sitefull-cloud 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.codeclimate.yml +25 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.rubocop.yml +1152 -0
- data/.travis.yml +7 -0
- data/CODE_OF_CONDUCT.md +49 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +157 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/sitefull-cloud/auth/amazon.rb +53 -0
- data/lib/sitefull-cloud/auth/azure.rb +49 -0
- data/lib/sitefull-cloud/auth/base.rb +33 -0
- data/lib/sitefull-cloud/auth/google.rb +41 -0
- data/lib/sitefull-cloud/auth.rb +41 -0
- data/lib/sitefull-cloud/mock.rb +9 -0
- data/lib/sitefull-cloud/provider/amazon/networking.rb +87 -0
- data/lib/sitefull-cloud/provider/amazon.rb +61 -0
- data/lib/sitefull-cloud/provider/azure.rb +47 -0
- data/lib/sitefull-cloud/provider/base.rb +21 -0
- data/lib/sitefull-cloud/provider/google.rb +86 -0
- data/lib/sitefull-cloud/provider/mock.rb +41 -0
- data/lib/sitefull-cloud/provider.rb +44 -0
- data/lib/sitefull-cloud/version.rb +5 -0
- data/lib/sitefull-cloud.rb +23 -0
- data/sitefull-cloud.gemspec +40 -0
- metadata +254 -0
data/.travis.yml
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# Contributor Code of Conduct
|
2
|
+
|
3
|
+
As contributors and maintainers of this project, and in the interest of
|
4
|
+
fostering an open and welcoming community, we pledge to respect all people who
|
5
|
+
contribute through reporting issues, posting feature requests, updating
|
6
|
+
documentation, submitting pull requests or patches, and other activities.
|
7
|
+
|
8
|
+
We are committed to making participation in this project a harassment-free
|
9
|
+
experience for everyone, regardless of level of experience, gender, gender
|
10
|
+
identity and expression, sexual orientation, disability, personal appearance,
|
11
|
+
body size, race, ethnicity, age, religion, or nationality.
|
12
|
+
|
13
|
+
Examples of unacceptable behavior by participants include:
|
14
|
+
|
15
|
+
* The use of sexualized language or imagery
|
16
|
+
* Personal attacks
|
17
|
+
* Trolling or insulting/derogatory comments
|
18
|
+
* Public or private harassment
|
19
|
+
* Publishing other's private information, such as physical or electronic
|
20
|
+
addresses, without explicit permission
|
21
|
+
* Other unethical or unprofessional conduct
|
22
|
+
|
23
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
24
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
25
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
26
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
27
|
+
threatening, offensive, or harmful.
|
28
|
+
|
29
|
+
By adopting this Code of Conduct, project maintainers commit themselves to
|
30
|
+
fairly and consistently applying these principles to every aspect of managing
|
31
|
+
this project. Project maintainers who do not follow or enforce the Code of
|
32
|
+
Conduct may be permanently removed from the project team.
|
33
|
+
|
34
|
+
This code of conduct applies both within project spaces and in public spaces
|
35
|
+
when an individual is representing the project or its community.
|
36
|
+
|
37
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
38
|
+
reported by contacting a project maintainer at stanchino@gmail.com. All
|
39
|
+
complaints will be reviewed and investigated and will result in a response that
|
40
|
+
is deemed necessary and appropriate to the circumstances. Maintainers are
|
41
|
+
obligated to maintain confidentiality with regard to the reporter of an
|
42
|
+
incident.
|
43
|
+
|
44
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
45
|
+
version 1.3.0, available at
|
46
|
+
[http://contributor-covenant.org/version/1/3/0/][version]
|
47
|
+
|
48
|
+
[homepage]: http://contributor-covenant.org
|
49
|
+
[version]: http://contributor-covenant.org/version/1/3/0/
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 Stanimir Dimitrov
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,157 @@
|
|
1
|
+
# Sitefull::Cloud
|
2
|
+
|
3
|
+
This is a gem for automating cloud deployments using different cloud providers. The gem uses Auth 2.0 authorization code grant for authorization whenever it is supported.
|
4
|
+
|
5
|
+
[![Build
|
6
|
+
Status](https://travis-ci.org/stanchino/sitefull-cloud.svg?branch=master)](https://travis-ci.org/stanchino/sitefull-cloud)
|
7
|
+
[![Code
|
8
|
+
Climate](https://codeclimate.com/github/stanchino/sitefull-cloud/badges/gpa.svg)](https://codeclimate.com/github/stanchino/sitefull-cloud)
|
9
|
+
[![Test
|
10
|
+
Coverage](https://codeclimate.com/github/stanchino/sitefull-cloud/badges/coverage.svg)](https://codeclimate.com/github/stanchino/sitefull-cloud/coverage)
|
11
|
+
[![Issue
|
12
|
+
Count](https://codeclimate.com/github/stanchino/sitefull-cloud/badges/issue_count.svg)](https://codeclimate.com/github/stanchino/sitefull-cloud)
|
13
|
+
[![Dependency
|
14
|
+
Status](https://www.versioneye.com/user/projects/56d72889d71695003886c336/badge.svg?style=flat)](https://www.versioneye.com/user/projects/56d72889d71695003886c336)
|
15
|
+
|
16
|
+
## Installation
|
17
|
+
|
18
|
+
Add this line to your application's Gemfile:
|
19
|
+
|
20
|
+
```ruby
|
21
|
+
gem 'sitefull-cloud'
|
22
|
+
```
|
23
|
+
|
24
|
+
And then execute:
|
25
|
+
|
26
|
+
$ bundle
|
27
|
+
|
28
|
+
Or install it yourself as:
|
29
|
+
|
30
|
+
$ gem install sitefull-cloud
|
31
|
+
|
32
|
+
## Usage
|
33
|
+
|
34
|
+
### Authorization
|
35
|
+
#### Amazon
|
36
|
+
* Setup a new application for Login with Amazon [https://sellercentral.amazon.com/gp/homepage.html](https://sellercentral.amazon.com/gp/homepage.html)
|
37
|
+
* Create am IAM role in the AWS Management Console to allow the users access to your resources:
|
38
|
+
* Login to the AWS Management Console [https://console.aws.amazon.com/iam/home#home](https://console.aws.amazon.com/iam/home#home)
|
39
|
+
* Go to the [Roles](https://console.aws.amazon.com/iam/home#roles) section and click on "Create New Role"
|
40
|
+
* Choose "Role for Identity Provider Access" on the "Select Role Type" page and select the "Grant access to web identity providers" option
|
41
|
+
* Select "Login with Amazon" and entery your Application ID for the application you created
|
42
|
+
* Follow the wizard and create the new role
|
43
|
+
* Edit the new role and from the "Permissions" tab select policies that the authenticated users will be able to access
|
44
|
+
|
45
|
+
Once the Amazon application is configured and the role is setup you can use the [Sitefull Oauth](https://github.com/stanchino/sitefull-cloud) gem to generate credentials for the Amazon SDK for Ruby [https://aws.amazon.com/sdk-for-ruby/](https://aws.amazon.com/sdk-for-ruby/)
|
46
|
+
* Configure the provider class:
|
47
|
+
```
|
48
|
+
options = {
|
49
|
+
client_id: "Amazon Application Client ID",
|
50
|
+
client_secret: "Amazon Application Client Secret",
|
51
|
+
role_arn: "IAM Role ARN",
|
52
|
+
redirect_uri: "One of the Allowed Return URLs for the Amazon Application"
|
53
|
+
}
|
54
|
+
provider = Sitefull::Cloud::Provider.new('amazon', options) ;
|
55
|
+
```
|
56
|
+
* Generate the authorization URL and open it in a web browser
|
57
|
+
```
|
58
|
+
provider.authorization_url
|
59
|
+
```
|
60
|
+
* Get the authorization code from the URL and request an access token
|
61
|
+
```
|
62
|
+
provider.authorize!('The code from the URL parameters when you are redirected to the redirect_uri')
|
63
|
+
```
|
64
|
+
* Generate credentials for the AWS SDK for Ruby [https://aws.amazon.com/sdk-for-ruby/](https://aws.amazon.com/sdk-for-ruby/)
|
65
|
+
```
|
66
|
+
credentials = provider.credentials
|
67
|
+
```
|
68
|
+
* Add the credentials to the AWS API client:
|
69
|
+
```
|
70
|
+
client = Aws::EC2::Client.new(region: 'us-east-1', credentials: credentials)
|
71
|
+
client.describe_instances
|
72
|
+
```
|
73
|
+
|
74
|
+
#### Azure
|
75
|
+
* Setup a new application in Active Directory following the steps described here [https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/](https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/)
|
76
|
+
|
77
|
+
Once the application is configured you can use the [Sitefull Oauth](https://github.com/stanchino/sitefull-cloud) gem to generate credentials for the Microsoft Azure SDK for Ruby [https://github.com/Azure/azure-sdk-for-ruby](https://github.com/Azure/azure-sdk-for-ruby)
|
78
|
+
* Configure the provider class:
|
79
|
+
```
|
80
|
+
options = {
|
81
|
+
tenant_id: "Your Azure Application Tenant ID",
|
82
|
+
client_id: "Azure Application Client ID",
|
83
|
+
client_secret: "Azure Application Client Secret",
|
84
|
+
redirect_uri: "One of the Reply URLs for the Azure Application"
|
85
|
+
}
|
86
|
+
provider = Sitefull::Cloud::Provider.new('azure', options) ;
|
87
|
+
```
|
88
|
+
* Generate the authorization URL and open it in a web browser
|
89
|
+
```
|
90
|
+
provider.authorization_url
|
91
|
+
```
|
92
|
+
* Get the authorization code from the URL and request an access token
|
93
|
+
```
|
94
|
+
provider.authorize!('The code from the URL parameters when you are redirected to the redirect_uri')
|
95
|
+
```
|
96
|
+
* Generate credentials for the Azure SDK for Ruby [https://github.com/Azure/azure-sdk-for-ruby](https://github.com/Azure/azure-sdk-for-ruby)
|
97
|
+
```
|
98
|
+
credentials = provider.credentials
|
99
|
+
```
|
100
|
+
* Add the credentials to one of the the Azure API client libraries ([Compute](resource_management/azure_mgmt_compute), [Network](resource_management/azure_mgmt_network), [Storage](resource_management/azure_mgmt_storage) or [Resources](resource_management/azure_mgmt_resources)):
|
101
|
+
```
|
102
|
+
client = Azure::ARM::Resources::ResourceManagementClient.new(credentials)
|
103
|
+
```
|
104
|
+
**NOTE** You will need to set the client subscription ID before you can query the Azure APIs:
|
105
|
+
```
|
106
|
+
client.subscription_id = 'The desired subscription ID'
|
107
|
+
client.resources.list.value!
|
108
|
+
```
|
109
|
+
|
110
|
+
#### Google
|
111
|
+
* Setup a new OAuth client ID in the Google developer console [https://console.developers.google.com/apis/credentials](https://console.developers.google.com/apis/credentials)
|
112
|
+
|
113
|
+
Once the OAuth application is configured you can use the [Sitefull Oauth](https://github.com/stanchino/sitefull-cloud) gem to generate credentials for the Google API Client [https://github.com/google/google-api-ruby-client](https://github.com/google/google-api-ruby-client)
|
114
|
+
* Configure the provider class:
|
115
|
+
```
|
116
|
+
options = {
|
117
|
+
client_id: "Google OAuth Client ID",
|
118
|
+
client_secret: "Google OAuth Client Secret",
|
119
|
+
redirect_uri: "One of the Authorized redirect URIs"
|
120
|
+
}
|
121
|
+
provider = Sitefull::Cloud::Provider.new('google', options) ;
|
122
|
+
```
|
123
|
+
* Generate the authorization URL and open it in a web browser
|
124
|
+
```
|
125
|
+
provider.authorization_url
|
126
|
+
```
|
127
|
+
* Get the authorization code from the URL and request an access token
|
128
|
+
```
|
129
|
+
provider.authorize!('The code from the URL parameters when you are redirected to the redirect_uri')
|
130
|
+
```
|
131
|
+
* Generate credentials for the Google API Client [https://github.com/google/google-api-ruby-client](https://github.com/google/google-api-ruby-client)
|
132
|
+
```
|
133
|
+
credentials = provider.credentials
|
134
|
+
```
|
135
|
+
* Add the credentials to the Google API client you want to use
|
136
|
+
```
|
137
|
+
require 'google/apis/compute_v1'
|
138
|
+
client = Google::Apis::ComputeV1.new
|
139
|
+
client.authorization = credentials
|
140
|
+
client.list_images('A project the authenticated user can access')
|
141
|
+
```
|
142
|
+
|
143
|
+
## Development
|
144
|
+
|
145
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
146
|
+
|
147
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
148
|
+
|
149
|
+
## Contributing
|
150
|
+
|
151
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/stanchino/sitefull-cloud. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
152
|
+
|
153
|
+
|
154
|
+
## License
|
155
|
+
|
156
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
157
|
+
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "sitefull/oauth"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'sitefull-cloud/auth/base'
|
2
|
+
require 'aws-sdk'
|
3
|
+
|
4
|
+
module Sitefull
|
5
|
+
module Auth
|
6
|
+
class Amazon < Base
|
7
|
+
|
8
|
+
AUTHORIZATION_URI = 'https://www.amazon.com/ap/oa'.freeze
|
9
|
+
CALLBACK_URI = '/oauth/amazon/callback'.freeze
|
10
|
+
SCOPE = %w(profile).freeze
|
11
|
+
TOKEN_CREDENTIALS_URI = 'https://api.amazon.com/auth/o2/token'.freeze
|
12
|
+
PROVIDER_ID = 'www.amazon.com'.freeze
|
13
|
+
|
14
|
+
MISSING_ROLE_ARN = 'Missing Role ARN'.freeze
|
15
|
+
|
16
|
+
def initialize(options = {}, skip_validation = false)
|
17
|
+
@options = skip_validation ? options : validate(options)
|
18
|
+
end
|
19
|
+
|
20
|
+
def credentials(token)
|
21
|
+
fail MISSING_ROLE_ARN if @options[:role_arn].to_s.empty?
|
22
|
+
sts = Aws::STS::Client.new(region: 'us-east-1')
|
23
|
+
response = sts.assume_role_with_web_identity(role_arn: @options[:role_arn],
|
24
|
+
role_session_name: @options[:session_name],
|
25
|
+
provider_id: 'www.amazon.com',
|
26
|
+
web_identity_token: token.access_token)
|
27
|
+
Aws::Credentials.new(*response.credentials.to_h.values_at(:access_key_id, :secret_access_key, :session_token))
|
28
|
+
end
|
29
|
+
|
30
|
+
def validate(options = {})
|
31
|
+
options = super(options)
|
32
|
+
options[:authorization_uri] ||= AUTHORIZATION_URI
|
33
|
+
options[:scope] ||= Array(SCOPE)
|
34
|
+
options[:token_credential_uri] ||= TOKEN_CREDENTIALS_URI
|
35
|
+
options[:session_name] ||= 'web-user-session'
|
36
|
+
options
|
37
|
+
end
|
38
|
+
|
39
|
+
def token_options
|
40
|
+
@options.select { |k| [:authorization_uri, :client_id, :client_secret, :scope, :token_credential_uri, :redirect_uri].include? k.to_sym }
|
41
|
+
end
|
42
|
+
|
43
|
+
def authorization_url_options
|
44
|
+
@options.select { |k| [:state, :login_hint, :redirect_uri].include? k.to_sym }
|
45
|
+
end
|
46
|
+
|
47
|
+
def callback_uri
|
48
|
+
CALLBACK_URI
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'sitefull-cloud/auth/base'
|
2
|
+
require 'ms_rest/credentials/token_provider'
|
3
|
+
require 'ms_rest/credentials/string_token_provider'
|
4
|
+
require 'ms_rest/credentials/service_client_credentials'
|
5
|
+
require 'ms_rest/credentials/token_credentials'
|
6
|
+
|
7
|
+
module Sitefull
|
8
|
+
module Auth
|
9
|
+
class Azure < Base
|
10
|
+
|
11
|
+
AUTHORIZATION_URI = 'https://login.microsoftonline.com/%s/oauth2/authorize'.freeze
|
12
|
+
CALLBACK_URI = '/oauth/azure/callback'.freeze
|
13
|
+
SCOPE = %w(https://management.core.windows.net/).freeze
|
14
|
+
TOKEN_CREDENTIALS_URI = 'https://login.microsoftonline.com/%s/oauth2/token'.freeze
|
15
|
+
|
16
|
+
MISSING_TENANT_ID = 'Missing Tenant ID'.freeze
|
17
|
+
|
18
|
+
def initialize(options = {}, skip_validation = false)
|
19
|
+
@options = skip_validation ? options : validate(options)
|
20
|
+
end
|
21
|
+
|
22
|
+
def validate(options = {})
|
23
|
+
fail MISSING_TENANT_ID if options[:tenant_id].nil? || options[:tenant_id].to_s.empty?
|
24
|
+
options = super(options)
|
25
|
+
options[:authorization_uri] ||= sprintf(AUTHORIZATION_URI, options[:tenant_id])
|
26
|
+
options[:scope] ||= Array(SCOPE)
|
27
|
+
options[:token_credential_uri] ||= sprintf(TOKEN_CREDENTIALS_URI, options[:tenant_id])
|
28
|
+
options
|
29
|
+
end
|
30
|
+
|
31
|
+
def token_options
|
32
|
+
@options.select { |k| [:authorization_uri, :client_id, :client_secret, :scope, :token_credential_uri, :redirect_uri].include? k.to_sym }
|
33
|
+
end
|
34
|
+
|
35
|
+
def authorization_url_options
|
36
|
+
@options.select { |k| [:state, :login_hint, :redirect_uri].include? k.to_sym }.merge({ resource: 'https://management.core.windows.net/'})
|
37
|
+
end
|
38
|
+
|
39
|
+
def credentials(token)
|
40
|
+
token_provider = MsRest::StringTokenProvider.new(token.access_token)
|
41
|
+
MsRest::TokenCredentials.new(token_provider)
|
42
|
+
end
|
43
|
+
|
44
|
+
def callback_uri
|
45
|
+
CALLBACK_URI
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module Sitefull
|
2
|
+
module Auth
|
3
|
+
class Base
|
4
|
+
|
5
|
+
MISSING_BASE_URI = 'Missing base URL and redirect URL'.freeze
|
6
|
+
MISSING_BASE_URI_SCHEME = 'Base URL must be an absolute URL'.freeze
|
7
|
+
MISSING_CALLBACK_URI = 'No callback URI specified'.freeze
|
8
|
+
MISSING_CLIENT_ID = 'Missing Client ID'.freeze
|
9
|
+
MISSING_CLIENT_SECRET = 'Missing Client Secret'.freeze
|
10
|
+
MISSING_REDIRECT_URI_SCHEME = 'Redirect URL must be an absolute URL'.freeze
|
11
|
+
|
12
|
+
def validate(options = {})
|
13
|
+
fail MISSING_CLIENT_ID if options[:client_id].to_s.empty?
|
14
|
+
fail MISSING_CLIENT_SECRET if options[:client_secret].to_s.empty?
|
15
|
+
fail MISSING_REDIRECT_URI_SCHEME if !options[:redirect_uri].to_s.empty? && URI(options[:redirect_uri].to_s).scheme.to_s.empty?
|
16
|
+
options[:redirect_uri] ||= default_redirect_uri(options)
|
17
|
+
options
|
18
|
+
end
|
19
|
+
|
20
|
+
def callback_uri
|
21
|
+
fail MISSING_CALLBACK_URI
|
22
|
+
end
|
23
|
+
|
24
|
+
private
|
25
|
+
|
26
|
+
def default_redirect_uri(options)
|
27
|
+
fail MISSING_BASE_URI if options[:base_uri].to_s.empty?
|
28
|
+
fail MISSING_BASE_URI_SCHEME if URI(options[:base_uri].to_s).scheme.to_s.empty?
|
29
|
+
URI.join(options[:base_uri].to_s, callback_uri).to_s
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'sitefull-cloud/auth/base'
|
2
|
+
|
3
|
+
module Sitefull
|
4
|
+
module Auth
|
5
|
+
class Google < Base
|
6
|
+
|
7
|
+
AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze
|
8
|
+
CALLBACK_URI = '/oauth/google/callback'.freeze
|
9
|
+
SCOPE = %w(https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/compute).freeze
|
10
|
+
TOKEN_CREDENTIALS_URI = 'https://www.googleapis.com/oauth2/v3/token'.freeze
|
11
|
+
|
12
|
+
def initialize(options = {}, skip_validation = false)
|
13
|
+
@options = skip_validation ? options : validate(options)
|
14
|
+
end
|
15
|
+
|
16
|
+
def validate(options = {})
|
17
|
+
options = super(options)
|
18
|
+
options[:authorization_uri] ||= AUTHORIZATION_URI
|
19
|
+
options[:scope] ||= Array(SCOPE)
|
20
|
+
options[:token_credential_uri] ||= TOKEN_CREDENTIALS_URI
|
21
|
+
options
|
22
|
+
end
|
23
|
+
|
24
|
+
def token_options
|
25
|
+
@options.select { |k| [:authorization_uri, :client_id, :client_secret, :scope, :token_credential_uri, :redirect_uri].include? k.to_sym }
|
26
|
+
end
|
27
|
+
|
28
|
+
def authorization_url_options
|
29
|
+
@options.select { |k| [:state, :login_hint, :redirect_uri].include? k.to_sym }.merge({ access_type: 'offline', approval_prompt: 'force', include_granted_scopes: true })
|
30
|
+
end
|
31
|
+
|
32
|
+
def credentials(token)
|
33
|
+
token
|
34
|
+
end
|
35
|
+
|
36
|
+
def callback_uri
|
37
|
+
CALLBACK_URI
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|