| Jon Wayne Parrott | 0471475 | 2016-10-24 10:00:58 -0700 | [diff] [blame] | 1 | # Copyright 2016 Google Inc. |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | import datetime |
| 16 | |
| 17 | import mock |
| 18 | import pytest |
| 19 | |
| 20 | from google.auth import app_engine |
| 21 | |
| 22 | |
| 23 | @pytest.fixture |
| 24 | def app_identity_mock(monkeypatch): |
| 25 | """Mocks the app_identity module for google.auth.app_engine.""" |
| 26 | app_identity_mock = mock.Mock() |
| 27 | monkeypatch.setattr( |
| 28 | app_engine, 'app_identity', app_identity_mock) |
| 29 | yield app_identity_mock |
| 30 | |
| 31 | |
| Jon Wayne Parrott | 2148fde | 2016-10-24 13:44:25 -0700 | [diff] [blame] | 32 | def test_get_project_id(app_identity_mock): |
| 33 | app_identity_mock.get_application_id.return_value = mock.sentinel.project |
| 34 | assert app_engine.get_project_id() == mock.sentinel.project |
| 35 | |
| 36 | |
| 37 | def test_get_project_id_missing_apis(): |
| 38 | with pytest.raises(EnvironmentError) as excinfo: |
| 39 | assert app_engine.get_project_id() |
| 40 | |
| 41 | assert excinfo.match(r'App Engine APIs are not available') |
| 42 | |
| 43 | |
| Jon Wayne Parrott | 0471475 | 2016-10-24 10:00:58 -0700 | [diff] [blame] | 44 | class TestCredentials(object): |
| 45 | def test_missing_apis(self): |
| 46 | with pytest.raises(EnvironmentError) as excinfo: |
| 47 | app_engine.Credentials() |
| 48 | |
| 49 | assert excinfo.match(r'App Engine APIs are not available') |
| 50 | |
| 51 | def test_default_state(self, app_identity_mock): |
| 52 | credentials = app_engine.Credentials() |
| 53 | |
| 54 | # Not token acquired yet |
| 55 | assert not credentials.valid |
| 56 | # Expiration hasn't been set yet |
| 57 | assert not credentials.expired |
| 58 | # Scopes are required |
| 59 | assert not credentials.scopes |
| 60 | assert credentials.requires_scopes |
| 61 | |
| 62 | def test_with_scopes(self, app_identity_mock): |
| 63 | credentials = app_engine.Credentials() |
| 64 | |
| 65 | assert not credentials.scopes |
| 66 | assert credentials.requires_scopes |
| 67 | |
| 68 | scoped_credentials = credentials.with_scopes(['email']) |
| 69 | |
| 70 | assert scoped_credentials.has_scopes(['email']) |
| 71 | assert not scoped_credentials.requires_scopes |
| 72 | |
| Jon Wayne Parrott | 61ffb05 | 2016-11-08 09:30:30 -0800 | [diff] [blame] | 73 | def test_service_account_email_implicit(self, app_identity_mock): |
| 74 | app_identity_mock.get_service_account_name.return_value = ( |
| 75 | mock.sentinel.service_account_email) |
| 76 | credentials = app_engine.Credentials() |
| 77 | |
| 78 | assert (credentials.service_account_email == |
| 79 | mock.sentinel.service_account_email) |
| 80 | assert app_identity_mock.get_service_account_name.called |
| 81 | |
| 82 | def test_service_account_email_explicit(self, app_identity_mock): |
| 83 | credentials = app_engine.Credentials( |
| 84 | service_account_id=mock.sentinel.service_account_email) |
| 85 | |
| 86 | assert (credentials.service_account_email == |
| 87 | mock.sentinel.service_account_email) |
| 88 | assert not app_identity_mock.get_service_account_name.called |
| 89 | |
| Jon Wayne Parrott | 0471475 | 2016-10-24 10:00:58 -0700 | [diff] [blame] | 90 | @mock.patch( |
| 91 | 'google.auth._helpers.utcnow', |
| 92 | return_value=datetime.datetime.min) |
| 93 | def test_refresh(self, now_mock, app_identity_mock): |
| 94 | token = 'token' |
| 95 | ttl = 100 |
| 96 | app_identity_mock.get_access_token.return_value = token, ttl |
| 97 | credentials = app_engine.Credentials(scopes=['email']) |
| 98 | |
| 99 | credentials.refresh(None) |
| 100 | |
| 101 | app_identity_mock.get_access_token.assert_called_with( |
| 102 | credentials.scopes, credentials._service_account_id) |
| 103 | assert credentials.token == token |
| 104 | assert credentials.expiry == ( |
| 105 | datetime.datetime.min + datetime.timedelta(seconds=ttl)) |
| 106 | assert credentials.valid |
| 107 | assert not credentials.expired |
| 108 | |
| 109 | def test_sign_bytes(self, app_identity_mock): |
| 110 | app_identity_mock.sign_blob.return_value = mock.sentinel.signature |
| 111 | credentials = app_engine.Credentials() |
| 112 | to_sign = b'123' |
| 113 | |
| 114 | signature = credentials.sign_bytes(to_sign) |
| 115 | |
| 116 | assert signature == mock.sentinel.signature |
| 117 | app_identity_mock.sign_blob.assert_called_with(to_sign) |
| Jon Wayne Parrott | 4c883f0 | 2016-12-02 14:26:33 -0800 | [diff] [blame^] | 118 | |
| 119 | def test_signer_email(self, app_identity_mock): |
| 120 | credentials = app_engine.Credentials() |
| 121 | assert credentials.signer_email == credentials.service_account_email |