From df59cadb0398bae43b762d45dfa229127ffa734d Mon Sep 17 00:00:00 2001 From: Orest Bolohan Date: Fri, 11 Jul 2014 13:09:18 -0700 Subject: [PATCH] Replace the 'default credentials' concept with the 'application default credentials' concept. --- oauth2client/client.py | 140 ++++++++------- samples/call_compute_service.py | 9 +- .../call_compute_service_from_gae.py | 9 +- ...n => application_default_credentials.json} | 0 ..._default_credentials_authorized_user.json} | 0 ...tion_default_credentials_malformed_1.json} | 0 ...tion_default_credentials_malformed_2.json} | 0 ...tion_default_credentials_malformed_3.json} | 0 tests/test_oauth2client.py | 166 ++++++++++-------- 9 files changed, 176 insertions(+), 148 deletions(-) rename tests/data/gcloud/{credentials_default.json => application_default_credentials.json} (100%) rename tests/data/gcloud/{credentials_default_authorized_user.json => application_default_credentials_authorized_user.json} (100%) rename tests/data/gcloud/{credentials_default_malformed_1.json => application_default_credentials_malformed_1.json} (100%) rename tests/data/gcloud/{credentials_default_malformed_2.json => application_default_credentials_malformed_2.json} (100%) rename tests/data/gcloud/{credentials_default_malformed_3.json => application_default_credentials_malformed_3.json} (100%) diff --git a/oauth2client/client.py b/oauth2client/client.py index ad3044e..c0b79df 100644 --- a/oauth2client/client.py +++ b/oauth2client/client.py @@ -73,8 +73,9 @@ AUTHORIZED_USER = 'authorized_user' # The value representing service account credentials. SERVICE_ACCOUNT = 'service_account' -# The environment variable pointing the file with local Default Credentials. -GOOGLE_CREDENTIALS_DEFAULT = 'GOOGLE_CREDENTIALS_DEFAULT' +# The environment variable pointing the file with local +# Application Default Credentials. +GOOGLE_APPLICATION_CREDENTIALS = 'GOOGLE_APPLICATION_CREDENTIALS' # The access token along with the seconds in which it expires. AccessTokenInfo = namedtuple('AccessTokenInfo', ['access_token', 'expires_in']) @@ -111,8 +112,8 @@ class NonAsciiHeaderError(Error): """Header names and values must be ASCII strings.""" -class DefaultCredentialsError(Error): - """Error retrieving the Default Credentials.""" +class ApplicationDefaultCredentialsError(Error): + """Error retrieving the Application Default Credentials.""" def _abstract(): @@ -903,14 +904,15 @@ def _get_environment(urllib2_urlopen=None): class GoogleCredentials(OAuth2Credentials): - """Default credentials for use in calling Google APIs. + """Application Default Credentials for use in calling Google APIs. - The Default Credentials are being constructed as a function of the environment - where the code is being run. More details can be found on this page: - https://developers.google.com/accounts/docs/default-credentials + The Application Default Credentials are being constructed as a function of + the environment where the code is being run. + More details can be found on this page: + https://developers.google.com/accounts/docs/application-default-credentials - Here is an example of how to use the Default Credentials for a service that - requires authentication: + Here is an example of how to use the Application Default Credentials for a + service that requires authentication: from googleapiclient.discovery import build @@ -919,7 +921,8 @@ class GoogleCredentials(OAuth2Credentials): PROJECT = 'bamboo-machine-422' # replace this with one of your projects ZONE = 'us-central1-a' # replace this with the zone you care about - service = build('compute', 'v1', credentials=GoogleCredentials.get_default()) + credentials = GoogleCredentials.get_application_default() + service = build('compute', 'v1', credentials=credentials) request = service.instances().list(project=PROJECT, zone=ZONE) response = request.execute() @@ -949,7 +952,8 @@ class GoogleCredentials(OAuth2Credentials): This constructor is not usually called by the user, instead GoogleCredentials objects are instantiated by - GoogleCredentials.from_stream() or GoogleCredentials.get_default(). + GoogleCredentials.from_stream() or + GoogleCredentials.get_application_default(). Args: access_token: string, access token. @@ -982,11 +986,12 @@ class GoogleCredentials(OAuth2Credentials): return self @staticmethod - def get_default(): - """Get the Default Credentials for the current environment. + def get_application_default(): + """Get the Application Default Credentials for the current environment. Exceptions: - DefaultCredentialsError: raised when the credentials fail to be retrieved. + ApplicationDefaultCredentialsError: raised when the credentials fail + to be retrieved. """ _env_name = _get_environment() @@ -994,41 +999,40 @@ class GoogleCredentials(OAuth2Credentials): if _env_name in ('GAE_PRODUCTION', 'GAE_LOCAL'): # if we are running inside Google App Engine # there is no need to look for credentials in local files - default_credential_filename = None + application_default_credential_filename = None well_known_file = None else: - default_credential_filename = _get_environment_variable_file() + application_default_credential_filename = _get_environment_variable_file() well_known_file = _get_well_known_file() - if default_credential_filename: + if application_default_credential_filename: try: - return _get_default_credential_from_file(default_credential_filename) - except (DefaultCredentialsError, ValueError) as error: - extra_help = (' (pointed to by ' + GOOGLE_CREDENTIALS_DEFAULT + + return _get_application_default_credential_from_file( + application_default_credential_filename) + except (ApplicationDefaultCredentialsError, ValueError) as error: + extra_help = (' (pointed to by ' + GOOGLE_APPLICATION_CREDENTIALS + ' environment variable)') - _raise_exception_for_reading_json(default_credential_filename, - extra_help, error) + _raise_exception_for_reading_json( + application_default_credential_filename, extra_help, error) elif well_known_file: try: - return _get_default_credential_from_file(well_known_file) - except (DefaultCredentialsError, ValueError) as error: + return _get_application_default_credential_from_file(well_known_file) + except (ApplicationDefaultCredentialsError, ValueError) as error: extra_help = (' (produced automatically when running' ' "gcloud auth login" command)') _raise_exception_for_reading_json(well_known_file, extra_help, error) elif _env_name in ('GAE_PRODUCTION', 'GAE_LOCAL'): - return _get_default_credential_GAE() + return _get_application_default_credential_GAE() elif _env_name == 'GCE_PRODUCTION': - return _get_default_credential_GCE() + return _get_application_default_credential_GCE() else: - raise DefaultCredentialsError( - "The Default Credentials are not available. They are available if " - "running in Google App Engine or Google Compute Engine. They are " - "also available if using the Google Cloud SDK and running 'gcloud " - "auth login'. Otherwise, the environment variable " + - GOOGLE_CREDENTIALS_DEFAULT + " must be defined pointing to a file " - "defining the credentials. " - "See https://developers.google.com/accounts/docs/default-credentials " - "for details.") + raise ApplicationDefaultCredentialsError( + "The Application Default Credentials are not available. They are " + "available if running in Google Compute Engine. Otherwise, the " + " environment variable " + GOOGLE_APPLICATION_CREDENTIALS + + " must be defined pointing to a file defining the credentials. " + "See https://developers.google.com/accounts/docs/application-default-" + "credentials for more information.") @staticmethod def from_stream(credential_filename): @@ -1041,33 +1045,38 @@ class GoogleCredentials(OAuth2Credentials): are to be read Exceptions: - DefaultCredentialsError: raised when the credentials fail to be retrieved. + ApplicationDefaultCredentialsError: raised when the credentials fail + to be retrieved. """ if credential_filename and os.path.isfile(credential_filename): try: - return _get_default_credential_from_file(credential_filename) - except (DefaultCredentialsError, ValueError) as error: + return _get_application_default_credential_from_file( + credential_filename) + except (ApplicationDefaultCredentialsError, ValueError) as error: extra_help = ' (provided as parameter to the from_stream() method)' _raise_exception_for_reading_json(credential_filename, extra_help, error) else: - raise DefaultCredentialsError('The parameter passed to the from_stream()' - ' method should point to a file.') + raise ApplicationDefaultCredentialsError( + 'The parameter passed to the from_stream() ' + 'method should point to a file.') def _get_environment_variable_file(): - default_credential_filename = os.environ.get(GOOGLE_CREDENTIALS_DEFAULT, - None) + application_default_credential_filename = ( + os.environ.get(GOOGLE_APPLICATION_CREDENTIALS, + None)) - if default_credential_filename: - if os.path.isfile(default_credential_filename): - return default_credential_filename + if application_default_credential_filename: + if os.path.isfile(application_default_credential_filename): + return application_default_credential_filename else: - raise DefaultCredentialsError( - 'File ' + default_credential_filename + ' (pointed by ' + - GOOGLE_CREDENTIALS_DEFAULT + ' environment variable) does not exist!') + raise ApplicationDefaultCredentialsError( + 'File ' + application_default_credential_filename + ' (pointed by ' + + GOOGLE_APPLICATION_CREDENTIALS + + ' environment variable) does not exist!') def _get_well_known_file(): @@ -1075,7 +1084,7 @@ def _get_well_known_file(): # TODO(orestica): Revisit this method once gcloud provides a better way # of pinpointing the exact location of the file. - WELL_KNOWN_CREDENTIALS_FILE = 'credentials_default.json' + WELL_KNOWN_CREDENTIALS_FILE = 'application_default_credentials.json' CLOUDSDK_CONFIG_DIRECTORY = 'gcloud' if os.name == 'nt': @@ -1098,14 +1107,17 @@ def _get_well_known_file(): return default_config_path -def _get_default_credential_from_file(default_credential_filename): - """Build the Default Credentials from file.""" +def _get_application_default_credential_from_file( + application_default_credential_filename): + """Build the Application Default Credentials from file.""" import service_account # read the credentials from the file - with open(default_credential_filename) as default_credential: - client_credentials = service_account.simplejson.load(default_credential) + with open(application_default_credential_filename) as ( + application_default_credential): + client_credentials = service_account.simplejson.load( + application_default_credential) credentials_type = client_credentials.get('type') if credentials_type == AUTHORIZED_USER: @@ -1114,9 +1126,9 @@ def _get_default_credential_from_file(default_credential_filename): required_fields = set(['client_id', 'client_email', 'private_key_id', 'private_key']) else: - raise DefaultCredentialsError("'type' field should be defined " - "(and have one of the '" + AUTHORIZED_USER + - "' or '" + SERVICE_ACCOUNT + "' values)") + raise ApplicationDefaultCredentialsError( + "'type' field should be defined (and have one of the '" + + AUTHORIZED_USER + "' or '" + SERVICE_ACCOUNT + "' values)") missing_fields = required_fields.difference(client_credentials.keys()) @@ -1142,25 +1154,25 @@ def _get_default_credential_from_file(default_credential_filename): def _raise_exception_for_missing_fields(missing_fields): - raise DefaultCredentialsError('The following field(s): ' + - ', '.join(missing_fields) + ' must be defined.') + raise ApplicationDefaultCredentialsError( + 'The following field(s) must be defined: ' + ', '.join(missing_fields)) def _raise_exception_for_reading_json(credential_file, extra_help, error): - raise DefaultCredentialsError('An error was encountered while reading ' - 'json file: '+ credential_file + extra_help + - ': ' + str(error)) + raise ApplicationDefaultCredentialsError( + 'An error was encountered while reading json file: '+ + credential_file + extra_help + ': ' + str(error)) -def _get_default_credential_GAE(): +def _get_application_default_credential_GAE(): from oauth2client.appengine import AppAssertionCredentials return AppAssertionCredentials([]) -def _get_default_credential_GCE(): +def _get_application_default_credential_GCE(): from oauth2client.gce import AppAssertionCredentials return AppAssertionCredentials([]) diff --git a/samples/call_compute_service.py b/samples/call_compute_service.py index aaa4f38..a8e42c6 100644 --- a/samples/call_compute_service.py +++ b/samples/call_compute_service.py @@ -1,13 +1,14 @@ -# To be used to test GoogleCredential.GetDefaultCredential() +# To be used to test GoogleCredentials.get_application_default() # from local machine and GCE. from googleapiclient.discovery import build from oauth2client.client import GoogleCredentials -PROJECT = "bamboo-machine-422" # Provide your own GCE project here -ZONE = "us-central1-a" # Put here a zone which has some VMs +PROJECT = 'bamboo-machine-422' # Provide your own GCE project here +ZONE = 'us-central1-a' # Put here a zone which has some VMs -service = build("compute", "v1", credentials=GoogleCredentials.get_default()) +credentials = GoogleCredentials.get_application_default() +service = build('compute', 'v1', credentials=credentials) request = service.instances().list(project=PROJECT, zone=ZONE) response = request.execute() diff --git a/samples/googleappengine/call_compute_service_from_gae.py b/samples/googleappengine/call_compute_service_from_gae.py index e2b01d2..b3e3e75 100644 --- a/samples/googleappengine/call_compute_service_from_gae.py +++ b/samples/googleappengine/call_compute_service_from_gae.py @@ -1,15 +1,16 @@ -# To be used to test GoogleCredential.GetDefaultCredential() +# To be used to test GoogleCredentials.get_application_default() # from devel GAE (ie, dev_appserver.py). import webapp2 from googleapiclient.discovery import build from oauth2client.client import GoogleCredentials -PROJECT = "bamboo-machine-422" # Provide your own GCE project here -ZONE = "us-central1-a" # Put here a zone which has some VMs +PROJECT = 'bamboo-machine-422' # Provide your own GCE project here +ZONE = 'us-central1-a' # Put here a zone which has some VMs def get_instances(): - service = build("compute", "v1", credentials=GoogleCredentials.get_default()) + credentials = GoogleCredentials.get_application_default() + service = build('compute', 'v1', credentials=credentials) request = service.instances().list(project=PROJECT, zone=ZONE) return request.execute() diff --git a/tests/data/gcloud/credentials_default.json b/tests/data/gcloud/application_default_credentials.json similarity index 100% rename from tests/data/gcloud/credentials_default.json rename to tests/data/gcloud/application_default_credentials.json diff --git a/tests/data/gcloud/credentials_default_authorized_user.json b/tests/data/gcloud/application_default_credentials_authorized_user.json similarity index 100% rename from tests/data/gcloud/credentials_default_authorized_user.json rename to tests/data/gcloud/application_default_credentials_authorized_user.json diff --git a/tests/data/gcloud/credentials_default_malformed_1.json b/tests/data/gcloud/application_default_credentials_malformed_1.json similarity index 100% rename from tests/data/gcloud/credentials_default_malformed_1.json rename to tests/data/gcloud/application_default_credentials_malformed_1.json diff --git a/tests/data/gcloud/credentials_default_malformed_2.json b/tests/data/gcloud/application_default_credentials_malformed_2.json similarity index 100% rename from tests/data/gcloud/credentials_default_malformed_2.json rename to tests/data/gcloud/application_default_credentials_malformed_2.json diff --git a/tests/data/gcloud/credentials_default_malformed_3.json b/tests/data/gcloud/application_default_credentials_malformed_3.json similarity index 100% rename from tests/data/gcloud/credentials_default_malformed_3.json rename to tests/data/gcloud/application_default_credentials_malformed_3.json diff --git a/tests/test_oauth2client.py b/tests/test_oauth2client.py index 72e3b4e..d214cdf 100644 --- a/tests/test_oauth2client.py +++ b/tests/test_oauth2client.py @@ -41,10 +41,10 @@ from oauth2client.client import AccessTokenRefreshError from oauth2client.client import AssertionCredentials from oauth2client.client import AUTHORIZED_USER from oauth2client.client import Credentials -from oauth2client.client import DefaultCredentialsError +from oauth2client.client import ApplicationDefaultCredentialsError from oauth2client.client import FlowExchangeError from oauth2client.client import GoogleCredentials -from oauth2client.client import GOOGLE_CREDENTIALS_DEFAULT +from oauth2client.client import GOOGLE_APPLICATION_CREDENTIALS from oauth2client.client import MemoryCache from oauth2client.client import NonAsciiHeaderError from oauth2client.client import OAuth2Credentials @@ -57,7 +57,7 @@ from oauth2client.client import TokenRevokeError from oauth2client.client import VerifyJwtTokenError from oauth2client.client import _env_name from oauth2client.client import _extract_id_token -from oauth2client.client import _get_default_credential_from_file +from oauth2client.client import _get_application_default_credential_from_file from oauth2client.client import _get_environment from oauth2client.client import _get_environment_variable_file from oauth2client.client import _get_well_known_file @@ -140,8 +140,8 @@ class GoogleCredentialsTests(unittest.TestCase): def setUp(self): self.env_server_software = os.environ.get('SERVER_SOFTWARE', None) - self.env_google_credentials_default = ( - os.environ.get(GOOGLE_CREDENTIALS_DEFAULT, None)) + self.env_google_application_credentials = ( + os.environ.get(GOOGLE_APPLICATION_CREDENTIALS, None)) self.env_appdata = os.environ.get('APPDATA', None) self.os_name = os.name from oauth2client import client @@ -149,8 +149,8 @@ class GoogleCredentialsTests(unittest.TestCase): def tearDown(self): self.reset_env('SERVER_SOFTWARE', self.env_server_software) - self.reset_env(GOOGLE_CREDENTIALS_DEFAULT, - self.env_google_credentials_default) + self.reset_env(GOOGLE_APPLICATION_CREDENTIALS, + self.env_google_application_credentials) self.reset_env('APPDATA', self.env_appdata) os.name = self.os_name @@ -235,27 +235,27 @@ class GoogleCredentialsTests(unittest.TestCase): def test_get_environment_variable_file(self): environment_variable_file = datafile( - os.path.join('gcloud', 'credentials_default.json')) - os.environ[GOOGLE_CREDENTIALS_DEFAULT] = environment_variable_file + os.path.join('gcloud', 'application_default_credentials.json')) + os.environ[GOOGLE_APPLICATION_CREDENTIALS] = environment_variable_file self.assertEqual(environment_variable_file, _get_environment_variable_file()) def test_get_environment_variable_file_error(self): nonexistent_file = datafile('nonexistent') - os.environ[GOOGLE_CREDENTIALS_DEFAULT] = nonexistent_file + os.environ[GOOGLE_APPLICATION_CREDENTIALS] = nonexistent_file # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: _get_environment_variable_file() self.fail(nonexistent_file + ' should not exist.') - except DefaultCredentialsError as error: + except ApplicationDefaultCredentialsError as error: self.assertEqual('File ' + nonexistent_file + - ' (pointed by ' + GOOGLE_CREDENTIALS_DEFAULT + + ' (pointed by ' + GOOGLE_APPLICATION_CREDENTIALS + ' environment variable) does not exist!', str(error)) def test_get_well_known_file_on_windows(self): well_known_file = datafile( - os.path.join('gcloud', 'credentials_default.json')) + os.path.join('gcloud', 'application_default_credentials.json')) os.name = 'nt' os.environ['APPDATA'] = DATA_DIR self.assertEqual(well_known_file, _get_well_known_file()) @@ -265,47 +265,52 @@ class GoogleCredentialsTests(unittest.TestCase): os.environ['APPDATA'] = os.path.join(DATA_DIR, 'nonexistentpath') self.assertEqual(None, _get_well_known_file()) - def test_get_default_credential_from_file_service_account(self): + def test_get_application_default_credential_from_file_service_account(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default.json')) - credentials = _get_default_credential_from_file(credentials_file) + os.path.join('gcloud', 'application_default_credentials.json')) + credentials = _get_application_default_credential_from_file( + credentials_file) self.validate_service_account_credentials(credentials) - def test_get_default_credential_from_file_authorized_user(self): + def test_get_application_default_credential_from_file_authorized_user(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_authorized_user.json')) - credentials = _get_default_credential_from_file(credentials_file) + os.path.join('gcloud', + 'application_default_credentials_authorized_user.json')) + credentials = _get_application_default_credential_from_file( + credentials_file) self.validate_google_credentials(credentials) - def test_get_default_credential_from_malformed_file_1(self): + def test_get_application_default_credential_from_malformed_file_1(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_malformed_1.json')) + os.path.join('gcloud', + 'application_default_credentials_malformed_1.json')) # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: - _get_default_credential_from_file(credentials_file) + _get_application_default_credential_from_file(credentials_file) self.fail('An exception was expected!') - except DefaultCredentialsError as error: + except ApplicationDefaultCredentialsError as error: self.assertEqual("'type' field should be defined " "(and have one of the '" + AUTHORIZED_USER + "' or '" + SERVICE_ACCOUNT + "' values)", str(error)) - def test_get_default_credential_from_malformed_file_2(self): + def test_get_application_default_credential_from_malformed_file_2(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_malformed_2.json')) + os.path.join('gcloud', + 'application_default_credentials_malformed_2.json')) # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: - _get_default_credential_from_file(credentials_file) + _get_application_default_credential_from_file(credentials_file) self.fail('An exception was expected!') - except DefaultCredentialsError as error: - self.assertEqual('The following field(s): ' - 'private_key_id must be defined.', + except ApplicationDefaultCredentialsError as error: + self.assertEqual('The following field(s) must be defined: private_key_id', str(error)) - def test_get_default_credential_from_malformed_file_3(self): + def test_get_application_default_credential_from_malformed_file_3(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_malformed_3.json')) - self.assertRaises(ValueError, _get_default_credential_from_file, + os.path.join('gcloud', + 'application_default_credentials_malformed_3.json')) + self.assertRaises(ValueError, _get_application_default_credential_from_file, credentials_file) def test_raise_exception_for_missing_fields(self): @@ -314,105 +319,112 @@ class GoogleCredentialsTests(unittest.TestCase): try: _raise_exception_for_missing_fields(missing_fields) self.fail('An exception was expected!') - except DefaultCredentialsError as error: - self.assertEqual('The following field(s): ' + - ', '.join(missing_fields) + ' must be defined.', + except ApplicationDefaultCredentialsError as error: + self.assertEqual('The following field(s) must be defined: ' + + ', '.join(missing_fields), str(error)) def test_raise_exception_for_reading_json(self): credential_file = 'any_file' extra_help = ' be good' - error = DefaultCredentialsError('stuff happens') + error = ApplicationDefaultCredentialsError('stuff happens') # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: _raise_exception_for_reading_json(credential_file, extra_help, error) self.fail('An exception was expected!') - except DefaultCredentialsError as ex: + except ApplicationDefaultCredentialsError as ex: self.assertEqual('An error was encountered while reading ' 'json file: '+ credential_file + extra_help + ': ' + str(error), str(ex)) - def test_get_default_from_environment_variable_service_account(self): + def test_get_application_default_from_environment_variable_service_account( + self): os.environ['SERVER_SOFTWARE'] = '' environment_variable_file = datafile( - os.path.join('gcloud', 'credentials_default.json')) - os.environ[GOOGLE_CREDENTIALS_DEFAULT] = environment_variable_file - self.validate_service_account_credentials(GoogleCredentials.get_default()) + os.path.join('gcloud', 'application_default_credentials.json')) + os.environ[GOOGLE_APPLICATION_CREDENTIALS] = environment_variable_file + self.validate_service_account_credentials( + GoogleCredentials.get_application_default()) def test_env_name(self): from oauth2client import client self.assertEqual(None, getattr(client, '_env_name')) - self.test_get_default_from_environment_variable_service_account() + self.test_get_application_default_from_environment_variable_service_account() self.assertEqual('UNKNOWN', getattr(client, '_env_name')) - def test_get_default_from_environment_variable_authorized_user(self): + def test_get_application_default_from_environment_variable_authorized_user( + self): os.environ['SERVER_SOFTWARE'] = '' environment_variable_file = datafile( - os.path.join('gcloud', 'credentials_default_authorized_user.json')) - os.environ[GOOGLE_CREDENTIALS_DEFAULT] = environment_variable_file - self.validate_google_credentials(GoogleCredentials.get_default()) + os.path.join('gcloud', + 'application_default_credentials_authorized_user.json')) + os.environ[GOOGLE_APPLICATION_CREDENTIALS] = environment_variable_file + self.validate_google_credentials( + GoogleCredentials.get_application_default()) - def test_get_default_from_environment_variable_malformed_file(self): + def test_get_application_default_from_environment_variable_malformed_file( + self): os.environ['SERVER_SOFTWARE'] = '' environment_variable_file = datafile( - os.path.join('gcloud', 'credentials_default_malformed_3.json')) - os.environ[GOOGLE_CREDENTIALS_DEFAULT] = environment_variable_file + os.path.join('gcloud', + 'application_default_credentials_malformed_3.json')) + os.environ[GOOGLE_APPLICATION_CREDENTIALS] = environment_variable_file # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: - GoogleCredentials.get_default() + GoogleCredentials.get_application_default() self.fail('An exception was expected!') - except DefaultCredentialsError as error: + except ApplicationDefaultCredentialsError as error: self.assertTrue(str(error).startswith( 'An error was encountered while reading json file: ' + environment_variable_file + ' (pointed to by ' + - GOOGLE_CREDENTIALS_DEFAULT + ' environment variable):')) + GOOGLE_APPLICATION_CREDENTIALS + ' environment variable):')) - def test_get_default_environment_not_set_up(self): + def test_get_application_default_environment_not_set_up(self): # It is normal for this test to fail if run inside # a Google Compute Engine VM or after 'gcloud auth login' command # has been executed on a non Windows machine. os.environ['SERVER_SOFTWARE'] = '' - os.environ[GOOGLE_CREDENTIALS_DEFAULT] = '' + os.environ[GOOGLE_APPLICATION_CREDENTIALS] = '' os.environ['APPDATA'] = '' # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: - GoogleCredentials.get_default() + GoogleCredentials.get_application_default() self.fail('An exception was expected!') - except DefaultCredentialsError as error: - self.assertEqual("The Default Credentials are not available. They are " - "available if running in Google App Engine or Google " - "Compute Engine. They are also available if using the " - "Google Cloud SDK and running 'gcloud auth login'. " - "Otherwise, the environment variable " + - GOOGLE_CREDENTIALS_DEFAULT + " must be defined pointing " - "to a file defining the credentials. See " - "https://developers.google.com/accounts/docs/default-" - "credentials for details.", - str(error)) + except ApplicationDefaultCredentialsError as error: + self.assertEqual( + "The Application Default Credentials are not available. They are " + "available if running in Google Compute Engine. Otherwise, the " + " environment variable " + GOOGLE_APPLICATION_CREDENTIALS + + " must be defined pointing to a file defining the credentials. " + "See https://developers.google.com/accounts/docs/application-default-" + "credentials for more information.", + str(error)) def test_from_stream_service_account(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default.json')) + os.path.join('gcloud', 'application_default_credentials.json')) credentials = ( self.get_a_google_credentials_object().from_stream(credentials_file)) self.validate_service_account_credentials(credentials) def test_from_stream_authorized_user(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_authorized_user.json')) + os.path.join('gcloud', + 'application_default_credentials_authorized_user.json')) credentials = ( self.get_a_google_credentials_object().from_stream(credentials_file)) self.validate_google_credentials(credentials) def test_from_stream_malformed_file_1(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_malformed_1.json')) + os.path.join('gcloud', + 'application_default_credentials_malformed_1.json')) # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: self.get_a_google_credentials_object().from_stream(credentials_file) self.fail('An exception was expected!') - except DefaultCredentialsError as error: + except ApplicationDefaultCredentialsError as error: self.assertEqual("An error was encountered while reading json file: " + credentials_file + " (provided as parameter to the from_stream() method): " @@ -423,24 +435,26 @@ class GoogleCredentialsTests(unittest.TestCase): def test_from_stream_malformed_file_2(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_malformed_2.json')) + os.path.join('gcloud', + 'application_default_credentials_malformed_2.json')) # we can't use self.assertRaisesRegexp() because it is only in Python 2.7+ try: self.get_a_google_credentials_object().from_stream(credentials_file) self.fail('An exception was expected!') - except DefaultCredentialsError as error: + except ApplicationDefaultCredentialsError as error: self.assertEqual('An error was encountered while reading json file: ' + credentials_file + ' (provided as parameter to the from_stream() method): ' - 'The following field(s): private_key_id must be ' - 'defined.', + 'The following field(s) must be defined: ' + 'private_key_id', str(error)) def test_from_stream_malformed_file_3(self): credentials_file = datafile( - os.path.join('gcloud', 'credentials_default_malformed_3.json')) + os.path.join('gcloud', + 'application_default_credentials_malformed_3.json')) self.assertRaises( - DefaultCredentialsError, + ApplicationDefaultCredentialsError, self.get_a_google_credentials_object().from_stream, credentials_file)