Skip to content

Commit

Permalink
rubocoooooooooop
Browse files Browse the repository at this point in the history
  • Loading branch information
@viacheslav-rostovtsev
viacheslav-rostovtsev committed Nov 11, 2024
1 parent 331e04b commit 4d8ec14
Show file tree
Hide file tree
Showing 5 changed files with 73 additions and 83 deletions.
22 changes: 11 additions & 11 deletions lib/googleauth/compute_engine.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,19 +94,19 @@ def initialize options = {}
end

# Creates a duplicate of these credentials
# without the Signet::OAuth2::Client-specific
# without the Signet::OAuth2::Client-specific
# transient state (e.g. cached tokens)
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized in addition to keys in the
# The following keys are recognized in addition to keys in the
# Signet::OAuth2::Client
# * `:universe_domain_overridden` Whether the universe domain was
# overriden during credentials creation
# * `:universe_domain_overridden` Whether the universe domain was
# overriden during credentials creation
def duplicate options = {}
options = deep_hash_normalize options
super(
{
universe_domain_overridden: @universe_domain_overridden,
{
universe_domain_overridden: @universe_domain_overridden
}.merge(options)
)
end
Expand Down Expand Up @@ -142,12 +142,12 @@ def fetch_access_token _options = {}
end

# Destructively updates these credentials
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized in addition to keys in the
# The following keys are recognized in addition to keys in the
# Signet::OAuth2::Client
# * `:universe_domain_overridden` Whether the universe domain was
# overriden during credentials creation
# * `:universe_domain_overridden` Whether the universe domain was
# overriden during credentials creation
def update! options = {}
# Normalize all keys to symbols to allow indifferent access.
options = deep_hash_normalize options
Expand Down
65 changes: 35 additions & 30 deletions lib/googleauth/impersonated_service_account.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,19 +32,23 @@ class ImpersonatedServiceAccountCredentials

include Google::Auth::BaseClient
include Helpers::Connection

attr_reader :base_credentials, :source_credentials, :impersonation_url, :scope
attr_reader :access_token, :expires_at


attr_reader :base_credentials
attr_reader :source_credentials
attr_reader :impersonation_url
attr_reader :scope
attr_reader :access_token
attr_reader :expires_at

# Create a ImpersonatedServiceAccountCredentials
# When you use service account impersonation, you start with an authenticated principal
# (e.g. your user account or a service account)
# and request short-lived credentials for a service account
# that has the authorization that your use case requires.
# When you use service account impersonation, you start with an authenticated principal
# (e.g. your user account or a service account)
# and request short-lived credentials for a service account
# that has the authorization that your use case requires.
#
# @param base_credentials [Object] the authenticated principal that will be used
# @param base_credentials [Object] the authenticated principal that will be used
# to fetch short-lived impersionation access token
# @param impersonation_url [String] the URL to use to impersonate the service account.
# @param impersonation_url [String] the URL to use to impersonate the service account.
# This URL should be in the format:
# https://iamcredentials.{universe_domain}/v1/projects/-/serviceAccounts/{source_sa_email}:generateAccessToken
# where:
Expand All @@ -54,24 +58,25 @@ class ImpersonatedServiceAccountCredentials
# Note that these are NOT the scopes that the authenticated principal should have, but
# the scopes that the short-lived impersonation access token should have.
def self.make_creds options = {}
new(options)
new options
end

def initialize options = {}
@base_credentials, @impersonation_url, @scope =
options.values_at :base_credentials,
@base_credentials, @impersonation_url, @scope =
options.values_at :base_credentials,
:impersonation_url,
:scope

# Some credentials (all Signet-based ones and this one) include scope and a bunch of transient state (e.g. refresh status) as part of themselves
# Some credentials (all Signet-based ones and this one) include scope and a bunch of transient state
# (e.g. refresh status) as part of themselves
# so a copy needs to be created with the scope overriden and transient state dropped
@source_credentials = if @base_credentials.respond_to? :duplicate
@base_credentials.duplicate({
scope: IAM_SCOPE
})
else
@base_credentials
end
@source_credentials = if @base_credentials.respond_to? :duplicate
@base_credentials.duplicate({
scope: IAM_SCOPE
})
else
@base_credentials
end
end

# Whether the current access token expires before a given
Expand Down Expand Up @@ -100,10 +105,10 @@ def make_token!

case resp.status
when 200
response = MultiJson.load(resp.body)
response = MultiJson.load resp.body
self.expires_at = response["expireTime"]
self.access_token = response["accessToken"]
self.access_token
access_token
when 403, 500
msg = "Unexpected error code #{resp.status} #{ERROR_SUFFIX}"
raise Signet::UnexpectedStatusError, msg
Expand All @@ -114,20 +119,20 @@ def make_token!
end

# Returns a clone of a_hash updated with the authoriation header
def apply! a_hash, opts = {}
def apply! a_hash, _opts = {}
token = make_token!
a_hash[AUTH_METADATA_KEY] = "Bearer #{token}"
a_hash
end

# Creates a duplicate of these credentials without transient token state
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized
# * `base_credentials` the base credentials used to initialize the impersonation
# * `source_credentials` the authenticated credentials which usually would be
# base credentias with scope overridden to IAM_SCOPE
# * `impersonation_url` the URL to use to make an impersonation token exchange
# * `impersonation_url` the URL to use to make an impersonation token exchange
# * `scope` the scope(s) to access
def duplicate options = {}
options = deep_hash_normalize options
Expand All @@ -136,21 +141,21 @@ def duplicate options = {}
base_credentials: @base_credentials,
source_credentials: @source_credentials,
impersonation_url: @impersonation_url,
scope: @scope,
scope: @scope
}.merge(options)

new_client = self.class.new options
new_client.update!(options)
new_client.update! options
end

# Destructively updates these credentials
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized
# * `base_credentials` the base credentials used to initialize the impersonation
# * `source_credentials` the authenticated credentials which usually would be
# base credentias with scope overridden to IAM_SCOPE
# * `impersonation_url` the URL to use to make an impersonation token exchange
# * `impersonation_url` the URL to use to make an impersonation token exchange
# * `scope` the scope(s) to access
def update! options = {}
# Normalize all keys to symbols to allow indifferent access.
Expand Down
49 changes: 17 additions & 32 deletions lib/googleauth/service_account.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,21 +81,21 @@ def self.make_creds options = {}
end

# Creates a duplicate of these credentials
# without the Signet::OAuth2::Client-specific
# without the Signet::OAuth2::Client-specific
# transient state (e.g. cached tokens)
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized in addition to keys in the
# The following keys are recognized in addition to keys in the
# Signet::OAuth2::Client
# * `:enable_self_signed_jwt` Whether the self-signed JWT should
# be used for the authentication
# be used for the authentication
# * `project_id` the project id to use during the authentication
# * `quota_project_id` the quota project id to use
# during the authentication
def duplicate options = {}
options = deep_hash_normalize options
super(
{
{
enable_self_signed_jwt: @enable_self_signed_jwt,
project_id: project_id,
quota_project_id: quota_project_id
Expand Down Expand Up @@ -135,15 +135,15 @@ def needs_access_token?
end

# Destructively updates these credentials
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized in addition to keys in the
# The following keys are recognized in addition to keys in the
# Signet::OAuth2::Client
# * `:enable_self_signed_jwt` Whether the self-signed JWT should
# be used for the authentication
# be used for the authentication
# * `project_id` the project id to use during the authentication
# * `quota_project_id` the quota project id to use
# during the authentication
# during the authentication
def update! options = {}
# Normalize all keys to symbols to allow indifferent access.
options = deep_hash_normalize options
Expand Down Expand Up @@ -210,26 +210,11 @@ def initialize options = {}
@private_key, @issuer, @project_id, @quota_project_id, @universe_domain =
self.class.read_json_key json_key_io
else
@private_key = if options.key?(:private_key)
options[:private_key]
else
ENV[CredentialsLoader::PRIVATE_KEY_VAR]
end

@issuer = if options.key?(:issuer)
options[:issuer]
else
ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
end

@project_id = if options.key?(:project_id)
options[:project_id]
else
ENV[CredentialsLoader::PROJECT_ID_VAR]
end

@quota_project_id = options[:quota_project_id] if options.key? :quota_project_id
@universe_domain = options[:universe_domain] if options.key? :universe_domain
@private_key = options.key?(:private_key?) ? options[:private_key] : ENV[CredentialsLoader::PRIVATE_KEY_VAR]
@issuer = options.key?(:issuer) ? options[:issuer] : ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
@project_id = options.key?(:project_id) ? options[:project_id] : ENV[CredentialsLoader::PROJECT_ID_VAR]
@quota_project_id = options[:quota_project_id] if options.key? :quota_project_id
@universe_domain = options[:universe_domain] if options.key? :universe_domain
end
@universe_domain ||= "googleapis.com"
@project_id ||= CredentialsLoader.load_gcloud_project_id
Expand All @@ -238,7 +223,7 @@ def initialize options = {}
end

# Creates a duplicate of these credentials
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized
# * `private key` the private key in string form
Expand All @@ -260,7 +245,7 @@ def duplicate options = {}
}.merge(options)

new_client = self.class.new options
new_client.update!(options)
new_client.update! options
end

# Construct a jwt token if the JWT_AUD_URI key is present in the input
Expand Down Expand Up @@ -313,7 +298,7 @@ def needs_access_token?
end

# Destructively updates these credentials
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized
# * `private key` the private key in string form
Expand Down
4 changes: 2 additions & 2 deletions lib/googleauth/signet.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,9 +95,9 @@ def retry_with_error max_retry_count = 5
end

# Creates a duplicate of these credentials
# without the Signet::OAuth2::Client-specific
# without the Signet::OAuth2::Client-specific
# transient state (e.g. cached tokens)
#
#
# @param options [Hash] Overrides for the credentials parameters.
# @see Signet::OAuth2::Client#update!
def duplicate options = {}
Expand Down
16 changes: 8 additions & 8 deletions lib/googleauth/user_refresh.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,19 +86,19 @@ def initialize options = {}
end

# Creates a duplicate of these credentials
# without the Signet::OAuth2::Client-specific
# without the Signet::OAuth2::Client-specific
# transient state (e.g. cached tokens)
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized in addition to keys in the
# The following keys are recognized in addition to keys in the
# Signet::OAuth2::Client
# * `project_id` the project id to use during the authentication
# * `quota_project_id` the quota project id to use
# during the authentication
def duplicate options = {}
options = deep_hash_normalize options
super(
{
{
project_id: @project_id,
quota_project_id: @quota_project_id
}.merge(options)
Expand Down Expand Up @@ -136,15 +136,15 @@ def includes_scope? required_scope
end

# Destructively updates these credentials
#
#
# @param options [Hash] Overrides for the credentials parameters.
# The following keys are recognized in addition to keys in the
# The following keys are recognized in addition to keys in the
# Signet::OAuth2::Client
# * `:enable_self_signed_jwt` Whether the self-signed JWT should
# be used for the authentication
# be used for the authentication
# * `project_id` the project id to use during the authentication
# * `quota_project_id` the quota project id to use
# during the authentication
# during the authentication
def update! options = {}
# Normalize all keys to symbols to allow indifferent access.
options = deep_hash_normalize options
Expand Down

0 comments on commit 4d8ec14

Please sign in to comment.