def test_create_scoped_required_with_scopes(self):
self.credentials = _ServiceAccountCredentials(self.service_account_id,
self.service_account_email,
self.private_key_id,
self.private_key,
self.scopes)
self.assertFalse(self.credentials.create_scoped_required())
def ServiceAccountCredentials_from_dict(credentials):
return _ServiceAccountCredentials(
service_account_id=credentials["client_id"],
service_account_email=credentials["client_email"],
private_key_id=credentials["private_key_id"],
private_key_pkcs8_text=credentials["private_key"],
scopes=[])
def test_create_scoped_required_with_scopes(self):
self.credentials = _ServiceAccountCredentials(self.service_account_id,
self.service_account_email,
self.private_key_id,
self.private_key,
self.scopes)
self.assertFalse(self.credentials.create_scoped_required())
def ServiceAccountCredentialsFromFile(filename, scopes, user_agent=None):
"""Use the credentials in filename to create a token for scopes."""
filename = os.path.expanduser(filename)
# We have two options, based on our version of oauth2client.
if oauth2client.__version__ > '1.5.2':
# oauth2client >= 2.0.0
credentials = (
service_account.ServiceAccountCredentials.from_json_keyfile_name(
filename, scopes=scopes))
if credentials is not None:
if user_agent is not None:
credentials.user_agent = user_agent
return credentials
else:
# oauth2client < 2.0.0
with open(filename) as keyfile:
service_account_info = json.load(keyfile)
account_type = service_account_info.get('type')
if account_type != oauth2client.client.SERVICE_ACCOUNT:
raise exceptions.CredentialsError(
'Invalid service account credentials: %s' % (filename,))
# pylint: disable=protected-access
credentials = service_account._ServiceAccountCredentials(
service_account_id=service_account_info['client_id'],
service_account_email=service_account_info['client_email'],
private_key_id=service_account_info['private_key_id'],
private_key_pkcs8_text=service_account_info['private_key'],
scopes=scopes, user_agent=user_agent)
# pylint: enable=protected-access
return credentials
def ServiceAccountCredentialsFromFile(filename, scopes, user_agent=None):
"""Use the credentials in filename to create a token for scopes."""
filename = os.path.expanduser(filename)
# We have two options, based on our version of oauth2client.
if oauth2client.__version__ > '1.5.2':
# oauth2client >= 2.0.0
credentials = (
service_account.ServiceAccountCredentials.from_json_keyfile_name(
filename, scopes=scopes))
if credentials is not None:
if user_agent is not None:
credentials.user_agent = user_agent
return credentials
else:
# oauth2client < 2.0.0
with open(filename) as keyfile:
service_account_info = json.load(keyfile)
account_type = service_account_info.get('type')
if account_type != oauth2client.client.SERVICE_ACCOUNT:
raise exceptions.CredentialsError(
'Invalid service account credentials: %s' % (filename, ))
# pylint: disable=protected-access
credentials = service_account._ServiceAccountCredentials(
service_account_id=service_account_info['client_id'],
service_account_email=service_account_info['client_email'],
private_key_id=service_account_info['private_key_id'],
private_key_pkcs8_text=service_account_info['private_key'],
scopes=scopes,
user_agent=user_agent)
# pylint: enable=protected-access
return credentials
def test_service_account_via_json_key(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
from gcloud import credentials as MUT
scopes = []
PRIVATE_TEXT = 'dummy_private_key_pkcs8_text'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
with _Monkey(service_account, _get_private_key=_get_private_key):
credentials = service_account._ServiceAccountCredentials(
'dummy_service_account_id', 'dummy_service_account_email',
'dummy_private_key_id', PRIVATE_TEXT, scopes)
load_result = object()
openssl_crypto = _OpenSSLCrypto(load_result, None)
with _Monkey(MUT, crypto=openssl_crypto):
result = self._callFUT(credentials)
self.assertEqual(result, load_result)
self.assertEqual(openssl_crypto._loaded,
[(openssl_crypto.FILETYPE_PEM, PRIVATE_TEXT)])
self.assertEqual(openssl_crypto._signed, [])
def setUp(self):
self.service_account_id = '123'
self.service_account_email = '*****@*****.**'
self.private_key_id = 'ABCDEF'
self.private_key = datafile('pem_from_pkcs12.pem')
self.scopes = ['dummy_scope']
self.credentials = _ServiceAccountCredentials(
self.service_account_id, self.service_account_email,
self.private_key_id, self.private_key, [])
def setUp(self):
self.service_account_id = '123'
self.service_account_email = '*****@*****.**'
self.private_key_id = 'ABCDEF'
self.private_key = datafile('pem_from_pkcs12.pem')
self.scopes = ['dummy_scope']
self.credentials = _ServiceAccountCredentials(self.service_account_id,
self.service_account_email,
self.private_key_id,
self.private_key,
[])
def run_json():
with open(JSON_KEY_PATH, 'r') as file_object:
client_credentials = json.load(file_object)
credentials = service_account._ServiceAccountCredentials(
service_account_id=client_credentials['client_id'],
service_account_email=client_credentials['client_email'],
private_key_id=client_credentials['private_key_id'],
private_key_pkcs8_text=client_credentials['private_key'],
scopes=SCOPE,
)
_check_user_info(credentials, client_credentials['client_email'])
def run_json():
with open(JSON_KEY_PATH, 'r') as file_object:
client_credentials = json.load(file_object)
credentials = service_account._ServiceAccountCredentials(
service_account_id=client_credentials['client_id'],
service_account_email=client_credentials['client_email'],
private_key_id=client_credentials['private_key_id'],
private_key_pkcs8_text=client_credentials['private_key'],
scopes=SCOPE,
)
_check_user_info(credentials, client_credentials['client_email'])
def test_json_type(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
SERVICE_ACCOUNT_NAME = 'SERVICE_ACCOUNT_NAME'
with _Monkey(service_account, _get_private_key=_get_private_key):
CREDENTIALS = service_account._ServiceAccountCredentials(
'bogus_id', SERVICE_ACCOUNT_NAME, 'bogus_id',
'bogus_key_text', [])
found = self._callFUT(CREDENTIALS)
self.assertEqual(found, SERVICE_ACCOUNT_NAME)
def test_json_type(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
SERVICE_ACCOUNT_NAME = 'SERVICE_ACCOUNT_NAME'
with _Monkey(service_account, _get_private_key=_get_private_key):
CREDENTIALS = service_account._ServiceAccountCredentials(
'bogus_id', SERVICE_ACCOUNT_NAME, 'bogus_id',
'bogus_key_text', [])
found = self._callFUT(CREDENTIALS)
self.assertEqual(found, SERVICE_ACCOUNT_NAME)
def test_json_type(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
PRIVATE_KEY_TEXT = 'dummy_private_key_pkcs8_text'
STRING_TO_SIGN = b'dummy_signature'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
with _Monkey(service_account, _get_private_key=_get_private_key):
CREDENTIALS = service_account._ServiceAccountCredentials(
'dummy_service_account_id', 'dummy_service_account_email',
'dummy_private_key_id', PRIVATE_KEY_TEXT, [])
self._run_with_fake_crypto(CREDENTIALS, PRIVATE_KEY_TEXT,
STRING_TO_SIGN)
def test_json_type(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
PRIVATE_KEY_TEXT = 'dummy_private_key_pkcs8_text'
STRING_TO_SIGN = b'dummy_signature'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
with _Monkey(service_account, _get_private_key=_get_private_key):
CREDENTIALS = service_account._ServiceAccountCredentials(
'dummy_service_account_id', 'dummy_service_account_email',
'dummy_private_key_id', PRIVATE_KEY_TEXT, [])
self._run_with_fake_crypto(CREDENTIALS, PRIVATE_KEY_TEXT,
STRING_TO_SIGN)
def test_service_account_via_json_key(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
scopes = []
PRIVATE_TEXT = 'dummy_private_key_pkcs8_text'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
ACCOUNT_NAME = 'dummy_service_account_email'
with _Monkey(service_account, _get_private_key=_get_private_key):
credentials = service_account._ServiceAccountCredentials(
'dummy_service_account_id', ACCOUNT_NAME,
'dummy_private_key_id', PRIVATE_TEXT, scopes)
self._run_test_with_credentials(credentials, ACCOUNT_NAME)
def test_without_pyopenssl(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
from gcloud import credentials as credentials_mod
PRIVATE_TEXT = 'dummy_private_key_pkcs8_text'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
with _Monkey(service_account, _get_private_key=_get_private_key):
credentials = service_account._ServiceAccountCredentials(
'dummy_service_account_id', 'dummy_service_account_email',
'dummy_private_key_id', PRIVATE_TEXT, '')
with _Monkey(credentials_mod, crypto=None):
with self.assertRaises(EnvironmentError):
self._callFUT(credentials)
def test_service_account_via_json_key(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
scopes = []
PRIVATE_TEXT = 'dummy_private_key_pkcs8_text'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
ACCOUNT_NAME = 'dummy_service_account_email'
with _Monkey(service_account, _get_private_key=_get_private_key):
credentials = service_account._ServiceAccountCredentials(
'dummy_service_account_id', ACCOUNT_NAME,
'dummy_private_key_id', PRIVATE_TEXT, scopes)
self._run_test_with_credentials(credentials, ACCOUNT_NAME)
def test_service_account_via_json_key(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
from gcloud import credentials as MUT
scopes = []
PRIVATE_TEXT = 'dummy_private_key_pkcs8_text'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
with _Monkey(service_account, _get_private_key=_get_private_key):
credentials = service_account._ServiceAccountCredentials(
'dummy_service_account_id', 'dummy_service_account_email',
'dummy_private_key_id', PRIVATE_TEXT, scopes)
rsa = _RSA()
with _Monkey(MUT, RSA=rsa):
result = self._callFUT(credentials)
expected = 'imported:%s' % (PRIVATE_TEXT,)
self.assertEqual(result, expected)
def get_credentials(credential_file=None, credentials=None):
if credential_file:
return GoogleCredentials.from_stream(credential_file)
if credentials and credentials["type"] == "service_account":
return _ServiceAccountCredentials(
service_account_id=credentials["client_id"],
service_account_email=credentials["client_email"],
private_key_id=credentials["private_key_id"],
private_key_pkcs8_text=credentials["private_key"],
scopes=[])
if credentials and credentials["type"] == "authorized_user":
return GoogleCredentials(
access_token=None,
client_id=credentials["client_id"],
client_secret=credentials["client_secret"],
refresh_token=credentials["refresh_token"],
token_expiry=None,
token_uri=GOOGLE_TOKEN_URI,
user_agent="pghoard")
return GoogleCredentials.get_application_default()
def test_service_account_via_json_key(self):
from oauth2client import service_account
from gcloud._testing import _Monkey
from gcloud import credentials as MUT
scopes = []
PRIVATE_TEXT = 'dummy_private_key_pkcs8_text'
def _get_private_key(private_key_pkcs8_text):
return private_key_pkcs8_text
with _Monkey(service_account, _get_private_key=_get_private_key):
credentials = service_account._ServiceAccountCredentials(
'dummy_service_account_id', 'dummy_service_account_email',
'dummy_private_key_id', PRIVATE_TEXT, scopes)
rsa = _RSA()
with _Monkey(MUT, RSA=rsa):
result = self._callFUT(credentials)
expected = 'imported:%s' % (PRIVATE_TEXT,)
self.assertEqual(result, expected)
