Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

draft PR for new env var #1157

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

draft PR for new env var #1157

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5b97b79
feat: GOOGLE_ADC_format support
arithmetic1728 Mar 28, 2022
9a6bb25
add some tests
arithmetic1728 Apr 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
add some tests
  • Loading branch information
@arithmetic1728
arithmetic1728 committed Apr 1, 2022
commit 9a6bb257b49d886e7d9042492a9c32c463ae7a03
12 changes: 5 additions & 7 deletions google/auth/_default.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,11 +225,11 @@ def _get_from_credentials_file_path(file_path, quota_project_id=None):
return None, None


def get_api_key_credentials(api_key):
def get_api_key_credentials(key):
"""Return credentials with the given API key."""
from google.auth import api_key

return api_key.Credentials(api_key)
return api_key.Credentials(key)


def _get_explicit_environ_credentials(quota_project_id=None):
Expand All @@ -241,13 +241,11 @@ def _get_explicit_environ_credentials(quota_project_id=None):
raise exceptions.DefaultCredentialsError("{} is not a supported GOOGLE_ADC_FORMAT value".format(adc_format))

if adc_format == "api_key":
from google.auth import api_key

return api_key.Credentials(adc_value), quota_project_id
return get_api_key_credentials(adc_value), quota_project_id
elif adc_format == "token":
from google.oauth2 import fixed_token_credentials

return fixed_token_credentials.credentials(adc_value), quota_project_id
return fixed_token_credentials.Credentials(adc_value), quota_project_id
elif adc_format == "base64_json":
try:
json_str = base64.b64decode(adc_value, validate=True).decode("utf8")
Expand All @@ -260,7 +258,7 @@ def _get_explicit_environ_credentials(quota_project_id=None):
six.raise_from(new_exc, caught_exc)
return _load_credentials_from_info("JSON", json_content, quota_project_id=quota_project_id)

return _get_from_credentials_file_path(adc_value)
return _get_from_credentials_file_path(adc_value, quota_project_id=quota_project_id)


def _get_gae_credentials():
Expand Down
2 changes: 1 addition & 1 deletion google/auth/api_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ def __init__(self, token):
Raises:
ValueError: If the provided API key is not a non-empty string.
"""
super(Credentials, self).__init__()
if not token:
raise ValueError("Token must be a non-empty API key string")
super(Credentials, self).__init__()
self.token = token

@property
Expand Down
4 changes: 2 additions & 2 deletions google/oauth2/fixed_token_credentials.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
from google.auth import credentials


class FixedTokenCredentials(credentials.Credentials):
class Credentials(credentials.Credentials):
"""Credentials with a fixed OAuth2 token.

The token is considered never expired so users are responsible for the
Expand All @@ -39,7 +39,7 @@ def __init__(self, token):
"""
if not token:
raise ValueError("Token is not provided")
super(FixedTokenCredentials, self).__init__()
super(Credentials, self).__init__()
self.token = token

@property
Expand Down
31 changes: 31 additions & 0 deletions tests/test__default.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import pytest # type: ignore

from google.auth import _default
from google.auth import api_key
from google.auth import app_engine
from google.auth import aws
from google.auth import compute_engine
Expand All @@ -28,6 +29,7 @@
from google.auth import external_account
from google.auth import identity_pool
from google.auth import impersonated_credentials
from google.oauth2 import fixed_token_credentials
from google.oauth2 import service_account
import google.oauth2.credentials

Expand Down Expand Up @@ -1140,3 +1142,32 @@ def test_default_impersonated_service_account_set_both_scopes_and_default_scopes

credentials, _ = _default.default(scopes=scopes, default_scopes=default_scopes)
assert credentials._target_scopes == scopes


def test_default_adc_format_unsupported():
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
with mock.patch.dict(os.environ, {environment_vars.ADC_FORMAT: "unsupported"}):
_default.default()

assert excinfo.match("not a supported GOOGLE_ADC_FORMAT value")


def test_default_adc_format_api_key():
with mock.patch.dict(os.environ, {environment_vars.ADC_FORMAT: "api_key"}):
with mock.patch.dict(os.environ, {environment_vars.CREDENTIALS: "key-foo"}):
cred, project_id = _default.default(quota_project_id="project-foo")

assert isinstance(cred, api_key.Credentials)
assert cred.token == "key-foo"
assert project_id == "project-foo"


def test_default_adc_format_token():
with mock.patch.dict(os.environ, {environment_vars.ADC_FORMAT: "token"}):
with mock.patch.dict(os.environ, {environment_vars.CREDENTIALS: "token-foo"}):
cred, project_id = _default.default(quota_project_id="project-foo")

assert isinstance(cred, fixed_token_credentials.Credentials)
assert cred.token == "token-foo"
assert cred.valid
assert project_id == "project-foo"