From d366ca3cb02848c7fdbb51f9f5d7a6e81d830b2c Mon Sep 17 00:00:00 2001
From: Daniel Azuma <dazuma@google.com>
Date: Wed, 4 Dec 2024 21:47:36 +0000
Subject: [PATCH] tests: fix kokoro environment loading to get credentials from
 secret manager

---
 .kokoro/presubmit/samples.cfg |  2 +-
 .toys/.lib/repo_context.rb    | 20 ++++++++++----------
 lib/googleauth/id_tokens.rb   |  2 --
 3 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/.kokoro/presubmit/samples.cfg b/.kokoro/presubmit/samples.cfg
index d723bab8..74c0b729 100644
--- a/.kokoro/presubmit/samples.cfg
+++ b/.kokoro/presubmit/samples.cfg
@@ -29,5 +29,5 @@ env_vars: {
 
 env_vars: {
   key: "SECRET_MANAGER_KEYS"
-  value: ""
+  value: "ruby-main-ci-service-account"
 }
diff --git a/.toys/.lib/repo_context.rb b/.toys/.lib/repo_context.rb
index 0f9d4bbd..9ffe6776 100644
--- a/.toys/.lib/repo_context.rb
+++ b/.toys/.lib/repo_context.rb
@@ -17,18 +17,18 @@ class RepoContext
 
   def self.load_kokoro_env
     return if @loaded_env
+    @loaded_env = true
 
-    if ::ENV["KOKORO_GFILE_DIR"]
-      service_account = "#{::ENV['KOKORO_GFILE_DIR']}/service-account.json"
-      raise "#{service_account} is not a file" unless ::File.file? service_account
-      ::ENV["GOOGLE_APPLICATION_CREDENTIALS"] = service_account
+    gfile_dir = ::ENV["KOKORO_GFILE_DIR"]
+    return unless gfile_dir
 
-      filename = "#{::ENV['KOKORO_GFILE_DIR']}/ruby_env_vars.json"
-      raise "#{filename} is not a file" unless ::File.file? filename
-      env_vars = ::JSON.parse ::File.read filename
-      env_vars.each { |k, v| ::ENV[k] ||= v }
-    end
+    filename = "#{gfile_dir}/ruby_env_vars.json"
+    raise "#{filename} is not a file" unless ::File.file? filename
+    env_vars = ::JSON.parse ::File.read filename
+    env_vars.each { |k, v| ::ENV[k] ||= v }
 
-    @loaded_env = true
+    filename = "#{gfile_dir}/secret_manager/ruby-main-ci-service-account"
+    raise "#{filename} is not a file" unless ::File.file? filename
+    ::ENV["GOOGLE_APPLICATION_CREDENTIALS"] = filename
   end
 end
diff --git a/lib/googleauth/id_tokens.rb b/lib/googleauth/id_tokens.rb
index af053cb6..5719438f 100644
--- a/lib/googleauth/id_tokens.rb
+++ b/lib/googleauth/id_tokens.rb
@@ -168,7 +168,6 @@ def verify_oidc token,
                         aud: nil,
                         azp: nil,
                         iss: OIDC_ISSUERS
-
           verifier = Verifier.new key_source: oidc_key_source,
                                   aud:        aud,
                                   azp:        azp,
@@ -206,7 +205,6 @@ def verify_iap token,
                        aud: nil,
                        azp: nil,
                        iss: IAP_ISSUERS
-
           verifier = Verifier.new key_source: iap_key_source,
                                   aud:        aud,
                                   azp:        azp,