def test_token(self):
calls = []
def mocked(**kwargs):
calls.append(kwargs)
return 'fake-token', utils.time_time() + 3600
self.mock(auth, 'get_access_token', mocked)
tok = service_accounts.AccessToken('fake-token', utils.time_time() + 3600)
self.assertEqual(
('*****@*****.**', tok),
service_accounts.get_system_account_token('*****@*****.**', ['scope']))
self.assertEqual([{
'act_as': '*****@*****.**',
'min_lifetime_sec': service_accounts.MIN_TOKEN_LIFETIME_SEC,
'scopes': ['scope'],
}], calls)
def test_ok_with_realm(self):
now = datetime.datetime(2010, 1, 2, 3, 4, 5)
self.mock_now(now)
self.mock(auth, 'has_permission', lambda *_args, **_kwargs: True)
# Initial attempt.
task_id = self.make_task_request(
service_account='*****@*****.**', realm='test:realm')
expiry = now + datetime.timedelta(seconds=3600)
self.mock_json_request(
expected_url='https://tokens.example.com/prpc/'
'tokenserver.minter.TokenMinter/MintServiceAccountToken',
expected_payload={
'tokenKind':
1,
'serviceAccount':
'*****@*****.**',
'realm':
'test:realm',
'oauthScope': ['scope1', 'scope2'],
'minValidityDuration':
300,
'auditTags': [
'swarming:gae_request_id:7357B3D7091D',
'swarming:service_version:sample-app/v1a',
'swarming:bot_id:bot-id',
'swarming:task_id:' + task_id,
'swarming:task_name:Request with [email protected]',
],
},
expected_project_id='test',
response={
'token': 'totally_real_token',
'serviceVersion': 'token-server-id/ver',
'expiry': expiry.isoformat() + 'Z',
})
tok = service_accounts.AccessToken('totally_real_token',
int(utils.time_time() + 3600))
self.assertEqual(
('*****@*****.**', tok),
service_accounts.get_task_account_token(task_id, 'bot-id',
['scope1', 'scope2']))
def test_happy_path(self):
now = datetime.datetime(2010, 1, 2, 3, 4, 5)
self.mock_now(now)
# Initial attempt and a retry.
for try_number in (1, 2):
task_id = self.make_task_request(
service_account='*****@*****.**',
service_account_token='mocked-oauth-token-grant',
try_number=try_number)
expiry = now + datetime.timedelta(seconds=3600)
self.mock_json_request(
expected_url='https://tokens.example.com/prpc/'
'tokenserver.minter.TokenMinter/MintOAuthTokenViaGrant',
expected_payload={
'grantToken':
'mocked-oauth-token-grant',
'oauthScope': ['scope1', 'scope2'],
'minValidityDuration':
300,
'auditTags': [
'swarming:gae_request_id:7357B3D7091D',
'swarming:service_version:sample-app/v1a',
'swarming:bot_id:bot-id',
'swarming:task_id:' + task_id,
'swarming:task_name:Request with [email protected]',
],
},
response={
'accessToken': 'totally_real_token',
'serviceVersion': 'token-server-id/ver',
'expiry': expiry.isoformat() + 'Z',
})
tok = service_accounts.AccessToken('totally_real_token',
int(utils.time_time() + 3600))
self.assertEqual(('*****@*****.**', tok),
service_accounts.get_task_account_token(
task_id, 'bot-id', ['scope1', 'scope2']))