Google Git
Sign in
android / platform / external / python / google-auth-library-python / d14cb1ef0f6d524b52ca6f94f5dc5986352668de / . / tests / test__default.py
blob: d7d537c82b3e9f37461c676a7670f788d7fdb88b [file] [log] [blame]
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import os
import mock
import pytest
from google.auth import _default
from google.auth import app_engine
from google.auth import compute_engine
from google.auth import environment_vars
from google.auth import exceptions
from google.oauth2 import service_account
import google.oauth2.credentials
DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
AUTHORIZED_USER_FILE = os.path.join(DATA_DIR, 'authorized_user.json')
with open(AUTHORIZED_USER_FILE) as fh:
AUTHORIZED_USER_FILE_DATA = json.load(fh)
AUTHORIZED_USER_CLOUD_SDK_FILE = os.path.join(
DATA_DIR, 'authorized_user_cloud_sdk.json')
SERVICE_ACCOUNT_FILE = os.path.join(DATA_DIR, 'service_account.json')
with open(SERVICE_ACCOUNT_FILE) as fh:
SERVICE_ACCOUNT_FILE_DATA = json.load(fh)
LOAD_FILE_PATCH = mock.patch(
'google.auth._default._load_credentials_from_file', return_value=(
mock.sentinel.credentials, mock.sentinel.project_id), autospec=True)
def test__load_credentials_from_missing_file():
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default._load_credentials_from_file('')
assert excinfo.match(r'not found')
def test__load_credentials_from_file_invalid_json(tmpdir):
jsonfile = tmpdir.join('invalid.json')
jsonfile.write('{')
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default._load_credentials_from_file(str(jsonfile))
assert excinfo.match(r'not a valid json file')
def test__load_credentials_from_file_invalid_type(tmpdir):
jsonfile = tmpdir.join('invalid.json')
jsonfile.write(json.dumps({'type': 'not-a-real-type'}))
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default._load_credentials_from_file(str(jsonfile))
assert excinfo.match(r'does not have a valid type')
def test__load_credentials_from_file_authorized_user():
credentials, project_id = _default._load_credentials_from_file(
AUTHORIZED_USER_FILE)
assert isinstance(credentials, google.oauth2.credentials.Credentials)
assert project_id is None
def test__load_credentials_from_file_authorized_user_bad_format(tmpdir):
filename = tmpdir.join('authorized_user_bad.json')
filename.write(json.dumps({'type': 'authorized_user'}))
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default._load_credentials_from_file(str(filename))
assert excinfo.match(r'Failed to load authorized user')
assert excinfo.match(r'missing fields')
def test__load_credentials_from_file_authorized_user_cloud_sdk():
with pytest.warns(UserWarning, matches='Cloud SDK'):
credentials, project_id = _default._load_credentials_from_file(
AUTHORIZED_USER_CLOUD_SDK_FILE)
assert isinstance(credentials, google.oauth2.credentials.Credentials)
assert project_id is None
def test__load_credentials_from_file_service_account():
credentials, project_id = _default._load_credentials_from_file(
SERVICE_ACCOUNT_FILE)
assert isinstance(credentials, service_account.Credentials)
assert project_id == SERVICE_ACCOUNT_FILE_DATA['project_id']
def test__load_credentials_from_file_service_account_bad_format(tmpdir):
filename = tmpdir.join('serivce_account_bad.json')
filename.write(json.dumps({'type': 'service_account'}))
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default._load_credentials_from_file(str(filename))
assert excinfo.match(r'Failed to load service account')
assert excinfo.match(r'missing fields')
@mock.patch.dict(os.environ, {}, clear=True)
def test__get_explicit_environ_credentials_no_env():
assert _default._get_explicit_environ_credentials() == (None, None)
@LOAD_FILE_PATCH
def test__get_explicit_environ_credentials(load, monkeypatch):
monkeypatch.setenv(environment_vars.CREDENTIALS, 'filename')
credentials, project_id = _default._get_explicit_environ_credentials()
assert credentials is mock.sentinel.credentials
assert project_id is mock.sentinel.project_id
load.assert_called_with('filename')
@LOAD_FILE_PATCH
def test__get_explicit_environ_credentials_no_project_id(load, monkeypatch):
load.return_value = mock.sentinel.credentials, None
monkeypatch.setenv(environment_vars.CREDENTIALS, 'filename')
credentials, project_id = _default._get_explicit_environ_credentials()
assert credentials is mock.sentinel.credentials
assert project_id is None
@LOAD_FILE_PATCH
@mock.patch(
'google.auth._cloud_sdk.get_application_default_credentials_path',
autospec=True)
def test__get_gcloud_sdk_credentials(get_adc_path, load):
get_adc_path.return_value = SERVICE_ACCOUNT_FILE
credentials, project_id = _default._get_gcloud_sdk_credentials()
assert credentials is mock.sentinel.credentials
assert project_id is mock.sentinel.project_id
load.assert_called_with(SERVICE_ACCOUNT_FILE)
@mock.patch(
'google.auth._cloud_sdk.get_application_default_credentials_path',
autospec=True)
def test__get_gcloud_sdk_credentials_non_existent(get_adc_path, tmpdir):
non_existent = tmpdir.join('non-existent')
get_adc_path.return_value = str(non_existent)
credentials, project_id = _default._get_gcloud_sdk_credentials()
assert credentials is None
assert project_id is None
@mock.patch(
'google.auth._cloud_sdk.get_project_id',
return_value=mock.sentinel.project_id, autospec=True)
@mock.patch('os.path.isfile', return_value=True, autospec=True)
@LOAD_FILE_PATCH
def test__get_gcloud_sdk_credentials_project_id(
load, unused_isfile, get_project_id):
# Don't return a project ID from load file, make the function check
# the Cloud SDK project.
load.return_value = mock.sentinel.credentials, None
credentials, project_id = _default._get_gcloud_sdk_credentials()
assert credentials == mock.sentinel.credentials
assert project_id == mock.sentinel.project_id
assert get_project_id.called
@mock.patch(
'google.auth._cloud_sdk.get_project_id',
return_value=None, autospec=True)
@mock.patch('os.path.isfile', return_value=True)
@LOAD_FILE_PATCH
def test__get_gcloud_sdk_credentials_no_project_id(
load, unused_isfile, get_project_id):
# Don't return a project ID from load file, make the function check
# the Cloud SDK project.
load.return_value = mock.sentinel.credentials, None
credentials, project_id = _default._get_gcloud_sdk_credentials()
assert credentials == mock.sentinel.credentials
assert project_id is None
assert get_project_id.called
class _AppIdentityModule(object):
"""The interface of the App Idenity app engine module.
See https://cloud.google.com/appengine/docs/standard/python/refdocs\
/google.appengine.api.app_identity.app_identity
"""
def get_application_id(self):
raise NotImplementedError()
@pytest.fixture
def app_identity(monkeypatch):
"""Mocks the app_identity module for google.auth.app_engine."""
app_identity_module = mock.create_autospec(
_AppIdentityModule, instance=True)
monkeypatch.setattr(
app_engine, 'app_identity', app_identity_module)
yield app_identity_module
def test__get_gae_credentials(app_identity):
app_identity.get_application_id.return_value = mock.sentinel.project
credentials, project_id = _default._get_gae_credentials()
assert isinstance(credentials, app_engine.Credentials)
assert project_id == mock.sentinel.project
def test__get_gae_credentials_no_apis():
assert _default._get_gae_credentials() == (None, None)
@mock.patch(
'google.auth.compute_engine._metadata.ping', return_value=True,
autospec=True)
@mock.patch(
'google.auth.compute_engine._metadata.get_project_id',
return_value='example-project', autospec=True)
def test__get_gce_credentials(unused_get, unused_ping):
credentials, project_id = _default._get_gce_credentials()
assert isinstance(credentials, compute_engine.Credentials)
assert project_id == 'example-project'
@mock.patch(
'google.auth.compute_engine._metadata.ping', return_value=False,
autospec=True)
def test__get_gce_credentials_no_ping(unused_ping):
credentials, project_id = _default._get_gce_credentials()
assert credentials is None
assert project_id is None
@mock.patch(
'google.auth.compute_engine._metadata.ping', return_value=True,
autospec=True)
@mock.patch(
'google.auth.compute_engine._metadata.get_project_id',
side_effect=exceptions.TransportError(), autospec=True)
def test__get_gce_credentials_no_project_id(unused_get, unused_ping):
credentials, project_id = _default._get_gce_credentials()
assert isinstance(credentials, compute_engine.Credentials)
assert project_id is None
@mock.patch(
'google.auth.compute_engine._metadata.ping', return_value=False,
autospec=True)
def test__get_gce_credentials_explicit_request(ping):
_default._get_gce_credentials(mock.sentinel.request)
ping.assert_called_with(request=mock.sentinel.request)
@mock.patch(
'google.auth._default._get_explicit_environ_credentials',
return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
autospec=True)
def test_default_early_out(unused_get):
assert _default.default() == (
mock.sentinel.credentials, mock.sentinel.project_id)
@mock.patch(
'google.auth._default._get_explicit_environ_credentials',
return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
autospec=True)
def test_default_explict_project_id(unused_get, monkeypatch):
monkeypatch.setenv(environment_vars.PROJECT, 'explicit-env')
assert _default.default() == (
mock.sentinel.credentials, 'explicit-env')
@mock.patch(
'google.auth._default._get_explicit_environ_credentials',
return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
autospec=True)
def test_default_explict_legacy_project_id(unused_get, monkeypatch):
monkeypatch.setenv(environment_vars.LEGACY_PROJECT, 'explicit-env')
assert _default.default() == (
mock.sentinel.credentials, 'explicit-env')
@mock.patch(
'logging.Logger.warning',
autospec=True)
@mock.patch(
'google.auth._default._get_explicit_environ_credentials',
return_value=(mock.sentinel.credentials, None), autospec=True)
@mock.patch(
'google.auth._default._get_gcloud_sdk_credentials',
return_value=(mock.sentinel.credentials, None), autospec=True)
@mock.patch(
'google.auth._default._get_gae_credentials',
return_value=(mock.sentinel.credentials, None), autospec=True)
@mock.patch(
'google.auth._default._get_gce_credentials',
return_value=(mock.sentinel.credentials, None), autospec=True)
def test_default_without_project_id(
unused_gce, unused_gae, unused_sdk, unused_explicit, logger_warning):
assert _default.default() == (
mock.sentinel.credentials, None)
logger_warning.assert_called_with(mock.ANY, mock.ANY, mock.ANY)
@mock.patch(
'google.auth._default._get_explicit_environ_credentials',
return_value=(None, None), autospec=True)
@mock.patch(
'google.auth._default._get_gcloud_sdk_credentials',
return_value=(None, None), autospec=True)
@mock.patch(
'google.auth._default._get_gae_credentials',
return_value=(None, None), autospec=True)
@mock.patch(
'google.auth._default._get_gce_credentials',
return_value=(None, None), autospec=True)
def test_default_fail(unused_gce, unused_gae, unused_sdk, unused_explicit):
with pytest.raises(exceptions.DefaultCredentialsError):
assert _default.default()
@mock.patch(
'google.auth._default._get_explicit_environ_credentials',
return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
autospec=True)
@mock.patch(
'google.auth.credentials.with_scopes_if_required', autospec=True)
def test_default_scoped(with_scopes, unused_get):
scopes = ['one', 'two']
credentials, project_id = _default.default(scopes=scopes)
assert credentials == with_scopes.return_value
assert project_id == mock.sentinel.project_id
with_scopes.assert_called_once_with(
mock.sentinel.credentials, scopes)