Merge pull request #78 from proppy/computeauth

auth: add compute service account
2013-08-15 14:28:37 -07:00 · 2013-08-15 14:28:37 -07:00 · 327220db08
parent b95cf48ada f5238bbf12
commit 327220db08
3 changed files with 50 additions and 0 deletions
--- a/lib/google/api_client/auth/compute_service_account.rb
+++ b/lib/google/api_client/auth/compute_service_account.rb
@ -0,0 +1,28 @@
+# Copyright 2013 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'faraday'
+require 'signet/oauth_2/client'
+
+module Google
+  class APIClient
+    class ComputeServiceAccount < Signet::OAuth2::Client
+      def fetch_access_token(options={})
+        connection = options[:connection] || Faraday.default_connection
+        response = connection.get 'http://metadata/computeMetadata/v1beta1/instance/service-accounts/default/token'
+        Signet::OAuth2.parse_json_credentials(response.body)
+      end
+    end
+  end
+end
--- a/lib/google/api_client/service_account.rb
+++ b/lib/google/api_client/service_account.rb
@ -15,3 +15,4 @@
 require 'google/api_client/auth/pkcs12'
 require 'google/api_client/auth/jwt_asserter'
 require 'google/api_client/auth/key_utils'
+require 'google/api_client/auth/compute_service_account'
--- a/spec/google/api_client/service_account_spec.rb
+++ b/spec/google/api_client/service_account_spec.rb
@ -141,3 +141,24 @@ describe Google::APIClient::JWTAsserter do
  end    
 end

+describe Google::APIClient::ComputeServiceAccount do
+  include ConnectionHelpers
+
+  it 'should query metadata server' do
+    conn = stub_connection do |stub|
+      stub.get('/computeMetadata/v1beta1/instance/service-accounts/default/token') do |env|
+        env.url.host.should == 'metadata'
+        [200, {}, '{
+          "access_token" : "1/abcdef1234567890",
+          "token_type" : "Bearer",
+          "expires_in" : 3600
+        }']
+      end
+    end
+    service_account = Google::APIClient::ComputeServiceAccount.new
+    auth = service_account.fetch_access_token!({ :connection => conn })
+    auth.should_not == nil?
+    auth["access_token"].should == "1/abcdef1234567890"
+    conn.verify
+  end
+end