feat: make ``load_credentials_from_file`` a public method (#530)
* feat: make load_credentials_from_file public and alllow scopes
* test: update tests
* fix: raise error for json with no type
* test: fix test names
* refactor: simplify control flow
* fix: raise coverage
* test: update test
Co-authored-by: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>
Co-authored-by: Sijun Liu <sijunliu@google.com>
diff --git a/tests/test__default.py b/tests/test__default.py
index b769fc7..3c87b35 100644
--- a/tests/test__default.py
+++ b/tests/test__default.py
@@ -43,88 +43,120 @@
SERVICE_ACCOUNT_FILE = os.path.join(DATA_DIR, "service_account.json")
+CLIENT_SECRETS_FILE = os.path.join(DATA_DIR, "client_secrets.json")
+
with open(SERVICE_ACCOUNT_FILE) as fh:
SERVICE_ACCOUNT_FILE_DATA = json.load(fh)
LOAD_FILE_PATCH = mock.patch(
- "google.auth._default._load_credentials_from_file",
+ "google.auth._default.load_credentials_from_file",
return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
autospec=True,
)
-def test__load_credentials_from_missing_file():
+def test_load_credentials_from_missing_file():
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
- _default._load_credentials_from_file("")
+ _default.load_credentials_from_file("")
assert excinfo.match(r"not found")
-def test__load_credentials_from_file_invalid_json(tmpdir):
+def test_load_credentials_from_file_invalid_json(tmpdir):
jsonfile = tmpdir.join("invalid.json")
jsonfile.write("{")
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
- _default._load_credentials_from_file(str(jsonfile))
+ _default.load_credentials_from_file(str(jsonfile))
assert excinfo.match(r"not a valid json file")
-def test__load_credentials_from_file_invalid_type(tmpdir):
+def test_load_credentials_from_file_invalid_type(tmpdir):
jsonfile = tmpdir.join("invalid.json")
jsonfile.write(json.dumps({"type": "not-a-real-type"}))
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
- _default._load_credentials_from_file(str(jsonfile))
+ _default.load_credentials_from_file(str(jsonfile))
assert excinfo.match(r"does not have a valid type")
-def test__load_credentials_from_file_authorized_user():
- credentials, project_id = _default._load_credentials_from_file(AUTHORIZED_USER_FILE)
+def test_load_credentials_from_file_authorized_user():
+ credentials, project_id = _default.load_credentials_from_file(AUTHORIZED_USER_FILE)
assert isinstance(credentials, google.oauth2.credentials.Credentials)
assert project_id is None
-def test__load_credentials_from_file_authorized_user_bad_format(tmpdir):
+def test_load_credentials_from_file_no_type(tmpdir):
+ # use the client_secrets.json, which is valid json but not a
+ # loadable credentials type
+ with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
+ _default.load_credentials_from_file(CLIENT_SECRETS_FILE)
+
+ assert excinfo.match(r"does not have a valid type")
+ assert excinfo.match(r"Type is None")
+
+
+def test_load_credentials_from_file_authorized_user_bad_format(tmpdir):
filename = tmpdir.join("authorized_user_bad.json")
filename.write(json.dumps({"type": "authorized_user"}))
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
- _default._load_credentials_from_file(str(filename))
+ _default.load_credentials_from_file(str(filename))
assert excinfo.match(r"Failed to load authorized user")
assert excinfo.match(r"missing fields")
-def test__load_credentials_from_file_authorized_user_cloud_sdk():
+def test_load_credentials_from_file_authorized_user_cloud_sdk():
with pytest.warns(UserWarning, match="Cloud SDK"):
- credentials, project_id = _default._load_credentials_from_file(
+ credentials, project_id = _default.load_credentials_from_file(
AUTHORIZED_USER_CLOUD_SDK_FILE
)
assert isinstance(credentials, google.oauth2.credentials.Credentials)
assert project_id is None
# No warning if the json file has quota project id.
- credentials, project_id = _default._load_credentials_from_file(
+ credentials, project_id = _default.load_credentials_from_file(
AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE
)
assert isinstance(credentials, google.oauth2.credentials.Credentials)
assert project_id is None
-def test__load_credentials_from_file_service_account():
- credentials, project_id = _default._load_credentials_from_file(SERVICE_ACCOUNT_FILE)
+def test_load_credentials_from_file_authorized_user_cloud_sdk_with_scopes():
+ with pytest.warns(UserWarning, match="Cloud SDK"):
+ credentials, project_id = _default.load_credentials_from_file(
+ AUTHORIZED_USER_CLOUD_SDK_FILE,
+ scopes=["https://www.google.com/calendar/feeds"],
+ )
+ assert isinstance(credentials, google.oauth2.credentials.Credentials)
+ assert project_id is None
+ assert credentials.scopes == ["https://www.google.com/calendar/feeds"]
+
+
+def test_load_credentials_from_file_service_account():
+ credentials, project_id = _default.load_credentials_from_file(SERVICE_ACCOUNT_FILE)
assert isinstance(credentials, service_account.Credentials)
assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
-def test__load_credentials_from_file_service_account_bad_format(tmpdir):
+def test_load_credentials_from_file_service_account_with_scopes():
+ credentials, project_id = _default.load_credentials_from_file(
+ SERVICE_ACCOUNT_FILE, scopes=["https://www.google.com/calendar/feeds"]
+ )
+ assert isinstance(credentials, service_account.Credentials)
+ assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
+ assert credentials.scopes == ["https://www.google.com/calendar/feeds"]
+
+
+def test_load_credentials_from_file_service_account_bad_format(tmpdir):
filename = tmpdir.join("serivce_account_bad.json")
filename.write(json.dumps({"type": "service_account"}))
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
- _default._load_credentials_from_file(str(filename))
+ _default.load_credentials_from_file(str(filename))
assert excinfo.match(r"Failed to load service account")
assert excinfo.match(r"missing fields")