def test_service_account_no_id(service_account_key, key, error_msg):
service_account_key.pop(key)
with pytest.raises(RuntimeError) as e:
get_auth_token_requester(service_account_key=service_account_key).get_token_request()
assert str(e.value) == error_msg
def test_both_params_error(token, service_account_key):
with pytest.raises(RuntimeError) as e:
get_auth_token_requester(
token=token,
service_account_key=service_account_key).get_token_request()
assert str(
e.value
) == "Conflicting API credentials properties 'token' and 'service-account-key' are set."
def __init__(self, **kwargs):
self._channel_creds = grpc.ssl_channel_credentials(
root_certificates=kwargs.get('root_certificates'),
private_key=kwargs.get('private_key'),
certificate_chain=kwargs.get('certificate_chain'),
)
self._endpoint = kwargs.get('endpoint', 'api.cloud.yandex.net')
self._token_requester = get_auth_token_requester(
token=kwargs.get("token"),
service_account_key=kwargs.get("service_account_key"))
self._unauthenticated_channel = None
self._channels = None
def test_service_account_key(service_account_key):
request_func = get_auth_token_requester(service_account_key=service_account_key).get_token_request
request = request_func()
now = int(time.time())
headers = jwt.get_unverified_header(request.jwt)
parsed = jwt.decode(request.jwt, secret=service_account_key["public_key"], algorithms=['PS256'], verify=False)
assert headers["typ"] == "JWT"
assert headers["alg"] == "PS256"
assert headers["kid"] == service_account_key["id"]
assert parsed["iss"] == service_account_key["service_account_id"]
assert parsed["aud"] == "https://iam.api.cloud.yandex.net/iam/v1/tokens"
assert now - 60 <= int(parsed["iat"]) <= now
def __init__(self, client_user_agent=None, **kwargs):
self._channel_creds = grpc.ssl_channel_credentials(
root_certificates=kwargs.get("root_certificates"),
private_key=kwargs.get("private_key"),
certificate_chain=kwargs.get("certificate_chain"),
)
self._endpoint = kwargs.get("endpoint", "api.cloud.yandex.net")
self._token_requester = get_auth_token_requester(
token=kwargs.get("token"),
service_account_key=kwargs.get("service_account_key"))
self._unauthenticated_channel = None
self._channels = None
self._client_user_agent = client_user_agent
def test_metadata_auth(iam_token):
with metadata_server(iam_token) as srv:
requester = get_auth_token_requester(metadata_addr=srv.addr)
token = requester.get_token()
assert token == iam_token
def test_oauth_token(token):
request_func = get_auth_token_requester(token=token).get_token_request
request = request_func()
assert token == request.yandex_passport_oauth_token
def test_invalid_service_account_type():
with pytest.raises(RuntimeError) as e:
get_auth_token_requester(service_account_key=[]).get_token_request()
assert str(e.value).startswith(
"Invalid Service Account Key: expecting dictionary, actually got")