def test_get_access_token_on_refresh(self): app_identity_stub = self.AppIdentityStubImpl() apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap() apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service", app_identity_stub) apiproxy_stub_map.apiproxy.RegisterStub( 'memcache', memcache_stub.MemcacheServiceStub()) scope = [ "http://www.googleapis.com/scope", "http://www.googleapis.com/scope2" ] credentials = appengine.AppAssertionCredentials(scope) http = http_mock.HttpMock(data=DEFAULT_RESP) credentials.refresh(http) self.assertEqual('a_token_123', credentials.access_token) json = credentials.to_json() credentials = client.Credentials.new_from_json(json) self.assertEqual( 'http://www.googleapis.com/scope http://www.googleapis.com/scope2', credentials.scope) scope = ('http://www.googleapis.com/scope ' 'http://www.googleapis.com/scope2') credentials = appengine.AppAssertionCredentials(scope) http = http_mock.HttpMock(data=DEFAULT_RESP) credentials.refresh(http) self.assertEqual('a_token_123', credentials.access_token) self.assertEqual( 'http://www.googleapis.com/scope http://www.googleapis.com/scope2', credentials.scope)
def get_or_create_credentials(scope, storage_key=DEFAULT_STORAGE_KEY): key_file = os.getenv('AUTH_KEY_FILE') # If AUTH_KEY_FILE is unset, use default auth key file if it exists. if not key_file and os.path.exists(DEFAULT_AUTH_KEY_FILE): key_file = DEFAULT_AUTH_KEY_FILE if key_file: key_file = os.path.expanduser(key_file) return ( service_account.ServiceAccountCredentials.from_json_keyfile_name( key_file, scope)) if appengine and utils.is_appengine(): return appengine.AppAssertionCredentials(scope) credentials, storage = get_credentials_and_storage(scope, storage_key=storage_key) if credentials is None: parser = tools.argparser if os.getenv('INTERACTIVE_AUTH'): args = [] else: args = ['--noauth_local_webserver'] flags, _ = parser.parse_known_args(args) flow = client.OAuth2WebServerFlow(CLIENT_ID, CLIENT_SECRET, scope, redirect_uri=REDIRECT_URI) credentials = tools.run_flow(flow, storage, flags) # run_flow changes the logging level, so change it back. logging.getLogger().setLevel(getattr(logging, 'INFO')) return credentials
def get_client(): """Creates Pub/Sub client and returns it.""" credentials = gae_oauth2client.AppAssertionCredentials(scope=PUBSUB_SCOPES) http = httplib2.Http(memcache) credentials.authorize(http) return discovery.build('pubsub', 'v1', http=http)
def test_create_scoped(self): credentials = appengine.AppAssertionCredentials([]) new_credentials = credentials.create_scoped(['dummy_scope']) self.assertNotEqual(credentials, new_credentials) self.assertIsInstance(new_credentials, appengine.AppAssertionCredentials) self.assertEqual('dummy_scope', new_credentials.scope)
def create_service(): credentials = appengine.AppAssertionCredentials(SCOPE) http = httplib2.Http() http = credentials.authorize(http) credentials.refresh(http) return discovery.build('content', 'v1', http=http, discoveryServiceUrl=DISCOVERY_URL)
def test_get_access_token(self): app_identity_stub = self.AppIdentityStubImpl() apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap() apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service", app_identity_stub) apiproxy_stub_map.apiproxy.RegisterStub( 'memcache', memcache_stub.MemcacheServiceStub()) credentials = appengine.AppAssertionCredentials(['dummy_scope']) token = credentials.get_access_token() self.assertEqual('a_token_123', token.access_token) self.assertEqual(None, token.expires_in)
def test_service_account_email(self): acct_name = '*****@*****.**' app_identity_stub = self.AppIdentityStubImpl(svc_acct=acct_name) apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap() apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service', app_identity_stub) credentials = appengine.AppAssertionCredentials([]) self.assertIsNone(credentials._service_account_email) self.assertEqual(app_identity_stub._get_acct_name_calls, 0) self.assertEqual(credentials.service_account_email, acct_name) self.assertIsNotNone(credentials._service_account_email) self.assertEqual(app_identity_stub._get_acct_name_calls, 1)
def test_raise_correct_type_of_exception(self): app_identity_stub = self.ErroringAppIdentityStubImpl() apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap() apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service', app_identity_stub) apiproxy_stub_map.apiproxy.RegisterStub( 'memcache', memcache_stub.MemcacheServiceStub()) scope = 'http://www.googleapis.com/scope' credentials = appengine.AppAssertionCredentials(scope) http = http_mock.HttpMock(data=DEFAULT_RESP) with self.assertRaises(client.AccessTokenRefreshError): credentials.refresh(http)
def test_service_account_email_already_set(self): acct_name = '*****@*****.**' credentials = appengine.AppAssertionCredentials([]) credentials._service_account_email = acct_name app_identity_stub = self.AppIdentityStubImpl(svc_acct=acct_name) apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap() apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service', app_identity_stub) self.assertEqual(app_identity_stub._get_acct_name_calls, 0) self.assertEqual(credentials.service_account_email, acct_name) self.assertEqual(app_identity_stub._get_acct_name_calls, 0)
def test_sign_blob(self): key_name = b'1234567890' sig_bytes = b'himom' app_identity_stub = self.AppIdentityStubImpl(key_name=key_name, sig_bytes=sig_bytes) apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap() apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service', app_identity_stub) credentials = appengine.AppAssertionCredentials([]) to_sign = b'blob' self.assertEqual(app_identity_stub._sign_calls, []) result = credentials.sign_blob(to_sign) self.assertEqual(result, (key_name, sig_bytes)) self.assertEqual(app_identity_stub._sign_calls, [to_sign])
def test_custom_service_account(self): scope = "http://www.googleapis.com/scope" account_id = "*****@*****.**" with mock.patch.object(app_identity, 'get_access_token', return_value=('a_token_456', None), autospec=True) as get_access_token: credentials = appengine.AppAssertionCredentials( scope, service_account_id=account_id) http = http_mock.HttpMock(data=DEFAULT_RESP) credentials.refresh(http) self.assertEqual('a_token_456', credentials.access_token) self.assertEqual(scope, credentials.scope) get_access_token.assert_called_once_with( [scope], service_account_id=account_id)
def get_or_create_credentials(scope, storage_key=DEFAULT_STORAGE_KEY): if appengine: return appengine.AppAssertionCredentials(scope) credentials, storage = get_credentials_and_storage(scope, storage_key=storage_key) if credentials is None: parser = tools.argparser if os.getenv('INTERACTIVE_AUTH'): args = [] else: args = ['--noauth_local_webserver'] flags, _ = parser.parse_known_args(args) flow = client.OAuth2WebServerFlow(CLIENT_ID, CLIENT_SECRET, scope, redirect_uri=REDIRECT_URI) credentials = tools.run_flow(flow, storage, flags) # run_flow changes the logging level, so change it back. logging.getLogger().setLevel(getattr(logging, 'INFO')) return credentials
def get_or_create_credentials(scope, storage_key=DEFAULT_STORAGE_KEY): key_file = os.getenv('AUTH_KEY_FILE') # If AUTH_KEY_FILE is unset, use default auth key file if it exists. if not key_file and os.path.exists(DEFAULT_AUTH_KEY_FILE): key_file = DEFAULT_AUTH_KEY_FILE if key_file: key_file = os.path.expanduser(key_file) return ( service_account.ServiceAccountCredentials.from_json_keyfile_name( key_file, scope)) if appengine and utils.is_appengine(): return appengine.AppAssertionCredentials(scope) credentials, storage = get_credentials_and_storage(scope, storage_key=storage_key) if credentials is None: parser = tools.argparser if os.getenv('INTERACTIVE_AUTH'): args = [] else: args = ['--noauth_local_webserver'] flags, _ = parser.parse_known_args(args) flow = client.OAuth2WebServerFlow(CLIENT_ID, CLIENT_SECRET, scope, redirect_uri=REDIRECT_URI) credentials = tools.run_flow(flow, storage, flags) # run_flow changes the logging level, so change it back. logging.getLogger().setLevel(getattr(logging, 'INFO')) # Avoid logspam by logging the email address only once. if hasattr(credentials, 'id_token') and credentials.id_token: email = credentials.id_token.get('email') global _LAST_LOGGED_EMAIL if email and _LAST_LOGGED_EMAIL != email: logging.info('Authorizing using -> {}'.format(email)) _LAST_LOGGED_EMAIL = email return credentials
def test_save_to_well_known_file(self): os.environ[client._CLOUDSDK_CONFIG_ENV_VAR] = tempfile.mkdtemp() credentials = appengine.AppAssertionCredentials([]) with self.assertRaises(NotImplementedError): client.save_to_well_known_file(credentials) del os.environ[client._CLOUDSDK_CONFIG_ENV_VAR]
def create_service(api='drive', version='v2'): credentials = appengine.AppAssertionCredentials(SCOPE) http = httplib2.Http() http = credentials.authorize(http) return discovery.build(api, version, http=http)
def test_create_scoped_required_without_scopes(self): credentials = appengine.AppAssertionCredentials([]) self.assertTrue(credentials.create_scoped_required())
def test_create_scoped_required_with_scopes(self): credentials = appengine.AppAssertionCredentials(['dummy_scope']) self.assertFalse(credentials.create_scoped_required())