def test_auth_init_env_vars(self): environ = dict(CLIENT_SECRET='secret_bar', CLIENT_ID="id_bar", DESCARTESLABS_CLIENT_SECRET='secret_foo', DESCARTESLABS_CLIENT_ID="id_foo") # should work with direct var with patch.dict('descarteslabs.client.auth.auth.os.environ', environ): auth = Auth(client_id='client_id', client_secret='client_secret', jwt_token='jwt_token') self.assertEqual(auth.client_secret, 'client_secret') self.assertEqual(auth.client_id, 'client_id') # should work with namespaced env vars with patch.dict('descarteslabs.client.auth.auth.os.environ', environ): auth = Auth() self.assertEqual(auth.client_secret, environ.get('DESCARTESLABS_CLIENT_SECRET')) self.assertEqual(auth.client_id, environ.get('DESCARTESLABS_CLIENT_ID')) # remove the namespaced ones environ.pop('DESCARTESLABS_CLIENT_SECRET') environ.pop('DESCARTESLABS_CLIENT_ID') # should fallback to legacy env vars with patch.dict('descarteslabs.client.auth.auth.os.environ', environ): auth = Auth() self.assertEqual(auth.client_secret, environ.get('CLIENT_SECRET')) self.assertEqual(auth.client_id, environ.get('CLIENT_ID'))
def test_auth_init_env_vars(self): environ = dict( CLIENT_SECRET="secret_bar", CLIENT_ID="id_bar", DESCARTESLABS_CLIENT_SECRET="secret_foo", DESCARTESLABS_CLIENT_ID="id_foo", ) # should work with direct var with patch.dict("descarteslabs.client.auth.auth.os.environ", environ): auth = Auth( client_id="client_id", client_secret="client_secret", jwt_token="jwt_token", ) self.assertEqual(auth.client_secret, "client_secret") self.assertEqual(auth.client_id, "client_id") # should work with namespaced env vars with patch.dict("descarteslabs.client.auth.auth.os.environ", environ): auth = Auth() self.assertEqual(auth.client_secret, environ.get("DESCARTESLABS_CLIENT_SECRET")) self.assertEqual(auth.client_id, environ.get("DESCARTESLABS_CLIENT_ID")) # remove the namespaced ones environ.pop("DESCARTESLABS_CLIENT_SECRET") environ.pop("DESCARTESLABS_CLIENT_ID") # should fallback to legacy env vars with patch.dict("descarteslabs.client.auth.auth.os.environ", environ): auth = Auth() self.assertEqual(auth.client_secret, environ.get("CLIENT_SECRET")) self.assertEqual(auth.client_id, environ.get("CLIENT_ID"))
def __init__(self, url, token=None, auth=None, retries=None, session_class=None): if auth is None: auth = Auth() if token is not None: warn( "setting token at service level will be removed in future", DeprecationWarning, ) auth._token = token self.auth = auth self.base_url = url if retries is None: self._adapter = Service.ADAPTER else: self._adapter = ThreadLocalWrapper(lambda: HTTPAdapter(max_retries=retries)) if session_class is None: self._session_class = WrappedSession else: self._session_class = session_class # Sessions can't be shared across threads or processes because the underlying # SSL connection pool can't be shared. We create them thread-local to avoid # intractable exceptions when users naively share clients e.g. when using # multiprocessing. self._session = ThreadLocalWrapper(self.build_session)
def __init__(self, url, token=None, auth=None, retries=None, session_class=None): if auth is None: auth = Auth() if token is not None: warn( "setting token at service level will be removed in future", FutureWarning, ) auth._token = token self.auth = auth self.base_url = url if retries is None: self._adapter = self.ADAPTER else: self.RETRY_CONFIG = retries self._init_adapter() if session_class is not None: # Overwrite the default session class if not issubclass(session_class, Session): raise TypeError( "The session class must be a subclass of {}.".format( Session)) self._session_class = session_class self._init_session()
def test_get_token_schema_legacy_internal_only(self): responses.add_callback(responses.POST, 'https://accounts.descarteslabs.com/token', callback=token_response_callback) auth = Auth(token_info_path=None, client_secret="client_secret", client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c") auth._get_token() self.assertEqual("id_token", auth._token)
def test_token_expired(self, _get_token): auth = Auth(token_info_path=None, client_secret="client_secret", client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c") token = b".".join( (base64.b64encode(to_bytes(p)) for p in ["header", json.dumps(dict(exp=0)), "sig"])) auth._token = token self.assertEqual(auth.token, token) _get_token.assert_called_once()
def test_get_token_legacy(self): responses.add(responses.POST, 'https://accounts.descarteslabs.com/token', json=dict(id_token="id_token"), status=200) auth = Auth(token_info_path=None, client_secret="client_secret", client_id="client_id") auth._get_token() self.assertEqual("id_token", auth._token)
def test_set_token(self): environ = dict(DESCARTESLABS_TOKEN="token") with patch.dict("descarteslabs.client.auth.auth.os.environ", environ): with self.assertRaises(AuthError): auth = Auth() auth.payload with self.assertRaises(AuthError): auth = Auth(jwt_token="token") auth.payload
def test_token_in_leeway_autherror(self, _get_token): auth = Auth(token_info_path=None, client_secret="client_secret", client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c") exp = (datetime.datetime.utcnow() - datetime.datetime(1970, 1, 1)).total_seconds() + auth.leeway / 2 token = b".".join( (base64.b64encode(to_bytes(p)) for p in ["header", json.dumps(dict(exp=exp)), "sig"])) auth._token = token self.assertEqual(auth.token, token) _get_token.assert_called_once()
def test_get_token(self): responses.add( responses.POST, "https://accounts.descarteslabs.com/token", json=dict(access_token="access_token"), status=200, ) auth = Auth(token_info_path=None, client_secret="client_secret", client_id="client_id") auth._get_token() assert "access_token" == auth._token
def __init__(self, url, token=None, auth=None): if auth is None: auth = Auth() if token is not None: warn("setting token at service level will be removed in future", DeprecationWarning) auth._token = token self.auth = auth self.base_url = url self._session = self.build_session()
def test_token(self, _get_token): auth = Auth( token_info_path=None, client_secret="client_secret", client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c", ) token = b".".join( (base64.b64encode(to_bytes(p)) for p in ["header", json.dumps(dict(exp=9999999999)), "sig"])) auth._token = token assert auth.token == token _get_token.assert_not_called()
def setUp(self): self.url = "http://example.com/metadata" self.instance = Metadata(url=self.url, auth=Auth(jwt_token=public_token, token_info_path=None)) self.instance._raster = Raster(url=self.url, auth=self.instance.auth) self.match_url = re.compile(self.url)
def setUp(self): url = "http://example.com" self.url = url self.client = Tasks(url=url, auth=Auth(jwt_token=public_token, token_info_path=None)) self.match_url = re.compile(url)
def setUp(self): self.url = "https://example.com/catalog/v2" self.client = CatalogClient(url=self.url, auth=Auth(jwt_token=public_token, token_info_path=None)) self.search = Image.search(client=self.client) self.match_url = re.compile(self.url)
def __init__( self, host, auth=None, certificate=None, port=443, default_retry=None, default_metadata=None, ): if auth is None: auth = Auth() self.auth = auth self.host = host self.port = port self._default_metadata = default_metadata if default_retry is None: default_retry = Retry(predicate=default_grpc_retry_predicate, retries=5) self._default_retry = default_retry self._channel = None self._certificate = certificate self._stubs = None self._api = None
def __init__( self, host, auth=None, certificate=None, port=None, default_retry=None, default_metadata=None, use_insecure_channel=False, ): if auth is None: auth = Auth() self.auth = auth self.host = host if not port: if use_insecure_channel: port = 8000 else: port = 443 self.port = port self._default_metadata = default_metadata if default_retry is None: default_retry = Retry(predicate=default_grpc_retry_predicate, retries=5) self._default_retry = default_retry self._use_insecure_channel = use_insecure_channel self._channel = None self._certificate = certificate self._stubs = None self._api = None
def test_auth_client_refresh_match(self): with warnings.catch_warnings(record=True) as w: auth = Auth(client_id="client_id", client_secret="secret", refresh_token="mismatched_refresh_token") self.assertEqual(1, len(w)) self.assertEqual("mismatched_refresh_token", auth.refresh_token) self.assertEqual("mismatched_refresh_token", auth.client_secret)
def test_auth_init_env_vars(self): warnings.simplefilter("ignore") environ = dict( CLIENT_SECRET="secret_bar", CLIENT_ID="id_bar", DESCARTESLABS_CLIENT_SECRET="secret_foo", DESCARTESLABS_CLIENT_ID="id_foo", DESCARTESLABS_REFRESH_TOKEN="refresh_foo", ) # should work with direct var with patch.dict("descarteslabs.client.auth.auth.os.environ", environ): auth = Auth( client_id="client_id", client_secret="client_secret", refresh_token="client_secret", jwt_token="jwt_token", ) assert auth.client_secret == "client_secret" assert auth.client_id == "client_id" # should work with namespaced env vars with patch.dict("descarteslabs.client.auth.auth.os.environ", environ): auth = Auth() # when refresh_token and client_secret do not match, # the Auth implementation sets both to the value of # refresh_token assert auth.client_secret == environ.get( "DESCARTESLABS_REFRESH_TOKEN") assert auth.client_id == environ.get("DESCARTESLABS_CLIENT_ID") # remove the namespaced ones, except the refresh token because # Auth does not recognize a REFRESH_TOKEN environment variable # and removing it from the dictionary would result in non-deterministic # results based on the token_info.json file on the test runner disk environ.pop("DESCARTESLABS_CLIENT_SECRET") environ.pop("DESCARTESLABS_CLIENT_ID") # should fallback to legacy env vars with patch.dict("descarteslabs.client.auth.auth.os.environ", environ): auth = Auth() assert auth.client_secret == environ.get( "DESCARTESLABS_REFRESH_TOKEN") assert auth.client_id == environ.get("CLIENT_ID")
def test_auth_client_refresh_match(self): with warnings.catch_warnings(record=True): auth = Auth( client_id="client_id", client_secret="secret", refresh_token="mismatched_refresh_token", ) assert "mismatched_refresh_token" == auth.refresh_token assert "mismatched_refresh_token" == auth.client_secret
def __init__(self, url, token=None, auth=None): if auth is None: auth = Auth() if token is not None: warn("setting token at service level will be removed in future", DeprecationWarning) auth._token = token self.auth = auth self.base_url = url # Sessions can't be shared across threads or processes because the underlying # SSL connection pool can't be shared. We create them thread-local to avoid # intractable exceptions when users naively share clients e.g. when using # multiprocessing. self._session = ThreadLocalWrapper(self.build_session)
def __init__(self, url=None, token=None, auth=Auth()): """The parent Service class implements authentication and exponential backoff/retry. Override the url parameter to use a different instance of the backing service. """ if url is None: url = os.environ.get("DESCARTESLABS_RASTER_URL", "https://platform.descarteslabs.com/raster/v1") Service.__init__(self, url, token, auth)
def __init__(self, url=None, auth=None): if auth is None: auth = Auth() if url is None: url = os.environ.get( "DESCARTESLABS_TASKS_URL", "https://platform.descarteslabs.com/tasks/v1") super(Tasks, self).__init__(url, auth=auth)
def __init__(self, url=None, auth=None, **kwargs): if auth is None: auth = Auth() if url is None: url = os.environ.get( "DESCARTESLABS_CATALOG_V2_URL", "https://platform.descarteslabs.com/metadata/v1/catalog/v2", ) super(CatalogClient, self).__init__(url, auth=auth, **kwargs)
def test_get_token(self): # get a jwt auth = Auth.from_environment_or_token_json() self.assertIsNotNone(auth.token) # validate the jwt url = "https://descarteslabs.auth0.com" + "/tokeninfo" params = {"id_token": auth.token} headers = {"content-type": "application/json"} r = requests.post(url, data=json.dumps(params), headers=headers) self.assertEqual(200, r.status_code)
def __init__(self, url=None, token=None, auth=Auth(), maxsize=10, ttl=600): """The parent Service class implements authentication and exponential backoff/retry. Override the url parameter to use a different instance of the backing service. """ if url is None: url = os.environ.get( "DESCARTESLABS_PLACES_URL", "https://platform.descarteslabs.com/waldo/v2") Service.__init__(self, url, token, auth) self.cache = TTLCache(maxsize, ttl)
def __init__(self, url=None, auth=None, retries=None): if auth is None: auth = Auth() if url is None: url = os.environ.get( "DESCARTESLABS_CATALOG_V2_URL", "https://platform.descarteslabs.com/metadata/v1/catalog/v2", ) super(CatalogClient, self).__init__( url, auth=auth, retries=retries, session_class=_RewriteErrorSession )
def __init__(self, url=None, token=None, auth=Auth()): """The parent Service class implements authentication and exponential backoff/retry. Override the url parameter to use a different instance of the backing service. """ simplefilter('always', DeprecationWarning) if url is None: url = os.environ.get( "DESCARTESLABS_METADATA_URL", "https://platform.descarteslabs.com/metadata/v1") Service.__init__(self, url, token, auth) self._raster = Raster(auth=self.auth)
def __init__(self, url=None, auth=None): """ The parent Service class implements authentication and exponential backoff/retry. Override the url parameter to use a different instance of the backing service. """ if auth is None: auth = Auth() if url is None: url = os.environ.get( "DESCARTESLABS_VECTOR_URL", "https://platform.descarteslabs.com/vector/v2") self._gcs_upload_service = ThirdPartyService() super(Vector, self).__init__(url, auth=auth)
def test_get_token_schema_internal_only(self): responses.add_callback(responses.POST, 'https://accounts.descarteslabs.com/token', callback=token_response_callback) auth = Auth(token_info_path=None, refresh_token="refresh_token", client_id="client_id") auth._get_token() self.assertEqual("access_token", auth._token) auth = Auth(token_info_path=None, client_secret="refresh_token", client_id="client_id") auth._get_token() self.assertEqual("access_token", auth._token)