def test_get_service_account_info(): key, value = 'foo', 'bar' request = make_request(json.dumps({key: value}), headers={'content-type': 'application/json'}) info = _metadata.get_service_account_info(request) request.assert_called_once_with(method='GET', url=_metadata._METADATA_ROOT + PATH + '/?recursive=true', headers=_metadata._METADATA_HEADERS) assert info[key] == value
def test_get_service_account_info(): key, value = "foo", "bar" request = make_request(json.dumps({key: value}), headers={"content-type": "application/json"}) info = _metadata.get_service_account_info(request) request.assert_called_once_with( method="GET", url=_metadata._METADATA_ROOT + PATH + "/?recursive=true", headers=_metadata._METADATA_HEADERS, ) assert info[key] == value
def _retrieve_info(self, request): """Retrieve information about the service account. Updates the scopes and retrieves the full service account email. Args: request (google.auth.transport.Request): The object used to make HTTP requests. """ info = _metadata.get_service_account_info( request, service_account=self._service_account_email) self._service_account_email = info['email'] self._scopes = info['scopes']
def __init__( self, request, target_audience, token_uri=_DEFAULT_TOKEN_URI, additional_claims=None, service_account_email=None, signer=None, ): """ Args: request (google.auth.transport.Request): The object used to make HTTP requests. target_audience (str): The intended audience for these credentials, used when requesting the ID Token. The ID Token's ``aud`` claim will be set to this string. token_uri (str): The OAuth 2.0 Token URI. additional_claims (Mapping[str, str]): Any additional claims for the JWT assertion used in the authorization grant. service_account_email (str): Optional explicit service account to use to sign JWT tokens. By default, this is the default GCE service account. signer (google.auth.crypt.Signer): The signer used to sign JWTs. In case the signer is specified, the request argument will be ignored. """ super(IDTokenCredentials, self).__init__() if service_account_email is None: sa_info = _metadata.get_service_account_info(request) service_account_email = sa_info["email"] self._service_account_email = service_account_email if signer is None: signer = iam.Signer( request=request, credentials=Credentials(), service_account_email=service_account_email, ) self._signer = signer self._token_uri = token_uri self._target_audience = target_audience if additional_claims is not None: self._additional_claims = additional_claims else: self._additional_claims = {}
def _retrieve_info(self, request): """Retrieve information about the service account. Updates the scopes and retrieves the full service account email. Args: request (google.auth.transport.Request): The object used to make HTTP requests. """ info = _metadata.get_service_account_info( request, service_account=self._service_account_email) self._service_account_email = info["email"] # Don't override scopes requested by the user. if self._scopes is None: self._scopes = info["scopes"]
def __init__(self, request, target_audience, token_uri=_DEFAULT_TOKEN_URI, additional_claims=None, service_account_email=None): """ Args: request (google.auth.transport.Request): The object used to make HTTP requests. target_audience (str): The intended audience for these credentials, used when requesting the ID Token. The ID Token's ``aud`` claim will be set to this string. token_uri (str): The OAuth 2.0 Token URI. additional_claims (Mapping[str, str]): Any additional claims for the JWT assertion used in the authorization grant. service_account_email (str): Optional explicit service account to use to sign JWT tokens. By default, this is the default GCE service account. """ super(IDTokenCredentials, self).__init__() if service_account_email is None: sa_info = _metadata.get_service_account_info(request) service_account_email = sa_info['email'] self._service_account_email = service_account_email self._signer = iam.Signer( request=request, credentials=Credentials(), service_account_email=service_account_email) self._token_uri = token_uri self._target_audience = target_audience if additional_claims is not None: self._additional_claims = additional_claims else: self._additional_claims = {}
def check_gce_environment(http_request): try: _metadata.get_service_account_info(http_request) except exceptions.TransportError: pytest.skip("Compute Engine metadata service is not available.")
def __init__( self, request, target_audience, token_uri=None, additional_claims=None, service_account_email=None, signer=None, use_metadata_identity_endpoint=False, quota_project_id=None, ): """ Args: request (google.auth.transport.Request): The object used to make HTTP requests. target_audience (str): The intended audience for these credentials, used when requesting the ID Token. The ID Token's ``aud`` claim will be set to this string. token_uri (str): The OAuth 2.0 Token URI. additional_claims (Mapping[str, str]): Any additional claims for the JWT assertion used in the authorization grant. service_account_email (str): Optional explicit service account to use to sign JWT tokens. By default, this is the default GCE service account. signer (google.auth.crypt.Signer): The signer used to sign JWTs. In case the signer is specified, the request argument will be ignored. use_metadata_identity_endpoint (bool): Whether to use GCE metadata identity endpoint. For backward compatibility the default value is False. If set to True, ``token_uri``, ``additional_claims``, ``service_account_email``, ``signer`` argument should not be set; otherwise ValueError will be raised. quota_project_id (Optional[str]): The project ID used for quota and billing. Raises: ValueError: If ``use_metadata_identity_endpoint`` is set to True, and one of ``token_uri``, ``additional_claims``, ``service_account_email``, ``signer`` arguments is set. """ super(IDTokenCredentials, self).__init__() self._quota_project_id = quota_project_id self._use_metadata_identity_endpoint = use_metadata_identity_endpoint self._target_audience = target_audience if use_metadata_identity_endpoint: if token_uri or additional_claims or service_account_email or signer: raise ValueError( "If use_metadata_identity_endpoint is set, token_uri, " "additional_claims, service_account_email, signer arguments" " must not be set" ) self._token_uri = None self._additional_claims = None self._signer = None if service_account_email is None: sa_info = _metadata.get_service_account_info(request) self._service_account_email = sa_info["email"] else: self._service_account_email = service_account_email if not use_metadata_identity_endpoint: if signer is None: signer = iam.Signer( request=request, credentials=Credentials(), service_account_email=self._service_account_email, ) self._signer = signer self._token_uri = token_uri or _DEFAULT_TOKEN_URI if additional_claims is not None: self._additional_claims = additional_claims else: self._additional_claims = {}