def test_exception_with_api_key_and_adc_env_var():
with mock.patch.dict(os.environ, {environment_vars.API_KEY: "api-key"}):
with mock.patch.dict(
os.environ, {environment_vars.CREDENTIALS: "/path/to/json"}
):
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default.default_async()
assert excinfo.match(
r"GOOGLE_API_KEY and GOOGLE_APPLICATION_CREDENTIALS are mutually exclusive"
)
async def test_application_default_credentials(verify_refresh):
credentials, project_id = _default_async.default_async()
if EXPECT_PROJECT_ID is not None:
assert project_id is not None
await verify_refresh(credentials)
def test_default_scoped(with_scopes, unused_get):
scopes = ["one", "two"]
credentials, project_id = _default.default_async(scopes=scopes)
assert credentials == with_scopes.return_value
assert project_id == mock.sentinel.project_id
with_scopes.assert_called_once_with(MOCK_CREDENTIALS, scopes)
def test_default_no_app_engine_compute_engine_module(unused_get):
"""
google.auth.compute_engine and google.auth.app_engine are both optional
to allow not including them when using this package. This verifies
that default fails gracefully if these modules are absent
"""
import sys
with mock.patch.dict("sys.modules"):
sys.modules["google.auth.compute_engine"] = None
sys.modules["google.auth.app_engine"] = None
assert _default.default_async() == (MOCK_CREDENTIALS, mock.sentinel.project_id)
async def authorized_transport():
credentials, project_id = default_async(scopes=(utils.GCS_RW_SCOPE, ))
yield _get_authorized_transport()
def _get_authorized_transport():
credentials, project_id = default_async(scopes=(utils.GCS_RW_SCOPE, ))
return tr_requests.AuthorizedSession(credentials)
def test_default_fail(unused_gce, unused_gae, unused_sdk, unused_explicit):
with pytest.raises(exceptions.DefaultCredentialsError):
assert _default.default_async()
def test_default_without_project_id(unused_gce, unused_gae, unused_sdk,
unused_explicit, logger_warning):
assert _default.default_async() == (MOCK_CREDENTIALS, None)
logger_warning.assert_called_with(mock.ANY, mock.ANY, mock.ANY)
def test_default_explict_legacy_project_id(unused_get, monkeypatch):
monkeypatch.setenv(environment_vars.LEGACY_PROJECT, "explicit-env")
assert _default.default_async() == (MOCK_CREDENTIALS, "explicit-env")
def test_default_early_out(unused_get):
assert _default.default_async() == (MOCK_CREDENTIALS,
mock.sentinel.project_id)
def test_default_api_key_from_env_var():
with mock.patch.dict(os.environ, {environment_vars.API_KEY: "api-key"}):
cred, project_id = _default.default_async()
assert isinstance(cred, api_key.Credentials)
assert cred.token == "api-key"
assert project_id is None
def test_default_no_warning_with_quota_project_id_for_user_creds(get_adc_path):
get_adc_path.return_value = test_default.AUTHORIZED_USER_CLOUD_SDK_FILE
credentials, project_id = _default.default_async(quota_project_id="project-foo")
def test_default_warning_without_quota_project_id_for_user_creds(get_adc_path):
get_adc_path.return_value = test_default.AUTHORIZED_USER_CLOUD_SDK_FILE
with pytest.warns(UserWarning, match="Cloud SDK"):
credentials, project_id = _default.default_async(quota_project_id=None)
async def corrupting_transport():
credentials, _ = default_async(scopes=(utils.GCS_RW_SCOPE,))
yield CorruptingAuthorizedSession(credentials)
