Google Git
Sign in
android/platform/external/python/google-auth-library-python/447c5bef9ec529931b53706b28adf6a2cdf66f47^!/.
commit
447c5bef9ec529931b53706b28adf6a2cdf66f47
[log] [tgz]
author
Jon Wayne Parrott <[email protected]>
Tue Oct 25 09:32:25 2016 -0700
committer
GitHub <[email protected]>
Tue Oct 25 09:32:25 2016 -0700
tree
cc34d9f7f9917c457a10f68dc63bd17093722d4b
parent
5b03ba117b28770de934aae9cf97ff4d12054611 [diff]
Add system tests for service account credentials (#51)


diff --git a/.travis.yml b/.travis.yml
index 295f14c..a56fb34 100644
--- a/.travis.yml
+++ b/.travis.yml

@@ -16,13 +16,17 @@
     env: TOXENV=pypy
   - python: 3.5
     env: TOXENV=cover
+  - python: 3.5
+    env: TOXENV=py35-system SYSTEM_TEST=1
+  - python: 2.7
+    env: TOXENV=py27-system SYSTEM_TEST=1
 cache:
   directories:
   - ${HOME}/.cache
 install:
 - pip install --upgrade tox
 script:
-- tox
+- scripts/travis.sh
 deploy:
   provider: pypi
   user: google_opensource
@@ -32,3 +36,6 @@
   on:
     tags: true
     repo: GoogleCloudPlatform/google-auth-library-python
+env:
+  global:
+    secure: KjV9daSNZsM3/jth2d87MEu4irHtwNwUcdIUVglz3QrIX7fAcbFqHu/2Ux3yGC+iPJd5/i2jZWWz9F6iyuKdhyMySz2WaBsbySmCs1pREcRYWcK5GL49yPb3ZOZucprD/n0VIer0+eublQeBQRMxNdxfJEs6tgkHxTeiOJ3mHaeLa/nE1PXW9Ih6fgS5NT/7CE7SO0fw1th9ZdLdRyo3a9fphDWqiGlt0oRURRnoJ7qctLYAZ7uXDn3c6oXJ/dZsio6Hjx16dPNjn0dpkpCBFYN3D7wXD02Ysm/7u+SGl2FjqA76FmmnJsqJ5Nog1QV4v7YpJdTtpfXBOuXAov4Fz9xHVssX4dYZkW5JKsfVFFIilo1vQbO4mBjYw58/gJswJygD5smwO2GawAfm62mGpdx4mFv2lwZoqJbLg1qcuI/qc8DqPrc3Y1nVNu3oGdMcts5q2IeuZgI1yzdb/Qz0gtkkIDtPzoyBlAZE9hsylBI7SdoP7VpmP+vIW21yC3GpE3TajbVD8p53c70fV4YH0LSX6pFF6RBuSFLwarG+WYtPTEy2k3d0ATMdH0gBaf19FJ04RTwsbYZPqAy328Dl3RLioZffm8BHAeKzuVsocrIiiHjJM6PqtL4II0UfbiKahxLcI7t1cGTWVhUtqrnZKZwJrbLYGd08aBvioTne/Nk=

diff --git a/scripts/decrypt-secrets.sh b/scripts/decrypt-secrets.sh
new file mode 100755
index 0000000..e02bfc1
--- /dev/null
+++ b/scripts/decrypt-secrets.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+openssl aes-256-cbc -k "$1" \
+    -in system_tests/secrets.tar.enc \
+    -out system_tests/secrets.tar -d
+tar xvf system_tests/secrets.tar
+rm system_tests/secrets.tar

diff --git a/scripts/encrypt-secrets.sh b/scripts/encrypt-secrets.sh
new file mode 100755
index 0000000..c6291b7
--- /dev/null
+++ b/scripts/encrypt-secrets.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+read -s -p "Enter password for encryption: " PASSWORD
+echo
+
+tar cvf system_tests/secrets.tar system_tests/data
+openssl aes-256-cbc -k "$PASSWORD" \
+    -in system_tests/secrets.tar \
+    -out system_tests/secrets.tar.enc
+rm system_tests/secrets.tar
+
+travis encrypt "SECRETS_PASSWORD=$PASSWORD" --add --override

diff --git a/scripts/travis.sh b/scripts/travis.sh
new file mode 100755
index 0000000..84a227a
--- /dev/null
+++ b/scripts/travis.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+# Decrypt secrets and run system tests if not on an external PR.
+if [[ -n $SYSTEM_TEST ]]; then
+    if [[ $TRAVIS_SECURE_ENV_VARS == "true" ]]; then
+        echo 'Extracting secrets.'
+        scripts/decrypt-secrets.sh "$SECRETS_PASSWORD"
+    else
+        # This is an external PR, so just mark system tests as green.
+        echo 'In system test but secrets are not available, skipping.'
+        exit 0
+    fi
+fi
+
+# Run tox.
+tox

diff --git a/setup.py b/setup.py
index 26b520e..5ee243f 100644
--- a/setup.py
+++ b/setup.py

@@ -35,7 +35,7 @@
     description='Google Authentication Library',
     long_description=long_description,
     url='https://github.com/GoogleCloudPlatform/google-auth-library-python',
-    packages=find_packages(exclude='tests'),
+    packages=find_packages(exclude=('tests', 'system_tests')),
     namespace_packages=('google',),
     install_requires=DEPENDENCIES,
     license='Apache 2.0',

diff --git a/system_tests/.gitignore b/system_tests/.gitignore
new file mode 100644
index 0000000..f6bf39d
--- /dev/null
+++ b/system_tests/.gitignore

@@ -0,0 +1,2 @@
+data
+secrets.tar

diff --git a/system_tests/__init__.py b/system_tests/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/system_tests/__init__.py

diff --git a/system_tests/conftest.py b/system_tests/conftest.py
new file mode 100644
index 0000000..066f805
--- /dev/null
+++ b/system_tests/conftest.py

@@ -0,0 +1,74 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import os
+
+from google.auth import _helpers
+import google.auth.transport.urllib3
+import pytest
+import urllib3
+
+
+HERE = os.path.dirname(__file__)
+DATA_DIR = os.path.join(HERE, 'data')
+HTTP = urllib3.PoolManager()
+TOKEN_INFO_URL = 'https://www.googleapis.com/oauth2/v3/tokeninfo'
+
+
[email protected]
+def service_account_file():
+    """The full path to a valid service account key file."""
+    yield os.path.join(DATA_DIR, 'service_account.json')
+
+
[email protected]
+def request():
+    """A transport.request object."""
+    yield google.auth.transport.urllib3.Request(HTTP)
+
+
[email protected]
+def token_info(request):
+    """Returns a function that obtains OAuth2 token info."""
+    def _token_info(access_token=None, id_token=None):
+        query_params = {}
+
+        if access_token is not None:
+            query_params['access_token'] = access_token
+        elif id_token is not None:
+            query_params['id_token'] = id_token
+        else:
+            raise ValueError('No token specified.')
+
+        url = _helpers.update_query(TOKEN_INFO_URL, query_params)
+
+        response = request(url=url, method='GET')
+
+        return json.loads(response.data.decode('utf-8'))
+
+    yield _token_info
+
+
+def verify_environment():
+    """Checks to make sure that requisite data files are available."""
+    if not os.path.isdir(DATA_DIR):
+        raise EnvironmentError(
+            'In order to run system tests, test data must exist in '
+            'system_tests/data. See CONTRIBUTING.rst for details.')
+
+
+def pytest_configure(config):
+    """Pytest hook that runs before Pytest collects any tests."""
+    verify_environment()

diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
new file mode 100644
index 0000000..bbe290f
--- /dev/null
+++ b/system_tests/secrets.tar.enc
Binary files differ

diff --git a/system_tests/test_service_account.py b/system_tests/test_service_account.py
new file mode 100644
index 0000000..e897c6f
--- /dev/null
+++ b/system_tests/test_service_account.py

@@ -0,0 +1,43 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from google.auth import exceptions
+from google.oauth2 import service_account
+import pytest
+
+
[email protected]
+def credentials(service_account_file):
+    yield service_account.Credentials.from_service_account_file(
+        service_account_file)
+
+
+def test_refresh_no_scopes(request, credentials):
+    with pytest.raises(exceptions.RefreshError):
+        credentials.refresh(request)
+
+
+def test_refresh_success(request, credentials, token_info):
+    credentials = credentials.with_scopes(['email', 'profile'])
+
+    credentials.refresh(request)
+
+    assert credentials.token
+
+    info = token_info(credentials.token)
+
+    assert info['email'] == credentials._service_account_email
+    assert info['scope'] == (
+        'https://www.googleapis.com/auth/userinfo.email '
+        'https://www.googleapis.com/auth/userinfo.profile')

diff --git a/tox.ini b/tox.ini
index bc7d154..10f7d99 100644
--- a/tox.ini
+++ b/tox.ini

@@ -21,6 +21,20 @@
 deps =
   {[testenv]deps}
 
+[testenv:py35-system]
+basepython = python3.5
+commands =
+  py.test system_tests
+deps =
+  {[testenv]deps}
+
+[testenv:py27-system]
+basepython = python2.7
+commands =
+  py.test system_tests
+deps =
+  {[testenv]deps}
+
 [testenv:docgen]
 basepython = python3.5
 deps =
@@ -46,10 +60,10 @@
   python setup.py check --metadata --restructuredtext --strict
   flake8 \
     --import-order-style=google \
-    --application-import-names="google,tests" \
+    --application-import-names="google,tests,system_tests" \
     google tests
   pylint --rcfile pylintrc google
-  pylint --rcfile pylintrc.tests tests
+  pylint --rcfile pylintrc.tests tests system_tests
 deps =
   flake8
   flake8-import-order