Support Google.config default options

wjordan · wjordan · commit bf31261c073f · 2020-10-08T11:26:31.000-07:00
diff --git a/lib/aws/google.rb b/lib/aws/google.rb
@@ -27,8 +27,10 @@ class Google
     include ::Aws::Google::CachedCredentials
 
     class << self
+      # Use `Aws::Google.config` to set default options for any instance of this provider.
       attr_accessor :config
     end
+    self.config = {}
 
     # @option options [required, String] :role_arn
     # @option options [String] :policy
@@ -43,6 +45,7 @@ class << self
     # @option options [String] :client_id Google client ID
     # @option options [String] :client_secret Google client secret
     def initialize(options = {})
+      options = options.merge(self.class.config)
       @oauth_attempted = false
       @assume_role_params = options.slice(
         *Aws::STS::Client.api.operation(:assume_role_with_web_identity).
diff --git a/lib/aws/google/credential_provider.rb b/lib/aws/google/credential_provider.rb
@@ -24,9 +24,11 @@ module GoogleSharedCredentials
       def google_credentials_from_config(opts = {})
         p = opts[:profile] || @profile_name
         if @config_enabled && @parsed_config
-          entry = @parsed_config.fetch(p, {})
-          if (google_opts = entry['google'])
-            Google.new(google_opts.transform_keys(&:to_sym))
+          google_opts = @parsed_config.
+            fetch(p, {}).fetch('google', {}).
+            transform_keys(&:to_sym)
+          if google_opts.merge(::Aws::Google.config).has_key?(:role_arn)
+            Google.new(google_opts)
           end
         end
       end
diff --git a/test/aws/google_test.rb b/test/aws/google_test.rb
@@ -23,10 +23,6 @@
   end
 
   describe 'not configured' do
-    before do
-      Aws::Google.stubs(:config).returns(nil)
-    end
-
     it 'does nothing' do
       Aws::Google.expects(:new).never
       Aws::STS::Client.new
@@ -64,7 +60,6 @@
     let(:system) { @system }
 
     before do
-      Aws::Google.stubs(:config).returns(config)
       config[:client].stub_responses(
         :assume_role_with_web_identity,
         credentials: credentials
@@ -129,6 +124,16 @@
       Aws::Google.any_instance.expects(:refresh).never
       Aws::Google.new(config).credentials
     end
+    
+    it 'uses config defaults for new AWS clients' do
+      Aws::Google.stubs(:config).returns(config)
+      @oauth_default.once
+      system.times(5)
+      c = Aws::STS::Client.new.config.credentials
+      _(c.credentials.access_key_id).must_equal credentials[:access_key_id]
+      _(c.credentials.secret_access_key).must_equal credentials[:secret_access_key]
+      _(c.credentials.session_token).must_equal credentials[:session_token]
+    end
 
     describe 'valid Google auth, no AWS permissions' do
       before do
