From 50c0fd29a3b6a4fd6dc4b801d883f5d2b6de88c6 Mon Sep 17 00:00:00 2001 From: Jin Date: Thu, 10 Nov 2022 15:38:20 -0800 Subject: [PATCH] =?UTF-8?q?fix:=20updated=20the=20lower=20bound=20of=20int?= =?UTF-8?q?eractive=20timeout=20and=20fix=20the=20kwarg=E2=80=A6=20(#1182)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: udpated the lower bound of interactive timeout and fix the kwargs invalid syntax * update token * update token * prohibit the access from constructor and only allow the injection and test * fix lint * adding interactive timeout validation test * update token --- google/auth/pluggable.py | 36 ++++++++++++--------- system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes tests/test_pluggable.py | 59 ++++++++++++++++++++++++----------- 3 files changed, 62 insertions(+), 33 deletions(-) diff --git a/google/auth/pluggable.py b/google/auth/pluggable.py index 6be8222c1..b4fa448b8 100644 --- a/google/auth/pluggable.py +++ b/google/auth/pluggable.py @@ -52,8 +52,7 @@ EXECUTABLE_TIMEOUT_MILLIS_LOWER_BOUND = 5 * 1000 # 5 seconds EXECUTABLE_TIMEOUT_MILLIS_UPPER_BOUND = 120 * 1000 # 2 minutes -EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_DEFAULT = 5 * 60 * 1000 # 5 minutes -EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_LOWER_BOUND = 5 * 60 * 1000 # 5 minutes +EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_LOWER_BOUND = 30 * 1000 # 30 seconds EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_UPPER_BOUND = 30 * 60 * 1000 # 30 minutes @@ -132,7 +131,9 @@ def __init__( self._credential_source_executable_output_file = self._credential_source_executable.get( "output_file" ) - self._tokeninfo_username = kwargs.get("tokeninfo_username", "") # dummy value + + # Dummy value. This variable is only used via injection, not exposed to ctor + self._tokeninfo_username = "" if not self._credential_source_executable_command: raise ValueError( @@ -150,17 +151,16 @@ def __init__( ): raise ValueError("Timeout must be between 5 and 120 seconds.") - if not self._credential_source_executable_interactive_timeout_millis: - self._credential_source_executable_interactive_timeout_millis = ( - EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_DEFAULT - ) - elif ( - self._credential_source_executable_interactive_timeout_millis - < EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_LOWER_BOUND - or self._credential_source_executable_interactive_timeout_millis - > EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_UPPER_BOUND - ): - raise ValueError("Interactive timeout must be between 5 and 30 minutes.") + if self._credential_source_executable_interactive_timeout_millis: + if ( + self._credential_source_executable_interactive_timeout_millis + < EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_LOWER_BOUND + or self._credential_source_executable_interactive_timeout_millis + > EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_UPPER_BOUND + ): + raise ValueError( + "Interactive timeout must be between 30 seconds and 30 minutes." + ) @_helpers.copy_docstring(external_account.Credentials) def retrieve_subject_token(self, request): @@ -400,5 +400,13 @@ def _validate_running_mode(self): "An output_file must be specified in the credential configuration for interactive mode." ) + if ( + self.interactive + and not self._credential_source_executable_interactive_timeout_millis + ): + raise ValueError( + "Interactive mode cannot run without an interactive timeout." + ) + if self.interactive and not self.is_workforce_pool: raise ValueError("Interactive mode is only enabled for workforce pool.") diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index 99e8d8b8280442550f1718fd0b57c77579ac386b..93947b26481b915183644c6704f2abb62927ffb7 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTCd5F3fr3A%RfBF#y_G1ce>UmO(n`5h(%~(1<;1{Wub;Pyni{ zhrCi@js0TR*I{5r9v-m`<2u5L5O~4<3__I^#6SCpROC`vnN_)N56pF!dAHD9v?~78 zY3my0{IIFl82!1OKmY$s?LD%>*1I&yS1@qxpG`2wv-`a#;PqwH5z6X~^`23YjIDOp zVDVI3RY@?%{P@pcQ!H2U0vgX;bIf^(e9Y|h_vT+==oy~USoneV>?I>QO!an4XDO>< zE5Z&I3iAtcBZ6A8`Fk88t2Bq9Y^lpZA|?(0-6w8-h%SYfC7=^Moeg4rd~Aaa*~EO_68e9r7&M(^r6p2i(E5o^vYZ$?0VA z#T-)zDOthe6_;B;0<>_I3!8Ty|B(>D-*3{*&!_x01l&Hsd(K8>=T4fpGb7KihdY=x zZ9Wc9v!g}ABTWOZoH1kR zpmG;4*nh8h(H*3tgy6t(ekviOKJ$EU#K&mI{$N#}$Tk6mqYx}*o8ZfI+k3a?3CKzk zXg>9LOXs>*Te8XQpqJrpQq^e20h^V2!!5u*Kni+kb=DjcYL?~KgP;G4fwI25?qhpe z7NJE%>{j0&U%({BTD`!crGL!4`KFpPQ&}3SjjbzZQL2AIpVT{h2T! zN3I8(xb$aXVGrM8<-_#=QNm?@e?!fzjMhVY4}90LMmg%O&qEl50I$@q4ob$~ z$@%{mdyQ~S#aw?y?&AynsHpq1OfSl2%sS~6Vy?WlK%ciPCQXFIotF4u2pI+(kbh;u zub_t=4|d@JqQIq-jkVKLF9D&VGPJ1pNfhg*c*SZPx78?>SUp-iuj;yEU^2)2=-R|` z&K!USoYN9DpPccyMnzD{Cu!ZGGks4x0eUQ2a?tl?m~q4n#2qll%Asa+&(1)gnS?uh zt+K!quQ182qYz4MqHB*v0x-_QeVlFk7w|sdR!azOEPHi%GdP5aA<7+#V%Uk{9ghPj zSURTv@!nYNp-E44)22BwyCBuTGr19<)!`norBB&e+QlRqZ{LFk@_Vv;AX&;0J<{n2 z#~0l)=7hK}O_iC!d8OiL?k_>eB`Pf!4KsdigBb$s5FZ@~PP38~i?0x> zvx)+T5zWC?@6z%$Y6_AM@PHd}!2`K_(^)7jfP+)le8?=xnl8vIUq4Mssc`9(d~=q( zy`*IeG*;<>RE-R6rQuOC{Qbza{fV9d=HPYc_~UF6`(!5%=FQxLwvG}_#a7jq;mJ%{90)(S zS!gn`3k|{Q$M~J)Vko%~V(87JPd`7=R!b~vcgqJ=o9}-+E z`V}zFAl$pb4a#X(Nm#wjk-P!rZ6&CP88ztyJSLm3&sptkC}SQ{^vY@@Qac zEcH-E-*XSpJ2qXn$1jh87luwVy*gs8!`*GO!dm!=W5Hd z^Jf7hR($f^P-Z-g9gM`)G7pR|JlK+jw#an{w_D*4Y0EikU73jepjS@+``uegUT+Ri zog)!gaOq4vJe=C>0g{8GRFTEqnh|IP5LeR`99)YS>}_;2jO(g3W8 zC)X7ddqNYK^k14KqXEMUCt{h}lEI%-iThPRu8vGlcvn_yuVD#gBx0t6>hV1}+)JW% zGn{sKyKq^hP@LX^i2dRYb#I3Sc=aF^MNAWF(7m==XtI+uuDoUJvZFQt& zs)!-Na3HbN!j-Y~EZP$tUSS|9ga5wyLxL~}6P+eoim+7yn1h+cxO@T-i-Z5UeIOm% zS!$+8%zR_;nFuI;l!mBeQopW8+8bVzcK4+tID?NNuH2y5)Id|;chFTZoGk*SB9AAq%nt76)V`W%dL2$oHO@Vq@UBJ{+F3I7WJAb5;9 zsbc=(i7ZWy`kCE%y<;O^#%~-wQ9Qs|EHKWMcpHRh(%p2cQ(;qY(vM#e^_&}e8ERE{ z^s$-Z$V~g*juwn(r2q!@1}4~~0ib9q(ATq*jny>ARYP+kQtQBZDa&%zKApKMFvIn~ z*h{|-wV%Qlp{Sto{I*!~Wx4+bghX*O3*cFHC2K~u@kb3k>T1gi?*%vK+z}ClG<}~& zc>_f+P7ZZF@{QB7`ok{q_P8Wp_T_p%G3r$?^dbn^R zS>=Sxf;;SVC(@w`5;}fiP9~=rF#4Ke@H`B}Y9hG#4spgTDgtixJ zad&Rh{8OO5Jc~wYo`}RpB+HUq`9sik(O)C6eeAAI5d<=IFwtM>2Yxg~j1X1f_&G`L z{hZ*o(?XwunQ2u6t}}~N*!Z_qwd6Hxs#+ssk`Ume94pGC1?9d2%abPcLt01F!fAX( zN>#W-Rx52nuJ~1U4MhPx9nt3lrghg)Q)@%y5q95y;YYOSzOFtI1iQ6Ywrn}LHelFAPp}$-5-cH)}vz3(9TR^uI!!mDcn)z zTyi@Pb}l5ipw0ijf`?JD@|g*6-6xVe9gmuCY;!-sHQBFfFqzkBDJW=InjbjD$-59r zG-wPI78*vMSRGS7tUcQ5*l(#umvwV#13uRZY5;W|qoU8I3MPX?z6abR(jcOUFtn2XreS3Kh5%@>-)dNIKlCUnMXr z353PiU`BV;;~Rih?9F`&!Tti|GK$Eko7?2!us8q`EYRHfi2O}D=q+mLD29H6iad#-4{uWg>C$WrA$|m)v`!Dlu&Q zPd}P!V8zm8|KB%Cr2IAdL`ulwVkP#9rv5`1%n7J^P2(RQsJwb#dP>(*qVIa$eu`xs zZ~Ibxk(v_C3W}B1yuhF3WM_i%;J$mRfq4M4t@(acRe0j@>9bG0eNW+~yZ;Q!3g z(@+Ch(jYQ8X@FtR&Z}AphV}yG$R{kwrrbt_!}V!6H}35 zG5lI>6WE(g*m#E*JV1oZKOt59Ji$PtoOc2${%=0s8H-dMmY?EtKl>}ev4I`x>JvnJ zq(xrvEWAl)$O*723SuiTe0Rvxc!?lq;XRFDTljZ^LUK5a?vOKaWBsC*Jt@i{EglDv z9k>ShP_W=%byattPZ;xPq^k6!nmpcn0wU-5h!3JPM-0(s31XYhr#UpZ9JRUwV81fb z2!sOIy01`JwB^if{sM$ibTCu}X7L4B5aAVGmD=N$*p>jGLm@SWU4HSAh>Mm&k_WPh zAK>=I(#+2oh^?|z;4aYJI|`Nyu8`8(zFD)QW7f22IW!sD$m<-Li@dyanc(i~=mhh{ zqco@s%h$2ECT{SJ9{Z9BM4|deUn!(4P|5wfN~_KmX)G!7q z0+QHx{m(FhN(|J=`1;;~B;iHjq1@DQ#hvE~)KrS}|0|KprdVuN)6&N{XLiYnp_J~N z2hxP!ubB!yphV$XW|aOWt5y1{w&ygKKF7;qAPe*UxIc=nd4o|Q1Iy9qT&9Iw;?8h} z(ljk>E5T)kw+MQ|sRHkc=L*Dk+yQ9gz(LgMc)jXWYa<&YMh$I~j+j6aM$F2UsU27% zC8sYF1a>C{TBKGr0n4)*iudi;7>{2qqi^Ow_RW@$I6w?PNOrO$(ND_o9kDV?MQ}~9 z8BaC-srTG2KNLgWC)Zz9RlqI88pcse^S*k`@IyrUW7E=S6YyG5b)rZdyx213p$0Qx zH35^Aa4J6C2o__z-mfodS$opSZUm@4u&Z#d%(4$K0iC0|i>wX->3_2(Zl!C3*=q3? z$D)(dV`aCTUrVT+-bZtYt8ZZPjU+IP`yKH|Bysq{Rp&#&hkJYYi<;5(J6J7E=4TbP zk<_?Uj|ii<;fns(h5E-Le(7*wai!DF7SOaB6BCSTXj%xP)xa^Ef*ZR<87ab|Ap?{t zw&4qz!fb1`(h~jgchqLw+?y7zXbX98P_SvT$PG)Vr-Wm+s^(ggi%LCm;_C699rFxk z5C+XzqQxBBEe=znC~KV7=jqnDUppi*5L&?PvTXcF`l!u0`vHzqjsp7h78#O7@(5jv{V}1J zp~KB#*xj*LrK~}f7gj(i-p=p=>?tzsDWaW?~hhPVK^$ zZ6wAAM>(HQ^C)T^Wx1|-U28M+Opj75m{3@iU#8BD%lY!=cXL;Qb$X6Ud@B2OoLC=T zb0U$jz!Kf0?6%K&Ud>guAsO+u2hPra&|g;`MaUT@=4ood3GqyorzdOb?R;=sLkFSP zvj@|Jc&78B$|(pVj7^BJaQwvpLRHDVd66o_V_tv59jkjB<^Zb|sS-J;)|D)bo8POF zg(JN@+iM_YQsjiT6RJIDZ$9VG*m3g@znu}MMhdPCgqZT-IS0iydmA!L8q_V8S!9Yd z7WUux1kEwn5G1aF#Y@_}x@L>^7u2*8yk~CK1os=#dWI2lURZ_|Z>Mdt?c9R4^6JfyX<`;Ba|FiHCKkvi>YVhic*UX2}-uix< zGSDHEEEzm2hT)GEN40b|MaDT$Pzrijrvh3WNrbH9ea^9W)hrhTvMHu??b{bHLhE1B zG)|NH&$Rvr<;~TR;X%+rw<0kxdr#|Dz9BTG+X^Cvt?dFa2do&~{zM8j?&>I1ezpUb zvMVL}jrKvzS~27e`o0OnR1u^-N_18HtC?A(YLV}MHj1rt&J2En?BUbwhT{TL|a;rHd`kh zISN}zEq52*Vs0+uZik{5m6u3igx*P^Y@KagBiBRqphqs-tJC<}r;~MQ1_*0HzM{#7 z`A76*yLlI(V5ooR?gusD7MwfyzrH8irGHF(HK{oaMlY9$ZIx8nak^*=hLLLQ90QCL zfdA|`t$t^iPT0iCJ2#RboV$g^SUK+K0`y|hiJJrZei9c7HBO&BFu#VZ?8=?w!MSL@ zSS(1RCJX!;dp6OUW@|FhDQ7#B+5BrO1i!7qFGx7tDZsbMkg=>y$yW(Y5nL8vYNZo! zQM@F}ac*h-4U9KRo@$4@aF!%4tnH5)LZU%K#vbUsCtLcDC$AeHmvC z%{v{Gz9dWd0)@#cp&XKLAOSYlt(*fMgIn6Qfb$A&8S6;)C@H=t#z3)-oS|TOEYO-D zVzEaS23T!c^CS`Be|l{OZ8bSBf<<;^kl1&9Z(EIHo*_yxpk_j=L=M{IcCp=o3CKyT zgozRFBe%M8kVXQuC|Dr9hSi>;=~B4z@F=Tw7)SfiWpgY0=dBUsw!w3}3^iWw@JYM? zCdUwZvfe`+Sqyx@Qjh!7xAj%J8k5c~ziJwMF)$^4g_}Ifo7)S!kR*=}z+Tpi-TE@9 zYHJT0)yQ;fADNL9U^x(6`7@&4sPdJxqejFc^g2W3#9Pw3NnvVS%TDKPu3~S0l(=pi z$!8hkQhr!q}ccMW{5rL}w)Rx@K#*%T%P*J=tU0ciNF+Kz7L+ zosat);|JL5SzD0HIseaoa_<*Z<2J$4sT%%+m9+Pak`PK_5S~- zL!LEx$0d%=K~flyS%Je_i<9XLY^?Un$Fcl=Nzh{RMFDjZntEr}8Qi{Ln+D`*P=2M> z48F$&79PIzw4sb_W3xH$xK1u8KR!_2XJtuqs00;N1DP${oQrw**Fo@7@s4&ljWSwB zXm9e3IDh;+FRhdaQlP>s-lw2<#tKJb1I1wRG@e=4%?qMF5unR{N2py%4(b4KLP3*t z`>5VtiYCpPl8>twiyE#pxzB$nUQs!F**Gwys`P3m$--XOYXwC_2>vb32O`5SdJ+ru z2JL&{obkjb>LZAE;b2**`)py^>;oI+du?j^ov*hh{T4MaM74iyRkijh1;`D&5k(0; zzj;;?RDV{0UqHL{POXJk{m^R6Tlcep{O*K*(HU)RtI|qw$1^Drx9+B6X}zC9uuUZ4 z{BxbH!sjjbSMIwEc>!mLd%_`{tSXp~mM%uPR!+nFI-~%V^}J@acD0ecz-O0mYc21*Xa1;bPIKU^2-am{~)R_ zz{^b0xcwxQN*s4i+Q1rs9r89-Vr)au^Sy&N@qDYscd&4GN{(_wjWvLehVCmwVt+os z$M{Zy3SraT(f-I8)Dz?DG=4~Lsuym0lF&3jJCt_9%_Ft!Fin(x1$~ky!;lsWKF5|y zOO6y1B7}T#{XrY{dk%1aI&?If&#)=Q@iL&247A!woUNSeY-6_m|V<|A&T zw#y62dh9Yt$fP?&{t|4$@OSuOJsDhtriMWj3YAy_s1HAyApU)?c+N})(W*`N3-d6a z(d|_Aw#};9;&40vi`C9pcIp4;`<%-RR~2FYTd?p-9HV!0)4tIIg%7VuG?=LtM@IAk z%h~0!#!7zHD@NymEeYCGeqgPBL#E|+v;s=lb~uH9p)suwhXRJyCTpenH zUE8)oH=gqs-j;k9&E_X%<+wFCM_Fj5KHR8QX5AW!5a$=gFZLd&pcN9Ir{jF#IAQap z@nbc4?M`YnP2DJeGTgiyS6rEb2ANROc=73z zCG>g%4Y_cjz=@kCu@Z*LDd1Qnyv+?fdz?q%NK=(9^1azzy2`;G+9!H+k+Y5mQSxyq zws!p06|A`)+@tTq1K_{^Pkq2dGkgGh;99!rDpxEd>rCG-tQwU@onj5x=^9==t72rAth~pHX9t4d;`XTb9oR4bMEaPzv0O3d2meyN+pn6G+vIqRID$^~6(3i-4Z< zC*_?2$THbje6jA==WTf?8)Z=WK>gsE^WyX{0<6>-II0teaUV80v)(}oC8pMLs7Clo zhBDMI3guO_sS9kC?^aY?!sQFvc&*==RLoCBbW1rvDxlD(h^9X);*ich6dH>XHfjEYBd1ci49n3Pe)Z0~N!iz)R9d)$`W`n4`I-EyF*$vVg zmS)(Dl5}lpJ=sW@8ICv+V=h9KO+t=*?hce!B#aT0dSi^031$1o;)H(wmY+)y+T+?% zZ$f01bs90f$J4KtY|=}yJoFi)X1Ao~s8{zaYXKZr+N{;KjKqXom6OPIyI430C$T&R zZeq^&Npi-IEjKJtr#~fMl(Eo@pGvM}hX~FO{56U;^ZcSlUHCpr{;*T96iRR{&DLNB zsZO+!Hnx8&qv5W-Da5Xj<%;k$<7eI8p?}dbohm|bo1_`UQ3tv`wCIoRw6S_!Im+#x zbnwJRv|;mQdNFT5#DXBCU6xpQABNXeMh!=|NUv&WNhyM80swIbm0gbsAsxqAX;dxA?DvR4Gf68j;HNC&c&rG~*sG{W}&_@JxgG zfUS!!Jmf)(t;5jN6q2LcJN(DmUX0~j4ilx3tyaL7(%|QX>w8TGYtF)<1&s9RES4yO z7_j=GIy~j(v8}^a0&=3`XSZwBn~;Vo03ZS`8)r|E)`1}c$2h-!JRvMa&%3_22Faqr zNNDfA%S}~C^`%;?ahZ_$sqc~*9hBdUh;<2lJ1S;`LJMuJ>%WFQ{vp=OB82k0xi`%7 z-!Td|j+F9^HqdrFe$p9(Set78=zPR5yq<^!fBmOMX~-bgeKIj>GOmDx9P(3jkKOeh97<%6L}pZwGIfzsbh*27@Q(#Qk` zn|IO`QsOZDT8zAr-c*Dy4`!SS_S{?jH#6e5wh^+J zS%>bx<(*Y|*u#!Y9T>+OW)pyc0*7i)(dh=h_OS@r#?u>r10A*XJ=s!|m9at&U!u8J z|621bBulY=;0gcL@PSl-*hlX;QD$h94?!YHPkeGzOl2!J>*fkI^YjMV6vZ{+3gxlI zuLd}OZ}L$n#*Ebsl3

ltPq+FJ32-%9E8$Zq?5k9<|$#>UZ)8=$j;xmvoT}CVW44 zIzd}92f^W2XtpjUSkp}(y^I(L*hx;Q)5`bR902qc!IZsTiJnVm6izH-OsMxJX>GzV zkKgfI59T*t6MmreJ%$|Lu<(9|sK5 zm?!$*%J}EOsKAH1-}pWx(&QNd;7CsN=jy6g*`32OSC;EF-(gL8ZTE{&cVjZOv|)8* zbK3q?ZN|!o(u+2$#O3Vx8GnfevOWJg^xnxayc`ffLrVxE%--yI>3Ms=GCjgsHS%C(c>WG`rox(^rq|_VX+9$_}-IyWtix zk26?ZF@S$e7d1Yj{8GkH0*myje`spb=ktP50;kGQbMP|+@PLR1Gs@)NDDS`&+b6NUEYQ$LByUl z>SllqYDc}<@>!eBP!Fu0IJ&IC;-EL=ydNpz^=W_t6O4Tg1)7>4D6bSE{siV!@N+U_gIy1{Nalu1VR#V7-u zTq|y=#yfb&p&r|ic3<~b(Yy)I-Zym1Lm_0M8x8pa;NI3{1^a69GvBsk*T$2{rZy#I z`UvP@w7^-SJVJFc8RiYB4C)~dHW}WZ=_el=p;5t0Bv_BuSWgP+CmFI{d7T!Q>s4INQ0wO*zO zpsMSjS2p&7Ft7D@oLl|K&Mae!qp~1IHq>#E7%`;Tv^c}^?6XCe zKogLT<7KR+{kNaMiY9WC|Kn43o&B$IC2F~+dI1YhZad>HAgol(cw(~?bg1$-g?~EY zUtHWpm6;h(LVD~(5TnSl_9I}?wY2|6)-y*-dngdVPdlweW=^G5#k$A#ssf*FB2DN7 zLnZwqP)j{)q++zBdeCUI6|6Wo3>Il&z1(%;QVn?9`ke--PTdDP2Go`h3B(;g*I(&< zsUp$v*n)yCC|s(Gr>xa_^R8(Q{#D9*>Xa3>^swSn(>>U3X_oEVaa3d1`79zbfau-o zFB@jrvMzO0Jz-jCfrT29R0yswhca=VTPELI`}%x4I-fsac^5vl98Nz4#fmU*dWVxx znm)>*`6>;242pTiQ+0}0VljO{$|Zr4-VqX||7xliA^GBtpR?jd@@^aD)Hx{kAQ)%6 zlTBDEK38Nn{*6i;#8Q{XoNgsxVv`!WEy`n~-u+!G!)HFY%&Jhj96;z9eisoaU#__* zC*0kcF4i>_8=;Q8i)ps-C&9+>%Vo+54Sem?{D3sL()^HdZI!cck<^@iCp)`Jlim| m_u(2AUeu510sxcM_x`K-H(jnbC$?wPf(L^eLX!f$#h@MT+yKx3 literal 10324 zcmV-aD67{BB>?tKRTCO0rj^?VDAkuUCm*}IVD$wgxagi9<|WSx-uGH0HTDv!Pyni{ zhrCo*jtT~M4@;+k8jXi#I=}&)GoHoP_kzB^7^SfvjvLI3Wh5NthWw`Iwyshv;8aSx zg5I`I_{}^@rc4njr_r!;hM=bAOddeo{e83TwE5Q(-#aqf{jP)}nUZEXT-E}Zl0he}yvRreS%=cR0MGtfRnjTFU4|5KK8J z?vXNq3`YE;hOzQydwP1I+rX%Ow@tO^hz`{y1niNxsis4_iTAps2BeJ<57;*3wVZI^ zqDm{qJ&zH3LN?77FPDIY5Ty-$JBG@E)+x7dOgw&Mg7soD$uuwUJXDWXV82kVl$7jl zoo3|TpNl2Mj=^(g6JP41RpHmbeLajd4S*Po*6!18${|0H2*Xs!8u-yR3CM+PHyleB zH=W-8QiNOFEr)tBdMC`X*+x}wUU~_?{-_3~`50$+q!T#QiuHj#W+Ih)XCmtp&Ho#w zr#KS%hz8h-52aS)0{el7d#-$=`{Ib@_uXDAOV4yW5LiT}`rS72v$GB<6mA=9auSzu z;Wz(PxVdZ!`~~pKPV6{q{o;VEi?;{I)t=BT7geST>CQsgdzM>Uo)m3aLn8 zTWDkNcth{!-5%0dB8l`c3PiAg57(;G=r;>)h*$OjnT%*U*6DxlN_;JX*oA3T1L*OLj~F=>2mVDy#>qS z7^fI~{Jqxsu5j2S3Wre>Z@|;TAz-I0SgUKOnkpet)l8vXa~i1MprmHT6;rNXuMRC< zV>)L6iBR(;3jmtU+h}o(SUauPFmu~{D5$xQTG!Y_AaT4IR& zy$2{!yN0lr^|R$L$cjWk`2b0Wv(KngYAL*$7Ua9lRp#LO4(Kto5C$7x-sBHK82$r; z8F8Dl#VxecaTOQ&HCSL>-5&)vDAsP_r2?b5R^Rg5DC@-Au5R=#n^~PN9kpz_`_|2ANd`GrJ@U7tZ z?>WInBjWup^73N7L*?^wSv-LmHhqcVN zZ;5c@3#&QDR85q*&F0C_(^v;@c2MP35$?-Ido2g&R=jrl1aN3x zfQd_xm%=;`khh*XKnfcLU)GEOG9C3w88UrgCzS4m5+3ss#F2GbY(nvOyTboOu4mtY zaC2kBo=qG9zvrE9QR{*mI4otQq$x9%SZvbG%}GAhL7H}k| z<9h$)c_O3l@xDBbn-l$}=6JkiPrB|nO!rv-rK*AE>*K%+^IZ;0^{JB{a-&)ykq$r% z7hg$;YDWIF-!T|tB3awin;x7YNFmxSY5EK#MWJBn(~y~_PYoySV;+km zr)(JKgReo6dAPokeNpqR3#=X>V?EyWZKE)K3x)4F$HJCJj`ZOnW{b~xYbQQkKjeN4 z)w&olt=#Q~KX>AxC)go(UEBA{M1QQ^iJ$?=wisot9X6Cu?@uOf)Elb>`nZN;plcFx zcH1v?57}KxxAtiW-dZL+w{9i*NkGN2ns<5C7}_+c!iyJ)=YD3;2Yy#Gt2MZ~_K*u% zfIO1!jnP9ll@JdF!vYGgPk;a@S#;QhC|v--d@&l%!0RAt)Sje-A5TUlF{L zYC6ZYPEzyN0@mkz{Sfz4o+tW{?m(zYelt1fW3wN-;6MBY4#KNZ`UHA*SLrjlcNx{0 z2W)YZ)>QJ^J^&=0&_n$Z?Yi2dy2G93iZ$0kl^kK%({-T$7mK^@)U%EKY{Pox_riDa z4Un6sj}Kj9Q(kr9p(YNeN3!vf?#gEYMUn*kM(If8m=Em=|J8VjW!KL9psO(#$&o2- znIdmveaYkLkHN!c_taQeZJi4$h|{L5zNl6S08uY63IqG8PvWzO_Q8~*+7hr)mIR{6 zAl_DnPgFJqT#J-Pv4~yj%u_Q}`|qCvnSSeak9OU0&-jLf=ljdoJ3`2#bf!%b$brb^ z7_iv_=(0|UZ~)({Y?qB0-q?gqzsaZ{OjT1m4w&pPIJR(za@|OmzQCO-NpA|q`;0c} zW=6BSqi}Vxv%XiSdNNzG$@v|fL=lPL$XQ8_49Q;I!8?hYjJ~?|aP9iVz-Sb#O%T#j z0>14E_rNFYj4Lg;^g!l0@&MZw17C6@SnG084Z2B6L-z zOASRSt>$gb%RsrB(?aL8si>do+3^HU(IW1?PlrrgPh@aXMb^jnbBydoh-J6+|45Ol zJ=Z!3eT3PK4{Mx)UXXN`NLX-QXfaRcsY4vgt|uxZuL6>FP_MKHlQGi)Mjff-zZq8~ zRi|F-lkXkU0Nqc#&5aOfv*#aUDb#8k_c)Bvr7h)&>0s&LOa8+t9sVAb z&4qoZN(<=du^0DKepdJNh0L9vIeN^BQcU4F3Z)w8v-XgT8ik^SM={VlwgQDQCr=Vv za)k?Covc+Jefgg?tnzGypzC3;V3$`i4Cg<6%Xe_1PhdJl zcTMyY*+J_x_LlWqhhR0$eu&Mf3`edfpYrgeJWUDJ4S_^1p1^8V*}6GaG7I@e9!ZLw=$rEEE`htTq6l5#eV$+SQ&Q@wa=~Fz`ZZtfG1a2n*kXu3Tr$mN0xI)vub>y za-Qfv7ikPz$160CR`u)%N0*r;m|`>v62AnEF9#`@^^@D*zlja;13KOI)MbJ?Eama-u!W7wy%7*YC*npw`YZFo{Gi&hE z#ZAj;FhjeDsAOx36*wkqLbJQUXKyT6?!M<7JqX8+JN`AK%c2+PN z&{PI3ItL(|Ftq>pvp<8D+-O^Z(ykFR`~q;IVl9z!YGbu-jf2+{SWoSSYp3=r=di`B z6)AG@S`WQ&k1tQz#dWn|J~Rh}TTDyu56Vdnb=>-7 z+A&7qX{O~Hd(3|rIu7t_5(xbkyX?Z#6DErK`rB*It*CrG=s$4?m}O$YqnMlg6kz4p{cT&I zK-TGV1FzObAUw2V#X$!!68|9pro5F9P)IXhA5j$MndP9~l^aNUO`mBic;Aue8w?OS zHi*<2IKgbvBo0SK#+eIA3lgbL#Ij$GQ-Crf-)K~t!W}k95R&ppwwA$Y2DpCa$ z@p^KKNAw-8`kWqlrTwKK_z#97K!PfS6iT*0T$|0f5F&}pteP8I@Sq}N8+xN-@q&d- zLz;+^f8WmTtt0ZE<`g(Jrj;%zwK=#Uv|76y=j@#Nf@bqe#0(QY%LRpsGUK|DC~}0i z9Rs%FT8?iV4ml;EMgMQHU@iz&Y({HOx-5_wqH3q&6{H_|1&lb~h;`-HRc~-Cl=vBH z)_U)D@JExd{0fDaqj(~mM<#g@x+-vsMZncC#jl71nr-A>ihMy6t>xjU1#K?8)i;`zI-E?~P^#0nJ^H@?%tj zZyQPd2eec8#S_?iwl0D`t#6oNJIL6<91K?vB36z@F-ZWL@i})Qj`@v8Qw+1Tk8yJg z2i6NM`#KN*vRFz(pwM>1cq!HT<~PB7A})>*c0~>@!+B0FR8#jk+r@$wY!sZGO~Uv~ zm5N(^0z#4bv!yKvwc9`-5)sJ0eYGQKTJR5O4MnA4wn#(e!r7X`o?40!FU63xs&k4` z|0-5l)74XlLmh>YVta%RuCtXgk(s@L{IOZdafUx5?7h*o2c>9MjY{;(1&;X-aW^lD z=m(QCL;9u#ge###c}X|s|G|#{t>M@Q%+QpUD*apbOYqAUenmUStzbGf1&UdevuyTk z@8WOjFE;jC?N4Ek=SoTFx|(}bqQ~JUBa|8rB98UI}J-5ziSX7{!Cwn!|}ljmY~@3>kRH|6n@|Y!KW%B zeV%<8{zxPO>f#gps9G%3m}Z3}&|=L96@D{luFtHbYWds3>3Lp+o$tPdN{X`f7PGqb z#8UV7M?-aUL`YC zbaCAxQi(1YQ6eJ5Vho7D-aCuLG|N!BOX(PgBTVx#fZE~$Qf9R{i9%ibgqxXSEf&`_ zGlIcdRJfq!3#Aa^zBi>gbUwA_P*PYK!%2o4P==?7jBR>#v( z44CW#D8iVcp+R=AE`g4#c@CQlG?=P^PED}8j^ijc*jERcA4W+-vaRxB@loqzo-Blz z?N^@f{R(ikeR#6iQ1j1%{^Giyp887vp7qgqmnTnNaVG$w-74-+?RE6ozuf6#f0H*2 z70ifO)Qq7ad_c`+VYL<(y=W;KMcAD~Vbb?1ryc;yfwv#F@6fg_%Zv4TnwiRvW}(u7f!!MUEp1s;do?k3YwhTAVWCm%Yj z$ykGtgmt;Dd4IKZE@otZyW2(h3`$_Y^tgR} zi6rH6-djRLmr)LGQvn~A@4nk?xrRpS`WmPD1gMKODZ$qE@>Ui&X8RLu8xz4bF%kf$ zwxiuM9X#}n)mXpmrBdPmB0tI%0vidJI(un;%-^aUyDjCgEyBoIHML43i#x?2i@X4C zVRu`ysea6%7S(ZnLFRUSg}+zeQZ7^9o~F8jVuYCBQn;adU981 zwXN)okdUDOw{>B@$4JgVW9Iy{hn5YitpZ8bA(zBAD>M7DMW+4r>VzRxdphyC=L)2L zjzl71$vq*H%Te?`rPy)w24GX`+meSLp7Uer9c}WlB)4G1Xf7$>Hh#2@ zZ4)Thd5_Jfm4F3&dUjX(nf!+kkLX_eWget$cuK%y)Mwz^!sv}uUN6Wmxr<_c^9Y{=5*8Y_n!3BYBAKC%gMd1{;V{K9>$n?xrl61t>b(`WGT345Rr&0KQ2?8Xh|y9ojHBomv7tkCHJ* z|DVAkbeDsTK3{2$=={SQ^z*+-wq0}_I>JZjw_J0DgI2C-GGE<# zvl802q5@TCP2L`GLW-|gBFgxGnij7`3VntISy9Tl{l|0=c<27@}m=e8-T!8^VTQnh7dgwJ5y9L{n+ z8GA*BJ4Yw~682(PQ^n^c9&d2ZIVdxdQemqv61dEo-z_N4FjgRxuj@sDsg58ZC(9dtABk6|6l+c}5d8O_gv=_gX{`0AY=^zeMQd<@%6 zAA@v!1o^T8<#_-G`-nXqTOYe|q}xAmVsKSHqgQw_%je2A^++d2%_Fw*?Q^e?guqFc z!V2C%M53A}>u|vHya<&~Jxo7a3oMNE><4iDJ|6%Q&lc$uF{!?$v@FyT`lA;oR3u3g z>rGs&%y8u$kvws!=Dx_golC98&1GgjULZHpU70?aZ(9U+p{rr@yp!pYr^k<##hFMv z%W@-c)bN*m%#cSik{Mqb1yR`l;n4~#sc!=vB-sD9W{640*M7_0TjxydTEUW)#3#Ce z0C~NQn9-r;o#mL|MG8}3h0!HmFqod~_LxId<7%aIaG)QzBanxugVtL&TEt2$vT@dL zO}&=9;JN|;I9U2-HX9@!^-!Z_Ffg}y;8lgSD{i-XKbms9scBx)r8_AbnEj3bt1-%Z z;l_$wj8(}DE;(I79gj}{$q1C?!Ir&t0FzCfa(e+Eec!^X540quETEE1)^h2+?||Jp z#fE`bB%nL2((9P~?3>>4CW8{|R*;RuXZK*9ttm5wir+M&>a`(d9w@_y-OQi3276bo zyA5#hd+mUZVTf9Q;{ErP*CDeGtUqh=s?jCLYPxP*4m6B=(b~a+7|Q8jFr5R2c_#Dh z_PHi9D;K$wv6!eNv)2@!8-&Ko1HEBX;f~2Q?=^Ms2wL}96(J$izWm`Yi$ml&d^H}o z-zCfJC%HptCi4bXz~1(F!ZiEt3f;H9gz0!@P4;`ML90r$1X0g9Zogu*n+@&*Uez-( z9ki}0b$ur=jU`_jA}QiB(g}rl)n-L4VtjhWe_Hqf)VXO{U}@&}RjB|~%Jx^rK1myK zxfg&#mTI%Jz~B`71klj^p9U*Ja2L?VH=6xuLieGH)G>efvYn^Bz@ni*fz~LeJ)>LStEcq6G zrap_a!dGEi=dQvrC9wPno)ANrAujm_1;OsUiIe=h%N6Bf%v=R~>Ni++<$Ln3Y^=u? zsAo{|^&2!avx$bNRWYIv1P<@i>w18Kt7)R`O2RR05w*^QGhq{{)<6S6qs8gO-+_r) z0(H=@)&;VrX-{cSqPY(_f6A@V!;-DqMe@FGK_kP4(oIfGLZo}^;-b7^it{JBpo5a_ zvW8wja@-e_N&G5_4{+@|=kP67<&^CJ+1W_yNek+Kb#1IPfjDsN`-P%; zyo1vDSa`5RhGC@p5r+$N3n2?O$iRgwi`(+KY6nC2Kzv0o?^*s|lTsy)hh=Bf68n9f z;PJ&l7N6}%e$bD5j;<=1?NuB!C=-7Qkcjf3)_tVe-nYX>)Nnim$DI(srht)QXnE9Y z3Ho>PNKDQIY>RVZ0&f8S{^Fjpf*^^L;r5JYl}Veid%+88VPl7-%L&;Rlu66nz+tK} z!)lW#3eZz0mz}k8je)N~Yq2EU2fHZkC)3`Qyzs6y-#~oFNFKg)fP{^%YVIc3;Yl!~ zBUH9cYS6n;36B+IqAMPipf%mUw@|JTNL)BI%hZoDMA~yl_IVsIfdzm!(FiSXHLkX@ zQU%<4q*8#7qe`zmUP1+nbO!MQPs=j~kf?ZQ0zyl#+*J8TN!YVv6FS=xKP-|0y8QPx z`6*RSqBnnDW@VozlgJ#X!T1T;>D6j2sUo0SaL}LF-D@epx_aJJ4xxEJesgCD za+MsQOXh{!UuGjac)S_s85nyh7z^IhV3w!-oPXf*@62oG6laReo@&yYLHNoTuYz)W zM`0Uqc}|xmT+SVFscdMy&`}Z!8i}qwfvYqw0d+lH2>?F?)9|0T{xc?KByL8!fXqaq zm!Xc4*=GA(7Es;$339eq!a%s&v!H9`?)eei)p16kV^{)3S*hiZXLaC%9OCX^z9-gC z=nKUEfx4`&Z_hzW#Y3M(5MQ>sI89jk|(o? z4z&|3#KaN3)uh~2##NPg&>8|$+lEudU6){}MfMYn02mRbpwVE7s2*cR?5{%U$ArQi z5RAUMycX8E5N8FhK^Xq@gY3f$-8nZuKk&=SR9VZ^t7Vb-xAT0K>kYNL0|06on?|;n zxL^Y%t*r9}jn1oU;EKOSgUL=4A6RLo|Lk;N-o&frIY@QnI7`yfPB+W3y4=$3*0*A} zkXo|T56xx-)3Cs2T$QlR?$Cwd0)JvFvr*|#gqv82kY>=Q%=+K)~#&nNE>IPgpAyNhL!AczW@WBQAyVxtp+ihdJfC< zJ>4i+i>y9phLj=(@BmozDb3YaSR3T1Ov%Ee4O5=?2H8y2+TRJZ>*y=- zcaWQ}x@M1aZow9+fPDzw^HuS0?^!P@or)I5H+ZU$6;!SA7*Amg^}FBKbtnOpCma6B4uo{;_^xnA z9ODIZ4j%%pQW9n#UsWb$f0X zr1Bk<*<4~^)hxik%T)i=hfOuwwB32~zoMliTarFY!TQl?{1L~_#(+FMcYSo%Q*%->TYpzw*rqgrN*l*G@532oaW z&eRv{1ME&;CUth3wEX?!j=Q2DyW>}x&-1;KFw2{Af10P)UOXugLFY^9tm=$yrQO%wD#!zx~^QD6L|L_a71xfJp3rJglVge z;^OGMH)A2V^`;MAawA%*rTwcd(T*y6r73|x@UfR>evy7il;*FXS~o3E=@+)R{LNG6 zh|@qo&C(W$G%&Fba2b^q_LECa&Frk#8TXn03I~kG2LYyB3aQAtQ-&Kf{`901tk0TmMwx_5a+|&|vy$tDt zh@k9{h3;TxYEJMdy1uma&rly!Q24wo%aLP0Qu;O>UOqDiWHlrno|sqF6$l_tjAy-k zbv<_MAf;z{^9}A^+TQX)XGe+k^C84Kl$jNA_#3m4Gy0wk~47x^n~(~VaYS7 znWSMMz*&)JbvGsJXR(K)Ca@hCqT5vGlDcz!FtMg*?7mKfv+g#!kqemquS57@pqL7ssFEIsCym=BON zqBh^50=_lLFUf$&*4PZy7 zM7N2EtdAF+cL7h{*4D(6^ofUBf*Bj32U>?T0@%sqXQQrFE7ICBi`R;*&;l8dm>d;k z8;V@>P{?VRJ#bY^$y{Eu;**6tP3YU=K4GO|AQv$zcO=a;=GBGv&$pu#NZ|yu zXodPRWY~&b*+E=u`oYDzokDr#Za8za#4{0Uq9BsQKAxlXVV!lpR<|_1k$#uJt65YY?iJ z4UQi4?t?d3g1xBX$aR+kJ94lC?d7vnzcR~|S_L5@zKjl7L+y1{r4^7_>Ci;}rVYQ= m7jaiqU9k?ZKFc*iRQZw6uVn$?R=YcLA`JJh3nX1k%*E)K@-j34 diff --git a/tests/test_pluggable.py b/tests/test_pluggable.py index 0c0ebeb06..cd553da83 100644 --- a/tests/test_pluggable.py +++ b/tests/test_pluggable.py @@ -232,6 +232,21 @@ def make_pluggable( interactive=interactive, ) + def test_from_constructor_and_injection(self): + credentials = pluggable.Credentials( + audience=AUDIENCE, + subject_token_type=SUBJECT_TOKEN_TYPE, + token_url=TOKEN_URL, + token_info_url=TOKEN_INFO_URL, + credential_source=self.CREDENTIAL_SOURCE, + interactive=True, + ) + setattr(credentials, "_tokeninfo_username", "mock_external_account_id") + + assert isinstance(credentials, pluggable.Credentials) + assert credentials.interactive + assert credentials.external_account_id == "mock_external_account_id" + @mock.patch.object(pluggable.Credentials, "__init__", return_value=None) def test_from_info_full_options(self, mock_init): credentials = pluggable.Credentials.from_info( @@ -1064,23 +1079,6 @@ def test_credential_source_timeout_large(self): assert excinfo.match(r"Timeout must be between 5 and 120 seconds.") - @mock.patch.dict(os.environ, {"GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES": "1"}) - def test_credential_source_interactive_timeout_missing_will_use_default_interactive_timeout_value( - self - ): - CREDENTIAL_SOURCE = { - "executable": { - "command": self.CREDENTIAL_SOURCE_EXECUTABLE_COMMAND, - "output_file": self.CREDENTIAL_SOURCE_EXECUTABLE_OUTPUT_FILE, - } - } - credentials = self.make_pluggable(credential_source=CREDENTIAL_SOURCE) - - assert ( - credentials._credential_source_executable_interactive_timeout_millis - == pluggable.EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_DEFAULT - ) - @mock.patch.dict(os.environ, {"GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES": "1"}) def test_credential_source_interactive_timeout_small(self): with pytest.raises(ValueError) as excinfo: @@ -1093,7 +1091,9 @@ def test_credential_source_interactive_timeout_small(self): } _ = self.make_pluggable(credential_source=CREDENTIAL_SOURCE) - assert excinfo.match(r"Interactive timeout must be between 5 and 30 minutes.") + assert excinfo.match( + r"Interactive timeout must be between 30 seconds and 30 minutes." + ) @mock.patch.dict(os.environ, {"GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES": "1"}) def test_credential_source_interactive_timeout_large(self): @@ -1107,7 +1107,9 @@ def test_credential_source_interactive_timeout_large(self): } _ = self.make_pluggable(credential_source=CREDENTIAL_SOURCE) - assert excinfo.match(r"Interactive timeout must be between 5 and 30 minutes.") + assert excinfo.match( + r"Interactive timeout must be between 30 seconds and 30 minutes." + ) @mock.patch.dict(os.environ, {"GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES": "1"}) def test_retrieve_subject_token_executable_fail(self): @@ -1136,6 +1138,25 @@ def test_retrieve_subject_token_non_workforce_fail_interactive_mode(self): assert excinfo.match(r"Interactive mode is only enabled for workforce pool.") + @mock.patch.dict(os.environ, {"GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES": "1"}) + def test_retrieve_subject_token_fail_on_validation_missing_interactive_timeout( + self + ): + CREDENTIAL_SOURCE_EXECUTABLE = { + "command": self.CREDENTIAL_SOURCE_EXECUTABLE_COMMAND, + "output_file": self.CREDENTIAL_SOURCE_EXECUTABLE_OUTPUT_FILE, + } + CREDENTIAL_SOURCE = {"executable": CREDENTIAL_SOURCE_EXECUTABLE} + credentials = self.make_pluggable( + credential_source=CREDENTIAL_SOURCE, interactive=True + ) + with pytest.raises(ValueError) as excinfo: + _ = credentials.retrieve_subject_token(None) + + assert excinfo.match( + r"Interactive mode cannot run without an interactive timeout." + ) + @mock.patch.dict(os.environ, {"GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES": "1"}) def test_retrieve_subject_token_executable_fail_interactive_mode(self): with mock.patch(