docs: improve ADC related error and warning messages

lib/googleauth/application_default.rb

@@ -20,9 +20,9 @@ module Google
   # used to access Google APIs.
   module Auth
     NOT_FOUND_ERROR = <<~ERROR_MESSAGE.freeze
-      Could not load the default credentials. Browse to
-      https://cloud.google.com/docs/authentication/provide-credentials-adc
-      for more information
+      Your credentials were not found. To set up Application Default
+      Credentials for your environment, see
+      https://cloud.google.com/docs/authentication/external/set-up-adc
     ERROR_MESSAGE
 
     module_function

lib/googleauth/client_id.rb

@@ -64,7 +64,6 @@ class << self
       #       `client_secrets.json` files.
       #
       def initialize id, secret
-        CredentialsLoader.warn_if_cloud_sdk_credentials id
         raise "Client id can not be nil" if id.nil?
         raise "Client secret can not be nil" if secret.nil?
         @id = id

lib/googleauth/credentials.rb

@@ -362,7 +362,6 @@ def initialize keyfile, options = {}
         else
           update_from_filepath keyfile, options
         end
-        CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id
         @project_id ||= CredentialsLoader.load_gcloud_project_id
         @client.fetch_access_token! if @client.needs_access_token?
         @env_vars = nil

lib/googleauth/credentials_loader.rb

@@ -49,14 +49,6 @@ module CredentialsLoader
       CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app" \
                             "s.googleusercontent.com".freeze
 
-      CLOUD_SDK_CREDENTIALS_WARNING =
-        "You are authenticating using user credentials." \
-        "For production, we recommend using service account credentials." \
-        "To learn more about service account credentials, see" \
-        "http://cloud.google.com/docs/authentication/external/set-up-adc-on-cloud " \
-        "To suppress this message, set the " \
-        "GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS environment variable.".freeze
-
       # make_creds proxies the construction of a credentials instance
       #
       # By default, it calls #new on the current class, but this behaviour can
@@ -150,12 +142,6 @@ def from_system_default_path scope = nil, options = {}
 
       module_function
 
-      # Issues warning if cloud sdk client id is used
-      def warn_if_cloud_sdk_credentials client_id
-        return if ENV["GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS"]
-        warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID
-      end
-
       # Finds project_id from gcloud CLI configuration
       def load_gcloud_project_id
         gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?

lib/googleauth/default_credentials.rb

@@ -35,11 +35,9 @@ def self.make_creds options = {}
         json_key_io = options[:json_key_io]
         if json_key_io
           json_key, clz = determine_creds_class json_key_io
-          warn_if_cloud_sdk_credentials json_key["client_id"]
           io = StringIO.new MultiJson.dump(json_key)
           clz.make_creds options.merge(json_key_io: io)
         else
-          warn_if_cloud_sdk_credentials ENV[CredentialsLoader::CLIENT_ID_VAR]
           clz = read_creds
           clz.make_creds options
         end

spec/googleauth/credentials_spec.rb

@@ -125,7 +125,6 @@ class TestCredentials2 < Google::Auth::Credentials
 
       json_content = JSON.generate default_keyfile_hash
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("PATH_ENV_TEST") { "/unknown/path/to/file.txt" }
@@ -164,7 +163,6 @@ class TestCredentials3 < Google::Auth::Credentials
         DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
       end
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::File).to receive(:file?).with(test_json_env_val) { false }
@@ -203,7 +201,6 @@ class TestCredentials4 < Google::Auth::Credentials
 
       json_content = JSON.generate default_keyfile_hash
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
@@ -240,7 +237,6 @@ class TestCredentials5 < Google::Auth::Credentials
         DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
       end
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
@@ -341,7 +337,6 @@ class TestCredentials12 < Google::Auth::Credentials
 
       json_content = JSON.generate default_keyfile_hash
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("PATH_ENV_TEST") { "/unknown/path/to/file.txt" }
@@ -379,7 +374,6 @@ class TestCredentials13 < Google::Auth::Credentials
         self.paths = ["~/default/path/to/file.txt"]
       end
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::File).to receive(:file?).with(test_json_env_val) { false }
@@ -417,7 +411,6 @@ class TestCredentials14 < Google::Auth::Credentials
 
       json_content = JSON.generate default_keyfile_hash
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
@@ -453,7 +446,6 @@ class TestCredentials15 < Google::Auth::Credentials
         self.paths = ["~/default/path/to/file.txt"]
       end
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
@@ -486,7 +478,6 @@ class TestCredentials16 < Google::Auth::Credentials
         self.paths = ["~/default/path/to/file.txt"]
       end
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
@@ -523,7 +514,6 @@ class TestCredentials17 < Google::Auth::Credentials
         self.audience = "https://example.com/token3"
       end
 
-      allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
       allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
       allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
       allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
@@ -572,20 +562,6 @@ class TestCredentials19 < TestCredentials18
     end
   end
 
-  it "warns when cloud sdk credentials are used" do
-    mocked_signet = double "Signet::OAuth2::Client"
-    allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
-    allow(mocked_signet).to receive(:needs_access_token?).and_return(true)
-    allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
-    allow(Signet::OAuth2::Client).to receive(:new) do |_options|
-      mocked_signet
-    end
-    allow(mocked_signet).to receive(:client_id).and_return(Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID)
-    expect { Google::Auth::Credentials.new default_keyfile_hash }.to output(
-      Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
-    ).to_stderr
-  end
-
   it "does not fetch access token when initialized with a Signet::OAuth2::Client object that already has a token" do
     signet = Signet::OAuth2::Client.new access_token: token # Client#needs_access_token? will return false
     creds = Google::Auth::Credentials.new signet

spec/googleauth/get_application_default_spec.rb

@@ -182,20 +182,6 @@
       expect(Google::Auth.get_application_default(@scope, options))
         .to_not be_nil
     end
-
-    it "warns when using cloud sdk credentials" do
-      ENV.delete @var_name unless ENV[@var_name].nil? # no env var
-      ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
-      ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
-      ENV[CLIENT_ID_VAR] = Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID
-      ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
-      ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
-      ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
-      ENV[PROJECT_ID_VAR] = "a_project_id"
-      expect { Google::Auth.get_application_default @scope, options }.to output(
-        Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
-      ).to_stderr
-    end
   end
 
   describe "when credential type is service account" do

test/client_id_test.rb

@@ -133,21 +133,4 @@ def self.included spec
       assert_match(/Client secret can not be nil/, error.message)
     end
   end
-
-  describe "with cloud sdk credentials" do
-    let :config do
-      {
-        "web" => {
-          "client_id"     => Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID,
-          "client_secret" => "notasecret"
-        }
-      }
-    end
-
-    it "should raise warning" do
-      assert_output nil, "#{Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING}\n" do
-        Google::Auth::ClientId.from_hash config
-      end
-    end
-  end
 end