def test_get_access_token_on_refresh(self):
app_identity_stub = self.AppIdentityStubImpl()
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
app_identity_stub)
apiproxy_stub_map.apiproxy.RegisterStub(
'memcache', memcache_stub.MemcacheServiceStub())
scope = [
"http://www.googleapis.com/scope",
"http://www.googleapis.com/scope2"
]
credentials = appengine.AppAssertionCredentials(scope)
http = http_mock.HttpMock(data=DEFAULT_RESP)
credentials.refresh(http)
self.assertEqual('a_token_123', credentials.access_token)
json = credentials.to_json()
credentials = client.Credentials.new_from_json(json)
self.assertEqual(
'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
credentials.scope)
scope = ('http://www.googleapis.com/scope '
'http://www.googleapis.com/scope2')
credentials = appengine.AppAssertionCredentials(scope)
http = http_mock.HttpMock(data=DEFAULT_RESP)
credentials.refresh(http)
self.assertEqual('a_token_123', credentials.access_token)
self.assertEqual(
'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
credentials.scope)
def get_or_create_credentials(scope, storage_key=DEFAULT_STORAGE_KEY):
key_file = os.getenv('AUTH_KEY_FILE')
# If AUTH_KEY_FILE is unset, use default auth key file if it exists.
if not key_file and os.path.exists(DEFAULT_AUTH_KEY_FILE):
key_file = DEFAULT_AUTH_KEY_FILE
if key_file:
key_file = os.path.expanduser(key_file)
return (
service_account.ServiceAccountCredentials.from_json_keyfile_name(
key_file, scope))
if appengine and utils.is_appengine():
return appengine.AppAssertionCredentials(scope)
credentials, storage = get_credentials_and_storage(scope,
storage_key=storage_key)
if credentials is None:
parser = tools.argparser
if os.getenv('INTERACTIVE_AUTH'):
args = []
else:
args = ['--noauth_local_webserver']
flags, _ = parser.parse_known_args(args)
flow = client.OAuth2WebServerFlow(CLIENT_ID,
CLIENT_SECRET,
scope,
redirect_uri=REDIRECT_URI)
credentials = tools.run_flow(flow, storage, flags)
# run_flow changes the logging level, so change it back.
logging.getLogger().setLevel(getattr(logging, 'INFO'))
return credentials
def get_client():
"""Creates Pub/Sub client and returns it."""
credentials = gae_oauth2client.AppAssertionCredentials(scope=PUBSUB_SCOPES)
http = httplib2.Http(memcache)
credentials.authorize(http)
return discovery.build('pubsub', 'v1', http=http)
def test_create_scoped(self):
credentials = appengine.AppAssertionCredentials([])
new_credentials = credentials.create_scoped(['dummy_scope'])
self.assertNotEqual(credentials, new_credentials)
self.assertIsInstance(new_credentials,
appengine.AppAssertionCredentials)
self.assertEqual('dummy_scope', new_credentials.scope)
def create_service():
credentials = appengine.AppAssertionCredentials(SCOPE)
http = httplib2.Http()
http = credentials.authorize(http)
credentials.refresh(http)
return discovery.build('content',
'v1',
http=http,
discoveryServiceUrl=DISCOVERY_URL)
def test_get_access_token(self):
app_identity_stub = self.AppIdentityStubImpl()
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
app_identity_stub)
apiproxy_stub_map.apiproxy.RegisterStub(
'memcache', memcache_stub.MemcacheServiceStub())
credentials = appengine.AppAssertionCredentials(['dummy_scope'])
token = credentials.get_access_token()
self.assertEqual('a_token_123', token.access_token)
self.assertEqual(None, token.expires_in)
def test_service_account_email(self):
acct_name = '*****@*****.**'
app_identity_stub = self.AppIdentityStubImpl(svc_acct=acct_name)
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
credentials = appengine.AppAssertionCredentials([])
self.assertIsNone(credentials._service_account_email)
self.assertEqual(app_identity_stub._get_acct_name_calls, 0)
self.assertEqual(credentials.service_account_email, acct_name)
self.assertIsNotNone(credentials._service_account_email)
self.assertEqual(app_identity_stub._get_acct_name_calls, 1)
def test_raise_correct_type_of_exception(self):
app_identity_stub = self.ErroringAppIdentityStubImpl()
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
apiproxy_stub_map.apiproxy.RegisterStub(
'memcache', memcache_stub.MemcacheServiceStub())
scope = 'http://www.googleapis.com/scope'
credentials = appengine.AppAssertionCredentials(scope)
http = http_mock.HttpMock(data=DEFAULT_RESP)
with self.assertRaises(client.AccessTokenRefreshError):
credentials.refresh(http)
def test_service_account_email_already_set(self):
acct_name = '*****@*****.**'
credentials = appengine.AppAssertionCredentials([])
credentials._service_account_email = acct_name
app_identity_stub = self.AppIdentityStubImpl(svc_acct=acct_name)
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
self.assertEqual(app_identity_stub._get_acct_name_calls, 0)
self.assertEqual(credentials.service_account_email, acct_name)
self.assertEqual(app_identity_stub._get_acct_name_calls, 0)
def test_sign_blob(self):
key_name = b'1234567890'
sig_bytes = b'himom'
app_identity_stub = self.AppIdentityStubImpl(key_name=key_name,
sig_bytes=sig_bytes)
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
credentials = appengine.AppAssertionCredentials([])
to_sign = b'blob'
self.assertEqual(app_identity_stub._sign_calls, [])
result = credentials.sign_blob(to_sign)
self.assertEqual(result, (key_name, sig_bytes))
self.assertEqual(app_identity_stub._sign_calls, [to_sign])
def test_custom_service_account(self):
scope = "http://www.googleapis.com/scope"
account_id = "*****@*****.**"
with mock.patch.object(app_identity, 'get_access_token',
return_value=('a_token_456', None),
autospec=True) as get_access_token:
credentials = appengine.AppAssertionCredentials(
scope, service_account_id=account_id)
http = http_mock.HttpMock(data=DEFAULT_RESP)
credentials.refresh(http)
self.assertEqual('a_token_456', credentials.access_token)
self.assertEqual(scope, credentials.scope)
get_access_token.assert_called_once_with(
[scope], service_account_id=account_id)
def get_or_create_credentials(scope, storage_key=DEFAULT_STORAGE_KEY):
if appengine:
return appengine.AppAssertionCredentials(scope)
credentials, storage = get_credentials_and_storage(scope,
storage_key=storage_key)
if credentials is None:
parser = tools.argparser
if os.getenv('INTERACTIVE_AUTH'):
args = []
else:
args = ['--noauth_local_webserver']
flags, _ = parser.parse_known_args(args)
flow = client.OAuth2WebServerFlow(CLIENT_ID,
CLIENT_SECRET,
scope,
redirect_uri=REDIRECT_URI)
credentials = tools.run_flow(flow, storage, flags)
# run_flow changes the logging level, so change it back.
logging.getLogger().setLevel(getattr(logging, 'INFO'))
return credentials
def get_or_create_credentials(scope, storage_key=DEFAULT_STORAGE_KEY):
key_file = os.getenv('AUTH_KEY_FILE')
# If AUTH_KEY_FILE is unset, use default auth key file if it exists.
if not key_file and os.path.exists(DEFAULT_AUTH_KEY_FILE):
key_file = DEFAULT_AUTH_KEY_FILE
if key_file:
key_file = os.path.expanduser(key_file)
return (
service_account.ServiceAccountCredentials.from_json_keyfile_name(
key_file, scope))
if appengine and utils.is_appengine():
return appengine.AppAssertionCredentials(scope)
credentials, storage = get_credentials_and_storage(scope,
storage_key=storage_key)
if credentials is None:
parser = tools.argparser
if os.getenv('INTERACTIVE_AUTH'):
args = []
else:
args = ['--noauth_local_webserver']
flags, _ = parser.parse_known_args(args)
flow = client.OAuth2WebServerFlow(CLIENT_ID,
CLIENT_SECRET,
scope,
redirect_uri=REDIRECT_URI)
credentials = tools.run_flow(flow, storage, flags)
# run_flow changes the logging level, so change it back.
logging.getLogger().setLevel(getattr(logging, 'INFO'))
# Avoid logspam by logging the email address only once.
if hasattr(credentials, 'id_token') and credentials.id_token:
email = credentials.id_token.get('email')
global _LAST_LOGGED_EMAIL
if email and _LAST_LOGGED_EMAIL != email:
logging.info('Authorizing using -> {}'.format(email))
_LAST_LOGGED_EMAIL = email
return credentials
def test_save_to_well_known_file(self):
os.environ[client._CLOUDSDK_CONFIG_ENV_VAR] = tempfile.mkdtemp()
credentials = appengine.AppAssertionCredentials([])
with self.assertRaises(NotImplementedError):
client.save_to_well_known_file(credentials)
del os.environ[client._CLOUDSDK_CONFIG_ENV_VAR]
def create_service(api='drive', version='v2'):
credentials = appengine.AppAssertionCredentials(SCOPE)
http = httplib2.Http()
http = credentials.authorize(http)
return discovery.build(api, version, http=http)
def test_create_scoped_required_without_scopes(self):
credentials = appengine.AppAssertionCredentials([])
self.assertTrue(credentials.create_scoped_required())
def test_create_scoped_required_with_scopes(self):
credentials = appengine.AppAssertionCredentials(['dummy_scope'])
self.assertFalse(credentials.create_scoped_required())
