Google Git
Sign in
android / platform / external / python / google-auth-library-python / 8a7e50666f439a89564f9a48f21e93b31fe549ba^! / .
commit8a7e50666f439a89564f9a48f21e93b31fe549ba[log] [tgz]
authorJon Wayne Parrott <[email protected]>Mon Nov 07 16:45:17 2016 -0800
committerGitHub <[email protected]>Mon Nov 07 16:45:17 2016 -0800
treedfa65ee555a5f8ae875627eb2f417a5fb8a0da72
parentce37cbacc1d23b056b543309c784ddcdfd3df7e0 [diff]
Add scope argument to default (#75)


diff --git a/google/auth/_default.py b/google/auth/_default.py
index b6014e7..f9829d4 100644
--- a/google/auth/_default.py
+++ b/google/auth/_default.py

@@ -28,6 +28,7 @@
 from google.auth import environment_vars
 from google.auth import exceptions
 from google.auth.compute_engine import _metadata
+import google.auth.credentials
 import google.auth.transport._http_client
 from google.oauth2 import service_account
 import google.oauth2.credentials
@@ -185,7 +186,7 @@
         return None, None
 
 
-def default(request=None):
+def default(scopes=None, request=None):
     """Gets the default credentials for the current environment.
 
     `Application Default Credentials`_ provides an easy way to obtain
@@ -238,6 +239,9 @@
         credentials, project_id = google.auth.default()
 
     Args:
+        scopes (Sequence[str]): The list of scopes for the credentials. If
+            specified, the credentials will automatically be scoped if
+            necessary.
         request (google.auth.transport.Request): An object used to make
             HTTP requests. This is used to detect whether the application
             is running on Compute Engine. If not specified, then it will
@@ -267,6 +271,8 @@
     for checker in checkers:
         credentials, project_id = checker()
         if credentials is not None:
+            credentials = google.auth.credentials.with_scopes_if_required(
+                credentials, scopes)
             return credentials, explicit_project_id or project_id
 
     raise exceptions.DefaultCredentialsError(_HELP_MESSAGE)

diff --git a/tests/test__default.py b/tests/test__default.py
index c33db13..bfb0c39 100644
--- a/tests/test__default.py
+++ b/tests/test__default.py

@@ -290,3 +290,19 @@
 def test_default_fail(unused_gce, unused_gae, unused_sdk, unused_explicit):
     with pytest.raises(exceptions.DefaultCredentialsError):
         assert _default.default()
+
+
[email protected](
+    'google.auth._default._get_explicit_environ_credentials',
+    return_value=(mock.sentinel.credentials, mock.sentinel.project_id))
[email protected](
+    'google.auth.credentials.with_scopes_if_required')
+def test_default_scoped(with_scopes_mock, get_mock):
+    scopes = ['one', 'two']
+
+    credentials, project_id = _default.default(scopes=scopes)
+
+    assert credentials == with_scopes_mock.return_value
+    assert project_id == mock.sentinel.project_id
+    with_scopes_mock.assert_called_once_with(
+        mock.sentinel.credentials, scopes)