Skip to content

Commit

Permalink
Merge branch 'main' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
clundin25 authored Jun 9, 2023
2 parents 8a0fc25 + a9b8f12 commit 4487fe8
Show file tree
Hide file tree
Showing 6 changed files with 82 additions and 12 deletions.
8 changes: 6 additions & 2 deletions google/auth/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,17 @@
import logging

from google.auth import version as google_auth_version
from google.auth._default import default, load_credentials_from_file
from google.auth._default import (
default,
load_credentials_from_dict,
load_credentials_from_file,
)


__version__ = google_auth_version.__version__


__all__ = ["default", "load_credentials_from_file"]
__all__ = ["default", "load_credentials_from_file", "load_credentials_from_dict"]

# Set default logging handler to avoid "No handler found" warnings.
logging.getLogger(__name__).addHandler(logging.NullHandler())
44 changes: 44 additions & 0 deletions google/auth/_default.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,50 @@ def load_credentials_from_file(
)


def load_credentials_from_dict(
info, scopes=None, default_scopes=None, quota_project_id=None, request=None
):
"""Loads Google credentials from a dict.
The credentials file must be a service account key, stored authorized
user credentials, external account credentials, or impersonated service
account credentials.
Args:
info (Dict[str, Any]): A dict object containing the credentials
scopes (Optional[Sequence[str]]): The list of scopes for the credentials. If
specified, the credentials will automatically be scoped if
necessary
default_scopes (Optional[Sequence[str]]): Default scopes passed by a
Google client library. Use 'scopes' for user-defined scopes.
quota_project_id (Optional[str]): The project ID used for
quota and billing.
request (Optional[google.auth.transport.Request]): An object used to make
HTTP requests. This is used to determine the associated project ID
for a workload identity pool resource (external account credentials).
If not specified, then it will use a
google.auth.transport.requests.Request client to make requests.
Returns:
Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded
credentials and the project ID. Authorized user credentials do not
have the project ID information. External account credentials project
IDs may not always be determined.
Raises:
google.auth.exceptions.DefaultCredentialsError: if the file is in the
wrong format or is missing.
"""
if not isinstance(info, dict):
raise exceptions.DefaultCredentialsError(
"info object was of type {} but dict type was expected.".format(type(info))
)

return _load_credentials_from_info(
"dict object", info, scopes, default_scopes, quota_project_id, request
)


def _load_credentials_from_info(
filename, info, scopes, default_scopes, quota_project_id, request
):
Expand Down
4 changes: 2 additions & 2 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@
)

extras = {
"aiohttp": ["aiohttp >= 3.6.2, < 4.0.0dev", "requests >= 2.20.0, < 3.0.0dev"],
"aiohttp": ["aiohttp >= 3.6.2, < 4.0.0.dev0", "requests >= 2.20.0, < 3.0.0.dev0"],
"pyopenssl": ["pyopenssl>=20.0.0", "cryptography>=38.0.3"],
"requests": "requests >= 2.20.0, < 3.0.0dev",
"requests": "requests >= 2.20.0, < 3.0.0.dev0",
"reauth": "pyu2f>=0.1.5",
# Enterprise cert only works for OpenSSL 1.1.1. Newer versions of these
# dependencies are built with OpenSSL 3.0 so we need to fix the version.
Expand Down
Binary file modified system_tests/secrets.tar.enc
Binary file not shown.
22 changes: 22 additions & 0 deletions tests/test__default.py
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,28 @@ def test_load_credentials_from_missing_file():
assert excinfo.match(r"not found")


def test_load_credentials_from_dict_non_dict_object():
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default.load_credentials_from_dict("")
assert excinfo.match(r"dict type was expected")

with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default.load_credentials_from_dict(None)
assert excinfo.match(r"dict type was expected")

with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default.load_credentials_from_dict(1)
assert excinfo.match(r"dict type was expected")


def test_load_credentials_from_dict_authorized_user():
credentials, project_id = _default.load_credentials_from_dict(
AUTHORIZED_USER_FILE_DATA
)
assert isinstance(credentials, google.oauth2.credentials.Credentials)
assert project_id is None


def test_load_credentials_from_file_invalid_json(tmpdir):
jsonfile = tmpdir.join("invalid.json")
jsonfile.write("{")
Expand Down
16 changes: 8 additions & 8 deletions tests/test_aws.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,10 @@
CRED_VERIFICATION_URL = (
"https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15"
)
# Sample AWS security credentials to be used with tests that require a session token.
ACCESS_KEY_ID = "ASIARD4OQDT6A77FR3CL"
SECRET_ACCESS_KEY = "Y8AfSaucF37G4PpvfguKZ3/l7Id4uocLXxX0+VTx"
TOKEN = "IQoJb3JpZ2luX2VjEIz//////////wEaCXVzLWVhc3QtMiJGMEQCIH7MHX/Oy/OB8OlLQa9GrqU1B914+iMikqWQW7vPCKlgAiA/Lsv8Jcafn14owfxXn95FURZNKaaphj0ykpmS+Ki+CSq0AwhlEAAaDDA3NzA3MTM5MTk5NiIMx9sAeP1ovlMTMKLjKpEDwuJQg41/QUKx0laTZYjPlQvjwSqS3OB9P1KAXPWSLkliVMMqaHqelvMF/WO/glv3KwuTfQsavRNs3v5pcSEm4SPO3l7mCs7KrQUHwGP0neZhIKxEXy+Ls//1C/Bqt53NL+LSbaGv6RPHaX82laz2qElphg95aVLdYgIFY6JWV5fzyjgnhz0DQmy62/Vi8pNcM2/VnxeCQ8CC8dRDSt52ry2v+nc77vstuI9xV5k8mPtnaPoJDRANh0bjwY5Sdwkbp+mGRUJBAQRlNgHUJusefXQgVKBCiyJY4w3Csd8Bgj9IyDV+Azuy1jQqfFZWgP68LSz5bURyIjlWDQunO82stZ0BgplKKAa/KJHBPCp8Qi6i99uy7qh76FQAqgVTsnDuU6fGpHDcsDSGoCls2HgZjZFPeOj8mmRhFk1Xqvkbjuz8V1cJk54d3gIJvQt8gD2D6yJQZecnuGWd5K2e2HohvCc8Fc9kBl1300nUJPV+k4tr/A5R/0QfEKOZL1/k5lf1g9CREnrM8LVkGxCgdYMxLQow1uTL+QU67AHRRSp5PhhGX4Rek+01vdYSnJCMaPhSEgcLqDlQkhk6MPsyT91QMXcWmyO+cAZwUPwnRamFepuP4K8k2KVXs/LIJHLELwAZ0ekyaS7CptgOqS7uaSTFG3U+vzFZLEnGvWQ7y9IPNQZ+Dffgh4p3vF4J68y9049sI6Sr5d5wbKkcbm8hdCDHZcv4lnqohquPirLiFQ3q7B17V9krMPu3mz1cg4Ekgcrn/E09NTsxAqD8NcZ7C7ECom9r+X3zkDOxaajW6hu3Az8hGlyylDaMiFfRbBJpTIlxp7jfa7CxikNgNtEKLH9iCzvuSg2vhA=="
# Sample fictitious AWS security credentials to be used with tests that require a session token.
ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE"
SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
TOKEN = "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE"
# To avoid json.dumps() differing behavior from one version to other,
# the JSON payload is hardcoded.
REQUEST_PARAMS = '{"KeySchema":[{"KeyType":"HASH","AttributeName":"Id"}],"TableName":"TestTable","AttributeDefinitions":[{"AttributeName":"Id","AttributeType":"S"}],"ProvisionedThroughput":{"WriteCapacityUnits":5,"ReadCapacityUnits":5}}'
Expand Down Expand Up @@ -514,7 +514,7 @@
"headers": {
"Authorization": "AWS4-HMAC-SHA256 Credential="
+ ACCESS_KEY_ID
+ "/20200811/us-east-2/ec2/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=631ea80cddfaa545fdadb120dc92c9f18166e38a5c47b50fab9fce476e022855",
+ "/20200811/us-east-2/ec2/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=41e226f997bf917ec6c9b2b14218df0874225f13bb153236c247881e614fafc9",
"host": "ec2.us-east-2.amazonaws.com",
"x-amz-date": "20200811T065522Z",
"x-amz-security-token": TOKEN,
Expand All @@ -540,7 +540,7 @@
"headers": {
"Authorization": "AWS4-HMAC-SHA256 Credential="
+ ACCESS_KEY_ID
+ "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=73452984e4a880ffdc5c392355733ec3f5ba310d5e0609a89244440cadfe7a7a",
+ "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=596aa990b792d763465d73703e684ca273c45536c6d322c31be01a41d02e5b60",
"host": "sts.us-east-2.amazonaws.com",
"x-amz-date": "20200811T065522Z",
"x-amz-security-token": TOKEN,
Expand All @@ -562,7 +562,7 @@
"headers": {
"Authorization": "AWS4-HMAC-SHA256 Credential="
+ ACCESS_KEY_ID
+ "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date, Signature=d095ba304919cd0d5570ba8a3787884ee78b860f268ed040ba23831d55536d56",
+ "/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date, Signature=9e722e5b7bfa163447e2a14df118b45ebd283c5aea72019bdf921d6e7dc01a9a",
"host": "sts.us-east-2.amazonaws.com",
"x-amz-date": "20200811T065522Z",
},
Expand Down Expand Up @@ -592,7 +592,7 @@
"headers": {
"Authorization": "AWS4-HMAC-SHA256 Credential="
+ ACCESS_KEY_ID
+ "/20200811/us-east-2/dynamodb/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=fdaa5b9cc9c86b80fe61eaf504141c0b3523780349120f2bd8145448456e0385",
+ "/20200811/us-east-2/dynamodb/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=eb8bce0e63654bba672d4a8acb07e72d69210c1797d56ce024dbbc31beb2a2c7",
"host": "dynamodb.us-east-2.amazonaws.com",
"x-amz-date": "20200811T065522Z",
"Content-Type": "application/x-amz-json-1.0",
Expand Down

0 comments on commit 4487fe8

Please sign in to comment.