fix: add back python 2.7 for gcloud usage only (#892)

* fix: add back python 2.7 for gcloud

* fix: fix setup and tests

* fix: add enum34 for python 2.7

* fix: add app engine app and fix noxfile

* fix: move test_app_engine.py

* fix: fix downscoped

* fix: fix downscoped

* fix: remove py2 from classifiers

google/auth/_cloud_sdk.py

@@ -18,6 +18,8 @@
 import os
 import subprocess
 
+import six
+
 from google.auth import environment_vars
 from google.auth import exceptions
 
@@ -154,4 +156,4 @@ def get_auth_access_token(account=None):
         new_exc = exceptions.UserAccessTokenError(
             "Failed to obtain access token", caught_exc
         )
-        raise new_exc from caught_exc
+        six.raise_from(new_exc, caught_exc)

google/auth/_credentials_async.py

@@ -18,10 +18,13 @@
 import abc
 import inspect
 
+import six
+
 from google.auth import credentials
 
 
-class Credentials(credentials.Credentials, metaclass=abc.ABCMeta):
+@six.add_metaclass(abc.ABCMeta)
+class Credentials(credentials.Credentials):
     """Async inherited credentials class from google.auth.credentials.
     The added functionality is the before_request call which requires
     async/await syntax.
@@ -81,7 +84,8 @@ class AnonymousCredentials(credentials.AnonymousCredentials, Credentials):
     """
 
 
-class ReadOnlyScoped(credentials.ReadOnlyScoped, metaclass=abc.ABCMeta):
+@six.add_metaclass(abc.ABCMeta)
+class ReadOnlyScoped(credentials.ReadOnlyScoped):
     """Interface for credentials whose scopes can be queried.
 
     OAuth 2.0-based credentials allow limiting access using scopes as described
@@ -167,5 +171,6 @@ def with_scopes_if_required(credentials, scopes):
         return credentials
 
 
-class Signing(credentials.Signing, metaclass=abc.ABCMeta):
+@six.add_metaclass(abc.ABCMeta)
+class Signing(credentials.Signing):
     """Interface for credentials that can cryptographically sign messages."""

google/auth/_default.py

@@ -23,6 +23,8 @@
 import os
 import warnings
 
+import six
+
 from google.auth import environment_vars
 from google.auth import exceptions
 import google.auth.transport._http_client
@@ -116,7 +118,7 @@ def load_credentials_from_file(
             new_exc = exceptions.DefaultCredentialsError(
                 "File {} is not a valid json file.".format(filename), caught_exc
             )
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
 
     # The type key should indicate that the file is either a service account
     # credentials file or an authorized user credentials file.
@@ -132,7 +134,7 @@ def load_credentials_from_file(
         except ValueError as caught_exc:
             msg = "Failed to load authorized user credentials from {}".format(filename)
             new_exc = exceptions.DefaultCredentialsError(msg, caught_exc)
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
         if quota_project_id:
             credentials = credentials.with_quota_project(quota_project_id)
         if not credentials.quota_project_id:
@@ -149,7 +151,7 @@ def load_credentials_from_file(
         except ValueError as caught_exc:
             msg = "Failed to load service account credentials from {}".format(filename)
             new_exc = exceptions.DefaultCredentialsError(msg, caught_exc)
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
         if quota_project_id:
             credentials = credentials.with_quota_project(quota_project_id)
         return credentials, info.get("project_id")

google/auth/_default_async.py

@@ -21,6 +21,8 @@
 import json
 import os
 
+import six
+
 from google.auth import _default
 from google.auth import environment_vars
 from google.auth import exceptions
@@ -61,7 +63,7 @@ def load_credentials_from_file(filename, scopes=None, quota_project_id=None):
             new_exc = exceptions.DefaultCredentialsError(
                 "File {} is not a valid json file.".format(filename), caught_exc
             )
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
 
     # The type key should indicate that the file is either a service account
     # credentials file or an authorized user credentials file.
@@ -77,7 +79,7 @@ def load_credentials_from_file(filename, scopes=None, quota_project_id=None):
         except ValueError as caught_exc:
             msg = "Failed to load authorized user credentials from {}".format(filename)
             new_exc = exceptions.DefaultCredentialsError(msg, caught_exc)
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
         if quota_project_id:
             credentials = credentials.with_quota_project(quota_project_id)
         if not credentials.quota_project_id:
@@ -94,7 +96,7 @@ def load_credentials_from_file(filename, scopes=None, quota_project_id=None):
         except ValueError as caught_exc:
             msg = "Failed to load service account credentials from {}".format(filename)
             new_exc = exceptions.DefaultCredentialsError(msg, caught_exc)
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
         return credentials, info.get("project_id")
 
     else:

google/auth/_helpers.py

@@ -17,7 +17,9 @@
 import base64
 import calendar
 import datetime
-import urllib
+
+import six
+from six.moves import urllib
 
 
 # Token server doesn't provide a new a token when doing refresh unless the
@@ -85,6 +87,9 @@ def datetime_to_secs(value):
 def to_bytes(value, encoding="utf-8"):
     """Converts a string value to bytes, if necessary.
 
+    Unfortunately, ``six.b`` is insufficient for this task since in
+    Python 2 because it does not modify ``unicode`` objects.
+
     Args:
         value (Union[str, bytes]): The value to be converted.
         encoding (str): The encoding to use to convert unicode to bytes.
@@ -97,8 +102,8 @@ def to_bytes(value, encoding="utf-8"):
     Raises:
         ValueError: If the value could not be converted to bytes.
     """
-    result = value.encode(encoding) if isinstance(value, str) else value
-    if isinstance(result, bytes):
+    result = value.encode(encoding) if isinstance(value, six.text_type) else value
+    if isinstance(result, six.binary_type):
         return result
     else:
         raise ValueError("{0!r} could not be converted to bytes".format(value))
@@ -117,8 +122,8 @@ def from_bytes(value):
     Raises:
         ValueError: If the value could not be converted to unicode.
     """
-    result = value.decode("utf-8") if isinstance(value, bytes) else value
-    if isinstance(result, str):
+    result = value.decode("utf-8") if isinstance(value, six.binary_type) else value
+    if isinstance(result, six.text_type):
         return result
     else:
         raise ValueError("{0!r} could not be converted to unicode".format(value))
@@ -160,7 +165,7 @@ def update_query(url, params, remove=None):
     query_params.update(params)
     # Remove any values specified in remove.
     query_params = {
-        key: value for key, value in query_params.items() if key not in remove
+        key: value for key, value in six.iteritems(query_params) if key not in remove
     }
     # Re-encoded the query string.
     new_query = urllib.parse.urlencode(query_params, doseq=True)

google/auth/_oauth2client.py

@@ -21,6 +21,8 @@
 
 from __future__ import absolute_import
 
+import six
+
 from google.auth import _helpers
 import google.auth.app_engine
 import google.auth.compute_engine
@@ -32,7 +34,7 @@
     import oauth2client.contrib.gce
     import oauth2client.service_account
 except ImportError as caught_exc:
-    raise ImportError("oauth2client is not installed.") from caught_exc
+    six.raise_from(ImportError("oauth2client is not installed."), caught_exc)
 
 try:
     import oauth2client.contrib.appengine  # pytype: disable=import-error
@@ -164,4 +166,4 @@ def convert(credentials):
         return _CLASS_CONVERSION_MAP[credentials_class](credentials)
     except KeyError as caught_exc:
         new_exc = ValueError(_CONVERT_ERROR_TMPL.format(credentials_class))
-        raise new_exc from caught_exc
+        six.raise_from(new_exc, caught_exc)

google/auth/_service_account_info.py

@@ -17,6 +17,8 @@
 import io
 import json
 
+import six
+
 from google.auth import crypt
 
 
@@ -41,7 +43,7 @@ def from_dict(data, require=None):
     """
     keys_needed = set(require if require is not None else [])
 
-    missing = keys_needed.difference(data)
+    missing = keys_needed.difference(six.iterkeys(data))
 
     if missing:
         raise ValueError(

google/auth/aws.py

@@ -39,13 +39,20 @@
 
 import hashlib
 import hmac
-import http.client
 import io
 import json
 import os
+import posixpath
 import re
-import urllib
-from urllib.parse import urljoin
+
+try:
+    from urllib.parse import urljoin
+# Python 2.7 compatibility
+except ImportError:  # pragma: NO COVER
+    from urlparse import urljoin
+
+from six.moves import http_client
+from six.moves import urllib
 
 from google.auth import _helpers
 from google.auth import environment_vars
@@ -116,7 +123,9 @@ def get_request_options(
         # Normalize the URL path. This is needed for the canonical_uri.
         # os.path.normpath can't be used since it normalizes "/" paths
         # to "\\" in Windows OS.
-        normalized_uri = urllib.parse.urlparse(urljoin(url, uri.path))
+        normalized_uri = urllib.parse.urlparse(
+            urljoin(url, posixpath.normpath(uri.path))
+        )
         # Validate provided URL.
         if not uri.hostname or uri.scheme != "https":
             raise ValueError("Invalid AWS service URL")
@@ -631,7 +640,7 @@ def _get_metadata_security_credentials(self, request, role_name):
             else response.data
         )
 
-        if response.status != http.client.OK:
+        if response.status != http_client.OK:
             raise exceptions.RefreshError(
                 "Unable to retrieve AWS security credentials", response_body
             )
@@ -670,7 +679,7 @@ def _get_metadata_role_name(self, request):
             else response.data
         )
 
-        if response.status != http.client.OK:
+        if response.status != http_client.OK:
             raise exceptions.RefreshError(
                 "Unable to retrieve AWS role name", response_body
             )

google/auth/compute_engine/_metadata.py

@@ -18,11 +18,13 @@
 """
 
 import datetime
-import http.client
 import json
 import logging
 import os
-from urllib import parse as urlparse
+
+import six
+from six.moves import http_client
+from six.moves.urllib import parse as urlparse
 
 from google.auth import _helpers
 from google.auth import environment_vars
@@ -89,7 +91,7 @@ def ping(request, timeout=_METADATA_DEFAULT_TIMEOUT, retry_count=3):
 
             metadata_flavor = response.headers.get(_METADATA_FLAVOR_HEADER)
             return (
-                response.status == http.client.OK
+                response.status == http_client.OK
                 and metadata_flavor == _METADATA_FLAVOR_VALUE
             )
 
@@ -163,7 +165,7 @@ def get(
             "metadata service. Compute Engine Metadata server unavailable".format(url)
         )
 
-    if response.status == http.client.OK:
+    if response.status == http_client.OK:
         content = _helpers.from_bytes(response.data)
         if response.headers["content-type"] == "application/json":
             try:
@@ -173,7 +175,7 @@ def get(
                     "Received invalid JSON from the Google Compute Engine"
                     "metadata service: {:.20}".format(content)
                 )
-                raise new_exc from caught_exc
+                six.raise_from(new_exc, caught_exc)
         else:
             return content
     else:

google/auth/compute_engine/credentials.py

@@ -21,6 +21,8 @@
 
 import datetime
 
+import six
+
 from google.auth import _helpers
 from google.auth import credentials
 from google.auth import exceptions
@@ -112,7 +114,7 @@ def refresh(self, request):
             )
         except exceptions.TransportError as caught_exc:
             new_exc = exceptions.RefreshError(caught_exc)
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
 
     @property
     def service_account_email(self):
@@ -350,7 +352,7 @@ def _call_metadata_identity_endpoint(self, request):
             id_token = _metadata.get(request, path, params=params)
         except exceptions.TransportError as caught_exc:
             new_exc = exceptions.RefreshError(caught_exc)
-            raise new_exc from caught_exc
+            six.raise_from(new_exc, caught_exc)
 
         _, payload, _, _ = jwt._unverified_decode(id_token)
         return id_token, datetime.datetime.fromtimestamp(payload["exp"])

google/auth/credentials.py

@@ -17,10 +17,13 @@
 
 import abc
 
+import six
+
 from google.auth import _helpers
 
 
-class Credentials(object, metaclass=abc.ABCMeta):
+@six.add_metaclass(abc.ABCMeta)
+class Credentials(object):
     """Base class for all credentials.
 
     All credentials have a :attr:`token` that is used for authentication and
@@ -184,7 +187,8 @@ def before_request(self, request, method, url, headers):
         """Anonymous credentials do nothing to the request."""
 
 
-class ReadOnlyScoped(object, metaclass=abc.ABCMeta):
+@six.add_metaclass(abc.ABCMeta)
+class ReadOnlyScoped(object):
     """Interface for credentials whose scopes can be queried.
 
     OAuth 2.0-based credentials allow limiting access using scopes as described
@@ -325,7 +329,8 @@ def with_scopes_if_required(credentials, scopes, default_scopes=None):
         return credentials
 
 
-class Signing(object, metaclass=abc.ABCMeta):
+@six.add_metaclass(abc.ABCMeta)
+class Signing(object):
     """Interface for credentials that can cryptographically sign messages."""
 
     @abc.abstractmethod

google/auth/crypt/__init__.py

@@ -37,6 +37,8 @@
 version is at least 1.4.0.
 """
 
+import six
+
 from google.auth.crypt import base
 from google.auth.crypt import rsa
 
@@ -88,7 +90,7 @@ class to use for verification. This can be used to select different
     Returns:
         bool: True if the signature is valid, otherwise False.
     """
-    if isinstance(certs, (str, bytes)):
+    if isinstance(certs, (six.text_type, six.binary_type)):
         certs = [certs]
 
     for cert in certs: