Hello community, here is the log from the commit of package python-google-auth for openSUSE:Factory checked in at 2019-03-29 20:35:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-google-auth (Old) and /work/SRC/openSUSE:Factory/.python-google-auth.new.25356 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-google-auth" Fri Mar 29 20:35:30 2019 rev:6 rq:685333 version:1.6.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-google-auth/python-google-auth.changes 2018-12-19 13:53:46.546923012 +0100 +++ /work/SRC/openSUSE:Factory/.python-google-auth.new.25356/python-google-auth.changes 2019-03-29 20:35:31.426546888 +0100 @@ -1,0 +2,14 @@ +Fri Mar 15 10:53:23 UTC 2019 - Tomáš Chvátal <[email protected]> + +- Update to 1.6.3: + * follow rfc 7515 : strip padding from JWS segments #324 (#324) + * Add retry to _metadata.ping() (#323) + * Announce deprecation of Python 2.7 (#311) + * Link all the PRs in CHANGELOG (#307) + * Automatically refresh impersonated credentials (#304) + * Add google.auth.impersonated_credentials (#299) + * Enable static type checking with pytype (#298) + * Make classifiers in setup.py an array. (#280) +- Drop oauth-no-appengine.patch should not be needed + +------------------------------------------------------------------- Old: ---- google-auth-1.5.1.tar.gz oauth-no-appengine.patch New: ---- google-auth-1.6.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-google-auth.spec ++++++ --- /var/tmp/diff_new_pack.1c764w/_old 2019-03-29 20:35:31.994545858 +0100 +++ /var/tmp/diff_new_pack.1c764w/_new 2019-03-29 20:35:31.994545858 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-google-auth # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,14 +18,13 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-google-auth -Version: 1.5.1 +Version: 1.6.3 Release: 0 Summary: Google Authentication Library License: Apache-2.0 Group: Development/Languages/Python URL: https://github.com/GoogleCloudPlatform/google-auth-library-python Source: https://files.pythonhosted.org/packages/source/g/google-auth/google-auth-%{version}.tar.gz -Patch0: oauth-no-appengine.patch BuildRequires: %{python_module Flask} BuildRequires: %{python_module cachetools} BuildRequires: %{python_module cryptography} @@ -62,7 +61,6 @@ %prep %setup -q -n google-auth-%{version} -%patch0 -p1 %build %python_build @@ -72,7 +70,7 @@ %python_expand %fdupes %{buildroot}%{$python_sitelib} %check -%python_expand py.test-%{$python_bin_suffix} +%pytest %files %{python_files} %license LICENSE ++++++ google-auth-1.5.1.tar.gz -> google-auth-1.6.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/CHANGELOG.rst new/google-auth-1.6.3/CHANGELOG.rst --- old/google-auth-1.5.1/CHANGELOG.rst 2018-08-01 01:16:19.000000000 +0200 +++ new/google-auth-1.6.3/CHANGELOG.rst 2019-02-19 22:13:34.000000000 +0100 @@ -1,95 +1,152 @@ Changelog ========= +v1.6.3 +------ + +02-15-2019 9:31 PST + +Implementation Changes ++++++++++++++ + +- follow rfc 7515 : strip padding from JWS segments #324 (`#324 <https://github.com/googleapis/google-auth-library-python/pull/324>`_) +- Add retry to _metadata.ping() (`#323 <https://github.com/googleapis/google-auth-library-python/pull/323>`_) + +v1.6.2 +------ + +12-17-2018 10:51 PST + +Documentation ++++++++++++++ + +- Announce deprecation of Python 2.7 (`#311 <https://github.com/googleapis/google-auth-library-python/pull/311>`_) +- Link all the PRs in CHANGELOG (`#307 <https://github.com/googleapis/google-auth-library-python/pull/307>`_) + +v1.6.1 +------ + +11-12-2018 10:10 PST + +Implementation Changes +++++++++++++++++++++++ + +- Automatically refresh impersonated credentials (`#304 <https://github.com/googleapis/google-auth-library-python/pull/304>`_) + +v1.6.0 +------ + +11-09-2018 11:07 PST + +New Features +++++++++++++ + +- Add google.auth.impersonated_credentials (`#299 <https://github.com/googleapis/google-auth-library-python/pull/299>`_) + +Documentation ++++++++++++++ + +- Update link to documentation for default credentials (`#296 <https://github.com/googleapis/google-auth-library-python/pull/296>`_) +- Update github issue templates (`#300 <https://github.com/googleapis/google-auth-library-python/pull/300>`_) +- Remove punctuation which becomes part of the url (`#284 <https://github.com/googleapis/google-auth-library-python/pull/284>`_) + +Internal / Testing Changes +++++++++++++++++++++++++++ + +- Update trampoline.sh (`#302 <https://github.com/googleapis/google-auth-library-python/pull/302>`_) +- Enable static type checking with pytype (`#298 <https://github.com/googleapis/google-auth-library-python/pull/298>`_) +- Make classifiers in setup.py an array. (`#280 <https://github.com/googleapis/google-auth-library-python/pull/280>`_) + + v1.5.1 ------ -- Fix check for error text on Python 3.7. (#278) -- Use new Auth URIs. (#281) -- Add code-of-conduct document. (#270) -- Fix some typos in test_urllib3.py (#268) +- Fix check for error text on Python 3.7. (`#278 <https://github.com/googleapis/google-auth-library-python/pull/#278>`_) +- Use new Auth URIs. (`#281 <https://github.com/googleapis/google-auth-library-python/pull/#281>`_) +- Add code-of-conduct document. (`#270 <https://github.com/googleapis/google-auth-library-python/pull/#270>`_) +- Fix some typos in test_urllib3.py (`#268 <https://github.com/googleapis/google-auth-library-python/pull/#268>`_) v1.5.0 ------ -- Warn when using user credentials from the Cloud SDK (#266) -- Add compute engine-based IDTokenCredentials (#236) -- Corrected some typos (#265) +- Warn when using user credentials from the Cloud SDK (`#266 <https://github.com/googleapis/google-auth-library-python/pull/266>`_) +- Add compute engine-based IDTokenCredentials (`#236 <https://github.com/googleapis/google-auth-library-python/pull/236>`_) +- Corrected some typos (`#265 <https://github.com/googleapis/google-auth-library-python/pull/265>`_) v1.4.2 ------ -- Raise a helpful exception when trying to refresh credentials without a refresh token. (#262) -- Fix links to README and CONTRIBUTING in docs/index.rst. (#260) -- Fix a typo in credentials.py. (#256) -- Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255) -- Fix typo on exemple of jwt usage (#245) +- Raise a helpful exception when trying to refresh credentials without a refresh token. (`#262 <https://github.com/googleapis/google-auth-library-python/pull/262>`_) +- Fix links to README and CONTRIBUTING in docs/index.rst. (`#260 <https://github.com/googleapis/google-auth-library-python/pull/260>`_) +- Fix a typo in credentials.py. (`#256 <https://github.com/googleapis/google-auth-library-python/pull/256>`_) +- Use pytest instead of py.test per upstream recommendation, #dropthedot. (`#255 <https://github.com/googleapis/google-auth-library-python/pull/255>`_) +- Fix typo on exemple of jwt usage (`#245 <https://github.com/googleapis/google-auth-library-python/pull/245>`_) v1.4.1 ------ -- Added a check for the cryptography version before attempting to use it. (#243) +- Added a check for the cryptography version before attempting to use it. (`#243 <https://github.com/googleapis/google-auth-library-python/pull/243>`_) v1.4.0 ------ -- Added `cryptography`-based RSA signer and verifier. (#185) -- Added `google.oauth2.service_account.IDTokenCredentials`. (#234) -- Improved documentation around ID Tokens (#224) +- Added `cryptography`-based RSA signer and verifier. (`#185 <https://github.com/googleapis/google-auth-library-python/pull/185>`_) +- Added `google.oauth2.service_account.IDTokenCredentials`. (`#234 <https://github.com/googleapis/google-auth-library-python/pull/234>`_) +- Improved documentation around ID Tokens (`#224 <https://github.com/googleapis/google-auth-library-python/pull/224>`_) v1.3.0 ------ -- Added ``google.oauth2.credentials.Credentials.from_authorized_user_file`` (#226) -- Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` specify the right version. (#230) -- ``default()`` now checks for the project ID environment var before warning about missing project ID. (#227) -- Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. (#228) -- Fixed example in docstring for ``ReadOnlyScoped``. (#219) -- Made ``transport.requests`` use timeouts and retries to improve reliability. (#220) +- Added ``google.oauth2.credentials.Credentials.from_authorized_user_file`` (`#226 <https://github.com/googleapis/google-auth-library-python/pull/#226>`_) +- Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` specify the right version. (`#230 <https://github.com/googleapis/google-auth-library-python/pull/#230>`_) +- ``default()`` now checks for the project ID environment var before warning about missing project ID. (`#227 <https://github.com/googleapis/google-auth-library-python/pull/#227>`_) +- Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. (`#228 <https://github.com/googleapis/google-auth-library-python/pull/#228>`_) +- Fixed example in docstring for ``ReadOnlyScoped``. (`#219 <https://github.com/googleapis/google-auth-library-python/pull/#219>`_) +- Made ``transport.requests`` use timeouts and retries to improve reliability. (`#220 <https://github.com/googleapis/google-auth-library-python/pull/#220>`_) v1.2.1 ------ -- Excluded compiled Python files in source distributions. (#215) -- Updated docs for creating RSASigner from string. (#213) -- Use ``six.raise_from`` wherever possible. (#212) -- Fixed a typo in a comment ``seconds`` not ``sections``. (#210) +- Excluded compiled Python files in source distributions. (`#215 <https://github.com/googleapis/google-auth-library-python/pull/#215>`_) +- Updated docs for creating RSASigner from string. (`#213 <https://github.com/googleapis/google-auth-library-python/pull/#213>`_) +- Use ``six.raise_from`` wherever possible. (`#212 <https://github.com/googleapis/google-auth-library-python/pull/#212>`_) +- Fixed a typo in a comment ``seconds`` not ``sections``. (`#210 <https://github.com/googleapis/google-auth-library-python/pull/#210>`_) v1.2.0 ------ -- Added ``google.auth.credentials.AnonymousCredentials``. (#206) -- Updated the documentation to link to the Google Cloud Platform Python setup guide (#204) +- Added ``google.auth.credentials.AnonymousCredentials``. (`#206 <https://github.com/googleapis/google-auth-library-python/pull/#206>`_) +- Updated the documentation to link to the Google Cloud Platform Python setup guide (`#204 <https://github.com/googleapis/google-auth-library-python/pull/#204>`_) v1.1.1 ------ -- ``google.oauth.credentials.Credentials`` now correctly inherits from ``ReadOnlyScoped`` instead of ``Scoped``. (#200) +- ``google.oauth.credentials.Credentials`` now correctly inherits from ``ReadOnlyScoped`` instead of ``Scoped``. (`#200 <https://github.com/googleapis/google-auth-library-python/pull/#200>`_) v1.1.0 ------ -- Added ``service_account.Credentials.project_id``. (#187) -- Move read-only methods of ``credentials.Scoped`` into new interface ``credentials.ReadOnlyScoped``. (#195, #196) -- Make ``compute_engine.Credentials`` derive from ``ReadOnlyScoped`` instead of ``Scoped``. (#195) -- Fix App Engine's expiration calculation (#197) -- Split ``crypt`` module into a package to allow alternative implementations. (#189) -- Add error message to handle case of empty string or missing file for GOOGLE_APPLICATION_CREDENTIALS (#188) +- Added ``service_account.Credentials.project_id``. (`#187 <https://github.com/googleapis/google-auth-library-python/pull/#187>`_) +- Move read-only methods of ``credentials.Scoped`` into new interface ``credentials.ReadOnlyScoped``. (`#195 <https://github.com/googleapis/google-auth-library-python/pull/#195>`_, `#196 <https://github.com/googleapis/google-auth-library-python/pull/#196>`_) +- Make ``compute_engine.Credentials`` derive from ``ReadOnlyScoped`` instead of ``Scoped``. (`#195 <https://github.com/googleapis/google-auth-library-python/pull/#195>`_) +- Fix App Engine's expiration calculation (`#197 <https://github.com/googleapis/google-auth-library-python/pull/#197>`_) +- Split ``crypt`` module into a package to allow alternative implementations. (`#189 <https://github.com/googleapis/google-auth-library-python/pull/#189>`_) +- Add error message to handle case of empty string or missing file for GOOGLE_APPLICATION_CREDENTIALS (`#188 <https://github.com/googleapis/google-auth-library-python/pull/#188>`_) v1.0.2 ------ -- Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (#179) -- Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (#175) -- Added documentation for using the library on Google App Engine standard. (#172) -- Testing style updates. (#168) -- Added documentation around the oauth2client deprecation. (#165) -- Fixed a few lint issues caught by newer versions of pylint. (#166) +- Fixed a bug where the Cloud SDK executable could not be found on Windows, leading to project ID detection failing. (`#179 <https://github.com/googleapis/google-auth-library-python/pull/#179>`_) +- Fixed a bug where the timeout argument wasn't being passed through the httplib transport correctly. (`#175 <https://github.com/googleapis/google-auth-library-python/pull/#175>`_) +- Added documentation for using the library on Google App Engine standard. (`#172 <https://github.com/googleapis/google-auth-library-python/pull/#172>`_) +- Testing style updates. (`#168 <https://github.com/googleapis/google-auth-library-python/pull/#168>`_) +- Added documentation around the oauth2client deprecation. (`#165 <https://github.com/googleapis/google-auth-library-python/pull/#165>`_) +- Fixed a few lint issues caught by newer versions of pylint. (`#166 <https://github.com/googleapis/google-auth-library-python/pull/#166>`_) v1.0.1 ------ -- Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (#158) +- Fixed a bug in the clock skew accommodation logic where expired credentials could be used for up to 5 minutes. (`#158 <https://github.com/googleapis/google-auth-library-python/pull/158>`_) v1.0.0 ------ @@ -100,87 +157,87 @@ v0.10.0 ------- -- Added ``jwt.OnDemandCredentials``. (#142) -- Added new public property ``id_token`` to ``oauth2.credentials.Credentials``. (#150) -- Added the ability to set the address used to communicate with the Compute Engine metadata server via the ``GCE_METADATA_ROOT`` and ``GCE_METADATA_IP`` environment variables. (#148) -- Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (#147) -- Modified expiration logic to add a 5 minute clock skew accommodation. (#145) +- Added ``jwt.OnDemandCredentials``. (`#142 <https://github.com/googleapis/google-auth-library-python/pull/142>`_) +- Added new public property ``id_token`` to ``oauth2.credentials.Credentials``. (`#150 <https://github.com/googleapis/google-auth-library-python/pull/150>`_) +- Added the ability to set the address used to communicate with the Compute Engine metadata server via the ``GCE_METADATA_ROOT`` and ``GCE_METADATA_IP`` environment variables. (`#148 <https://github.com/googleapis/google-auth-library-python/pull/148>`_) +- Changed the way cloud project IDs are ascertained from the Google Cloud SDK. (`#147 <https://github.com/googleapis/google-auth-library-python/pull/147>`_) +- Modified expiration logic to add a 5 minute clock skew accommodation. (`#145 <https://github.com/googleapis/google-auth-library-python/pull/145>`_) v0.9.0 ------ -- Added ``service_account.Credentials.with_claims``. (#140) -- Moved ``google.auth.oauthlib`` and ``google.auth.flow`` to a new separate package ``google_auth_oauthlib``. (#137, #139, #135, #126) -- Added ``InstalledAppFlow`` to ``google_auth_oauthlib``. (#128) -- Fixed some packaging and documentation issues. (#131) -- Added a helpful error message when importing optional dependencies. (#125) -- Made all properties required to reconstruct ``google.oauth2.credentials.Credentials`` public. (#124) -- Added official Python 3.6 support. (#102) -- Added ``jwt.Credentials.from_signing_credentials`` and removed ``service_account.Credentials.to_jwt_credentials``. (#120) +- Added ``service_account.Credentials.with_claims``. (`#140 <https://github.com/googleapis/google-auth-library-python/pull/140>`_) +- Moved ``google.auth.oauthlib`` and ``google.auth.flow`` to a new separate package ``google_auth_oauthlib``. (`#137 <https://github.com/googleapis/google-auth-library-python/pull/137>`_, `#139 <https://github.com/googleapis/google-auth-library-python/pull/139>`_, `#135 <https://github.com/googleapis/google-auth-library-python/pull/135>`_, `#126 <https://github.com/googleapis/google-auth-library-python/pull/126>`_) +- Added ``InstalledAppFlow`` to ``google_auth_oauthlib``. (`#128 <https://github.com/googleapis/google-auth-library-python/pull/128>`_) +- Fixed some packaging and documentation issues. (`#131 <https://github.com/googleapis/google-auth-library-python/pull/131>`_) +- Added a helpful error message when importing optional dependencies. (`#125 <https://github.com/googleapis/google-auth-library-python/pull/125>`_) +- Made all properties required to reconstruct ``google.oauth2.credentials.Credentials`` public. (`#124 <https://github.com/googleapis/google-auth-library-python/pull/124>`_) +- Added official Python 3.6 support. (`#102 <https://github.com/googleapis/google-auth-library-python/pull/102>`_) +- Added ``jwt.Credentials.from_signing_credentials`` and removed ``service_account.Credentials.to_jwt_credentials``. (`#120 <https://github.com/googleapis/google-auth-library-python/pull/120>`_) v0.8.0 ------ -- Removed one-time token behavior from ``jwt.Credentials``, audience claim is now required and fixed. (#117) -- ``crypt.Signer`` and ``crypt.Verifier`` are now abstract base classes. The concrete implementations have been renamed to ``crypt.RSASigner`` and ``crypt.RSAVerifier``. ``app_engine.Signer`` and ``iam.Signer`` now inherit from ``crypt.Signer``. (#115) -- ``transport.grpc`` now correctly calls ``Credentials.before_request``. (#116) +- Removed one-time token behavior from ``jwt.Credentials``, audience claim is now required and fixed. (`#117 <https://github.com/googleapis/google-auth-library-python/pull/117>`_) +- ``crypt.Signer`` and ``crypt.Verifier`` are now abstract base classes. The concrete implementations have been renamed to ``crypt.RSASigner`` and ``crypt.RSAVerifier``. ``app_engine.Signer`` and ``iam.Signer`` now inherit from ``crypt.Signer``. (`#115 <https://github.com/googleapis/google-auth-library-python/pull/115>`_) +- ``transport.grpc`` now correctly calls ``Credentials.before_request``. (`#116 <https://github.com/googleapis/google-auth-library-python/pull/116>`_) v0.7.0 ------ -- Added ``google.auth.iam.Signer``. (#108) -- Fixed issue where ``google.auth.app_engine.Signer`` erroneously returns a tuple from ``sign()``. (#109) -- Added public property ``google.auth.credentials.Signing.signer``. (#110) +- Added ``google.auth.iam.Signer``. (`#108 <https://github.com/googleapis/google-auth-library-python/pull/108>`_) +- Fixed issue where ``google.auth.app_engine.Signer`` erroneously returns a tuple from ``sign()``. (`#109 <https://github.com/googleapis/google-auth-library-python/pull/109>`_) +- Added public property ``google.auth.credentials.Signing.signer``. (`#110 <https://github.com/googleapis/google-auth-library-python/pull/110>`_) v0.6.0 ------ -- Added experimental integration with ``requests-oauthlib`` in ``google.oauth2.oauthlib`` and ``google.oauth2.flow``. (#100, #105, #106) -- Fixed typo in ``google_auth_httplib2``'s README. (#105) +- Added experimental integration with ``requests-oauthlib`` in ``google.oauth2.oauthlib`` and ``google.oauth2.flow``. (`#100 <https://github.com/googleapis/google-auth-library-python/pull/100>`_, `#105 <https://github.com/googleapis/google-auth-library-python/pull/105>`_, `#106 <https://github.com/googleapis/google-auth-library-python/pull/106>`_) +- Fixed typo in ``google_auth_httplib2``'s README. (`#105 <https://github.com/googleapis/google-auth-library-python/pull/105>`_) v0.5.0 ------ -- Added ``app_engine.Signer``. (#97) -- Added ``crypt.Signer.from_service_account_file``. (#95) -- Fixed error handling in the oauth2 client. (#96) +- Added ``app_engine.Signer``. (`#97 <https://github.com/googleapis/google-auth-library-python/pull/97>`_) +- Added ``crypt.Signer.from_service_account_file``. (`#95 <https://github.com/googleapis/google-auth-library-python/pull/95>`_) +- Fixed error handling in the oauth2 client. (`#96 <https://github.com/googleapis/google-auth-library-python/pull/96>`_) - Fixed the App Engine system tests. v0.4.0 ------ -- ``transports.grpc.secure_authorized_channel`` now passes ``kwargs`` to ``grpc.secure_channel``. (#90) -- Added new property ``credentials.Singing.signer_email`` which can be used to identify the signer of a message. (#89) +- ``transports.grpc.secure_authorized_channel`` now passes ``kwargs`` to ``grpc.secure_channel``. (`#90 <https://github.com/googleapis/google-auth-library-python/pull/90>`_) +- Added new property ``credentials.Singing.signer_email`` which can be used to identify the signer of a message. (`#89 <https://github.com/googleapis/google-auth-library-python/pull/89>`_) - (google_auth_httplib2) Added a proxy to ``httplib2.Http.connections``. v0.3.2 ------ -- Fixed an issue where an ``ImportError`` would occur if ``google.oauth2`` was imported before ``google.auth``. (#88) +- Fixed an issue where an ``ImportError`` would occur if ``google.oauth2`` was imported before ``google.auth``. (`#88 <https://github.com/googleapis/google-auth-library-python/pull/88>`_) v0.3.1 ------ -- Fixed a bug where non-padded base64 encoded strings were not accepted. (#87) -- Fixed a bug where ID token verification did not correctly call the HTTP request function. (#87) +- Fixed a bug where non-padded base64 encoded strings were not accepted. (`#87 <https://github.com/googleapis/google-auth-library-python/pull/87>`_) +- Fixed a bug where ID token verification did not correctly call the HTTP request function. (`#87 <https://github.com/googleapis/google-auth-library-python/pull/87>`_) v0.3.0 ------ -- Added Google ID token verification helpers. (#82) -- Swapped the ``target`` and ``request`` argument order for ``grpc.secure_authorized_channel``. (#81) -- Added a user's guide. (#79) -- Made ``service_account_email`` a public property on several credential classes. (#76) -- Added a ``scope`` argument to ``google.auth.default``. (#75) -- Added support for the ``GCLOUD_PROJECT`` environment variable. (#73) +- Added Google ID token verification helpers. (`#82 <https://github.com/googleapis/google-auth-library-python/pull/82>`_) +- Swapped the ``target`` and ``request`` argument order for ``grpc.secure_authorized_channel``. (`#81 <https://github.com/googleapis/google-auth-library-python/pull/81>`_) +- Added a user's guide. (`#79 <https://github.com/googleapis/google-auth-library-python/pull/79>`_) +- Made ``service_account_email`` a public property on several credential classes. (`#76 <https://github.com/googleapis/google-auth-library-python/pull/76>`_) +- Added a ``scope`` argument to ``google.auth.default``. (`#75 <https://github.com/googleapis/google-auth-library-python/pull/75>`_) +- Added support for the ``GCLOUD_PROJECT`` environment variable. (`#73 <https://github.com/googleapis/google-auth-library-python/pull/73>`_) v0.2.0 ------ -- Added gRPC support. (#67) -- Added Requests support. (#66) -- Added ``google.auth.credentials.with_scopes_if_required`` helper. (#65) -- Added private helper for oauth2client migration. (#70) +- Added gRPC support. (`#67 <https://github.com/googleapis/google-auth-library-python/pull/67>`_) +- Added Requests support. (`#66 <https://github.com/googleapis/google-auth-library-python/pull/66>`_) +- Added ``google.auth.credentials.with_scopes_if_required`` helper. (`#65 <https://github.com/googleapis/google-auth-library-python/pull/65>`_) +- Added private helper for oauth2client migration. (`#70 <https://github.com/googleapis/google-auth-library-python/pull/70>`_) v0.1.0 ------ @@ -188,15 +245,15 @@ First release with core functionality available. This version is ready for initial usage and testing. -- Added ``google.auth.credentials``, public interfaces for Credential types. (#8) -- Added ``google.oauth2.credentials``, credentials that use OAuth 2.0 access and refresh tokens (#24) -- Added ``google.oauth2.service_account``, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (#25) -- Added ``google.auth.compute_engine``, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (#22) +- Added ``google.auth.credentials``, public interfaces for Credential types. (`#8 <https://github.com/googleapis/google-auth-library-python/pull/8>`_) +- Added ``google.oauth2.credentials``, credentials that use OAuth 2.0 access and refresh tokens (`#24 <https://github.com/googleapis/google-auth-library-python/pull/24>`_) +- Added ``google.oauth2.service_account``, credentials that use Service Account private keys to obtain OAuth 2.0 access tokens. (`#25 <https://github.com/googleapis/google-auth-library-python/pull/25>`_) +- Added ``google.auth.compute_engine``, credentials that use the Compute Engine metadata service to obtain OAuth 2.0 access tokens. (`#22 <https://github.com/googleapis/google-auth-library-python/pull/22>`_) - Added ``google.auth.jwt.Credentials``, credentials that use a JWT as a bearer token. -- Added ``google.auth.app_engine``, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (#46) -- Added ``google.auth.default()``, an implementation of Google Application Default Credentials that supports automatic Project ID detection. (#32) -- Added system tests for all credential types. (#51, #54, #56, #58, #59, #60, #61, #62) -- Added ``google.auth.transports.urllib3.AuthorizedHttp``, an HTTP client that includes authentication provided by credentials. (#19) +- Added ``google.auth.app_engine``, credentials that use the Google App Engine App Identity service to obtain OAuth 2.0 access tokens. (`#46 <https://github.com/googleapis/google-auth-library-python/pull/46>`_) +- Added ``google.auth.default()``, an implementation of Google Application Default Credentials that supports automatic Project ID detection. (`#32 <https://github.com/googleapis/google-auth-library-python/pull/32>`_) +- Added system tests for all credential types. (`#51 <https://github.com/googleapis/google-auth-library-python/pull/51>`_, `#54 <https://github.com/googleapis/google-auth-library-python/pull/54>`_, `#56 <https://github.com/googleapis/google-auth-library-python/pull/56>`_, `#58 <https://github.com/googleapis/google-auth-library-python/pull/58>`_, `#59 <https://github.com/googleapis/google-auth-library-python/pull/59>`_, `#60 <https://github.com/googleapis/google-auth-library-python/pull/60>`_, `#61 <https://github.com/googleapis/google-auth-library-python/pull/61>`_, `#62 <https://github.com/googleapis/google-auth-library-python/pull/62>`_) +- Added ``google.auth.transports.urllib3.AuthorizedHttp``, an HTTP client that includes authentication provided by credentials. (`#19 <https://github.com/googleapis/google-auth-library-python/pull/19>`_) - Documentation style and formatting updates. v0.0.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/PKG-INFO new/google-auth-1.6.3/PKG-INFO --- old/google-auth-1.5.1/PKG-INFO 2018-08-01 01:23:36.000000000 +0200 +++ new/google-auth-1.6.3/PKG-INFO 2019-02-19 22:14:17.000000000 +0100 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.2 Name: google-auth -Version: 1.5.1 +Version: 1.6.3 Summary: Google Authentication Library Home-page: https://github.com/GoogleCloudPlatform/google-auth-library-python Author: Google Cloud Platform @@ -34,6 +34,14 @@ .. _`Python Development Environment Setup Guide`: https://cloud.google.com/python/setup + Supported Python Versions + ^^^^^^^^^^^^^^^^^^^^^^^^^ + Python >= 3.4 + + Deprecated Python Versions + ^^^^^^^^^^^^^^^^^^^^^^^^^^ + Python == 2.7. Python 2.7 support will be removed on January 1, 2020. + Documentation ------------- @@ -42,7 +50,7 @@ Maintainers ----------- - - `@jonparrott <https://github.com/jonparrott>`_ (Jon Wayne Parrott) + - `@theacodes <https://github.com/theacodes>`_ (Thea Flowers) - `@dhermes <https://github.com/dhermes>`_ (Danny Hermes) - `@lukesneeringer <https://github.com/lukesneeringer>`_ (Luke Sneeringer) @@ -70,6 +78,7 @@ Classifier: Programming Language :: Python :: 3.4 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: Apache Software License @@ -78,3 +87,4 @@ Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: OS Independent Classifier: Topic :: Internet :: WWW/HTTP +Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/README.rst new/google-auth-1.6.3/README.rst --- old/google-auth-1.5.1/README.rst 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/README.rst 2019-02-15 18:21:38.000000000 +0100 @@ -26,6 +26,14 @@ .. _`Python Development Environment Setup Guide`: https://cloud.google.com/python/setup +Supported Python Versions +^^^^^^^^^^^^^^^^^^^^^^^^^ +Python >= 3.4 + +Deprecated Python Versions +^^^^^^^^^^^^^^^^^^^^^^^^^^ +Python == 2.7. Python 2.7 support will be removed on January 1, 2020. + Documentation ------------- @@ -34,7 +42,7 @@ Maintainers ----------- -- `@jonparrott <https://github.com/jonparrott>`_ (Jon Wayne Parrott) +- `@theacodes <https://github.com/theacodes>`_ (Thea Flowers) - `@dhermes <https://github.com/dhermes>`_ (Danny Hermes) - `@lukesneeringer <https://github.com/lukesneeringer>`_ (Luke Sneeringer) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/_default.py new/google-auth-1.6.3/google/auth/_default.py --- old/google-auth-1.5.1/google/auth/_default.py 2018-05-31 23:53:20.000000000 +0200 +++ new/google-auth-1.6.3/google/auth/_default.py 2019-02-15 18:21:38.000000000 +0100 @@ -41,7 +41,7 @@ Could not automatically determine credentials. Please set {env} or \ explicitly create credentials and re-run the application. For more \ information, please see \ -https://developers.google.com/accounts/docs/application-default-credentials. +https://cloud.google.com/docs/authentication/getting-started """.format(env=environment_vars.CREDENTIALS).strip() # Warning when using Cloud SDK user credentials @@ -51,7 +51,7 @@ instead. If your application continues to use end user credentials from Cloud \ SDK, you might receive a "quota exceeded" or "API not enabled" error. For \ more information about service accounts, see \ -https://cloud.google.com/docs/authentication/."""; +https://cloud.google.com/docs/authentication/"""; def _warn_about_problematic_credentials(credentials): @@ -172,7 +172,12 @@ def _get_gae_credentials(): """Gets Google App Engine App Identity credentials and project ID.""" - from google.auth import app_engine + # While this library is normally bundled with app_engine, there are + # some cases where it's not available, so we tolerate ImportError. + try: + import google.auth.app_engine as app_engine + except ImportError: + return None, None try: credentials = app_engine.Credentials() @@ -188,8 +193,14 @@ # to require no arguments. So, we'll use the _http_client transport which # uses http.client. This is only acceptable because the metadata server # doesn't do SSL and never requires proxies. - from google.auth import compute_engine - from google.auth.compute_engine import _metadata + + # While this library is normally bundled with compute_engine, there are + # some cases where it's not available, so we tolerate ImportError. + try: + from google.auth import compute_engine + from google.auth.compute_engine import _metadata + except ImportError: + return None, None if request is None: request = google.auth.transport._http_client.Request() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/_helpers.py new/google-auth-1.6.3/google/auth/_helpers.py --- old/google-auth-1.5.1/google/auth/_helpers.py 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/google/auth/_helpers.py 2019-02-15 18:21:38.000000000 +0100 @@ -215,3 +215,20 @@ b64string = to_bytes(value) padded = b64string + b'=' * (-len(b64string) % 4) return base64.urlsafe_b64decode(padded) + + +def unpadded_urlsafe_b64encode(value): + """Encodes base64 strings removing any padding characters. + + `rfc 7515`_ defines Base64url to NOT include any padding + characters, but the stdlib doesn't do that by default. + + _rfc7515: https://tools.ietf.org/html/rfc7515#page-6 + + Args: + value (Union[str|bytes]): The bytes-like value to encode + + Returns: + Union[str|bytes]: The encoded value + """ + return base64.urlsafe_b64encode(value).rstrip(b'=') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/_oauth2client.py new/google-auth-1.6.3/google/auth/_oauth2client.py --- old/google-auth-1.5.1/google/auth/_oauth2client.py 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/google/auth/_oauth2client.py 2019-02-15 18:21:38.000000000 +0100 @@ -25,6 +25,7 @@ from google.auth import _helpers import google.auth.app_engine +import google.auth.compute_engine import google.oauth2.credentials import google.oauth2.service_account @@ -37,7 +38,7 @@ ImportError('oauth2client is not installed.'), caught_exc) try: - import oauth2client.contrib.appengine + import oauth2client.contrib.appengine # pytype: disable=import-error _HAS_APPENGINE = True except ImportError: _HAS_APPENGINE = False diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/app_engine.py new/google-auth-1.6.3/google/auth/app_engine.py --- old/google-auth-1.5.1/google/auth/app_engine.py 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/google/auth/app_engine.py 2019-02-15 18:21:38.000000000 +0100 @@ -28,10 +28,12 @@ from google.auth import credentials from google.auth import crypt +# pytype: disable=import-error try: from google.appengine.api import app_identity except ImportError: app_identity = None +# pytype: enable=import-error class Signer(crypt.Signer): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/compute_engine/_metadata.py new/google-auth-1.6.3/google/auth/compute_engine/_metadata.py --- old/google-auth-1.5.1/google/auth/compute_engine/_metadata.py 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/google/auth/compute_engine/_metadata.py 2019-02-15 18:21:38.000000000 +0100 @@ -51,13 +51,15 @@ _METADATA_DEFAULT_TIMEOUT = 3 -def ping(request, timeout=_METADATA_DEFAULT_TIMEOUT): +def ping(request, timeout=_METADATA_DEFAULT_TIMEOUT, retry_count=3): """Checks to see if the metadata server is available. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. timeout (int): How long to wait for the metadata server to respond. + retry_count (int): How many times to attempt connecting to metadata + server using above timeout. Returns: bool: True if the metadata server is reachable, False otherwise. @@ -68,18 +70,23 @@ # could lead to false negatives in the event that we are on GCE, but # the metadata resolution was particularly slow. The latter case is # "unlikely". - try: - response = request( - url=_METADATA_IP_ROOT, method='GET', headers=_METADATA_HEADERS, - timeout=timeout) - - metadata_flavor = response.headers.get(_METADATA_FLAVOR_HEADER) - return (response.status == http_client.OK and - metadata_flavor == _METADATA_FLAVOR_VALUE) - - except exceptions.TransportError: - _LOGGER.info('Compute Engine Metadata server unavailable.') - return False + retries = 0 + while retries < retry_count: + try: + response = request( + url=_METADATA_IP_ROOT, method='GET', headers=_METADATA_HEADERS, + timeout=timeout) + + metadata_flavor = response.headers.get(_METADATA_FLAVOR_HEADER) + return (response.status == http_client.OK and + metadata_flavor == _METADATA_FLAVOR_VALUE) + + except exceptions.TransportError: + _LOGGER.info('Compute Engine Metadata server unavailable on' + 'attempt %s of %s', retries+1, retry_count) + retries += 1 + + return False def get(request, path, root=_METADATA_ROOT, recursive=False): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/impersonated_credentials.py new/google-auth-1.6.3/google/auth/impersonated_credentials.py --- old/google-auth-1.5.1/google/auth/impersonated_credentials.py 1970-01-01 01:00:00.000000000 +0100 +++ new/google-auth-1.6.3/google/auth/impersonated_credentials.py 2019-02-15 18:21:38.000000000 +0100 @@ -0,0 +1,231 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Google Cloud Impersonated credentials. + +This module provides authentication for applications where local credentials +impersonates a remote service account using `IAM Credentials API`_. + +This class can be used to impersonate a service account as long as the original +Credential object has the "Service Account Token Creator" role on the target +service account. + + .. _IAM Credentials API: + https://cloud.google.com/iam/credentials/reference/rest/ +""" + +import copy +from datetime import datetime +import json + +import six +from six.moves import http_client + +from google.auth import _helpers +from google.auth import credentials +from google.auth import exceptions + +_DEFAULT_TOKEN_LIFETIME_SECS = 3600 # 1 hour in seconds + +_IAM_SCOPE = ['https://www.googleapis.com/auth/iam'] + +_IAM_ENDPOINT = ('https://iamcredentials.googleapis.com/v1/projects/-' + + '/serviceAccounts/{}:generateAccessToken') + +_REFRESH_ERROR = 'Unable to acquire impersonated credentials' + + +def _make_iam_token_request(request, principal, headers, body): + """Makes a request to the Google Cloud IAM service for an access token. + Args: + request (Request): The Request object to use. + principal (str): The principal to request an access token for. + headers (Mapping[str, str]): Map of headers to transmit. + body (Mapping[str, str]): JSON Payload body for the iamcredentials + API call. + + Raises: + TransportError: Raised if there is an underlying HTTP connection + Error + DefaultCredentialsError: Raised if the impersonated credentials + are not available. Common reasons are + `iamcredentials.googleapis.com` is not enabled or the + `Service Account Token Creator` is not assigned + """ + iam_endpoint = _IAM_ENDPOINT.format(principal) + + body = json.dumps(body) + + response = request( + url=iam_endpoint, + method='POST', + headers=headers, + body=body) + + response_body = response.data.decode('utf-8') + + if response.status != http_client.OK: + exceptions.RefreshError(_REFRESH_ERROR, response_body) + + try: + token_response = json.loads(response.data.decode('utf-8')) + token = token_response['accessToken'] + expiry = datetime.strptime( + token_response['expireTime'], '%Y-%m-%dT%H:%M:%SZ') + + return token, expiry + + except (KeyError, ValueError) as caught_exc: + new_exc = exceptions.RefreshError( + '{}: No access token or invalid expiration in response.'.format( + _REFRESH_ERROR), + response_body) + six.raise_from(new_exc, caught_exc) + + +class Credentials(credentials.Credentials): + """This module defines impersonated credentials which are essentially + impersonated identities. + + Impersonated Credentials allows credentials issued to a user or + service account to impersonate another. The target service account must + grant the originating credential principal the + `Service Account Token Creator`_ IAM role: + + For more information about Token Creator IAM role and + IAMCredentials API, see + `Creating Short-Lived Service Account Credentials`_. + + .. _Service Account Token Creator: + https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role + + .. _Creating Short-Lived Service Account Credentials: + https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials + + Usage: + + First grant source_credentials the `Service Account Token Creator` + role on the target account to impersonate. In this example, the + service account represented by svc_account.json has the + token creator role on + `impersonated-account@_project_.iam.gserviceaccount.com`. + + Enable the IAMCredentials API on the source project: + `gcloud services enable iamcredentials.googleapis.com`. + + Initialize a source credential which does not have access to + list bucket:: + + from google.oauth2 import service_acccount + + target_scopes = [ + 'https://www.googleapis.com/auth/devstorage.read_only'] + + source_credentials = ( + service_account.Credentials.from_service_account_file( + '/path/to/svc_account.json', + scopes=target_scopes)) + + Now use the source credentials to acquire credentials to impersonate + another service account:: + + from google.auth import impersonated_credentials + + target_credentials = impersonated_credentials.Credentials( + source_credentials=source_credentials, + target_principal='impersonated-account@_project_.iam.gserviceaccount.com', + target_scopes = target_scopes, + lifetime=500) + + Resource access is granted:: + + client = storage.Client(credentials=target_credentials) + buckets = client.list_buckets(project='your_project') + for bucket in buckets: + print bucket.name + """ + + def __init__(self, source_credentials, target_principal, + target_scopes, delegates=None, + lifetime=_DEFAULT_TOKEN_LIFETIME_SECS): + """ + Args: + source_credentials (google.auth.Credentials): The source credential + used as to acquire the impersonated credentials. + target_principal (str): The service account to impersonate. + target_scopes (Sequence[str]): Scopes to request during the + authorization grant. + delegates (Sequence[str]): The chained list of delegates required + to grant the final access_token. If set, the sequence of + identities must have "Service Account Token Creator" capability + granted to the prceeding identity. For example, if set to + [serviceAccountB, serviceAccountC], the source_credential + must have the Token Creator role on serviceAccountB. + serviceAccountB must have the Token Creator on serviceAccountC. + Finally, C must have Token Creator on target_principal. + If left unset, source_credential must have that role on + target_principal. + lifetime (int): Number of seconds the delegated credential should + be valid for (upto 3600). + """ + + super(Credentials, self).__init__() + + self._source_credentials = copy.copy(source_credentials) + self._source_credentials._scopes = _IAM_SCOPE + self._target_principal = target_principal + self._target_scopes = target_scopes + self._delegates = delegates + self._lifetime = lifetime + self.token = None + self.expiry = _helpers.utcnow() + + @_helpers.copy_docstring(credentials.Credentials) + def refresh(self, request): + self._update_token(request) + + @property + def expired(self): + return _helpers.utcnow() >= self.expiry + + def _update_token(self, request): + """Updates credentials with a new access_token representing + the impersonated account. + + Args: + request (google.auth.transport.requests.Request): Request object + to use for refreshing credentials. + """ + + # Refresh our source credentials. + self._source_credentials.refresh(request) + + body = { + "delegates": self._delegates, + "scope": self._target_scopes, + "lifetime": str(self._lifetime) + "s" + } + + headers = { + 'Content-Type': 'application/json', + } + + # Apply the source credentials authentication info. + self._source_credentials.apply(headers) + + self.token, self.expiry = _make_iam_token_request( + request=request, + principal=self._target_principal, + headers=headers, + body=body) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/jwt.py new/google-auth-1.6.3/google/auth/jwt.py --- old/google-auth-1.5.1/google/auth/jwt.py 2018-05-24 22:00:37.000000000 +0200 +++ new/google-auth-1.6.3/google/auth/jwt.py 2019-02-15 18:21:38.000000000 +0100 @@ -40,7 +40,6 @@ """ -import base64 import collections import copy import datetime @@ -86,13 +85,19 @@ header['kid'] = key_id segments = [ - base64.urlsafe_b64encode(json.dumps(header).encode('utf-8')), - base64.urlsafe_b64encode(json.dumps(payload).encode('utf-8')), + _helpers.unpadded_urlsafe_b64encode( + json.dumps(header).encode('utf-8') + ), + _helpers.unpadded_urlsafe_b64encode( + json.dumps(payload).encode('utf-8') + ), ] signing_input = b'.'.join(segments) signature = signer.sign(signing_input) - segments.append(base64.urlsafe_b64encode(signature)) + segments.append( + _helpers.unpadded_urlsafe_b64encode(signature) + ) return b'.'.join(segments) @@ -738,7 +743,7 @@ parts = urllib.parse.urlsplit(url) # Strip query string and fragment audience = urllib.parse.urlunsplit( - (parts.scheme, parts.netloc, parts.path, None, None)) + (parts.scheme, parts.netloc, parts.path, "", "")) token = self._get_jwt_for_audience(audience) self.apply(headers, token=token) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google/auth/transport/requests.py new/google-auth-1.6.3/google/auth/transport/requests.py --- old/google-auth-1.5.1/google/auth/transport/requests.py 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/google/auth/transport/requests.py 2019-02-15 18:21:38.000000000 +0100 @@ -150,33 +150,40 @@ refresh the credentials and retry the request. refresh_timeout (Optional[int]): The timeout value in seconds for credential refresh HTTP requests. - kwargs: Additional arguments passed to the :class:`requests.Session` - constructor. + auth_request (google.auth.transport.requests.Request): + (Optional) An instance of + :class:`~google.auth.transport.requests.Request` used when + refreshing credentials. If not passed, + an instance of :class:`~google.auth.transport.requests.Request` + is created. """ def __init__(self, credentials, refresh_status_codes=transport.DEFAULT_REFRESH_STATUS_CODES, max_refresh_attempts=transport.DEFAULT_MAX_REFRESH_ATTEMPTS, refresh_timeout=None, - **kwargs): - super(AuthorizedSession, self).__init__(**kwargs) + auth_request=None): + super(AuthorizedSession, self).__init__() self.credentials = credentials self._refresh_status_codes = refresh_status_codes self._max_refresh_attempts = max_refresh_attempts self._refresh_timeout = refresh_timeout - auth_request_session = requests.Session() + if auth_request is None: + auth_request_session = requests.Session() - # Using an adapter to make HTTP requests robust to network errors. - # This adapter retrys HTTP requests when network errors occur - # and the requests seems safely retryable. - retry_adapter = requests.adapters.HTTPAdapter(max_retries=3) - auth_request_session.mount("https://";, retry_adapter) + # Using an adapter to make HTTP requests robust to network errors. + # This adapter retrys HTTP requests when network errors occur + # and the requests seems safely retryable. + retry_adapter = requests.adapters.HTTPAdapter(max_retries=3) + auth_request_session.mount("https://";, retry_adapter) + + # Do not pass `self` as the session here, as it can lead to + # infinite recursion. + auth_request = Request(auth_request_session) # Request instance used by internal methods (for example, # credentials.refresh). - # Do not pass `self` as the session here, as it can lead to infinite - # recursion. - self._auth_request = Request(auth_request_session) + self._auth_request = auth_request def request(self, method, url, data=None, headers=None, **kwargs): """Implementation of Requests' request.""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google_auth.egg-info/PKG-INFO new/google-auth-1.6.3/google_auth.egg-info/PKG-INFO --- old/google-auth-1.5.1/google_auth.egg-info/PKG-INFO 2018-08-01 01:23:36.000000000 +0200 +++ new/google-auth-1.6.3/google_auth.egg-info/PKG-INFO 2019-02-19 22:14:17.000000000 +0100 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.2 Name: google-auth -Version: 1.5.1 +Version: 1.6.3 Summary: Google Authentication Library Home-page: https://github.com/GoogleCloudPlatform/google-auth-library-python Author: Google Cloud Platform @@ -34,6 +34,14 @@ .. _`Python Development Environment Setup Guide`: https://cloud.google.com/python/setup + Supported Python Versions + ^^^^^^^^^^^^^^^^^^^^^^^^^ + Python >= 3.4 + + Deprecated Python Versions + ^^^^^^^^^^^^^^^^^^^^^^^^^^ + Python == 2.7. Python 2.7 support will be removed on January 1, 2020. + Documentation ------------- @@ -42,7 +50,7 @@ Maintainers ----------- - - `@jonparrott <https://github.com/jonparrott>`_ (Jon Wayne Parrott) + - `@theacodes <https://github.com/theacodes>`_ (Thea Flowers) - `@dhermes <https://github.com/dhermes>`_ (Danny Hermes) - `@lukesneeringer <https://github.com/lukesneeringer>`_ (Luke Sneeringer) @@ -70,6 +78,7 @@ Classifier: Programming Language :: Python :: 3.4 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: Apache Software License @@ -78,3 +87,4 @@ Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: OS Independent Classifier: Topic :: Internet :: WWW/HTTP +Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/google_auth.egg-info/SOURCES.txt new/google-auth-1.6.3/google_auth.egg-info/SOURCES.txt --- old/google-auth-1.5.1/google_auth.egg-info/SOURCES.txt 2018-08-01 01:23:36.000000000 +0200 +++ new/google-auth-1.6.3/google_auth.egg-info/SOURCES.txt 2019-02-19 22:14:17.000000000 +0100 @@ -16,6 +16,7 @@ google/auth/environment_vars.py google/auth/exceptions.py google/auth/iam.py +google/auth/impersonated_credentials.py google/auth/jwt.py google/auth/compute_engine/__init__.py google/auth/compute_engine/_metadata.py @@ -52,6 +53,7 @@ tests/test_app_engine.py tests/test_credentials.py tests/test_iam.py +tests/test_impersonated_credentials.py tests/test_jwt.py tests/compute_engine/__init__.py tests/compute_engine/test__metadata.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/setup.cfg new/google-auth-1.6.3/setup.cfg --- old/google-auth-1.5.1/setup.cfg 2018-08-01 01:23:36.000000000 +0200 +++ new/google-auth-1.6.3/setup.cfg 2019-02-19 22:14:17.000000000 +0100 @@ -1,6 +1,14 @@ [bdist_wheel] universal = 1 +[pytype] +inputs = . +exclude = tests system_tests +output = pytype_output +python_version = 3.6 +pythonpath = . +disable = pyi-error + [egg_info] tag_build = tag_date = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/setup.py new/google-auth-1.6.3/setup.py --- old/google-auth-1.5.1/setup.py 2018-08-01 01:16:19.000000000 +0200 +++ new/google-auth-1.6.3/setup.py 2019-02-19 22:13:34.000000000 +0100 @@ -31,7 +31,7 @@ setup( name='google-auth', - version='1.5.1', + version='1.6.3', author='Google Cloud Platform', author_email='[email protected]', description='Google Authentication Library', @@ -40,15 +40,17 @@ packages=find_packages(exclude=('tests*', 'system_tests*')), namespace_packages=('google',), install_requires=DEPENDENCIES, + python_requires='>=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*', license='Apache 2.0', keywords='google auth oauth client', - classifiers=( + classifiers=[ 'Programming Language :: Python :: 2', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', 'Programming Language :: Python :: 3.4', 'Programming Language :: Python :: 3.5', 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', 'License :: OSI Approved :: Apache Software License', @@ -57,5 +59,5 @@ 'Operating System :: MacOS :: MacOS X', 'Operating System :: OS Independent', 'Topic :: Internet :: WWW/HTTP', - ), + ], ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/tests/test__default.py new/google-auth-1.6.3/tests/test__default.py --- old/google-auth-1.5.1/tests/test__default.py 2018-05-31 23:53:20.000000000 +0200 +++ new/google-auth-1.6.3/tests/test__default.py 2019-02-15 18:21:38.000000000 +0100 @@ -235,6 +235,15 @@ assert project_id == mock.sentinel.project +def test__get_gae_credentials_no_app_engine(): + import sys + with mock.patch.dict('sys.modules'): + sys.modules['google.auth.app_engine'] = None + credentials, project_id = _default._get_gae_credentials() + assert credentials is None + assert project_id is None + + def test__get_gae_credentials_no_apis(): assert _default._get_gae_credentials() == (None, None) @@ -275,6 +284,15 @@ assert project_id is None +def test__get_gce_credentials_no_compute_engine(): + import sys + with mock.patch.dict('sys.modules'): + sys.modules['google.auth.compute_engine'] = None + credentials, project_id = _default._get_gce_credentials() + assert credentials is None + assert project_id is None + + @mock.patch( 'google.auth.compute_engine._metadata.ping', return_value=False, autospec=True) @@ -366,3 +384,21 @@ assert project_id == mock.sentinel.project_id with_scopes.assert_called_once_with( mock.sentinel.credentials, scopes) + + [email protected]( + 'google.auth._default._get_explicit_environ_credentials', + return_value=(mock.sentinel.credentials, mock.sentinel.project_id), + autospec=True) +def test_default_no_app_engine_compute_engine_module(unused_get): + """ + google.auth.compute_engine and google.auth.app_engine are both optional + to allow not including them when using this package. This verifies + that default fails gracefully if these modules are absent + """ + import sys + with mock.patch.dict('sys.modules'): + sys.modules['google.auth.compute_engine'] = None + sys.modules['google.auth.app_engine'] = None + assert _default.default() == ( + mock.sentinel.credentials, mock.sentinel.project_id) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/tests/test__helpers.py new/google-auth-1.6.3/tests/test__helpers.py --- old/google-auth-1.5.1/tests/test__helpers.py 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/tests/test__helpers.py 2019-02-15 18:21:38.000000000 +0100 @@ -167,3 +167,15 @@ for case, expected in cases: assert _helpers.padded_urlsafe_b64decode(case) == expected + + +def test_unpadded_urlsafe_b64encode(): + cases = [ + (b'', b''), + (b'a', b'YQ'), + (b'aa', b'YWE'), + (b'aaa', b'YWFh'), + ] + + for case, expected in cases: + assert _helpers.unpadded_urlsafe_b64encode(case) == expected diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/tests/test_impersonated_credentials.py new/google-auth-1.6.3/tests/test_impersonated_credentials.py --- old/google-auth-1.5.1/tests/test_impersonated_credentials.py 1970-01-01 01:00:00.000000000 +0100 +++ new/google-auth-1.6.3/tests/test_impersonated_credentials.py 2019-02-15 18:21:38.000000000 +0100 @@ -0,0 +1,178 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import datetime +import json +import os + +import mock +import pytest +from six.moves import http_client + +from google.auth import _helpers +from google.auth import crypt +from google.auth import exceptions +from google.auth import impersonated_credentials +from google.auth import transport +from google.auth.impersonated_credentials import Credentials +from google.oauth2 import service_account + +DATA_DIR = os.path.join(os.path.dirname(__file__), '', 'data') + +with open(os.path.join(DATA_DIR, 'privatekey.pem'), 'rb') as fh: + PRIVATE_KEY_BYTES = fh.read() + +SERVICE_ACCOUNT_JSON_FILE = os.path.join(DATA_DIR, 'service_account.json') + +with open(SERVICE_ACCOUNT_JSON_FILE, 'r') as fh: + SERVICE_ACCOUNT_INFO = json.load(fh) + +SIGNER = crypt.RSASigner.from_string(PRIVATE_KEY_BYTES, '1') +TOKEN_URI = 'https://example.com/oauth2/token' + + [email protected] +def mock_donor_credentials(): + with mock.patch('google.oauth2._client.jwt_grant', autospec=True) as grant: + grant.return_value = ( + "source token", + _helpers.utcnow() + datetime.timedelta(seconds=500), + {}) + yield grant + + +class TestImpersonatedCredentials(object): + + SERVICE_ACCOUNT_EMAIL = '[email protected]' + TARGET_PRINCIPAL = '[email protected]' + TARGET_SCOPES = ['https://www.googleapis.com/auth/devstorage.read_only'] + DELEGATES = [] + LIFETIME = 3600 + SOURCE_CREDENTIALS = service_account.Credentials( + SIGNER, SERVICE_ACCOUNT_EMAIL, TOKEN_URI) + + def make_credentials(self, lifetime=LIFETIME): + return Credentials( + source_credentials=self.SOURCE_CREDENTIALS, + target_principal=self.TARGET_PRINCIPAL, + target_scopes=self.TARGET_SCOPES, + delegates=self.DELEGATES, + lifetime=lifetime) + + def test_default_state(self): + credentials = self.make_credentials() + assert not credentials.valid + assert credentials.expired + + def make_request(self, data, status=http_client.OK, + headers=None, side_effect=None): + response = mock.create_autospec(transport.Response, instance=False) + response.status = status + response.data = _helpers.to_bytes(data) + response.headers = headers or {} + + request = mock.create_autospec(transport.Request, instance=False) + request.side_effect = side_effect + request.return_value = response + + return request + + def test_refresh_success(self, mock_donor_credentials): + credentials = self.make_credentials(lifetime=None) + token = 'token' + + expire_time = ( + _helpers.utcnow().replace(microsecond=0) + + datetime.timedelta(seconds=500)).isoformat('T') + 'Z' + response_body = { + "accessToken": token, + "expireTime": expire_time + } + + request = self.make_request( + data=json.dumps(response_body), + status=http_client.OK) + + credentials.refresh(request) + + assert credentials.valid + assert not credentials.expired + + def test_refresh_failure_malformed_expire_time( + self, mock_donor_credentials): + credentials = self.make_credentials(lifetime=None) + token = 'token' + + expire_time = ( + _helpers.utcnow() + datetime.timedelta(seconds=500)).isoformat('T') + response_body = { + "accessToken": token, + "expireTime": expire_time + } + + request = self.make_request( + data=json.dumps(response_body), + status=http_client.OK) + + with pytest.raises(exceptions.RefreshError) as excinfo: + credentials.refresh(request) + + assert excinfo.match(impersonated_credentials._REFRESH_ERROR) + + assert not credentials.valid + assert credentials.expired + + def test_refresh_failure_unauthorzed(self, mock_donor_credentials): + credentials = self.make_credentials(lifetime=None) + + response_body = { + "error": { + "code": 403, + "message": "The caller does not have permission", + "status": "PERMISSION_DENIED" + } + } + + request = self.make_request( + data=json.dumps(response_body), + status=http_client.UNAUTHORIZED) + + with pytest.raises(exceptions.RefreshError) as excinfo: + credentials.refresh(request) + + assert excinfo.match(impersonated_credentials._REFRESH_ERROR) + + assert not credentials.valid + assert credentials.expired + + def test_refresh_failure_http_error(self, mock_donor_credentials): + credentials = self.make_credentials(lifetime=None) + + response_body = {} + + request = self.make_request( + data=json.dumps(response_body), + status=http_client.HTTPException) + + with pytest.raises(exceptions.RefreshError) as excinfo: + credentials.refresh(request) + + assert excinfo.match(impersonated_credentials._REFRESH_ERROR) + + assert not credentials.valid + assert credentials.expired + + def test_expired(self): + credentials = self.make_credentials(lifetime=None) + assert credentials.expired diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/google-auth-1.5.1/tests/transport/test_requests.py new/google-auth-1.6.3/tests/transport/test_requests.py --- old/google-auth-1.5.1/tests/transport/test_requests.py 2018-05-16 20:01:59.000000000 +0200 +++ new/google-auth-1.6.3/tests/transport/test_requests.py 2019-02-15 18:21:38.000000000 +0100 @@ -85,6 +85,15 @@ assert authed_session.credentials == mock.sentinel.credentials + def test_constructor_with_auth_request(self): + http = mock.create_autospec(requests.Session) + auth_request = google.auth.transport.requests.Request(http) + + authed_session = google.auth.transport.requests.AuthorizedSession( + mock.sentinel.credentials, auth_request=auth_request) + + assert authed_session._auth_request == auth_request + def test_request_no_refresh(self): credentials = mock.Mock(wraps=CredentialsStub()) response = make_response()
