change type

googleapis · Apr 14, 2022 · 55a16cb · 55a16cb
1 parent a7e377f
commit 55a16cb
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 23 deletions.
diff --git a/google/auth/_default.py b/google/auth/_default.py
@@ -36,7 +36,7 @@
 _SERVICE_ACCOUNT_TYPE = "service_account"
 _EXTERNAL_ACCOUNT_TYPE = "external_account"
 _IMPERSONATED_SERVICE_ACCOUNT_TYPE = "impersonated_service_account"
-_GDCH_TYPE = "gdch"
+_GDCH_SERVICE_ACCOUNT_TYPE = "gdch_service_account"
 _VALID_TYPES = (
     _AUTHORIZED_USER_TYPE,
     _SERVICE_ACCOUNT_TYPE,
@@ -159,8 +159,8 @@ def _load_credentials_from_info(
         credentials, project_id = _get_impersonated_service_account_credentials(
             filename, info, scopes
         )
-    elif credential_type == _GDCH_TYPE:
-        credentials, project_id = _get_gdch_credentials(info)
+    elif credential_type == _GDCH_SERVICE_ACCOUNT_TYPE:
+        credentials, project_id = _get_gdch_service_account_credentials(info)
     else:
         raise exceptions.DefaultCredentialsError(
             "The file {file} does not have a valid type. "
@@ -424,7 +424,7 @@ def _get_impersonated_service_account_credentials(filename, info, scopes):
     return credentials, None
 
 
-def _get_gdch_credentials(info):
+def _get_gdch_service_account_credentials(info):
     from google.oauth2 import gdch_credentials
 
     k8s_ca_cert_path = info.get("k8s_ca_cert_path")
@@ -435,7 +435,7 @@ def _get_gdch_credentials(info):
     ais_token_endpoint = info.get("ais_token_endpoint")
 
     return (
-        gdch_credentials.Credentials(
+        gdch_credentials.ServiceAccountCredentials(
             k8s_ca_cert_path,
             k8s_cert_path,
             k8s_key_path,
@@ -484,10 +484,10 @@ def default(scopes=None, request=None, quota_project_id=None, default_scopes=Non
        The project ID returned in this case is the one corresponding to the
        underlying workload identity pool resource if determinable.
 
-       If the environment variable is set to the path of a valid GDCH JSON
-       file (`Google Distributed Cloud Hosted`_), then a GDCH credential will
-       be returned. The project ID returned is None unless it is set via
-       `GOOGLE_CLOUD_PROJECT` environment variable.
+       If the environment variable is set to the path of a valid GDCH service
+       account JSON file (`Google Distributed Cloud Hosted`_), then a GDCH
+       credential will be returned. The project ID returned is None unless it
+       is set via `GOOGLE_CLOUD_PROJECT` environment variable.
     2. If the `Google Cloud SDK`_ is installed and has application default
        credentials set they are loaded and returned.
 

diff --git a/google/oauth2/gdch_credentials.py b/google/oauth2/gdch_credentials.py
@@ -30,8 +30,9 @@
 SERVICE_ACCOUNT_TOKEN_TYPE = "urn:k8s:params:oauth:token-type:serviceaccount"
 
 
-class Credentials(credentials.CredentialsWithQuotaProject):
-    """Credentials for GDCH (`Google Distributed Cloud Hosted`_).
+class ServiceAccountCredentials(credentials.CredentialsWithQuotaProject):
+    """Credentials for GDCH (`Google Distributed Cloud Hosted`_) for service
+    account users.
 
     .. _Google Distributed Cloud Hosted:
         https://cloud.google.com/blog/topics/hybrid-cloud/\
@@ -44,7 +45,7 @@ class Credentials(credentials.CredentialsWithQuotaProject):
     following format::
 
         {
-            "type":"gdch",
+            "type":"gdch_service_account",
             "k8s_ca_cert_path":"<k8s ca cert pem file path>",
             "k8s_cert_path":"<k8s cert pem file path>",
             "k8s_key_path":"<k8s key pem file path>",
@@ -106,7 +107,7 @@ def __init__(
                 and billing. This project may be different from the project
                 used to create the credentials.
         """
-        super(Credentials, self).__init__()
+        super(ServiceAccountCredentials, self).__init__()
         self._k8s_ca_cert_path = k8s_ca_cert_path
         self._k8s_cert_path = k8s_cert_path
         self._k8s_key_path = k8s_key_path

diff --git a/tests/data/gdch.json → tests/data/gdch_service_account.json b/tests/data/gdch.json → tests/data/gdch_service_account.json
@@ -1,5 +1,5 @@
 {
-    "type":"gdch",
+    "type":"gdch_service_account",
     "k8s_ca_cert_path":"./k8s_ca_cert.pem",
     "k8s_cert_path":"./k8s_cert.pem",
     "k8s_key_path":"./k8s_key.pem",

diff --git a/tests/oauth2/test_gdch_credentials.py b/tests/oauth2/test_gdch_credentials.py
@@ -34,7 +34,7 @@ class TestCredentials(object):
 
     @classmethod
     def make_credentials(cls):
-        return gdch_credentials.Credentials(
+        return gdch_credentials.ServiceAccountCredentials(
             cls.K8S_CA_CERT_PATH,
             cls.K8S_CERT_PATH,
             cls.K8S_KEY_PATH,
@@ -130,11 +130,11 @@ def test__make_ais_token_request(self, utcnow, token_endpoint_request):
         )
 
     @mock.patch(
-        "google.oauth2.gdch_credentials.Credentials._make_k8s_token_request",
+        "google.oauth2.gdch_credentials.ServiceAccountCredentials._make_k8s_token_request",
         autospec=True,
     )
     @mock.patch(
-        "google.oauth2.gdch_credentials.Credentials._make_ais_token_request",
+        "google.oauth2.gdch_credentials.ServiceAccountCredentials._make_ais_token_request",
         autospec=True,
     )
     def test_refresh(self, ais_token_request, k8s_token_request):
@@ -152,11 +152,11 @@ def test_refresh(self, ais_token_request, k8s_token_request):
         assert creds.expiry == mock_expiry
 
     @mock.patch(
-        "google.oauth2.gdch_credentials.Credentials._make_k8s_token_request",
+        "google.oauth2.gdch_credentials.ServiceAccountCredentials._make_k8s_token_request",
         autospec=True,
     )
     @mock.patch(
-        "google.oauth2.gdch_credentials.Credentials._make_ais_token_request",
+        "google.oauth2.gdch_credentials.ServiceAccountCredentials._make_ais_token_request",
         autospec=True,
     )
     def test_before_request(self, ais_token_request, k8s_token_request):

diff --git a/tests/test__default.py b/tests/test__default.py
@@ -51,7 +51,7 @@
 
 CLIENT_SECRETS_FILE = os.path.join(DATA_DIR, "client_secrets.json")
 
-GDCH_FILE = os.path.join(DATA_DIR, "gdch.json")
+GDCH_SERVICE_ACCOUNT_FILE = os.path.join(DATA_DIR, "gdch_service_account.json")
 
 with open(SERVICE_ACCOUNT_FILE) as fh:
     SERVICE_ACCOUNT_FILE_DATA = json.load(fh)
@@ -1148,11 +1148,11 @@ def test_default_impersonated_service_account_set_both_scopes_and_default_scopes
 @mock.patch(
     "google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
 )
-def test_default_gdch_credentials(get_adc_path):
-    get_adc_path.return_value = GDCH_FILE
+def test_default_gdch_service_account_credentials(get_adc_path):
+    get_adc_path.return_value = GDCH_SERVICE_ACCOUNT_FILE
 
     credentials, _ = _default.default(quota_project_id="project-foo")
-    assert isinstance(credentials, gdch_credentials.Credentials)
+    assert isinstance(credentials, gdch_credentials.ServiceAccountCredentials)
     assert credentials._quota_project_id == "project-foo"
     assert credentials._k8s_ca_cert_path == "./k8s_ca_cert.pem"
     assert credentials._k8s_cert_path == "./k8s_cert.pem"