Add ADC system tests (#58)
diff --git a/system_tests/conftest.py b/system_tests/conftest.py
index ebbae48..5969bee 100644
--- a/system_tests/conftest.py
+++ b/system_tests/conftest.py
@@ -40,13 +40,13 @@
@pytest.fixture
-def request():
+def http_request():
"""A transport.request object."""
yield google.auth.transport.urllib3.Request(HTTP)
@pytest.fixture
-def token_info(request):
+def token_info(http_request):
"""Returns a function that obtains OAuth2 token info."""
def _token_info(access_token=None, id_token=None):
query_params = {}
@@ -60,7 +60,7 @@
url = _helpers.update_query(TOKEN_INFO_URL, query_params)
- response = request(url=url, method='GET')
+ response = http_request(url=url, method='GET')
return json.loads(response.data.decode('utf-8'))
diff --git a/system_tests/test_compute_engine.py b/system_tests/test_compute_engine.py
index c4b0c7b..7fd31b4 100644
--- a/system_tests/test_compute_engine.py
+++ b/system_tests/test_compute_engine.py
@@ -20,15 +20,15 @@
@pytest.fixture(autouse=True)
-def check_gce_environment(request):
- if not _metadata.ping(request):
+def check_gce_environment(http_request):
+ if not _metadata.ping(http_request):
pytest.skip('Compute Engine metadata service is not available.')
-def test_refresh(request, token_info):
+def test_refresh(http_request, token_info):
credentials = compute_engine.Credentials()
- credentials.refresh(request)
+ credentials.refresh(http_request)
assert credentials.token is not None
assert credentials._service_account_email is not None
diff --git a/system_tests/test_default.py b/system_tests/test_default.py
new file mode 100644
index 0000000..02242e9
--- /dev/null
+++ b/system_tests/test_default.py
@@ -0,0 +1,121 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+
+import py
+
+import google.auth
+from google.auth import environment_vars
+import google.oauth2.credentials
+from google.oauth2 import service_account
+
+
+def validate_refresh(credentials, http_request):
+ if credentials.requires_scopes:
+ credentials = credentials.with_scopes(['email', 'profile'])
+
+ credentials.refresh(http_request)
+
+ assert credentials.token
+ assert credentials.valid
+
+
+def test_explicit_credentials_service_account(
+ monkeypatch, service_account_file, http_request):
+ monkeypatch.setitem(
+ os.environ, environment_vars.CREDENTIALS, service_account_file)
+
+ credentials, project_id = google.auth.default()
+
+ assert isinstance(credentials, service_account.Credentials)
+ assert project_id is not None
+
+ validate_refresh(credentials, http_request)
+
+
+def test_explicit_credentials_authorized_user(
+ monkeypatch, authorized_user_file, http_request):
+ monkeypatch.setitem(
+ os.environ, environment_vars.CREDENTIALS, authorized_user_file)
+
+ credentials, project_id = google.auth.default()
+
+ assert isinstance(credentials, google.oauth2.credentials.Credentials)
+ assert project_id is None
+
+ validate_refresh(credentials, http_request)
+
+
+def test_explicit_credentials_explicit_project_id(
+ monkeypatch, service_account_file, http_request):
+ project = 'system-test-project'
+ monkeypatch.setitem(
+ os.environ, environment_vars.CREDENTIALS, service_account_file)
+ monkeypatch.setitem(
+ os.environ, environment_vars.PROJECT, project)
+
+ _, project_id = google.auth.default()
+
+ assert project_id == project
+
+
+def generate_cloud_sdk_config(
+ tmpdir, credentials_file, active_config='default', project=None):
+ tmpdir.join('active_config').write(
+ '{}\n'.format(active_config), ensure=True)
+
+ if project is not None:
+ config_file = tmpdir.join(
+ 'configurations', 'config_{}'.format(active_config))
+ config_file.write(
+ '[core]\nproject = {}'.format(project), ensure=True)
+
+ py.path.local(credentials_file).copy(
+ tmpdir.join('application_default_credentials.json'))
+
+
+def test_cloud_sdk_credentials_service_account(
+ tmpdir, monkeypatch, service_account_file, http_request):
+ # Create the Cloud SDK configuration tree
+ project = 'system-test-project'
+ generate_cloud_sdk_config(tmpdir, service_account_file, project=project)
+ monkeypatch.setitem(
+ os.environ, environment_vars.CLOUD_SDK_CONFIG_DIR, str(tmpdir))
+
+ credentials, project_id = google.auth.default()
+
+ assert isinstance(credentials, service_account.Credentials)
+ assert project_id is not None
+ # The project ID should be the project ID specified in the the service
+ # account file, not the project in the config.
+ assert project_id is not project
+
+ validate_refresh(credentials, http_request)
+
+
+def test_cloud_sdk_credentials_authorized_user(
+ tmpdir, monkeypatch, authorized_user_file, http_request):
+ # Create the Cloud SDK configuration tree
+ project = 'system-test-project'
+ generate_cloud_sdk_config(tmpdir, authorized_user_file, project=project)
+ monkeypatch.setitem(
+ os.environ, environment_vars.CLOUD_SDK_CONFIG_DIR, str(tmpdir))
+
+ credentials, project_id = google.auth.default()
+
+ assert isinstance(credentials, google.oauth2.credentials.Credentials)
+ assert project_id == project
+
+ validate_refresh(credentials, http_request)
diff --git a/system_tests/test_oauth2_credentials.py b/system_tests/test_oauth2_credentials.py
index e268519..ded0630 100644
--- a/system_tests/test_oauth2_credentials.py
+++ b/system_tests/test_oauth2_credentials.py
@@ -20,7 +20,7 @@
GOOGLE_OAUTH2_TOKEN_ENDPOINT = 'https://accounts.google.com/o/oauth2/token'
-def test_refresh(authorized_user_file, request, token_info):
+def test_refresh(authorized_user_file, http_request, token_info):
with open(authorized_user_file, 'r') as fh:
info = json.load(fh)
@@ -31,7 +31,7 @@
client_id=info['client_id'],
client_secret=info['client_secret'])
- credentials.refresh(request)
+ credentials.refresh(http_request)
assert credentials.token
diff --git a/system_tests/test_service_account.py b/system_tests/test_service_account.py
index 4ac0b43..6b41ca2 100644
--- a/system_tests/test_service_account.py
+++ b/system_tests/test_service_account.py
@@ -25,15 +25,15 @@
service_account_file)
-def test_refresh_no_scopes(request, credentials):
+def test_refresh_no_scopes(http_request, credentials):
with pytest.raises(exceptions.RefreshError):
- credentials.refresh(request)
+ credentials.refresh(http_request)
-def test_refresh_success(request, credentials, token_info):
+def test_refresh_success(http_request, credentials, token_info):
credentials = credentials.with_scopes(['email', 'profile'])
- credentials.refresh(request)
+ credentials.refresh(http_request)
assert credentials.token