Intermediate changes

4 files changed, 176 insertions, 20 deletions

diff --git a/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py b/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py
index 35e3c089f90..352342f1509 100644
--- a/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py
+++ b/contrib/python/google-auth/py3/tests/compute_engine/test__metadata.py
@@ -127,13 +127,15 @@ def test_ping_success_retry(mock_metrics_header_value):
     assert request.call_count == 2
 
 
-def test_ping_failure_bad_flavor():
+@mock.patch("time.sleep", return_value=None)
+def test_ping_failure_bad_flavor(mock_sleep):
     request = make_request("", headers={_metadata._METADATA_FLAVOR_HEADER: "meep"})
 
     assert not _metadata.ping(request)
 
 
-def test_ping_failure_connection_failed():
+@mock.patch("time.sleep", return_value=None)
+def test_ping_failure_connection_failed(mock_sleep):
     request = make_request("")
     request.side_effect = exceptions.TransportError()
 
@@ -196,7 +198,8 @@ def test_get_success_json_content_type_charset():
     assert result[key] == value
 
 
-def test_get_success_retry():
+@mock.patch("time.sleep", return_value=None)
+def test_get_success_retry(mock_sleep):
     key, value = "foo", "bar"
 
     data = json.dumps({key: value})
@@ -312,7 +315,8 @@ def _test_get_success_custom_root_old_variable():
     )
 
 
-def test_get_failure():
+@mock.patch("time.sleep", return_value=None)
+def test_get_failure(mock_sleep):
     request = make_request("Metadata error", status=http_client.NOT_FOUND)
 
     with pytest.raises(exceptions.TransportError) as excinfo:
@@ -339,7 +343,8 @@ def test_get_return_none_for_not_found_error():
     )
 
 
-def test_get_failure_connection_failed():
+@mock.patch("time.sleep", return_value=None)
+def test_get_failure_connection_failed(mock_sleep):
     request = make_request("")
     request.side_effect = exceptions.TransportError()
 
diff --git a/contrib/python/google-auth/py3/tests/oauth2/test__client.py b/contrib/python/google-auth/py3/tests/oauth2/test__client.py
index f9a2d3aff49..8736a4e27be 100644
--- a/contrib/python/google-auth/py3/tests/oauth2/test__client.py
+++ b/contrib/python/google-auth/py3/tests/oauth2/test__client.py
@@ -195,8 +195,8 @@ def test__token_endpoint_request_internal_failure_error():
         _client._token_endpoint_request(
             request, "http://example.com", {"error_description": "internal_failure"}
         )
-    # request should be called once and then with 3 retries
-    assert request.call_count == 4
+    # request with 2 retries
+    assert request.call_count == 3
 
     request = make_request(
         {"error": "internal_failure"}, status=http_client.BAD_REQUEST
@@ -206,8 +206,8 @@ def test__token_endpoint_request_internal_failure_error():
         _client._token_endpoint_request(
             request, "http://example.com", {"error": "internal_failure"}
         )
-    # request should be called once and then with 3 retries
-    assert request.call_count == 4
+    # request with 2 retries
+    assert request.call_count == 3
 
 
 def test__token_endpoint_request_internal_failure_and_retry_failure_error():
@@ -626,6 +626,6 @@ def test__token_endpoint_request_no_throw_with_retry(can_retry):
     )
 
     if can_retry:
-        assert mock_request.call_count == 4
+        assert mock_request.call_count == 3
     else:
         assert mock_request.call_count == 1
diff --git a/contrib/python/google-auth/py3/tests/test__exponential_backoff.py b/contrib/python/google-auth/py3/tests/test__exponential_backoff.py
index 06a54527e6b..95422502b0d 100644
--- a/contrib/python/google-auth/py3/tests/test__exponential_backoff.py
+++ b/contrib/python/google-auth/py3/tests/test__exponential_backoff.py
@@ -13,8 +13,10 @@
 # limitations under the License.
 
 import mock
+import pytest  # type: ignore
 
 from google.auth import _exponential_backoff
+from google.auth import exceptions
 
 
 @mock.patch("time.sleep", return_value=None)
@@ -24,18 +26,31 @@ def test_exponential_backoff(mock_time):
     iteration_count = 0
 
     for attempt in eb:
-        backoff_interval = mock_time.call_args[0][0]
-        jitter = curr_wait * eb._randomization_factor
-
-        assert (curr_wait - jitter) <= backoff_interval <= (curr_wait + jitter)
-        assert attempt == iteration_count + 1
-        assert eb.backoff_count == iteration_count + 1
-        assert eb._current_wait_in_seconds == eb._multiplier ** (iteration_count + 1)
-
-        curr_wait = eb._current_wait_in_seconds
+        if attempt == 1:
+            assert mock_time.call_count == 0
+        else:
+            backoff_interval = mock_time.call_args[0][0]
+            jitter = curr_wait * eb._randomization_factor
+
+            assert (curr_wait - jitter) <= backoff_interval <= (curr_wait + jitter)
+            assert attempt == iteration_count + 1
+            assert eb.backoff_count == iteration_count + 1
+            assert eb._current_wait_in_seconds == eb._multiplier ** iteration_count
+
+            curr_wait = eb._current_wait_in_seconds
         iteration_count += 1
 
     assert eb.total_attempts == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS
     assert eb.backoff_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS
     assert iteration_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS
-    assert mock_time.call_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS
+    assert (
+        mock_time.call_count == _exponential_backoff._DEFAULT_RETRY_TOTAL_ATTEMPTS - 1
+    )
+
+
+def test_minimum_total_attempts():
+    with pytest.raises(exceptions.InvalidValue):
+        _exponential_backoff.ExponentialBackoff(total_attempts=0)
+    with pytest.raises(exceptions.InvalidValue):
+        _exponential_backoff.ExponentialBackoff(total_attempts=-1)
+    _exponential_backoff.ExponentialBackoff(total_attempts=1)
diff --git a/contrib/python/google-auth/py3/tests/test_credentials_async.py b/contrib/python/google-auth/py3/tests/test_credentials_async.py
new file mode 100644
index 00000000000..51e4f0611c8
--- /dev/null
+++ b/contrib/python/google-auth/py3/tests/test_credentials_async.py
@@ -0,0 +1,136 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pytest  # type: ignore
+
+from google.auth import exceptions
+from google.auth.aio import credentials
+
+
+class CredentialsImpl(credentials.Credentials):
+    pass
+
+
+def test_credentials_constructor():
+    credentials = CredentialsImpl()
+    assert not credentials.token
+
+
+@pytest.mark.asyncio
+async def test_before_request():
+    credentials = CredentialsImpl()
+    request = "water"
+    headers = {}
+    credentials.token = "orchid"
+
+    # before_request should not affect the value of the token.
+    await credentials.before_request(request, "http://example.com", "GET", headers)
+    assert credentials.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+    request = "earth"
+    headers = {}
+
+    # Second call shouldn't affect token or headers.
+    await credentials.before_request(request, "http://example.com", "GET", headers)
+    assert credentials.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_ctor():
+    static_creds = credentials.StaticCredentials(token="orchid")
+    assert static_creds.token == "orchid"
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_apply_default():
+    static_creds = credentials.StaticCredentials(token="earth")
+    headers = {}
+
+    await static_creds.apply(headers)
+    assert headers["authorization"] == "Bearer earth"
+
+    await static_creds.apply(headers, token="orchid")
+    assert headers["authorization"] == "Bearer orchid"
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_before_request():
+    static_creds = credentials.StaticCredentials(token="orchid")
+    request = "water"
+    headers = {}
+
+    # before_request should not affect the value of the token.
+    await static_creds.before_request(request, "http://example.com", "GET", headers)
+    assert static_creds.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+    request = "earth"
+    headers = {}
+
+    # Second call shouldn't affect token or headers.
+    await static_creds.before_request(request, "http://example.com", "GET", headers)
+    assert static_creds.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_refresh():
+    static_creds = credentials.StaticCredentials(token="orchid")
+    request = "earth"
+
+    with pytest.raises(exceptions.InvalidOperation) as exc:
+        await static_creds.refresh(request)
+    assert exc.match("Static credentials cannot be refreshed.")
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_ctor():
+    anon = credentials.AnonymousCredentials()
+    assert anon.token is None
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_refresh():
+    anon = credentials.AnonymousCredentials()
+    request = object()
+    with pytest.raises(exceptions.InvalidOperation) as exc:
+        await anon.refresh(request)
+    assert exc.match("Anonymous credentials cannot be refreshed.")
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_apply_default():
+    anon = credentials.AnonymousCredentials()
+    headers = {}
+    await anon.apply(headers)
+    assert headers == {}
+    with pytest.raises(ValueError):
+        await anon.apply(headers, token="orchid")
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_before_request():
+    anon = credentials.AnonymousCredentials()
+    request = object()
+    method = "GET"
+    url = "https://example.com/api/endpoint"
+    headers = {}
+    await anon.before_request(request, method, url, headers)
+    assert headers == {}