-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added system tests for the asyncIO auth changes and async id_token credentials #574
Conversation
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
@googlebot I signed it! |
@googlebot I signed it! |
@googlebot I signed it! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good progress! I think there's definitely some de-duplication that can happen in the nox and pytest configurations; @crwilcox might have more ideas. I'm also curious to hear other's thoughts on whether more system tests should be added.
|
||
session = requests.session() | ||
cached_session = cachecontrol.CacheControl(session) | ||
request = google.auth.transport.requests.Request(session=cached_session) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would this be the same for async?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made this specific request call sync as an async version of this would result in a substantial re-working of the compute_engine credentials classes (as the current design is not compatible with asynchronous http requests). My reasoning for this was that this authentication trace isn't used in storage, but we could open up an issue for it as a future modification to make for the auth library.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please open a tracking bug
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok will do.
"Could not fetch certificates at {}".format(certs_url) | ||
) | ||
|
||
data = await response.data.read() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a network op?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, response.data returns a stream coroutine, and therefore needs to be awaited in order to read the content of the response.
system_tests_async/conftest.py
Outdated
|
||
|
||
HERE = os.path.dirname(__file__) | ||
DATA_DIR = os.path.join(HERE, "data") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So it seems like this will require the data to be re-copied into system_tests_async/data as well? Could we avoid that by using the same data dir for both sets of system tests?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought about this, since the data files aren't in the repository and are there for the user to run locally, I thought that it may make sense to leave this logic as is (without a dependency on the sync system tests) in case someone wanted to import the data files just for the async use case, similar to what I did when I was working on this and running tests locally. I think that regardless of whether we change the directory name, we would have to follow the steps in https://github.com/googleapis/google-auth-library-python/blob/master/CONTRIBUTING.rst to be able to run these tests.
I'm open to changing the directory if that would be better, but I thought it would be good to avoid the dependency in this case?
system_tests_async/conftest.py
Outdated
|
||
|
||
@pytest.fixture | ||
def service_account_file(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If these are copied from system_tests/conftest.py, could they be moved to the root conftest.py to de-duplicate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same inter-dependency reasoning as above, open to changing if we are okay with having the dependency.
"https://www.googleapis.com/auth/userinfo.email", | ||
"https://www.googleapis.com/auth/userinfo.profile", | ||
] | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I see 2 system tests in this file, and 1 for id token. Does the sync version have additional system tests that you did not copy? If so, why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The sync version also has 1 system test for id_token and 2 for service accounts, so a parallel code trace (same corresponding tests) are used here as in the sync system tests.
PR # 3 for AsyncIO Auth Class changes