Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add public API load_credentials_from_dict #1326

Merged
merged 3 commits into from
Jun 8, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions google/auth/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,17 @@
import logging

from google.auth import version as google_auth_version
from google.auth._default import default, load_credentials_from_file
from google.auth._default import (
default,
load_credentials_from_dict,
load_credentials_from_file,
)


__version__ = google_auth_version.__version__


__all__ = ["default", "load_credentials_from_file"]
__all__ = ["default", "load_credentials_from_file", "load_credentials_from_dict"]

# Set default logging handler to avoid "No handler found" warnings.
logging.getLogger(__name__).addHandler(logging.NullHandler())
44 changes: 44 additions & 0 deletions google/auth/_default.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,50 @@ def load_credentials_from_file(
)


def load_credentials_from_dict(
info, scopes=None, default_scopes=None, quota_project_id=None, request=None
):
"""Loads Google credentials from a dict.

The credentials file must be a service account key, stored authorized
user credentials, external account credentials, or impersonated service
account credentials.

Args:
info (Dict[str, Any]): A dict object containing the credentials
scopes (Optional[Sequence[str]]): The list of scopes for the credentials. If
specified, the credentials will automatically be scoped if
necessary
default_scopes (Optional[Sequence[str]]): Default scopes passed by a
Google client library. Use 'scopes' for user-defined scopes.
quota_project_id (Optional[str]): The project ID used for
quota and billing.
request (Optional[google.auth.transport.Request]): An object used to make
HTTP requests. This is used to determine the associated project ID
for a workload identity pool resource (external account credentials).
If not specified, then it will use a
google.auth.transport.requests.Request client to make requests.

Returns:
Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded
credentials and the project ID. Authorized user credentials do not
have the project ID information. External account credentials project
IDs may not always be determined.

Raises:
google.auth.exceptions.DefaultCredentialsError: if the file is in the
wrong format or is missing.
"""
if not isinstance(info, dict):
raise exceptions.DefaultCredentialsError(
"info object was of type {} but dict type was expected.".format(type(info))
)

return _load_credentials_from_info(
"dict object", info, scopes, default_scopes, quota_project_id, request
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The filename param is only used for logging purposes. I can make a more invasive change if that is desirable.

)


def _load_credentials_from_info(
filename, info, scopes, default_scopes, quota_project_id, request
):
Expand Down
Binary file modified system_tests/secrets.tar.enc
Binary file not shown.
14 changes: 14 additions & 0 deletions tests/test__default.py
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,20 @@ def test_load_credentials_from_missing_file():
assert excinfo.match(r"not found")


def test_load_credentials_from_dict_non_dict_object():
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

load_credentials_from_file has extensive test coverage, and load_credentials_from_dict only varies by the input type.

with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default.load_credentials_from_dict("")
assert excinfo.match(r"dict type was expected")

with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default.load_credentials_from_dict(None)
assert excinfo.match(r"dict type was expected")

with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
_default.load_credentials_from_dict(1)
assert excinfo.match(r"dict type was expected")


def test_load_credentials_from_file_invalid_json(tmpdir):
jsonfile = tmpdir.join("invalid.json")
jsonfile.write("{")
Expand Down