def testComputeServiceAccount(self): # Don't add x-goog-user-project header for service accounts, unless # billing/quota project is set. In that case, use the value for the header. creds_requests.GetSession(enable_resource_quota=True).request( 'GET', self.url) self.assertNotIn('X-Goog-User-Project', self.request_mock.call_args[1]['headers']) self.assertNotIn(b'X-Goog-User-Project', self.request_mock.call_args[1]['headers']) properties.VALUES.billing.quota_project.Set('bar') creds_requests.GetSession(enable_resource_quota=True).request( 'GET', 'http://foo.com') expected_headers = EncodeHeaders({'X-Goog-User-Project': 'bar'}) self.assertDictContainsSubset( expected_headers, self.request_mock.call_args[1]['headers'])
def _DoHttpPost(url, headers, body): """Makes an http POST request.""" response = requests.GetSession().request('POST', url, data=body, headers=headers) return response.status_code, response.headers, response.content
def _GetPrediction(url, body, headers): """Make http request to get prediction results.""" response = requests.GetSession().request('POST', url, data=body, headers=headers) return response.status_code, response.text
def _Communicate(url, method, body, headers): """Returns HTTP status, reason, and response body for a given HTTP request.""" response = requests.GetSession().request( method, url, data=body, headers=headers, stream=True) status = response.status_code reason = response.reason data = response.content return status, reason, data
def testCurrentProjectWithFallbackMode_EmptyProject(self): properties.VALUES.billing.quota_project.Set( properties.VALUES.billing.CURRENT_PROJECT_WITH_FALLBACK) creds_requests.GetSession().request('GET', self.url) self.request_mock.assert_called_once_with('GET', self.url, headers=self.common_headers, timeout=mock.ANY)
def testLegacyMode(self): properties.VALUES.billing.quota_project.Set( properties.VALUES.billing.LEGACY) creds_requests.GetSession().request('GET', self.url) self.request_mock.assert_called_once_with('GET', self.url, headers=self.common_headers, timeout=mock.ANY)
def testQuotaProjectManuallySet_WithPermission(self): properties.VALUES.billing.quota_project.Set('bar') creds_requests.GetSession().request('GET', self.url) self.common_headers[b'X-Goog-User-Project'] = b'bar' self.request_mock.assert_called_once_with('GET', self.url, headers=self.common_headers, timeout=mock.ANY)
def testTokenRefreshError(self): refresh_mock = self.StartObjectPatch(credentials.Credentials, 'before_request') refresh_mock.side_effect = google_auth_exceptions.RefreshError http_client = creds_requests.GetSession() with self.assertRaisesRegex( store.TokenRefreshError, 'There was a problem refreshing your current auth tokens'): http_client.request('GET', 'http://foo.com')
def testNoCredentialsMode(self): properties.VALUES.billing.quota_project.Set('bar') properties.VALUES.auth.disable_credentials.Set(True) creds_requests.GetSession().request('GET', self.url) del self.common_headers[b'authorization'] self.request_mock.assert_called_once_with('GET', self.url, headers=self.common_headers, timeout=mock.ANY)
def testTokenRefreshDeniedByCAAError(self): refresh_mock = self.StartObjectPatch(credentials.Credentials, 'before_request') refresh_mock.side_effect = google_auth_exceptions.RefreshError( 'access_denied: Account restricted') http_client = creds_requests.GetSession() with self.assertRaisesRegex( store.TokenRefreshDeniedByCAAError, 'Access was blocked due to an organization policy'): http_client.request('GET', 'http://foo.com')
def testQuotaProjectDisabled(self): properties.VALUES.billing.quota_project.Set( properties.VALUES.billing.CURRENT_PROJECT) properties.VALUES.core.project.Set('foo') creds_requests.GetSession(enable_resource_quota=False).request( 'GET', self.url) self.request_mock.assert_called_once_with('GET', self.url, headers=self.common_headers, timeout=mock.ANY)
def testDisabledAuth(self): properties.VALUES.auth.disable_credentials.Set(True) expected_headers = {'user-agent': self.expected_user_agent} expected_headers = EncodeHeaders(expected_headers) http_client = creds_requests.GetSession() http_client.request('GET', self.url) self.request_mock.assert_called_once_with('GET', self.url, headers=expected_headers, timeout=mock.ANY)
def testCurrentProjectMode_WithPermission(self): properties.VALUES.billing.quota_project.Set( properties.VALUES.billing.CURRENT_PROJECT) properties.VALUES.core.project.Set('foo') creds_requests.GetSession().request('GET', self.url) self.common_headers[b'X-Goog-User-Project'] = b'foo' self.request_mock.assert_called_once_with('GET', self.url, headers=self.common_headers, timeout=mock.ANY)
def testBatchTokenRefreshError(self): refresh_mock = self.StartObjectPatch(credentials.Credentials, 'before_request') refresh_mock.side_effect = google_auth_exceptions.RefreshError http_client = creds_requests.GetApitoolsRequests( creds_requests.GetSession()) batch_http_request = batch.BatchHttpRequest( 'https://www.googleapis.com/batch/compute') with self.assertRaisesRegex( store.TokenRefreshError, 'There was a problem refreshing your current auth tokens'): batch_http_request.Execute(http_client)
def testIAMAuthoritySelectorHeader(self): authority_selector = '*****@*****.**' properties.VALUES.auth.authority_selector.Set(authority_selector) expected_headers = { 'x-goog-iam-authority-selector': authority_selector } expected_headers = EncodeHeaders(expected_headers) creds_requests.GetSession().request('GET', self.url) self.assertDictContainsSubset( expected_headers, self.request_mock.call_args[1]['headers'])
def testForceUserProjectQuota(self): properties.VALUES.billing.quota_project.Set( properties.VALUES.billing.LEGACY) properties.VALUES.core.project.Set('foo') creds_requests.GetSession(enable_resource_quota=True, force_resource_quota=True).request( 'GET', self.url) self.common_headers[b'X-Goog-User-Project'] = b'foo' self.request_mock.assert_called_once_with('GET', self.url, headers=self.common_headers, timeout=mock.ANY)
def testBatchTokenRefreshDeniedByCAAError(self): refresh_mock = self.StartObjectPatch(credentials.Credentials, 'before_request') refresh_mock.side_effect = google_auth_exceptions.RefreshError( 'access_denied: Account restricted') http_client = creds_requests.GetApitoolsRequests( creds_requests.GetSession()) batch_http_request = batch.BatchHttpRequest( 'https://www.googleapis.com/batch/compute') with self.assertRaisesRegex( store.TokenRefreshDeniedByCAAError, 'Access was blocked due to an organization policy'): batch_http_request.Execute(http_client)
def GetApitoolsTransport(timeout='unset', enable_resource_quota=True, force_resource_quota=False, response_encoding=None, ca_certs=None, allow_account_impersonation=True, use_google_auth=None): """Get an transport client for use with apitools. Args: timeout: double, The timeout in seconds to pass to httplib2. This is the socket level timeout. If timeout is None, timeout is infinite. If default argument 'unset' is given, a sensible default is selected. enable_resource_quota: bool, By default, we are going to tell APIs to use the quota of the project being operated on. For some APIs we want to use gcloud's quota, so you can explicitly disable that behavior by passing False here. force_resource_quota: bool, If true resource project quota will be used by this client regardless of the settings in gcloud. This should be used for newer APIs that cannot work with legacy project quota. response_encoding: str, the encoding to use to decode the response. ca_certs: str, absolute filename of a ca_certs file that overrides the default allow_account_impersonation: bool, True to allow use of impersonated service account credentials for calls made with this client. If False, the active user credentials will always be used. use_google_auth: bool, True if the calling command indicates to use google-auth library for authentication. If False, authentication will fallback to using the oauth2client library. Returns: 1. A httplib2.Http-like object backed by httplib2 or requests. """ if base.UseRequests(): session = requests.GetSession( timeout=timeout, enable_resource_quota=enable_resource_quota, force_resource_quota=force_resource_quota, response_encoding=response_encoding, ca_certs=ca_certs, allow_account_impersonation=allow_account_impersonation) return requests.GetApitoolsRequests(session) return http.Http(timeout=timeout, enable_resource_quota=enable_resource_quota, force_resource_quota=force_resource_quota, response_encoding=response_encoding, ca_certs=ca_certs, allow_account_impersonation=allow_account_impersonation, use_google_auth=use_google_auth)
def testIAMAuthorizationTokenHeader(self): authorization_token = 'A very interesting authorization token' authorization_token_file = self.Touch(self.temp_path, 'auth_token_file', contents=authorization_token) properties.VALUES.auth.authorization_token_file.Set( authorization_token_file) expected_headers = { 'x-goog-iam-authorization-token': authorization_token } expected_headers = EncodeHeaders(expected_headers) creds_requests.GetSession().request('GET', self.url) self.assertDictContainsSubset( expected_headers, self.request_mock.call_args[1]['headers'])
def _GetPrediction(response_encoding, url, body, headers): """Make http request to get prediction results.""" if base.UseRequests(): response = requests.GetSession().request('POST', url, data=body, headers=headers) return getattr(response, 'status_code'), getattr(response, 'text') response, response_body = http.Http( response_encoding=response_encoding).request(uri=url, method='POST', body=body, headers=headers) return response.get('status'), response_body
def testResponseEncoding(self, encoding, expected_response): self.request_mock = self.StartObjectPatch( requests.Session, 'request', return_value=MakeRequestsResponse(httplib.OK, { 'header': 'value', }, b'data')) session = creds_requests.GetSession(response_encoding=encoding) apitools_requests = creds_requests.GetApitoolsRequests(session) response = apitools_requests.request('url') self.assertEqual( response[0], httplib2.Response({ 'status': httplib.OK, 'header': 'value', })) self.assertEqual(response[1], expected_response)
def _Communicate(url, method, body, headers): """Returns HTTP status, reason, and response body for a given HTTP request.""" status = None reason = None data = None if base.UseRequests(): response = requests.GetSession().request(method, url, data=body, headers=headers, stream=True) status = response.status_code reason = response.reason data = response.content else: response, data = http.Http().request(url, method, body=body, headers=headers) status = response.status reason = response.reason return status, reason, data
def testCurrentProjectWithFallbackMode_WithoutPermission(self): properties.VALUES.billing.quota_project.Set( properties.VALUES.billing.CURRENT_PROJECT_WITH_FALLBACK) properties.VALUES.core.project.Set('foo') self.request_mock.side_effect = (self.permission_denied_response, mock.DEFAULT) creds_requests.GetSession().request('GET', self.url) headers_with_quota = self.common_headers.copy() headers_with_quota[b'X-Goog-User-Project'] = b'foo' self.assertEqual(self.request_mock.call_count, 2) calls = [ mock.call('GET', self.url, headers=headers_with_quota, timeout=mock.ANY), mock.call('GET', self.url, headers=self.common_headers, timeout=mock.ANY), ] self.request_mock.assert_has_calls(calls)
def GetApitoolsTransport(timeout='unset', enable_resource_quota=True, response_encoding=None, ca_certs=None, allow_account_impersonation=True, use_google_auth=None, response_handler=None, redact_request_body_reason=None): """Get an transport client for use with apitools. Args: timeout: double, The timeout in seconds to pass to httplib2. This is the socket level timeout. If timeout is None, timeout is infinite. If default argument 'unset' is given, a sensible default is selected. enable_resource_quota: bool, By default, we are going to tell APIs to use the quota of the project being operated on. For some APIs we want to use gcloud's quota, so you can explicitly disable that behavior by passing False here. response_encoding: str, the encoding to use to decode the response. ca_certs: str, absolute filename of a ca_certs file that overrides the default allow_account_impersonation: bool, True to allow use of impersonated service account credentials for calls made with this client. If False, the active user credentials will always be used. use_google_auth: bool, True if the calling command indicates to use google-auth library for authentication. If False, authentication will fallback to using the oauth2client library. response_handler: requests.ResponseHandler, handler that gets executed before any other response handling. redact_request_body_reason: str, the reason why the request body must be redacted if --log-http is used. If None, the body is not redacted. Returns: 1. A httplib2.Http-like object backed by httplib2 or requests. """ if base.UseRequests(): if response_handler: if not isinstance(response_handler, core_requests.ResponseHandler): raise ValueError('response_handler should be of type ResponseHandler.') if (properties.VALUES.core.log_http.GetBool() and properties.VALUES.core.log_http_streaming_body.GetBool()): # We want to print the actual body instead of printing the placeholder. # To achieve this, we need to set streaming_response_body as False. # Not that the body will be empty if the response_handler has already # consumed the stream. streaming_response_body = False else: streaming_response_body = response_handler.use_stream else: streaming_response_body = False session = requests.GetSession( timeout=timeout, enable_resource_quota=enable_resource_quota, ca_certs=ca_certs, allow_account_impersonation=allow_account_impersonation, streaming_response_body=streaming_response_body, redact_request_body_reason=redact_request_body_reason) return core_requests.GetApitoolsRequests(session, response_handler, response_encoding) return http.Http(timeout=timeout, enable_resource_quota=enable_resource_quota, response_encoding=response_encoding, ca_certs=ca_certs, allow_account_impersonation=allow_account_impersonation, use_google_auth=use_google_auth)
def __init__(self): self.session = creds_requests.GetSession()
def testBatchTokenRefresh(self): refresh_mock = self.StartObjectPatch(google_auth_creds.Credentials, 'refresh') mock_service = FakeService() desired_url = 'https://www.example.com' batch_api_request = batch.BatchApiRequest(batch_url=desired_url) # The request to be added. The actual request sent will be somewhat # larger, as this is added to a batch. desired_request = http_wrapper.Request( desired_url, 'POST', { 'content-type': 'multipart/mixed; boundary="None"', 'content-length': 80, }, 'x' * 80) mock_request = self.StartObjectPatch(http_wrapper, 'MakeRequest', autospec=True) self.__ConfigureMock( mock_request, http_wrapper.Request( desired_url, 'POST', { 'content-type': 'multipart/mixed; boundary="None"', 'content-length': 419, }, 'x' * 419), [ http_wrapper.Response( { 'status': '200', 'content-type': 'multipart/mixed; boundary="boundary"', }, textwrap.dedent("""\ --boundary content-type: text/plain content-id: <id+0> HTTP/1.1 401 UNAUTHORIZED Invalid grant --boundary--"""), None), http_wrapper.Response( { 'status': '200', 'content-type': 'multipart/mixed; boundary="boundary"', }, textwrap.dedent("""\ --boundary content-type: text/plain content-id: <id+0> HTTP/1.1 200 OK content --boundary--"""), None) ]) batch_api_request.Add(mock_service, 'unused', None, { 'desired_request': desired_request, }) http_client = creds_requests.GetApitoolsRequests( creds_requests.GetSession()) batch_api_request.Execute(http_client) refresh_mock.assert_called_once()