def test_auth_init_env_vars(self):
environ = dict(CLIENT_SECRET='secret_bar',
CLIENT_ID="id_bar",
DESCARTESLABS_CLIENT_SECRET='secret_foo',
DESCARTESLABS_CLIENT_ID="id_foo")
# should work with direct var
with patch.dict('descarteslabs.client.auth.auth.os.environ', environ):
auth = Auth(client_id='client_id',
client_secret='client_secret',
jwt_token='jwt_token')
self.assertEqual(auth.client_secret, 'client_secret')
self.assertEqual(auth.client_id, 'client_id')
# should work with namespaced env vars
with patch.dict('descarteslabs.client.auth.auth.os.environ', environ):
auth = Auth()
self.assertEqual(auth.client_secret,
environ.get('DESCARTESLABS_CLIENT_SECRET'))
self.assertEqual(auth.client_id,
environ.get('DESCARTESLABS_CLIENT_ID'))
# remove the namespaced ones
environ.pop('DESCARTESLABS_CLIENT_SECRET')
environ.pop('DESCARTESLABS_CLIENT_ID')
# should fallback to legacy env vars
with patch.dict('descarteslabs.client.auth.auth.os.environ', environ):
auth = Auth()
self.assertEqual(auth.client_secret, environ.get('CLIENT_SECRET'))
self.assertEqual(auth.client_id, environ.get('CLIENT_ID'))
def test_auth_init_env_vars(self):
environ = dict(
CLIENT_SECRET="secret_bar",
CLIENT_ID="id_bar",
DESCARTESLABS_CLIENT_SECRET="secret_foo",
DESCARTESLABS_CLIENT_ID="id_foo",
)
# should work with direct var
with patch.dict("descarteslabs.client.auth.auth.os.environ", environ):
auth = Auth(
client_id="client_id",
client_secret="client_secret",
jwt_token="jwt_token",
)
self.assertEqual(auth.client_secret, "client_secret")
self.assertEqual(auth.client_id, "client_id")
# should work with namespaced env vars
with patch.dict("descarteslabs.client.auth.auth.os.environ", environ):
auth = Auth()
self.assertEqual(auth.client_secret,
environ.get("DESCARTESLABS_CLIENT_SECRET"))
self.assertEqual(auth.client_id,
environ.get("DESCARTESLABS_CLIENT_ID"))
# remove the namespaced ones
environ.pop("DESCARTESLABS_CLIENT_SECRET")
environ.pop("DESCARTESLABS_CLIENT_ID")
# should fallback to legacy env vars
with patch.dict("descarteslabs.client.auth.auth.os.environ", environ):
auth = Auth()
self.assertEqual(auth.client_secret, environ.get("CLIENT_SECRET"))
self.assertEqual(auth.client_id, environ.get("CLIENT_ID"))
def __init__(self, url, token=None, auth=None, retries=None, session_class=None):
if auth is None:
auth = Auth()
if token is not None:
warn(
"setting token at service level will be removed in future",
DeprecationWarning,
)
auth._token = token
self.auth = auth
self.base_url = url
if retries is None:
self._adapter = Service.ADAPTER
else:
self._adapter = ThreadLocalWrapper(lambda: HTTPAdapter(max_retries=retries))
if session_class is None:
self._session_class = WrappedSession
else:
self._session_class = session_class
# Sessions can't be shared across threads or processes because the underlying
# SSL connection pool can't be shared. We create them thread-local to avoid
# intractable exceptions when users naively share clients e.g. when using
# multiprocessing.
self._session = ThreadLocalWrapper(self.build_session)
def __init__(self,
url,
token=None,
auth=None,
retries=None,
session_class=None):
if auth is None:
auth = Auth()
if token is not None:
warn(
"setting token at service level will be removed in future",
FutureWarning,
)
auth._token = token
self.auth = auth
self.base_url = url
if retries is None:
self._adapter = self.ADAPTER
else:
self.RETRY_CONFIG = retries
self._init_adapter()
if session_class is not None:
# Overwrite the default session class
if not issubclass(session_class, Session):
raise TypeError(
"The session class must be a subclass of {}.".format(
Session))
self._session_class = session_class
self._init_session()
def test_get_token_schema_legacy_internal_only(self):
responses.add_callback(responses.POST,
'https://accounts.descarteslabs.com/token',
callback=token_response_callback)
auth = Auth(token_info_path=None,
client_secret="client_secret",
client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c")
auth._get_token()
self.assertEqual("id_token", auth._token)
def test_token_expired(self, _get_token):
auth = Auth(token_info_path=None,
client_secret="client_secret",
client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c")
token = b".".join(
(base64.b64encode(to_bytes(p))
for p in ["header", json.dumps(dict(exp=0)), "sig"]))
auth._token = token
self.assertEqual(auth.token, token)
_get_token.assert_called_once()
def test_get_token_legacy(self):
responses.add(responses.POST,
'https://accounts.descarteslabs.com/token',
json=dict(id_token="id_token"),
status=200)
auth = Auth(token_info_path=None,
client_secret="client_secret",
client_id="client_id")
auth._get_token()
self.assertEqual("id_token", auth._token)
def test_set_token(self):
environ = dict(DESCARTESLABS_TOKEN="token")
with patch.dict("descarteslabs.client.auth.auth.os.environ", environ):
with self.assertRaises(AuthError):
auth = Auth()
auth.payload
with self.assertRaises(AuthError):
auth = Auth(jwt_token="token")
auth.payload
def test_token_in_leeway_autherror(self, _get_token):
auth = Auth(token_info_path=None,
client_secret="client_secret",
client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c")
exp = (datetime.datetime.utcnow() -
datetime.datetime(1970, 1, 1)).total_seconds() + auth.leeway / 2
token = b".".join(
(base64.b64encode(to_bytes(p))
for p in ["header", json.dumps(dict(exp=exp)), "sig"]))
auth._token = token
self.assertEqual(auth.token, token)
_get_token.assert_called_once()
def test_get_token(self):
responses.add(
responses.POST,
"https://accounts.descarteslabs.com/token",
json=dict(access_token="access_token"),
status=200,
)
auth = Auth(token_info_path=None,
client_secret="client_secret",
client_id="client_id")
auth._get_token()
assert "access_token" == auth._token
def __init__(self, url, token=None, auth=None):
if auth is None:
auth = Auth()
if token is not None:
warn("setting token at service level will be removed in future", DeprecationWarning)
auth._token = token
self.auth = auth
self.base_url = url
self._session = self.build_session()
def test_token(self, _get_token):
auth = Auth(
token_info_path=None,
client_secret="client_secret",
client_id="ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c",
)
token = b".".join(
(base64.b64encode(to_bytes(p))
for p in ["header",
json.dumps(dict(exp=9999999999)), "sig"]))
auth._token = token
assert auth.token == token
_get_token.assert_not_called()
def setUp(self):
self.url = "http://example.com/metadata"
self.instance = Metadata(url=self.url,
auth=Auth(jwt_token=public_token,
token_info_path=None))
self.instance._raster = Raster(url=self.url, auth=self.instance.auth)
self.match_url = re.compile(self.url)
def setUp(self):
url = "http://example.com"
self.url = url
self.client = Tasks(url=url,
auth=Auth(jwt_token=public_token,
token_info_path=None))
self.match_url = re.compile(url)
def setUp(self):
self.url = "https://example.com/catalog/v2"
self.client = CatalogClient(url=self.url,
auth=Auth(jwt_token=public_token,
token_info_path=None))
self.search = Image.search(client=self.client)
self.match_url = re.compile(self.url)
def __init__(
self,
host,
auth=None,
certificate=None,
port=443,
default_retry=None,
default_metadata=None,
):
if auth is None:
auth = Auth()
self.auth = auth
self.host = host
self.port = port
self._default_metadata = default_metadata
if default_retry is None:
default_retry = Retry(predicate=default_grpc_retry_predicate,
retries=5)
self._default_retry = default_retry
self._channel = None
self._certificate = certificate
self._stubs = None
self._api = None
def __init__(
self,
host,
auth=None,
certificate=None,
port=None,
default_retry=None,
default_metadata=None,
use_insecure_channel=False,
):
if auth is None:
auth = Auth()
self.auth = auth
self.host = host
if not port:
if use_insecure_channel:
port = 8000
else:
port = 443
self.port = port
self._default_metadata = default_metadata
if default_retry is None:
default_retry = Retry(predicate=default_grpc_retry_predicate, retries=5)
self._default_retry = default_retry
self._use_insecure_channel = use_insecure_channel
self._channel = None
self._certificate = certificate
self._stubs = None
self._api = None
def test_auth_client_refresh_match(self):
with warnings.catch_warnings(record=True) as w:
auth = Auth(client_id="client_id",
client_secret="secret",
refresh_token="mismatched_refresh_token")
self.assertEqual(1, len(w))
self.assertEqual("mismatched_refresh_token", auth.refresh_token)
self.assertEqual("mismatched_refresh_token", auth.client_secret)
def test_auth_init_env_vars(self):
warnings.simplefilter("ignore")
environ = dict(
CLIENT_SECRET="secret_bar",
CLIENT_ID="id_bar",
DESCARTESLABS_CLIENT_SECRET="secret_foo",
DESCARTESLABS_CLIENT_ID="id_foo",
DESCARTESLABS_REFRESH_TOKEN="refresh_foo",
)
# should work with direct var
with patch.dict("descarteslabs.client.auth.auth.os.environ", environ):
auth = Auth(
client_id="client_id",
client_secret="client_secret",
refresh_token="client_secret",
jwt_token="jwt_token",
)
assert auth.client_secret == "client_secret"
assert auth.client_id == "client_id"
# should work with namespaced env vars
with patch.dict("descarteslabs.client.auth.auth.os.environ", environ):
auth = Auth()
# when refresh_token and client_secret do not match,
# the Auth implementation sets both to the value of
# refresh_token
assert auth.client_secret == environ.get(
"DESCARTESLABS_REFRESH_TOKEN")
assert auth.client_id == environ.get("DESCARTESLABS_CLIENT_ID")
# remove the namespaced ones, except the refresh token because
# Auth does not recognize a REFRESH_TOKEN environment variable
# and removing it from the dictionary would result in non-deterministic
# results based on the token_info.json file on the test runner disk
environ.pop("DESCARTESLABS_CLIENT_SECRET")
environ.pop("DESCARTESLABS_CLIENT_ID")
# should fallback to legacy env vars
with patch.dict("descarteslabs.client.auth.auth.os.environ", environ):
auth = Auth()
assert auth.client_secret == environ.get(
"DESCARTESLABS_REFRESH_TOKEN")
assert auth.client_id == environ.get("CLIENT_ID")
def test_auth_client_refresh_match(self):
with warnings.catch_warnings(record=True):
auth = Auth(
client_id="client_id",
client_secret="secret",
refresh_token="mismatched_refresh_token",
)
assert "mismatched_refresh_token" == auth.refresh_token
assert "mismatched_refresh_token" == auth.client_secret
def __init__(self, url, token=None, auth=None):
if auth is None:
auth = Auth()
if token is not None:
warn("setting token at service level will be removed in future",
DeprecationWarning)
auth._token = token
self.auth = auth
self.base_url = url
# Sessions can't be shared across threads or processes because the underlying
# SSL connection pool can't be shared. We create them thread-local to avoid
# intractable exceptions when users naively share clients e.g. when using
# multiprocessing.
self._session = ThreadLocalWrapper(self.build_session)
def __init__(self, url=None, token=None, auth=Auth()):
"""The parent Service class implements authentication and exponential
backoff/retry. Override the url parameter to use a different instance
of the backing service.
"""
if url is None:
url = os.environ.get("DESCARTESLABS_RASTER_URL", "https://platform.descarteslabs.com/raster/v1")
Service.__init__(self, url, token, auth)
def __init__(self, url=None, auth=None):
if auth is None:
auth = Auth()
if url is None:
url = os.environ.get(
"DESCARTESLABS_TASKS_URL",
"https://platform.descarteslabs.com/tasks/v1")
super(Tasks, self).__init__(url, auth=auth)
def __init__(self, url=None, auth=None, **kwargs):
if auth is None:
auth = Auth()
if url is None:
url = os.environ.get(
"DESCARTESLABS_CATALOG_V2_URL",
"https://platform.descarteslabs.com/metadata/v1/catalog/v2",
)
super(CatalogClient, self).__init__(url, auth=auth, **kwargs)
def test_get_token(self):
# get a jwt
auth = Auth.from_environment_or_token_json()
self.assertIsNotNone(auth.token)
# validate the jwt
url = "https://descarteslabs.auth0.com" + "/tokeninfo"
params = {"id_token": auth.token}
headers = {"content-type": "application/json"}
r = requests.post(url, data=json.dumps(params), headers=headers)
self.assertEqual(200, r.status_code)
def __init__(self, url=None, token=None, auth=Auth(), maxsize=10, ttl=600):
"""The parent Service class implements authentication and exponential
backoff/retry. Override the url parameter to use a different instance
of the backing service.
"""
if url is None:
url = os.environ.get(
"DESCARTESLABS_PLACES_URL",
"https://platform.descarteslabs.com/waldo/v2")
Service.__init__(self, url, token, auth)
self.cache = TTLCache(maxsize, ttl)
def __init__(self, url=None, auth=None, retries=None):
if auth is None:
auth = Auth()
if url is None:
url = os.environ.get(
"DESCARTESLABS_CATALOG_V2_URL",
"https://platform.descarteslabs.com/metadata/v1/catalog/v2",
)
super(CatalogClient, self).__init__(
url, auth=auth, retries=retries, session_class=_RewriteErrorSession
)
def __init__(self, url=None, token=None, auth=Auth()):
"""The parent Service class implements authentication and exponential
backoff/retry. Override the url parameter to use a different instance
of the backing service.
"""
simplefilter('always', DeprecationWarning)
if url is None:
url = os.environ.get(
"DESCARTESLABS_METADATA_URL",
"https://platform.descarteslabs.com/metadata/v1")
Service.__init__(self, url, token, auth)
self._raster = Raster(auth=self.auth)
def __init__(self, url=None, auth=None):
"""
The parent Service class implements authentication and exponential backoff/retry.
Override the url parameter to use a different instance of the backing service.
"""
if auth is None:
auth = Auth()
if url is None:
url = os.environ.get(
"DESCARTESLABS_VECTOR_URL",
"https://platform.descarteslabs.com/vector/v2")
self._gcs_upload_service = ThirdPartyService()
super(Vector, self).__init__(url, auth=auth)
def test_get_token_schema_internal_only(self):
responses.add_callback(responses.POST,
'https://accounts.descarteslabs.com/token',
callback=token_response_callback)
auth = Auth(token_info_path=None,
refresh_token="refresh_token",
client_id="client_id")
auth._get_token()
self.assertEqual("access_token", auth._token)
auth = Auth(token_info_path=None,
client_secret="refresh_token",
client_id="client_id")
auth._get_token()
self.assertEqual("access_token", auth._token)
