def test__token_endpoint_request_error(): response = mock.Mock() response.status = http_client.BAD_REQUEST response.data = b'Error' request = mock.Mock(return_value=response) with pytest.raises(exceptions.RefreshError): _client._token_endpoint_request(request, 'http://example.com', {})
def test__token_endpoint_request_internal_failure_error(): request = make_request( {"error": "internal_failure", "error_description": "internal_failure"}, status=http_client.BAD_REQUEST, ) with pytest.raises(exceptions.RefreshError): _client._token_endpoint_request( request, "http://example.com", {"error": "internal_failure", "error_description": "internal_failure"}, )
def test__token_endpoint_request_internal_failure_error(): request = make_request( { 'error': 'internal_failure', 'error_description': 'internal_failure' }, status=http_client.BAD_REQUEST) with pytest.raises(exceptions.RefreshError): _client._token_endpoint_request(request, 'http://example.com', { 'error': 'internal_failure', 'error_description': 'internal_failure' })
def _send_challenge_result( request, session_id, challenge_id, client_input, access_token ): """Attempt to refresh access token by sending next challenge result. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. session_id (str): session id returned by the initial reauth call. challenge_id (str): challenge id returned by the initial reauth call. client_input: dict with a challenge-specific client input. For example: ``{'credential': password}`` for password challenge. access_token (str): Access token with reauth scopes. Returns: dict: The response from the reauth API. """ body = { "sessionId": session_id, "challengeId": challenge_id, "action": "RESPOND", "proposalResponse": client_input, } return _client._token_endpoint_request( request, _REAUTH_API + "/{}:continue".format(session_id), body, access_token=access_token, use_json=True, )
def _get_challenges(request, supported_challenge_types, access_token, requested_scopes=None): """Does initial request to reauth API to get the challenges. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. supported_challenge_types (Sequence[str]): list of challenge names supported by the manager. access_token (str): Access token with reauth scopes. requested_scopes (Optional(Sequence[str])): Authorized scopes for the credentials. Returns: dict: The response from the reauth API. """ body = {"supportedChallengeTypes": supported_challenge_types} if requested_scopes: body["oauthScopesForDomainPolicyLookup"] = requested_scopes return _client._token_endpoint_request(request, _REAUTH_API + ":start", body, access_token=access_token, use_json=True)
def test__token_endpoint_request(): request = make_request({'test': 'response'}) result = _client._token_endpoint_request( request, 'http://example.com', {'test': 'params'}) # Check request call request.assert_called_with( method='POST', url='http://example.com', headers={'content-type': 'application/x-www-form-urlencoded'}, body='test=params') # Check result assert result == {'test': 'response'}
def test__token_endpoint_request(): request = make_request({"test": "response"}) result = _client._token_endpoint_request(request, "http://example.com", {"test": "params"}) # Check request call request.assert_called_with( method="POST", url="http://example.com", headers={"content-type": "application/x-www-form-urlencoded"}, body="test=params", ) # Check result assert result == {"test": "response"}
def test__token_endpoint_request_use_json(): request = make_request({"test": "response"}) result = _client._token_endpoint_request( request, "http://example.com", {"test": "params"}, access_token="access_token", use_json=True, ) # Check request call request.assert_called_with( method="POST", url="http://example.com", headers={ "Content-Type": "application/json", "Authorization": "Bearer access_token", }, body=b'{"test": "params"}', ) # Check result assert result == {"test": "response"}
def test__token_endpoint_request_error(): request = make_request({}, status=http_client.BAD_REQUEST) with pytest.raises(exceptions.RefreshError): _client._token_endpoint_request(request, 'http://example.com', {})
dag_name = 'dag_server_log_parquet' data = {'conf': {'date_kr': '2019-11-24'}} # service account credentials 파일로 bootstrap credentials 을 생성합니다. bootstrap_credentials = Credentials.from_service_account_file(service_account_credentials_path) signer_email = bootstrap_credentials.service_account_email signer = bootstrap_credentials.signer # OAuth 2.0 service account credentials 을 생성합니다. # token_uri 값을 바꾸고, additional_claims 을 추가합니다. service_account_credentials = Credentials(signer, signer_email, oauth_token_uri, additional_claims={'target_audience': client_id}) # OpenID Connect token 을 획득합니다. service_account_jwt = service_account_credentials._make_authorization_grant_assertion() body = {'assertion': service_account_jwt, 'grant_type': _JWT_GRANT_TYPE} token_response = _token_endpoint_request(Request(), oauth_token_uri, body) google_open_id_connect_token = token_response['id_token'] # 획득한 token 을 HTTP Header 에 담아서, Airflow Web Server 의 REST API 를 호출합니다. resp = requests.request('POST', f'https://{web_server_id}.appspot.com/api/experimental/dags/{dag_name}/dag_runs', headers={'Authorization': f'Bearer {google_open_id_connect_token}'}, json=data) if resp.status_code == 403: raise Exception(f'Service account {signer_email} does not have permission to ' f'access the IAP-protected application.') elif resp.status_code != 200: raise Exception(f'Bad response from application: {resp.status_code} / {resp.headers} / {resp.text}')