google-auth-library-ruby/spec/googleauth/compute_engine_spec.rb

# Copyright 2015, Google Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
#     * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#     * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#     * Neither the name of Google Inc. nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
$LOAD_PATH.unshift(spec_dir)
$LOAD_PATH.uniq!

require 'apply_auth_examples'
require 'faraday'
require 'googleauth/compute_engine'
require 'spec_helper'

describe Google::Auth::GCECredentials do
  MD_URI = 'http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token'
  GCECredentials = Google::Auth::GCECredentials

  before(:example) do
    @client = GCECredentials.new
  end

  def make_auth_stubs(opts = {})
    access_token = opts[:access_token] || ''
    body = MultiJson.dump('access_token' => access_token,
                          'token_type' => 'Bearer',
                          'expires_in' => 3600)
    stub_request(:get, MD_URI)
      .with(headers: { 'Metadata-Flavor' => 'Google' })
      .to_return(body: body,
                 status: 200,
                 headers: { 'Content-Type' => 'application/json' })
  end

  it_behaves_like 'apply/apply! are OK'

  context 'metadata is unavailable' do
    describe '#fetch_access_token' do
      it 'should fail if the metadata request returns a 404' do
        stub = stub_request(:get, MD_URI)
               .to_return(status: 404,
                          headers: { 'Metadata-Flavor' => 'Google' })
        blk = proc { @client.fetch_access_token! }
        expect(&blk).to raise_error Signet::AuthorizationError
        expect(stub).to have_been_requested
      end

      it 'should fail if the metadata request returns an unexpected code' do
        stub = stub_request(:get, MD_URI)
               .to_return(status: 503,
                          headers: { 'Metadata-Flavor' => 'Google' })
        blk = proc { @client.fetch_access_token! }
        expect(&blk).to raise_error Signet::AuthorizationError
        expect(stub).to have_been_requested
      end
    end
  end

  describe '#on_gce?' do
    it 'should be true when Metadata-Flavor is Google' do
      stub = stub_request(:get, 'http://169.254.169.254')
             .to_return(status: 200,
                        headers: { 'Metadata-Flavor' => 'Google' })
      expect(GCECredentials.on_gce?({}, true)).to eq(true)
      expect(stub).to have_been_requested
    end

    it 'should be false when Metadata-Flavor is not Google' do
      stub = stub_request(:get, 'http://169.254.169.254')
             .to_return(status: 200,
                        headers: { 'Metadata-Flavor' => 'NotGoogle' })
      expect(GCECredentials.on_gce?({}, true)).to eq(false)
      expect(stub).to have_been_requested
    end

    it 'should be false if the response is not 200' do
      stub = stub_request(:get, 'http://169.254.169.254')
             .to_return(status: 404,
                        headers: { 'Metadata-Flavor' => 'NotGoogle' })
      expect(GCECredentials.on_gce?({}, true)).to eq(false)
      expect(stub).to have_been_requested
    end
  end
end
Extract the auth library into its own project - adds no new functionality beyond the initial attempt at providing Usable Auth constructors. - adds enough packaging metadata to be able to export this library as a gem. - next steps: complete usable auth implemntation of Application Default Credentials. 2015-02-12 03:23:34 +00:00			`# Copyright 2015, Google Inc.`
			`# All rights reserved.`
			`#`
			`# Redistribution and use in source and binary forms, with or without`
			`# modification, are permitted provided that the following conditions are`
			`# met:`
			`#`
			`# * Redistributions of source code must retain the above copyright`
			`# notice, this list of conditions and the following disclaimer.`
			`# * Redistributions in binary form must reproduce the above`
			`# copyright notice, this list of conditions and the following disclaimer`
			`# in the documentation and/or other materials provided with the`
			`# distribution.`
			`# * Neither the name of Google Inc. nor the names of its`
			`# contributors may be used to endorse or promote products derived from`
			`# this software without specific prior written permission.`
			`#`
			`# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS`
			`# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT`
			`# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR`
			`# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT`
			`# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,`
			`# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT`
			`# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,`
			`# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY`
			`# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT`
			`# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE`
			`# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`

			`spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))`
			`$LOAD_PATH.unshift(spec_dir)`
			`$LOAD_PATH.uniq!`

			`require 'apply_auth_examples'`
			`require 'faraday'`
			`require 'googleauth/compute_engine'`
			`require 'spec_helper'`

			`describe Google::Auth::GCECredentials do`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`MD_URI = 'http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token'`
Extract the auth library into its own project - adds no new functionality beyond the initial attempt at providing Usable Auth constructors. - adds enough packaging metadata to be able to export this library as a gem. - next steps: complete usable auth implemntation of Application Default Credentials. 2015-02-12 03:23:34 +00:00			`GCECredentials = Google::Auth::GCECredentials`

			`before(:example) do`
			`@client = GCECredentials.new`
			`end`

Updates the tests work on ruby-1.9.3 and JRuby 2015-02-25 12:39:22 +00:00			`def make_auth_stubs(opts = {})`
			`access_token = opts[:access_token] \|\| ''`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`body = MultiJson.dump('access_token' => access_token,`
			`'token_type' => 'Bearer',`
			`'expires_in' => 3600)`
			`stub_request(:get, MD_URI)`
			`.with(headers: { 'Metadata-Flavor' => 'Google' })`
			`.to_return(body: body,`
			`status: 200,`
			`headers: { 'Content-Type' => 'application/json' })`
Extract the auth library into its own project - adds no new functionality beyond the initial attempt at providing Usable Auth constructors. - adds enough packaging metadata to be able to export this library as a gem. - next steps: complete usable auth implemntation of Application Default Credentials. 2015-02-12 03:23:34 +00:00			`end`

			`it_behaves_like 'apply/apply! are OK'`

Adds more robust checking of the status code during compute engine auth. Currently the implementation does not verify that a 200 response is received before attempting to parse the JSON response. This PR updates the behaviour to fail with an authorization error, similar to how other auth library implementations. 2015-04-23 16:50:11 +00:00			`context 'metadata is unavailable' do`
			`describe '#fetch_access_token' do`
			`it 'should fail if the metadata request returns a 404' do`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`stub = stub_request(:get, MD_URI)`
			`.to_return(status: 404,`
			`headers: { 'Metadata-Flavor' => 'Google' })`
			`blk = proc { @client.fetch_access_token! }`
Adds more robust checking of the status code during compute engine auth. Currently the implementation does not verify that a 200 response is received before attempting to parse the JSON response. This PR updates the behaviour to fail with an authorization error, similar to how other auth library implementations. 2015-04-23 16:50:11 +00:00			`expect(&blk).to raise_error Signet::AuthorizationError`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`expect(stub).to have_been_requested`
Adds more robust checking of the status code during compute engine auth. Currently the implementation does not verify that a 200 response is received before attempting to parse the JSON response. This PR updates the behaviour to fail with an authorization error, similar to how other auth library implementations. 2015-04-23 16:50:11 +00:00			`end`

Corrects grammar 2015-04-23 18:21:19 +00:00			`it 'should fail if the metadata request returns an unexpected code' do`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`stub = stub_request(:get, MD_URI)`
			`.to_return(status: 503,`
			`headers: { 'Metadata-Flavor' => 'Google' })`
			`blk = proc { @client.fetch_access_token! }`
Adds more robust checking of the status code during compute engine auth. Currently the implementation does not verify that a 200 response is received before attempting to parse the JSON response. This PR updates the behaviour to fail with an authorization error, similar to how other auth library implementations. 2015-04-23 16:50:11 +00:00			`expect(&blk).to raise_error Signet::AuthorizationError`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`expect(stub).to have_been_requested`
Adds more robust checking of the status code during compute engine auth. Currently the implementation does not verify that a 200 response is received before attempting to parse the JSON response. This PR updates the behaviour to fail with an authorization error, similar to how other auth library implementations. 2015-04-23 16:50:11 +00:00			`end`
			`end`
			`end`

Extract the auth library into its own project - adds no new functionality beyond the initial attempt at providing Usable Auth constructors. - adds enough packaging metadata to be able to export this library as a gem. - next steps: complete usable auth implemntation of Application Default Credentials. 2015-02-12 03:23:34 +00:00			`describe '#on_gce?' do`
			`it 'should be true when Metadata-Flavor is Google' do`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`stub = stub_request(:get, 'http://169.254.169.254')`
			`.to_return(status: 200,`
			`headers: { 'Metadata-Flavor' => 'Google' })`
			`expect(GCECredentials.on_gce?({}, true)).to eq(true)`
			`expect(stub).to have_been_requested`
Extract the auth library into its own project - adds no new functionality beyond the initial attempt at providing Usable Auth constructors. - adds enough packaging metadata to be able to export this library as a gem. - next steps: complete usable auth implemntation of Application Default Credentials. 2015-02-12 03:23:34 +00:00			`end`

			`it 'should be false when Metadata-Flavor is not Google' do`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`stub = stub_request(:get, 'http://169.254.169.254')`
			`.to_return(status: 200,`
			`headers: { 'Metadata-Flavor' => 'NotGoogle' })`
			`expect(GCECredentials.on_gce?({}, true)).to eq(false)`
			`expect(stub).to have_been_requested`
Extract the auth library into its own project - adds no new functionality beyond the initial attempt at providing Usable Auth constructors. - adds enough packaging metadata to be able to export this library as a gem. - next steps: complete usable auth implemntation of Application Default Credentials. 2015-02-12 03:23:34 +00:00			`end`

			`it 'should be false if the response is not 200' do`
Prep for 0.5 release, update unit tests to use webmock instead of Faraday stubs (due to fragility -- sensitive to internal changes made in signet) 2015-12-09 23:45:22 +00:00			`stub = stub_request(:get, 'http://169.254.169.254')`
			`.to_return(status: 404,`
			`headers: { 'Metadata-Flavor' => 'NotGoogle' })`
			`expect(GCECredentials.on_gce?({}, true)).to eq(false)`
			`expect(stub).to have_been_requested`
Extract the auth library into its own project - adds no new functionality beyond the initial attempt at providing Usable Auth constructors. - adds enough packaging metadata to be able to export this library as a gem. - next steps: complete usable auth implemntation of Application Default Credentials. 2015-02-12 03:23:34 +00:00			`end`
			`end`
			`end`