def test__token_endpoint_request_error():
response = mock.Mock()
response.status = http_client.BAD_REQUEST
response.data = b'Error'
request = mock.Mock(return_value=response)
with pytest.raises(exceptions.RefreshError):
_client._token_endpoint_request(request, 'http://example.com', {})
def test__token_endpoint_request_internal_failure_error():
request = make_request(
{"error": "internal_failure", "error_description": "internal_failure"},
status=http_client.BAD_REQUEST,
)
with pytest.raises(exceptions.RefreshError):
_client._token_endpoint_request(
request,
"http://example.com",
{"error": "internal_failure", "error_description": "internal_failure"},
)
def test__token_endpoint_request_internal_failure_error():
request = make_request(
{
'error': 'internal_failure',
'error_description': 'internal_failure'
},
status=http_client.BAD_REQUEST)
with pytest.raises(exceptions.RefreshError):
_client._token_endpoint_request(request, 'http://example.com', {
'error': 'internal_failure',
'error_description': 'internal_failure'
})
def _send_challenge_result(
request, session_id, challenge_id, client_input, access_token
):
"""Attempt to refresh access token by sending next challenge result.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
session_id (str): session id returned by the initial reauth call.
challenge_id (str): challenge id returned by the initial reauth call.
client_input: dict with a challenge-specific client input. For example:
``{'credential': password}`` for password challenge.
access_token (str): Access token with reauth scopes.
Returns:
dict: The response from the reauth API.
"""
body = {
"sessionId": session_id,
"challengeId": challenge_id,
"action": "RESPOND",
"proposalResponse": client_input,
}
return _client._token_endpoint_request(
request,
_REAUTH_API + "/{}:continue".format(session_id),
body,
access_token=access_token,
use_json=True,
)
def _get_challenges(request,
supported_challenge_types,
access_token,
requested_scopes=None):
"""Does initial request to reauth API to get the challenges.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
supported_challenge_types (Sequence[str]): list of challenge names
supported by the manager.
access_token (str): Access token with reauth scopes.
requested_scopes (Optional(Sequence[str])): Authorized scopes for the credentials.
Returns:
dict: The response from the reauth API.
"""
body = {"supportedChallengeTypes": supported_challenge_types}
if requested_scopes:
body["oauthScopesForDomainPolicyLookup"] = requested_scopes
return _client._token_endpoint_request(request,
_REAUTH_API + ":start",
body,
access_token=access_token,
use_json=True)
def test__token_endpoint_request():
request = make_request({'test': 'response'})
result = _client._token_endpoint_request(
request, 'http://example.com', {'test': 'params'})
# Check request call
request.assert_called_with(
method='POST',
url='http://example.com',
headers={'content-type': 'application/x-www-form-urlencoded'},
body='test=params')
# Check result
assert result == {'test': 'response'}
def test__token_endpoint_request():
request = make_request({"test": "response"})
result = _client._token_endpoint_request(request, "http://example.com",
{"test": "params"})
# Check request call
request.assert_called_with(
method="POST",
url="http://example.com",
headers={"content-type": "application/x-www-form-urlencoded"},
body="test=params",
)
# Check result
assert result == {"test": "response"}
def test__token_endpoint_request_use_json():
request = make_request({"test": "response"})
result = _client._token_endpoint_request(
request,
"http://example.com",
{"test": "params"},
access_token="access_token",
use_json=True,
)
# Check request call
request.assert_called_with(
method="POST",
url="http://example.com",
headers={
"Content-Type": "application/json",
"Authorization": "Bearer access_token",
},
body=b'{"test": "params"}',
)
# Check result
assert result == {"test": "response"}
def test__token_endpoint_request_error():
request = make_request({}, status=http_client.BAD_REQUEST)
with pytest.raises(exceptions.RefreshError):
_client._token_endpoint_request(request, 'http://example.com', {})
dag_name = 'dag_server_log_parquet'
data = {'conf': {'date_kr': '2019-11-24'}}
# service account credentials 파일로 bootstrap credentials 을 생성합니다.
bootstrap_credentials = Credentials.from_service_account_file(service_account_credentials_path)
signer_email = bootstrap_credentials.service_account_email
signer = bootstrap_credentials.signer
# OAuth 2.0 service account credentials 을 생성합니다.
# token_uri 값을 바꾸고, additional_claims 을 추가합니다.
service_account_credentials = Credentials(signer, signer_email, oauth_token_uri,
additional_claims={'target_audience': client_id})
# OpenID Connect token 을 획득합니다.
service_account_jwt = service_account_credentials._make_authorization_grant_assertion()
body = {'assertion': service_account_jwt, 'grant_type': _JWT_GRANT_TYPE}
token_response = _token_endpoint_request(Request(), oauth_token_uri, body)
google_open_id_connect_token = token_response['id_token']
# 획득한 token 을 HTTP Header 에 담아서, Airflow Web Server 의 REST API 를 호출합니다.
resp = requests.request('POST',
f'https://{web_server_id}.appspot.com/api/experimental/dags/{dag_name}/dag_runs',
headers={'Authorization': f'Bearer {google_open_id_connect_token}'},
json=data)
if resp.status_code == 403:
raise Exception(f'Service account {signer_email} does not have permission to '
f'access the IAP-protected application.')
elif resp.status_code != 200:
raise Exception(f'Bad response from application: {resp.status_code} / {resp.headers} / {resp.text}')
