Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / bf5ce0c56c10f655ced6630653f0f2ad47fcceeb^! / . / tests / test_app_engine.py
commitbf5ce0c56c10f655ced6630653f0f2ad47fcceeb[log] [tgz]
authorBu Sun Kim <8822365+busunkim96@users.noreply.github.com>Mon Feb 01 15:17:49 2021 -0700
committerGitHub <noreply@github.com>Mon Feb 01 15:17:49 2021 -0700
tree12b164830a1d1f1e3f299dad272aa933edb1eb6a
parent3ca10394c036385b44c153c925de71c261ca82ea [diff] [blame]
feat: use self-signed jwt for service account (#665)


diff --git a/tests/test_app_engine.py b/tests/test_app_engine.py
index 846d314..e335ff7 100644
--- a/tests/test_app_engine.py
+++ b/tests/test_app_engine.py

@@ -101,6 +101,7 @@
         assert not credentials.expired
         # Scopes are required
         assert not credentials.scopes
+        assert not credentials.default_scopes
         assert credentials.requires_scopes
         assert not credentials.quota_project_id
 
@@ -115,6 +116,20 @@
         assert scoped_credentials.has_scopes(["email"])
         assert not scoped_credentials.requires_scopes
 
+    def test_with_default_scopes(self, app_identity):
+        credentials = app_engine.Credentials()
+
+        assert not credentials.scopes
+        assert not credentials.default_scopes
+        assert credentials.requires_scopes
+
+        scoped_credentials = credentials.with_scopes(
+            scopes=None, default_scopes=["email"]
+        )
+
+        assert scoped_credentials.has_scopes(["email"])
+        assert not scoped_credentials.requires_scopes
+
     def test_with_quota_project(self, app_identity):
         credentials = app_engine.Credentials()
 
@@ -147,7 +162,9 @@
         token = "token"
         ttl = 643942923
         app_identity.get_access_token.return_value = token, ttl
-        credentials = app_engine.Credentials(scopes=["email"])
+        credentials = app_engine.Credentials(
+            scopes=["email"], default_scopes=["profile"]
+        )
 
         credentials.refresh(None)
 
@@ -159,6 +176,23 @@
         assert credentials.valid
         assert not credentials.expired
 
+    @mock.patch("google.auth._helpers.utcnow", return_value=datetime.datetime.min)
+    def test_refresh_with_default_scopes(self, utcnow, app_identity):
+        token = "token"
+        ttl = 643942923
+        app_identity.get_access_token.return_value = token, ttl
+        credentials = app_engine.Credentials(default_scopes=["email"])
+
+        credentials.refresh(None)
+
+        app_identity.get_access_token.assert_called_with(
+            credentials.default_scopes, credentials._service_account_id
+        )
+        assert credentials.token == token
+        assert credentials.expiry == datetime.datetime(1990, 5, 29, 1, 2, 3)
+        assert credentials.valid
+        assert not credentials.expired
+
     def test_sign_bytes(self, app_identity):
         app_identity.sign_blob.return_value = (
             mock.sentinel.key_id,