diff --git a/tests/test_downscoped.py b/tests/test_downscoped.py
index 9ca95f5aa..a43fb91a6 100644
--- a/tests/test_downscoped.py
+++ b/tests/test_downscoped.py
@@ -28,39 +28,39 @@
 
 
 EXPRESSION = (
-    "resource.name.startsWith('projects/_/buckets/example-bucket/objects/customer-a')"
+    u"resource.name.startsWith('projects/_/buckets/example-bucket/objects/customer-a')"
 )
-TITLE = "customer-a-objects"
+TITLE = u"customer-a-objects"
 DESCRIPTION = (
-    "Condition to make permissions available for objects starting with customer-a"
+    u"Condition to make permissions available for objects starting with customer-a"
 )
-AVAILABLE_RESOURCE = "//storage.googleapis.com/projects/_/buckets/example-bucket"
-AVAILABLE_PERMISSIONS = ["inRole:roles/storage.objectViewer"]
+AVAILABLE_RESOURCE = u"//storage.googleapis.com/projects/_/buckets/example-bucket"
+AVAILABLE_PERMISSIONS = [u"inRole:roles/storage.objectViewer"]
 
 OTHER_EXPRESSION = (
-    "resource.name.startsWith('projects/_/buckets/example-bucket/objects/customer-b')"
+    u"resource.name.startsWith('projects/_/buckets/example-bucket/objects/customer-b')"
 )
-OTHER_TITLE = "customer-b-objects"
+OTHER_TITLE = u"customer-b-objects"
 OTHER_DESCRIPTION = (
-    "Condition to make permissions available for objects starting with customer-b"
+    u"Condition to make permissions available for objects starting with customer-b"
 )
-OTHER_AVAILABLE_RESOURCE = "//storage.googleapis.com/projects/_/buckets/other-bucket"
-OTHER_AVAILABLE_PERMISSIONS = ["inRole:roles/storage.objectCreator"]
-QUOTA_PROJECT_ID = "QUOTA_PROJECT_ID"
-GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange"
-REQUESTED_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token"
-TOKEN_EXCHANGE_ENDPOINT = "https://sts.googleapis.com/v1/token"
-SUBJECT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token"
+OTHER_AVAILABLE_RESOURCE = u"//storage.googleapis.com/projects/_/buckets/other-bucket"
+OTHER_AVAILABLE_PERMISSIONS = [u"inRole:roles/storage.objectCreator"]
+QUOTA_PROJECT_ID = u"QUOTA_PROJECT_ID"
+GRANT_TYPE = u"urn:ietf:params:oauth:grant-type:token-exchange"
+REQUESTED_TOKEN_TYPE = u"urn:ietf:params:oauth:token-type:access_token"
+TOKEN_EXCHANGE_ENDPOINT = u"https://sts.googleapis.com/v1/token"
+SUBJECT_TOKEN_TYPE = u"urn:ietf:params:oauth:token-type:access_token"
 SUCCESS_RESPONSE = {
-    "access_token": "ACCESS_TOKEN",
-    "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
-    "token_type": "Bearer",
+    "access_token": u"ACCESS_TOKEN",
+    "issued_token_type": u"urn:ietf:params:oauth:token-type:access_token",
+    "token_type": u"Bearer",
     "expires_in": 3600,
 }
 ERROR_RESPONSE = {
-    "error": "invalid_grant",
-    "error_description": "Subject token is invalid.",
-    "error_uri": "https://tools.ietf.org/html/rfc6749",
+    "error": u"invalid_grant",
+    "error_description": u"Subject token is invalid.",
+    "error_uri": u"https://tools.ietf.org/html/rfc6749",
 }
 CREDENTIAL_ACCESS_BOUNDARY_JSON = {
     "accessBoundary": {
@@ -256,7 +256,7 @@ def test_invalid_available_permissions_value(self):
         with pytest.raises(ValueError) as excinfo:
             make_access_boundary_rule(
                 AVAILABLE_RESOURCE,
-                ["roles/storage.objectViewer"],
+                [u"roles/storage.objectViewer"],
                 availability_condition,
             )