blob: b769fc78460b7046c467802da17bdf8f33f04a9f [file] [log] [blame]
C.J. Collier37141e42020-02-13 13:49:49 -08001# Copyright 2016 Google LLC
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -07002#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import json
16import os
17
18import mock
19import pytest
20
21from google.auth import _default
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -070022from google.auth import app_engine
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070023from google.auth import compute_engine
24from google.auth import environment_vars
25from google.auth import exceptions
26from google.oauth2 import service_account
27import google.oauth2.credentials
28
29
Bu Sun Kim9eec0912019-10-21 17:04:21 -070030DATA_DIR = os.path.join(os.path.dirname(__file__), "data")
31AUTHORIZED_USER_FILE = os.path.join(DATA_DIR, "authorized_user.json")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070032
33with open(AUTHORIZED_USER_FILE) as fh:
34 AUTHORIZED_USER_FILE_DATA = json.load(fh)
35
Thea Flowersa8d93482018-05-31 14:52:06 -070036AUTHORIZED_USER_CLOUD_SDK_FILE = os.path.join(
Bu Sun Kim9eec0912019-10-21 17:04:21 -070037 DATA_DIR, "authorized_user_cloud_sdk.json"
38)
Thea Flowersa8d93482018-05-31 14:52:06 -070039
arithmetic1728f30b45a2020-06-17 23:36:04 -070040AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE = os.path.join(
41 DATA_DIR, "authorized_user_cloud_sdk_with_quota_project_id.json"
42)
43
Bu Sun Kim9eec0912019-10-21 17:04:21 -070044SERVICE_ACCOUNT_FILE = os.path.join(DATA_DIR, "service_account.json")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070045
46with open(SERVICE_ACCOUNT_FILE) as fh:
47 SERVICE_ACCOUNT_FILE_DATA = json.load(fh)
48
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070049LOAD_FILE_PATCH = mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -070050 "google.auth._default._load_credentials_from_file",
51 return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
52 autospec=True,
53)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070054
55
weitaiting6e86c932017-08-12 03:26:59 +080056def test__load_credentials_from_missing_file():
57 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
Bu Sun Kim9eec0912019-10-21 17:04:21 -070058 _default._load_credentials_from_file("")
weitaiting6e86c932017-08-12 03:26:59 +080059
Bu Sun Kim9eec0912019-10-21 17:04:21 -070060 assert excinfo.match(r"not found")
weitaiting6e86c932017-08-12 03:26:59 +080061
62
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070063def test__load_credentials_from_file_invalid_json(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -070064 jsonfile = tmpdir.join("invalid.json")
65 jsonfile.write("{")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070066
67 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
68 _default._load_credentials_from_file(str(jsonfile))
69
Bu Sun Kim9eec0912019-10-21 17:04:21 -070070 assert excinfo.match(r"not a valid json file")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070071
72
73def test__load_credentials_from_file_invalid_type(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -070074 jsonfile = tmpdir.join("invalid.json")
75 jsonfile.write(json.dumps({"type": "not-a-real-type"}))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070076
77 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
78 _default._load_credentials_from_file(str(jsonfile))
79
Bu Sun Kim9eec0912019-10-21 17:04:21 -070080 assert excinfo.match(r"does not have a valid type")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070081
82
83def test__load_credentials_from_file_authorized_user():
Bu Sun Kim9eec0912019-10-21 17:04:21 -070084 credentials, project_id = _default._load_credentials_from_file(AUTHORIZED_USER_FILE)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070085 assert isinstance(credentials, google.oauth2.credentials.Credentials)
86 assert project_id is None
87
88
89def test__load_credentials_from_file_authorized_user_bad_format(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -070090 filename = tmpdir.join("authorized_user_bad.json")
91 filename.write(json.dumps({"type": "authorized_user"}))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070092
93 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
94 _default._load_credentials_from_file(str(filename))
95
Bu Sun Kim9eec0912019-10-21 17:04:21 -070096 assert excinfo.match(r"Failed to load authorized user")
97 assert excinfo.match(r"missing fields")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -070098
99
Thea Flowersa8d93482018-05-31 14:52:06 -0700100def test__load_credentials_from_file_authorized_user_cloud_sdk():
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700101 with pytest.warns(UserWarning, match="Cloud SDK"):
Thea Flowersa8d93482018-05-31 14:52:06 -0700102 credentials, project_id = _default._load_credentials_from_file(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700103 AUTHORIZED_USER_CLOUD_SDK_FILE
104 )
Thea Flowersa8d93482018-05-31 14:52:06 -0700105 assert isinstance(credentials, google.oauth2.credentials.Credentials)
106 assert project_id is None
107
arithmetic1728f30b45a2020-06-17 23:36:04 -0700108 # No warning if the json file has quota project id.
109 credentials, project_id = _default._load_credentials_from_file(
110 AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE
111 )
112 assert isinstance(credentials, google.oauth2.credentials.Credentials)
113 assert project_id is None
114
Thea Flowersa8d93482018-05-31 14:52:06 -0700115
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700116def test__load_credentials_from_file_service_account():
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700117 credentials, project_id = _default._load_credentials_from_file(SERVICE_ACCOUNT_FILE)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700118 assert isinstance(credentials, service_account.Credentials)
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700119 assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700120
121
122def test__load_credentials_from_file_service_account_bad_format(tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700123 filename = tmpdir.join("serivce_account_bad.json")
124 filename.write(json.dumps({"type": "service_account"}))
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700125
126 with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
127 _default._load_credentials_from_file(str(filename))
128
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700129 assert excinfo.match(r"Failed to load service account")
130 assert excinfo.match(r"missing fields")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700131
132
133@mock.patch.dict(os.environ, {}, clear=True)
134def test__get_explicit_environ_credentials_no_env():
135 assert _default._get_explicit_environ_credentials() == (None, None)
136
137
138@LOAD_FILE_PATCH
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700139def test__get_explicit_environ_credentials(load, monkeypatch):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700140 monkeypatch.setenv(environment_vars.CREDENTIALS, "filename")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700141
142 credentials, project_id = _default._get_explicit_environ_credentials()
143
144 assert credentials is mock.sentinel.credentials
145 assert project_id is mock.sentinel.project_id
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700146 load.assert_called_with("filename")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700147
148
149@LOAD_FILE_PATCH
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700150def test__get_explicit_environ_credentials_no_project_id(load, monkeypatch):
151 load.return_value = mock.sentinel.credentials, None
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700152 monkeypatch.setenv(environment_vars.CREDENTIALS, "filename")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700153
154 credentials, project_id = _default._get_explicit_environ_credentials()
155
156 assert credentials is mock.sentinel.credentials
157 assert project_id is None
158
159
160@LOAD_FILE_PATCH
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800161@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700162 "google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
163)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700164def test__get_gcloud_sdk_credentials(get_adc_path, load):
165 get_adc_path.return_value = SERVICE_ACCOUNT_FILE
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700166
167 credentials, project_id = _default._get_gcloud_sdk_credentials()
168
169 assert credentials is mock.sentinel.credentials
170 assert project_id is mock.sentinel.project_id
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700171 load.assert_called_with(SERVICE_ACCOUNT_FILE)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700172
173
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800174@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700175 "google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
176)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700177def test__get_gcloud_sdk_credentials_non_existent(get_adc_path, tmpdir):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700178 non_existent = tmpdir.join("non-existent")
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700179 get_adc_path.return_value = str(non_existent)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700180
181 credentials, project_id = _default._get_gcloud_sdk_credentials()
182
183 assert credentials is None
184 assert project_id is None
185
186
187@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700188 "google.auth._cloud_sdk.get_project_id",
189 return_value=mock.sentinel.project_id,
190 autospec=True,
191)
192@mock.patch("os.path.isfile", return_value=True, autospec=True)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700193@LOAD_FILE_PATCH
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700194def test__get_gcloud_sdk_credentials_project_id(load, unused_isfile, get_project_id):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700195 # Don't return a project ID from load file, make the function check
196 # the Cloud SDK project.
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700197 load.return_value = mock.sentinel.credentials, None
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700198
199 credentials, project_id = _default._get_gcloud_sdk_credentials()
200
201 assert credentials == mock.sentinel.credentials
202 assert project_id == mock.sentinel.project_id
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700203 assert get_project_id.called
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700204
205
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700206@mock.patch("google.auth._cloud_sdk.get_project_id", return_value=None, autospec=True)
207@mock.patch("os.path.isfile", return_value=True)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700208@LOAD_FILE_PATCH
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700209def test__get_gcloud_sdk_credentials_no_project_id(load, unused_isfile, get_project_id):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700210 # Don't return a project ID from load file, make the function check
211 # the Cloud SDK project.
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700212 load.return_value = mock.sentinel.credentials, None
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700213
214 credentials, project_id = _default._get_gcloud_sdk_credentials()
215
216 assert credentials == mock.sentinel.credentials
217 assert project_id is None
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700218 assert get_project_id.called
219
220
221class _AppIdentityModule(object):
222 """The interface of the App Idenity app engine module.
223 See https://cloud.google.com/appengine/docs/standard/python/refdocs\
224 /google.appengine.api.app_identity.app_identity
225 """
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700226
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700227 def get_application_id(self):
228 raise NotImplementedError()
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700229
230
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700231@pytest.fixture
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700232def app_identity(monkeypatch):
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700233 """Mocks the app_identity module for google.auth.app_engine."""
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700234 app_identity_module = mock.create_autospec(_AppIdentityModule, instance=True)
235 monkeypatch.setattr(app_engine, "app_identity", app_identity_module)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700236 yield app_identity_module
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700237
238
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700239def test__get_gae_credentials(app_identity):
240 app_identity.get_application_id.return_value = mock.sentinel.project
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700241
242 credentials, project_id = _default._get_gae_credentials()
243
244 assert isinstance(credentials, app_engine.Credentials)
245 assert project_id == mock.sentinel.project
246
247
James Wilson6e0781b2018-12-20 20:38:52 -0500248def test__get_gae_credentials_no_app_engine():
249 import sys
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700250
251 with mock.patch.dict("sys.modules"):
252 sys.modules["google.auth.app_engine"] = None
James Wilson6e0781b2018-12-20 20:38:52 -0500253 credentials, project_id = _default._get_gae_credentials()
254 assert credentials is None
255 assert project_id is None
256
257
Jon Wayne Parrott2148fde2016-10-24 13:44:25 -0700258def test__get_gae_credentials_no_apis():
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700259 assert _default._get_gae_credentials() == (None, None)
260
261
262@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700263 "google.auth.compute_engine._metadata.ping", return_value=True, autospec=True
264)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700265@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700266 "google.auth.compute_engine._metadata.get_project_id",
267 return_value="example-project",
268 autospec=True,
269)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700270def test__get_gce_credentials(unused_get, unused_ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700271 credentials, project_id = _default._get_gce_credentials()
272
273 assert isinstance(credentials, compute_engine.Credentials)
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700274 assert project_id == "example-project"
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700275
276
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800277@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700278 "google.auth.compute_engine._metadata.ping", return_value=False, autospec=True
279)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700280def test__get_gce_credentials_no_ping(unused_ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700281 credentials, project_id = _default._get_gce_credentials()
282
283 assert credentials is None
284 assert project_id is None
285
286
287@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700288 "google.auth.compute_engine._metadata.ping", return_value=True, autospec=True
289)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700290@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700291 "google.auth.compute_engine._metadata.get_project_id",
292 side_effect=exceptions.TransportError(),
293 autospec=True,
294)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700295def test__get_gce_credentials_no_project_id(unused_get, unused_ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700296 credentials, project_id = _default._get_gce_credentials()
297
298 assert isinstance(credentials, compute_engine.Credentials)
299 assert project_id is None
300
301
James Wilson6e0781b2018-12-20 20:38:52 -0500302def test__get_gce_credentials_no_compute_engine():
303 import sys
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700304
305 with mock.patch.dict("sys.modules"):
306 sys.modules["google.auth.compute_engine"] = None
James Wilson6e0781b2018-12-20 20:38:52 -0500307 credentials, project_id = _default._get_gce_credentials()
308 assert credentials is None
309 assert project_id is None
310
311
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800312@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700313 "google.auth.compute_engine._metadata.ping", return_value=False, autospec=True
314)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700315def test__get_gce_credentials_explicit_request(ping):
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700316 _default._get_gce_credentials(mock.sentinel.request)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700317 ping.assert_called_with(request=mock.sentinel.request)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700318
319
320@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700321 "google.auth._default._get_explicit_environ_credentials",
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800322 return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700323 autospec=True,
324)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700325def test_default_early_out(unused_get):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700326 assert _default.default() == (mock.sentinel.credentials, mock.sentinel.project_id)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700327
328
329@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700330 "google.auth._default._get_explicit_environ_credentials",
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800331 return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700332 autospec=True,
333)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700334def test_default_explict_project_id(unused_get, monkeypatch):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700335 monkeypatch.setenv(environment_vars.PROJECT, "explicit-env")
336 assert _default.default() == (mock.sentinel.credentials, "explicit-env")
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700337
338
339@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700340 "google.auth._default._get_explicit_environ_credentials",
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800341 return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700342 autospec=True,
343)
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700344def test_default_explict_legacy_project_id(unused_get, monkeypatch):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700345 monkeypatch.setenv(environment_vars.LEGACY_PROJECT, "explicit-env")
346 assert _default.default() == (mock.sentinel.credentials, "explicit-env")
Jon Wayne Parrottce37cba2016-11-07 16:41:42 -0800347
348
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700349@mock.patch("logging.Logger.warning", autospec=True)
Jon Wayne Parrottce37cba2016-11-07 16:41:42 -0800350@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700351 "google.auth._default._get_explicit_environ_credentials",
352 return_value=(mock.sentinel.credentials, None),
353 autospec=True,
354)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600355@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700356 "google.auth._default._get_gcloud_sdk_credentials",
357 return_value=(mock.sentinel.credentials, None),
358 autospec=True,
359)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600360@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700361 "google.auth._default._get_gae_credentials",
362 return_value=(mock.sentinel.credentials, None),
363 autospec=True,
364)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600365@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700366 "google.auth._default._get_gce_credentials",
367 return_value=(mock.sentinel.credentials, None),
368 autospec=True,
369)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600370def test_default_without_project_id(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700371 unused_gce, unused_gae, unused_sdk, unused_explicit, logger_warning
372):
373 assert _default.default() == (mock.sentinel.credentials, None)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600374 logger_warning.assert_called_with(mock.ANY, mock.ANY, mock.ANY)
375
376
377@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700378 "google.auth._default._get_explicit_environ_credentials",
379 return_value=(None, None),
380 autospec=True,
381)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700382@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700383 "google.auth._default._get_gcloud_sdk_credentials",
384 return_value=(None, None),
385 autospec=True,
386)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700387@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700388 "google.auth._default._get_gae_credentials",
389 return_value=(None, None),
390 autospec=True,
391)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700392@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700393 "google.auth._default._get_gce_credentials",
394 return_value=(None, None),
395 autospec=True,
396)
Jon Wayne Parrottaadb3de2016-10-19 09:34:05 -0700397def test_default_fail(unused_gce, unused_gae, unused_sdk, unused_explicit):
398 with pytest.raises(exceptions.DefaultCredentialsError):
399 assert _default.default()
Jon Wayne Parrott8a7e5062016-11-07 16:45:17 -0800400
401
402@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700403 "google.auth._default._get_explicit_environ_credentials",
Jon Wayne Parrott8784b232016-11-10 12:53:55 -0800404 return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700405 autospec=True,
406)
407@mock.patch("google.auth.credentials.with_scopes_if_required", autospec=True)
Jacob Hayes15af07b2017-12-13 14:09:47 -0600408def test_default_scoped(with_scopes, unused_get):
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700409 scopes = ["one", "two"]
Jon Wayne Parrott8a7e5062016-11-07 16:45:17 -0800410
411 credentials, project_id = _default.default(scopes=scopes)
412
Jon Wayne Parrott78fec2c2017-06-30 10:25:08 -0700413 assert credentials == with_scopes.return_value
Jon Wayne Parrott8a7e5062016-11-07 16:45:17 -0800414 assert project_id == mock.sentinel.project_id
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700415 with_scopes.assert_called_once_with(mock.sentinel.credentials, scopes)
James Wilson6e0781b2018-12-20 20:38:52 -0500416
417
418@mock.patch(
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700419 "google.auth._default._get_explicit_environ_credentials",
James Wilson6e0781b2018-12-20 20:38:52 -0500420 return_value=(mock.sentinel.credentials, mock.sentinel.project_id),
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700421 autospec=True,
422)
James Wilson6e0781b2018-12-20 20:38:52 -0500423def test_default_no_app_engine_compute_engine_module(unused_get):
424 """
425 google.auth.compute_engine and google.auth.app_engine are both optional
426 to allow not including them when using this package. This verifies
427 that default fails gracefully if these modules are absent
428 """
429 import sys
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700430
431 with mock.patch.dict("sys.modules"):
432 sys.modules["google.auth.compute_engine"] = None
433 sys.modules["google.auth.app_engine"] = None
James Wilson6e0781b2018-12-20 20:38:52 -0500434 assert _default.default() == (
Bu Sun Kim9eec0912019-10-21 17:04:21 -0700435 mock.sentinel.credentials,
436 mock.sentinel.project_id,
437 )