Add system tests for service account credentials (#51)
diff --git a/.travis.yml b/.travis.yml
index 295f14c..a56fb34 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -16,13 +16,17 @@
env: TOXENV=pypy
- python: 3.5
env: TOXENV=cover
+ - python: 3.5
+ env: TOXENV=py35-system SYSTEM_TEST=1
+ - python: 2.7
+ env: TOXENV=py27-system SYSTEM_TEST=1
cache:
directories:
- ${HOME}/.cache
install:
- pip install --upgrade tox
script:
-- tox
+- scripts/travis.sh
deploy:
provider: pypi
user: google_opensource
@@ -32,3 +36,6 @@
on:
tags: true
repo: GoogleCloudPlatform/google-auth-library-python
+env:
+ global:
+ secure: KjV9daSNZsM3/jth2d87MEu4irHtwNwUcdIUVglz3QrIX7fAcbFqHu/2Ux3yGC+iPJd5/i2jZWWz9F6iyuKdhyMySz2WaBsbySmCs1pREcRYWcK5GL49yPb3ZOZucprD/n0VIer0+eublQeBQRMxNdxfJEs6tgkHxTeiOJ3mHaeLa/nE1PXW9Ih6fgS5NT/7CE7SO0fw1th9ZdLdRyo3a9fphDWqiGlt0oRURRnoJ7qctLYAZ7uXDn3c6oXJ/dZsio6Hjx16dPNjn0dpkpCBFYN3D7wXD02Ysm/7u+SGl2FjqA76FmmnJsqJ5Nog1QV4v7YpJdTtpfXBOuXAov4Fz9xHVssX4dYZkW5JKsfVFFIilo1vQbO4mBjYw58/gJswJygD5smwO2GawAfm62mGpdx4mFv2lwZoqJbLg1qcuI/qc8DqPrc3Y1nVNu3oGdMcts5q2IeuZgI1yzdb/Qz0gtkkIDtPzoyBlAZE9hsylBI7SdoP7VpmP+vIW21yC3GpE3TajbVD8p53c70fV4YH0LSX6pFF6RBuSFLwarG+WYtPTEy2k3d0ATMdH0gBaf19FJ04RTwsbYZPqAy328Dl3RLioZffm8BHAeKzuVsocrIiiHjJM6PqtL4II0UfbiKahxLcI7t1cGTWVhUtqrnZKZwJrbLYGd08aBvioTne/Nk=
diff --git a/scripts/decrypt-secrets.sh b/scripts/decrypt-secrets.sh
new file mode 100755
index 0000000..e02bfc1
--- /dev/null
+++ b/scripts/decrypt-secrets.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+openssl aes-256-cbc -k "$1" \
+ -in system_tests/secrets.tar.enc \
+ -out system_tests/secrets.tar -d
+tar xvf system_tests/secrets.tar
+rm system_tests/secrets.tar
diff --git a/scripts/encrypt-secrets.sh b/scripts/encrypt-secrets.sh
new file mode 100755
index 0000000..c6291b7
--- /dev/null
+++ b/scripts/encrypt-secrets.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+read -s -p "Enter password for encryption: " PASSWORD
+echo
+
+tar cvf system_tests/secrets.tar system_tests/data
+openssl aes-256-cbc -k "$PASSWORD" \
+ -in system_tests/secrets.tar \
+ -out system_tests/secrets.tar.enc
+rm system_tests/secrets.tar
+
+travis encrypt "SECRETS_PASSWORD=$PASSWORD" --add --override
diff --git a/scripts/travis.sh b/scripts/travis.sh
new file mode 100755
index 0000000..84a227a
--- /dev/null
+++ b/scripts/travis.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+# Decrypt secrets and run system tests if not on an external PR.
+if [[ -n $SYSTEM_TEST ]]; then
+ if [[ $TRAVIS_SECURE_ENV_VARS == "true" ]]; then
+ echo 'Extracting secrets.'
+ scripts/decrypt-secrets.sh "$SECRETS_PASSWORD"
+ else
+ # This is an external PR, so just mark system tests as green.
+ echo 'In system test but secrets are not available, skipping.'
+ exit 0
+ fi
+fi
+
+# Run tox.
+tox
diff --git a/setup.py b/setup.py
index 26b520e..5ee243f 100644
--- a/setup.py
+++ b/setup.py
@@ -35,7 +35,7 @@
description='Google Authentication Library',
long_description=long_description,
url='https://github.com/GoogleCloudPlatform/google-auth-library-python',
- packages=find_packages(exclude='tests'),
+ packages=find_packages(exclude=('tests', 'system_tests')),
namespace_packages=('google',),
install_requires=DEPENDENCIES,
license='Apache 2.0',
diff --git a/system_tests/.gitignore b/system_tests/.gitignore
new file mode 100644
index 0000000..f6bf39d
--- /dev/null
+++ b/system_tests/.gitignore
@@ -0,0 +1,2 @@
+data
+secrets.tar
diff --git a/system_tests/__init__.py b/system_tests/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/system_tests/__init__.py
diff --git a/system_tests/conftest.py b/system_tests/conftest.py
new file mode 100644
index 0000000..066f805
--- /dev/null
+++ b/system_tests/conftest.py
@@ -0,0 +1,74 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import os
+
+from google.auth import _helpers
+import google.auth.transport.urllib3
+import pytest
+import urllib3
+
+
+HERE = os.path.dirname(__file__)
+DATA_DIR = os.path.join(HERE, 'data')
+HTTP = urllib3.PoolManager()
+TOKEN_INFO_URL = 'https://www.googleapis.com/oauth2/v3/tokeninfo'
+
+
[email protected]
+def service_account_file():
+ """The full path to a valid service account key file."""
+ yield os.path.join(DATA_DIR, 'service_account.json')
+
+
[email protected]
+def request():
+ """A transport.request object."""
+ yield google.auth.transport.urllib3.Request(HTTP)
+
+
[email protected]
+def token_info(request):
+ """Returns a function that obtains OAuth2 token info."""
+ def _token_info(access_token=None, id_token=None):
+ query_params = {}
+
+ if access_token is not None:
+ query_params['access_token'] = access_token
+ elif id_token is not None:
+ query_params['id_token'] = id_token
+ else:
+ raise ValueError('No token specified.')
+
+ url = _helpers.update_query(TOKEN_INFO_URL, query_params)
+
+ response = request(url=url, method='GET')
+
+ return json.loads(response.data.decode('utf-8'))
+
+ yield _token_info
+
+
+def verify_environment():
+ """Checks to make sure that requisite data files are available."""
+ if not os.path.isdir(DATA_DIR):
+ raise EnvironmentError(
+ 'In order to run system tests, test data must exist in '
+ 'system_tests/data. See CONTRIBUTING.rst for details.')
+
+
+def pytest_configure(config):
+ """Pytest hook that runs before Pytest collects any tests."""
+ verify_environment()
diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
new file mode 100644
index 0000000..bbe290f
--- /dev/null
+++ b/system_tests/secrets.tar.enc
Binary files differ
diff --git a/system_tests/test_service_account.py b/system_tests/test_service_account.py
new file mode 100644
index 0000000..e897c6f
--- /dev/null
+++ b/system_tests/test_service_account.py
@@ -0,0 +1,43 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from google.auth import exceptions
+from google.oauth2 import service_account
+import pytest
+
+
[email protected]
+def credentials(service_account_file):
+ yield service_account.Credentials.from_service_account_file(
+ service_account_file)
+
+
+def test_refresh_no_scopes(request, credentials):
+ with pytest.raises(exceptions.RefreshError):
+ credentials.refresh(request)
+
+
+def test_refresh_success(request, credentials, token_info):
+ credentials = credentials.with_scopes(['email', 'profile'])
+
+ credentials.refresh(request)
+
+ assert credentials.token
+
+ info = token_info(credentials.token)
+
+ assert info['email'] == credentials._service_account_email
+ assert info['scope'] == (
+ 'https://www.googleapis.com/auth/userinfo.email '
+ 'https://www.googleapis.com/auth/userinfo.profile')
diff --git a/tox.ini b/tox.ini
index bc7d154..10f7d99 100644
--- a/tox.ini
+++ b/tox.ini
@@ -21,6 +21,20 @@
deps =
{[testenv]deps}
+[testenv:py35-system]
+basepython = python3.5
+commands =
+ py.test system_tests
+deps =
+ {[testenv]deps}
+
+[testenv:py27-system]
+basepython = python2.7
+commands =
+ py.test system_tests
+deps =
+ {[testenv]deps}
+
[testenv:docgen]
basepython = python3.5
deps =
@@ -46,10 +60,10 @@
python setup.py check --metadata --restructuredtext --strict
flake8 \
--import-order-style=google \
- --application-import-names="google,tests" \
+ --application-import-names="google,tests,system_tests" \
google tests
pylint --rcfile pylintrc google
- pylint --rcfile pylintrc.tests tests
+ pylint --rcfile pylintrc.tests tests system_tests
deps =
flake8
flake8-import-order
