From 79ff500e46d89b12eaa63c24aee65432aa3daffb Mon Sep 17 00:00:00 2001
From: Sijun Liu <sijunliu@google.com>
Date: Wed, 17 Jun 2020 15:00:32 -0700
Subject: [PATCH 1/2] fix: no warning if quota_project_id is given

---
 google/auth/_default.py                            | 14 +++++++-------
 ...rized_user_cloud_sdk_with_quota_project_id.json |  7 +++++++
 tests/test__default.py                             | 11 +++++++++++
 3 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 tests/data/authorized_user_cloud_sdk_with_quota_project_id.json

diff --git a/google/auth/_default.py b/google/auth/_default.py
index d7110a10d..dacb47e2a 100644
--- a/google/auth/_default.py
+++ b/google/auth/_default.py
@@ -49,11 +49,11 @@
 # Warning when using Cloud SDK user credentials
 _CLOUD_SDK_CREDENTIALS_WARNING = """\
 Your application has authenticated using end user credentials from Google \
-Cloud SDK. We recommend that most server applications use service accounts \
-instead. If your application continues to use end user credentials from Cloud \
-SDK, you might receive a "quota exceeded" or "API not enabled" error. For \
-more information about service accounts, see \
-https://cloud.google.com/docs/authentication/"""
+Cloud SDK without a quota project. You might receive a "quota exceeded" \
+or "API not enabled" error. We recommend rerun \
+`gcloud auth application-default login` and make sure a quota project is \
+added. Or you can use service accounts instead. For more information \
+about service accounts, see https://cloud.google.com/docs/authentication/"""
 
 
 def _warn_about_problematic_credentials(credentials):
@@ -114,8 +114,8 @@ def _load_credentials_from_file(filename):
             msg = "Failed to load authorized user credentials from {}".format(filename)
             new_exc = exceptions.DefaultCredentialsError(msg, caught_exc)
             six.raise_from(new_exc, caught_exc)
-        # Authorized user credentials do not contain the project ID.
-        _warn_about_problematic_credentials(credentials)
+        if not credentials.quota_project_id:
+            _warn_about_problematic_credentials(credentials)
         return credentials, None
 
     elif credential_type == _SERVICE_ACCOUNT_TYPE:
diff --git a/tests/data/authorized_user_cloud_sdk_with_quota_project_id.json b/tests/data/authorized_user_cloud_sdk_with_quota_project_id.json
new file mode 100644
index 000000000..53a8ff88a
--- /dev/null
+++ b/tests/data/authorized_user_cloud_sdk_with_quota_project_id.json
@@ -0,0 +1,7 @@
+{
+  "client_id": "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com",
+  "client_secret": "secret",
+  "refresh_token": "alabalaportocala",
+  "type": "authorized_user",
+  "quota_project_id": "quota_project_id"
+}
diff --git a/tests/test__default.py b/tests/test__default.py
index 35000b04d..b769fc784 100644
--- a/tests/test__default.py
+++ b/tests/test__default.py
@@ -37,6 +37,10 @@
     DATA_DIR, "authorized_user_cloud_sdk.json"
 )
 
+AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE = os.path.join(
+    DATA_DIR, "authorized_user_cloud_sdk_with_quota_project_id.json"
+)
+
 SERVICE_ACCOUNT_FILE = os.path.join(DATA_DIR, "service_account.json")
 
 with open(SERVICE_ACCOUNT_FILE) as fh:
@@ -101,6 +105,13 @@ def test__load_credentials_from_file_authorized_user_cloud_sdk():
     assert isinstance(credentials, google.oauth2.credentials.Credentials)
     assert project_id is None
 
+    # No warning if the json file has quota project id.
+    credentials, project_id = _default._load_credentials_from_file(
+        AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE
+    )
+    assert isinstance(credentials, google.oauth2.credentials.Credentials)
+    assert project_id is None
+
 
 def test__load_credentials_from_file_service_account():
     credentials, project_id = _default._load_credentials_from_file(SERVICE_ACCOUNT_FILE)

From 346dee02855bf201b33d3601be7902a16dbd58c7 Mon Sep 17 00:00:00 2001
From: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>
Date: Wed, 17 Jun 2020 23:20:27 -0700
Subject: [PATCH 2/2] Update google/auth/_default.py

Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com>
---
 google/auth/_default.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/google/auth/_default.py b/google/auth/_default.py
index dacb47e2a..559695ecc 100644
--- a/google/auth/_default.py
+++ b/google/auth/_default.py
@@ -50,7 +50,7 @@
 _CLOUD_SDK_CREDENTIALS_WARNING = """\
 Your application has authenticated using end user credentials from Google \
 Cloud SDK without a quota project. You might receive a "quota exceeded" \
-or "API not enabled" error. We recommend rerun \
+or "API not enabled" error. We recommend you rerun \
 `gcloud auth application-default login` and make sure a quota project is \
 added. Or you can use service accounts instead. For more information \
 about service accounts, see https://cloud.google.com/docs/authentication/"""