From 072ae792955a00c7bb0d6c53bdb47e36dad676dc Mon Sep 17 00:00:00 2001
From: Joon Lim <joonlim@google.com>
Date: Thu, 7 Mar 2019 18:14:17 -0500
Subject: [PATCH] feat(scopes): Assign scopes to Google default credentials.

---
 citest/gcp_testing/api_resource_scanner.py | 3 +--
 citest/gcp_testing/gcp_agent.py            | 7 +++----
 citest/gcp_testing/resource_snapshot.py    | 2 +-
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/citest/gcp_testing/api_resource_scanner.py b/citest/gcp_testing/api_resource_scanner.py
index d3d72ce..ea531ab 100644
--- a/citest/gcp_testing/api_resource_scanner.py
+++ b/citest/gcp_testing/api_resource_scanner.py
@@ -187,11 +187,10 @@ def make_agent(self, api, default_scope, default_variables=None):
     version = self.__investigator.get_api_version(api)
     credentials = self.__credentials_path or None
     default_variables = default_variables or self.__default_variables
-    scope_list = [default_scope] if credentials else None
 
     return _gcp_agent_singleton(
         api=api, version=version,
-        scopes=scope_list,
+        scopes=[default_scope],
         credentials_path=credentials,
         default_variables=default_variables)
 
diff --git a/citest/gcp_testing/gcp_agent.py b/citest/gcp_testing/gcp_agent.py
index c412966..50589cf 100644
--- a/citest/gcp_testing/gcp_agent.py
+++ b/citest/gcp_testing/gcp_agent.py
@@ -107,9 +107,6 @@ def make_service(cls, api=None, version=None,
     """
     credentials_path = credentials_path or None
     logger = logger or logging.getLogger(__name__)
-    if (scopes is None) != (credentials_path is None):
-      raise ValueError(
-          'Either provide both scopes and credentials_path or neither')
 
     if api is None:
       default_api, default_version = cls.default_discovery_name_and_version()
@@ -123,12 +120,14 @@ def make_service(cls, api=None, version=None,
     http = apiclient.http.set_user_agent(
         http, 'citest/{version}'.format(version=citest.__version__))
     credentials = None
-    if scopes is not None:
+    if credentials_path is not None:
       logger.info('Authenticating %s %s', api, version)
       credentials = ServiceAccountCredentials.from_json_keyfile_name(
           credentials_path, scopes=scopes)
     else:
       credentials = GoogleCredentials.get_application_default()
+      if scopes and credentials.create_scoped_required():
+        credentials = credentials.create_scoped(scopes)
 
     http = credentials.authorize(http)
     logger.info('Constructing %s service...', api)
diff --git a/citest/gcp_testing/resource_snapshot.py b/citest/gcp_testing/resource_snapshot.py
index ead7064..139a1f3 100755
--- a/citest/gcp_testing/resource_snapshot.py
+++ b/citest/gcp_testing/resource_snapshot.py
@@ -183,7 +183,7 @@ def delete_all_collected(
       print('\n{action} from API={api} with scope={scope}'.format(
           action=action,
           api=api,
-          scope=scope if self.__credentials_path else '<default>'))
+          scope=scope))
 
       sample = collected.pop()
       was_aggregated = isinstance(sample, tuple)