Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP Better credential workflow #444

Merged
merged 7 commits into from
Mar 21, 2019
Merged

WIP Better credential workflow #444

merged 7 commits into from
Mar 21, 2019

Conversation

Temikus
Copy link
Member

@Temikus Temikus commented Mar 20, 2019

This PR centers around:

  • Reworking credentials workflow to be easier to read and fall back to google application default credentials
  • Removing deprecated google_client_email parameter everywhere

Temikus added 3 commits March 20, 2019 15:36
@Temikus
Remove deprecated google_client_email option
03e91b1 
`google_clien_email` is an auth option that was leftover from PKCS12 key days and is no longer required as it is baked into all json keys and is no longer supplied to any auth method
@Temikus
Remove leftover test for google_client_email
1249eed
@Temikus
Rework auth workflow
e625657 
- Separate different auth streams into private methods
- Separated some logic into helper methods
- Switch to File.read when loading up JSON key
- Do not decode/re-encode JSON keys when loading up auth
- Add a warning if we’re falling back on Google Application Default auth
@Temikus Temikus changed the title Better credential workflow WIP Better credential workflow Mar 20, 2019
houndci-bot
houndci-bot reviewed Mar 20, 2019
View reviewed changes
lib/fog/google/shared.rb Outdated
validate_json_credentials(json_key)

::Google::Auth::ServiceAccountCredentials.make_creds(
:json_key_io => StringIO.new(json_key),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Layout/FirstParameterIndentation: Indent the first parameter one step more than the start of the previous line.

lib/fog/google/shared.rb Outdated
def process_application_default_auth(options)
begin
return ::Google::Auth.get_application_default(options[:google_api_scope_url])
rescue RuntimeError => e
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lint/UselessAssignment: Useless assignment to variable - e.

lib/fog/google/shared.rb
# @param [Hash] options - client options hash
# @return [Google::Auth::DefaultCredentials] - google auth object
def process_application_default_auth(options)
begin
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/RedundantBegin: Redundant begin block detected.

lib/fog/google/shared.rb Outdated

if auth.nil?
raise Fog::Errors::Error.new(
"Failed to configure authentication for Fog client.\n" \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Layout/FirstParameterIndentation: Indent the first parameter one step more than the start of the previous line.

lib/fog/google/shared.rb Outdated
auth = ::Google::Auth.get_application_default(
options[:google_api_scope_url]
Fog::Logger.warning(
"Didn't detect any explicit auth settings, " \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Layout/FirstParameterIndentation: Indent the first parameter one step more than the start of the previous line.

@Temikus Temikus mentioned this pull request Mar 20, 2019
Merged
@codecov
Copy link

codecov bot commented Mar 20, 2019
edited
Loading

Codecov Report

Merging #444 into master will decrease coverage by 0.04%.
The diff coverage is 58.82%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #444      +/-   ##
==========================================
- Coverage   85.31%   85.27%   -0.05%     
==========================================
  Files         339      339              
  Lines        5829     5840      +11     
==========================================
+ Hits         4973     4980       +7     
- Misses        856      860       +4
Impacted Files Coverage Δ
lib/fog/google/sql.rb 100% <ø> (ø) ⬆️
lib/fog/google/pubsub.rb 96.66% <ø> (ø) ⬆️
lib/fog/storage/google_json.rb 100% <ø> (ø) ⬆️
lib/fog/dns/google.rb 100% <ø> (ø) ⬆️
lib/fog/google/monitoring.rb 100% <ø> (ø) ⬆️
lib/fog/compute/google.rb 100% <ø> (ø) ⬆️
lib/fog/google/shared.rb 57.3% <58.82%> (+0.89%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8bad94d...26e5ebd. Read the comment docs.

hattorious
hattorious reviewed Mar 20, 2019
View reviewed changes
Copy link
Contributor

@hattorious hattorious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Temikus Looks much easier to follow. I noted one configuration edge-case that I could reproduce.

I have a few more documentation nits that I haven't added so feel free to tag me once you're ready for a second set of eyes.

Temikus added 2 commits March 21, 2019 09:48
@Temikus
Put the fallback auth into a separate method
9612f93
@Temikus
Rename cred name
1e11db9 
application_default -> google_application_default to follow convention
houndci-bot
houndci-bot reviewed Mar 20, 2019
View reviewed changes
lib/fog/google/shared.rb Outdated
return process_application_default_auth(options)
rescue
raise Fog::Errors::Error.new(
"Fallback auth failed, could not configure authentication for Fog client.\n" \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Layout/FirstParameterIndentation: Indent the first parameter one step more than the start of the previous line.

lib/fog/google/shared.rb
)
begin
return process_application_default_auth(options)
rescue
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/RescueStandardError: Avoid rescuing without specifying an error class.

lib/fog/google/shared.rb Outdated
# @return [Google::Auth::DefaultCredentials] - google auth object
def process_fallback_auth(options)
Fog::Logger.warning(
"Didn't detect any client auth settings, " \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Layout/FirstParameterIndentation: Indent the first parameter one step more than the start of the previous line.

@Temikus
Copy link
Member Author

Temikus commented Mar 20, 2019

@Mavin Reworked a bit according to your comments, now only fallback has a more user-friendly message covering the exceptions underneath but explicit application default auth will not rescue any exceptions.

PTAL and thanks again for the review!

hattorious
hattorious approved these changes Mar 21, 2019
View reviewed changes
Copy link
Contributor

@hattorious hattorious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Documentation nits

lib/fog/google/shared.rb Outdated
# @option options [Google::Auth|Signet] :google_auth Manually created authorization to use
# @option options [String] :google_client_email A @developer.gserviceaccount.com email address to use
# @option options [String] :google_key_location The location of a pkcs12 key file
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I'm not sure how ruby docs work but can this be removed since they have been deprecated for a while?

lib/fog/google/shared.rb Outdated
# @option options [Google::Auth|Signet] :google_auth Manually created authorization to use
# @option options [String] :google_client_email A @developer.gserviceaccount.com email address to use
# @option options [String] :google_key_location The location of a pkcs12 key file
# @option options [String] :google_key_string The content of the pkcs12 key file
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

etc

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and :google_client

@hattorious
Copy link
Contributor

:LGTM: Now merge and release so I can get to work on mitchellh/vagrant-google#194 😁

@Temikus
Copy link
Member Author

Temikus commented Mar 21, 2019

@Mavin will roll out the RC sometime today.

Thank you so much for your input and review!

@Temikus Temikus merged commit c6b0533 into fog:master Mar 21, 2019
@Temikus Temikus deleted the better_credential_workflow branch March 21, 2019 22:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

@hattorious hattorious hattorious approved these changes

Assignees
No one assigned
Labels
integrate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Temikus @hattorious @houndci-bot