From ecd88d4f0efc5c619ebd3e3fa7e2472f11c63452 Mon Sep 17 00:00:00 2001 From: Vaughan Hilts Date: Tue, 21 Jul 2020 16:25:51 -0400 Subject: [PATCH 1/7] feat: Add debug logging that can help with diagnosing auth lib. path (#473) Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Co-authored-by: Tres Seaver --- google/auth/_default.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/google/auth/_default.py b/google/auth/_default.py index 694033f3c..de81c5b2c 100644 --- a/google/auth/_default.py +++ b/google/auth/_default.py @@ -155,10 +155,13 @@ def _get_gcloud_sdk_credentials(): """Gets the credentials and project ID from the Cloud SDK.""" from google.auth import _cloud_sdk + _LOGGER.debug("Checking Cloud SDK credentials as part of auth process...") + # Check if application default credentials exist. credentials_filename = _cloud_sdk.get_application_default_credentials_path() if not os.path.isfile(credentials_filename): + _LOGGER.debug("Cloud SDK credentials not found on disk; not using them") return None, None credentials, project_id = load_credentials_from_file(credentials_filename) @@ -174,6 +177,10 @@ def _get_explicit_environ_credentials(): variable.""" explicit_file = os.environ.get(environment_vars.CREDENTIALS) + _LOGGER.debug( + "Checking %s for explicit credentials as part of auth process...", explicit_file + ) + if explicit_file is not None: credentials, project_id = load_credentials_from_file( os.environ[environment_vars.CREDENTIALS] @@ -190,8 +197,10 @@ def _get_gae_credentials(): # While this library is normally bundled with app_engine, there are # some cases where it's not available, so we tolerate ImportError. try: + _LOGGER.debug("Checking for App Engine runtime as part of auth process...") import google.auth.app_engine as app_engine except ImportError: + _LOGGER.warning("Import of App Engine auth library failed.") return None, None try: @@ -199,6 +208,9 @@ def _get_gae_credentials(): project_id = app_engine.get_project_id() return credentials, project_id except EnvironmentError: + _LOGGER.debug( + "No App Engine library was found so cannot authentication via App Engine Identity Credentials." + ) return None, None @@ -215,6 +227,7 @@ def _get_gce_credentials(request=None): from google.auth import compute_engine from google.auth.compute_engine import _metadata except ImportError: + _LOGGER.warning("Import of Compute Engine auth library failed.") return None, None if request is None: @@ -229,6 +242,9 @@ def _get_gce_credentials(request=None): return compute_engine.Credentials(), project_id else: + _LOGGER.warning( + "Authentication failed using Compute Engine authentication due to unavailable metadata server." + ) return None, None From 18d5ae686dab317b5d60a68ed1f83dcca446748a Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Tue, 21 Jul 2020 13:44:03 -0700 Subject: [PATCH 2/7] test: add more tests for service account quota projects (#527) Follow up to #519 --- tests/oauth2/test_credentials.py | 2 ++ tests/oauth2/test_service_account.py | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/tests/oauth2/test_credentials.py b/tests/oauth2/test_credentials.py index 69d9fbcea..ceb8cdfd5 100644 --- a/tests/oauth2/test_credentials.py +++ b/tests/oauth2/test_credentials.py @@ -309,6 +309,7 @@ def test_apply_with_quota_project_id(self): headers = {} creds.apply(headers) assert headers["x-goog-user-project"] == "quota-project-123" + assert "token" in headers["authorization"] def test_apply_with_no_quota_project_id(self): creds = credentials.Credentials( @@ -322,6 +323,7 @@ def test_apply_with_no_quota_project_id(self): headers = {} creds.apply(headers) assert "x-goog-user-project" not in headers + assert "token" in headers["authorization"] def test_with_quota_project(self): creds = credentials.Credentials( diff --git a/tests/oauth2/test_service_account.py b/tests/oauth2/test_service_account.py index 7f27dad3c..4c75e371b 100644 --- a/tests/oauth2/test_service_account.py +++ b/tests/oauth2/test_service_account.py @@ -178,6 +178,31 @@ def test__make_authorization_grant_assertion_subject(self): payload = jwt.decode(token, PUBLIC_CERT_BYTES) assert payload["sub"] == subject + def test_apply_with_quota_project_id(self): + credentials = service_account.Credentials( + SIGNER, + self.SERVICE_ACCOUNT_EMAIL, + self.TOKEN_URI, + quota_project_id="quota-project-123", + ) + + headers = {} + credentials.apply(headers, token="token") + + assert headers["x-goog-user-project"] == "quota-project-123" + assert "token" in headers["authorization"] + + def test_apply_with_no_quota_project_id(self): + credentials = service_account.Credentials( + SIGNER, self.SERVICE_ACCOUNT_EMAIL, self.TOKEN_URI + ) + + headers = {} + credentials.apply(headers, token="token") + + assert "x-goog-user-project" not in headers + assert "token" in headers["authorization"] + @mock.patch("google.oauth2._client.jwt_grant", autospec=True) def test_refresh_success(self, jwt_grant): credentials = self.make_credentials() From 23919bb60e5f9d9b73644e9a2e127d4d1dd68e8c Mon Sep 17 00:00:00 2001 From: Vaughan Hilts Date: Tue, 21 Jul 2020 17:12:06 -0400 Subject: [PATCH 3/7] feat: Show the transport exception that happened for GCE Metadata (#474) Two primary motivators here: 1. Why obscure the exception? Sometimes it has some really useful information, such as the case when its being rate limited or throwing some internal error. Some of those responses have valuable information; and it's a public API so the contents of it are not a secret. 2. The metadata server should not be spewing failures that often; I think it would be good to know with `WARNING` when it happens since `WARNING` is the default and what a lot of people run with. When Metadata servers have issues overnight, we have no logs for those who left it as default. A good example of this is when the Metadata server is being rate limited; it would be good to know that's happening. Logs will help make that faster, though ideally of course maybe the library would have a result or something indicating the status of all checks (or something else so faults can be diagnosed faster?) but logs are cheap, easy and make diagnosing it a lot faster. It should be rare enough (correct me if I'm wrong?) that it should not be failing often enough except in the "resolution lag" case. --- google/auth/compute_engine/_metadata.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/google/auth/compute_engine/_metadata.py b/google/auth/compute_engine/_metadata.py index cba426fb2..fe821418e 100644 --- a/google/auth/compute_engine/_metadata.py +++ b/google/auth/compute_engine/_metadata.py @@ -95,11 +95,13 @@ def ping(request, timeout=_METADATA_DEFAULT_TIMEOUT, retry_count=3): and metadata_flavor == _METADATA_FLAVOR_VALUE ) - except exceptions.TransportError: - _LOGGER.info( - "Compute Engine Metadata server unavailable on" "attempt %s of %s", + except exceptions.TransportError as e: + _LOGGER.warning( + "Compute Engine Metadata server unavailable on" + "attempt %s of %s. Reason: %s", retries + 1, retry_count, + e, ) retries += 1 @@ -144,11 +146,13 @@ def get(request, path, root=_METADATA_ROOT, recursive=False, retry_count=5): response = request(url=url, method="GET", headers=_METADATA_HEADERS) break - except exceptions.TransportError: - _LOGGER.info( - "Compute Engine Metadata server unavailable on" "attempt %s of %s", + except exceptions.TransportError as e: + _LOGGER.warning( + "Compute Engine Metadata server unavailable on" + "attempt %s of %s. Reason: %s", retries + 1, retry_count, + e, ) retries += 1 else: From d91c24cd901c217e071f98cfee079515bfafeaeb Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Tue, 21 Jul 2020 14:24:03 -0700 Subject: [PATCH 4/7] chore: update kokoro config (via synth) (#556) This PR was generated using Autosynth. :rainbow: Synth log will be available here: https://source.cloud.google.com/results/invocations/abd11f9f-00ea-4883-9679-79e339a91948/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: https://github.com/googleapis/synthtool/commit/ffe10407ee2f261c799fb0d01bf32a8abc67ed1e --- .kokoro/build.sh | 13 +-- .kokoro/continuous/common.cfg | 2 +- .kokoro/presubmit/common.cfg | 6 +- .kokoro/samples/lint/common.cfg | 34 ++++++++ .kokoro/samples/lint/continuous.cfg | 6 ++ .kokoro/samples/lint/periodic.cfg | 6 ++ .kokoro/samples/lint/presubmit.cfg | 6 ++ .kokoro/samples/python3.6/common.cfg | 34 ++++++++ .kokoro/samples/python3.6/continuous.cfg | 7 ++ .kokoro/samples/python3.6/periodic.cfg | 6 ++ .kokoro/samples/python3.6/presubmit.cfg | 6 ++ .kokoro/samples/python3.7/common.cfg | 34 ++++++++ .kokoro/samples/python3.7/continuous.cfg | 6 ++ .kokoro/samples/python3.7/periodic.cfg | 6 ++ .kokoro/samples/python3.7/presubmit.cfg | 6 ++ .kokoro/samples/python3.8/common.cfg | 34 ++++++++ .kokoro/samples/python3.8/continuous.cfg | 6 ++ .kokoro/samples/python3.8/periodic.cfg | 6 ++ .kokoro/samples/python3.8/presubmit.cfg | 6 ++ .kokoro/test-samples.sh | 104 +++++++++++++++++++++++ synth.metadata | 6 +- 21 files changed, 321 insertions(+), 19 deletions(-) create mode 100644 .kokoro/samples/lint/common.cfg create mode 100644 .kokoro/samples/lint/continuous.cfg create mode 100644 .kokoro/samples/lint/periodic.cfg create mode 100644 .kokoro/samples/lint/presubmit.cfg create mode 100644 .kokoro/samples/python3.6/common.cfg create mode 100644 .kokoro/samples/python3.6/continuous.cfg create mode 100644 .kokoro/samples/python3.6/periodic.cfg create mode 100644 .kokoro/samples/python3.6/presubmit.cfg create mode 100644 .kokoro/samples/python3.7/common.cfg create mode 100644 .kokoro/samples/python3.7/continuous.cfg create mode 100644 .kokoro/samples/python3.7/periodic.cfg create mode 100644 .kokoro/samples/python3.7/presubmit.cfg create mode 100644 .kokoro/samples/python3.8/common.cfg create mode 100644 .kokoro/samples/python3.8/continuous.cfg create mode 100644 .kokoro/samples/python3.8/periodic.cfg create mode 100644 .kokoro/samples/python3.8/presubmit.cfg create mode 100755 .kokoro/test-samples.sh diff --git a/.kokoro/build.sh b/.kokoro/build.sh index e80311313..3ce87f39d 100755 --- a/.kokoro/build.sh +++ b/.kokoro/build.sh @@ -1,5 +1,4 @@ #!/bin/bash - # Copyright 2018 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,19 +24,10 @@ export PYTHONUNBUFFERED=1 env | grep KOKORO # Setup service account credentials. - -# add creds to gfile dir export GOOGLE_APPLICATION_CREDENTIALS=${KOKORO_GFILE_DIR}/service-account.json # Setup project id. -export PROJECT_ID=$(cat "${KOKORO_GFILE_DIR}/project-id.txt") - -# Activate gcloud with service account credentials -gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS -gcloud config set project $PROJECT_ID - -# Decrypt system test secrets -./scripts/decrypt-secrets.sh +export PROJECT_ID=$(cat "${KOKORO_GFILE_DIR}/project-id.json") # Remove old nox python3.6 -m pip uninstall --yes --quiet nox-automation @@ -47,4 +37,3 @@ python3.6 -m pip install --upgrade --quiet nox python3.6 -m nox --version python3.6 -m nox -python3.6 -m nox -f system_tests/noxfile.py \ No newline at end of file diff --git a/.kokoro/continuous/common.cfg b/.kokoro/continuous/common.cfg index 10910e357..c587b4104 100644 --- a/.kokoro/continuous/common.cfg +++ b/.kokoro/continuous/common.cfg @@ -11,7 +11,7 @@ action { gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" # Download resources for system tests (service account key, etc.) -gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-auth-library-python" +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-python" # Use the trampoline script to run in docker. build_file: "google-auth-library-python/.kokoro/trampoline.sh" diff --git a/.kokoro/presubmit/common.cfg b/.kokoro/presubmit/common.cfg index 7dbee1cfe..c587b4104 100644 --- a/.kokoro/presubmit/common.cfg +++ b/.kokoro/presubmit/common.cfg @@ -7,11 +7,11 @@ action { } } -# Download trampoline resources. These will be in ${KOKORO_GFILE_DIR} +# Download trampoline resources. gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" -# Download resources for tests -gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-auth-library-python" +# Download resources for system tests (service account key, etc.) +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-python" # Use the trampoline script to run in docker. build_file: "google-auth-library-python/.kokoro/trampoline.sh" diff --git a/.kokoro/samples/lint/common.cfg b/.kokoro/samples/lint/common.cfg new file mode 100644 index 000000000..61fa5217b --- /dev/null +++ b/.kokoro/samples/lint/common.cfg @@ -0,0 +1,34 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Build logs will be here +action { + define_artifacts { + regex: "**/*sponge_log.xml" + } +} + +# Specify which tests to run +env_vars: { + key: "RUN_TESTS_SESSION" + value: "lint" +} + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/google-auth-library-python/.kokoro/test-samples.sh" +} + +# Configure the docker image for kokoro-trampoline. +env_vars: { + key: "TRAMPOLINE_IMAGE" + value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker" +} + +# Download secrets for samples +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/python-docs-samples" + +# Download trampoline resources. +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" + +# Use the trampoline script to run in docker. +build_file: "google-auth-library-python/.kokoro/trampoline.sh" \ No newline at end of file diff --git a/.kokoro/samples/lint/continuous.cfg b/.kokoro/samples/lint/continuous.cfg new file mode 100644 index 000000000..a1c8d9759 --- /dev/null +++ b/.kokoro/samples/lint/continuous.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} \ No newline at end of file diff --git a/.kokoro/samples/lint/periodic.cfg b/.kokoro/samples/lint/periodic.cfg new file mode 100644 index 000000000..50fec9649 --- /dev/null +++ b/.kokoro/samples/lint/periodic.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "False" +} \ No newline at end of file diff --git a/.kokoro/samples/lint/presubmit.cfg b/.kokoro/samples/lint/presubmit.cfg new file mode 100644 index 000000000..a1c8d9759 --- /dev/null +++ b/.kokoro/samples/lint/presubmit.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.6/common.cfg b/.kokoro/samples/python3.6/common.cfg new file mode 100644 index 000000000..792bc4bbe --- /dev/null +++ b/.kokoro/samples/python3.6/common.cfg @@ -0,0 +1,34 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Build logs will be here +action { + define_artifacts { + regex: "**/*sponge_log.xml" + } +} + +# Specify which tests to run +env_vars: { + key: "RUN_TESTS_SESSION" + value: "py-3.6" +} + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/google-auth-library-python/.kokoro/test-samples.sh" +} + +# Configure the docker image for kokoro-trampoline. +env_vars: { + key: "TRAMPOLINE_IMAGE" + value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker" +} + +# Download secrets for samples +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/python-docs-samples" + +# Download trampoline resources. +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" + +# Use the trampoline script to run in docker. +build_file: "google-auth-library-python/.kokoro/trampoline.sh" \ No newline at end of file diff --git a/.kokoro/samples/python3.6/continuous.cfg b/.kokoro/samples/python3.6/continuous.cfg new file mode 100644 index 000000000..7218af149 --- /dev/null +++ b/.kokoro/samples/python3.6/continuous.cfg @@ -0,0 +1,7 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} + diff --git a/.kokoro/samples/python3.6/periodic.cfg b/.kokoro/samples/python3.6/periodic.cfg new file mode 100644 index 000000000..50fec9649 --- /dev/null +++ b/.kokoro/samples/python3.6/periodic.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "False" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.6/presubmit.cfg b/.kokoro/samples/python3.6/presubmit.cfg new file mode 100644 index 000000000..a1c8d9759 --- /dev/null +++ b/.kokoro/samples/python3.6/presubmit.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.7/common.cfg b/.kokoro/samples/python3.7/common.cfg new file mode 100644 index 000000000..209f6cef9 --- /dev/null +++ b/.kokoro/samples/python3.7/common.cfg @@ -0,0 +1,34 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Build logs will be here +action { + define_artifacts { + regex: "**/*sponge_log.xml" + } +} + +# Specify which tests to run +env_vars: { + key: "RUN_TESTS_SESSION" + value: "py-3.7" +} + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/google-auth-library-python/.kokoro/test-samples.sh" +} + +# Configure the docker image for kokoro-trampoline. +env_vars: { + key: "TRAMPOLINE_IMAGE" + value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker" +} + +# Download secrets for samples +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/python-docs-samples" + +# Download trampoline resources. +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" + +# Use the trampoline script to run in docker. +build_file: "google-auth-library-python/.kokoro/trampoline.sh" \ No newline at end of file diff --git a/.kokoro/samples/python3.7/continuous.cfg b/.kokoro/samples/python3.7/continuous.cfg new file mode 100644 index 000000000..a1c8d9759 --- /dev/null +++ b/.kokoro/samples/python3.7/continuous.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.7/periodic.cfg b/.kokoro/samples/python3.7/periodic.cfg new file mode 100644 index 000000000..50fec9649 --- /dev/null +++ b/.kokoro/samples/python3.7/periodic.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "False" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.7/presubmit.cfg b/.kokoro/samples/python3.7/presubmit.cfg new file mode 100644 index 000000000..a1c8d9759 --- /dev/null +++ b/.kokoro/samples/python3.7/presubmit.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.8/common.cfg b/.kokoro/samples/python3.8/common.cfg new file mode 100644 index 000000000..b0095dabd --- /dev/null +++ b/.kokoro/samples/python3.8/common.cfg @@ -0,0 +1,34 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +# Build logs will be here +action { + define_artifacts { + regex: "**/*sponge_log.xml" + } +} + +# Specify which tests to run +env_vars: { + key: "RUN_TESTS_SESSION" + value: "py-3.8" +} + +env_vars: { + key: "TRAMPOLINE_BUILD_FILE" + value: "github/google-auth-library-python/.kokoro/test-samples.sh" +} + +# Configure the docker image for kokoro-trampoline. +env_vars: { + key: "TRAMPOLINE_IMAGE" + value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker" +} + +# Download secrets for samples +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/python-docs-samples" + +# Download trampoline resources. +gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" + +# Use the trampoline script to run in docker. +build_file: "google-auth-library-python/.kokoro/trampoline.sh" \ No newline at end of file diff --git a/.kokoro/samples/python3.8/continuous.cfg b/.kokoro/samples/python3.8/continuous.cfg new file mode 100644 index 000000000..a1c8d9759 --- /dev/null +++ b/.kokoro/samples/python3.8/continuous.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.8/periodic.cfg b/.kokoro/samples/python3.8/periodic.cfg new file mode 100644 index 000000000..50fec9649 --- /dev/null +++ b/.kokoro/samples/python3.8/periodic.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "False" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.8/presubmit.cfg b/.kokoro/samples/python3.8/presubmit.cfg new file mode 100644 index 000000000..a1c8d9759 --- /dev/null +++ b/.kokoro/samples/python3.8/presubmit.cfg @@ -0,0 +1,6 @@ +# Format: //devtools/kokoro/config/proto/build.proto + +env_vars: { + key: "INSTALL_LIBRARY_FROM_SOURCE" + value: "True" +} \ No newline at end of file diff --git a/.kokoro/test-samples.sh b/.kokoro/test-samples.sh new file mode 100755 index 000000000..f4426f67a --- /dev/null +++ b/.kokoro/test-samples.sh @@ -0,0 +1,104 @@ +#!/bin/bash +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# `-e` enables the script to automatically fail when a command fails +# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero +set -eo pipefail +# Enables `**` to include files nested inside sub-folders +shopt -s globstar + +cd github/google-auth-library-python + +# Run periodic samples tests at latest release +if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then + LATEST_RELEASE=$(git describe --abbrev=0 --tags) + git checkout $LATEST_RELEASE +fi + +# Disable buffering, so that the logs stream through. +export PYTHONUNBUFFERED=1 + +# Debug: show build environment +env | grep KOKORO + +# Install nox +python3.6 -m pip install --upgrade --quiet nox + +# Use secrets acessor service account to get secrets +if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then + gcloud auth activate-service-account \ + --key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \ + --project="cloud-devrel-kokoro-resources" +fi + +# This script will create 3 files: +# - testing/test-env.sh +# - testing/service-account.json +# - testing/client-secrets.json +./scripts/decrypt-secrets.sh + +source ./testing/test-env.sh +export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json + +# For cloud-run session, we activate the service account for gcloud sdk. +gcloud auth activate-service-account \ + --key-file "${GOOGLE_APPLICATION_CREDENTIALS}" + +export GOOGLE_CLIENT_SECRETS=$(pwd)/testing/client-secrets.json + +echo -e "\n******************** TESTING PROJECTS ********************" + +# Switch to 'fail at end' to allow all tests to complete before exiting. +set +e +# Use RTN to return a non-zero value if the test fails. +RTN=0 +ROOT=$(pwd) +# Find all requirements.txt in the samples directory (may break on whitespace). +for file in samples/**/requirements.txt; do + cd "$ROOT" + # Navigate to the project folder. + file=$(dirname "$file") + cd "$file" + + echo "------------------------------------------------------------" + echo "- testing $file" + echo "------------------------------------------------------------" + + # Use nox to execute the tests for the project. + python3.6 -m nox -s "$RUN_TESTS_SESSION" + EXIT=$? + + # If this is a periodic build, send the test log to the Build Cop Bot. + # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/buildcop. + if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then + chmod +x $KOKORO_GFILE_DIR/linux_amd64/buildcop + $KOKORO_GFILE_DIR/linux_amd64/buildcop + fi + + if [[ $EXIT -ne 0 ]]; then + RTN=1 + echo -e "\n Testing failed: Nox returned a non-zero exit code. \n" + else + echo -e "\n Testing completed.\n" + fi + +done +cd "$ROOT" + +# Workaround for Kokoro permissions issue: delete secrets +rm testing/{test-env.sh,client-secrets.json,service-account.json} + +exit "$RTN" \ No newline at end of file diff --git a/synth.metadata b/synth.metadata index 0efbe1e90..901a2cb9b 100644 --- a/synth.metadata +++ b/synth.metadata @@ -3,15 +3,15 @@ { "git": { "name": ".", - "remote": "git@github.com:googleapis/google-auth-library-python", - "sha": "aab4f2fdb2cfa598397026865ccb270a05c38cc4" + "remote": "https://github.com/googleapis/google-auth-library-python.git", + "sha": "218a159f646c81021c890b92f9cff003aed949a8" } }, { "git": { "name": "synthtool", "remote": "https://github.com/googleapis/synthtool.git", - "sha": "71b8a272549c06b5768d00fa48d3ae990e871bec" + "sha": "ffe10407ee2f261c799fb0d01bf32a8abc67ed1e" } } ] From 6dd2597bd63be6719a0b088de21ef7e48d9d1884 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 21 Jul 2020 23:42:03 +0200 Subject: [PATCH 5/7] chore(deps): update dependency rsa to <4.6 (#544) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [rsa](https://stuvel.eu/rsa) | minor | `<4.1` -> `<4.7` | --- ### Renovate configuration :date: **Schedule**: At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied. :recycle: **Rebasing**: Renovate will not automatically rebase this PR, because other commits have been found. :no_bell: **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#googleapis/google-auth-library-python). --- setup.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index 629e059df..1f5c6861c 100644 --- a/setup.py +++ b/setup.py @@ -21,9 +21,10 @@ DEPENDENCIES = ( "cachetools>=2.0.0,<5.0", "pyasn1-modules>=0.2.1", - # rsa >= 4.1 no longer supports python 2 https://github.com/sybrenstuvel/python-rsa/issues/152 - 'rsa<4.1; python_version < "3"', - 'rsa>=3.1.4,<5; python_version >= "3"', + # rsa==4.5 is the last version to support 2.7 + # https://github.com/sybrenstuvel/python-rsa/issues/152#issuecomment-643470233 + 'rsa<4.6; python_version < "3.5"', + 'rsa>=3.1.4,<5; python_version >= "3.5"', "setuptools>=40.3.0", "six>=1.9.0", ) From 1aad54af6b1d5da73d7471cdbfaf0d0b37c5fde6 Mon Sep 17 00:00:00 2001 From: Tres Seaver Date: Wed, 22 Jul 2020 20:17:28 -0400 Subject: [PATCH 6/7] feat(packaging): add support for Python 3.8 (#569) Release-As: 1.20.0 Closes #568 --- docs/reference/google.auth.compute_engine.rst | 1 + docs/reference/google.auth.crypt.rst | 1 + docs/reference/google.auth.rst | 2 ++ docs/reference/google.auth.transport.rst | 2 ++ docs/reference/google.oauth2.rst | 1 + docs/reference/google.rst | 1 + noxfile.py | 2 +- setup.py | 1 + 8 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/reference/google.auth.compute_engine.rst b/docs/reference/google.auth.compute_engine.rst index 38785c803..819248cb5 100644 --- a/docs/reference/google.auth.compute_engine.rst +++ b/docs/reference/google.auth.compute_engine.rst @@ -10,5 +10,6 @@ Submodules ---------- .. toctree:: + :maxdepth: 4 google.auth.compute_engine.credentials diff --git a/docs/reference/google.auth.crypt.rst b/docs/reference/google.auth.crypt.rst index be142f428..ff38fa34e 100644 --- a/docs/reference/google.auth.crypt.rst +++ b/docs/reference/google.auth.crypt.rst @@ -10,6 +10,7 @@ Submodules ---------- .. toctree:: + :maxdepth: 4 google.auth.crypt.base google.auth.crypt.es256 diff --git a/docs/reference/google.auth.rst b/docs/reference/google.auth.rst index f6ea073c5..cfcf70357 100644 --- a/docs/reference/google.auth.rst +++ b/docs/reference/google.auth.rst @@ -10,6 +10,7 @@ Subpackages ----------- .. toctree:: + :maxdepth: 4 google.auth.compute_engine google.auth.crypt @@ -19,6 +20,7 @@ Submodules ---------- .. toctree:: + :maxdepth: 4 google.auth.app_engine google.auth.credentials diff --git a/docs/reference/google.auth.transport.rst b/docs/reference/google.auth.transport.rst index 48e2e0551..89218632b 100644 --- a/docs/reference/google.auth.transport.rst +++ b/docs/reference/google.auth.transport.rst @@ -10,7 +10,9 @@ Submodules ---------- .. toctree:: + :maxdepth: 4 google.auth.transport.grpc + google.auth.transport.mtls google.auth.transport.requests google.auth.transport.urllib3 diff --git a/docs/reference/google.oauth2.rst b/docs/reference/google.oauth2.rst index 4f1df071f..1ac9c7320 100644 --- a/docs/reference/google.oauth2.rst +++ b/docs/reference/google.oauth2.rst @@ -10,6 +10,7 @@ Submodules ---------- .. toctree:: + :maxdepth: 4 google.oauth2.credentials google.oauth2.id_token diff --git a/docs/reference/google.rst b/docs/reference/google.rst index 4b1e08537..f122ca13c 100644 --- a/docs/reference/google.rst +++ b/docs/reference/google.rst @@ -10,6 +10,7 @@ Subpackages ----------- .. toctree:: + :maxdepth: 4 google.auth google.oauth2 diff --git a/noxfile.py b/noxfile.py index bcea1fbc8..c39f27c47 100644 --- a/noxfile.py +++ b/noxfile.py @@ -64,7 +64,7 @@ def blacken(session): session.run("black", *BLACK_PATHS) -@nox.session(python=["2.7", "3.5", "3.6", "3.7"]) +@nox.session(python=["2.7", "3.5", "3.6", "3.7", "3.8"]) def unit(session): session.install(*TEST_DEPENDENCIES) session.install(".") diff --git a/setup.py b/setup.py index 1f5c6861c..6a70fca18 100644 --- a/setup.py +++ b/setup.py @@ -56,6 +56,7 @@ "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", From 8e45f0b16d5bf87698de9bc16891f43ead71d433 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Tue, 28 Jul 2020 11:53:42 -0700 Subject: [PATCH 7/7] chore: release 1.20.0 (#567) --- CHANGELOG.md | 9 +++++++++ setup.py | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 532d7d925..a7e71f265 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,15 @@ [1]: https://pypi.org/project/google-auth/#history +## [1.20.0](https://www.github.com/googleapis/google-auth-library-python/compare/v1.19.2...v1.20.0) (2020-07-23) + + +### Features + +* Add debug logging that can help with diagnosing auth lib. path ([#473](https://www.github.com/googleapis/google-auth-library-python/issues/473)) ([ecd88d4](https://www.github.com/googleapis/google-auth-library-python/commit/ecd88d4f0efc5c619ebd3e3fa7e2472f11c63452)) +* Show the transport exception that happened for GCE Metadata ([#474](https://www.github.com/googleapis/google-auth-library-python/issues/474)) ([23919bb](https://www.github.com/googleapis/google-auth-library-python/commit/23919bb60e5f9d9b73644e9a2e127d4d1dd68e8c)) +* **packaging:** add support for Python 3.8 ([#569](https://www.github.com/googleapis/google-auth-library-python/issues/569)) ([1aad54a](https://www.github.com/googleapis/google-auth-library-python/commit/1aad54af6b1d5da73d7471cdbfaf0d0b37c5fde6)), closes [#568](https://www.github.com/googleapis/google-auth-library-python/issues/568) + ### [1.19.2](https://www.github.com/googleapis/google-auth-library-python/compare/v1.19.1...v1.19.2) (2020-07-17) diff --git a/setup.py b/setup.py index 6a70fca18..5b192b10a 100644 --- a/setup.py +++ b/setup.py @@ -33,7 +33,7 @@ with io.open("README.rst", "r") as fh: long_description = fh.read() -version = "1.19.2" +version = "1.20.0" setup( name="google-auth",