Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / aadb3def515fb4d701586434dba559382f4984b9 / . / tests / test__default.py
blob: 137fdcd405d5294909a45d0d59d48709f7a35a5c [file] [log] [blame]
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700[diff] [blame^]1# Copyright 2016 Google Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import json
16import os
17
18import mock
19import pytest
20
21from google.auth import _default
22from google.auth import compute_engine
23from google.auth import environment_vars
24from google.auth import exceptions
25from google.oauth2 import service_account
26import google.oauth2.credentials
27
28
29DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
30AUTHORIZED_USER_FILE = os.path.join(DATA_DIR, 'authorized_user.json')
31
32with open(AUTHORIZED_USER_FILE) as fh:
33 AUTHORIZED_USER_FILE_DATA = json.load(fh)
34
35SERVICE_ACCOUNT_FILE = os.path.join(DATA_DIR, 'service_account.json')
36
37with open(SERVICE_ACCOUNT_FILE) as fh:
38 SERVICE_ACCOUNT_FILE_DATA = json.load(fh)
39
40with open(os.path.join(DATA_DIR, 'cloud_sdk.cfg')) as fh:
41 CLOUD_SDK_CONFIG_DATA = fh.read()
42
43LOAD_FILE_PATCH = mock.patch(
44 'google.auth._default._load_credentials_from_file', return_value=(
45 mock.sentinel.credentials, mock.sentinel.project_id))
46
47
48def test__load_credentials_from_file_invalid_json(tmpdir):
49 jsonfile = tmpdir.join('invalid.json')
50 jsonfile.write('{')
51
52 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
53 _default._load_credentials_from_file(str(jsonfile))
54
55 assert excinfo.match(r'not a valid json file')
56
57
58def test__load_credentials_from_file_invalid_type(tmpdir):
59 jsonfile = tmpdir.join('invalid.json')
60 jsonfile.write(json.dumps({'type': 'not-a-real-type'}))
61
62 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
63 _default._load_credentials_from_file(str(jsonfile))
64
65 assert excinfo.match(r'does not have a valid type')
66
67
68def test__load_credentials_from_file_authorized_user():
69 credentials, project_id = _default._load_credentials_from_file(
70 AUTHORIZED_USER_FILE)
71 assert isinstance(credentials, google.oauth2.credentials.Credentials)
72 assert project_id is None
73
74
75def test__load_credentials_from_file_authorized_user_bad_format(tmpdir):
76 filename = tmpdir.join('authorized_user_bad.json')
77 filename.write(json.dumps({'type': 'authorized_user'}))
78
79 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
80 _default._load_credentials_from_file(str(filename))
81
82 assert excinfo.match(r'Failed to load authorized user')
83 assert excinfo.match(r'missing fields')
84
85
86def test__load_credentials_from_file_service_account():
87 credentials, project_id = _default._load_credentials_from_file(
88 SERVICE_ACCOUNT_FILE)
89 assert isinstance(credentials, service_account.Credentials)
90 assert project_id == SERVICE_ACCOUNT_FILE_DATA['project_id']
91
92
93def test__load_credentials_from_file_service_account_bad_format(tmpdir):
94 filename = tmpdir.join('serivce_account_bad.json')
95 filename.write(json.dumps({'type': 'service_account'}))
96
97 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
98 _default._load_credentials_from_file(str(filename))
99
100 assert excinfo.match(r'Failed to load service account')
101 assert excinfo.match(r'missing fields')
102
103
104@mock.patch.dict(os.environ, {}, clear=True)
105def test__get_explicit_environ_credentials_no_env():
106 assert _default._get_explicit_environ_credentials() == (None, None)
107
108
109@LOAD_FILE_PATCH
110def test__get_explicit_environ_credentials(mock_load, monkeypatch):
111 monkeypatch.setenv(environment_vars.CREDENTIALS, 'filename')
112
113 credentials, project_id = _default._get_explicit_environ_credentials()
114
115 assert credentials is mock.sentinel.credentials
116 assert project_id is mock.sentinel.project_id
117 mock_load.assert_called_with('filename')
118
119
120@LOAD_FILE_PATCH
121def test__get_explicit_environ_credentials_no_project_id(
122 mock_load, monkeypatch):
123 mock_load.return_value = (mock.sentinel.credentials, None)
124 monkeypatch.setenv(environment_vars.CREDENTIALS, 'filename')
125
126 credentials, project_id = _default._get_explicit_environ_credentials()
127
128 assert credentials is mock.sentinel.credentials
129 assert project_id is None
130
131
132@LOAD_FILE_PATCH
133@mock.patch('google.auth._cloud_sdk.get_application_default_credentials_path')
134def test__get_gcloud_sdk_credentials(
135 mock_get_adc_path, mock_load):
136 mock_get_adc_path.return_value = SERVICE_ACCOUNT_FILE
137
138 credentials, project_id = _default._get_gcloud_sdk_credentials()
139
140 assert credentials is mock.sentinel.credentials
141 assert project_id is mock.sentinel.project_id
142 mock_load.assert_called_with(SERVICE_ACCOUNT_FILE)
143
144
145@mock.patch('google.auth._cloud_sdk.get_application_default_credentials_path')
146def test__get_gcloud_sdk_credentials_non_existent(mock_get_adc_path, tmpdir):
147 non_existent = tmpdir.join('non-existent')
148 mock_get_adc_path.return_value = str(non_existent)
149
150 credentials, project_id = _default._get_gcloud_sdk_credentials()
151
152 assert credentials is None
153 assert project_id is None
154
155
156@mock.patch(
157 'google.auth._cloud_sdk.get_project_id',
158 return_value=mock.sentinel.project_id)
159@mock.patch('os.path.isfile', return_value=True)
160@LOAD_FILE_PATCH
161def test__get_gcloud_sdk_credentials_project_id(
162 mock_load, unused_mock_isfile, mock_get_project_id):
163 # Don't return a project ID from load file, make the function check
164 # the Cloud SDK project.
165 mock_load.return_value = (mock.sentinel.credentials, None)
166
167 credentials, project_id = _default._get_gcloud_sdk_credentials()
168
169 assert credentials == mock.sentinel.credentials
170 assert project_id == mock.sentinel.project_id
171 assert mock_get_project_id.called
172
173
174@mock.patch(
175 'google.auth._cloud_sdk.get_project_id',
176 return_value=None)
177@mock.patch('os.path.isfile', return_value=True)
178@LOAD_FILE_PATCH
179def test__get_gcloud_sdk_credentials_no_project_id(
180 mock_load, unused_mock_isfile, mock_get_project_id):
181 # Don't return a project ID from load file, make the function check
182 # the Cloud SDK project.
183 mock_load.return_value = (mock.sentinel.credentials, None)
184
185 credentials, project_id = _default._get_gcloud_sdk_credentials()
186
187 assert credentials == mock.sentinel.credentials
188 assert project_id is None
189
190
191def test__get_gae_credentials():
192 assert _default._get_gae_credentials() == (None, None)
193
194
195@mock.patch(
196 'google.auth.compute_engine._metadata.ping', return_value=True)
197@mock.patch(
198 'google.auth.compute_engine._metadata.get', return_value='example-project')
199def test__get_gce_credentials(get_mock, ping_mock):
200 credentials, project_id = _default._get_gce_credentials()
201
202 assert isinstance(credentials, compute_engine.Credentials)
203 assert project_id == 'example-project'
204
205
206@mock.patch('google.auth.compute_engine._metadata.ping', return_value=False)
207def test__get_gce_credentials_no_ping(ping_mock):
208 credentials, project_id = _default._get_gce_credentials()
209
210 assert credentials is None
211 assert project_id is None
212
213
214@mock.patch(
215 'google.auth.compute_engine._metadata.ping', return_value=True)
216@mock.patch(
217 'google.auth.compute_engine._metadata.get',
218 side_effect=exceptions.TransportError())
219def test__get_gce_credentials_no_project_id(get_mock, ping_mock):
220 credentials, project_id = _default._get_gce_credentials()
221
222 assert isinstance(credentials, compute_engine.Credentials)
223 assert project_id is None
224
225
226@mock.patch('google.auth.compute_engine._metadata.ping', return_value=False)
227def test__get_gce_credentials_explicit_request(ping_mock):
228 _default._get_gce_credentials(mock.sentinel.request)
229 ping_mock.assert_called_with(request=mock.sentinel.request)
230
231
232@mock.patch(
233 'google.auth._default._get_explicit_environ_credentials',
234 return_value=(mock.sentinel.credentials, mock.sentinel.project_id))
235def test_default_early_out(get_mock):
236 assert _default.default() == (
237 mock.sentinel.credentials, mock.sentinel.project_id)
238
239
240@mock.patch(
241 'google.auth._default._get_explicit_environ_credentials',
242 return_value=(mock.sentinel.credentials, mock.sentinel.project_id))
243def test_default_explict_project_id(get_mock, monkeypatch):
244 monkeypatch.setenv(environment_vars.PROJECT, 'explicit-env')
245 assert _default.default() == (
246 mock.sentinel.credentials, 'explicit-env')
247
248
249@mock.patch(
250 'google.auth._default._get_explicit_environ_credentials',
251 return_value=(None, None))
252@mock.patch(
253 'google.auth._default._get_gcloud_sdk_credentials',
254 return_value=(None, None))
255@mock.patch(
256 'google.auth._default._get_gae_credentials',
257 return_value=(None, None))
258@mock.patch(
259 'google.auth._default._get_gce_credentials',
260 return_value=(None, None))
261def test_default_fail(unused_gce, unused_gae, unused_sdk, unused_explicit):
262 with pytest.raises(exceptions.DefaultCredentialsError):
263 assert _default.default()