system_tests/test_compute_engine.py - platform/external/python/google-auth-library-python - Git at Google

 # Copyright 2016 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 from datetime import datetime

 import pytest

 import google.auth
 from google.auth import compute_engine
 from google.auth import _helpers
 from google.auth import exceptions
 from google.auth import jwt
 from google.auth.compute_engine import _metadata
 import google.oauth2.id_token

 AUDIENCE = "https://pubsub.googleapis.com"


 @pytest.fixture(autouse=True)
 def check_gce_environment(http_request):
     try:
         _metadata.get_service_account_info(http_request)
     except exceptions.TransportError:
         pytest.skip("Compute Engine metadata service is not available.")


 def test_refresh(http_request, token_info):
     credentials = compute_engine.Credentials()

     credentials.refresh(http_request)

     assert credentials.token is not None
     assert credentials.service_account_email is not None

     info = token_info(credentials.token)
     info_scopes = _helpers.string_to_scopes(info["scope"])
     assert set(info_scopes) == set(credentials.scopes)


 def test_default(verify_refresh):
     credentials, project_id = google.auth.default()

     assert project_id is not None
     assert isinstance(credentials, compute_engine.Credentials)
     verify_refresh(credentials)


 def test_id_token_from_metadata(http_request):
     credentials = compute_engine.IDTokenCredentials(
         http_request, AUDIENCE, use_metadata_identity_endpoint=True
     )
     credentials.refresh(http_request)

     _, payload, _, _ = jwt._unverified_decode(credentials.token)
     assert credentials.valid
     assert payload["aud"] == AUDIENCE
     assert datetime.fromtimestamp(payload["exp"]) == credentials.expiry


 def test_fetch_id_token(http_request):
     token = google.oauth2.id_token.fetch_id_token(http_request, AUDIENCE)

     _, payload, _, _ = jwt._unverified_decode(token)
     assert payload["aud"] == AUDIENCE
	# Copyright 2016 Google LLC
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	from datetime import datetime

	import pytest

	import google.auth
	from google.auth import compute_engine
	from google.auth import _helpers
	from google.auth import exceptions
	from google.auth import jwt
	from google.auth.compute_engine import _metadata
	import google.oauth2.id_token

	AUDIENCE = "https://pubsub.googleapis.com"


	@pytest.fixture(autouse=True)
	def check_gce_environment(http_request):
	try:
	_metadata.get_service_account_info(http_request)
	except exceptions.TransportError:
	pytest.skip("Compute Engine metadata service is not available.")


	def test_refresh(http_request, token_info):
	credentials = compute_engine.Credentials()

	credentials.refresh(http_request)

	assert credentials.token is not None
	assert credentials.service_account_email is not None

	info = token_info(credentials.token)
	info_scopes = _helpers.string_to_scopes(info["scope"])
	assert set(info_scopes) == set(credentials.scopes)


	def test_default(verify_refresh):
	credentials, project_id = google.auth.default()

	assert project_id is not None
	assert isinstance(credentials, compute_engine.Credentials)
	verify_refresh(credentials)


	def test_id_token_from_metadata(http_request):
	credentials = compute_engine.IDTokenCredentials(
	http_request, AUDIENCE, use_metadata_identity_endpoint=True
	)
	credentials.refresh(http_request)

	_, payload, _, _ = jwt._unverified_decode(credentials.token)
	assert credentials.valid
	assert payload["aud"] == AUDIENCE
	assert datetime.fromtimestamp(payload["exp"]) == credentials.expiry


	def test_fetch_id_token(http_request):
	token = google.oauth2.id_token.fetch_id_token(http_request, AUDIENCE)

	_, payload, _, _ = jwt._unverified_decode(token)
	assert payload["aud"] == AUDIENCE