googleauth 1.5.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/googleauth/external_account/aws_credentials.rb +3 -11
  4. data/lib/googleauth/external_account.rb +0 -41
  5. data/lib/googleauth/version.rb +1 -1
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 42581efbf67b1cafdcdcd18cd227d22b5d456d695f3b5cfaa089f4121c17bce2
4
- data.tar.gz: 968618cfa8048d5c246c83acc769b19c3f258958e21810481464d1b297d651bc
3
+ metadata.gz: 553d9c5927ca82c62dafc3a90529029ffd7813d99a9ae4ae146ae27370beb631
4
+ data.tar.gz: 55b33ba8e1ea2cf72f1f0c6c3c356ca825a4d575d8ac5665dc038118fc635198
5
5
  SHA512:
6
- metadata.gz: 392dc977400f0229fd416cdcd2d5ed60fa0a8592926c622fed3dea2ba6ba1e083169d978c7a48d4e895014909352196fca56ac8c21df1f0b3694e55439cfedb2
7
- data.tar.gz: 1a33a41171c9963196f833fa83702d61af6e335b677a229bf0f93316e7f0272f9b211f00fc7e180c4f07e1e7dd5ffbe29b484f5cd72578a49096046c6d017fc4
6
+ metadata.gz: 73a897d4813f5f016b252a299d126535fa32f017aa40ac7ac67200bef1332696298e2e082c279c3b8b850ca1d93d46f8a56f75d5c3ab408c33db391572944af7
7
+ data.tar.gz: b0d137864100e7e16ae1bac0b22ca7b2b09b5a9724692ed794170dbd712bc16b6ef00ad0913c47620d6df3e7324ce5a54484e2e4f9dfe06f999ebbeffd3c6007
data/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # Release History
2
2
 
3
+ ### 1.5.1 (2023-04-10)
4
+
5
+ #### Bug Fixes
6
+
7
+ * Remove external account config validation ([#427](https://github.com/googleapis/google-auth-library-ruby/issues/427))
8
+
3
9
  ### 1.5.0 (2023-03-21)
4
10
 
5
11
  #### Features
data/lib/googleauth/external_account/aws_credentials.rb CHANGED
@@ -38,11 +38,10 @@ module Google
38
38
  @audience = options[:audience]
39
39
  @credential_source = options[:credential_source] || {}
40
40
  @environment_id = @credential_source["environment_id"]
41
- @region_url = validate_metadata_server @credential_source["region_url"], "region_url"
42
- @credential_verification_url = validate_metadata_server @credential_source["url"], "url"
41
+ @region_url = @credential_source["region_url"]
42
+ @credential_verification_url = @credential_source["url"]
43
43
  @regional_cred_verification_url = @credential_source["regional_cred_verification_url"]
44
- @imdsv2_session_token_url = validate_metadata_server @credential_source["imdsv2_session_token_url"],
45
- "imdsv2_session_token_url"
44
+ @imdsv2_session_token_url = @credential_source["imdsv2_session_token_url"]
46
45
 
47
46
  # These will be lazily loaded when needed, or will raise an error if not provided
48
47
  @region = nil
@@ -105,13 +104,6 @@ module Google
105
104
 
106
105
  private
107
106
 
108
- def validate_metadata_server url, name
109
- return nil if url.nil?
110
- host = URI(url).host
111
- raise "Invalid host #{host} for #{name}." unless ["169.254.169.254", "[fd00:ec2::254]"].include? host
112
- url
113
- end
114
-
115
107
  def get_aws_resource url, name, data: nil, headers: {}
116
108
  begin
117
109
  unless [nil, url].include? @imdsv2_session_token_url
data/lib/googleauth/external_account.rb CHANGED
@@ -30,22 +30,6 @@ module Google
30
30
  AWS_SUBJECT_TOKEN_TYPE = "urn:ietf:params:aws:token-type:aws4_request".freeze
31
31
  AWS_SUBJECT_TOKEN_INVALID = "aws is the only currently supported external account type".freeze
32
32
 
33
- TOKEN_URL_PATTERNS = [
34
- /^[^.\s\/\\]+\.sts(?:\.mtls)?\.googleapis\.com$/,
35
- /^sts(?:\.mtls)?\.googleapis\.com$/,
36
- /^sts\.[^.\s\/\\]+(?:\.mtls)?\.googleapis\.com$/,
37
- /^[^.\s\/\\]+-sts(?:\.mtls)?\.googleapis\.com$/,
38
- /^sts-[^.\s\/\\]+\.p(?:\.mtls)?\.googleapis\.com$/
39
- ].freeze
40
-
41
- SERVICE_ACCOUNT_IMPERSONATION_URL_PATTERNS = [
42
- /^[^.\s\/\\]+\.iamcredentials\.googleapis\.com$/.freeze,
43
- /^iamcredentials\.googleapis\.com$/.freeze,
44
- /^iamcredentials\.[^.\s\/\\]+\.googleapis\.com$/.freeze,
45
- /^[^.\s\/\\]+-iamcredentials\.googleapis\.com$/.freeze,
46
- /^iamcredentials-[^.\s\/\\]+\.p\.googleapis\.com$/.freeze
47
- ].freeze
48
-
49
33
  # Create a ExternalAccount::Credentials
50
34
  #
51
35
  # @param json_key_io [IO] an IO from which the JSON key can be read
@@ -56,11 +40,6 @@ module Google
56
40
  raise "A json file is required for external account credentials." unless json_key_io
57
41
  user_creds = read_json_key json_key_io
58
42
 
59
- raise "The provided token URL is invalid." unless is_token_url_valid? user_creds["token_url"]
60
- unless is_service_account_impersonation_url_valid? user_creds["service_account_impersonation_url"]
61
- raise "The provided service account impersonation url is invalid."
62
- end
63
-
64
43
  # TODO: check for other External Account Credential types. Currently only AWS is supported.
65
44
  raise AWS_SUBJECT_TOKEN_INVALID unless user_creds["subject_token_type"] == AWS_SUBJECT_TOKEN_TYPE
66
45
 
@@ -85,26 +64,6 @@ module Google
85
64
  end
86
65
  json_key
87
66
  end
88
-
89
- def self.is_valid_url? url, valid_hostnames
90
- begin
91
- uri = URI(url)
92
- rescue URI::InvalidURIError, ArgumentError
93
- return false
94
- end
95
-
96
- return false unless uri.scheme == "https"
97
-
98
- valid_hostnames.any? { |hostname| hostname =~ uri.host }
99
- end
100
-
101
- def self.is_token_url_valid? url
102
- is_valid_url? url, TOKEN_URL_PATTERNS
103
- end
104
-
105
- def self.is_service_account_impersonation_url_valid? url
106
- !url or is_valid_url? url, SERVICE_ACCOUNT_IMPERSONATION_URL_PATTERNS
107
- end
108
67
  end
109
68
  end
110
69
  end
data/lib/googleauth/version.rb CHANGED
@@ -16,6 +16,6 @@ module Google
16
16
  # Module Auth provides classes that provide Google-specific authorization
17
17
  # used to access Google APIs.
18
18
  module Auth
19
- VERSION = "1.5.0".freeze
19
+ VERSION = "1.5.1".freeze
20
20
  end
21
21
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: googleauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Emiola
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-22 00:00:00.000000000 Z
11
+ date: 2023-04-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -168,7 +168,7 @@ metadata:
168
168
  changelog_uri: https://github.com/googleapis/google-auth-library-ruby/blob/main/CHANGELOG.md
169
169
  source_code_uri: https://github.com/googleapis/google-auth-library-ruby
170
170
  bug_tracker_uri: https://github.com/googleapis/google-auth-library-ruby/issues
171
- post_install_message:
171
+ post_install_message:
172
172
  rdoc_options: []
173
173
  require_paths:
174
174
  - lib
@@ -183,8 +183,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
183
183
  - !ruby/object:Gem::Version
184
184
  version: '0'
185
185
  requirements: []
186
- rubygems_version: 3.3.26
187
- signing_key:
186
+ rubygems_version: 3.4.2
187
+ signing_key:
188
188
  specification_version: 4
189
189
  summary: Google Auth Library for Ruby
190
190
  test_files: []