def test_token(self): calls = [] def mocked(**kwargs): calls.append(kwargs) return 'fake-token', utils.time_time() + 3600 self.mock(auth, 'get_access_token', mocked) tok = service_accounts.AccessToken('fake-token', utils.time_time() + 3600) self.assertEqual( ('*****@*****.**', tok), service_accounts.get_system_account_token('*****@*****.**', ['scope'])) self.assertEqual([{ 'act_as': '*****@*****.**', 'min_lifetime_sec': service_accounts.MIN_TOKEN_LIFETIME_SEC, 'scopes': ['scope'], }], calls)
def test_ok_with_realm(self): now = datetime.datetime(2010, 1, 2, 3, 4, 5) self.mock_now(now) self.mock(auth, 'has_permission', lambda *_args, **_kwargs: True) # Initial attempt. task_id = self.make_task_request( service_account='*****@*****.**', realm='test:realm') expiry = now + datetime.timedelta(seconds=3600) self.mock_json_request( expected_url='https://tokens.example.com/prpc/' 'tokenserver.minter.TokenMinter/MintServiceAccountToken', expected_payload={ 'tokenKind': 1, 'serviceAccount': '*****@*****.**', 'realm': 'test:realm', 'oauthScope': ['scope1', 'scope2'], 'minValidityDuration': 300, 'auditTags': [ 'swarming:gae_request_id:7357B3D7091D', 'swarming:service_version:sample-app/v1a', 'swarming:bot_id:bot-id', 'swarming:task_id:' + task_id, 'swarming:task_name:Request with [email protected]', ], }, expected_project_id='test', response={ 'token': 'totally_real_token', 'serviceVersion': 'token-server-id/ver', 'expiry': expiry.isoformat() + 'Z', }) tok = service_accounts.AccessToken('totally_real_token', int(utils.time_time() + 3600)) self.assertEqual( ('*****@*****.**', tok), service_accounts.get_task_account_token(task_id, 'bot-id', ['scope1', 'scope2']))
def test_happy_path(self): now = datetime.datetime(2010, 1, 2, 3, 4, 5) self.mock_now(now) # Initial attempt and a retry. for try_number in (1, 2): task_id = self.make_task_request( service_account='*****@*****.**', service_account_token='mocked-oauth-token-grant', try_number=try_number) expiry = now + datetime.timedelta(seconds=3600) self.mock_json_request( expected_url='https://tokens.example.com/prpc/' 'tokenserver.minter.TokenMinter/MintOAuthTokenViaGrant', expected_payload={ 'grantToken': 'mocked-oauth-token-grant', 'oauthScope': ['scope1', 'scope2'], 'minValidityDuration': 300, 'auditTags': [ 'swarming:gae_request_id:7357B3D7091D', 'swarming:service_version:sample-app/v1a', 'swarming:bot_id:bot-id', 'swarming:task_id:' + task_id, 'swarming:task_name:Request with [email protected]', ], }, response={ 'accessToken': 'totally_real_token', 'serviceVersion': 'token-server-id/ver', 'expiry': expiry.isoformat() + 'Z', }) tok = service_accounts.AccessToken('totally_real_token', int(utils.time_time() + 3600)) self.assertEqual(('*****@*****.**', tok), service_accounts.get_task_account_token( task_id, 'bot-id', ['scope1', 'scope2']))