def autologin(cls, filename:str, directory:Path = None) -> None:
'''
Explicit login using GCP credentials .json filename.
'''
if directory is None:
directory = config.credentials_path
path = directory / filename
if not path.exists():
msg = (
f'\n\n{B("Attempted to log in with non-existent file: ")}'
f'\n{I(path)}'
)
raise FileNotFoundError(msg)
environ["GOOGLE_APPLICATION_CREDENTIALS"] = str(path)
success = False
try:
client = storage.Client()
success = True
except DefaultCredentialsError:
pass
if not success:
msg = (
f'\n\n{B("Unable to validate credentials for file: ")}'
f'{I(selection)}\n{B("Check integrity of file ")}'
f'{B("and confirm credentials are still valid on GCP.")}'
)
raise DefaultCredentialsError(msg)
else:
cls.credentials_active = True
def test_get_application_default_credentials_does_not_throw_error():
if _check_if_can_get_correct_default_credentials():
# Can get real credentials, so mock it out to fail.
from google.auth.exceptions import DefaultCredentialsError
with mock.patch('google.auth.default',
side_effect=DefaultCredentialsError()):
credentials, _ = auth.get_application_default_credentials()
else:
credentials, _ = auth.get_application_default_credentials()
assert credentials is None
def test_default_gets_user_credentials():
import pydata_google_auth
# Mock google.auth.default to fail, forcing user credentials.
with mock.patch("google.auth.default",
side_effect=DefaultCredentialsError()):
credentials, _ = pydata_google_auth.default(TEST_SCOPES,
use_local_webserver=True)
assert credentials.valid
def test_get_anonymous_bucket(gcs_mock):
with pytest.raises(DefaultCredentialsError, match="Test"):
gcs_mock.Client.return_value.bucket.side_effect = mock.Mock(
side_effect=DefaultCredentialsError("Test"))
repo = GCSArtifactRepository("gs://test_bucket", gcs_mock)
repo._get_bucket("gs://test_bucket")
anon_call_count = gcs_mock.Client.create_anonymous_client.call_count
assert anon_call_count == 1
bucket_call_count = (gcs_mock.Client.create_anonymous_client.
return_value.get_bucket.call_count)
assert bucket_call_count == 1
def test_should_warn_if_trying_to_use_default_creds(
self, fetch_id_token_mock):
# given
os.environ["IAP_CLIENT_ID"] = "unittest-client-id"
fetch_id_token_mock.side_effect = DefaultCredentialsError()
with self.assertLogs("kedro_kubeflow.auth", level="WARNING") as cm:
# when
token = AuthHandler().obtain_id_token()
# then
assert (
"this authentication method does not work with default credentials"
in cm.output[0])
assert token is None
def email_from_id_token(*args, **kwargs):
"""Raises DefaultCredentialsError at runtime"""
raise DefaultCredentialsError(*exception_args)
@patch(
"google.oauth2.id_token.verify_token",
return_value={
"iss": "accounts.google.com",
"exp": 12341234
},
)
@patch(
"google.auth.default",
return_value=[
GoogleDefaultResponse("fake_token"),
GoogleDefaultResponse("project_id"),
],
)
@patch("google.oauth2.id_token.fetch_id_token",
side_effect=DefaultCredentialsError())
def test_get_auth_metadata_plugin_google_should_pass_with_token_from_google_auth_lib(
verify_token, fetch_id_token, default, config_google):
auth_metadata_plugin = get_auth_metadata_plugin(config_google)
assert isinstance(auth_metadata_plugin, GoogleOpenIDAuthMetadataPlugin)
assert auth_metadata_plugin.get_signed_meta() == (("authorization",
"Bearer fake_token"), )
@patch(
"google.auth.default",
return_value=[
GoogleDefaultErrorResponse("fake_token"),
GoogleDefaultErrorResponse("project_id"),
],
)
def raise_default_creds_error() -> None:
from google.auth.exceptions import DefaultCredentialsError
raise DefaultCredentialsError()