feat: support self-signed jwt in requests and urllib3 transports (#679)
diff --git a/system_tests/noxfile.py b/system_tests/noxfile.py
index 5d0014b..4ba7cc3 100644
--- a/system_tests/noxfile.py
+++ b/system_tests/noxfile.py
@@ -294,12 +294,29 @@
@nox.session(python=PYTHON_VERSIONS_SYNC)
+def requests(session):
+ session.install(LIBRARY_DIR)
+ session.install(*TEST_DEPENDENCIES_SYNC)
+ session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE
+ session.run("pytest", "system_tests_sync/test_requests.py")
+
+
+@nox.session(python=PYTHON_VERSIONS_SYNC)
+def urllib3(session):
+ session.install(LIBRARY_DIR)
+ session.install(*TEST_DEPENDENCIES_SYNC)
+ session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE
+ session.run("pytest", "system_tests_sync/test_urllib3.py")
+
+
+@nox.session(python=PYTHON_VERSIONS_SYNC)
def mtls_http(session):
session.install(LIBRARY_DIR)
session.install(*TEST_DEPENDENCIES_SYNC, "pyopenssl")
session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE
session.run("pytest", "system_tests_sync/test_mtls_http.py")
+
#ASYNC SYSTEM TESTS
@nox.session(python=PYTHON_VERSIONS_ASYNC)
diff --git a/system_tests/system_tests_sync/test_grpc.py b/system_tests/system_tests_sync/test_grpc.py
index da2eb71..7f548ec 100644
--- a/system_tests/system_tests_sync/test_grpc.py
+++ b/system_tests/system_tests_sync/test_grpc.py
@@ -57,8 +57,9 @@
list_topics_iter = client.list_topics(project="projects/{}".format(project_id))
list(list_topics_iter)
- # Check that self-signed JWT was created
+ # Check that self-signed JWT was created and is being used
assert credentials._jwt_credentials is not None
+ assert credentials._jwt_credentials.token == credentials.token
def test_grpc_request_with_jwt_credentials():
diff --git a/system_tests/system_tests_sync/test_requests.py b/system_tests/system_tests_sync/test_requests.py
new file mode 100644
index 0000000..3ac9179
--- /dev/null
+++ b/system_tests/system_tests_sync/test_requests.py
@@ -0,0 +1,40 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import google.auth
+import google.auth.credentials
+import google.auth.transport.requests
+from google.oauth2 import service_account
+
+
+def test_authorized_session_with_service_account_and_self_signed_jwt():
+ credentials, project_id = google.auth.default()
+
+ credentials = credentials.with_scopes(
+ scopes=[],
+ default_scopes=["https://www.googleapis.com/auth/pubsub"],
+ )
+
+ session = google.auth.transport.requests.AuthorizedSession(
+ credentials=credentials, default_host="pubsub.googleapis.com"
+ )
+
+ # List Pub/Sub Topics through the REST API
+ # https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/list
+ response = session.get("https://pubsub.googleapis.com/v1/projects/{}/topics".format(project_id))
+ response.raise_for_status()
+
+ # Check that self-signed JWT was created and is being used
+ assert credentials._jwt_credentials is not None
+ assert credentials._jwt_credentials.token == credentials.token
diff --git a/system_tests/system_tests_sync/test_urllib3.py b/system_tests/system_tests_sync/test_urllib3.py
new file mode 100644
index 0000000..1932e19
--- /dev/null
+++ b/system_tests/system_tests_sync/test_urllib3.py
@@ -0,0 +1,44 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import google.auth
+import google.auth.credentials
+import google.auth.transport.requests
+from google.oauth2 import service_account
+
+
+def test_authorized_session_with_service_account_and_self_signed_jwt():
+ credentials, project_id = google.auth.default()
+
+ credentials = credentials.with_scopes(
+ scopes=[],
+ default_scopes=["https://www.googleapis.com/auth/pubsub"],
+ )
+
+ http = google.auth.transport.urllib3.AuthorizedHttp(
+ credentials=credentials, default_host="pubsub.googleapis.com"
+ )
+
+ # List Pub/Sub Topics through the REST API
+ # https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/list
+ response = http.urlopen(
+ method="GET",
+ url="https://pubsub.googleapis.com/v1/projects/{}/topics".format(project_id)
+ )
+
+ assert response.status == 200
+
+ # Check that self-signed JWT was created and is being used
+ assert credentials._jwt_credentials is not None
+ assert credentials._jwt_credentials.token == credentials.token