Merge 33e8c90 into 18611aa

googleapis · Jan 19, 2018 · 51c800c · 51c800c
2 parents 18611aa + 33e8c90
commit 51c800c
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/lib/googleauth/service_account.rb b/lib/googleauth/service_account.rb
@@ -58,7 +58,7 @@ def self.make_creds(options = {})
         if json_key_io
           private_key, client_email = read_json_key(json_key_io)
         else
-          private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR]
+          private_key = unescape ENV[CredentialsLoader::PRIVATE_KEY_VAR]
           client_email = ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
         end
 
@@ -78,6 +78,15 @@ def self.read_json_key(json_key_io)
         [json_key['private_key'], json_key['client_email']]
       end
 
+      # Handles certain escape sequences that sometimes appear in input.
+      # Specifically, interprets the "\n" sequence for newline, and removes
+      # enclosing quotes.
+      def self.unescape(str)
+        str = str.gsub '\n', "\n"
+        str = str[1..-2] if str.start_with?('"') && str.end_with?('"')
+        str
+      end
+
       def initialize(options = {})
         super(options)
       end

diff --git a/spec/googleauth/service_account_spec.rb b/spec/googleauth/service_account_spec.rb
@@ -211,6 +211,13 @@ def cred_json_text
       ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
       expect(@clz.from_env(@scope)).to_not be_nil
     end
+
+    it 'succeeds when GOOGLE_PRIVATE_KEY is escaped' do
+      escaped_key = cred_json[:private_key].gsub "\n", '\n'
+      ENV[PRIVATE_KEY_VAR] = "\"#{escaped_key}\""
+      ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
+      expect(@clz.from_env(@scope)).to_not be_nil
+    end
   end
 
   describe '#from_well_known_path' do