test_iam.py 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
  1. # Copyright 2017 Google LLC
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. import base64
  15. import datetime
  16. import json
  17. import mock
  18. import pytest
  19. from six.moves import http_client
  20. from google.auth import _helpers
  21. from google.auth import exceptions
  22. from google.auth import iam
  23. from google.auth import transport
  24. import google.auth.credentials
  25. def make_request(status, data=None):
  26. response = mock.create_autospec(transport.Response, instance=True)
  27. response.status = status
  28. if data is not None:
  29. response.data = json.dumps(data).encode("utf-8")
  30. request = mock.create_autospec(transport.Request)
  31. request.return_value = response
  32. return request
  33. def make_credentials():
  34. class CredentialsImpl(google.auth.credentials.Credentials):
  35. def __init__(self):
  36. super(CredentialsImpl, self).__init__()
  37. self.token = "token"
  38. # Force refresh
  39. self.expiry = datetime.datetime.min + _helpers.CLOCK_SKEW
  40. def refresh(self, request):
  41. pass
  42. def with_quota_project(self, quota_project_id):
  43. raise NotImplementedError()
  44. return CredentialsImpl()
  45. class TestSigner(object):
  46. def test_constructor(self):
  47. request = mock.sentinel.request
  48. credentials = mock.create_autospec(
  49. google.auth.credentials.Credentials, instance=True
  50. )
  51. signer = iam.Signer(request, credentials, mock.sentinel.service_account_email)
  52. assert signer._request == mock.sentinel.request
  53. assert signer._credentials == credentials
  54. assert signer._service_account_email == mock.sentinel.service_account_email
  55. def test_key_id(self):
  56. signer = iam.Signer(
  57. mock.sentinel.request,
  58. mock.sentinel.credentials,
  59. mock.sentinel.service_account_email,
  60. )
  61. assert signer.key_id is None
  62. def test_sign_bytes(self):
  63. signature = b"DEADBEEF"
  64. encoded_signature = base64.b64encode(signature).decode("utf-8")
  65. request = make_request(http_client.OK, data={"signedBlob": encoded_signature})
  66. credentials = make_credentials()
  67. signer = iam.Signer(request, credentials, mock.sentinel.service_account_email)
  68. returned_signature = signer.sign("123")
  69. assert returned_signature == signature
  70. kwargs = request.call_args[1]
  71. assert kwargs["headers"]["Content-Type"] == "application/json"
  72. def test_sign_bytes_failure(self):
  73. request = make_request(http_client.UNAUTHORIZED)
  74. credentials = make_credentials()
  75. signer = iam.Signer(request, credentials, mock.sentinel.service_account_email)
  76. with pytest.raises(exceptions.TransportError):
  77. signer.sign("123")