Add system tests for service account credentials (#51)
diff --git a/system_tests/.gitignore b/system_tests/.gitignore
new file mode 100644
index 0000000..f6bf39d
--- /dev/null
+++ b/system_tests/.gitignore
@@ -0,0 +1,2 @@
+data
+secrets.tar
diff --git a/system_tests/__init__.py b/system_tests/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/system_tests/__init__.py
diff --git a/system_tests/conftest.py b/system_tests/conftest.py
new file mode 100644
index 0000000..066f805
--- /dev/null
+++ b/system_tests/conftest.py
@@ -0,0 +1,74 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import os
+
+from google.auth import _helpers
+import google.auth.transport.urllib3
+import pytest
+import urllib3
+
+
+HERE = os.path.dirname(__file__)
+DATA_DIR = os.path.join(HERE, 'data')
+HTTP = urllib3.PoolManager()
+TOKEN_INFO_URL = 'https://www.googleapis.com/oauth2/v3/tokeninfo'
+
+
+@pytest.fixture
+def service_account_file():
+ """The full path to a valid service account key file."""
+ yield os.path.join(DATA_DIR, 'service_account.json')
+
+
+@pytest.fixture
+def request():
+ """A transport.request object."""
+ yield google.auth.transport.urllib3.Request(HTTP)
+
+
+@pytest.fixture
+def token_info(request):
+ """Returns a function that obtains OAuth2 token info."""
+ def _token_info(access_token=None, id_token=None):
+ query_params = {}
+
+ if access_token is not None:
+ query_params['access_token'] = access_token
+ elif id_token is not None:
+ query_params['id_token'] = id_token
+ else:
+ raise ValueError('No token specified.')
+
+ url = _helpers.update_query(TOKEN_INFO_URL, query_params)
+
+ response = request(url=url, method='GET')
+
+ return json.loads(response.data.decode('utf-8'))
+
+ yield _token_info
+
+
+def verify_environment():
+ """Checks to make sure that requisite data files are available."""
+ if not os.path.isdir(DATA_DIR):
+ raise EnvironmentError(
+ 'In order to run system tests, test data must exist in '
+ 'system_tests/data. See CONTRIBUTING.rst for details.')
+
+
+def pytest_configure(config):
+ """Pytest hook that runs before Pytest collects any tests."""
+ verify_environment()
diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
new file mode 100644
index 0000000..bbe290f
--- /dev/null
+++ b/system_tests/secrets.tar.enc
Binary files differ
diff --git a/system_tests/test_service_account.py b/system_tests/test_service_account.py
new file mode 100644
index 0000000..e897c6f
--- /dev/null
+++ b/system_tests/test_service_account.py
@@ -0,0 +1,43 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from google.auth import exceptions
+from google.oauth2 import service_account
+import pytest
+
+
+@pytest.fixture
+def credentials(service_account_file):
+ yield service_account.Credentials.from_service_account_file(
+ service_account_file)
+
+
+def test_refresh_no_scopes(request, credentials):
+ with pytest.raises(exceptions.RefreshError):
+ credentials.refresh(request)
+
+
+def test_refresh_success(request, credentials, token_info):
+ credentials = credentials.with_scopes(['email', 'profile'])
+
+ credentials.refresh(request)
+
+ assert credentials.token
+
+ info = token_info(credentials.token)
+
+ assert info['email'] == credentials._service_account_email
+ assert info['scope'] == (
+ 'https://www.googleapis.com/auth/userinfo.email '
+ 'https://www.googleapis.com/auth/userinfo.profile')