diff options
author | Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> | 2021-02-03 16:57:08 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-03 16:57:08 -0700 |
commit | 7a94acb50e75fe0a51688e0f968bca3fa9bd9082 (patch) | |
tree | b305c2c8bbc78a455ad65dd32a56fc00ddbe3867 /system_tests | |
parent | bf5ce0c56c10f655ced6630653f0f2ad47fcceeb (diff) | |
download | google-auth-library-python-7a94acb50e75fe0a51688e0f968bca3fa9bd9082.tar.gz |
feat: support self-signed jwt in requests and urllib3 transports (#679)
Diffstat (limited to 'system_tests')
-rw-r--r-- | system_tests/noxfile.py | 17 | ||||
-rw-r--r-- | system_tests/system_tests_sync/test_grpc.py | 3 | ||||
-rw-r--r-- | system_tests/system_tests_sync/test_requests.py | 40 | ||||
-rw-r--r-- | system_tests/system_tests_sync/test_urllib3.py | 44 |
4 files changed, 103 insertions, 1 deletions
diff --git a/system_tests/noxfile.py b/system_tests/noxfile.py index 5d0014b..4ba7cc3 100644 --- a/system_tests/noxfile.py +++ b/system_tests/noxfile.py @@ -294,12 +294,29 @@ def grpc(session): @nox.session(python=PYTHON_VERSIONS_SYNC) +def requests(session): + session.install(LIBRARY_DIR) + session.install(*TEST_DEPENDENCIES_SYNC) + session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE + session.run("pytest", "system_tests_sync/test_requests.py") + + +@nox.session(python=PYTHON_VERSIONS_SYNC) +def urllib3(session): + session.install(LIBRARY_DIR) + session.install(*TEST_DEPENDENCIES_SYNC) + session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE + session.run("pytest", "system_tests_sync/test_urllib3.py") + + +@nox.session(python=PYTHON_VERSIONS_SYNC) def mtls_http(session): session.install(LIBRARY_DIR) session.install(*TEST_DEPENDENCIES_SYNC, "pyopenssl") session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE session.run("pytest", "system_tests_sync/test_mtls_http.py") + #ASYNC SYSTEM TESTS @nox.session(python=PYTHON_VERSIONS_ASYNC) diff --git a/system_tests/system_tests_sync/test_grpc.py b/system_tests/system_tests_sync/test_grpc.py index da2eb71..7f548ec 100644 --- a/system_tests/system_tests_sync/test_grpc.py +++ b/system_tests/system_tests_sync/test_grpc.py @@ -57,8 +57,9 @@ def test_grpc_request_with_regular_credentials_and_self_signed_jwt(http_request) list_topics_iter = client.list_topics(project="projects/{}".format(project_id)) list(list_topics_iter) - # Check that self-signed JWT was created + # Check that self-signed JWT was created and is being used assert credentials._jwt_credentials is not None + assert credentials._jwt_credentials.token == credentials.token def test_grpc_request_with_jwt_credentials(): diff --git a/system_tests/system_tests_sync/test_requests.py b/system_tests/system_tests_sync/test_requests.py new file mode 100644 index 0000000..3ac9179 --- /dev/null +++ b/system_tests/system_tests_sync/test_requests.py @@ -0,0 +1,40 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import google.auth +import google.auth.credentials +import google.auth.transport.requests +from google.oauth2 import service_account + + +def test_authorized_session_with_service_account_and_self_signed_jwt(): + credentials, project_id = google.auth.default() + + credentials = credentials.with_scopes( + scopes=[], + default_scopes=["https://www.googleapis.com/auth/pubsub"], + ) + + session = google.auth.transport.requests.AuthorizedSession( + credentials=credentials, default_host="pubsub.googleapis.com" + ) + + # List Pub/Sub Topics through the REST API + # https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/list + response = session.get("https://pubsub.googleapis.com/v1/projects/{}/topics".format(project_id)) + response.raise_for_status() + + # Check that self-signed JWT was created and is being used + assert credentials._jwt_credentials is not None + assert credentials._jwt_credentials.token == credentials.token diff --git a/system_tests/system_tests_sync/test_urllib3.py b/system_tests/system_tests_sync/test_urllib3.py new file mode 100644 index 0000000..1932e19 --- /dev/null +++ b/system_tests/system_tests_sync/test_urllib3.py @@ -0,0 +1,44 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import google.auth +import google.auth.credentials +import google.auth.transport.requests +from google.oauth2 import service_account + + +def test_authorized_session_with_service_account_and_self_signed_jwt(): + credentials, project_id = google.auth.default() + + credentials = credentials.with_scopes( + scopes=[], + default_scopes=["https://www.googleapis.com/auth/pubsub"], + ) + + http = google.auth.transport.urllib3.AuthorizedHttp( + credentials=credentials, default_host="pubsub.googleapis.com" + ) + + # List Pub/Sub Topics through the REST API + # https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/list + response = http.urlopen( + method="GET", + url="https://pubsub.googleapis.com/v1/projects/{}/topics".format(project_id) + ) + + assert response.status == 200 + + # Check that self-signed JWT was created and is being used + assert credentials._jwt_credentials is not None + assert credentials._jwt_credentials.token == credentials.token |