"dZddlmZddlmZddlmZddlmZddlZddlmZ ddlm Z dd l m Z dd l mZdd lmZdd lmZdd lmZddlmZddlmcmZddlmZddlmZddlmZddlm Z ddlm!Z!ddlm"Z"ddl#m$Z$m%Z%e$e%dddddl&m'Z'ddl(m(Z(dZ)ejTjWddZ,GddejZZ.Gdd ej^Z0y)!9Tests for various combinations of configured credentials.)absolute_import)print_function)division)unicode_literalsN) exceptions) http_wrapper)AccessDeniedException) CredTypes)DiscardMessagesQueue)CommandException) GcsJsonApi)MockLoggingHandler) SkipForS3) SkipForXML) ObjectToURI)SetBotoConfigForTest)SetEnvironmentForTest)unittest)add_move MovedModulemockz unittest.mock)r)datetimecvtjjtjddid|zdS)Nstatusiz{"error": {"message": "%s"}}zhttp://www.google.com)infocontent request_url)apitools_exceptions HttpError FromResponser Response)messages 0platform/gsutil/gslib/tests/test_creds_config.py_Make403r%0s=  ' ' 4 4(C$BW$L(?A BCGSUtil test_impersonate_service_accountceZdZdZfdZdZededejddZ ededejddZ xZ S) TestCredsConfigrctt| t|_|j j |jy)N)superr*setUpr log_handlerlogger addHandler)self __class__s r$r-zTestCredsConfig.setUp>s3 /4&()+DKK4++,r&ctgd5 td|jt|j ddddy#t $rg}t |}|jd||jtj||jtj|Yd}~td}~wwxYw#1swYyxYw)N) Credentialsgs_oauth2_refresh_tokenfoo)r5gs_service_client_idbar)r5gs_service_key_filebazr5gs_impersonate_service_accountNz2Succeeded with multiple types of configured creds.ztypes of configured credentials) rrr/r failr strassertInr OAUTH2_USER_ACCOUNTOAUTH2_SERVICE_ACCOUNT)r1emsgs r$testMultipleConfiguredCredsz+TestCredsConfig.testMultipleConfiguredCredsCs  =4&:&<= FG  =!f 7= i33S9 i66<< =  s/B<0A  B9AB4/B<4B99B<<CTests only uses gs credentials.Tests only run on JSON API.zgslib.third_party.iamcredentials_apitools.iamcredentials_v1_client.IamcredentialsV1.ProjectsServiceAccountsService.GenerateAccessTokenctgd5td|_ td|jt |j dtd|_ td|jt |j ddddy#t$r%}|jdt|Yd}~sd}~wwxYw#t$r%}|jdt|Yd}~cd}~wwxYw#1swYyxYw)Nr4r5r8Nr5r:N)r5r=r9z#The caller does not have permissionz-Succeeded when IAM Credentials threw an errorz%Service account impersonation failed.z5IAM Service Account Credentials API has not been usedz+IAM Service Account Credentials API has not) rr% side_effectrr/r r>r r@r?)r1$mock_iam_creds_generate_access_tokenrCs r$1testImpersonationBlockedByIamCredentialsApiErrorszATestCredsConfig.testImpersonationBlockedByIamCredentialsApiErrorsTs   8 9+6G4&:&<= AB J K+6M4&:&<= AB%  #G =s1vFFG#M CSVLLM'  sXC<0BC<!0C  C#C>C<CC< C9C4/C<4C99C<<Dcrtgd5d}tjjd}||j_||j_td|jt}|j|t|jjdddy#1swYyxYw)NrIz#Mock token from IAM Credentials APIz%Y-%m-%dT23:59:59Z)rrnowstrftime return_value accessToken expireTimerr/r r@r? credentials access_token)r1rM fake_token expire_timeapis r$&testImpersonationSuccessfullyUsesTokenz6TestCredsConfig.testImpersonationSuccessfullyUsesTokenqs   9jLLN++,@AkFP*77CEP*77B tT[[*>*@ Ac mmJCOO$@$@ AB   s BB--B6) __name__ __module__ __qualname____doc__r-rErrrpatchrNrZ __classcell__)r2s@r$r*r*;sA- =" ./ +, 4::DEME-0 M0 ./ +, 4::DE CE-0 Cr&r*ceZdZeddZej edededdZ ej edededdZ ej edededdZ ej edededdZ y ) TestCredsConfigIntegrationrFc|j}tgdd5|jdt|gdd}|j d|dddy#1swYyxYw) N)r4rJrKr<F)use_existing_configlsT)expected_status return_stderrzcredentials are invalid) CreateBucketr RunGsUtilsurir@)r1 bucket_uristderrs r$testExactlyOneInvalidz0TestCredsConfigIntegration.testExactlyOneInvalidsk""$J  B"  # ~~tT*%56./,02f mm-v6 # # #s 2AA$z/Test requires test_impersonate_service_account.rGctddtfg5ti5|jddgd}|j d|ddddddy#1swYxYw#1swYyxYw)Nr5r=regs://pubTrh#using service account impersonation)rSERVICE_ACCOUNTrrjr@r1rms r$*testImpersonationCredentialsFromBotoConfigzETestCredsConfigIntegration.testImpersonationCredentialsFromBotoConfigsm  /O / 12 3  $z 2$G ;VD % 3 3 $ $ 3 3s" A%(AA%A" A%%A.ctdg5tdti5|jddgd}|j d|ddddddy#1swYxYw#1swYyxYw)Nr<)CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNTrerpTrqrr)rrrsrjr@rts r$&testImpersonationCredentialsFromGCloudzATestCredsConfigIntegration.testImpersonationCredentialsFromGCloudsu  &' ( 6 H Jz 2$G ;VD J ( ( J J ( (s"A$(AA$A! A$$A-ctdg5tddi5|jdtddgd}|j d tz|ddddddy#1swYxYw#1swYyxYw) N)r5r=zfoo@google.comrwzbar@google.comz-irerpTrq!API calls will be executed as [%s)rrrjrsr@rts r$5testImpersonationCredentialsFromOptionOverridesOtherszPTestCredsConfigIntegration.testImpersonationCredentialsFromOptionOverridesOtherss  23 4 68H I Kj I.2 4 9OK   K 4 4 K K 4 4s"A-5A!A-!A* &A--A6ctddtfg5|jddgd}|jdtz|dddy#1swYyxYw)Nr5r=rerpTrqrz)rrsrjr@rts r$testImpersonationSuccessz3TestCredsConfigIntegration.testImpersonationSuccesss\  /O / 12 3~~tZ0~Ef mm7/I 3 3 3s /A  AN) r[r\r]rrnr skipUnlessrsrrurxr{r}r&r$rbrbs. ./ 70 78HJ ./ +,E-0JE8HJ ./ +,E-0JE8HJ ./ +,-0J8HJ ./ +,-0Jr&rb)1r^ __future__rrrrbotoapitools.base.pyrrr gslib.cloud_apir gslib.cred_typesr gslib.discard_messages_queuer gslib.exceptionr gslib.gcs_json_apir gslib.tests.mock_logging_handlerrgslib.tests.testcaseteststestcase)gslib.tests.testcase.integration_testcaserrgslib.tests.utilrrkrrrsixrr six.movesrrr%config get_valuersGsUtilUnitTestCaser*GsUtilIntegrationTestCaserbrr&r$rs@&%' >)1&=,)?''?@012%%VV_ 56C++''(JLHCh11HCV>!C!C>r&