| Jon Wayne Parrott | 924191c | 2017-02-15 16:43:23 -0800 | [diff] [blame^] | 1 | # Copyright 2017 Google Inc. |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | import base64 |
| 16 | import datetime |
| 17 | import json |
| 18 | |
| 19 | import mock |
| 20 | import pytest |
| 21 | from six.moves import http_client |
| 22 | |
| 23 | from google.auth import exceptions |
| 24 | from google.auth import iam |
| 25 | from google.auth import transport |
| 26 | import google.auth.credentials |
| 27 | |
| 28 | |
| 29 | def make_request(status, data=None): |
| 30 | response = mock.Mock(spec=transport.Response) |
| 31 | response.status = status |
| 32 | |
| 33 | if data is not None: |
| 34 | response.data = json.dumps(data).encode('utf-8') |
| 35 | |
| 36 | return mock.Mock(return_value=response, spec=transport.Request) |
| 37 | |
| 38 | |
| 39 | def make_credentials(): |
| 40 | class CredentialsImpl(google.auth.credentials.Credentials): |
| 41 | def __init__(self): |
| 42 | super(CredentialsImpl, self).__init__() |
| 43 | self.token = 'token' |
| 44 | # Force refresh |
| 45 | self.expiry = datetime.datetime.min |
| 46 | |
| 47 | def refresh(self, request): |
| 48 | pass |
| 49 | |
| 50 | return CredentialsImpl() |
| 51 | |
| 52 | |
| 53 | class TestSigner(object): |
| 54 | def test_constructor(self): |
| 55 | request = mock.sentinel.request |
| 56 | credentials = mock.Mock(spec=google.auth.credentials.Credentials) |
| 57 | |
| 58 | signer = iam.Signer( |
| 59 | request, credentials, mock.sentinel.service_account_email) |
| 60 | |
| 61 | assert signer._request == mock.sentinel.request |
| 62 | assert signer._credentials == credentials |
| 63 | assert (signer._service_account_email == |
| 64 | mock.sentinel.service_account_email) |
| 65 | |
| 66 | def test_key_id(self): |
| 67 | key_id = '123' |
| 68 | request = make_request(http_client.OK, data={'keyId': key_id}) |
| 69 | credentials = make_credentials() |
| 70 | |
| 71 | signer = iam.Signer( |
| 72 | request, credentials, mock.sentinel.service_account_email) |
| 73 | |
| 74 | assert signer.key_id == '123' |
| 75 | auth_header = request.call_args[1]['headers']['authorization'] |
| 76 | assert auth_header == 'Bearer token' |
| 77 | |
| 78 | def test_sign_bytes(self): |
| 79 | signature = b'DEADBEEF' |
| 80 | encoded_signature = base64.b64encode(signature).decode('utf-8') |
| 81 | request = make_request( |
| 82 | http_client.OK, data={'signature': encoded_signature}) |
| 83 | credentials = make_credentials() |
| 84 | |
| 85 | signer = iam.Signer( |
| 86 | request, credentials, mock.sentinel.service_account_email) |
| 87 | |
| 88 | returned_signature = signer.sign('123') |
| 89 | |
| 90 | assert returned_signature == signature |
| 91 | |
| 92 | def test_sign_bytes_failure(self): |
| 93 | request = make_request(http_client.UNAUTHORIZED) |
| 94 | credentials = make_credentials() |
| 95 | |
| 96 | signer = iam.Signer( |
| 97 | request, credentials, mock.sentinel.service_account_email) |
| 98 | |
| 99 | with pytest.raises(exceptions.TransportError): |
| 100 | signer.sign('123') |