Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-google-auth for openSUSE:Factory checked in at 2024-09-18 15:26:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-google-auth (Old) and /work/SRC/openSUSE:Factory/.python-google-auth.new.29891 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-google-auth" Wed Sep 18 15:26:36 2024 rev:48 rq:1201612 version:2.34.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-google-auth/python-google-auth.changes 2024-07-11 20:29:35.068944478 +0200 +++ /work/SRC/openSUSE:Factory/.python-google-auth.new.29891/python-google-auth.changes 2024-09-18 15:26:57.245018614 +0200 @@ -1,0 +2,14 @@ +Tue Sep 17 07:34:24 UTC 2024 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 2.34.0 + * **auth:** Update get_client_ssl_credentials to support X.509 workload certs (#1558) + * Retry token request on retryable status code (#1563) +- from version 2.33.0 + * Implement async `StaticCredentials` using access tokens (#1559) + * Implement base classes for credentials and request sessions (#1551) + * **metadata:** Enhance retry logic for metadata server access in _metadata.py (#1545) + * Update argument for Credentials initialization (#1557) +- Refresh patches for new version + * python-google-auth-no-mock.patch + +------------------------------------------------------------------- Old: ---- google_auth-2.32.0.tar.gz New: ---- google_auth-2.34.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-google-auth.spec ++++++ --- /var/tmp/diff_new_pack.GkN9Id/_old 2024-09-18 15:26:58.185057751 +0200 +++ /var/tmp/diff_new_pack.GkN9Id/_new 2024-09-18 15:26:58.185057751 +0200 @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-google-auth -Version: 2.32.0 +Version: 2.34.0 Release: 0 Summary: Google Authentication Library License: Apache-2.0 ++++++ google_auth-2.32.0.tar.gz -> google_auth-2.34.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/PKG-INFO new/google_auth-2.34.0/PKG-INFO --- old/google_auth-2.32.0/PKG-INFO 2024-07-09 01:16:59.725062100 +0200 +++ new/google_auth-2.34.0/PKG-INFO 2024-08-19 00:52:50.688722800 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: google-auth -Version: 2.32.0 +Version: 2.34.0 Summary: Google Authentication Library Home-page: https://github.com/googleapis/google-auth-library-python Author: Google Cloud Platform @@ -38,8 +38,8 @@ Provides-Extra: reauth Requires-Dist: pyu2f>=0.1.5; extra == "reauth" Provides-Extra: enterprise-cert -Requires-Dist: cryptography==36.0.2; extra == "enterprise-cert" -Requires-Dist: pyopenssl==22.0.0; extra == "enterprise-cert" +Requires-Dist: cryptography; extra == "enterprise-cert" +Requires-Dist: pyopenssl; extra == "enterprise-cert" Google Auth Python Library ========================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/_credentials_base.py new/google_auth-2.34.0/google/auth/_credentials_base.py --- old/google_auth-2.32.0/google/auth/_credentials_base.py 1970-01-01 01:00:00.000000000 +0100 +++ new/google_auth-2.34.0/google/auth/_credentials_base.py 2024-08-19 00:51:18.000000000 +0200 @@ -0,0 +1,75 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +"""Interface for base credentials.""" + +import abc + +from google.auth import _helpers + + +class _BaseCredentials(metaclass=abc.ABCMeta): + """Base class for all credentials. + + All credentials have a :attr:`token` that is used for authentication and + may also optionally set an :attr:`expiry` to indicate when the token will + no longer be valid. + + Most credentials will be :attr:`invalid` until :meth:`refresh` is called. + Credentials can do this automatically before the first HTTP request in + :meth:`before_request`. + + Although the token and expiration will change as the credentials are + :meth:`refreshed <refresh>` and used, credentials should be considered + immutable. Various credentials will accept configuration such as private + keys, scopes, and other options. These options are not changeable after + construction. Some classes will provide mechanisms to copy the credentials + with modifications such as :meth:`ScopedCredentials.with_scopes`. + + Attributes: + token (Optional[str]): The bearer token that can be used in HTTP headers to make + authenticated requests. + """ + + def __init__(self): + self.token = None + + @abc.abstractmethod + def refresh(self, request): + """Refreshes the access token. + + Args: + request (google.auth.transport.Request): The object used to make + HTTP requests. + + Raises: + google.auth.exceptions.RefreshError: If the credentials could + not be refreshed. + """ + # pylint: disable=missing-raises-doc + # (pylint doesn't recognize that this is abstract) + raise NotImplementedError("Refresh must be implemented") + + def _apply(self, headers, token=None): + """Apply the token to the authentication header. + + Args: + headers (Mapping): The HTTP request headers. + token (Optional[str]): If specified, overrides the current access + token. + """ + headers["authorization"] = "Bearer {}".format( + _helpers.from_bytes(token or self.token) + ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/_exponential_backoff.py new/google_auth-2.34.0/google/auth/_exponential_backoff.py --- old/google_auth-2.32.0/google/auth/_exponential_backoff.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/_exponential_backoff.py 2024-08-19 00:51:18.000000000 +0200 @@ -15,6 +15,8 @@ import random import time +from google.auth import exceptions + # The default amount of retry attempts _DEFAULT_RETRY_TOTAL_ATTEMPTS = 3 @@ -68,6 +70,11 @@ randomization_factor=_DEFAULT_RANDOMIZATION_FACTOR, multiplier=_DEFAULT_MULTIPLIER, ): + if total_attempts < 1: + raise exceptions.InvalidValue( + f"total_attempts must be greater than or equal to 1 but was {total_attempts}" + ) + self._total_attempts = total_attempts self._initial_wait_seconds = initial_wait_seconds @@ -87,6 +94,9 @@ raise StopIteration self._backoff_count += 1 + if self._backoff_count <= 1: + return self._backoff_count + jitter_variance = self._current_wait_in_seconds * self._randomization_factor jitter = random.uniform( self._current_wait_in_seconds - jitter_variance, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/aio/__init__.py new/google_auth-2.34.0/google/auth/aio/__init__.py --- old/google_auth-2.32.0/google/auth/aio/__init__.py 1970-01-01 01:00:00.000000000 +0100 +++ new/google_auth-2.34.0/google/auth/aio/__init__.py 2024-08-19 00:51:18.000000000 +0200 @@ -0,0 +1,25 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Google Auth AIO Library for Python.""" + +import logging + +from google.auth import version as google_auth_version + + +__version__ = google_auth_version.__version__ + +# Set default logging handler to avoid "No handler found" warnings. +logging.getLogger(__name__).addHandler(logging.NullHandler()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/aio/credentials.py new/google_auth-2.34.0/google/auth/aio/credentials.py --- old/google_auth-2.32.0/google/auth/aio/credentials.py 1970-01-01 01:00:00.000000000 +0100 +++ new/google_auth-2.34.0/google/auth/aio/credentials.py 2024-08-19 00:51:18.000000000 +0200 @@ -0,0 +1,143 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +"""Interfaces for asynchronous credentials.""" + + +from google.auth import _helpers +from google.auth import exceptions +from google.auth._credentials_base import _BaseCredentials + + +class Credentials(_BaseCredentials): + """Base class for all asynchronous credentials. + + All credentials have a :attr:`token` that is used for authentication and + may also optionally set an :attr:`expiry` to indicate when the token will + no longer be valid. + + Most credentials will be :attr:`invalid` until :meth:`refresh` is called. + Credentials can do this automatically before the first HTTP request in + :meth:`before_request`. + + Although the token and expiration will change as the credentials are + :meth:`refreshed <refresh>` and used, credentials should be considered + immutable. Various credentials will accept configuration such as private + keys, scopes, and other options. These options are not changeable after + construction. Some classes will provide mechanisms to copy the credentials + with modifications such as :meth:`ScopedCredentials.with_scopes`. + """ + + def __init__(self): + super(Credentials, self).__init__() + + async def apply(self, headers, token=None): + """Apply the token to the authentication header. + + Args: + headers (Mapping): The HTTP request headers. + token (Optional[str]): If specified, overrides the current access + token. + """ + self._apply(headers, token=token) + + async def refresh(self, request): + """Refreshes the access token. + + Args: + request (google.auth.aio.transport.Request): The object used to make + HTTP requests. + + Raises: + google.auth.exceptions.RefreshError: If the credentials could + not be refreshed. + """ + raise NotImplementedError("Refresh must be implemented") + + async def before_request(self, request, method, url, headers): + """Performs credential-specific before request logic. + + Refreshes the credentials if necessary, then calls :meth:`apply` to + apply the token to the authentication header. + + Args: + request (google.auth.aio.transport.Request): The object used to make + HTTP requests. + method (str): The request's HTTP method or the RPC method being + invoked. + url (str): The request's URI or the RPC service's URI. + headers (Mapping): The request's headers. + """ + await self.apply(headers) + + +class StaticCredentials(Credentials): + """Asynchronous Credentials representing an immutable access token. + + The credentials are considered immutable except the tokens which can be + configured in the constructor :: + + credentials = StaticCredentials(token="token123") + + StaticCredentials does not support :meth `refresh` and assumes that the configured + token is valid and not expired. StaticCredentials will never attempt to + refresh the token. + """ + + def __init__(self, token): + """ + Args: + token (str): The access token. + """ + super(StaticCredentials, self).__init__() + self.token = token + + @_helpers.copy_docstring(Credentials) + async def refresh(self, request): + raise exceptions.InvalidOperation("Static credentials cannot be refreshed.") + + # Note: before_request should never try to refresh access tokens. + # StaticCredentials intentionally does not support it. + @_helpers.copy_docstring(Credentials) + async def before_request(self, request, method, url, headers): + await self.apply(headers) + + +class AnonymousCredentials(Credentials): + """Asynchronous Credentials that do not provide any authentication information. + + These are useful in the case of services that support anonymous access or + local service emulators that do not use credentials. + """ + + async def refresh(self, request): + """Raises :class:``InvalidOperation``, anonymous credentials cannot be + refreshed.""" + raise exceptions.InvalidOperation("Anonymous credentials cannot be refreshed.") + + async def apply(self, headers, token=None): + """Anonymous credentials do nothing to the request. + + The optional ``token`` argument is not supported. + + Raises: + google.auth.exceptions.InvalidValue: If a token was specified. + """ + if token is not None: + raise exceptions.InvalidValue("Anonymous credentials don't support tokens.") + + async def before_request(self, request, method, url, headers): + """Anonymous credentials do nothing to the request.""" + pass diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/compute_engine/_metadata.py new/google_auth-2.34.0/google/auth/compute_engine/_metadata.py --- old/google_auth-2.32.0/google/auth/compute_engine/_metadata.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/compute_engine/_metadata.py 2024-08-19 00:51:18.000000000 +0200 @@ -28,11 +28,13 @@ from google.auth import environment_vars from google.auth import exceptions from google.auth import metrics +from google.auth import transport +from google.auth._exponential_backoff import ExponentialBackoff _LOGGER = logging.getLogger(__name__) # Environment variable GCE_METADATA_HOST is originally named -# GCE_METADATA_ROOT. For compatiblity reasons, here it checks +# GCE_METADATA_ROOT. For compatibility reasons, here it checks # the new variable first; if not set, the system falls back # to the old variable. _GCE_METADATA_HOST = os.getenv(environment_vars.GCE_METADATA_HOST, None) @@ -119,11 +121,12 @@ # could lead to false negatives in the event that we are on GCE, but # the metadata resolution was particularly slow. The latter case is # "unlikely". - retries = 0 headers = _METADATA_HEADERS.copy() headers[metrics.API_CLIENT_HEADER] = metrics.mds_ping() - while retries < retry_count: + backoff = ExponentialBackoff(total_attempts=retry_count) + + for attempt in backoff: try: response = request( url=_METADATA_IP_ROOT, method="GET", headers=headers, timeout=timeout @@ -139,11 +142,10 @@ _LOGGER.warning( "Compute Engine Metadata server unavailable on " "attempt %s of %s. Reason: %s", - retries + 1, + attempt, retry_count, e, ) - retries += 1 return False @@ -179,7 +181,7 @@ Returns: Union[Mapping, str]: If the metadata server returns JSON, a mapping of - the decoded JSON is return. Otherwise, the response content is + the decoded JSON is returned. Otherwise, the response content is returned as a string. Raises: @@ -198,21 +200,31 @@ url = _helpers.update_query(base_url, query_params) - retries = 0 - while retries < retry_count: + backoff = ExponentialBackoff(total_attempts=retry_count) + + for attempt in backoff: try: response = request(url=url, method="GET", headers=headers_to_use) - break + if response.status in transport.DEFAULT_RETRYABLE_STATUS_CODES: + _LOGGER.warning( + "Compute Engine Metadata server unavailable on " + "attempt %s of %s. Response status: %s", + attempt, + retry_count, + response.status, + ) + continue + else: + break except exceptions.TransportError as e: _LOGGER.warning( "Compute Engine Metadata server unavailable on " "attempt %s of %s. Reason: %s", - retries + 1, + attempt, retry_count, e, ) - retries += 1 else: raise exceptions.TransportError( "Failed to retrieve {} from the Google Compute Engine " diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/credentials.py new/google_auth-2.34.0/google/auth/credentials.py --- old/google_auth-2.32.0/google/auth/credentials.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/credentials.py 2024-08-19 00:51:18.000000000 +0200 @@ -22,12 +22,13 @@ from google.auth import _helpers, environment_vars from google.auth import exceptions from google.auth import metrics +from google.auth._credentials_base import _BaseCredentials from google.auth._refresh_worker import RefreshThreadManager DEFAULT_UNIVERSE_DOMAIN = "googleapis.com" -class Credentials(metaclass=abc.ABCMeta): +class Credentials(_BaseCredentials): """Base class for all credentials. All credentials have a :attr:`token` that is used for authentication and @@ -47,9 +48,8 @@ """ def __init__(self): - self.token = None - """str: The bearer token that can be used in HTTP headers to make - authenticated requests.""" + super(Credentials, self).__init__() + self.expiry = None """Optional[datetime]: When the token expires and is no longer valid. If this is None, the token is assumed to never expire.""" @@ -167,9 +167,7 @@ token (Optional[str]): If specified, overrides the current access token. """ - headers["authorization"] = "Bearer {}".format( - _helpers.from_bytes(token or self.token) - ) + self._apply(headers, token=token) """Trust boundary value will be a cached value from global lookup. The response of trust boundary will be a list of regions and a hex diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/transport/_mtls_helper.py new/google_auth-2.34.0/google/auth/transport/_mtls_helper.py --- old/google_auth-2.32.0/google/auth/transport/_mtls_helper.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/transport/_mtls_helper.py 2024-08-19 00:51:18.000000000 +0200 @@ -23,7 +23,7 @@ from google.auth import exceptions CONTEXT_AWARE_METADATA_PATH = "~/.secureConnect/context_aware_metadata.json" -_CERTIFICATE_CONFIGURATION_DEFAULT_PATH = "~/.config/gcloud/certificate_config.json" +CERTIFICATE_CONFIGURATION_DEFAULT_PATH = "~/.config/gcloud/certificate_config.json" _CERTIFICATE_CONFIGURATION_ENV = "GOOGLE_API_CERTIFICATE_CONFIG" _CERT_PROVIDER_COMMAND = "cert_provider_command" _CERT_REGEX = re.compile( @@ -48,21 +48,21 @@ ) -def _check_dca_metadata_path(metadata_path): - """Checks for context aware metadata. If it exists, returns the absolute path; +def _check_config_path(config_path): + """Checks for config file path. If it exists, returns the absolute path with user expansion; otherwise returns None. Args: - metadata_path (str): context aware metadata path. + config_path (str): The config file path for either context_aware_metadata.json or certificate_config.json for example Returns: str: absolute path if exists and None otherwise. """ - metadata_path = path.expanduser(metadata_path) - if not path.exists(metadata_path): - _LOGGER.debug("%s is not found, skip client SSL authentication.", metadata_path) + config_path = path.expanduser(config_path) + if not path.exists(config_path): + _LOGGER.debug("%s is not found.", config_path) return None - return metadata_path + return config_path def _load_json_file(path): @@ -136,7 +136,7 @@ if env_path is not None and env_path != "": certificate_config_path = env_path else: - certificate_config_path = _CERTIFICATE_CONFIGURATION_DEFAULT_PATH + certificate_config_path = CERTIFICATE_CONFIGURATION_DEFAULT_PATH certificate_config_path = path.expanduser(certificate_config_path) if not path.exists(certificate_config_path): @@ -279,14 +279,22 @@ def get_client_ssl_credentials( generate_encrypted_key=False, context_aware_metadata_path=CONTEXT_AWARE_METADATA_PATH, + certificate_config_path=CERTIFICATE_CONFIGURATION_DEFAULT_PATH, ): """Returns the client side certificate, private key and passphrase. + We look for certificates and keys with the following order of priority: + 1. Certificate and key specified by certificate_config.json. + Currently, only X.509 workload certificates are supported. + 2. Certificate and key specified by context aware metadata (i.e. SecureConnect). + Args: generate_encrypted_key (bool): If set to True, encrypted private key and passphrase will be generated; otherwise, unencrypted private key - will be generated and passphrase will be None. + will be generated and passphrase will be None. This option only + affects keys obtained via context_aware_metadata.json. context_aware_metadata_path (str): The context_aware_metadata.json file path. + certificate_config_path (str): The certificate_config.json file path. Returns: Tuple[bool, bytes, bytes, bytes]: @@ -297,7 +305,17 @@ google.auth.exceptions.ClientCertError: if problems occurs when getting the cert, key and passphrase. """ - metadata_path = _check_dca_metadata_path(context_aware_metadata_path) + + # 1. Check for certificate config json. + cert_config_path = _check_config_path(certificate_config_path) + if cert_config_path: + # Attempt to retrieve X.509 Workload cert and key. + cert, key = _get_workload_cert_and_key(cert_config_path) + if cert and key: + return True, cert, key, None + + # 2. Check for context aware metadata json + metadata_path = _check_config_path(context_aware_metadata_path) if metadata_path: metadata_json = _load_json_file(metadata_path) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/transport/_requests_base.py new/google_auth-2.34.0/google/auth/transport/_requests_base.py --- old/google_auth-2.32.0/google/auth/transport/_requests_base.py 1970-01-01 01:00:00.000000000 +0100 +++ new/google_auth-2.34.0/google/auth/transport/_requests_base.py 2024-08-19 00:51:18.000000000 +0200 @@ -0,0 +1,52 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Transport adapter for Base Requests.""" + + +import abc + + +_DEFAULT_TIMEOUT = 120 # in second + + +class _BaseAuthorizedSession(metaclass=abc.ABCMeta): + """Base class for a Request Session with credentials. This class is intended to capture + the common logic between synchronous and asynchronous request sessions and is not intended to + be instantiated directly. + + Args: + credentials (google.auth._credentials_base.BaseCredentials): The credentials to + add to the request. + """ + + def __init__(self, credentials): + self.credentials = credentials + + @abc.abstractmethod + def request( + self, + method, + url, + data=None, + headers=None, + max_allowed_time=None, + timeout=_DEFAULT_TIMEOUT, + **kwargs + ): + raise NotImplementedError("Request must be implemented") + + @abc.abstractmethod + def close(self): + raise NotImplementedError("Close must be implemented") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/transport/grpc.py new/google_auth-2.34.0/google/auth/transport/grpc.py --- old/google_auth-2.32.0/google/auth/transport/grpc.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/transport/grpc.py 2024-08-19 00:51:18.000000000 +0200 @@ -302,7 +302,7 @@ self._is_mtls = False else: # Load client SSL credentials. - metadata_path = _mtls_helper._check_dca_metadata_path( + metadata_path = _mtls_helper._check_config_path( _mtls_helper.CONTEXT_AWARE_METADATA_PATH ) self._is_mtls = metadata_path is not None diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/transport/mtls.py new/google_auth-2.34.0/google/auth/transport/mtls.py --- old/google_auth-2.32.0/google/auth/transport/mtls.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/transport/mtls.py 2024-08-19 00:51:18.000000000 +0200 @@ -24,10 +24,19 @@ Returns: bool: indicating if the default client cert source exists. """ - metadata_path = _mtls_helper._check_dca_metadata_path( - _mtls_helper.CONTEXT_AWARE_METADATA_PATH - ) - return metadata_path is not None + if ( + _mtls_helper._check_config_path(_mtls_helper.CONTEXT_AWARE_METADATA_PATH) + is not None + ): + return True + if ( + _mtls_helper._check_config_path( + _mtls_helper.CERTIFICATE_CONFIGURATION_DEFAULT_PATH + ) + is not None + ): + return True + return False def default_client_cert_source(): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/transport/requests.py new/google_auth-2.34.0/google/auth/transport/requests.py --- old/google_auth-2.32.0/google/auth/transport/requests.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/transport/requests.py 2024-08-19 00:51:18.000000000 +0200 @@ -38,6 +38,7 @@ from google.auth import exceptions from google.auth import transport import google.auth.transport._mtls_helper +from google.auth.transport._requests_base import _BaseAuthorizedSession from google.oauth2 import service_account _LOGGER = logging.getLogger(__name__) @@ -292,7 +293,7 @@ return super(_MutualTlsOffloadAdapter, self).proxy_manager_for(*args, **kwargs) -class AuthorizedSession(requests.Session): +class AuthorizedSession(requests.Session, _BaseAuthorizedSession): """A Requests Session class with credentials. This class is used to perform requests to API endpoints that require @@ -389,7 +390,7 @@ default_host=None, ): super(AuthorizedSession, self).__init__() - self.credentials = credentials + _BaseAuthorizedSession.__init__(self, credentials) self._refresh_status_codes = refresh_status_codes self._max_refresh_attempts = max_refresh_attempts self._refresh_timeout = refresh_timeout diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/auth/version.py new/google_auth-2.34.0/google/auth/version.py --- old/google_auth-2.32.0/google/auth/version.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/auth/version.py 2024-08-19 00:51:18.000000000 +0200 @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -__version__ = "2.32.0" +__version__ = "2.34.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/oauth2/_client.py new/google_auth-2.34.0/google/oauth2/_client.py --- old/google_auth-2.32.0/google/oauth2/_client.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/oauth2/_client.py 2024-08-19 00:51:18.000000000 +0200 @@ -183,7 +183,11 @@ if headers: headers_to_use.update(headers) - def _perform_request(): + response_data = {} + retryable_error = False + + retries = _exponential_backoff.ExponentialBackoff() + for _ in retries: response = request( method="POST", url=token_uri, headers=headers_to_use, body=body, **kwargs ) @@ -192,7 +196,7 @@ if hasattr(response.data, "decode") else response.data ) - response_data = "" + try: # response_body should be a JSON response_data = json.loads(response_body) @@ -206,18 +210,8 @@ status_code=response.status, response_data=response_data ) - return False, response_data, retryable_error - - request_succeeded, response_data, retryable_error = _perform_request() - - if request_succeeded or not retryable_error or not can_retry: - return request_succeeded, response_data, retryable_error - - retries = _exponential_backoff.ExponentialBackoff() - for _ in retries: - request_succeeded, response_data, retryable_error = _perform_request() - if request_succeeded or not retryable_error: - return request_succeeded, response_data, retryable_error + if not can_retry or not retryable_error: + return False, response_data, retryable_error return False, response_data, retryable_error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google/oauth2/_client_async.py new/google_auth-2.34.0/google/oauth2/_client_async.py --- old/google_auth-2.32.0/google/oauth2/_client_async.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/google/oauth2/_client_async.py 2024-08-19 00:51:18.000000000 +0200 @@ -67,7 +67,11 @@ if access_token: headers["Authorization"] = "Bearer {}".format(access_token) - async def _perform_request(): + response_data = {} + retryable_error = False + + retries = _exponential_backoff.ExponentialBackoff() + for _ in retries: response = await request( method="POST", url=token_uri, headers=headers, body=body ) @@ -93,18 +97,8 @@ status_code=response.status, response_data=response_data ) - return False, response_data, retryable_error - - request_succeeded, response_data, retryable_error = await _perform_request() - - if request_succeeded or not retryable_error or not can_retry: - return request_succeeded, response_data, retryable_error - - retries = _exponential_backoff.ExponentialBackoff() - for _ in retries: - request_succeeded, response_data, retryable_error = await _perform_request() - if request_succeeded or not retryable_error: - return request_succeeded, response_data, retryable_error + if not can_retry or not retryable_error: + return False, response_data, retryable_error return False, response_data, retryable_error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google_auth.egg-info/PKG-INFO new/google_auth-2.34.0/google_auth.egg-info/PKG-INFO --- old/google_auth-2.32.0/google_auth.egg-info/PKG-INFO 2024-07-09 01:16:59.000000000 +0200 +++ new/google_auth-2.34.0/google_auth.egg-info/PKG-INFO 2024-08-19 00:52:50.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: google-auth -Version: 2.32.0 +Version: 2.34.0 Summary: Google Authentication Library Home-page: https://github.com/googleapis/google-auth-library-python Author: Google Cloud Platform @@ -38,8 +38,8 @@ Provides-Extra: reauth Requires-Dist: pyu2f>=0.1.5; extra == "reauth" Provides-Extra: enterprise-cert -Requires-Dist: cryptography==36.0.2; extra == "enterprise-cert" -Requires-Dist: pyopenssl==22.0.0; extra == "enterprise-cert" +Requires-Dist: cryptography; extra == "enterprise-cert" +Requires-Dist: pyopenssl; extra == "enterprise-cert" Google Auth Python Library ========================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google_auth.egg-info/SOURCES.txt new/google_auth-2.34.0/google_auth.egg-info/SOURCES.txt --- old/google_auth-2.32.0/google_auth.egg-info/SOURCES.txt 2024-07-09 01:16:59.000000000 +0200 +++ new/google_auth-2.34.0/google_auth.egg-info/SOURCES.txt 2024-08-19 00:52:50.000000000 +0200 @@ -6,6 +6,7 @@ google/auth/__init__.py google/auth/_cloud_sdk.py google/auth/_credentials_async.py +google/auth/_credentials_base.py google/auth/_default.py google/auth/_default_async.py google/auth/_exponential_backoff.py @@ -31,6 +32,8 @@ google/auth/pluggable.py google/auth/py.typed google/auth/version.py +google/auth/aio/__init__.py +google/auth/aio/credentials.py google/auth/compute_engine/__init__.py google/auth/compute_engine/_metadata.py google/auth/compute_engine/credentials.py @@ -46,6 +49,7 @@ google/auth/transport/_custom_tls_signer.py google/auth/transport/_http_client.py google/auth/transport/_mtls_helper.py +google/auth/transport/_requests_base.py google/auth/transport/grpc.py google/auth/transport/mtls.py google/auth/transport/requests.py @@ -87,6 +91,7 @@ tests/test_app_engine.py tests/test_aws.py tests/test_credentials.py +tests/test_credentials_async.py tests/test_downscoped.py tests/test_exceptions.py tests/test_external_account.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/google_auth.egg-info/requires.txt new/google_auth-2.34.0/google_auth.egg-info/requires.txt --- old/google_auth-2.32.0/google_auth.egg-info/requires.txt 2024-07-09 01:16:59.000000000 +0200 +++ new/google_auth-2.34.0/google_auth.egg-info/requires.txt 2024-08-19 00:52:50.000000000 +0200 @@ -7,8 +7,8 @@ requests<3.0.0.dev0,>=2.20.0 [enterprise_cert] -cryptography==36.0.2 -pyopenssl==22.0.0 +cryptography +pyopenssl [pyopenssl] pyopenssl>=20.0.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/setup.py new/google_auth-2.34.0/setup.py --- old/google_auth-2.32.0/setup.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/setup.py 2024-08-19 00:51:18.000000000 +0200 @@ -32,9 +32,7 @@ "pyopenssl": ["pyopenssl>=20.0.0", "cryptography>=38.0.3"], "requests": "requests >= 2.20.0, < 3.0.0.dev0", "reauth": "pyu2f>=0.1.5", - # Enterprise cert only works for OpenSSL 1.1.1. Newer versions of these - # dependencies are built with OpenSSL 3.0 so we need to fix the version. - "enterprise_cert": ["cryptography==36.0.2", "pyopenssl==22.0.0"], + "enterprise_cert": ["cryptography", "pyopenssl"], } with io.open("README.rst", "r") as fh: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/tests/compute_engine/test__metadata.py new/google_auth-2.34.0/tests/compute_engine/test__metadata.py --- old/google_auth-2.32.0/tests/compute_engine/test__metadata.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/tests/compute_engine/test__metadata.py 2024-08-19 00:51:18.000000000 +0200 @@ -125,13 +125,15 @@ assert request.call_count == 2 -def test_ping_failure_bad_flavor(): [email protected]("time.sleep", return_value=None) +def test_ping_failure_bad_flavor(mock_sleep): request = make_request("", headers={_metadata._METADATA_FLAVOR_HEADER: "meep"}) assert not _metadata.ping(request) -def test_ping_failure_connection_failed(): [email protected]("time.sleep", return_value=None) +def test_ping_failure_connection_failed(mock_sleep): request = make_request("") request.side_effect = exceptions.TransportError() @@ -194,7 +196,8 @@ assert result[key] == value -def test_get_success_retry(): [email protected]("time.sleep", return_value=None) +def test_get_success_retry(mock_sleep): key, value = "foo", "bar" data = json.dumps({key: value}) @@ -310,7 +313,8 @@ ) -def test_get_failure(): [email protected]("time.sleep", return_value=None) +def test_get_failure(mock_sleep): request = make_request("Metadata error", status=http_client.NOT_FOUND) with pytest.raises(exceptions.TransportError) as excinfo: @@ -337,7 +341,8 @@ ) -def test_get_failure_connection_failed(): [email protected]("time.sleep", return_value=None) +def test_get_failure_connection_failed(mock_sleep): request = make_request("") request.side_effect = exceptions.TransportError() @@ -426,6 +431,74 @@ assert universe_domain == "googleapis.com" +def test_get_universe_domain_retryable_error_failure(): + # Test that if the universe domain endpoint returns a retryable error + # we should retry. + # + # In this case, the error persists, and we still fail after retrying. + request = make_request("too many requests", status=http_client.TOO_MANY_REQUESTS) + + with pytest.raises(exceptions.TransportError) as excinfo: + _metadata.get_universe_domain(request) + + assert excinfo.match(r"Compute Engine Metadata server unavailable") + + request.assert_called_with( + method="GET", + url=_metadata._METADATA_ROOT + "universe/universe_domain", + headers=_metadata._METADATA_HEADERS, + ) + assert request.call_count == 5 + + +def test_get_universe_domain_retryable_error_success(): + # Test that if the universe domain endpoint returns a retryable error + # we should retry. + # + # In this case, the error is temporary, and we succeed after retrying. + request_error = make_request( + "too many requests", status=http_client.TOO_MANY_REQUESTS + ) + request_ok = make_request( + "fake_universe_domain", headers={"content-type": "text/plain"} + ) + + class _RequestErrorOnce: + """This class forwards the request parameters to `request_error` once. + + All subsequent calls are forwarded to `request_ok`. + """ + + def __init__(self, request_error, request_ok): + self._request_error = request_error + self._request_ok = request_ok + self._call_index = 0 + + def request(self, *args, **kwargs): + if self._call_index == 0: + self._call_index += 1 + return self._request_error(*args, **kwargs) + + return self._request_ok(*args, **kwargs) + + request = _RequestErrorOnce(request_error, request_ok).request + + universe_domain = _metadata.get_universe_domain(request) + + request_error.assert_called_once_with( + method="GET", + url=_metadata._METADATA_ROOT + "universe/universe_domain", + headers=_metadata._METADATA_HEADERS, + ) + request_ok.assert_called_once_with( + method="GET", + url=_metadata._METADATA_ROOT + "universe/universe_domain", + headers=_metadata._METADATA_HEADERS, + ) + + assert universe_domain == "fake_universe_domain" + + def test_get_universe_domain_other_error(): # Test that if the universe domain endpoint returns an error other than 404 # we should throw the error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/tests/oauth2/test__client.py new/google_auth-2.34.0/tests/oauth2/test__client.py --- old/google_auth-2.32.0/tests/oauth2/test__client.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/tests/oauth2/test__client.py 2024-08-19 00:51:18.000000000 +0200 @@ -194,8 +194,8 @@ _client._token_endpoint_request( request, "http://example.com";, {"error_description": "internal_failure"} ) - # request should be called once and then with 3 retries - assert request.call_count == 4 + # request with 2 retries + assert request.call_count == 3 request = make_request( {"error": "internal_failure"}, status=http_client.BAD_REQUEST @@ -205,8 +205,8 @@ _client._token_endpoint_request( request, "http://example.com";, {"error": "internal_failure"} ) - # request should be called once and then with 3 retries - assert request.call_count == 4 + # request with 2 retries + assert request.call_count == 3 def test__token_endpoint_request_internal_failure_and_retry_failure_error(): @@ -625,6 +625,6 @@ ) if can_retry: - assert mock_request.call_count == 4 + assert mock_request.call_count == 3 else: assert mock_request.call_count == 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/tests/test__exponential_backoff.py new/google_auth-2.34.0/tests/test__exponential_backoff.py --- old/google_auth-2.32.0/tests/test__exponential_backoff.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/tests/test__exponential_backoff.py 2024-08-19 00:51:18.000000000 +0200 @@ -13,8 +13,10 @@ # limitations under the License. import mock +import pytest # type: ignore from google.auth import _exponential_backoff +from google.auth import exceptions @mock.patch("time.sleep", return_value=None) @@ -24,18 +26,31 @@ iteration_count = 0 for attempt in eb: - backoff_interval = mock_time.call_args[0][0] - jitter = curr_wait * eb._randomization_factor + if attempt == 1: + assert mock_time.call_count == 0 + else: + backoff_interval = mock_time.call_args[0][0] + jitter = curr_wait * eb._randomization_factor + + assert (curr_wait - jitter) <= backoff_interval <= (curr_wait + jitter) + assert attempt == iteration_count + 1 + assert eb.backoff_count == iteration_count + 1 + assert eb._current_wait_in_seconds == eb._multiplier ** iteration_count - assert (curr_wait - jitter) <= backoff_interval <= (curr_wait + jitter) - assert attempt == iteration_count + 1 - assert eb.backoff_count == iteration_count + 1 - assert eb._current_wait_in_seconds == eb._multiplier ** (iteration_count + 1) - - curr_wait = eb._current_wait_in_seconds + curr_wait = eb._current_wait_in_seconds iteration_count += 1 assert eb.total_attempts == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS assert eb.backoff_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS assert iteration_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS - assert mock_time.call_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS + assert ( + mock_time.call_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS - 1 + ) + + +def test_minimum_total_attempts(): + with pytest.raises(exceptions.InvalidValue): + _exponential_backoff.ExponentialBackoff(total_attempts=0) + with pytest.raises(exceptions.InvalidValue): + _exponential_backoff.ExponentialBackoff(total_attempts=-1) + _exponential_backoff.ExponentialBackoff(total_attempts=1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/tests/test_credentials_async.py new/google_auth-2.34.0/tests/test_credentials_async.py --- old/google_auth-2.32.0/tests/test_credentials_async.py 1970-01-01 01:00:00.000000000 +0100 +++ new/google_auth-2.34.0/tests/test_credentials_async.py 2024-08-19 00:51:18.000000000 +0200 @@ -0,0 +1,136 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import pytest # type: ignore + +from google.auth import exceptions +from google.auth.aio import credentials + + +class CredentialsImpl(credentials.Credentials): + pass + + +def test_credentials_constructor(): + credentials = CredentialsImpl() + assert not credentials.token + + [email protected] +async def test_before_request(): + credentials = CredentialsImpl() + request = "water" + headers = {} + credentials.token = "orchid" + + # before_request should not affect the value of the token. + await credentials.before_request(request, "http://example.com";, "GET", headers) + assert credentials.token == "orchid" + assert headers["authorization"] == "Bearer orchid" + assert "x-allowed-locations" not in headers + + request = "earth" + headers = {} + + # Second call shouldn't affect token or headers. + await credentials.before_request(request, "http://example.com";, "GET", headers) + assert credentials.token == "orchid" + assert headers["authorization"] == "Bearer orchid" + assert "x-allowed-locations" not in headers + + [email protected] +async def test_static_credentials_ctor(): + static_creds = credentials.StaticCredentials(token="orchid") + assert static_creds.token == "orchid" + + [email protected] +async def test_static_credentials_apply_default(): + static_creds = credentials.StaticCredentials(token="earth") + headers = {} + + await static_creds.apply(headers) + assert headers["authorization"] == "Bearer earth" + + await static_creds.apply(headers, token="orchid") + assert headers["authorization"] == "Bearer orchid" + + [email protected] +async def test_static_credentials_before_request(): + static_creds = credentials.StaticCredentials(token="orchid") + request = "water" + headers = {} + + # before_request should not affect the value of the token. + await static_creds.before_request(request, "http://example.com";, "GET", headers) + assert static_creds.token == "orchid" + assert headers["authorization"] == "Bearer orchid" + assert "x-allowed-locations" not in headers + + request = "earth" + headers = {} + + # Second call shouldn't affect token or headers. + await static_creds.before_request(request, "http://example.com";, "GET", headers) + assert static_creds.token == "orchid" + assert headers["authorization"] == "Bearer orchid" + assert "x-allowed-locations" not in headers + + [email protected] +async def test_static_credentials_refresh(): + static_creds = credentials.StaticCredentials(token="orchid") + request = "earth" + + with pytest.raises(exceptions.InvalidOperation) as exc: + await static_creds.refresh(request) + assert exc.match("Static credentials cannot be refreshed.") + + [email protected] +async def test_anonymous_credentials_ctor(): + anon = credentials.AnonymousCredentials() + assert anon.token is None + + [email protected] +async def test_anonymous_credentials_refresh(): + anon = credentials.AnonymousCredentials() + request = object() + with pytest.raises(exceptions.InvalidOperation) as exc: + await anon.refresh(request) + assert exc.match("Anonymous credentials cannot be refreshed.") + + [email protected] +async def test_anonymous_credentials_apply_default(): + anon = credentials.AnonymousCredentials() + headers = {} + await anon.apply(headers) + assert headers == {} + with pytest.raises(ValueError): + await anon.apply(headers, token="orchid") + + [email protected] +async def test_anonymous_credentials_before_request(): + anon = credentials.AnonymousCredentials() + request = object() + method = "GET" + url = "https://example.com/api/endpoint"; + headers = {} + await anon.before_request(request, method, url, headers) + assert headers == {} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/tests/transport/test__mtls_helper.py new/google_auth-2.34.0/tests/transport/test__mtls_helper.py --- old/google_auth-2.32.0/tests/transport/test__mtls_helper.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/tests/transport/test__mtls_helper.py 2024-08-19 00:51:18.000000000 +0200 @@ -111,15 +111,15 @@ ) -class TestCheckaMetadataPath(object): +class TestCheckConfigPath(object): def test_success(self): metadata_path = os.path.join(pytest.data_dir, "context_aware_metadata.json") - returned_path = _mtls_helper._check_dca_metadata_path(metadata_path) + returned_path = _mtls_helper._check_config_path(metadata_path) assert returned_path is not None def test_failure(self): metadata_path = os.path.join(pytest.data_dir, "not_exists.json") - returned_path = _mtls_helper._check_dca_metadata_path(metadata_path) + returned_path = _mtls_helper._check_config_path(metadata_path) assert returned_path is None @@ -275,21 +275,24 @@ class TestGetClientSslCredentials(object): @mock.patch( - "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True + "google.auth.transport._mtls_helper._get_workload_cert_and_key", autospec=True ) - @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) @mock.patch( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True + "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True ) - def test_success( + @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) + def test_success_with_context_aware_metadata( self, - mock_check_dca_metadata_path, + mock_check_config_path, mock_load_json_file, mock_run_cert_provider_command, + mock_get_workload_cert_and_key, ): - mock_check_dca_metadata_path.return_value = True + mock_check_config_path.return_value = "/path/to/config" mock_load_json_file.return_value = {"cert_provider_command": ["command"]} mock_run_cert_provider_command.return_value = (b"cert", b"key", None) + mock_get_workload_cert_and_key.return_value = (None, None) has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials() assert has_cert assert cert == b"cert" @@ -297,10 +300,42 @@ assert passphrase is None @mock.patch( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True + "google.auth.transport._mtls_helper._read_cert_and_key_files", autospec=True ) - def test_success_without_metadata(self, mock_check_dca_metadata_path): - mock_check_dca_metadata_path.return_value = False + @mock.patch( + "google.auth.transport._mtls_helper._get_cert_config_path", autospec=True + ) + @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) + def test_success_with_certificate_config( + self, + mock_check_config_path, + mock_load_json_file, + mock_get_cert_config_path, + mock_read_cert_and_key_files, + ): + cert_config_path = "/path/to/config" + mock_check_config_path.return_value = cert_config_path + mock_load_json_file.return_value = { + "cert_configs": { + "workload": {"cert_path": "cert/path", "key_path": "key/path"} + } + } + mock_get_cert_config_path.return_value = cert_config_path + mock_read_cert_and_key_files.return_value = ( + pytest.public_cert_bytes, + pytest.private_key_bytes, + ) + + has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials() + assert has_cert + assert cert == pytest.public_cert_bytes + assert key == pytest.private_key_bytes + assert passphrase is None + + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) + def test_success_without_metadata(self, mock_check_config_path): + mock_check_config_path.return_value = False has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials() assert not has_cert assert cert is None @@ -308,21 +343,24 @@ assert passphrase is None @mock.patch( - "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True + "google.auth.transport._mtls_helper._get_workload_cert_and_key", autospec=True ) - @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) @mock.patch( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True + "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True ) + @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) def test_success_with_encrypted_key( self, - mock_check_dca_metadata_path, + mock_check_config_path, mock_load_json_file, mock_run_cert_provider_command, + mock_get_workload_cert_and_key, ): - mock_check_dca_metadata_path.return_value = True + mock_check_config_path.return_value = "/path/to/config" mock_load_json_file.return_value = {"cert_provider_command": ["command"]} mock_run_cert_provider_command.return_value = (b"cert", b"key", b"passphrase") + mock_get_workload_cert_and_key.return_value = (None, None) has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials( generate_encrypted_key=True ) @@ -334,15 +372,20 @@ ["command", "--with_passphrase"], expect_encrypted_key=True ) - @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) @mock.patch( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True + "google.auth.transport._mtls_helper._get_workload_cert_and_key", autospec=True ) + @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) def test_missing_cert_command( - self, mock_check_dca_metadata_path, mock_load_json_file + self, + mock_check_config_path, + mock_load_json_file, + mock_get_workload_cert_and_key, ): - mock_check_dca_metadata_path.return_value = True + mock_check_config_path.return_value = "/path/to/config" mock_load_json_file.return_value = {} + mock_get_workload_cert_and_key.return_value = (None, None) with pytest.raises(exceptions.ClientCertError): _mtls_helper.get_client_ssl_credentials() @@ -350,17 +393,15 @@ "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True ) @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) - @mock.patch( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True - ) + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) def test_customize_context_aware_metadata_path( self, - mock_check_dca_metadata_path, + mock_check_config_path, mock_load_json_file, mock_run_cert_provider_command, ): context_aware_metadata_path = "/path/to/metata/data" - mock_check_dca_metadata_path.return_value = context_aware_metadata_path + mock_check_config_path.return_value = context_aware_metadata_path mock_load_json_file.return_value = {"cert_provider_command": ["command"]} mock_run_cert_provider_command.return_value = (b"cert", b"key", None) @@ -372,7 +413,7 @@ assert cert == b"cert" assert key == b"key" assert passphrase is None - mock_check_dca_metadata_path.assert_called_with(context_aware_metadata_path) + mock_check_config_path.assert_called_with(context_aware_metadata_path) mock_load_json_file.assert_called_with(context_aware_metadata_path) @@ -520,7 +561,7 @@ mock_path_exists.return_value = True returned_path = _mtls_helper._get_cert_config_path() expected_path = os.path.expanduser( - _mtls_helper._CERTIFICATE_CONFIGURATION_DEFAULT_PATH + _mtls_helper.CERTIFICATE_CONFIGURATION_DEFAULT_PATH ) assert returned_path == expected_path diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/tests/transport/test_grpc.py new/google_auth-2.34.0/tests/transport/test_grpc.py --- old/google_auth-2.32.0/tests/transport/test_grpc.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/tests/transport/test_grpc.py 2024-08-19 00:51:18.000000000 +0200 @@ -142,12 +142,10 @@ @mock.patch("grpc.secure_channel", autospec=True) class TestSecureAuthorizedChannel(object): @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) - @mock.patch( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True - ) + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) def test_secure_authorized_channel_adc( self, - check_dca_metadata_path, + check_config_path, load_json_file, secure_channel, ssl_channel_credentials, @@ -161,7 +159,7 @@ # Mock the context aware metadata and client cert/key so mTLS SSL channel # will be used. - check_dca_metadata_path.return_value = METADATA_PATH + check_config_path.return_value = METADATA_PATH load_json_file.return_value = {"cert_provider_command": ["some command"]} get_client_ssl_credentials.return_value = ( True, @@ -331,12 +329,10 @@ ) @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) - @mock.patch( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True - ) + @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True) def test_secure_authorized_channel_with_client_cert_callback_failure( self, - check_dca_metadata_path, + check_config_path, load_json_file, secure_channel, ssl_channel_credentials, @@ -400,19 +396,17 @@ "google.auth.transport._mtls_helper.get_client_ssl_credentials", autospec=True ) @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True) [email protected]( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True -) [email protected]("google.auth.transport._mtls_helper._check_config_path", autospec=True) class TestSslCredentials(object): def test_no_context_aware_metadata( self, - mock_check_dca_metadata_path, + mock_check_config_path, mock_load_json_file, mock_get_client_ssl_credentials, mock_ssl_channel_credentials, ): # Mock that the metadata file doesn't exist. - mock_check_dca_metadata_path.return_value = None + mock_check_config_path.return_value = None with mock.patch.dict( os.environ, {environment_vars.GOOGLE_API_USE_CLIENT_CERTIFICATE: "true"} @@ -429,12 +423,12 @@ def test_get_client_ssl_credentials_failure( self, - mock_check_dca_metadata_path, + mock_check_config_path, mock_load_json_file, mock_get_client_ssl_credentials, mock_ssl_channel_credentials, ): - mock_check_dca_metadata_path.return_value = METADATA_PATH + mock_check_config_path.return_value = METADATA_PATH mock_load_json_file.return_value = {"cert_provider_command": ["some command"]} # Mock that client cert and key are not loaded and exception is raised. @@ -448,12 +442,12 @@ def test_get_client_ssl_credentials_success( self, - mock_check_dca_metadata_path, + mock_check_config_path, mock_load_json_file, mock_get_client_ssl_credentials, mock_ssl_channel_credentials, ): - mock_check_dca_metadata_path.return_value = METADATA_PATH + mock_check_config_path.return_value = METADATA_PATH mock_load_json_file.return_value = {"cert_provider_command": ["some command"]} mock_get_client_ssl_credentials.return_value = ( True, @@ -476,7 +470,7 @@ def test_get_client_ssl_credentials_without_client_cert_env( self, - mock_check_dca_metadata_path, + mock_check_config_path, mock_load_json_file, mock_get_client_ssl_credentials, mock_ssl_channel_credentials, @@ -486,7 +480,7 @@ assert ssl_credentials.ssl_credentials is not None assert not ssl_credentials.is_mtls - mock_check_dca_metadata_path.assert_not_called() + mock_check_config_path.assert_not_called() mock_load_json_file.assert_not_called() mock_get_client_ssl_credentials.assert_not_called() mock_ssl_channel_credentials.assert_called_once() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google_auth-2.32.0/tests/transport/test_mtls.py new/google_auth-2.34.0/tests/transport/test_mtls.py --- old/google_auth-2.32.0/tests/transport/test_mtls.py 2024-07-09 01:15:05.000000000 +0200 +++ new/google_auth-2.34.0/tests/transport/test_mtls.py 2024-08-19 00:51:18.000000000 +0200 @@ -16,17 +16,30 @@ import pytest # type: ignore from google.auth import exceptions +from google.auth.transport import _mtls_helper from google.auth.transport import mtls [email protected]( - "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True -) -def test_has_default_client_cert_source(check_dca_metadata_path): - check_dca_metadata_path.return_value = mock.Mock() [email protected]("google.auth.transport._mtls_helper._check_config_path", autospec=True) +def test_has_default_client_cert_source(check_config_path): + def return_path_for_metadata(path): + return mock.Mock() if path == _mtls_helper.CONTEXT_AWARE_METADATA_PATH else None + + check_config_path.side_effect = return_path_for_metadata + assert mtls.has_default_client_cert_source() + + def return_path_for_cert_config(path): + return ( + mock.Mock() + if path == _mtls_helper.CERTIFICATE_CONFIGURATION_DEFAULT_PATH + else None + ) + + check_config_path.side_effect = return_path_for_cert_config assert mtls.has_default_client_cert_source() - check_dca_metadata_path.return_value = None + check_config_path.side_effect = None + check_config_path.return_value = None assert not mtls.has_default_client_cert_source() ++++++ python-google-auth-no-mock.patch ++++++ --- /var/tmp/diff_new_pack.GkN9Id/_old 2024-09-18 15:26:58.313063080 +0200 +++ /var/tmp/diff_new_pack.GkN9Id/_new 2024-09-18 15:26:58.317063247 +0200 @@ -1,6 +1,6 @@ -diff -Nru google-auth-2.30.0.orig/tests/compute_engine/test_credentials.py google-auth-2.30.0/tests/compute_engine/test_credentials.py ---- google-auth-2.30.0.orig/tests/compute_engine/test_credentials.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/compute_engine/test_credentials.py 2024-07-04 10:10:10.154047522 +0200 +diff -Nru google_auth-2.34.0.orig/tests/compute_engine/test_credentials.py google_auth-2.34.0/tests/compute_engine/test_credentials.py +--- google_auth-2.34.0.orig/tests/compute_engine/test_credentials.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/compute_engine/test_credentials.py 2024-09-17 09:34:09.912609514 +0200 @@ -14,7 +14,7 @@ import base64 import datetime @@ -10,9 +10,9 @@ import pytest # type: ignore import responses # type: ignore -diff -Nru google-auth-2.30.0.orig/tests/compute_engine/test__metadata.py google-auth-2.30.0/tests/compute_engine/test__metadata.py ---- google-auth-2.30.0.orig/tests/compute_engine/test__metadata.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/compute_engine/test__metadata.py 2024-07-04 10:10:10.157380876 +0200 +diff -Nru google_auth-2.34.0.orig/tests/compute_engine/test__metadata.py google_auth-2.34.0/tests/compute_engine/test__metadata.py +--- google_auth-2.34.0.orig/tests/compute_engine/test__metadata.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/compute_engine/test__metadata.py 2024-09-17 09:34:09.915942848 +0200 @@ -18,7 +18,7 @@ import json import os @@ -22,9 +22,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/conftest.py google-auth-2.30.0/tests/conftest.py ---- google-auth-2.30.0.orig/tests/conftest.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/conftest.py 2024-07-04 10:10:10.064046957 +0200 +diff -Nru google_auth-2.34.0.orig/tests/conftest.py google_auth-2.34.0/tests/conftest.py +--- google_auth-2.34.0.orig/tests/conftest.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/conftest.py 2024-09-17 09:34:09.792609487 +0200 @@ -15,7 +15,7 @@ import os import sys @@ -34,9 +34,9 @@ import pytest # type: ignore -diff -Nru google-auth-2.30.0.orig/tests/crypt/test__python_rsa.py google-auth-2.30.0/tests/crypt/test__python_rsa.py ---- google-auth-2.30.0.orig/tests/crypt/test__python_rsa.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/crypt/test__python_rsa.py 2024-07-04 10:10:10.184047711 +0200 +diff -Nru google_auth-2.34.0.orig/tests/crypt/test__python_rsa.py google_auth-2.34.0/tests/crypt/test__python_rsa.py +--- google_auth-2.34.0.orig/tests/crypt/test__python_rsa.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/crypt/test__python_rsa.py 2024-09-17 09:34:09.952609523 +0200 @@ -16,7 +16,7 @@ import json import os @@ -46,9 +46,9 @@ from pyasn1_modules import pem # type: ignore import pytest # type: ignore import rsa # type: ignore -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_challenges.py google-auth-2.30.0/tests/oauth2/test_challenges.py ---- google-auth-2.30.0.orig/tests/oauth2/test_challenges.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_challenges.py 2024-07-04 10:10:10.130714042 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_challenges.py google_auth-2.34.0/tests/oauth2/test_challenges.py +--- google_auth-2.34.0.orig/tests/oauth2/test_challenges.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_challenges.py 2024-09-17 09:34:09.879276173 +0200 @@ -18,7 +18,7 @@ import os import sys @@ -58,9 +58,9 @@ import pytest # type: ignore import pyu2f # type: ignore -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test__client.py google-auth-2.30.0/tests/oauth2/test__client.py ---- google-auth-2.30.0.orig/tests/oauth2/test__client.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test__client.py 2024-07-04 10:10:10.117380625 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test__client.py google_auth-2.34.0/tests/oauth2/test__client.py +--- google_auth-2.34.0.orig/tests/oauth2/test__client.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test__client.py 2024-09-17 09:34:09.865942837 +0200 @@ -18,7 +18,7 @@ import os import urllib @@ -70,9 +70,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_credentials.py google-auth-2.30.0/tests/oauth2/test_credentials.py ---- google-auth-2.30.0.orig/tests/oauth2/test_credentials.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_credentials.py 2024-07-04 10:10:10.124047334 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_credentials.py google_auth-2.34.0/tests/oauth2/test_credentials.py +--- google_auth-2.34.0.orig/tests/oauth2/test_credentials.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_credentials.py 2024-09-17 09:34:09.872609505 +0200 @@ -18,7 +18,7 @@ import pickle import sys @@ -82,9 +82,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_gdch_credentials.py google-auth-2.30.0/tests/oauth2/test_gdch_credentials.py ---- google-auth-2.30.0.orig/tests/oauth2/test_gdch_credentials.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_gdch_credentials.py 2024-07-04 10:10:10.110713917 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_gdch_credentials.py google_auth-2.34.0/tests/oauth2/test_gdch_credentials.py +--- google_auth-2.34.0.orig/tests/oauth2/test_gdch_credentials.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_gdch_credentials.py 2024-09-17 09:34:09.852609501 +0200 @@ -17,7 +17,7 @@ import json import os @@ -94,9 +94,9 @@ import pytest # type: ignore import requests -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_id_token.py google-auth-2.30.0/tests/oauth2/test_id_token.py ---- google-auth-2.30.0.orig/tests/oauth2/test_id_token.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_id_token.py 2024-07-04 10:10:10.110713917 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_id_token.py google_auth-2.34.0/tests/oauth2/test_id_token.py +--- google_auth-2.34.0.orig/tests/oauth2/test_id_token.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_id_token.py 2024-09-17 09:34:09.855942835 +0200 @@ -15,7 +15,7 @@ import json import os @@ -106,9 +106,9 @@ import pytest # type: ignore from google.auth import environment_vars -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_reauth.py google-auth-2.30.0/tests/oauth2/test_reauth.py ---- google-auth-2.30.0.orig/tests/oauth2/test_reauth.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_reauth.py 2024-07-04 10:10:10.127380688 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_reauth.py google_auth-2.34.0/tests/oauth2/test_reauth.py +--- google_auth-2.34.0.orig/tests/oauth2/test_reauth.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_reauth.py 2024-09-17 09:34:09.872609505 +0200 @@ -14,7 +14,7 @@ import copy @@ -118,9 +118,9 @@ import pytest # type: ignore from google.auth import exceptions -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_service_account.py google-auth-2.30.0/tests/oauth2/test_service_account.py ---- google-auth-2.30.0.orig/tests/oauth2/test_service_account.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_service_account.py 2024-07-04 10:10:10.120713979 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_service_account.py google_auth-2.34.0/tests/oauth2/test_service_account.py +--- google_auth-2.34.0.orig/tests/oauth2/test_service_account.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_service_account.py 2024-09-17 09:34:09.869276171 +0200 @@ -16,7 +16,7 @@ import json import os @@ -130,9 +130,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_sts.py google-auth-2.30.0/tests/oauth2/test_sts.py ---- google-auth-2.30.0.orig/tests/oauth2/test_sts.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_sts.py 2024-07-04 10:10:10.134047397 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_sts.py google_auth-2.34.0/tests/oauth2/test_sts.py +--- google_auth-2.34.0.orig/tests/oauth2/test_sts.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_sts.py 2024-09-17 09:34:09.882609507 +0200 @@ -16,7 +16,7 @@ import json import urllib @@ -142,18 +142,18 @@ import pytest # type: ignore from google.auth import exceptions -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_webauthn_handler_factory.py google-auth-2.30.0/tests/oauth2/test_webauthn_handler_factory.py ---- google-auth-2.30.0.orig/tests/oauth2/test_webauthn_handler_factory.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_webauthn_handler_factory.py 2024-07-04 10:10:10.137380751 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_webauthn_handler_factory.py google_auth-2.34.0/tests/oauth2/test_webauthn_handler_factory.py +--- google_auth-2.34.0.orig/tests/oauth2/test_webauthn_handler_factory.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_webauthn_handler_factory.py 2024-09-17 09:34:09.889276175 +0200 @@ -1,4 +1,4 @@ -import mock +from unittest import mock import pytest # type: ignore from google.oauth2 import webauthn_handler -diff -Nru google-auth-2.30.0.orig/tests/oauth2/test_webauthn_handler.py google-auth-2.30.0/tests/oauth2/test_webauthn_handler.py ---- google-auth-2.30.0.orig/tests/oauth2/test_webauthn_handler.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/oauth2/test_webauthn_handler.py 2024-07-04 10:10:10.114047271 +0200 +diff -Nru google_auth-2.34.0.orig/tests/oauth2/test_webauthn_handler.py google_auth-2.34.0/tests/oauth2/test_webauthn_handler.py +--- google_auth-2.34.0.orig/tests/oauth2/test_webauthn_handler.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/oauth2/test_webauthn_handler.py 2024-09-17 09:34:09.862609503 +0200 @@ -1,7 +1,7 @@ import json import struct @@ -163,9 +163,9 @@ import pytest # type: ignore from google.auth import exceptions -diff -Nru google-auth-2.30.0.orig/tests/test_app_engine.py google-auth-2.30.0/tests/test_app_engine.py ---- google-auth-2.30.0.orig/tests/test_app_engine.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_app_engine.py 2024-07-04 10:10:10.090713791 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_app_engine.py google_auth-2.34.0/tests/test_app_engine.py +--- google_auth-2.34.0.orig/tests/test_app_engine.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_app_engine.py 2024-09-17 09:34:09.832609496 +0200 @@ -14,7 +14,7 @@ import datetime @@ -175,9 +175,9 @@ import pytest # type: ignore from google.auth import app_engine -diff -Nru google-auth-2.30.0.orig/tests/test_aws.py google-auth-2.30.0/tests/test_aws.py ---- google-auth-2.30.0.orig/tests/test_aws.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_aws.py 2024-07-04 10:10:10.204047836 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_aws.py google_auth-2.34.0/tests/test_aws.py +--- google_auth-2.34.0.orig/tests/test_aws.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_aws.py 2024-09-17 09:34:09.982609530 +0200 @@ -18,7 +18,7 @@ import os import urllib.parse @@ -187,9 +187,9 @@ import pytest # type: ignore from google.auth import _helpers, external_account -diff -Nru google-auth-2.30.0.orig/tests/test__cloud_sdk.py google-auth-2.30.0/tests/test__cloud_sdk.py ---- google-auth-2.30.0.orig/tests/test__cloud_sdk.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test__cloud_sdk.py 2024-07-04 10:10:10.100713854 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test__cloud_sdk.py google_auth-2.34.0/tests/test__cloud_sdk.py +--- google_auth-2.34.0.orig/tests/test__cloud_sdk.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test__cloud_sdk.py 2024-09-17 09:34:09.842609498 +0200 @@ -18,7 +18,7 @@ import subprocess import sys @@ -199,9 +199,9 @@ import pytest # type: ignore from google.auth import _cloud_sdk -diff -Nru google-auth-2.30.0.orig/tests/test_credentials.py google-auth-2.30.0/tests/test_credentials.py ---- google-auth-2.30.0.orig/tests/test_credentials.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_credentials.py 2024-07-04 10:10:10.144047460 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_credentials.py google_auth-2.34.0/tests/test_credentials.py +--- google_auth-2.34.0.orig/tests/test_credentials.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_credentials.py 2024-09-17 09:34:09.899276178 +0200 @@ -14,7 +14,7 @@ import datetime @@ -211,9 +211,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/test__default.py google-auth-2.30.0/tests/test__default.py ---- google-auth-2.30.0.orig/tests/test__default.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test__default.py 2024-07-04 10:10:10.147380814 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test__default.py google_auth-2.34.0/tests/test__default.py +--- google_auth-2.34.0.orig/tests/test__default.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test__default.py 2024-09-17 09:34:09.902609512 +0200 @@ -15,7 +15,7 @@ import json import os @@ -223,9 +223,9 @@ import pytest # type: ignore from google.auth import _default -diff -Nru google-auth-2.30.0.orig/tests/test_downscoped.py google-auth-2.30.0/tests/test_downscoped.py ---- google-auth-2.30.0.orig/tests/test_downscoped.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_downscoped.py 2024-07-04 10:10:10.154047522 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_downscoped.py google_auth-2.34.0/tests/test_downscoped.py +--- google_auth-2.34.0.orig/tests/test_downscoped.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_downscoped.py 2024-09-17 09:34:09.909276180 +0200 @@ -17,7 +17,7 @@ import json import urllib @@ -235,21 +235,21 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/test__exponential_backoff.py google-auth-2.30.0/tests/test__exponential_backoff.py ---- google-auth-2.30.0.orig/tests/test__exponential_backoff.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test__exponential_backoff.py 2024-07-04 10:10:10.054046894 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test__exponential_backoff.py google_auth-2.34.0/tests/test__exponential_backoff.py +--- google_auth-2.34.0.orig/tests/test__exponential_backoff.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test__exponential_backoff.py 2024-09-17 09:34:09.779276151 +0200 @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -import mock +from unittest import mock + import pytest # type: ignore from google.auth import _exponential_backoff - -diff -Nru google-auth-2.30.0.orig/tests/test_external_account_authorized_user.py google-auth-2.30.0/tests/test_external_account_authorized_user.py ---- google-auth-2.30.0.orig/tests/test_external_account_authorized_user.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_external_account_authorized_user.py 2024-07-04 10:10:10.150714168 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_external_account_authorized_user.py google_auth-2.34.0/tests/test_external_account_authorized_user.py +--- google_auth-2.34.0.orig/tests/test_external_account_authorized_user.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_external_account_authorized_user.py 2024-09-17 09:34:09.905942846 +0200 @@ -16,7 +16,7 @@ import http.client as http_client import json @@ -259,9 +259,9 @@ import pytest # type: ignore from google.auth import exceptions -diff -Nru google-auth-2.30.0.orig/tests/test_external_account.py google-auth-2.30.0/tests/test_external_account.py ---- google-auth-2.30.0.orig/tests/test_external_account.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_external_account.py 2024-07-04 10:10:10.057380248 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_external_account.py google_auth-2.34.0/tests/test_external_account.py +--- google_auth-2.34.0.orig/tests/test_external_account.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_external_account.py 2024-09-17 09:34:09.785942819 +0200 @@ -17,7 +17,7 @@ import json import urllib @@ -271,9 +271,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/test_iam.py google-auth-2.30.0/tests/test_iam.py ---- google-auth-2.30.0.orig/tests/test_iam.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_iam.py 2024-07-04 10:10:10.164047585 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_iam.py google_auth-2.34.0/tests/test_iam.py +--- google_auth-2.34.0.orig/tests/test_iam.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_iam.py 2024-09-17 09:34:09.922609517 +0200 @@ -17,7 +17,7 @@ import http.client as http_client import json @@ -283,9 +283,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/test_identity_pool.py google-auth-2.30.0/tests/test_identity_pool.py ---- google-auth-2.30.0.orig/tests/test_identity_pool.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_identity_pool.py 2024-07-04 10:10:10.167380939 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_identity_pool.py google_auth-2.34.0/tests/test_identity_pool.py +--- google_auth-2.34.0.orig/tests/test_identity_pool.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_identity_pool.py 2024-09-17 09:34:09.925942850 +0200 @@ -18,7 +18,7 @@ import os import urllib @@ -295,9 +295,9 @@ import pytest # type: ignore from google.auth import _helpers, external_account -diff -Nru google-auth-2.30.0.orig/tests/test_impersonated_credentials.py google-auth-2.30.0/tests/test_impersonated_credentials.py ---- google-auth-2.30.0.orig/tests/test_impersonated_credentials.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_impersonated_credentials.py 2024-07-04 10:10:10.200714482 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_impersonated_credentials.py google_auth-2.34.0/tests/test_impersonated_credentials.py +--- google_auth-2.34.0.orig/tests/test_impersonated_credentials.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_impersonated_credentials.py 2024-09-17 09:34:09.972609528 +0200 @@ -17,7 +17,7 @@ import json import os @@ -307,9 +307,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/test_jwt.py google-auth-2.30.0/tests/test_jwt.py ---- google-auth-2.30.0.orig/tests/test_jwt.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_jwt.py 2024-07-04 10:10:10.170714294 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_jwt.py google_auth-2.34.0/tests/test_jwt.py +--- google_auth-2.34.0.orig/tests/test_jwt.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_jwt.py 2024-09-17 09:34:09.929276184 +0200 @@ -17,7 +17,7 @@ import json import os @@ -319,9 +319,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/test_metrics.py google-auth-2.30.0/tests/test_metrics.py ---- google-auth-2.30.0.orig/tests/test_metrics.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_metrics.py 2024-07-04 10:10:10.107380563 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_metrics.py google_auth-2.34.0/tests/test_metrics.py +--- google_auth-2.34.0.orig/tests/test_metrics.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_metrics.py 2024-09-17 09:34:09.849276167 +0200 @@ -14,7 +14,7 @@ import platform @@ -331,9 +331,9 @@ from google.auth import metrics from google.auth import version -diff -Nru google-auth-2.30.0.orig/tests/test__oauth2client.py google-auth-2.30.0/tests/test__oauth2client.py ---- google-auth-2.30.0.orig/tests/test__oauth2client.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test__oauth2client.py 2024-07-04 10:10:10.094047145 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test__oauth2client.py google_auth-2.34.0/tests/test__oauth2client.py +--- google_auth-2.34.0.orig/tests/test__oauth2client.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test__oauth2client.py 2024-09-17 09:34:09.835942830 +0200 @@ -17,7 +17,7 @@ import os import sys @@ -343,9 +343,9 @@ import pytest # type: ignore try: -diff -Nru google-auth-2.30.0.orig/tests/test_pluggable.py google-auth-2.30.0/tests/test_pluggable.py ---- google-auth-2.30.0.orig/tests/test_pluggable.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test_pluggable.py 2024-07-04 10:10:10.200714482 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test_pluggable.py google_auth-2.34.0/tests/test_pluggable.py +--- google_auth-2.34.0.orig/tests/test_pluggable.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test_pluggable.py 2024-09-17 09:34:09.975942862 +0200 @@ -16,7 +16,7 @@ import os import subprocess @@ -355,9 +355,9 @@ import pytest # type: ignore from google.auth import exceptions -diff -Nru google-auth-2.30.0.orig/tests/test__refresh_worker.py google-auth-2.30.0/tests/test__refresh_worker.py ---- google-auth-2.30.0.orig/tests/test__refresh_worker.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/test__refresh_worker.py 2024-07-04 10:10:10.187381065 +0200 +diff -Nru google_auth-2.34.0.orig/tests/test__refresh_worker.py google_auth-2.34.0/tests/test__refresh_worker.py +--- google_auth-2.34.0.orig/tests/test__refresh_worker.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/test__refresh_worker.py 2024-09-17 09:34:09.955942857 +0200 @@ -17,7 +17,7 @@ import threading import time @@ -367,9 +367,9 @@ import pytest # type: ignore from google.auth import _refresh_worker, credentials, exceptions -diff -Nru google-auth-2.30.0.orig/tests/transport/test__custom_tls_signer.py google-auth-2.30.0/tests/transport/test__custom_tls_signer.py ---- google-auth-2.30.0.orig/tests/transport/test__custom_tls_signer.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/transport/test__custom_tls_signer.py 2024-07-04 10:10:10.067380311 +0200 +diff -Nru google_auth-2.34.0.orig/tests/transport/test__custom_tls_signer.py google_auth-2.34.0/tests/transport/test__custom_tls_signer.py +--- google_auth-2.34.0.orig/tests/transport/test__custom_tls_signer.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/transport/test__custom_tls_signer.py 2024-09-17 09:34:09.799276155 +0200 @@ -15,7 +15,7 @@ import ctypes import os @@ -379,9 +379,9 @@ import pytest # type: ignore from requests.packages.urllib3.util.ssl_ import create_urllib3_context # type: ignore import urllib3.contrib.pyopenssl # type: ignore -diff -Nru google-auth-2.30.0.orig/tests/transport/test_grpc.py google-auth-2.30.0/tests/transport/test_grpc.py ---- google-auth-2.30.0.orig/tests/transport/test_grpc.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/transport/test_grpc.py 2024-07-04 10:10:10.070713666 +0200 +diff -Nru google_auth-2.34.0.orig/tests/transport/test_grpc.py google_auth-2.34.0/tests/transport/test_grpc.py +--- google_auth-2.34.0.orig/tests/transport/test_grpc.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/transport/test_grpc.py 2024-09-17 09:34:09.802609489 +0200 @@ -16,7 +16,7 @@ import os import time @@ -391,9 +391,9 @@ import pytest # type: ignore from google.auth import _helpers -diff -Nru google-auth-2.30.0.orig/tests/transport/test__mtls_helper.py google-auth-2.30.0/tests/transport/test__mtls_helper.py ---- google-auth-2.30.0.orig/tests/transport/test__mtls_helper.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/transport/test__mtls_helper.py 2024-07-04 10:10:10.077380374 +0200 +diff -Nru google_auth-2.34.0.orig/tests/transport/test__mtls_helper.py google_auth-2.34.0/tests/transport/test__mtls_helper.py +--- google_auth-2.34.0.orig/tests/transport/test__mtls_helper.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/transport/test__mtls_helper.py 2024-09-17 09:34:09.812609492 +0200 @@ -15,7 +15,7 @@ import os import re @@ -403,9 +403,9 @@ from OpenSSL import crypto import pytest # type: ignore -diff -Nru google-auth-2.30.0.orig/tests/transport/test_mtls.py google-auth-2.30.0/tests/transport/test_mtls.py ---- google-auth-2.30.0.orig/tests/transport/test_mtls.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/transport/test_mtls.py 2024-07-04 10:10:10.080713728 +0200 +diff -Nru google_auth-2.34.0.orig/tests/transport/test_mtls.py google_auth-2.34.0/tests/transport/test_mtls.py +--- google_auth-2.34.0.orig/tests/transport/test_mtls.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/transport/test_mtls.py 2024-09-17 09:34:09.815942826 +0200 @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. @@ -415,9 +415,9 @@ import pytest # type: ignore from google.auth import exceptions -diff -Nru google-auth-2.30.0.orig/tests/transport/test_requests.py google-auth-2.30.0/tests/transport/test_requests.py ---- google-auth-2.30.0.orig/tests/transport/test_requests.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/transport/test_requests.py 2024-07-04 10:10:10.084047083 +0200 +diff -Nru google_auth-2.34.0.orig/tests/transport/test_requests.py google_auth-2.34.0/tests/transport/test_requests.py +--- google_auth-2.34.0.orig/tests/transport/test_requests.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/transport/test_requests.py 2024-09-17 09:34:09.819276160 +0200 @@ -19,7 +19,7 @@ import sys @@ -427,9 +427,9 @@ import OpenSSL import pytest # type: ignore import requests -diff -Nru google-auth-2.30.0.orig/tests/transport/test_urllib3.py google-auth-2.30.0/tests/transport/test_urllib3.py ---- google-auth-2.30.0.orig/tests/transport/test_urllib3.py 2024-06-07 01:17:33.000000000 +0200 -+++ google-auth-2.30.0/tests/transport/test_urllib3.py 2024-07-04 10:10:10.064046957 +0200 +diff -Nru google_auth-2.34.0.orig/tests/transport/test_urllib3.py google_auth-2.34.0/tests/transport/test_urllib3.py +--- google_auth-2.34.0.orig/tests/transport/test_urllib3.py 2024-08-19 00:51:18.000000000 +0200 ++++ google_auth-2.34.0/tests/transport/test_urllib3.py 2024-09-17 09:34:09.795942821 +0200 @@ -16,7 +16,7 @@ import os import sys
