private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR]
|
150
|
-
|
156
|
+
@private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR]
|
157
|
+
@issuer = ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
|
158
|
+
@project_id = ENV[CredentialsLoader::PROJECT_ID_VAR]
|
151
159
|
end
|
152
|
-
@
|
153
|
-
@
|
154
|
-
@signing_key = OpenSSL::PKey::RSA.new(private_key)
|
160
|
+
@project_id ||= CredentialsLoader.load_gcloud_project_id
|
161
|
+
@signing_key = OpenSSL::PKey::RSA.new(@private_key)
|
155
162
|
end
|
156
163
|
|
157
164
|
# Construct a jwt token if the JWT_AUD_URI key is present in the input
|
@@ -50,6 +50,7 @@ module Google
|
|
50
50
|
AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze
|
51
51
|
REVOKE_TOKEN_URI = 'https://oauth2.googleapis.com/revoke'.freeze
|
52
52
|
extend CredentialsLoader
|
53
|
+
attr_reader :project_id
|
53
54
|
|
54
55
|
# Create a UserRefreshCredentials.
|
55
56
|
#
|
@@ -61,13 +62,15 @@ module Google
|
|
61
62
|
user_creds ||= {
|
62
63
|
'client_id' => ENV[CredentialsLoader::CLIENT_ID_VAR],
|
63
64
|
'client_secret' => ENV[CredentialsLoader::CLIENT_SECRET_VAR],
|
64
|
-
'refresh_token' => ENV[CredentialsLoader::REFRESH_TOKEN_VAR]
|
65
|
+
'refresh_token' => ENV[CredentialsLoader::REFRESH_TOKEN_VAR],
|
66
|
+
'project_id' => ENV[CredentialsLoader::PROJECT_ID_VAR]
|
65
67
|
}
|
66
68
|
|
67
69
|
new(token_credential_uri: TOKEN_CRED_URI,
|
68
70
|
client_id: user_creds['client_id'],
|
69
71
|
client_secret: user_creds['client_secret'],
|
70
72
|
refresh_token: user_creds['refresh_token'],
|
73
|
+
project_id: user_creds['project_id'],
|
71
74
|
scope: scope)
|
72
75
|
end
|
73
76
|
|
@@ -86,6 +89,8 @@ module Google
|
|
86
89
|
options ||= {}
|
87
90
|
options[:token_credential_uri] ||= TOKEN_CRED_URI
|
88
91
|
options[:authorization_uri] ||= AUTHORIZATION_URI
|
92
|
+
@project_id = options[:project_id]
|
93
|
+
@project_id ||= CredentialsLoader.load_gcloud_project_id
|
89
94
|
super(options)
|
90
95
|
end
|
91
96
|
|
data/lib/googleauth/version.rb
CHANGED
@@ -40,7 +40,8 @@ describe Google::Auth::Credentials, :private do
|
|
40
40
|
'private_key' => "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAOyi0Hy1l4Ym2m2o71Q0TF4O9E81isZEsX0bb+Bqz1SXEaSxLiXM\nUZE8wu0eEXivXuZg6QVCW/5l+f2+9UPrdNUCAwEAAQJAJkqubA/Chj3RSL92guy3\nktzeodarLyw8gF8pOmpuRGSiEo/OLTeRUMKKD1/kX4f9sxf3qDhB4e7dulXR1co/\nIQIhAPx8kMW4XTTL6lJYd2K5GrH8uBMp8qL5ya3/XHrBgw3dAiEA7+3Iw3ULTn2I\n1J34WlJ2D5fbzMzB4FAHUNEV7Ys3f1kCIQDtUahCMChrl7+H5t9QS+xrn77lRGhs\nB50pjvy95WXpgQIhAI2joW6JzTfz8fAapb+kiJ/h9Vcs1ZN3iyoRlNFb61JZAiA8\nNy5NyNrMVwtB/lfJf1dAK/p/Bwd8LZLtgM6PapRfgw==\n-----END RSA PRIVATE KEY-----\n",
|
41
41
|
'client_email' => 'credz-testabc1234567890xyz@developer.gserviceaccount.com',
|
42
42
|
'client_id' => 'credz-testabc1234567890xyz.apps.googleusercontent.com',
|
43
|
-
'type' => 'service_account'
|
43
|
+
'type' => 'service_account',
|
44
|
+
'project_id' => 'a_project_id'
|
44
45
|
}
|
45
46
|
end
|
46
47
|
|
@@ -110,6 +111,7 @@ describe Google::Auth::Credentials, :private do
|
|
110
111
|
creds = TestCredentials.default
|
111
112
|
expect(creds).to be_a_kind_of(TestCredentials)
|
112
113
|
expect(creds.client).to eq(mocked_signet)
|
114
|
+
expect(creds.project_id).to eq(default_keyfile_hash['project_id'])
|
113
115
|
end
|
114
116
|
|
115
117
|
it 'subclasses can use PATH_ENV_VARS to get keyfile path' do
|
@@ -142,6 +144,7 @@ describe Google::Auth::Credentials, :private do
|
|
142
144
|
creds = TestCredentials.default
|
143
145
|
expect(creds).to be_a_kind_of(TestCredentials)
|
144
146
|
expect(creds.client).to eq(mocked_signet)
|
147
|
+
expect(creds.project_id).to eq(default_keyfile_hash['project_id'])
|
145
148
|
end
|
146
149
|
|
147
150
|
it 'subclasses can use JSON_ENV_VARS to get keyfile contents' do
|
@@ -173,6 +176,7 @@ describe Google::Auth::Credentials, :private do
|
|
173
176
|
creds = TestCredentials.default
|
174
177
|
expect(creds).to be_a_kind_of(TestCredentials)
|
175
178
|
expect(creds.client).to eq(mocked_signet)
|
179
|
+
expect(creds.project_id).to eq(default_keyfile_hash['project_id'])
|
176
180
|
end
|
177
181
|
|
178
182
|
it 'subclasses can use DEFAULT_PATHS to get keyfile path' do
|
@@ -205,6 +209,7 @@ describe Google::Auth::Credentials, :private do
|
|
205
209
|
creds = TestCredentials.default
|
206
210
|
expect(creds).to be_a_kind_of(TestCredentials)
|
207
211
|
expect(creds.client).to eq(mocked_signet)
|
212
|
+
expect(creds.project_id).to eq(default_keyfile_hash['project_id'])
|
208
213
|
end
|
209
214
|
|
210
215
|
it 'subclasses that find no matches default to Google::Auth.get_application_default' do
|
@@ -243,6 +248,7 @@ describe Google::Auth::Credentials, :private do
|
|
243
248
|
creds = TestCredentials.default
|
244
249
|
expect(creds).to be_a_kind_of(TestCredentials)
|
245
250
|
expect(creds.client).to eq(mocked_signet)
|
251
|
+
expect(creds.project_id).to eq(default_keyfile_hash['project_id'])
|
246
252
|
end
|
247
253
|
|
248
254
|
it 'warns when cloud sdk credentials are used' do
|
@@ -35,6 +35,7 @@ require 'faraday'
|
|
35
35
|
require 'fakefs/safe'
|
36
36
|
require 'googleauth'
|
37
37
|
require 'spec_helper'
|
38
|
+
require 'os'
|
38
39
|
|
39
40
|
describe '#get_application_default' do
|
40
41
|
# Pass unique options each time to bypass memoization
|
@@ -173,6 +174,7 @@ describe '#get_application_default' do
|
|
173
174
|
ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
|
174
175
|
ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
|
175
176
|
ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
|
177
|
+
ENV[PROJECT_ID_VAR] = 'a_project_id'
|
176
178
|
expect { Google::Auth.get_application_default @scope, options }.to output(
|
177
179
|
Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
|
178
180
|
).to_stderr
|
@@ -260,6 +262,7 @@ describe '#get_application_default' do
|
|
260
262
|
end
|
261
263
|
|
262
264
|
it 'fails if env vars are set' do
|
265
|
+
ENV[ENV_VAR] = nil
|
263
266
|
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
264
267
|
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
265
268
|
expect do
|
@@ -116,7 +116,8 @@ describe Google::Auth::ServiceAccountCredentials do
|
|
116
116
|
private_key: @key.to_pem,
|
117
117
|
client_email: client_email,
|
118
118
|
client_id: 'app.apps.googleusercontent.com',
|
119
|
-
type: 'service_account'
|
119
|
+
type: 'service_account',
|
120
|
+
project_id: 'a_project_id'
|
120
121
|
}
|
121
122
|
end
|
122
123
|
|
@@ -213,6 +214,15 @@ describe Google::Auth::ServiceAccountCredentials do
|
|
213
214
|
expect(@clz.from_env(@scope)).to_not be_nil
|
214
215
|
end
|
215
216
|
|
217
|
+
it 'sets project_id when the PROJECT_ID_VAR env var is set' do
|
218
|
+
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
219
|
+
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
220
|
+
ENV[PROJECT_ID_VAR] = cred_json[:project_id]
|
221
|
+
ENV[ENV_VAR] = nil
|
222
|
+
credentials = @clz.from_env(@scope)
|
223
|
+
expect(credentials.project_id).to eq(cred_json[:project_id])
|
224
|
+
end
|
225
|
+
|
216
226
|
it 'succeeds when GOOGLE_PRIVATE_KEY is escaped' do
|
217
227
|
escaped_key = cred_json[:private_key].gsub "\n", '\n'
|
218
228
|
ENV[PRIVATE_KEY_VAR] = "\"#{escaped_key}\""
|
@@ -251,6 +261,19 @@ describe Google::Auth::ServiceAccountCredentials do
|
|
251
261
|
expect(@clz.from_well_known_path(@scope)).to_not be_nil
|
252
262
|
end
|
253
263
|
end
|
264
|
+
|
265
|
+
it 'successfully sets project_id when file is present' do
|
266
|
+
Dir.mktmpdir do |dir|
|
267
|
+
key_path = File.join(dir, '.config', @known_path)
|
268
|
+
key_path = File.join(dir, WELL_KNOWN_PATH) if OS.windows?
|
269
|
+
FileUtils.mkdir_p(File.dirname(key_path))
|
270
|
+
File.write(key_path, cred_json_text)
|
271
|
+
ENV['HOME'] = dir
|
272
|
+
ENV['APPDATA'] = dir
|
273
|
+
credentials = @clz.from_well_known_path(@scope)
|
274
|
+
expect(credentials.project_id).to eq(cred_json[:project_id])
|
275
|
+
end
|
276
|
+
end
|
254
277
|
end
|
255
278
|
|
256
279
|
describe '#from_system_default_path' do
|
@@ -297,7 +320,8 @@ describe Google::Auth::ServiceAccountJwtHeaderCredentials do
|
|
297
320
|
private_key: @key.to_pem,
|
298
321
|
client_email: client_email,
|
299
322
|
client_id: 'app.apps.googleusercontent.com',
|
300
|
-
type: 'service_account'
|
323
|
+
type: 'service_account',
|
324
|
+
project_id: 'a_project_id'
|
301
325
|
}
|
302
326
|
end
|
303
327
|
|
@@ -358,6 +382,16 @@ describe Google::Auth::ServiceAccountJwtHeaderCredentials do
|
|
358
382
|
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
359
383
|
expect(clz.from_env(@scope)).to_not be_nil
|
360
384
|
end
|
385
|
+
|
386
|
+
it 'sets project_id when the PROJECT_ID_VAR env var is set' do
|
387
|
+
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
388
|
+
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
389
|
+
ENV[PROJECT_ID_VAR] = cred_json[:project_id]
|
390
|
+
ENV[ENV_VAR] = nil
|
391
|
+
credentials = clz.from_env(@scope)
|
392
|
+
expect(credentials).to_not be_nil
|
393
|
+
expect(credentials.project_id).to eq(cred_json[:project_id])
|
394
|
+
end
|
361
395
|
end
|
362
396
|
|
363
397
|
describe '#from_well_known_path' do
|
@@ -387,5 +421,18 @@ describe Google::Auth::ServiceAccountJwtHeaderCredentials do
|
|
387
421
|
expect(clz.from_well_known_path).to_not be_nil
|
388
422
|
end
|
389
423
|
end
|
424
|
+
|
425
|
+
it 'successfully sets project_id when file is present' do
|
426
|
+
Dir.mktmpdir do |dir|
|
427
|
+
key_path = File.join(dir, '.config', WELL_KNOWN_PATH)
|
428
|
+
key_path = File.join(dir, WELL_KNOWN_PATH) if OS.windows?
|
429
|
+
FileUtils.mkdir_p(File.dirname(key_path))
|
430
|
+
File.write(key_path, cred_json_text)
|
431
|
+
ENV['HOME'] = dir
|
432
|
+
ENV['APPDATA'] = dir
|
433
|
+
credentials = clz.from_well_known_path(@scope)
|
434
|
+
expect(credentials.project_id).to eq(cred_json[:project_id])
|
435
|
+
end
|
436
|
+
end
|
390
437
|
end
|
391
438
|
end
|
@@ -94,6 +94,7 @@ describe Google::Auth::UserRefreshCredentials do
|
|
94
94
|
@credential_vars.each { |var| @original_env_vals[var] = ENV[var] }
|
95
95
|
@scope = 'https://www.googleapis.com/auth/userinfo.profile'
|
96
96
|
@clz = UserRefreshCredentials
|
97
|
+
@project_id = 'a_project_id'
|
97
98
|
end
|
98
99
|
|
99
100
|
after(:example) do
|
@@ -140,6 +141,7 @@ describe Google::Auth::UserRefreshCredentials do
|
|
140
141
|
|
141
142
|
it 'succeeds when GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, and '\
|
142
143
|
'GOOGLE_REFRESH_TOKEN env vars are valid' do
|
144
|
+
ENV[ENV_VAR] = nil
|
143
145
|
ENV[CLIENT_ID_VAR] = cred_json[:client_id]
|
144
146
|
ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
|
145
147
|
ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
|
@@ -150,6 +152,17 @@ describe Google::Auth::UserRefreshCredentials do
|
|
150
152
|
expect(creds.client_secret).to eq(cred_json[:client_secret])
|
151
153
|
expect(creds.refresh_token).to eq(cred_json[:refresh_token])
|
152
154
|
end
|
155
|
+
|
156
|
+
it 'sets project_id when the PROJECT_ID_VAR env var is set' do
|
157
|
+
ENV[ENV_VAR] = nil
|
158
|
+
ENV[CLIENT_ID_VAR] = cred_json[:client_id]
|
159
|
+
ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
|
160
|
+
ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
|
161
|
+
ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
|
162
|
+
ENV[PROJECT_ID_VAR] = @project_id
|
163
|
+
creds = @clz.from_env(@scope)
|
164
|
+
expect(creds.project_id).to eq(@project_id)
|
165
|
+
end
|
153
166
|
end
|
154
167
|
|
155
168
|
describe '#from_well_known_path' do
|
@@ -198,6 +211,20 @@ describe Google::Auth::UserRefreshCredentials do
|
|
198
211
|
expect(@clz.from_well_known_path(@scope)).to_not be_nil
|
199
212
|
end
|
200
213
|
end
|
214
|
+
|
215
|
+
it 'checks gcloud config for project_id if none was provided' do
|
216
|
+
Dir.mktmpdir do |dir|
|
217
|
+
key_path = File.join(dir, '.config', @known_path)
|
218
|
+
key_path = File.join(dir, @known_path) if OS.windows?
|
219
|
+
FileUtils.mkdir_p(File.dirname(key_path))
|
220
|
+
File.write(key_path, cred_json_text)
|
221
|
+
ENV['HOME'] = dir
|
222
|
+
ENV['APPDATA'] = dir
|
223
|
+
ENV[PROJECT_ID_VAR] = nil
|
224
|
+
expect(Google::Auth::CredentialsLoader).to receive(:load_gcloud_project_id).with(no_args)
|
225
|
+
@clz.from_well_known_path(@scope)
|
226
|
+
end
|
227
|
+
end
|
201
228
|
end
|
202
229
|
|
203
230
|
describe '#from_system_default_path' do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: googleauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Emiola
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-10-
|
11
|
+
date: 2018-10-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|