def test_should_raise_exception(self, mock_metadata_ping, mock_gcloud_sdk_path): if CREDENTIALS in os.environ: del os.environ[CREDENTIALS] with self.assertRaisesRegex( exceptions.DefaultCredentialsError, re.escape( "Could not automatically determine credentials. Please set GOOGLE_APPLICATION_CREDENTIALS " "or explicitly create credentials and re-run the application. For more information, please " "see https://cloud.google.com/docs/authentication/getting-started" ), ): get_default_id_token_credentials(target_audience="example.org")
def test_should_support_metadata_credentials(self, credentials, mock_metadata_ping, mock_gcloud_sdk_path): if CREDENTIALS in os.environ: del os.environ[CREDENTIALS] self.assertEqual( credentials.return_value, get_default_id_token_credentials(target_audience="example.org") )
def test_should_support_user_credentials_from_gcloud(self, mock_gcloud_sdk_path): if CREDENTIALS in os.environ: del os.environ[CREDENTIALS] credentials = get_default_id_token_credentials(target_audience="example.org") self.assertIsInstance(credentials, IDTokenCredentialsAdapter) self.assertEqual(credentials.credentials.client_secret, "CLIENT_SECRET")
def test_should_support_service_account_from_env(self, mock_gcloud_sdk_path): os.environ[CREDENTIALS] = __file__ credentials = get_default_id_token_credentials( target_audience="example.org") assert credentials.service_account_email == "CLIENT_EMAIL"
def test_should_support_service_account_from_gcloud( self, mock_gcloud_sdk_path, mock_from_dict): if CREDENTIALS in os.environ: del os.environ[CREDENTIALS] credentials = get_default_id_token_credentials( target_audience="example.org") assert credentials.service_account_email == "CLIENT_EMAIL"
def create_client_session(): """Create a HTTP authorized client.""" service_account_path = conf.get("api", "google_key_path") if service_account_path: id_token_credentials = service_account.IDTokenCredentials.from_service_account_file( service_account_path) else: id_token_credentials = get_default_id_token_credentials( target_audience=AUDIENCE) return AuthorizedSession(credentials=id_token_credentials)
def _get_google_identity_token_loader(self): from google.auth.transport import requests as requests_transport from airflow.providers.google.common.utils.id_token_credentials import ( get_default_id_token_credentials, ) audience = self.extra_config.get('assume_role_with_web_identity_federation_audience') google_id_token_credentials = get_default_id_token_credentials(target_audience=audience) def web_identity_token_loader(): if not google_id_token_credentials.valid: request_adapter = requests_transport.Request() google_id_token_credentials.refresh(request=request_adapter) return google_id_token_credentials.token return web_identity_token_loader