From 23f9b5071f53f76e04d68a62e94db211e3edfc01 Mon Sep 17 00:00:00 2001 From: igorpeshansky Date: Wed, 27 Mar 2019 13:55:08 -0400 Subject: [PATCH] Treat empty credentials environment variables as unset. (#205) --- .rubocop.yml | 2 +- lib/googleauth/credentials_loader.rb | 8 +++++--- spec/googleauth/service_account_spec.rb | 10 ++++++++++ spec/googleauth/user_refresh_spec.rb | 5 +++++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index f573ff9..00faa63 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -8,4 +8,4 @@ AllCops: Metrics/ClassLength: Max: 110 Metrics/ModuleLength: - Max: 105 + Max: 110 diff --git a/lib/googleauth/credentials_loader.rb b/lib/googleauth/credentials_loader.rb index 421d072..eecdca0 100644 --- a/lib/googleauth/credentials_loader.rb +++ b/lib/googleauth/credentials_loader.rb @@ -95,7 +95,7 @@ module Google # * `:connection_builder` A `Proc` that returns a connection. def from_env scope = nil, options = {} options = interpret_options scope, options - if ENV.key? ENV_VAR + if ENV.key?(ENV_VAR) && !ENV[ENV_VAR].empty? path = ENV[ENV_VAR] raise "file #{path} does not exist" unless File.exist? path File.open path do |f| @@ -192,11 +192,13 @@ module Google end def service_account_env_vars? - ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty? + ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty? && + !ENV.to_h.fetch_values(PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR).join(" ").empty? end def authorized_user_env_vars? - ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] - ENV.keys).empty? + ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] - ENV.keys).empty? && + !ENV.to_h.fetch_values(CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR).join(" ").empty? end end end diff --git a/spec/googleauth/service_account_spec.rb b/spec/googleauth/service_account_spec.rb index 950dd1c..3e138dc 100644 --- a/spec/googleauth/service_account_spec.rb +++ b/spec/googleauth/service_account_spec.rb @@ -187,6 +187,11 @@ describe Google::Auth::ServiceAccountCredentials do expect(ServiceAccountCredentials.from_env(@scope)).to be_nil end + it "returns nil if the GOOGLE_APPLICATION_CREDENTIALS is empty" do + ENV[@var_name] = "" + expect(ServiceAccountCredentials.from_env(@scope)).to be_nil + end + it "fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist" do ENV.delete @var_name unless ENV[@var_name].nil? expect(ServiceAccountCredentials.from_env(@scope)).to be_nil @@ -390,6 +395,11 @@ describe Google::Auth::ServiceAccountJwtHeaderCredentials do expect(clz.from_env).to be_nil end + it "returns nil if the GOOGLE_APPLICATION_CREDENTIALS is empty" do + ENV[@var_name] = "" + expect(clz.from_env).to be_nil + end + it "fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist" do ENV.delete @var_name unless ENV[@var_name].nil? expect(clz.from_env).to be_nil diff --git a/spec/googleauth/user_refresh_spec.rb b/spec/googleauth/user_refresh_spec.rb index 5deff95..40531bd 100644 --- a/spec/googleauth/user_refresh_spec.rb +++ b/spec/googleauth/user_refresh_spec.rb @@ -106,6 +106,11 @@ describe Google::Auth::UserRefreshCredentials do expect(UserRefreshCredentials.from_env(@scope)).to be_nil end + it "returns nil if the GOOGLE_APPLICATION_CREDENTIALS is empty" do + ENV[@var_name] = "" + expect(UserRefreshCredentials.from_env(@scope)).to be_nil + end + it "fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist" do ENV.delete @var_name unless ENV[@var_name].nil? expect(UserRefreshCredentials.from_env(@scope)).to be_nil