aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrobot-piglet <robot-piglet@yandex-team.com>2024-09-02 09:40:52 +0300
committerrobot-piglet <robot-piglet@yandex-team.com>2024-09-02 10:04:56 +0300
commitf729a6b7b76181ee857bdb632d3a4661df9ade9e (patch)
tree4159fcb596ab12fdd22af0877daa64e4e3165f6f
parent304aad010ddfd197e3a405af4a01eb8b89491b56 (diff)
downloadydb-f729a6b7b76181ee857bdb632d3a4661df9ade9e.tar.gz
Intermediate changes
-rw-r--r--contrib/python/google-auth/py3/.dist-info/METADATA6
-rw-r--r--contrib/python/google-auth/py3/google/auth/compute_engine/_metadata.py13
-rw-r--r--contrib/python/google-auth/py3/google/auth/transport/_mtls_helper.py40
-rw-r--r--contrib/python/google-auth/py3/google/auth/transport/grpc.py2
-rw-r--r--contrib/python/google-auth/py3/google/auth/transport/mtls.py17
-rw-r--r--contrib/python/google-auth/py3/google/auth/version.py2
-rw-r--r--contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py68
-rw-r--r--contrib/python/google-auth/py3/tests/transport/test__mtls_helper.py97
-rw-r--r--contrib/python/google-auth/py3/tests/transport/test_grpc.py34
-rw-r--r--contrib/python/google-auth/py3/tests/transport/test_mtls.py25
-rw-r--r--contrib/python/google-auth/py3/ya.make2
11 files changed, 230 insertions, 76 deletions
diff --git a/contrib/python/google-auth/py3/.dist-info/METADATA b/contrib/python/google-auth/py3/.dist-info/METADATA
index cdbc683396..26b8a4974a 100644
--- a/contrib/python/google-auth/py3/.dist-info/METADATA
+++ b/contrib/python/google-auth/py3/.dist-info/METADATA
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: google-auth
-Version: 2.33.0
+Version: 2.34.0
Summary: Google Authentication Library
Home-page: https://github.com/googleapis/google-auth-library-python
Author: Google Cloud Platform
@@ -31,8 +31,8 @@ Provides-Extra: aiohttp
Requires-Dist: aiohttp <4.0.0.dev0,>=3.6.2 ; extra == 'aiohttp'
Requires-Dist: requests <3.0.0.dev0,>=2.20.0 ; extra == 'aiohttp'
Provides-Extra: enterprise_cert
-Requires-Dist: cryptography ==36.0.2 ; extra == 'enterprise_cert'
-Requires-Dist: pyopenssl ==22.0.0 ; extra == 'enterprise_cert'
+Requires-Dist: cryptography ; extra == 'enterprise_cert'
+Requires-Dist: pyopenssl ; extra == 'enterprise_cert'
Provides-Extra: pyopenssl
Requires-Dist: pyopenssl >=20.0.0 ; extra == 'pyopenssl'
Requires-Dist: cryptography >=38.0.3 ; extra == 'pyopenssl'
diff --git a/contrib/python/google-auth/py3/google/auth/compute_engine/_metadata.py b/contrib/python/google-auth/py3/google/auth/compute_engine/_metadata.py
index 69b7b52458..b66d9f9b37 100644
--- a/contrib/python/google-auth/py3/google/auth/compute_engine/_metadata.py
+++ b/contrib/python/google-auth/py3/google/auth/compute_engine/_metadata.py
@@ -28,6 +28,7 @@ from google.auth import _helpers
from google.auth import environment_vars
from google.auth import exceptions
from google.auth import metrics
+from google.auth import transport
from google.auth._exponential_backoff import ExponentialBackoff
_LOGGER = logging.getLogger(__name__)
@@ -204,7 +205,17 @@ def get(
for attempt in backoff:
try:
response = request(url=url, method="GET", headers=headers_to_use)
- break
+ if response.status in transport.DEFAULT_RETRYABLE_STATUS_CODES:
+ _LOGGER.warning(
+ "Compute Engine Metadata server unavailable on "
+ "attempt %s of %s. Response status: %s",
+ attempt,
+ retry_count,
+ response.status,
+ )
+ continue
+ else:
+ break
except exceptions.TransportError as e:
_LOGGER.warning(
diff --git a/contrib/python/google-auth/py3/google/auth/transport/_mtls_helper.py b/contrib/python/google-auth/py3/google/auth/transport/_mtls_helper.py
index 6299e2bdea..68568dd603 100644
--- a/contrib/python/google-auth/py3/google/auth/transport/_mtls_helper.py
+++ b/contrib/python/google-auth/py3/google/auth/transport/_mtls_helper.py
@@ -23,7 +23,7 @@ import subprocess
from google.auth import exceptions
CONTEXT_AWARE_METADATA_PATH = "~/.secureConnect/context_aware_metadata.json"
-_CERTIFICATE_CONFIGURATION_DEFAULT_PATH = "~/.config/gcloud/certificate_config.json"
+CERTIFICATE_CONFIGURATION_DEFAULT_PATH = "~/.config/gcloud/certificate_config.json"
_CERTIFICATE_CONFIGURATION_ENV = "GOOGLE_API_CERTIFICATE_CONFIG"
_CERT_PROVIDER_COMMAND = "cert_provider_command"
_CERT_REGEX = re.compile(
@@ -48,21 +48,21 @@ _PASSPHRASE_REGEX = re.compile(
)
-def _check_dca_metadata_path(metadata_path):
- """Checks for context aware metadata. If it exists, returns the absolute path;
+def _check_config_path(config_path):
+ """Checks for config file path. If it exists, returns the absolute path with user expansion;
otherwise returns None.
Args:
- metadata_path (str): context aware metadata path.
+ config_path (str): The config file path for either context_aware_metadata.json or certificate_config.json for example
Returns:
str: absolute path if exists and None otherwise.
"""
- metadata_path = path.expanduser(metadata_path)
- if not path.exists(metadata_path):
- _LOGGER.debug("%s is not found, skip client SSL authentication.", metadata_path)
+ config_path = path.expanduser(config_path)
+ if not path.exists(config_path):
+ _LOGGER.debug("%s is not found.", config_path)
return None
- return metadata_path
+ return config_path
def _load_json_file(path):
@@ -136,7 +136,7 @@ def _get_cert_config_path(certificate_config_path=None):
if env_path is not None and env_path != "":
certificate_config_path = env_path
else:
- certificate_config_path = _CERTIFICATE_CONFIGURATION_DEFAULT_PATH
+ certificate_config_path = CERTIFICATE_CONFIGURATION_DEFAULT_PATH
certificate_config_path = path.expanduser(certificate_config_path)
if not path.exists(certificate_config_path):
@@ -279,14 +279,22 @@ def _run_cert_provider_command(command, expect_encrypted_key=False):
def get_client_ssl_credentials(
generate_encrypted_key=False,
context_aware_metadata_path=CONTEXT_AWARE_METADATA_PATH,
+ certificate_config_path=CERTIFICATE_CONFIGURATION_DEFAULT_PATH,
):
"""Returns the client side certificate, private key and passphrase.
+ We look for certificates and keys with the following order of priority:
+ 1. Certificate and key specified by certificate_config.json.
+ Currently, only X.509 workload certificates are supported.
+ 2. Certificate and key specified by context aware metadata (i.e. SecureConnect).
+
Args:
generate_encrypted_key (bool): If set to True, encrypted private key
and passphrase will be generated; otherwise, unencrypted private key
- will be generated and passphrase will be None.
+ will be generated and passphrase will be None. This option only
+ affects keys obtained via context_aware_metadata.json.
context_aware_metadata_path (str): The context_aware_metadata.json file path.
+ certificate_config_path (str): The certificate_config.json file path.
Returns:
Tuple[bool, bytes, bytes, bytes]:
@@ -297,7 +305,17 @@ def get_client_ssl_credentials(
google.auth.exceptions.ClientCertError: if problems occurs when getting
the cert, key and passphrase.
"""
- metadata_path = _check_dca_metadata_path(context_aware_metadata_path)
+
+ # 1. Check for certificate config json.
+ cert_config_path = _check_config_path(certificate_config_path)
+ if cert_config_path:
+ # Attempt to retrieve X.509 Workload cert and key.
+ cert, key = _get_workload_cert_and_key(cert_config_path)
+ if cert and key:
+ return True, cert, key, None
+
+ # 2. Check for context aware metadata json
+ metadata_path = _check_config_path(context_aware_metadata_path)
if metadata_path:
metadata_json = _load_json_file(metadata_path)
diff --git a/contrib/python/google-auth/py3/google/auth/transport/grpc.py b/contrib/python/google-auth/py3/google/auth/transport/grpc.py
index 9a817976d7..1ebe137957 100644
--- a/contrib/python/google-auth/py3/google/auth/transport/grpc.py
+++ b/contrib/python/google-auth/py3/google/auth/transport/grpc.py
@@ -302,7 +302,7 @@ class SslCredentials:
self._is_mtls = False
else:
# Load client SSL credentials.
- metadata_path = _mtls_helper._check_dca_metadata_path(
+ metadata_path = _mtls_helper._check_config_path(
_mtls_helper.CONTEXT_AWARE_METADATA_PATH
)
self._is_mtls = metadata_path is not None
diff --git a/contrib/python/google-auth/py3/google/auth/transport/mtls.py b/contrib/python/google-auth/py3/google/auth/transport/mtls.py
index c5707617ff..e7a7304f60 100644
--- a/contrib/python/google-auth/py3/google/auth/transport/mtls.py
+++ b/contrib/python/google-auth/py3/google/auth/transport/mtls.py
@@ -24,10 +24,19 @@ def has_default_client_cert_source():
Returns:
bool: indicating if the default client cert source exists.
"""
- metadata_path = _mtls_helper._check_dca_metadata_path(
- _mtls_helper.CONTEXT_AWARE_METADATA_PATH
- )
- return metadata_path is not None
+ if (
+ _mtls_helper._check_config_path(_mtls_helper.CONTEXT_AWARE_METADATA_PATH)
+ is not None
+ ):
+ return True
+ if (
+ _mtls_helper._check_config_path(
+ _mtls_helper.CERTIFICATE_CONFIGURATION_DEFAULT_PATH
+ )
+ is not None
+ ):
+ return True
+ return False
def default_client_cert_source():
diff --git a/contrib/python/google-auth/py3/google/auth/version.py b/contrib/python/google-auth/py3/google/auth/version.py
index c41f877658..297e18a45f 100644
--- a/contrib/python/google-auth/py3/google/auth/version.py
+++ b/contrib/python/google-auth/py3/google/auth/version.py
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-__version__ = "2.33.0"
+__version__ = "2.34.0"
diff --git a/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py b/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py
index 352342f150..a06dc4fa19 100644
--- a/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py
+++ b/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py
@@ -433,6 +433,74 @@ def test_get_universe_domain_not_found():
assert universe_domain == "googleapis.com"
+def test_get_universe_domain_retryable_error_failure():
+ # Test that if the universe domain endpoint returns a retryable error
+ # we should retry.
+ #
+ # In this case, the error persists, and we still fail after retrying.
+ request = make_request("too many requests", status=http_client.TOO_MANY_REQUESTS)
+
+ with pytest.raises(exceptions.TransportError) as excinfo:
+ _metadata.get_universe_domain(request)
+
+ assert excinfo.match(r"Compute Engine Metadata server unavailable")
+
+ request.assert_called_with(
+ method="GET",
+ url=_metadata._METADATA_ROOT + "universe/universe_domain",
+ headers=_metadata._METADATA_HEADERS,
+ )
+ assert request.call_count == 5
+
+
+def test_get_universe_domain_retryable_error_success():
+ # Test that if the universe domain endpoint returns a retryable error
+ # we should retry.
+ #
+ # In this case, the error is temporary, and we succeed after retrying.
+ request_error = make_request(
+ "too many requests", status=http_client.TOO_MANY_REQUESTS
+ )
+ request_ok = make_request(
+ "fake_universe_domain", headers={"content-type": "text/plain"}
+ )
+
+ class _RequestErrorOnce:
+ """This class forwards the request parameters to `request_error` once.
+
+ All subsequent calls are forwarded to `request_ok`.
+ """
+
+ def __init__(self, request_error, request_ok):
+ self._request_error = request_error
+ self._request_ok = request_ok
+ self._call_index = 0
+
+ def request(self, *args, **kwargs):
+ if self._call_index == 0:
+ self._call_index += 1
+ return self._request_error(*args, **kwargs)
+
+ return self._request_ok(*args, **kwargs)
+
+ request = _RequestErrorOnce(request_error, request_ok).request
+
+ universe_domain = _metadata.get_universe_domain(request)
+
+ request_error.assert_called_once_with(
+ method="GET",
+ url=_metadata._METADATA_ROOT + "universe/universe_domain",
+ headers=_metadata._METADATA_HEADERS,
+ )
+ request_ok.assert_called_once_with(
+ method="GET",
+ url=_metadata._METADATA_ROOT + "universe/universe_domain",
+ headers=_metadata._METADATA_HEADERS,
+ )
+
+ assert universe_domain == "fake_universe_domain"
+
+
def test_get_universe_domain_other_error():
# Test that if the universe domain endpoint returns an error other than 404
# we should throw the error
diff --git a/contrib/python/google-auth/py3/tests/transport/test__mtls_helper.py b/contrib/python/google-auth/py3/tests/transport/test__mtls_helper.py
index b195616dd5..f6e20b726a 100644
--- a/contrib/python/google-auth/py3/tests/transport/test__mtls_helper.py
+++ b/contrib/python/google-auth/py3/tests/transport/test__mtls_helper.py
@@ -111,15 +111,15 @@ class TestCertAndKeyRegex(object):
)
-class TestCheckaMetadataPath(object):
+class TestCheckConfigPath(object):
def test_success(self):
metadata_path = os.path.join(pytest.data_dir, "context_aware_metadata.json")
- returned_path = _mtls_helper._check_dca_metadata_path(metadata_path)
+ returned_path = _mtls_helper._check_config_path(metadata_path)
assert returned_path is not None
def test_failure(self):
metadata_path = os.path.join(pytest.data_dir, "not_exists.json")
- returned_path = _mtls_helper._check_dca_metadata_path(metadata_path)
+ returned_path = _mtls_helper._check_config_path(metadata_path)
assert returned_path is None
@@ -275,21 +275,24 @@ class TestRunCertProviderCommand(object):
class TestGetClientSslCredentials(object):
@mock.patch(
- "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True
+ "google.auth.transport._mtls_helper._get_workload_cert_and_key", autospec=True
)
- @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
@mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
+ "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True
)
- def test_success(
+ @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
+ def test_success_with_context_aware_metadata(
self,
- mock_check_dca_metadata_path,
+ mock_check_config_path,
mock_load_json_file,
mock_run_cert_provider_command,
+ mock_get_workload_cert_and_key,
):
- mock_check_dca_metadata_path.return_value = True
+ mock_check_config_path.return_value = "/path/to/config"
mock_load_json_file.return_value = {"cert_provider_command": ["command"]}
mock_run_cert_provider_command.return_value = (b"cert", b"key", None)
+ mock_get_workload_cert_and_key.return_value = (None, None)
has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials()
assert has_cert
assert cert == b"cert"
@@ -297,10 +300,42 @@ class TestGetClientSslCredentials(object):
assert passphrase is None
@mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
+ "google.auth.transport._mtls_helper._read_cert_and_key_files", autospec=True
)
- def test_success_without_metadata(self, mock_check_dca_metadata_path):
- mock_check_dca_metadata_path.return_value = False
+ @mock.patch(
+ "google.auth.transport._mtls_helper._get_cert_config_path", autospec=True
+ )
+ @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
+ def test_success_with_certificate_config(
+ self,
+ mock_check_config_path,
+ mock_load_json_file,
+ mock_get_cert_config_path,
+ mock_read_cert_and_key_files,
+ ):
+ cert_config_path = "/path/to/config"
+ mock_check_config_path.return_value = cert_config_path
+ mock_load_json_file.return_value = {
+ "cert_configs": {
+ "workload": {"cert_path": "cert/path", "key_path": "key/path"}
+ }
+ }
+ mock_get_cert_config_path.return_value = cert_config_path
+ mock_read_cert_and_key_files.return_value = (
+ pytest.public_cert_bytes,
+ pytest.private_key_bytes,
+ )
+
+ has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials()
+ assert has_cert
+ assert cert == pytest.public_cert_bytes
+ assert key == pytest.private_key_bytes
+ assert passphrase is None
+
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
+ def test_success_without_metadata(self, mock_check_config_path):
+ mock_check_config_path.return_value = False
has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials()
assert not has_cert
assert cert is None
@@ -308,21 +343,24 @@ class TestGetClientSslCredentials(object):
assert passphrase is None
@mock.patch(
- "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True
+ "google.auth.transport._mtls_helper._get_workload_cert_and_key", autospec=True
)
- @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
@mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
+ "google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True
)
+ @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
def test_success_with_encrypted_key(
self,
- mock_check_dca_metadata_path,
+ mock_check_config_path,
mock_load_json_file,
mock_run_cert_provider_command,
+ mock_get_workload_cert_and_key,
):
- mock_check_dca_metadata_path.return_value = True
+ mock_check_config_path.return_value = "/path/to/config"
mock_load_json_file.return_value = {"cert_provider_command": ["command"]}
mock_run_cert_provider_command.return_value = (b"cert", b"key", b"passphrase")
+ mock_get_workload_cert_and_key.return_value = (None, None)
has_cert, cert, key, passphrase = _mtls_helper.get_client_ssl_credentials(
generate_encrypted_key=True
)
@@ -334,15 +372,20 @@ class TestGetClientSslCredentials(object):
["command", "--with_passphrase"], expect_encrypted_key=True
)
- @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
@mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
+ "google.auth.transport._mtls_helper._get_workload_cert_and_key", autospec=True
)
+ @mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
def test_missing_cert_command(
- self, mock_check_dca_metadata_path, mock_load_json_file
+ self,
+ mock_check_config_path,
+ mock_load_json_file,
+ mock_get_workload_cert_and_key,
):
- mock_check_dca_metadata_path.return_value = True
+ mock_check_config_path.return_value = "/path/to/config"
mock_load_json_file.return_value = {}
+ mock_get_workload_cert_and_key.return_value = (None, None)
with pytest.raises(exceptions.ClientCertError):
_mtls_helper.get_client_ssl_credentials()
@@ -350,17 +393,15 @@ class TestGetClientSslCredentials(object):
"google.auth.transport._mtls_helper._run_cert_provider_command", autospec=True
)
@mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
- @mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
- )
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
def test_customize_context_aware_metadata_path(
self,
- mock_check_dca_metadata_path,
+ mock_check_config_path,
mock_load_json_file,
mock_run_cert_provider_command,
):
context_aware_metadata_path = "/path/to/metata/data"
- mock_check_dca_metadata_path.return_value = context_aware_metadata_path
+ mock_check_config_path.return_value = context_aware_metadata_path
mock_load_json_file.return_value = {"cert_provider_command": ["command"]}
mock_run_cert_provider_command.return_value = (b"cert", b"key", None)
@@ -372,7 +413,7 @@ class TestGetClientSslCredentials(object):
assert cert == b"cert"
assert key == b"key"
assert passphrase is None
- mock_check_dca_metadata_path.assert_called_with(context_aware_metadata_path)
+ mock_check_config_path.assert_called_with(context_aware_metadata_path)
mock_load_json_file.assert_called_with(context_aware_metadata_path)
@@ -520,7 +561,7 @@ class TestGetCertConfigPath(object):
mock_path_exists.return_value = True
returned_path = _mtls_helper._get_cert_config_path()
expected_path = os.path.expanduser(
- _mtls_helper._CERTIFICATE_CONFIGURATION_DEFAULT_PATH
+ _mtls_helper.CERTIFICATE_CONFIGURATION_DEFAULT_PATH
)
assert returned_path == expected_path
diff --git a/contrib/python/google-auth/py3/tests/transport/test_grpc.py b/contrib/python/google-auth/py3/tests/transport/test_grpc.py
index 9badb59b28..80b24e86d4 100644
--- a/contrib/python/google-auth/py3/tests/transport/test_grpc.py
+++ b/contrib/python/google-auth/py3/tests/transport/test_grpc.py
@@ -143,12 +143,10 @@ class TestAuthMetadataPlugin(object):
@mock.patch("grpc.secure_channel", autospec=True)
class TestSecureAuthorizedChannel(object):
@mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
- @mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
- )
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
def test_secure_authorized_channel_adc(
self,
- check_dca_metadata_path,
+ check_config_path,
load_json_file,
secure_channel,
ssl_channel_credentials,
@@ -162,7 +160,7 @@ class TestSecureAuthorizedChannel(object):
# Mock the context aware metadata and client cert/key so mTLS SSL channel
# will be used.
- check_dca_metadata_path.return_value = METADATA_PATH
+ check_config_path.return_value = METADATA_PATH
load_json_file.return_value = {"cert_provider_command": ["some command"]}
get_client_ssl_credentials.return_value = (
True,
@@ -332,12 +330,10 @@ class TestSecureAuthorizedChannel(object):
)
@mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
- @mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
- )
+ @mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
def test_secure_authorized_channel_with_client_cert_callback_failure(
self,
- check_dca_metadata_path,
+ check_config_path,
load_json_file,
secure_channel,
ssl_channel_credentials,
@@ -401,19 +397,17 @@ class TestSecureAuthorizedChannel(object):
"google.auth.transport._mtls_helper.get_client_ssl_credentials", autospec=True
)
@mock.patch("google.auth.transport._mtls_helper._load_json_file", autospec=True)
-@mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
-)
+@mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
class TestSslCredentials(object):
def test_no_context_aware_metadata(
self,
- mock_check_dca_metadata_path,
+ mock_check_config_path,
mock_load_json_file,
mock_get_client_ssl_credentials,
mock_ssl_channel_credentials,
):
# Mock that the metadata file doesn't exist.
- mock_check_dca_metadata_path.return_value = None
+ mock_check_config_path.return_value = None
with mock.patch.dict(
os.environ, {environment_vars.GOOGLE_API_USE_CLIENT_CERTIFICATE: "true"}
@@ -430,12 +424,12 @@ class TestSslCredentials(object):
def test_get_client_ssl_credentials_failure(
self,
- mock_check_dca_metadata_path,
+ mock_check_config_path,
mock_load_json_file,
mock_get_client_ssl_credentials,
mock_ssl_channel_credentials,
):
- mock_check_dca_metadata_path.return_value = METADATA_PATH
+ mock_check_config_path.return_value = METADATA_PATH
mock_load_json_file.return_value = {"cert_provider_command": ["some command"]}
# Mock that client cert and key are not loaded and exception is raised.
@@ -449,12 +443,12 @@ class TestSslCredentials(object):
def test_get_client_ssl_credentials_success(
self,
- mock_check_dca_metadata_path,
+ mock_check_config_path,
mock_load_json_file,
mock_get_client_ssl_credentials,
mock_ssl_channel_credentials,
):
- mock_check_dca_metadata_path.return_value = METADATA_PATH
+ mock_check_config_path.return_value = METADATA_PATH
mock_load_json_file.return_value = {"cert_provider_command": ["some command"]}
mock_get_client_ssl_credentials.return_value = (
True,
@@ -477,7 +471,7 @@ class TestSslCredentials(object):
def test_get_client_ssl_credentials_without_client_cert_env(
self,
- mock_check_dca_metadata_path,
+ mock_check_config_path,
mock_load_json_file,
mock_get_client_ssl_credentials,
mock_ssl_channel_credentials,
@@ -487,7 +481,7 @@ class TestSslCredentials(object):
assert ssl_credentials.ssl_credentials is not None
assert not ssl_credentials.is_mtls
- mock_check_dca_metadata_path.assert_not_called()
+ mock_check_config_path.assert_not_called()
mock_load_json_file.assert_not_called()
mock_get_client_ssl_credentials.assert_not_called()
mock_ssl_channel_credentials.assert_called_once()
diff --git a/contrib/python/google-auth/py3/tests/transport/test_mtls.py b/contrib/python/google-auth/py3/tests/transport/test_mtls.py
index b62063e479..ea549ae142 100644
--- a/contrib/python/google-auth/py3/tests/transport/test_mtls.py
+++ b/contrib/python/google-auth/py3/tests/transport/test_mtls.py
@@ -16,17 +16,30 @@ import mock
import pytest # type: ignore
from google.auth import exceptions
+from google.auth.transport import _mtls_helper
from google.auth.transport import mtls
-@mock.patch(
- "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
-)
-def test_has_default_client_cert_source(check_dca_metadata_path):
- check_dca_metadata_path.return_value = mock.Mock()
+@mock.patch("google.auth.transport._mtls_helper._check_config_path", autospec=True)
+def test_has_default_client_cert_source(check_config_path):
+ def return_path_for_metadata(path):
+ return mock.Mock() if path == _mtls_helper.CONTEXT_AWARE_METADATA_PATH else None
+
+ check_config_path.side_effect = return_path_for_metadata
+ assert mtls.has_default_client_cert_source()
+
+ def return_path_for_cert_config(path):
+ return (
+ mock.Mock()
+ if path == _mtls_helper.CERTIFICATE_CONFIGURATION_DEFAULT_PATH
+ else None
+ )
+
+ check_config_path.side_effect = return_path_for_cert_config
assert mtls.has_default_client_cert_source()
- check_dca_metadata_path.return_value = None
+ check_config_path.side_effect = None
+ check_config_path.return_value = None
assert not mtls.has_default_client_cert_source()
diff --git a/contrib/python/google-auth/py3/ya.make b/contrib/python/google-auth/py3/ya.make
index caefae5db6..4f5c4e4ad8 100644
--- a/contrib/python/google-auth/py3/ya.make
+++ b/contrib/python/google-auth/py3/ya.make
@@ -2,7 +2,7 @@
PY3_LIBRARY()
-VERSION(2.33.0)
+VERSION(2.34.0)
LICENSE(Apache-2.0)