def testWriteGcloudCredentialsToADC_UserCredsWithQuotaProject(self):
auth_util.WriteGcloudCredentialsToADC(
creds.FromJson(self.USER_CREDENTIALS_JSON), add_quota_project=True)
self.AssertErrEquals('')
self.AssertFileEquals(self.EXTENDED_USER_CREDENTIALS_JSON,
self.adc_file_path)
self.mock_prompt.assert_called()
def testDumpADCRequiredQuotaProject_WithoutPermission(self):
self.adc_permission_checking.return_value = False
auth_util.WriteGcloudCredentialsToADC(
creds.FromJson(self.USER_CREDENTIALS_JSON))
with self.AssertRaisesExceptionMatches(
auth_util.MissingPermissionOnQuotaProjectError,
'Cannot add the project "{}" to application default credentials'
.format(self.fake_project)):
auth_util.AddQuotaProjectToADC(self.fake_project)
self.adc_permission_checking.assert_called()
def testDumpADCRequiredQuotaProject_WithPermission(self):
self.adc_permission_checking.return_value = True
auth_util.WriteGcloudCredentialsToADC(
creds.FromJson(self.USER_CREDENTIALS_JSON))
auth_util.AddQuotaProjectToADC(self.fake_project)
auth_util.AssertADCExists()
self.AssertQuotaProjectEquals(self.fake_project)
self.AssertErrContains('Credentials saved to file')
self.AssertErrContains('Quota project "{}" was added to ADC'.format(
self.fake_project))
self.adc_permission_checking.assert_called()
def _UpdateADC(creds):
"""Updates the ADC json with the credentials creds."""
old_adc_json = command_auth_util.GetADCAsJson()
command_auth_util.WriteGcloudCredentialsToADC(creds)
new_adc_json = command_auth_util.GetADCAsJson()
if new_adc_json and new_adc_json != old_adc_json:
adc_msg = '\nApplication default credentials (ADC) were updated.'
quota_project = command_auth_util.GetQuotaProjectFromADC()
if quota_project:
adc_msg = adc_msg + (
"\n'{}' is added to ADC as the quota project.\nTo "
'just update the quota project in ADC, use $gcloud auth '
'application-default set-quota-project.'.format(quota_project))
log.status.Print(adc_msg)
def testAdcHasGivenPermissionOnQuotaProject_HasPermission(self):
self.SetUpApitoolsClientMock()
auth_util.WriteGcloudCredentialsToADC(
creds.FromJson(self.USER_CREDENTIALS_JSON))
requested_permissions = ['storage.buckets.create']
expected_permissions = ['storage.buckets.create']
self.mock_client.projects.TestIamPermissions.Expect(
self.messages.CloudresourcemanagerProjectsTestIamPermissionsRequest(
resource=self.fake_project,
testIamPermissionsRequest=self.messages.TestIamPermissionsRequest(
permissions=requested_permissions)),
self.messages.TestIamPermissionsResponse(
permissions=expected_permissions))
res = auth_util.AdcHasGivenPermissionOnProject(self.fake_project,
requested_permissions)
self.assertTrue(res)
def testWriteGcloudCredentialsToADC_GoogleAuthServiceCreds(self):
auth_util.WriteGcloudCredentialsToADC(
self.MakeServiceAccountCredentialsGoogleAuth())
self.AssertErrContains('Credentials cannot be written')
self.AssertFileNotExists(self.adc_file_path)
self.mock_prompt.assert_not_called()
def testWriteGcloudCredentialsToADC_ServiceCreds(self):
auth_util.WriteGcloudCredentialsToADC(
creds.FromJson(self.SERVICE_ACCOUNT_CREDENTIALS_JSON))
self.AssertErrContains('Credentials cannot be written')
self.AssertFileNotExists(self.adc_file_path)
self.mock_prompt.assert_not_called()
def testWriteGcloudCredentialsToADC_GoogleAuthUserCreds(self):
auth_util.WriteGcloudCredentialsToADC(
self.MakeUserAccountCredentialsGoogleAuth())
self.AssertErrEquals('')
self.AssertFileEquals(self.USER_CREDENTIALS_JSON, self.adc_file_path)
self.mock_prompt.assert_called()
def testWriteGcloudCredentialsToADC_UserCreds(self):
auth_util.WriteGcloudCredentialsToADC(
creds.FromJson(self.USER_CREDENTIALS_JSON))
self.AssertErrEquals('')
self.AssertFileEquals(self.USER_CREDENTIALS_JSON, self.adc_file_path)
self.mock_prompt.assert_called()
