tests: fix kokoro environment loading to get credentials from secret …

…manager (#502)
googleapis · Dec 4, 2024 · 075b59e · 075b59e
1 parent 682d328
commit 075b59e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 13 deletions.
diff --git a/.kokoro/presubmit/samples.cfg b/.kokoro/presubmit/samples.cfg
@@ -29,5 +29,5 @@ env_vars: {
 
 env_vars: {
   key: "SECRET_MANAGER_KEYS"
-  value: ""
+  value: "ruby-main-ci-service-account"
 }
diff --git a/.toys/.lib/repo_context.rb b/.toys/.lib/repo_context.rb
@@ -17,18 +17,18 @@ class RepoContext
 
   def self.load_kokoro_env
     return if @loaded_env
+    @loaded_env = true
 
-    if ::ENV["KOKORO_GFILE_DIR"]
-      service_account = "#{::ENV['KOKORO_GFILE_DIR']}/service-account.json"
-      raise "#{service_account} is not a file" unless ::File.file? service_account
-      ::ENV["GOOGLE_APPLICATION_CREDENTIALS"] = service_account
+    gfile_dir = ::ENV["KOKORO_GFILE_DIR"]
+    return unless gfile_dir
 
-      filename = "#{::ENV['KOKORO_GFILE_DIR']}/ruby_env_vars.json"
-      raise "#{filename} is not a file" unless ::File.file? filename
-      env_vars = ::JSON.parse ::File.read filename
-      env_vars.each { |k, v| ::ENV[k] ||= v }
-    end
+    filename = "#{gfile_dir}/ruby_env_vars.json"
+    raise "#{filename} is not a file" unless ::File.file? filename
+    env_vars = ::JSON.parse ::File.read filename
+    env_vars.each { |k, v| ::ENV[k] ||= v }
 
-    @loaded_env = true
+    filename = "#{gfile_dir}/secret_manager/ruby-main-ci-service-account"
+    raise "#{filename} is not a file" unless ::File.file? filename
+    ::ENV["GOOGLE_APPLICATION_CREDENTIALS"] = filename
   end
 end
diff --git a/lib/googleauth/id_tokens.rb b/lib/googleauth/id_tokens.rb
@@ -168,7 +168,6 @@ def verify_oidc token,
                         aud: nil,
                         azp: nil,
                         iss: OIDC_ISSUERS
-
           verifier = Verifier.new key_source: oidc_key_source,
                                   aud:        aud,
                                   azp:        azp,
@@ -206,7 +205,6 @@ def verify_iap token,
                        aud: nil,
                        azp: nil,
                        iss: IAP_ISSUERS
-
           verifier = Verifier.new key_source: iap_key_source,
                                   aud:        aud,
                                   azp:        azp,