1# Copyright 2016 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15import pytest 16 17from google.auth import _helpers 18from google.auth import exceptions 19from google.auth import iam 20from google.oauth2 import service_account 21 22 23@pytest.fixture 24def credentials(service_account_file): 25 yield service_account.Credentials.from_service_account_file(service_account_file) 26 27 28def test_refresh_no_scopes(http_request, credentials): 29 with pytest.raises(exceptions.RefreshError): 30 credentials.refresh(http_request) 31 32 33def test_refresh_success(http_request, credentials, token_info): 34 credentials = credentials.with_scopes(["email", "profile"]) 35 36 credentials.refresh(http_request) 37 38 assert credentials.token 39 40 info = token_info(credentials.token) 41 42 assert info["email"] == credentials.service_account_email 43 info_scopes = _helpers.string_to_scopes(info["scope"]) 44 assert set(info_scopes) == set( 45 [ 46 "https://www.googleapis.com/auth/userinfo.email", 47 "https://www.googleapis.com/auth/userinfo.profile", 48 ] 49 ) 50 51def test_iam_signer(http_request, credentials): 52 credentials = credentials.with_scopes( 53 ["https://www.googleapis.com/auth/iam"] 54 ) 55 56 # Verify iamcredentials signer. 57 signer = iam.Signer( 58 http_request, 59 credentials, 60 credentials.service_account_email 61 ) 62 63 signed_blob = signer.sign("message") 64 65 assert isinstance(signed_blob, bytes) 66