feat: support self-signed jwt in requests and urllib3 transports (#679)

4 files changed, 103 insertions, 1 deletions

diff --git a/system_tests/noxfile.py b/system_tests/noxfile.py
index 5d0014b..4ba7cc3 100644
--- a/system_tests/noxfile.py
+++ b/system_tests/noxfile.py
@@ -294,12 +294,29 @@ def grpc(session):
 
 
 @nox.session(python=PYTHON_VERSIONS_SYNC)
+def requests(session):
+    session.install(LIBRARY_DIR)
+    session.install(*TEST_DEPENDENCIES_SYNC)
+    session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE
+    session.run("pytest", "system_tests_sync/test_requests.py")
+
+
+@nox.session(python=PYTHON_VERSIONS_SYNC)
+def urllib3(session):
+    session.install(LIBRARY_DIR)
+    session.install(*TEST_DEPENDENCIES_SYNC)
+    session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE
+    session.run("pytest", "system_tests_sync/test_urllib3.py")
+
+
+@nox.session(python=PYTHON_VERSIONS_SYNC)
 def mtls_http(session):
     session.install(LIBRARY_DIR)
     session.install(*TEST_DEPENDENCIES_SYNC, "pyopenssl")
     session.env[EXPLICIT_CREDENTIALS_ENV] = SERVICE_ACCOUNT_FILE
     session.run("pytest", "system_tests_sync/test_mtls_http.py")
 
+
 #ASYNC SYSTEM TESTS
 
 @nox.session(python=PYTHON_VERSIONS_ASYNC)
diff --git a/system_tests/system_tests_sync/test_grpc.py b/system_tests/system_tests_sync/test_grpc.py
index da2eb71..7f548ec 100644
--- a/system_tests/system_tests_sync/test_grpc.py
+++ b/system_tests/system_tests_sync/test_grpc.py
@@ -57,8 +57,9 @@ def test_grpc_request_with_regular_credentials_and_self_signed_jwt(http_request)
     list_topics_iter = client.list_topics(project="projects/{}".format(project_id))
     list(list_topics_iter)
     
-    # Check that self-signed JWT was created
+    # Check that self-signed JWT was created and is being used
     assert credentials._jwt_credentials is not None
+    assert credentials._jwt_credentials.token == credentials.token
 
 
 def test_grpc_request_with_jwt_credentials():
diff --git a/system_tests/system_tests_sync/test_requests.py b/system_tests/system_tests_sync/test_requests.py
new file mode 100644
index 0000000..3ac9179
--- /dev/null
+++ b/system_tests/system_tests_sync/test_requests.py
@@ -0,0 +1,40 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import google.auth
+import google.auth.credentials
+import google.auth.transport.requests
+from google.oauth2 import service_account
+
+
+def test_authorized_session_with_service_account_and_self_signed_jwt():
+    credentials, project_id = google.auth.default()
+
+    credentials = credentials.with_scopes(
+        scopes=[],
+        default_scopes=["https://www.googleapis.com/auth/pubsub"],
+    )
+
+    session = google.auth.transport.requests.AuthorizedSession(
+        credentials=credentials, default_host="pubsub.googleapis.com"
+    )
+
+    # List Pub/Sub Topics through the REST API
+    # https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/list
+    response = session.get("https://pubsub.googleapis.com/v1/projects/{}/topics".format(project_id))
+    response.raise_for_status()
+
+    # Check that self-signed JWT was created and is being used
+    assert credentials._jwt_credentials is not None
+    assert credentials._jwt_credentials.token == credentials.token
diff --git a/system_tests/system_tests_sync/test_urllib3.py b/system_tests/system_tests_sync/test_urllib3.py
new file mode 100644
index 0000000..1932e19
--- /dev/null
+++ b/system_tests/system_tests_sync/test_urllib3.py
@@ -0,0 +1,44 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import google.auth
+import google.auth.credentials
+import google.auth.transport.requests
+from google.oauth2 import service_account
+
+
+def test_authorized_session_with_service_account_and_self_signed_jwt():
+    credentials, project_id = google.auth.default()
+
+    credentials = credentials.with_scopes(
+        scopes=[],
+        default_scopes=["https://www.googleapis.com/auth/pubsub"],
+    )
+
+    http = google.auth.transport.urllib3.AuthorizedHttp(
+        credentials=credentials, default_host="pubsub.googleapis.com"
+    )
+
+    # List Pub/Sub Topics through the REST API
+    # https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/list
+    response = http.urlopen(
+        method="GET",
+        url="https://pubsub.googleapis.com/v1/projects/{}/topics".format(project_id)
+    )
+
+    assert response.status == 200
+
+    # Check that self-signed JWT was created and is being used
+    assert credentials._jwt_credentials is not None
+    assert credentials._jwt_credentials.token == credentials.token