Implement application default credentials #32

theacodes · 2016-10-18T18:27:49Z

No description provided.

google/auth/__init__.py

+
+
+__all__ = [
+    'default'


google/auth/_default.py

@@ -0,0 +1,295 @@
+# Copyright 2015 Google Inc.


google/auth/_default.py

+
+"""Application default credentials.
+
+Implementes application default credentials and project ID detection."""


google/auth/_default.py

+# Environment variable for explicit application default credentials and project
+# ID.
+_CREDENTIALS_ENV = 'GOOGLE_APPLICATION_CREDENTIALS'
+_PROJECT_ENV = 'GCLOUD_PROJECT'


google/auth/_default.py

+# The ~/.config subdirectory containing gcloud credentials.
+_CLOUDSDK_CONFIG_DIRECTORY = 'gcloud'
+# The environment variable name which can replace ~/.config if set.
+_CLOUDSDK_CONFIG_ENV = 'CLOUDSDK_CONFIG'


tests/test__default.py

+
+def test__load_credentials_from_file_invalid_type(tmpdir):
+    jsonfile = tmpdir.join('invalid.json')
+    jsonfile.write(json.dumps({'type': 'not-a-real-type'}))


tests/test__default.py

+    assert project_id == SERVICE_ACCOUNT_FILE_DATA['project_id']
+
+
+@mock.patch.dict(os.environ, {}, clear=True)


tests/test__default.py

+
+LOAD_FILE_PATCH = mock.patch(
+    'google.auth._default._load_credentials_from_file', return_value=(
+        mock.sentinel.credentials, mock.sentinel.project_id))


tests/test__default.py

+
+
+@LOAD_FILE_PATCH
+def test__get_explicit_environ_credentials(mock_load, monkeypatch):


tests/test__default.py

+    config_path = _default._get_gcloud_sdk_config_path()
+
+    assert os.path.split(config_path) == (
+        'appdata', _default._CLOUDSDK_CONFIG_DIRECTORY)


google/auth/_default.py

+       If the Cloud SDK has an active project, the project ID is returned. The
+       active project can be set using::
+
+            gcloud config set project


google/auth/_default.py

@@ -285,7 +309,7 @@ def default():
        _get_explicit_environ_credentials,
        _get_gcloud_sdk_credentials,
        _get_gae_credentials,
-        _get_gce_credentials)
+        lambda: _get_gce_credentials(request))


google/auth/_default.py

@@ -0,0 +1,295 @@
+# Copyright 2015 Google Inc.


theacodes

@dhermes I think I got everything, but you might want to take a peak at the _cloud_sdk and test__cloud_sdk modules.

google/auth/_default.py

+# Environment variable for explicit application default credentials and project
+# ID.
+_CREDENTIALS_ENV = 'GOOGLE_APPLICATION_CREDENTIALS'
+_PROJECT_ENV = 'GCLOUD_PROJECT'


google/auth/_default.py

+# The ~/.config subdirectory containing gcloud credentials.
+_CLOUDSDK_CONFIG_DIRECTORY = 'gcloud'
+# The environment variable name which can replace ~/.config if set.
+_CLOUDSDK_CONFIG_ENV = 'CLOUDSDK_CONFIG'


google/auth/_default.py

+    'Could not automatically determine credentials. Please set {env} or '
+    'explicitly create credential and re-run the application. For more '
+    'information, please see https://developers.google.com/accounts/docs'
+    '/application-default-credentials.'.format(env=_CREDENTIALS_ENV))


google/auth/_default.py

+            refresh_token=info['refresh_token'],
+            token_uri=_GOOGLE_OAUTH2_TOKEN_ENDPOINT,
+            client_id=info['client_id'],
+            client_secret=info['client_secret'])


google/auth/_default.py

+    if credential_type == _SERVICE_ACCOUNT_TYPE:
+        credentials = service_account.Credentials.from_service_account_info(
+            info)
+        return credentials, info.get('project_id')


tests/test__default.py

+
+def test__load_credentials_from_file_invalid_type(tmpdir):
+    jsonfile = tmpdir.join('invalid.json')
+    jsonfile.write(json.dumps({'type': 'not-a-real-type'}))


tests/test__default.py

+
+
+@LOAD_FILE_PATCH
+def test__get_explicit_environ_credentials(mock_load, monkeypatch):


google/auth/_default.py

+       If the Cloud SDK has an active project, the project ID is returned. The
+       active project can be set using::
+
+            gcloud config set project


google/auth/_default.py

+Could not automatically determine credentials. Please set {env} or '
+explicitly create credential and re-run the application. For more '
+information, please see '
+'https://developers.google.com/accounts/docs/application-default-credentials.


google/auth/environment_vars.py

+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Environment variables used by google.auth."""


google/auth/environment_vars.py

+
+
+PROJECT = 'GOOGLE_CLOUD_PROJECT'
+"""Environment variable defining default project."""


tests/test__default.py

+
+
+def test__load_credentials_from_file_authorized_user_bad_format(tmpdir):
+    filename = tmpdir.join('authoirzed_user_bad.json')


dhermes · 2016-10-19T15:53:32Z

LGTM pending my few tiny nits

Implement application default credentials

ca39473

theacodes added this to the 1.0.0 milestone Oct 18, 2016

theacodes assigned bjwatson and dhermes Oct 18, 2016

dhermes reviewed Oct 18, 2016

View reviewed changes

Address review comments

df0bc44

dhermes reviewed Oct 19, 2016

View reviewed changes

Create _cloud_sdk, address review comments

e66cca8

theacodes commented Oct 19, 2016

View reviewed changes

Fix configparser import

0913e7a

dhermes reviewed Oct 19, 2016

View reviewed changes

Jon Wayne Parrott added 2 commits October 19, 2016 09:33

Address review comments

56c2950

Add new docfile

1260f1b

theacodes merged commit aadb3de into master Oct 19, 2016

theacodes deleted the adc branch October 19, 2016 16:34

theacodes mentioned this pull request Oct 21, 2016

1.0.0 Roadmap #3

Closed

12 tasks

theacodes unassigned bjwatson and dhermes Oct 11, 2018


		"""Application default credentials.

		Implementes application default credentials and project ID detection."""

		assert project_id == SERVICE_ACCOUNT_FILE_DATA['project_id']


		@mock.patch.dict(os.environ, {}, clear=True)



		@LOAD_FILE_PATCH
		def test__get_explicit_environ_credentials(mock_load, monkeypatch):



		PROJECT = 'GOOGLE_CLOUD_PROJECT'
		"""Environment variable defining default project."""



		def test__load_credentials_from_file_authorized_user_bad_format(tmpdir):
		filename = tmpdir.join('authoirzed_user_bad.json')



		__all__ = [
		'default'

Implement application default credentials #32

Implement application default credentials #32

Conversation

theacodes commented Oct 18, 2016

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

theacodes left a comment

Choose a reason for hiding this comment

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

dhermes commented Oct 19, 2016