;ddlZddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z dZ dZ dZd Zd Zd j#eZeezZd Zd dgZdZdZdZdZdZgdZgdZgdZgdZGddeZ y)N) exceptions) pluggable)DEFAULT_UNIVERSE_DOMAIN)WORKFORCE_AUDIENCEusernamepasswordzdXNlcm5hbWU6cGFzc3dvcmQ=z1service-1234@service-name.iam.gserviceaccount.comz.https://us-east1-iamcredentials.googleapis.comz5/v1/projects/-/serviceAccounts/{}:generateAccessTokenQUOTA_PROJECT_IDscope1scope2 access_tokenz#https://sts.googleapis.com/v1/tokenz(https://sts.googleapis.com/v1/introspect$urn:ietf:params:oauth:token-type:jwtzi//iam.googleapis.com/projects/123456/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_ID) https://sts.googleapis.comz$https://us-east-1.sts.googleapis.comz$https://US-EAST-1.sts.googleapis.comz$https://sts.us-east-1.googleapis.comz$https://sts.US-WEST-1.googleapis.comz$https://us-east-1-sts.googleapis.comz$https://US-WEST-1-sts.googleapis.comz/https://us-west-1-sts.googleapis.com/path?queryz&https://sts-us-east-1.p.googleapis.com)%https://iamcredentials.googleapis.comzsts.googleapis.comhttps://zhttp://sts.googleapis.comzhttps://st.s.googleapis.comz$https://us-eas -1.sts.googleapis.comz#https:/us-east-1.sts.googleapis.comz%https://US-WE/ST-1-sts.googleapis.comz$https://sts-us-east-1.googleapis.comz$https://sts-US-WEST-1.googleapis.comz(testhttps://us-east-1.sts.googleapis.comz,https://us-east-1.sts.googleapis.comevil.comz.https://us-east-1.us-east-1.sts.googleapis.comz$https://us-ea.s.t.sts.googleapis.comz"https://sts.googleapis.comevil.comz%hhttps://us-east-1.sts.googleapis.comz!https://us- -1.sts.googleapis.comzhttps://-sts.googleapis.comz-https://us-east-1.sts.googleapis.com.evil.comzhttps://sts.pgoogleapis.comhttps://p.googleapis.comzhttps://sts.p.comzhttp://sts.p.googleapis.comz https://xyz-sts.p.googleapis.comz$https://sts-xyz.123.p.googleapis.comz!https://sts-xyz.p1.googleapis.comzhttps://sts-xyz.p.foo.comz$https://sts-xyz.p.foo.googleapis.com) rz/https://us-east-1.iamcredentials.googleapis.comz/https://US-EAST-1.iamcredentials.googleapis.comz/https://iamcredentials.us-east-1.googleapis.comz/https://iamcredentials.US-WEST-1.googleapis.comz/https://us-east-1-iamcredentials.googleapis.comz/https://US-WEST-1-iamcredentials.googleapis.comz:https://us-west-1-iamcredentials.googleapis.com/path?queryz1https://iamcredentials-us-east-1.p.googleapis.com)rziamcredentials.googleapis.comrz$http://iamcredentials.googleapis.comz&https://iamcre.dentials.googleapis.comz/https://us-eas -1.iamcredentials.googleapis.comz.https:/us-east-1.iamcredentials.googleapis.comz0https://US-WE/ST-1-iamcredentials.googleapis.comz/https://iamcredentials-us-east-1.googleapis.comz/https://iamcredentials-US-WEST-1.googleapis.comz3testhttps://us-east-1.iamcredentials.googleapis.comz7https://us-east-1.iamcredentials.googleapis.comevil.comz9https://us-east-1.us-east-1.iamcredentials.googleapis.comz/https://us-ea.s.t.iamcredentials.googleapis.comz-https://iamcredentials.googleapis.comevil.comz0hhttps://us-east-1.iamcredentials.googleapis.comz,https://us- -1.iamcredentials.googleapis.comz&https://-iamcredentials.googleapis.comz8https://us-east-1.iamcredentials.googleapis.com.evil.comz&https://iamcredentials.pgoogleapis.comrzhttps://iamcredentials.p.comz&http://iamcredentials.p.googleapis.comz+https://xyz-iamcredentials.p.googleapis.comz/https://iamcredentials-xyz.123.p.googleapis.comz,https://iamcredentials-xyz.p1.googleapis.comz$https://iamcredentials-xyz.p.foo.comz/https://iamcredentials-xyz.p.foo.googleapis.comceZdZdZdZeddedZdeiZdZdd d ed d Zdd d ed Z dd ded d Z dd ded Z dZ dd de d dZ dd de dZdddddZdZeeeeedddddddddf dZdZej2j5ej8dddZej2j5ej8dddZej2j5ej8dddZej2j5ej8ddd Z d!Z!d"Z"d#Z#d$Z$d%Z%d&Z&d'Z'd(Z(ej2jSe*jVd)d*id+Z,ej2jSe*jVd)d*id,Z-ej2jSe*jVd)d*id-Z.ej2jSe*jVd)d*id.Z/ej2jSe*jVd*d*d/d0Z0ej2jSe*jVd)d1id2Z1ej2jSe*jVd)d*id3Z2ej2jSe*jVd)d*id4Z3ej2jSe*jVd)d*id5Z4ej2jSe*jVd)d*id6Z5ej2jSe*jVd)d*id7Z6ej2jSe*jVd)d*id8Z7ej2jSe*jVd)d*id9Z8ej2jSe*jVd)d*id:Z9ej2jSe*jVd)d*id;Z:ej2jSe*jVd)d*id<Z;ej2jSe*jVd)d*id=ZZ=ej2jSe*jVd)d*id?Z>ej2jSe*jVd)d*id@Z?ej2jSe*jVd)d*idAZ@ej2jSe*jVd)d*idBZAej2jSe*jVd)d*idCZBej2jSe*jVd)d*idDZCej2jSe*jVd)d*idEZDej2jSe*jVd)d*idFZEej2jSe*jVd)d*idGZFej2jSe*jVd)d*idHZGej2jSe*jVd)d*idIZHej2jSe*jVd)d1idJZIej2jSe*jVd)d*idKZJej2jSe*jVd)d*idLZKej2jSe*jVd)d*idMZLej2jSe*jVd)d*idNZMy)OTestCredentialsz4/fake/external/excutable --arg1=value1 --arg2=value2fake_output_file0u)commandtimeout_millisinteractive_timeout_millis output_file executable FAKE_ID_TOKENT)urn:ietf:params:oauth:token-type:id_tokenc( versionsuccess token_typeid_tokenexpiration_timer!r"r#r$r FAKE_SAML_RESPONSEz&urn:ietf:params:oauth:token-type:saml2)r!r"r# saml_responser%)r!r"r#r(F401z(Permission denied. Caller not authorized)r!r"codemessagezhttp://fakeurl.comNcFtj||||| | ||||| | |  S)N) audiencesubject_token_type token_urltoken_info_url!service_account_impersonation_urlcredential_source client_id client_secretquota_project_idscopesdefault_scopesworkforce_pool_user_project interactive)r Credentials)clsr-r.r/r0r3r4r5r6r7r1r2r8r9s Nplatform/gsutil/third_party/google-auth-library-python/tests/test_pluggable.pymake_pluggablezTestCredentials.make_pluggables>"$$1).O/'-)(C#  ctjtttt |j d}t|ddt|tjsJ|jsJ|jdk(sJy)NT)r-r.r/r0r2r9_tokeninfo_usernamemock_external_account_id) rr:AUDIENCESUBJECT_TOKEN_TYPE TOKEN_URLTOKEN_INFO_URLCREDENTIAL_SOURCEsetattr isinstancer9external_account_idself credentialss r<#test_from_constructor_and_injectionz3TestCredentials.test_from_constructor_and_injectionst++1)"44    24NO+y'<'<===&&&&..2LLLLr>__init__ return_valuectjjttt t tddittt|jd }t|tjsJ|jttt t tdditt|jtdt y)Ntoken_lifetime_seconds r-r.r/r0r1service_account_impersonationr3r4r5r2 r-r.r/r0r1%service_account_impersonation_optionsr3r4r2r5r8universe_domain)rr: from_inforBrCrDrE!SERVICE_ACCOUNT_IMPERSONATION_URL CLIENT_ID CLIENT_SECRETr rFrHassert_called_once_withrrK mock_initrLs r<test_from_info_full_optionsz+TestCredentials.test_from_info_full_optionss++55$&8&"05V2JD1Q&!.$4%)%;%;   +y'<'<===))1).O3KT2R'"44-(,3 * r>ctjjttt |j d}t|tjsJ|jttt ddidd|j ddt y)Nr-r.r/r2rV) rr:rYrBrCrDrFrHr]rr^s r<$test_from_info_required_options_onlyz4TestCredentials.test_from_info_required_options_onlys++55$&8&%)%;%;   +y'<'<===))1.224"44!(,3 * r>ctttttddit t t|jd }|jd}|jtj|tjjt!|}t#|tjsJ|j%tttttddit t |jtdt& y)NrRrSrT config.jsonrV)rBrCrDrErZr[r\r rFjoinwritejsondumpsrr: from_filestrrHr]rrKr_tmpdirinfo config_filerLs r<test_from_file_full_optionsz+TestCredentials.test_from_file_full_options1s!"4",1R.F-M"* 0!%!7!7  kk-0 $**T*+++55c+6FG +y'<'<===))1).O3KT2R'"44-(,3 * r>cttt|jd}|j d}|j t j|tjjt|}t|tjsJ|jtttddidd|jddt y)NrbrerV)rBrCrDrFrfrgrhrirr:rjrkrHr]rrls r<$test_from_file_required_options_onlyz4TestCredentials.test_from_file_required_options_onlyTs!"4"!%!7!7   kk-0 $**T*+++55c+6FG +y'<'<===))1.224"44!(,3 * r>cddi}tjt5}|j|dddj dsJy#1swYxYw)N unsupportedvaluer2Missing credential_sourcepytestraises ValueErrorr=match)rKr2excinfos r< test_constructor_invalid_optionsz0TestCredentials.test_constructor_invalid_optionsqsP*G4 ]]: &'   2C  D'}}9:::' &s A  Actjt5}|jddddj dsJy#1swYxYw)Nznon-dictrvrwrx)rKr}s r<*test_constructor_invalid_credential_sourcez:TestCredentials.test_constructor_invalid_credential_sourceysD ]]: &'   *  ='}}9:::' &s A  Ac |j|jj}|jdtt t t|jtdk(sJy)Nrvexternal_account)typer-r.r/r0r2rX) r=rFcopyrnrBrCrDrErrJs r< test_info_with_credential_sourcez0TestCredentials.test_info_with_credential_sourcesc))"4499;* & "4",!%!7!76$    r>c|j|jj}|jtk(sJy)Nrv)r=rFrr0rErJs r<test_token_info_urlz#TestCredentials.test_token_info_urls?))"4499;* ))^;;;r>ctD]D}|j|jj|dz}|j|dzk(rDJy)Nz /introspectr2r0)VALID_TOKEN_URLSr=rFrr0rKurlrLs r<test_token_info_url_customz*TestCredentials.test_token_info_url_customsV#C--"&"8"8"="="? #m 3.K --}1DD DD $r>cv|j|jjd}|jrJy)Nr)r=rFrr0rJs r<test_token_info_url_negativez,TestCredentials.test_token_info_url_negatives?))"4499;D* -----r>ctD]D}|j|jj|dz}|j|dzk(rDJy)Nz/token)r2r/)rr=rFr _token_urlrs r<test_token_url_customz%TestCredentials.test_token_url_customsT#C--"&"8"8"="="?>.K ))cHn= == $r>ctD]L}|j|jj|tz}|j |tzk(rLJy)N)r2r1)(VALID_SERVICE_ACCOUNT_IMPERSONATION_URLSr=rFr'SERVICE_ACCOUNT_IMPERSONATION_URL_ROUTE"_service_account_impersonation_urlrs r<-test_service_account_impersonation_url_customz=TestCredentials.test_service_account_impersonation_url_customs_;C--"&"8"8"="="?AA.KAA== )GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES1c |jd}dd|d}d|i}tj|jj dt |j |jdt|j d|jd tj|jj dt |j|jdt|jd|jd tj|jj dt |j|jdt|jd|jd d }|jD]}t|d 5}tj |j#d |dddt%j&d t)j*g|j#dd5|j-|j#dt.|j#d||j#dd}|j1d} | |j#dk(sJ dddt3j4| y#1swYxYw#1swY.xYw)Nactual_output_filerrrrrrUTF-8)stdoutimpersonation_url file_content expect_tokenT)r-rr9r)subject_token_oidc_id_token,subject_token_oidc_id_token_interacitve_modesubject_token_oidc_jwt'subject_token_oidc_jwt_interactive_modesubject_token_saml#subject_token_saml_interactive_modewrsubprocess.runrrargsr returncoderOr-rr9Fr-r1r2r9r)rfrhri,EXECUTABLE_SUCCESSFUL_OIDC_RESPONSE_ID_TOKENencoderZ?EXECUTABLE_SUCCESSFUL_OIDC_NO_EXPIRATION_TIME_RESPONSE_ID_TOKENEXECUTABLE_OIDC_TOKENr'EXECUTABLE_SUCCESSFUL_OIDC_RESPONSE_JWT:EXECUTABLE_SUCCESSFUL_OIDC_NO_EXPIRATION_TIME_RESPONSE_JWT#EXECUTABLE_SUCCESSFUL_SAML_RESPONSE6EXECUTABLE_SUCCESSFUL_SAML_NO_EXPIRATION_TIME_RESPONSEEXECUTABLE_SAML_TOKENvaluesopendumpgetmockpatch subprocessCompletedProcessr=rBretrieve_subject_tokenosremove) rKrm/ACTUAL_CREDENTIAL_SOURCE_EXECUTABLE_OUTPUT_FILE#ACTUAL_CREDENTIAL_SOURCE_EXECUTABLEACTUAL_CREDENTIAL_SOURCEtestDatadatarrL subject_tokens r<(test_retrieve_subject_token_successfullyz8TestCredentials.test_retrieve_subject_token_successfullysR:@++ ; 7!*0J/ + %12U#V **EE&/%F $ d d $ : : ,/ $ d d# $ : : =**@@&/%F $ _ _ $ : : '/ $ _ _# $ : : 8**T%M%MNUU&G $ [ [ $ : : #/ $ [ [# $ : : 4K+ ZOO%D? $((>2K@  '88DHHX$61 #11!XXj(;6:hh?R6S&> $ > 2 !, B B4 H $(@@@@ IIE F)& s7&I3!A0I?3I< ?J c ^tjdtjgt j |j jdd5|j|j}|jd}||jk(sJ dddy#1swYyxYw)NrrrrrOrv) rrrrrhrirrr=rFrr)rKrLrs r< test_retrieve_subject_token_samlz0TestCredentials.test_retrieve_subject_token_saml s ZZ #44zz$"J"JKRR   --@V@V-WK'>>tDM D$>$>> >>    s ?B##B,c|jd}dd|d}d|i}t|d5}tj|j|dddt j dtjgd  5|jt|d }|jd}||jk(sJtj|dddy#1swYxYw#1swYyxYw) NrrrrrrrrrrrOTr-r2r9)rfrrhrrrrrrr=rrrrrrKrmrrrrrLrs r<1test_retrieve_subject_token_saml_interactive_modezATestCredentials.test_retrieve_subject_token_saml_interactive_modes;A++ ; 7!*0J/ + %12U#V A3 G; IIKK[ H ZZ #44"K --+": .K (>>tDM D$>$>> >> IIE F  H G   s!C=AC"C"C+c tjdtjgt j |j jdd5|j|j}tjtj5}|jd}dddjdsJ dddy#1swY&xYw#1swYyxYw)NrrrrrOrvhExecutable returned unsuccessful response: code: 401, message: Permission denied. Caller not authorized.)rrrrrhriEXECUTABLE_FAILED_RESPONSErr=rFryrzr RefreshErrorrr|rKrLr}_s r<"test_retrieve_subject_token_failedz2TestCredentials.test_retrieve_subject_token_failed<s ZZ #44zz$"A"ABII'R --@V@V-WKz667766t<8=={   87  s%ACC,CC CC&)r#GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVEcT|jd}dd|d}d|i}t|dd5}tj|j|dddt j d tjgd  5|jt|d }tjtj5}|jd}dddj!dsJt#j$|dddy#1swYxYw#1swYFxYw#1swYyxYw)Nrrrrrrutf-8)encodingrrrrOTrr)rfrrhrrrrrrr=rryrzrrrr|rr) rKrmrrrrrLr}rs r<3test_retrieve_subject_token_failed_interactive_modezCTestCredentials.test_retrieve_subject_token_failed_interactive_modeOs";A++ ; 7!*0J/ + %12U#V  ;S7  IId55{ C ZZ #44"K --+": .K z667766t<8=={  IIE F!    87  s/!D?>tDM D$>$>> >>!    s #5B""B+c|jd}dd|d}d|i}dd|jdd }t|d 5}tj||ddd|j | }t jt5}|jd} dddjd sJtj|y#1swYwxYw#1swY>xYw) NrrrrrTrrr"r#r$r%rrv5The executable response is missing the version field.) rfrrrhrr=ryrzr{rr|rr) rKrmrrrACTUAL_EXECUTABLE_RESPONSErrLr}rs r<9test_retrieve_subject_token_file_cache_value_error_reportzITestCredentials.test_retrieve_subject_token_file_cache_value_error_reports:@++ ; 7!#J/ + %12U#V E22) & " A3 G; II0+ >H))HZZ #44zzEE&/   --":.K(>>tDM D$>$>> >>!  $ AB+H G   sD25DDDc ddd|jdd}tjdtjgt j |jdd  5|j|j }tjtj5}|jd}dddjd sJ dddy#1swY&xYw#1swYyxYw) NrTunsupported_token_typerr rrrrrOrvz+Executable returned unsupported token type.rrK#EXECUTABLE_SUCCESSFUL_OIDC_RESPONSErLr}rs r<2test_retrieve_subject_token_unsupported_token_typezBTestCredentials.test_retrieve_subject_token_unsupported_token_type5s222) / +ZZ #44zz"EFMMgV --@V@V-WKz667766t<8==!OP PP  87  rc dd|jdd}tjdtjgt j |jdd 5|j|j }tjt5}|jd}dddjd sJ dddy#1swY&xYw#1swYyxYw) NTrrrrrrrrOrvrrrrrrrhrirr=rFryrzr{rr|rs r<+test_retrieve_subject_token_missing_versionz;TestCredentials.test_retrieve_subject_token_missing_versionNsE22) / +ZZ #44zz"EFMMgV --@V@V-WKz*g66t<+==H   +*  $!6CC)CC CC#c dd|jdd}tjdtjgt j |jdd 5|j|j }tjt5}|jd}dddjd sJ dddy#1swY&xYw#1swYyxYw) Nrrr)r!r#r$r%rrrrrOrv5The executable response is missing the success field.rrs r<+test_retrieve_subject_token_missing_successz;TestCredentials.test_retrieve_subject_token_missing_successhsE22) / +ZZ #44zz"EFMMgV --@V@V-WKz*g66t<+==H   +*  rc ddd}tjdtjgt j |j dd5|j|j }tjt5}|jd}dddjd sJ dddy#1swY&xYw#1swYyxYw) NrFr!r"rrrrrOrvz;Error code and message fields are required in the response.)rrrrrhrirr=rFryrzr{rr|rs r<6test_retrieve_subject_token_missing_error_code_messagezFTestCredentials.test_retrieve_subject_token_missing_error_code_messages:;.N+ ZZ #44zz"EFMMgV --@V@V-WKz*g66t<+==N   +*  s$6C CCC CCc fddd|jd}ddddi}tjd tjgt j |jd d  5|j|}|jd}||jk(sJ dddy#1swYyxYw)NrTrr&rrrrrrrrrOrv) rrrrrrhrirr=r)rKrrFrLrs r<^test_retrieve_subject_token_without_expiration_time_should_pass_when_output_file_not_specifiedznTestCredentials.test_retrieve_subject_token_without_expiration_time_should_pass_when_output_file_not_specifieds E22 / + i5I ZZ #44zz"EFMMgV --@Q-RK'>>tDM D$>$>> >>   s (5B''B0c dd|jdd}tjdtjgt j |jdd 5|j|j }tjt5}|jd}dddjd sJ dddy#1swY&xYw#1swYyxYw) NrTr)r!r"r$r%rrrrrOrvz8The executable response is missing the token_type field.rrs r<.test_retrieve_subject_token_missing_token_typez>TestCredentials.test_retrieve_subject_token_missing_token_types22) / +ZZ #44zz"EFMMgV --@V@V-WKz*g66t<+==K   +*  rctjt5}dd|jdi}|j |}dddj dsJy#1swYxYw)Nrr)rrrvz;Missing command field. Executable command must be provided.)ryrzr{(CREDENTIAL_SOURCE_EXECUTABLE_OUTPUT_FILEr=r|rKr}rFrs r<&test_credential_source_missing_commandz6TestCredentials.test_credential_source_missing_commandsk ]]: &'&+#'#P#P!  ##6G#HA'}} J   ' &s $AA#cdd|jii}|j|d}tjt5}|j d}dddj dsJy#1swYxYw)NrrTr2r9zVAn output_file must be specified in the credential configuration for interactive mode.)$CREDENTIAL_SOURCE_EXECUTABLE_COMMANDr=ryrzr{rr|)rKrFrLr}rs r<6test_credential_source_missing_output_interactive_modezFTestCredentials.test_credential_source_missing_output_interactive_modes 9d&O&OP ))/T* ]]: &'2248A'}} e   ' &s A++A4cd|j|jdi}|j|}|jtj k(sJy)Nrrrrv)rr r=,_credential_source_executable_timeout_millisr!EXECUTABLE_TIMEOUT_MILLIS_DEFAULT)rKrFrLs r<Etest_credential_source_timeout_missing_will_use_default_timeout_valuezUTestCredentials.test_credential_source_timeout_missing_will_use_default_timeout_values_ DD#LL  ))ctjt5}d|jd|jdi}|j |}dddj dsJy#1swYxYw)Nrirrv*Timeout must be between 5 and 120 seconds.ryrzr{rr r=r|r s r<$test_credential_source_timeout_smallz4TestCredentials.test_credential_source_timeout_smallsn ]]: &'#HH&.#'#P#P! ##6G#HA'}}JKKK' & /A%%A.ctjt5}d|jd|jdi}|j |}dddj dsJy#1swYxYw)Nrirrvrrr s r<$test_credential_source_timeout_largez4TestCredentials.test_credential_source_timeout_largesn ]]: &'#HH&0#'#P#P! ##6G#HA'}}JKKK' &rctjt5}d|jd|jdi}|j |}dddj dsJy#1swYxYw)Nri/urrv>Interactive timeout must be between 30 seconds and 30 minutes.rr s r<0test_credential_source_interactive_timeout_smallz@TestCredentials.test_credential_source_interactive_timeout_smallst ]]: &'#HH2;#'#P#P! ##6G#HA'}} M   ' &rctjt5}d|jd|jdi}|j |}dddj dsJy#1swYxYw)NriAwrrvrrr s r<0test_credential_source_interactive_timeout_largez@TestCredentials.test_credential_source_interactive_timeout_large&st ]]: &'#HH2=#'#P#P! ##6G#HA'}} M   ' &rcztjdtjgdd5|j |j }t jtj5}|jd}dddjdsJ dddy#1swY&xYw#1swYyxYw)NrrrrOrv:Executable exited with non-zero return code 1. Error: None) rrrrr=rFryrzrrrr|rs r<+test_retrieve_subject_token_executable_failz;TestCredentials.test_retrieve_subject_token_executable_fail6s ZZ #44 --@V@V-WKz667766t<8==M   87  s$AB1.B%B1%B. *B11B:c|j|jd}tjt5}|j d}dddj dsJy#1swYxYw)NTrz4Interactive mode is only enabled for workforce pool.)r=rFryrzr{rr|rs r<?test_retrieve_subject_token_non_workforce_fail_interactive_modezOTestCredentials.test_retrieve_subject_token_non_workforce_fail_interactive_modeGse))"44$* ]]: &'2248A'}}TUUU' & A%%A.c|j|jd}d|i}|j|d}tjt 5}|j d}dddjdsJy#1swYxYw)NrrTrz;Interactive mode cannot run without an interactive timeout.)rr r=ryrzr{rr|)rKCREDENTIAL_SOURCE_EXECUTABLErFrLr}rs r<Jtest_retrieve_subject_token_fail_on_validation_missing_interactive_timeoutzZTestCredentials.test_retrieve_subject_token_fail_on_validation_missing_interactive_timeoutQs @@HH( $*+GH))/T* ]]: &'2248A'}} J   ' &s A88Bctjdtjgdd5|j t |j d}tjtj5}|jd}dddjdsJ dddy#1swY&xYw#1swYyxYw)NrrrrOTrr$) rrrrr=rrFryrzrrrr|rs r<dtdddtjdditddd d itjd dd ditd dddd tjddd}|jD]}t j dt jgtj|jdjd|jdd5|jtt|j|jdd}t!j"|jd5}|j%d}dddj'|jdsJ dddy#1swY8xYw#1swY-xYw)NFz.Revoke is only enabled under interactive mode.)r9 expectErrTypeexpectErrPatternrz!Auth revoke failed on executable.)rr2r3r)responser2r3r!rrrrz)Revoke failed with unsuccessful response.)non_interactive_modeexecutable_failed#response_validation_missing_version#response_validation_invalid_version#response_validation_missing_success6response_validation_failed_with_success_field_is_falserr4rrrrrOr9Trr2r3)r{rrrrrrrrhrirrr=rrZrFryrzr/r|)rKrrrLr}rs r<test_revoke_failedz"TestCredentials.test_revoke_faileds %!+$U%  !+!8!8$H" !+$\4 'N!+!8!8$O4 'N!+$\4 )*e}}TXX.@%ABBB%& >=s%!AF=F*FF FF c <ddd}tjdtjgt j |j dd5|jt|jd }|jd}dddy#1swYyxYw) NrTrrrrrrOr) rrrrrhrirr=rrFr/)rKACTUAL_RESPONSErLrs r<test_revoke_successfullyz(TestCredentials.test_revoke_successfullys&'D9 ZZ #44zz/299'B --+"&"8"8 .K ""4(A   s 4BBcLtjdd5|j|j}t j t j5}|jd}dddjdsJ dddy#1swY&xYw#1swYyxYw)Nsys.version_inforrv0Pluggable auth is only supported for python 3.7+) rrr=rFryrzrrrr|rs r<$test_retrieve_subject_token_python_2z4TestCredentials.test_retrieve_subject_token_python_2s ZZ*F 3--@V@V-WKz667766t<8==!TU UU 4 3874 3s$ABB)BB BB#cXtjdd5|jt|jd}t j tj5}|jd}dddjdsJ dddy#1swY&xYw#1swYyxYw)Nr@rATrrC) rrr=rrFryrzrrr/r|rs r<"test_revoke_subject_token_python_2z2TestCredentials.test_revoke_subject_token_python_2s ZZ*F 3--+"&"8"8 .K z6677&&t,8==!TU UU4 3874 3s$AB B/B B B  B))N__name__ __module__ __qualname__rr r*rFrrrrrrrrrCREDENTIAL_URL classmethodrBrCrDrEr=rMrrobjectrr:r`rcrprrr~rrrrrrrdictrenvironrrrrrrrrrrrrrrrrrr r rrrrr r"r%r'r+r-r0r;r>rDrFr>r<rrse>)0B,7&,? $ &'CD+A)% 40A) GC<)% /+<) B> 1>.% +'>. >:= " *N-%*.$(  @ M ZZy,,jtL M B ZZy,,jtL M 6 ZZy,,jtL  M  D ZZy,,jtL M 8;;  <E.>  ZZ__RZZ"Ms!STLGULG\ ZZ__RZZ"Ms!ST?U?" ZZ__RZZ"Ms!STGUG> ZZ__RZZ"Ms!STU$ ZZ__ 9<36 GGB ZZ__RZZ"Ms!STOUO$ ZZ__RZZ"Ms!STNUN4 ZZ__RZZ"Ms!STVUV4 ZZ__RZZ"Ms!STCUC( ZZ__RZZ"Ms!ST?U?2 ZZ__RZZ"Ms!STCUC8 ZZ__RZZ"Ms!ST&CU&CP ZZ__RZZ"Ms!STQUQ0 ZZ__RZZ"Ms!STU2 ZZ__RZZ"Ms!STU2 ZZ__RZZ"Ms!STU( ZZ__RZZ"Ms!ST?U?6 ZZ__RZZ"Ms!STU2 ZZ__RZZ"Ms!ST  U   ZZ__RZZ"Ms!ST  U   ZZ__RZZ"Ms!ST  U   ZZ__RZZ"Ms!ST LU L ZZ__RZZ"Ms!ST LU L ZZ__RZZ"Ms!ST  U   ZZ__RZZ"Ms!ST  U   ZZ__RZZ"Ms!STU  ZZ__RZZ"Ms!STVUV ZZ__RZZ"Ms!ST U $ ZZ__RZZ"Ms!STU( ZZ__RZZ"Ms!STKUK ZZ__RZZ"Ms!ST4CU4Cl ZZ__RZZ"Ms!ST)U)" ZZ__RZZ"Ms!STVUV ZZ__RZZ"Ms!ST VU Vr>r)!rhrrrry google.authrrgoogle.auth.credentialsrtests.test__defaultrr[r\BASIC_AUTH_ENCODINGSERVICE_ACCOUNT_EMAIL&SERVICE_ACCOUNT_IMPERSONATION_URL_BASEformatrrZr SCOPESSUBJECT_TOKEN_FIELD_NAMErDrErCrBrINVALID_TOKEN_URLSr*INVALID_SERVICE_ACCOUNT_IMPERSONATION_URLSrLrrOr>r<r[s  "!;2   0K4'+b*h*h+'+-TT"& H ) 1 ;; v < ,(.*@\Vf\Vr>