Reviewed in https://codereview.appspot.com/60300043/
Permit AppAssertionCredentials to specify the service account to use, Fixes issue #325.
This commit is contained in:
Joe Gregorio
@@ -159,8 +159,12 @@ class AppAssertionCredentials(AssertionCredentials):
|
|||||||
Args:
|
Args:
|
||||||
scope: string or iterable of strings, scope(s) of the credentials being
|
scope: string or iterable of strings, scope(s) of the credentials being
|
||||||
requested.
|
requested.
|
||||||
|
kwargs: optional keyword args, including:
|
||||||
|
service_account_id: service account id of the application. If None or
|
||||||
|
unspecified, the default service account for the app is used.
|
||||||
"""
|
"""
|
||||||
self.scope = util.scopes_to_string(scope)
|
self.scope = util.scopes_to_string(scope)
|
||||||
|
self.service_account_id = kwargs.get('service_account_id', None)
|
||||||
|
|
||||||
# Assertion type is no longer used, but still in the parent class signature.
|
# Assertion type is no longer used, but still in the parent class signature.
|
||||||
super(AppAssertionCredentials, self).__init__(None)
|
super(AppAssertionCredentials, self).__init__(None)
|
||||||
@@ -186,7 +190,8 @@ class AppAssertionCredentials(AssertionCredentials):
|
|||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
scopes = self.scope.split()
|
scopes = self.scope.split()
|
||||||
(token, _) = app_identity.get_access_token(scopes)
|
(token, _) = app_identity.get_access_token(
|
||||||
|
scopes, service_account_id=self.service_account_id)
|
||||||
except app_identity.Error, e:
|
except app_identity.Error, e:
|
||||||
raise AccessTokenRefreshError(str(e))
|
raise AccessTokenRefreshError(str(e))
|
||||||
self.access_token = token
|
self.access_token = token
|
||||||
|
|||||||
@@ -203,6 +203,23 @@ class TestAppAssertionCredentials(unittest.TestCase):
|
|||||||
'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
|
'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
|
||||||
credentials.scope)
|
credentials.scope)
|
||||||
|
|
||||||
|
def test_custom_service_account(self):
|
||||||
|
scope = "http://www.googleapis.com/scope"
|
||||||
|
account_id = "service_account_name_2@appspot.com"
|
||||||
|
m = mox.Mox()
|
||||||
|
m.StubOutWithMock(app_identity, 'get_access_token')
|
||||||
|
app_identity.get_access_token(
|
||||||
|
[scope], service_account_id=account_id).AndReturn(('a_token_456', None))
|
||||||
|
m.ReplayAll()
|
||||||
|
|
||||||
|
credentials = AppAssertionCredentials(scope, service_account_id=account_id)
|
||||||
|
http = httplib2.Http()
|
||||||
|
credentials.refresh(http)
|
||||||
|
m.VerifyAll()
|
||||||
|
m.UnsetStubs()
|
||||||
|
self.assertEqual('a_token_456', credentials.access_token)
|
||||||
|
self.assertEqual(scope, credentials.scope)
|
||||||
|
|
||||||
|
|
||||||
class TestFlowModel(db.Model):
|
class TestFlowModel(db.Model):
|
||||||
flow = FlowProperty()
|
flow = FlowProperty()
|
||||||
|
|||||||
Reference in New Issue
Block a user