Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use gcloud creds flow if explicit file path is set to gcloud adc path #705

Merged
merged 2 commits into from Feb 25, 2021
Merged

fix: use gcloud creds flow if explicit file path is set to gcloud adc path #705

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
10e7f28
fix: use gcloud creds flow
arithmetic1728 Feb 17, 2021
9ed71e7
Merge branch 'master' into id
arithmetic1728 Feb 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 13 additions & 0 deletions google/auth/_default.py
View file
Open in desktop
Expand Up @@ -198,12 +198,25 @@ def _get_gcloud_sdk_credentials():
def _get_explicit_environ_credentials():
"""Gets credentials from the GOOGLE_APPLICATION_CREDENTIALS environment
variable."""
from google.auth import _cloud_sdk

cloud_sdk_adc_path = _cloud_sdk.get_application_default_credentials_path()
explicit_file = os.environ.get(environment_vars.CREDENTIALS)

_LOGGER.debug(
"Checking %s for explicit credentials as part of auth process...", explicit_file
)

if explicit_file is not None and explicit_file == cloud_sdk_adc_path:
# Cloud sdk flow calls gcloud to fetch project id, so if the explicit
# file path is cloud sdk credentials path, then we should fall back
# to cloud sdk flow, otherwise project id cannot be obtained.
_LOGGER.debug(
"Explicit credentials path %s is the same as Cloud SDK credentials path, fall back to Cloud SDK credentials flow...",
explicit_file,
)
return _get_gcloud_sdk_credentials()

if explicit_file is not None:
credentials, project_id = load_credentials_from_file(
os.environ[environment_vars.CREDENTIALS]
Expand Down
9 changes: 9 additions & 0 deletions google/auth/_default_async.py
View file
Open in desktop
Expand Up @@ -127,8 +127,17 @@ def _get_gcloud_sdk_credentials():
def _get_explicit_environ_credentials():
"""Gets credentials from the GOOGLE_APPLICATION_CREDENTIALS environment
variable."""
from google.auth import _cloud_sdk

cloud_sdk_adc_path = _cloud_sdk.get_application_default_credentials_path()
explicit_file = os.environ.get(environment_vars.CREDENTIALS)

if explicit_file is not None and explicit_file == cloud_sdk_adc_path:
# Cloud sdk flow calls gcloud to fetch project id, so if the explicit
# file path is cloud sdk credentials path, then we should fall back
# to cloud sdk flow, otherwise project id cannot be obtained.
return _get_gcloud_sdk_credentials()

if explicit_file is not None:
credentials, project_id = load_credentials_from_file(
os.environ[environment_vars.CREDENTIALS]
Expand Down
18 changes: 18 additions & 0 deletions tests/test__default.py
View file
Open in desktop
Expand Up @@ -350,6 +350,24 @@ def test__get_explicit_environ_credentials_no_project_id(load, monkeypatch):
assert project_id is None


@mock.patch(
"google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
)
@mock.patch("google.auth._default._get_gcloud_sdk_credentials", autospec=True)
def test__get_explicit_environ_credentials_fallback_to_gcloud(
get_gcloud_creds, get_adc_path, monkeypatch
):
# Set explicit credentials path to cloud sdk credentials path.
get_adc_path.return_value = "filename"
monkeypatch.setenv(environment_vars.CREDENTIALS, "filename")

_default._get_explicit_environ_credentials()

# Check we fall back to cloud sdk flow since explicit credentials path is
# cloud sdk credentials path
get_gcloud_creds.assert_called_once()


@LOAD_FILE_PATCH
@mock.patch(
"google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
Expand Down
18 changes: 18 additions & 0 deletions tests_async/test__default_async.py
View file
Open in desktop
Expand Up @@ -187,6 +187,24 @@ def test__get_explicit_environ_credentials_no_project_id(load, monkeypatch):
assert project_id is None


@mock.patch(
"google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
)
@mock.patch("google.auth._default_async._get_gcloud_sdk_credentials", autospec=True)
def test__get_explicit_environ_credentials_fallback_to_gcloud(
get_gcloud_creds, get_adc_path, monkeypatch
):
# Set explicit credentials path to cloud sdk credentials path.
get_adc_path.return_value = "filename"
monkeypatch.setenv(environment_vars.CREDENTIALS, "filename")

_default._get_explicit_environ_credentials()

# Check we fall back to cloud sdk flow since explicit credentials path is
# cloud sdk credentials path
get_gcloud_creds.assert_called_once()


@LOAD_FILE_PATCH
@mock.patch(
"google.auth._cloud_sdk.get_application_default_credentials_path", autospec=True
Expand Down