From cae69d5268104a3a7f30784a2e2d10a6d3618032 Mon Sep 17 00:00:00 2001 From: bojeil-google Date: Thu, 22 Oct 2020 14:24:23 -0700 Subject: [PATCH] chore: sync to master (#628) * refactor: split 'with_quota_project' into separate base class (#561) Co-authored-by: Tres Seaver * fix: dummy commit to trigger a auto release (#597) * chore: release 1.21.1 (#599) * chore: updated CHANGELOG.md [ci skip] * chore: updated setup.cfg [ci skip] * chore: updated setup.py Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * fix: migrate signBlob to iamcredentials.googleapis.com (#600) Migrate signBlob from iam.googleapis.com to iamcredentials.googleapis.com. This API is deprecated and will be shutdown in one year. This is used google.auth.iam.Signer. Added a system_test to sanity check the implementation. * chore: release 1.21.2 (#601) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * fix: fix expiry for `to_json()` (#589) * This patch for includes the following fixes: - The access token is always set to `None`, so the fix involves using (the access) `token` from the saved JSON credentials file. - For refresh needs, `expiry` also needs to be saved via `to_json()`. - DUMP: As `expiry` is a `datetime.datetime` object, serialize to `datetime.isoformat()` in the same [`oauth2client` format](https://github.com/googleapis/oauth2client/blob/master/oauth2client/client.py#L55) for consistency. - LOAD: Add code to restore `expiry` back to `datetime.datetime` object when imported. - LOAD: If `expiry` was unsaved, automatically set it as expired so refresh takes place. - Minor `scopes` updates - DUMP: Add property for `scopes` so `to_json()` can grab it - LOAD: `scopes` may be saved as a string instead of a JSON array (Python list), so ensure it is Sequence[str] when imported. * chore: add default CODEOWNERS (#609) * chore: release 1.21.3 (#607) * feat: add asyncio based auth flow (#612) * feat: asyncio http request logic and asynchronous credentials logic (#572) Co-authored-by: Anirudh Baddepudi <43104821+anibadde@users.noreply.github.com> * chore: release 1.22.0 (#615) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * fix: move aiohttp to extra as it is currently internal surface (#619) Fix #618. Removes aiohttp from required dependencies to lessen dependency tree for google-auth. This will need to be looked at again as more folks use aiohttp and once the surfaces goes to public visibility. * chore: release 1.22.1 (#620) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> * fix: remove checks for ancient versions of Cryptography (#596) Refs https://github.com/googleapis/google-auth-library-python/issues/595#issuecomment-683903062 I see no point in checking whether someone is running a version of https://github.com/pyca/cryptography/ from 2014 that doesn't even compile against modern versions of OpenSSL anymore. * chore: sync to master Syncs to master. Fixes broken unit tests in Python 3.6 and 3.7. Aligns test_identity_pool.py with test_aws.py. Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Co-authored-by: Tres Seaver Co-authored-by: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com> Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: wesley chun Co-authored-by: Christopher Wilcox Co-authored-by: Anirudh Baddepudi <43104821+anibadde@users.noreply.github.com> Co-authored-by: Aarni Koskela --- noxfile.py | 4 +-- setup.py | 2 -- tests/test_identity_pool.py | 69 ++++++++++++++++++++----------------- 3 files changed, 39 insertions(+), 36 deletions(-) diff --git a/noxfile.py b/noxfile.py index d497f5305..f4b909cff 100644 --- a/noxfile.py +++ b/noxfile.py @@ -30,7 +30,7 @@ "grpcio", ] -ASYNC_DEPENDENCIES = ["pytest-asyncio", "aioresponses"] +ASYNC_DEPENDENCIES = ["pytest-asyncio", "aioresponses", "asynctest"] BLACK_VERSION = "black==19.3b0" BLACK_PATHS = [ @@ -64,9 +64,7 @@ def lint(session): @nox.session(python="3.6") def blacken(session): """Run black. - Format code to uniform standard. - This currently uses Python 3.6 due to the automated Kokoro run of synthtool. That run uses an image that doesn't have 3.6 installed. Before updating this check the state of the `gcp_ubuntu_config` we use for that Kokoro run. diff --git a/setup.py b/setup.py index d3b740a62..522b98103 100644 --- a/setup.py +++ b/setup.py @@ -20,7 +20,6 @@ DEPENDENCIES = ( "cachetools>=2.0.0,<5.0", - 'enum34; python_version < "3.4"', "pyasn1-modules>=0.2.1", # rsa==4.5 is the last version to support 2.7 # https://github.com/sybrenstuvel/python-rsa/issues/152#issuecomment-643470233 @@ -28,7 +27,6 @@ 'rsa>=3.1.4,<5; python_version >= "3.5"', "setuptools>=40.3.0", "six>=1.9.0", - 'aiohttp >= 3.6.2, < 4.0.0dev; python_version>="3.6"', ) extras = {"aiohttp": "aiohttp >= 3.6.2, < 4.0.0dev; python_version>='3.6'"} diff --git a/tests/test_identity_pool.py b/tests/test_identity_pool.py index 07a6ee6f1..26da3804a 100644 --- a/tests/test_identity_pool.py +++ b/tests/test_identity_pool.py @@ -72,19 +72,20 @@ class TestCredentials(object): @classmethod def make_mock_request( cls, - data, - status=http_client.OK, - impersonation_data=None, + token_status=http_client.OK, + token_data=None, impersonation_status=None, + impersonation_data=None, ): + responses = [] # STS token exchange request. token_response = mock.create_autospec(transport.Response, instance=True) - token_response.status = status - token_response.data = json.dumps(data).encode("utf-8") - responses = [token_response] + token_response.status = token_status + token_response.data = json.dumps(token_data).encode("utf-8") + responses.append(token_response) # If service account impersonation is requested, mock the expected response. - if impersonation_status and impersonation_status: + if impersonation_status: impersonation_response = mock.create_autospec( transport.Response, instance=True ) @@ -169,8 +170,6 @@ def assert_underlying_credentials_refresh( "subject_token": subject_token, "subject_token_type": subject_token_type, } - if token_scopes == "": - token_request_data.pop("scope", None) # Service account impersonation request/response. impersonation_response = { "accessToken": "SA_ACCESS_TOKEN", @@ -180,8 +179,6 @@ def assert_underlying_credentials_refresh( "Content-Type": "application/json", "authorization": "Bearer {}".format(token_response["access_token"]), } - if quota_project_id: - impersonation_headers["x-goog-user-project"] = quota_project_id impersonation_request_data = { "delegates": None, "scope": scopes, @@ -190,8 +187,8 @@ def assert_underlying_credentials_refresh( # Initialize mock request to handle token exchange and service account # impersonation request. request = cls.make_mock_request( - status=http_client.OK, - data=token_response, + token_status=http_client.OK, + token_data=token_response, impersonation_status=impersonation_status, impersonation_data=impersonation_response, ) @@ -243,7 +240,8 @@ def make_credentials( scopes=scopes, ) - def test_from_info_full_options(self): + @mock.patch.object(identity_pool.Credentials, "__init__", return_value=None) + def test_from_info_full_options(self, mock_init): credentials = identity_pool.Credentials.from_info( { "audience": AUDIENCE, @@ -259,18 +257,19 @@ def test_from_info_full_options(self): # Confirm identity_pool.Credentials instantiated with expected attributes. assert isinstance(credentials, identity_pool.Credentials) - self.assert_underlying_credentials_refresh( - credentials=credentials, + mock_init.assert_called_once_with( audience=AUDIENCE, - subject_token=TEXT_FILE_SUBJECT_TOKEN, subject_token_type=SUBJECT_TOKEN_TYPE, token_url=TOKEN_URL, service_account_impersonation_url=SERVICE_ACCOUNT_IMPERSONATION_URL, - basic_auth_encoding=BASIC_AUTH_ENCODING, + client_id=CLIENT_ID, + client_secret=CLIENT_SECRET, + credential_source=self.CREDENTIAL_SOURCE_TEXT, quota_project_id=QUOTA_PROJECT_ID, ) - def test_from_info_required_options_only(self): + @mock.patch.object(identity_pool.Credentials, "__init__", return_value=None) + def test_from_info_required_options_only(self, mock_init): credentials = identity_pool.Credentials.from_info( { "audience": AUDIENCE, @@ -282,15 +281,19 @@ def test_from_info_required_options_only(self): # Confirm identity_pool.Credentials instantiated with expected attributes. assert isinstance(credentials, identity_pool.Credentials) - self.assert_underlying_credentials_refresh( - credentials=credentials, + mock_init.assert_called_once_with( audience=AUDIENCE, - subject_token=TEXT_FILE_SUBJECT_TOKEN, subject_token_type=SUBJECT_TOKEN_TYPE, token_url=TOKEN_URL, + service_account_impersonation_url=None, + client_id=None, + client_secret=None, + credential_source=self.CREDENTIAL_SOURCE_TEXT, + quota_project_id=None, ) - def test_from_file_full_options(self, tmpdir): + @mock.patch.object(identity_pool.Credentials, "__init__", return_value=None) + def test_from_file_full_options(self, mock_init, tmpdir): info = { "audience": AUDIENCE, "subject_token_type": SUBJECT_TOKEN_TYPE, @@ -307,18 +310,19 @@ def test_from_file_full_options(self, tmpdir): # Confirm identity_pool.Credentials instantiated with expected attributes. assert isinstance(credentials, identity_pool.Credentials) - self.assert_underlying_credentials_refresh( - credentials=credentials, + mock_init.assert_called_once_with( audience=AUDIENCE, - subject_token=TEXT_FILE_SUBJECT_TOKEN, subject_token_type=SUBJECT_TOKEN_TYPE, token_url=TOKEN_URL, service_account_impersonation_url=SERVICE_ACCOUNT_IMPERSONATION_URL, - basic_auth_encoding=BASIC_AUTH_ENCODING, + client_id=CLIENT_ID, + client_secret=CLIENT_SECRET, + credential_source=self.CREDENTIAL_SOURCE_TEXT, quota_project_id=QUOTA_PROJECT_ID, ) - def test_from_file_required_options_only(self, tmpdir): + @mock.patch.object(identity_pool.Credentials, "__init__", return_value=None) + def test_from_file_required_options_only(self, mock_init, tmpdir): info = { "audience": AUDIENCE, "subject_token_type": SUBJECT_TOKEN_TYPE, @@ -331,12 +335,15 @@ def test_from_file_required_options_only(self, tmpdir): # Confirm identity_pool.Credentials instantiated with expected attributes. assert isinstance(credentials, identity_pool.Credentials) - self.assert_underlying_credentials_refresh( - credentials=credentials, + mock_init.assert_called_once_with( audience=AUDIENCE, - subject_token=TEXT_FILE_SUBJECT_TOKEN, subject_token_type=SUBJECT_TOKEN_TYPE, token_url=TOKEN_URL, + service_account_impersonation_url=None, + client_id=None, + client_secret=None, + credential_source=self.CREDENTIAL_SOURCE_TEXT, + quota_project_id=None, ) def test_constructor_invalid_options(self):