def autologin(cls, filename:str, directory:Path = None) -> None: ''' Explicit login using GCP credentials .json filename. ''' if directory is None: directory = config.credentials_path path = directory / filename if not path.exists(): msg = ( f'\n\n{B("Attempted to log in with non-existent file: ")}' f'\n{I(path)}' ) raise FileNotFoundError(msg) environ["GOOGLE_APPLICATION_CREDENTIALS"] = str(path) success = False try: client = storage.Client() success = True except DefaultCredentialsError: pass if not success: msg = ( f'\n\n{B("Unable to validate credentials for file: ")}' f'{I(selection)}\n{B("Check integrity of file ")}' f'{B("and confirm credentials are still valid on GCP.")}' ) raise DefaultCredentialsError(msg) else: cls.credentials_active = True
def test_get_application_default_credentials_does_not_throw_error(): if _check_if_can_get_correct_default_credentials(): # Can get real credentials, so mock it out to fail. from google.auth.exceptions import DefaultCredentialsError with mock.patch('google.auth.default', side_effect=DefaultCredentialsError()): credentials, _ = auth.get_application_default_credentials() else: credentials, _ = auth.get_application_default_credentials() assert credentials is None
def test_default_gets_user_credentials(): import pydata_google_auth # Mock google.auth.default to fail, forcing user credentials. with mock.patch("google.auth.default", side_effect=DefaultCredentialsError()): credentials, _ = pydata_google_auth.default(TEST_SCOPES, use_local_webserver=True) assert credentials.valid
def test_get_anonymous_bucket(gcs_mock): with pytest.raises(DefaultCredentialsError, match="Test"): gcs_mock.Client.return_value.bucket.side_effect = mock.Mock( side_effect=DefaultCredentialsError("Test")) repo = GCSArtifactRepository("gs://test_bucket", gcs_mock) repo._get_bucket("gs://test_bucket") anon_call_count = gcs_mock.Client.create_anonymous_client.call_count assert anon_call_count == 1 bucket_call_count = (gcs_mock.Client.create_anonymous_client. return_value.get_bucket.call_count) assert bucket_call_count == 1
def test_should_warn_if_trying_to_use_default_creds( self, fetch_id_token_mock): # given os.environ["IAP_CLIENT_ID"] = "unittest-client-id" fetch_id_token_mock.side_effect = DefaultCredentialsError() with self.assertLogs("kedro_kubeflow.auth", level="WARNING") as cm: # when token = AuthHandler().obtain_id_token() # then assert ( "this authentication method does not work with default credentials" in cm.output[0]) assert token is None
def email_from_id_token(*args, **kwargs): """Raises DefaultCredentialsError at runtime""" raise DefaultCredentialsError(*exception_args)
@patch( "google.oauth2.id_token.verify_token", return_value={ "iss": "accounts.google.com", "exp": 12341234 }, ) @patch( "google.auth.default", return_value=[ GoogleDefaultResponse("fake_token"), GoogleDefaultResponse("project_id"), ], ) @patch("google.oauth2.id_token.fetch_id_token", side_effect=DefaultCredentialsError()) def test_get_auth_metadata_plugin_google_should_pass_with_token_from_google_auth_lib( verify_token, fetch_id_token, default, config_google): auth_metadata_plugin = get_auth_metadata_plugin(config_google) assert isinstance(auth_metadata_plugin, GoogleOpenIDAuthMetadataPlugin) assert auth_metadata_plugin.get_signed_meta() == (("authorization", "Bearer fake_token"), ) @patch( "google.auth.default", return_value=[ GoogleDefaultErrorResponse("fake_token"), GoogleDefaultErrorResponse("project_id"), ], )
def raise_default_creds_error() -> None: from google.auth.exceptions import DefaultCredentialsError raise DefaultCredentialsError()