blob: 0665efab2944945193a1a0c91be049dd2915f906 [file] [log] [blame]
C.J. Collier37141e42020-02-13 13:49:49 -08001# Copyright 2016 Google LLC
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -07002#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import json
16import os
17
18import mock
19import pytest
20
21from google.auth import _default
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -070022from google.auth import app_engine
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070023from google.auth import compute_engine
Bu Sun Kim3dda7b22020-07-09 10:39:39 -070024from google.auth import credentials
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070025from google.auth import environment_vars
26from google.auth import exceptions
27from google.oauth2 import service_account
28import google.oauth2.credentials
29
30
Bu Sun Kim9eec0912019-10-21 17:04:21 -070031DATA_DIR = os.path.join(os.path.dirname(__file__), "data")
32AUTHORIZED_USER_FILE = os.path.join(DATA_DIR, "authorized_user.json")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070033
34with open(AUTHORIZED_USER_FILE) as fh:
35 AUTHORIZED_USER_FILE_DATA = json.load(fh)
36
Thea Flowersa8d93482018-05-31 14:52:06 -070037AUTHORIZED_USER_CLOUD_SDK_FILE = os.path.join(
Bu Sun Kim9eec0912019-10-21 17:04:21 -070038 DATA_DIR, "authorized_user_cloud_sdk.json"
39)
Thea Flowersa8d93482018-05-31 14:52:06 -070040
arithmetic1728f30b45a2020-06-17 23:36:04 -070041AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE = os.path.join(
42 DATA_DIR, "authorized_user_cloud_sdk_with_quota_project_id.json"
43)
44
Bu Sun Kim9eec0912019-10-21 17:04:21 -070045SERVICE_ACCOUNT_FILE = os.path.join(DATA_DIR, "service_account.json")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070046
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070047CLIENT_SECRETS_FILE = os.path.join(DATA_DIR, "client_secrets.json")
48
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070049with open(SERVICE_ACCOUNT_FILE) as fh:
50 SERVICE_ACCOUNT_FILE_DATA = json.load(fh)
51
Bu Sun Kim3dda7b22020-07-09 10:39:39 -070052MOCK_CREDENTIALS = mock.Mock(spec=credentials.Credentials)
53MOCK_CREDENTIALS.with_quota_project.return_value = MOCK_CREDENTIALS
54
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070055LOAD_FILE_PATCH = mock.patch(
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070056 "google.auth._default.load_credentials_from_file",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -070057 return_value=(MOCK_CREDENTIALS, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -070058 autospec=True,
59)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070060
61
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070062def test_load_credentials_from_missing_file():
weitaiting6e86c932017-08-12 03:26:59 +080063 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070064 _default.load_credentials_from_file("")
weitaiting6e86c932017-08-12 03:26:59 +080065
Bu Sun Kim9eec0912019-10-21 17:04:21 -070066 assert excinfo.match(r"not found")
weitaiting6e86c932017-08-12 03:26:59 +080067
68
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070069def test_load_credentials_from_file_invalid_json(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -070070 jsonfile = tmpdir.join("invalid.json")
71 jsonfile.write("{")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070072
73 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070074 _default.load_credentials_from_file(str(jsonfile))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070075
Bu Sun Kim9eec0912019-10-21 17:04:21 -070076 assert excinfo.match(r"not a valid json file")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070077
78
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070079def test_load_credentials_from_file_invalid_type(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -070080 jsonfile = tmpdir.join("invalid.json")
81 jsonfile.write(json.dumps({"type": "not-a-real-type"}))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070082
83 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070084 _default.load_credentials_from_file(str(jsonfile))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070085
Bu Sun Kim9eec0912019-10-21 17:04:21 -070086 assert excinfo.match(r"does not have a valid type")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070087
88
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070089def test_load_credentials_from_file_authorized_user():
90 credentials, project_id = _default.load_credentials_from_file(AUTHORIZED_USER_FILE)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070091 assert isinstance(credentials, google.oauth2.credentials.Credentials)
92 assert project_id is None
93
94
Bu Sun Kim15d5fa92020-06-18 14:05:40 -070095def test_load_credentials_from_file_no_type(tmpdir):
96 # use the client_secrets.json, which is valid json but not a
97 # loadable credentials type
98 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
99 _default.load_credentials_from_file(CLIENT_SECRETS_FILE)
100
101 assert excinfo.match(r"does not have a valid type")
102 assert excinfo.match(r"Type is None")
103
104
105def test_load_credentials_from_file_authorized_user_bad_format(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700106 filename = tmpdir.join("authorized_user_bad.json")
107 filename.write(json.dumps({"type": "authorized_user"}))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700108
109 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700110 _default.load_credentials_from_file(str(filename))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700111
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700112 assert excinfo.match(r"Failed to load authorized user")
113 assert excinfo.match(r"missing fields")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700114
115
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700116def test_load_credentials_from_file_authorized_user_cloud_sdk():
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700117 with pytest.warns(UserWarning, match="Cloud SDK"):
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700118 credentials, project_id = _default.load_credentials_from_file(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700119 AUTHORIZED_USER_CLOUD_SDK_FILE
120 )
Thea Flowersa8d93482018-05-31 14:52:06 -0700121 assert isinstance(credentials, google.oauth2.credentials.Credentials)
122 assert project_id is None
123
arithmetic1728f30b45a2020-06-17 23:36:04 -0700124 # No warning if the json file has quota project id.
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700125 credentials, project_id = _default.load_credentials_from_file(
arithmetic1728f30b45a2020-06-17 23:36:04 -0700126 AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE
127 )
128 assert isinstance(credentials, google.oauth2.credentials.Credentials)
129 assert project_id is None
130
Thea Flowersa8d93482018-05-31 14:52:06 -0700131
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700132def test_load_credentials_from_file_authorized_user_cloud_sdk_with_scopes():
133 with pytest.warns(UserWarning, match="Cloud SDK"):
134 credentials, project_id = _default.load_credentials_from_file(
135 AUTHORIZED_USER_CLOUD_SDK_FILE,
136 scopes=["https://www.google.com/calendar/feeds"],
137 )
138 assert isinstance(credentials, google.oauth2.credentials.Credentials)
139 assert project_id is None
140 assert credentials.scopes == ["https://www.google.com/calendar/feeds"]
141
142
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700143def test_load_credentials_from_file_authorized_user_cloud_sdk_with_quota_project():
144 credentials, project_id = _default.load_credentials_from_file(
145 AUTHORIZED_USER_CLOUD_SDK_FILE, quota_project_id="project-foo"
146 )
147
148 assert isinstance(credentials, google.oauth2.credentials.Credentials)
149 assert project_id is None
150 assert credentials.quota_project_id == "project-foo"
151
152
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700153def test_load_credentials_from_file_service_account():
154 credentials, project_id = _default.load_credentials_from_file(SERVICE_ACCOUNT_FILE)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700155 assert isinstance(credentials, service_account.Credentials)
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700156 assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700157
158
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700159def test_load_credentials_from_file_service_account_with_scopes():
160 credentials, project_id = _default.load_credentials_from_file(
161 SERVICE_ACCOUNT_FILE, scopes=["https://www.google.com/calendar/feeds"]
162 )
163 assert isinstance(credentials, service_account.Credentials)
164 assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
165 assert credentials.scopes == ["https://www.google.com/calendar/feeds"]
166
167
168def test_load_credentials_from_file_service_account_bad_format(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700169 filename = tmpdir.join("serivce_account_bad.json")
170 filename.write(json.dumps({"type": "service_account"}))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700171
172 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
Bu Sun Kim15d5fa92020-06-18 14:05:40 -0700173 _default.load_credentials_from_file(str(filename))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700174
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700175 assert excinfo.match(r"Failed to load service account")
176 assert excinfo.match(r"missing fields")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700177
178
179@mock.patch.dict(os.environ, {}, clear=True)
180def test__get_explicit_environ_credentials_no_env():
181 assert _default._get_explicit_environ_credentials() == (None, None)
182
183
184@LOAD_FILE_PATCH
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700185def test__get_explicit_environ_credentials(load, monkeypatch):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700186 monkeypatch.setenv(environment_vars.CREDENTIALS, "filename")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700187
188 credentials, project_id = _default._get_explicit_environ_credentials()
189
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700190 assert credentials is MOCK_CREDENTIALS
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700191 assert project_id is mock.sentinel.project_id
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700192 load.assert_called_with("filename")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700193
194
195@LOAD_FILE_PATCH
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700196def test__get_explicit_environ_credentials_no_project_id(load, monkeypatch):
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700197 load.return_value = MOCK_CREDENTIALS, None
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700198 monkeypatch.setenv(environment_vars.CREDENTIALS, "filename")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700199
200 credentials, project_id = _default._get_explicit_environ_credentials()
201
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700202 assert credentials is MOCK_CREDENTIALS
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700203 assert project_id is None
204
205
206@LOAD_FILE_PATCH
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800207@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700208 "google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
209)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700210def test__get_gcloud_sdk_credentials(get_adc_path, load):
211 get_adc_path.return_value = SERVICE_ACCOUNT_FILE
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700212
213 credentials, project_id = _default._get_gcloud_sdk_credentials()
214
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700215 assert credentials is MOCK_CREDENTIALS
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700216 assert project_id is mock.sentinel.project_id
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700217 load.assert_called_with(SERVICE_ACCOUNT_FILE)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700218
219
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800220@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700221 "google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
222)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700223def test__get_gcloud_sdk_credentials_non_existent(get_adc_path, tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700224 non_existent = tmpdir.join("non-existent")
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700225 get_adc_path.return_value = str(non_existent)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700226
227 credentials, project_id = _default._get_gcloud_sdk_credentials()
228
229 assert credentials is None
230 assert project_id is None
231
232
233@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700234 "google.auth._cloud_sdk.get_project_id",
235 return_value=mock.sentinel.project_id,
236 autospec=True,
237)
238@mock.patch("os.path.isfile", return_value=True, autospec=True)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700239@LOAD_FILE_PATCH
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700240def test__get_gcloud_sdk_credentials_project_id(load, unused_isfile, get_project_id):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700241 # Don't return a project ID from load file, make the function check
242 # the Cloud SDK project.
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700243 load.return_value = MOCK_CREDENTIALS, None
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700244
245 credentials, project_id = _default._get_gcloud_sdk_credentials()
246
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700247 assert credentials == MOCK_CREDENTIALS
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700248 assert project_id == mock.sentinel.project_id
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700249 assert get_project_id.called
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700250
251
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700252@mock.patch("google.auth._cloud_sdk.get_project_id", return_value=None, autospec=True)
253@mock.patch("os.path.isfile", return_value=True)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700254@LOAD_FILE_PATCH
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700255def test__get_gcloud_sdk_credentials_no_project_id(load, unused_isfile, get_project_id):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700256 # Don't return a project ID from load file, make the function check
257 # the Cloud SDK project.
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700258 load.return_value = MOCK_CREDENTIALS, None
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700259
260 credentials, project_id = _default._get_gcloud_sdk_credentials()
261
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700262 assert credentials == MOCK_CREDENTIALS
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700263 assert project_id is None
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700264 assert get_project_id.called
265
266
267class _AppIdentityModule(object):
268 """The interface of the App Idenity app engine module.
269 See https://cloud.google.com/appengine/docs/standard/python/refdocs\
270 /google.appengine.api.app_identity.app_identity
271 """
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700272
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700273 def get_application_id(self):
274 raise NotImplementedError()
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700275
276
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700277@pytest.fixture
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700278def app_identity(monkeypatch):
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700279 """Mocks the app_identity module for google.auth.app_engine."""
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700280 app_identity_module = mock.create_autospec(_AppIdentityModule, instance=True)
281 monkeypatch.setattr(app_engine, "app_identity", app_identity_module)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700282 yield app_identity_module
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700283
284
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700285def test__get_gae_credentials(app_identity):
286 app_identity.get_application_id.return_value = mock.sentinel.project
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700287
288 credentials, project_id = _default._get_gae_credentials()
289
290 assert isinstance(credentials, app_engine.Credentials)
291 assert project_id == mock.sentinel.project
292
293
James Wilson6e0781b2018-12-20 20:38:52 -0500294def test__get_gae_credentials_no_app_engine():
295 import sys
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700296
297 with mock.patch.dict("sys.modules"):
298 sys.modules["google.auth.app_engine"] = None
James Wilson6e0781b2018-12-20 20:38:52 -0500299 credentials, project_id = _default._get_gae_credentials()
300 assert credentials is None
301 assert project_id is None
302
303
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700304def test__get_gae_credentials_no_apis():
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700305 assert _default._get_gae_credentials() == (None, None)
306
307
308@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700309 "google.auth.compute_engine._metadata.ping", return_value=True, autospec=True
310)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700311@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700312 "google.auth.compute_engine._metadata.get_project_id",
313 return_value="example-project",
314 autospec=True,
315)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700316def test__get_gce_credentials(unused_get, unused_ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700317 credentials, project_id = _default._get_gce_credentials()
318
319 assert isinstance(credentials, compute_engine.Credentials)
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700320 assert project_id == "example-project"
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700321
322
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800323@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700324 "google.auth.compute_engine._metadata.ping", return_value=False, autospec=True
325)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700326def test__get_gce_credentials_no_ping(unused_ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700327 credentials, project_id = _default._get_gce_credentials()
328
329 assert credentials is None
330 assert project_id is None
331
332
333@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700334 "google.auth.compute_engine._metadata.ping", return_value=True, autospec=True
335)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700336@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700337 "google.auth.compute_engine._metadata.get_project_id",
338 side_effect=exceptions.TransportError(),
339 autospec=True,
340)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700341def test__get_gce_credentials_no_project_id(unused_get, unused_ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700342 credentials, project_id = _default._get_gce_credentials()
343
344 assert isinstance(credentials, compute_engine.Credentials)
345 assert project_id is None
346
347
James Wilson6e0781b2018-12-20 20:38:52 -0500348def test__get_gce_credentials_no_compute_engine():
349 import sys
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700350
351 with mock.patch.dict("sys.modules"):
352 sys.modules["google.auth.compute_engine"] = None
James Wilson6e0781b2018-12-20 20:38:52 -0500353 credentials, project_id = _default._get_gce_credentials()
354 assert credentials is None
355 assert project_id is None
356
357
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800358@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700359 "google.auth.compute_engine._metadata.ping", return_value=False, autospec=True
360)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700361def test__get_gce_credentials_explicit_request(ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700362 _default._get_gce_credentials(mock.sentinel.request)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700363 ping.assert_called_with(request=mock.sentinel.request)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700364
365
366@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700367 "google.auth._default._get_explicit_environ_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700368 return_value=(MOCK_CREDENTIALS, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700369 autospec=True,
370)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700371def test_default_early_out(unused_get):
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700372 assert _default.default() == (MOCK_CREDENTIALS, mock.sentinel.project_id)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700373
374
375@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700376 "google.auth._default._get_explicit_environ_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700377 return_value=(MOCK_CREDENTIALS, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700378 autospec=True,
379)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700380def test_default_explict_project_id(unused_get, monkeypatch):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700381 monkeypatch.setenv(environment_vars.PROJECT, "explicit-env")
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700382 assert _default.default() == (MOCK_CREDENTIALS, "explicit-env")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700383
384
385@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700386 "google.auth._default._get_explicit_environ_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700387 return_value=(MOCK_CREDENTIALS, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700388 autospec=True,
389)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700390def test_default_explict_legacy_project_id(unused_get, monkeypatch):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700391 monkeypatch.setenv(environment_vars.LEGACY_PROJECT, "explicit-env")
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700392 assert _default.default() == (MOCK_CREDENTIALS, "explicit-env")
Jon Wayne Parrottce37cba2016-11-07 16:41:42 -0800393
394
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700395@mock.patch("logging.Logger.warning", autospec=True)
Jon Wayne Parrottce37cba2016-11-07 16:41:42 -0800396@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700397 "google.auth._default._get_explicit_environ_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700398 return_value=(MOCK_CREDENTIALS, None),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700399 autospec=True,
400)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600401@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700402 "google.auth._default._get_gcloud_sdk_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700403 return_value=(MOCK_CREDENTIALS, None),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700404 autospec=True,
405)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600406@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700407 "google.auth._default._get_gae_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700408 return_value=(MOCK_CREDENTIALS, None),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700409 autospec=True,
410)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600411@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700412 "google.auth._default._get_gce_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700413 return_value=(MOCK_CREDENTIALS, None),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700414 autospec=True,
415)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600416def test_default_without_project_id(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700417 unused_gce, unused_gae, unused_sdk, unused_explicit, logger_warning
418):
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700419 assert _default.default() == (MOCK_CREDENTIALS, None)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600420 logger_warning.assert_called_with(mock.ANY, mock.ANY, mock.ANY)
421
422
423@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700424 "google.auth._default._get_explicit_environ_credentials",
425 return_value=(None, None),
426 autospec=True,
427)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700428@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700429 "google.auth._default._get_gcloud_sdk_credentials",
430 return_value=(None, None),
431 autospec=True,
432)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700433@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700434 "google.auth._default._get_gae_credentials",
435 return_value=(None, None),
436 autospec=True,
437)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700438@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700439 "google.auth._default._get_gce_credentials",
440 return_value=(None, None),
441 autospec=True,
442)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700443def test_default_fail(unused_gce, unused_gae, unused_sdk, unused_explicit):
444 with pytest.raises(exceptions.DefaultCredentialsError):
445 assert _default.default()
Jon Wayne Parrott8a7e5062016-11-07 16:45:17 -0800446
447
448@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700449 "google.auth._default._get_explicit_environ_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700450 return_value=(MOCK_CREDENTIALS, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700451 autospec=True,
452)
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700453@mock.patch(
454 "google.auth.credentials.with_scopes_if_required",
455 return_value=MOCK_CREDENTIALS,
456 autospec=True,
457)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600458def test_default_scoped(with_scopes, unused_get):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700459 scopes = ["one", "two"]
Jon Wayne Parrott8a7e5062016-11-07 16:45:17 -0800460
461 credentials, project_id = _default.default(scopes=scopes)
462
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700463 assert credentials == with_scopes.return_value
Jon Wayne Parrott8a7e5062016-11-07 16:45:17 -0800464 assert project_id == mock.sentinel.project_id
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700465 with_scopes.assert_called_once_with(MOCK_CREDENTIALS, scopes)
James Wilson6e0781b2018-12-20 20:38:52 -0500466
467
468@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700469 "google.auth._default._get_explicit_environ_credentials",
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700470 return_value=(MOCK_CREDENTIALS, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700471 autospec=True,
472)
James Wilson6e0781b2018-12-20 20:38:52 -0500473def test_default_no_app_engine_compute_engine_module(unused_get):
474 """
475 google.auth.compute_engine and google.auth.app_engine are both optional
476 to allow not including them when using this package. This verifies
477 that default fails gracefully if these modules are absent
478 """
479 import sys
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700480
481 with mock.patch.dict("sys.modules"):
482 sys.modules["google.auth.compute_engine"] = None
483 sys.modules["google.auth.app_engine"] = None
Bu Sun Kim3dda7b22020-07-09 10:39:39 -0700484 assert _default.default() == (MOCK_CREDENTIALS, mock.sentinel.project_id)