From 40d44eb826c262c4b253846204ff24f150f4ef62 Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Tue, 4 Apr 2023 20:53:43 +0000 Subject: [PATCH 1/4] fix: Do not create new JWT credentials if they make the same claims as the existing. --- google/auth/jwt.py | 5 +++ google/oauth2/service_account.py | 35 +++++++++++------ tests/oauth2/test_service_account.py | 57 ++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 11 deletions(-) diff --git a/google/auth/jwt.py b/google/auth/jwt.py index 390368958..ef2d6fd9c 100644 --- a/google/auth/jwt.py +++ b/google/auth/jwt.py @@ -590,6 +590,11 @@ def signer_email(self): def signer(self): return self._signer + @property # type: ignore + def additonal_claims(self): + """Additional claims the JWT object was created with.""" + return self._additional_claims + class OnDemandCredentials( google.auth.credentials.Signing, google.auth.credentials.CredentialsWithQuotaProject diff --git a/google/oauth2/service_account.py b/google/oauth2/service_account.py index 618ab538b..152e05814 100644 --- a/google/oauth2/service_account.py +++ b/google/oauth2/service_account.py @@ -441,19 +441,32 @@ def _create_self_signed_jwt(self, audience): # https://google.aip.dev/auth/4111 if self._always_use_jwt_access: if self._scopes: - self._jwt_credentials = jwt.Credentials.from_signing_credentials( - self, None, additional_claims={"scope": " ".join(self._scopes)} - ) + additional_claims = {"scope": " ".join(self._scopes)} + if ( + self._jwt_credentials is None + or self._jwt_credentials.additional_claims != additional_claims + ): + self._jwt_credentials = jwt.Credentials.from_signing_credentials( + self, None, additional_claims=additional_claims + ) elif audience: - self._jwt_credentials = jwt.Credentials.from_signing_credentials( - self, audience - ) + if ( + self._jwt_credentials is None + or self._jwt_credentials._audience != audience + ): + + self._jwt_credentials = jwt.Credentials.from_signing_credentials( + self, audience + ) elif self._default_scopes: - self._jwt_credentials = jwt.Credentials.from_signing_credentials( - self, - None, - additional_claims={"scope": " ".join(self._default_scopes)}, - ) + additional_claims = {"scope": " ".join(self._default_scopes)} + if ( + self._jwt_credentials is None + or additional_claims != self._jwt_credentials.additional_claims + ): + self._jwt_credentials = jwt.Credentials.from_signing_credentials( + self, None, additional_claims=additional_claims + ) elif not self._scopes and audience: self._jwt_credentials = jwt.Credentials.from_signing_credentials( self, audience diff --git a/tests/oauth2/test_service_account.py b/tests/oauth2/test_service_account.py index 741027973..6b0d1dcce 100644 --- a/tests/oauth2/test_service_account.py +++ b/tests/oauth2/test_service_account.py @@ -253,6 +253,24 @@ def test__create_self_signed_jwt_always_use_jwt_access_with_audience(self, jwt): credentials._create_self_signed_jwt(audience) jwt.from_signing_credentials.assert_called_once_with(credentials, audience) + @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True) + def test__create_self_signed_jwt_always_use_jwt_access_with_audience_similar_jwt_is_reused( + self, jwt + ): + credentials = service_account.Credentials( + SIGNER, + self.SERVICE_ACCOUNT_EMAIL, + self.TOKEN_URI, + default_scopes=["bar", "foo"], + always_use_jwt_access=True, + ) + + audience = "https://pubsub.googleapis.com" + credentials._create_self_signed_jwt(audience) + credentials._jwt_credentials._audience = audience + credentials._create_self_signed_jwt(audience) + jwt.from_signing_credentials.assert_called_once_with(credentials, audience) + @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True) def test__create_self_signed_jwt_always_use_jwt_access_with_scopes(self, jwt): credentials = service_account.Credentials( @@ -269,6 +287,26 @@ def test__create_self_signed_jwt_always_use_jwt_access_with_scopes(self, jwt): credentials, None, additional_claims={"scope": "bar foo"} ) + @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True) + def test__create_self_signed_jwt_always_use_jwt_access_with_scopes_similar_jwt_is_reused( + self, jwt + ): + credentials = service_account.Credentials( + SIGNER, + self.SERVICE_ACCOUNT_EMAIL, + self.TOKEN_URI, + scopes=["bar", "foo"], + always_use_jwt_access=True, + ) + + audience = "https://pubsub.googleapis.com" + credentials._create_self_signed_jwt(audience) + credentials._jwt_credentials.additional_claims = {"scope": "bar foo"} + credentials._create_self_signed_jwt(audience) + jwt.from_signing_credentials.assert_called_once_with( + credentials, None, additional_claims={"scope": "bar foo"} + ) + @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True) def test__create_self_signed_jwt_always_use_jwt_access_with_default_scopes( self, jwt @@ -286,6 +324,25 @@ def test__create_self_signed_jwt_always_use_jwt_access_with_default_scopes( credentials, None, additional_claims={"scope": "bar foo"} ) + @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True) + def test__create_self_signed_jwt_always_use_jwt_access_with_default_scopes_similar_jwt_is_reused( + self, jwt + ): + credentials = service_account.Credentials( + SIGNER, + self.SERVICE_ACCOUNT_EMAIL, + self.TOKEN_URI, + default_scopes=["bar", "foo"], + always_use_jwt_access=True, + ) + + credentials._create_self_signed_jwt(None) + credentials._jwt_credentials.additional_claims = {"scope": "bar foo"} + credentials._create_self_signed_jwt(None) + jwt.from_signing_credentials.assert_called_once_with( + credentials, None, additional_claims={"scope": "bar foo"} + ) + @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True) def test__create_self_signed_jwt_always_use_jwt_access(self, jwt): credentials = service_account.Credentials( From fccf42cf535a3a5ed1d47f8127972333cd5762c5 Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Tue, 4 Apr 2023 22:50:07 +0000 Subject: [PATCH 2/4] chore: Refresh system test creds. --- system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index 6590ed21953de7e0ddec2b5f1b13bab01ee801eb..bdea3fdb79c69af52c062bb9b0eb378fc1da793b 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTEupW4gXU4CAfnu5=1LZa1-vy!xdxIDwU5$$q|Tza|o@PypAf zZWHt8Nqzgi%oPLgg!{OaqSxOt?dtP9fI=H#Y1e9;h){*Nm_bG2%n6XQCsVll#g06f zYhZ9v+IT8m;Wj7ga6&q*G?98vc|XS+#*t95^WoW zn_ZI^me`~|xb8!53`KD0DtjViF5F4k9~U7=#l zrX^Gp#f}f640-nFg$U~6p|>X#-fnwRsyaoGnT2*NV2|x2do&Whgi5UV!jocdG-ZKZ zX!^3^wz4t}yZFqZbZ%Bn6}QtsKHqX<6`Axm@8Z#6yy!Ip-xoF~i4b`XJg3P?5fO^! zAGK7r;r<3`5hC~;G^SG>wUZV?h{XI?Jgl{H3|Hif#24r?9P|ISMaG8iZ;XJ3>MhVB z@}K>)Is&15oos`?`r&JU7Nn>FUvL)*jfkqI#wG^GOONQ_01`}naQv%1gQK#noR1fc zs8Cr+=c zmuEU6UQ3}K^KyTx8JR!t^gM~}^no-8$|SAvp;w*SQzjuhA{(_tO8Pm`H z2k*6Y86M2A8J(|xOQa`4lnOz>vT$Q9(HIhh`ee`N7-Wab!1Q9p7Ve#+`lYnl>hGkT zR7ZA0y8(8drbCfC7kI9ZD%aA_$s1du?EftWC(YGLNQzaXz2>kU+`IR~i$Fa8UexKv zxOHmWvolv+QX@z`2c=)#sw1O|S6reLrk>s1DRL5flv3yYqMUy*@0h|=Ji7Ae! zsR@!4(-=JD17z6DPmH>{L+oOmJ>vY^JugMhQydWV+Pt?h=xD~Bfg-K~ae&6DqVRW3 zG^R+Q{#*p&SZL` zf6}A}3e{C*FvJ(b1L8Ff-(_+qn5tf07*!5%H1%_1+^da{)(~pAHBHPczvFnm*822+ z10mWkSd!v2-xzVxw{bAd(fTf6+2M?X)?@=A49pV@y(6))_CU-kY7>uyCfD+`9c4*r z7~yKxEqEDirlRhx3U)pZ*23VGdnsFCf4>-(n{+Ca3k~HHCB!%SS!09IyErCB;mA@M ze2c&!x7dMb}vX8k&Sjdqla<$f9 zrdyS3)b3zM1=NlBPqy7>fSa%nI5n+}!dm|3Cv#(zLlr3DzIwwo{Z6POB4^-)gH~v% zHt!`@KxE{lg%~{Q^?XNVC^Htu1Z1+yWPT4S>mW0-rv~j=vH+^+H%!$ZcKGsUh$M9z zC5r<4=tF%06qO-+9+fb^5Jbl}A3kehtR@iTh(Sn>>zmolFUR`PhH%RHlEt?^7nb%6Qb@2 zn~+@H*&})lu$JWlm9f0L@}4teXR)N%je1FX;GIgp2l3K>k>Y&<<1SY68HG_Q0QBOj zwUe}e(3OLb2Psn$M`-|UNMnU_(R1)%c^g8$))Qy1^km0oTrV%|f5UbEN{H05&3m)v zx|m0hoFJ=@%l6}@pK4#PHh1;4?x_@j;8aCZ)wuxcX+yYM9;w>~Bti?7xl~={={`OA zvf_kL25FeBHoyk^xU(`!u^{yg9@#M$FB6Ts<;$89Q4|}bhDRjP?{a!v^hijCdbl=1 zRK3CNG>2Whk~GAs+}9hz8Z`pM8=mG_C0vMU)6nv!d*@!8ftp5b+p_P!KaU~)<`@yK zhU_qwW&o%~GHiA2%DXSSii7H@DIFcx9cZ~kojFWkj)j-A&^P|U3#g)Y?~|L_=x4h} z2=B^!{{NwxsZfA4yKLKDuo=oUZ>J)uq_YvpRB|uiNN8iXf5;zfn`|$h*4~Kdn3lbu zGJE^@i!Ds2SoxW{_{m2xiBgY}B+8$XggqMuFooTH68}f12YqK`D=9A6gX6u7~PJ60LAb|e>k4z@SJI?`VYQ%OFZ%7lee%We_U#C;WG#l9Twtd%m!s1Y) z*1N!Qpc3~)EoVxo&CW3Ntj#%Nb#X}$LeUzfK#)Xm2;3~h0xCA%8=d)Gt32gY7Z2;) z8%2Q;0#5GYk5<|rV)OP83_^*dy=MgjWi-0JJ-r#sqAGnX=VaMKYKk2?1My^%21&rq zzPKj9V;Eeapj9Qext{xFu=Mh8=nbXw85{PGF-ol17@1nv3^6NV4@udZf;z|+GIJdI ztgS79;K?5^s&CM7p_LOty!*O(p>JH}^YnJyx_@W~+`L!;+l?BkNG$Pl&Y+4MV-l#! zk;a1}h9AeL2g?6*g-BW1V~OH|cT6@wt3dUdcj_1dw)PbWY z=SxRy`-jge@Vd0Vwp-+I>9vuOogcPXU=otklYsRvp-cahAnF_%G2jR6ybTL{L2l=H z7Po;~RCKG{P%IzLKUEo2(tw87M=DbTy(s(|Z&jGAbbnA;prkt_MuWxigir>pG~GSI z#hGzllsP7i4)!&;?k^BKwj13-KHjUms7@qjG#ZyIHtNCWX~y)d7BdR=!h>Vc+q*xj zL;)`#u(@F4AYevCLoAffxBGCv3f~WoRkWASYgtffWsd#bjI3E>gx=gHqu6bfvG1Q+ z$!RW|GXC?!0+4|FV);MT_<^eF#iIsO0Z@5H3`PxLV;QL&aLRzi#oTx$YIcJwbMzd*X}F1_8EvpzshnTOkJF3R zc`UG)zo!&nrcVcV$BM;TyTn=^Y2Uc09hNMRFv8$Z`iW^ejHv8H*6q;k2ey&}3_>n7 zmAiNHO8VgoWn?w$ahAz>m$2eS0lFyAm?aevW60(U#;OuWgg2KL6SFw`2!Kt!5Q?Z{ zcNX&+tcWyDScF}zeaA-lwACE$^*fLT$IB|hGLV$zQiJ$xubKZ>33P$CimnA3DRcS_ zKiiOe>xoSe@vz!_&l24(4eVu@?bRl1cI;p)lwiO=Lmq!eFtDZwzH%l}5SctNy5FAs*rRQ!_w zAN8F9-)%n+Lhaun%@sayOW-?!iyp`kA)?D+{3rru77u|?71io+I7)sdbSFD0n7o88 zc@t|C3y`j`0D`EK{%%J)e^Q7w0Y;BvglIhIU!IurX6$&m596|Je3TgsFeip)8L`O3 z`EEkSTE5$VZ7M;Q1^}MPr_;e-Nt>4pisd)MlasbohSlF=^hi@32cGDFVWf&<2s(?en!AfYyy`AOVxEB$t#N)`Kr93g_(Hs^P3BF$ zjF(VB*m{X4YOp3-6@Sb&M*|GG=eRA5au8-aWG<$e4OUO!8QptWC^J>-o4SHmj&v#G zq(|`aPNTBd^Hz95iYNRdL%yS()yv5`C_WZZzr89~xG*Xp1!Ga8R1AUCsHYSSQkm4sg zy7T(aV^>PVBwtU-`)dEFl>3lVNjV_{5tB*6K8rO1D2il744P}sE{OU?$eT$nGhHFc z`xrS7hD0SX;BG&^OeqdCCYgimU@^3-vwlQwdRAODl|G6dMI$XQz-dFHA_wosS^ymC zxDP9wZIrzW@DE~Fyt#praAg^qwbx14?BnCZU{zAF7lCH60(IQ0zqA}#mKk!Bx#+mRTpH+eaMBjg=(78`Y+^QW!)+%VW5nD+oOp|a9J25h` zBU8Ad27HxeB(@nP{e!puw0x~6&XZkpl+@&l;<2FiwPSU8O@g}44yVgFdo z!0oLi;coO-3P1*R%ipHA=Q~)vS#MG|QSQaI{{a}cSa z$0R<^>N<}vn3^8rv*O3zq0dBI!h)^PpVpDew23Fl#dD+wqiI#gw6^8l+@iss)dKw} z9%EKoGec8|z4T2bpgK*zg8WEIlTr9mMks&fWWlLV`In{*R>9O`qe!3fT0l3P`hq1{ znBIcu?N<1&caN5dhT#(OT%Ez~Malp%*f8^_F!1lbuHb~uZ0ourNEpU3u*Oa@a{Ygz z0Z9k2SIR3C1v)b|^k328CG@zDoKB;Dn5hbflIQxT05&IuDccPq`~L(QAhBTaV)k^5 z@TDPTa2MkVb631B{rrQkT}rw0&T|TW&F~WZmq>bua0~)cFq-2pTm21;5Q3p9QfEQl z3a%dO6&mG14tm~c3GbtYB5@cyca9Wr<@8I5m+9fgMbRe?h_j{^-l!G6hqWSsN798q ze*B%x-0!)gqupfvbx`bg^kSd*U z;g6zB!3JFT!sKkEKSPEZ(%PeXaF?w6aCw_uf2XF?2HXv#n&DwIC$Auzs3*~08_Qug_yRC-0lTy(JYN|!bU*FS38nSN(&FDH zWA8aJ78e??nb;y5eOrc9`xyJs(@}`xB74z{>U}XDYsUjxLi>>KgnE%E!^6$QH%IDU zSqme)RQ3qDeNL4?R8=K-h({gmGWFjnVNkE4aLjuV-l^RsWBEqp^Soyk2V02`M@wf0 z$~2JZ69g8gke2DSTa>h7d854_ZBM2Z>@&~M7I7IIJ{uvr>=oZg*BbGt&6mF{E?rRK zZIa=XXT<t?U+ObEg{~6v2H;ftmGA-a@8G838cvqd}0dH zYF~V-mcU6V!4pfeD2=q1VaObsR2YcxsT`VW;g;j3(w85T2uS&+?Awf6z0XLhnxFV9`$?Jk(c=s3G@P}3V1z@XhBUr8xSHP=r&zkX0`tBqP2fB z5%z=xNf6NG2|>(My^dnLdvMv|QxYRnu-=;lDV7V$I+}+_X9qoCrxSrrnEn&+=q2gEMinxV5Z?c8p<2+?cz_l z34ajDN!5_zH~zypqWKa;#iiWJN>sHFoCFWwjidA|rcLfAttkQi{VtOIIYCBVF(?|K zD{sFBi`&i##KyL~XUUdY>IiID^^y)BVDz2do9L_wl05E(qDe7r`X10#H_QGmwGw;Z zEl{bvv$!c|YE;%=K)?-?k=Gbf6X-x%mc3B&)J5ePbIpF`qh#&s&(bNyrnb8o=I+iG zNDpg~WAzD+Q)R#v2P*+vf3btXJ@SwKarCZI-K>UqRkd|!#u*+zA3W&6OK)Umj6Yl! zL-@B%!xCRqln(IGrzK?a}iUb~P-t<|QiADu3`|CM0jL#$Z+6Bd8B=US5l%;mKOd+Y7nC z0A!B$QVq3Aj9OPCW7xI?oiZvS#3;3uK64#)Wc49h+G64z@Lw~(S|*cp8HoLs{Hak5y86~ z0jT|#cl@xLG(aELNUY=})O_0OCQH@GX#CL?)SQe51}kLj5O($k$N>T4kp2C!Vxgfu z3J>KVt9lP&(h9Sd&kFky27m3V(tB5krKzToJ!4kR5XkUPgO8&k`S0%Y!=Bz{MMmBN z(G94<#&%pxOpR}#rNLc}4?S z&zQp*)W8XaF-N?uTqnW~XfHYjwKeVzS~JqI33@1-8*G8kA8vf%5GYzRRquilZ_+YpY(1Q;2W2xMn+)6Zu}Ft2WU!MdCDb7; z849(L(wU0%Syd?>E43;ihF$hGpcXP=nlmz@S@wexW1z24w9XF)%j-lAF|WxJudjl% zZ5vK%5RvS>ad<>>04Aa~3MfBvrvGFQ+T0`lhooS3kgXc~8!mVwL^f-Gl}%J#-f^qv zvPIr>X9S691`ZHD1z86sRU*_$G&DTb%&dm(-Suur;hmv#9$w)ahMD4Z35!-E9+YXP zVd`T8P6D-^SfJ#5$vc5&njok7sOR@r+EA1y zaQ8coo1a#Af)tn^Z?c?xjaatiwb_cNuZOZw`^w@QRME?DH2#w6`V6qyZ#8Ey89mn7yR>oi))z! zk}Kp*WCI_QCpHdx`=ev(R-stqdM?5YDzgi!Rpmt)xwC!x!8#CVMlRihhxt1_Jf2L1!d3+^Yth*Y39ETJ)(H;9V!;!y;=R8~ta)MVa^ zCo3x4Vt5*6gwu~R((G@%VLfA2Y;O=>9k9#=C|NcOe=HdXqwz)9jh+ieLWx@>xn~EI4A_nh_t~9nU3XEPD(I-ujJ)TaO9E zwiWu<)Bg_o zP>tx;&KUxQY^5+!lfGEvtV@g=XR!$|UT94BVk%m82#&Y5i+#f8HxZRcJ1M4+(2$To zlbhY>3>TwRLLI30E1ab!ZkSvhW78)EZdBRb9Pwzs-Tc4_;ox%BTT+ldpM|9C*Lo;z z6_d!psR#hX%c144mfoqrP?kr;_qmDjq8{cUo|n3YC_U3;9I1qku|_Jyg<0buwst>D z{=gfK-r)BU4Y>0iAA%UPHtaJO7OD=oVq_^PEn9*=;A3KB(l5fy>-^F` z4ucIlf;$|vrcB#A2OqeS4Zz~HC9CR6Th){t4@80&Amg_FmMM!AR{ri%rhbi8Oq|Fy zKF>=AZ>`Owm;9=xa8j4Lb>lDCs%$Nai!`@R$DYegqro9DxuDjgn|q+<`N$|?@iY7) zzH4`8e?V~>nc^wY@w=rH2mqK?AU8eYpUp(56TRC22UIlFMjORswxNHn1-2XRzV62o5MKz!2XpC3l z+Kguk^>(ouE%}{xQ-%G%kL8P2-~HjVNE>q;9uvfH4n4wR4Wu%#6npR~o4mJ9ke$Qn z0#am5_5_VACJjLwpKDGTjzHws((BM$zxpKaB%ti2*%gFn^@X{IC|s-fEBK));$4@*QzFF($63D!cg5T#cm{Qt}&0=;7D>0LnNtHphB z9b9do zBgK!~b~tEe*g2R3%AwWE$G30KTg15~E$AiOn&CROhZ5dY7wN|iC1il{U3EdfG%K$E z;cVxT7@FQLSG{+8K;G#x#=U|6+1^>5x04&VS;UVkXCDF%-r+PF0N=7$wTC!zJFrt6 zEaz{)`o}-Ym$tn(N<`SOPAHP*No$?PZBxJYI$T~P?sH=$)DjV62;RFzIVn;+F^&z~2_z$;iE4+YLjv#8VqDCL_LV3%(5Ln>35Zru39dL3O|$0Ouo!WRxA!)KAsg z%tlg+l^iLdVbfW@Yc8`##No#ADa9kD<~Igy$m!?XGmwNflH&Pw+0Ao#6339%3tKg z_C*unkoS#z{{qad)e=R`*f|v}tCfYr;Ks-4LBIxWyiC?}IzKtt1>qv()hzQsBzAEI zH6)c%)_zO)>Q3}stL|6V27$ZNu~q0o@OSwl?ud-Ri&A|1H)m(KwpZ(jl3n$PPcgAE zOMCjxHc>Et{LB(4=YY2D{(9od`0L{28r+z=~{qY%fS3emq(ZS5^7g`KJ z8s!65lXUp;z81UL$TMabbP4~)hW0LnPOaNq*kkEclt(LpBdx!ov8|#h-t5X z?;aUM75PHV$6Qxf1lF8sl51={fMo}jIFNT}%Yt&XNgi9lT4(;Uy67E3qFjnk+n1|_ zKWKLVMR`4Opq^HK-K7wM#y%Je$NLBGqa45i7_3{-M9nPZJ8~_tYkR1jWT0O?oS5kc zLTWW?t`x->-BR1~;B4&I`~lNV%c-pqWg^^aJYhMVbzp3^20j(*TT02V+r+`ma?^|V z%K3BK0OI45P!r5>(xC`Oh0RPl%gM2PW+v9~CREMHxY@m(-pO%h_QW$wCQ`^3S zo05bGkb#hbf30K$;_lWWwY`sNZqeZ%Yd0psug4N@UK&e>`Y2K{>Mb)<5$|_bty`yj zGP%ZWW=#hWo4i8Hv>(0lQ~{NXyq(oyN)x>Yh33ru{OT72VEdT3Z?3qJ6|ee}(7%ju z9DgbA_Q6u@vkwHrOCSjnlkPgl0;7}!9v}Zb!|}fN`3yrOs|Dpi2 z_E>iP!^5%Mf%2tQbhOr9eE8H&ors=)#EkyDMOL0wZHfc1gTH zW7Yg2IIGF6IdO_&)`4#4)? zh$}FCCq#-~riiISQ^c$31yE=dpF##}WZ3ayluK*+?5&X=C`gN=#E5kmRW`>w7wg>p zUV*lqkJXo`jD<_8Z(JNEw41Tak>Ejf{XtVQ=S-w4wZ|OAhu)tOxsv^^`kieKswD&2 zK;k030)ZUueW&RSTLR3)^9ySD!E|+aP)e^4f^&792Z{rkAMOVpYpz$s;9_eN+L8`% z8Pi;Ww2=HYAH|uKv*eYUpzXCs(*_%CM7K4UJiqSp&!^!t$pG->)Fvl6zQ=6y%wkp^ z0RO0UQd>tl9Ja`Sh~Kbc0X00q5mfR0z*qqid+J~VGeSj6O#=9}mL;qhHMzv360XN#B(Z4A@NZA1oxy1q5%|}g zDyvhL@|~M9#$eL#yA<7uQWzWF&X_#U$q{R~_so#wMrGJeBJ}g(c>ga^aR?d;rfC*k zT2ml=z!O`Y50(bSp_Fqql@hT9%xG8TN%CJw&2ZgRbIdR)UW2KzVjn$23v4MgU;eTH zdwKa65{nxAGgXTBgDm5Q)Kt6yv&7@WcC^fUt7V|2A?A4vA=}57k033fc{E4w-9kb zZ}ZcdfVQWXlj=$=QLvH1w9RK1^WkL;=t5u?gB{E? zoP{^i%N3b@mD7L!{}z}OK0Srq^B?XDuVqut86pw$wN6ZZuLNrDg6j;>A~#=b+1b2 literal 10324 zcmV-aD67{BB>?tKRTCgDbGJflV$Qez+V!oPypAf zZWFopz1t>*@X4H=Pz%g=dYe7Nh(NS%ka4b-M3MqxRs?~uUxHHM+mlxr9@RpVNJ+C@ zs@VLw?{jfLyUczELGQ@ol#KT2zeJq%hNzFE4hx%~j6p#(oTd+?x>|kS+y4T5#?)Fq z4XYCx;K42R&-9+XHv7pI8|f;aHI8b*$%01(-~P!YJyr*Nx06cf zzOH+=ltw$3N7DO<-iNJ~gz<0un*Bf%gn-U)kFJz)lrL;@fXF zAKR@p>QrJElsMOTnqmf!U+p|>=qZ}vcQ46J*mKD2bj$=Brt}1WLsYmb{2wNMw!^jH zz*J`y3wu4>j07eT2HWx!V})c~zRG0kPL$4pPh!y7SI@Ze>PDjGdoU}gFc6HuxP-h| z88lMmA->p^uFT}6e14WjvJEU@P#@+C?`)&k1e^jCJmBMIeuYcx!@PxvLcD0>L>Cvm zBcl7>x?5PsLrx{xCZ7ap>gOs12uW_#paJSfy?~je=K&;~3Wsx0Av~cm{hWHhiWR)- zw;@{wi^`iDt4o|vtS~DNZuf+?;_)$Kss%1_j9b_lhnhRw@}G`Lp{zVZ@P7JN9Gr zv-=+TYF64WbEP7tH3%7)p0*?OalZlje2FomJ4={Smo2TMZ{xw&hm(6sXP7xvpJn58 z^60B)7$DsCRqN$qGkB?Y8#cmfiBo_7i$e&4{75L0W{y#C)h9Gv(u2i^{q878Q`@$%JzI zw$WH>p$GEeTs3LrjEUV?(pv)nyj{+Qh6!}EZD=NIRa+N%H#JuOUb(Jx!6ZGQ1jlDD zu(zp)^g1hhN33X*%|uRK$;gkjJ%}G&`jp4tlV{d^G=f@Fqe*l*xf7YNZ;)mCr!=Xm zbU$G}KRr`x-!-C;hD=lkh&qjFG(C^#pn*g5$+k!h3P#YW^YEO6gt*6#MeH$^B!JUS zJR4)V<7!-?+4Mk!JF<_l4A@ z5RpV4XOHb%Bn5hE0*)S(mH-pD!Z~!DB_3eDI)e|7YBNtXru2j;3R@>STjcl->XX~H zaKNIT_w(b4!~*Q0FupE^7a4Lrlm)^viV*5@Rw9Hp{sYg&ZIAW_;-OdWi4(FL#5QeZ zSgW*|k~9Km#QKoIK;g$JrfKV=Twb(ceji}N!E5who@`wERUy}_vYih-dS{=KCSAr( zUzL>OuF1Q>zk$7SntQMrEJd%Q%8@*bZ4M*WU`CMpl6zcImZsr0@&1J!kS^OoDwS6>a$|6uD?1V z4)Kc+czY?04z0*}$FV=RORVG<7sk3T8xKHdVWmiAvhf1I}(I{y!<)4lOH6-GaAiK4w87x z6`**c*8X|yLKL$GCBs`@;ZLO0V7b(oQGp~UV^&Js1obL|Ee}oq4~)ySL>}t!ohcLH zXWyoAny=!`rJHFs}^79NNnTi@AYRuYejr5Pn+ z;w=Rffv1)1f})P-9b#nb8oN0MUi($v0;kvCP%W6ejsWacWJKa#oZqm{{wxI`DKqNG z##M}g!$;viAdo0`elTUmUlX7wL=B}$k?$&(?HB-fsR!d#m4J{aMg)MfS#nZQKcg-0 zsgB%+jFU2b{~;eQfZE-lzmsOZnIOm+Ifi~@Kz@Cj8TWO1Mj?!mb8;!a-tOm732D_{ zsk%eK;$^+2l3BIC>62v{KOakECGAZ1ixN=sxE_v~Yz_ku!_6_l@5$j`R01D~LGpfj zQVj(>L9rNruGmvbM5

KPAibC9p*!53H}9QtZ?ChlvU)8TL#kO$CnEgz5%r}wmd^p2WCLQU=iOYV~lW)B+om&%6$N-EwP)XkWl5bA=;8l z_lM@&jmz;Vq z2HTNn2@Q1)D-B38PwJn1(T`GDgm2GE9<6u2r2H)2cdeDL2z^3=HmfN3s}_h~#b^7Q zHpUFgT7X=s7o;h=Otq?M%gqS;;l7Bzr$QJm^gyl1o`p!LiS~FyWPDa+nRAQikt{R` zrB3D&wJ*8Wn%g!$DzRh;&QH6ivHfbc9py=u1&TWdv=X+%3_Br%@Zh)}&bkvW)gh@!IBeyys`9Vr3bcGqf$*9dYD?~~v1U0YR_dJyMMnq;H5R`;+wsXjPv_J<#HPFxYZmY4*c(jWmI=Al)4DNPOd5Yr=%e4-EZzhk%Boff z4bdg{>`;YO#f|5%T#}1aurY>(-#bF~T`@4K!7i6rOsEt%w!fWr{9UTGw2A%} z{7}5W*>3{;KZl`W+>nTH6#0Uj7(O~2hPE}G2g2*tKx+2cwkmSQqjO?Io8#yKA@}5c zwj|G1<@9SyIFFOa;p$kD_ddyMAGa?(bfzA;aZ!nyOQ2uE*a62a?mf9ph%aQXRQBI9 zzBjwjYc`+t3z>cYw(NgkhqotrTQ-w3Z$_c03$9Y{(fNYteyx^XJQksf>oZTmorwr);W}8AaHh*Yz zD2~9O%w*!sm#TdfX!oOEM+*B1^zkuiz*_uZaB`>(= zUNFsPx6<>c2un@o@HW`THN!O=DS*M6CeK&-VRm%dw;i@#c!B*<)Y6~O;u5KtImOVK z3|+DypZ|3)cuKB?7Ockc^^)McXg8VmJNfl!Ez_jTZRCIoNt$JDhv1t6a$N z&DQzcx@PM$q6&i#yDG>xw*(eDR*>d;*)I9gQa4Y2vR15+;U&)ECJbPZt_ExbYBuY%1W4xnjo0C$@paXjdMHE#fuZ+v-&g4dV>g`8`o<c>W~nOJ7Jo}Q zx28Zf0k{a}Twy%E3?B`!_*qZ8bK9|T`yW--zB8zWo{LWN-viU|YB2WK&-Y3CTINy* z-%BPo&oppd$WR^kS>9=sqm3Fu&hUvyVR6PvFf@~~f}+=OR*v#UT0)>lcd>KI&FnRp zB^*j)G=alj*%t?|gB7K31Z1m&(x8xwMR)k3@+)fK3J0iYe;?4U?JPd;)HwdiY8f{X zi*&B&j8_|#_>#-=gi&6IE25`e;EWWCJ84-^WOct-erSzFhANHykNh{zR{EC#+8qq9 zL~yaz{rA_(+PO{yn?eaWD4w0fMS=G-X?8xCCEz9oNf5*Z;_4S3mheF;`;h6oz zr8an>T1-T#SkUTr2vYWRl&_nzeJKOYDIsjbAZ#i?5cHpfwLPlR)y^IQ237XX*GKkK zXwL>F;0OuEaY!jb0K4^A*#1^Q4xzDZA^x0)EpF!IWrTSv(_xp3B5sX6S5G%*lJgRq zbBLc{DQJLtV+T$FzYY`T!m3|q zhx!BKG!O^Y^>K)Gu@PUPNBZFPxQL2!Av-28Gl`DG9W2jY!&TbiKAuB&Ax+pON2>M{ zQx{7Em0oup;M~jzbGiWw--OFF<3RvwH1Afhpw482&*%;j@5%=<)l5PJepBy$Q_id~ zR@Y}9m^V=vMQ5$)#B6T4OZ>bF0&Ffo(%-W0(oXVrWjjG<0o+Ali#GJb$>F(~@Mc5U z)<*w%`ghT+%lc>yzyq3#OD5G%wPTtZ@7_?FKr2ZBjxm`gXv|#~4PHSE5ucLzcMNAt zVRn0sQZc#d&Ls9iElD%qv>}n-|KkNjdceIxVRZ|9$3e1jQn9f{uLx0?DPf$ScV%rE zHaYxl~VNf6sS*s;Ote=rv~VW z&1C}lP2%C0l1o~%iAnBGBw2wB4+8n(x}^XAHLoy{GDl~7(nX2YP_Imw$3US&ZZS3> z_)RIbk>lKK7V&-th`j^PN~)&Wc(-;j+!MVqwQE&D1_|SXQhP`nBDon}J+bQJUuy-) zwU)-k7)LWTeJ9}Y`4{0*LB4_9{&R{Tbj>JwgHw_xc>4RxW#M|rh6y2u(Pnj}9NO%h zEsRdc1Y_(`%KHEXzp$!VDl*$kQciO2WBy?N@(98GY_L!}K|#$b!?*olRt{@hbh1n2 z{Hu=ID;JAaT~koIVyfPO0ABRXsC^K7IsJ}$^xZ`+OF3mqwc|8>CboQFSWy|U>VdY4 z4P8d2xnIIF-i|}$bGvMq&a36bn%N;F!D2X$M!jSg1b|)ix~p&r|XTMJnbh zz!~deD(db#E8p82JHS70@?zaE6D<)8<(V*ScD#9HLD(`j*<*aPcf1WC6$(HdT)#x{ zH{C16Z@F3>w#=I3T^&J)s-bPCpt~YRjc%i@xm$S^eWf!1YUSIQOKKRa(CjJMdWkqx zgPCc)@dmyqr4aTn6|~NBg?<0+?a*AA8h1)cE}ibm@cVUe2)^+Z_}4SvAzp+ASa$WA zBwe`c{!y5O*0O5c4x2JA-~=uIXV&ce`uaf|sd2!F-4sC>FT-67@LI|*02L?S7P~tZa=6AY=TsNS#&dGgLiN#RiKn!l0Tz<@fPB8pX07$t?{+H! z36qthHtf5TETj&pRq%C9v4ax7>EkN}M%m!w%S|sKJcmp2+4}lBiOtpyMOT9OmEE0qv;VkZ4WJ6RT=&lZw<+ws2w;E#P0!E^`>1)HyK zX1+=TDk-S^CMYY*K>F?;DNJk_z|IhzEMRG7xr&%Y+dtPv3JT0rjAt%a9WU{AYiU@W z_|A%WWB)#P(8|XYsl}~+F3#-7#yD4WmiB_n;!{`dJ7^ZbHy)&C^ zNvZ`p2W7CKwTq@rl|tt~RQaBh8}X)^^DpNB&<#*YpHq=AzRNhk2Dqj)AFzlK8+Vsd zhp~i7A@_mlN_)Nuj3|uQhM@(~zh=M0z~HbJP_4~WoEeIWX{+oCE z3F254pl=T(z`Eu=kD}caYGWXEmVz&UP-BFy7xnh0P8Var0<4p--4!4 z7ivv%^j*u}aVoyh5?H3`~#8rt$*(@&!^99P65w{=L70%Eavv~nJP z>PZ7h19tYlQc;NI9E20M#A>5K2-+?c%WCT!zj^u(5$5j=N9q3=e#cTh5!q8ga<2p^DP?LxOAa7#znV|tXwQ*$W3WN!S(}T52+Pz{bS+s ziLRpN{awf{lAN>TMXDj5FVU}}W;GXsfkg5YdUYe1QFe8*I1#!PZ1Ui|dn~0nuuR~v z$@|}K=0e8acId(MFs}7A4J|`RLF!u|x%e|B^)I{Wsv7P~o@WqkGB=MRjqt$Y? zFy_en5Kg1gKe{yqpQZ#x^}NuyIy&*t#{5HGcZ=h2ocW*6!E0sP@k-%!VPlYts76Knq;H`I!% zZlB*>u_K$smz!<|Qy06;6v2@Yb@!c8!UK8?!~QehY&X@$<&c;B)s)WqeCI_EDR@md zSRdAa;?3>pD?s`{SoZCCrO^7^c4rVj%5{SJl(O0|Ul#=@R?7-}PR@6R7sjYi_sT56 z)GpzzA#=AyMrat{bjYVo>*LFOEhU@75sqsU7$t_11vA!DvZdP?IDhC6!EKd+HOPkM zsHr0!-^)Ewhu8=QvP`6EM=S#_q#D^`*OjI9Y7DGsYz+(Dt5IR?ut4-^jYJ_9Oi({n z&U->@sK3pG)F28NHmv~Erx-oN01r4{b5kd!nTTGQqo+C-ojlRNRl1ijT7hetDeN07 z^*DK~pIiJe;!?N3D`vy~$npu-zTClK{ikN|^lyZeUWi>;iq^)#u}H5|PU2RYIvu@Y zWf`?_qOEG_fCd##Hf~>8{mT#gd*^tjUy~RmWbTZnskj@@2Z*(~bT9l)dlk0VLJ4ZF zw_uRrm6$X#2dB*ONu1nZX5>_4JiTjlloFh^@Y2b`od4YpvmERfRx8S^uc&g)sqVJSKQL}FQy?X> z1TnK1soVb?VE7;dA7om8C!9>H*a>(Qbj9LWeQzG%u-m1*GI5fzYWd^dI~Af?D1uyC zY~1eFx7vrSXD+Ec#R|DkxNB1q{(tD zmRcYis$3*LONOuq)?U1XwLr^0Xo$Cz@s=EnSt zAL9!u#y`OFD#6L)+AGLYz>^<^?Z;2X8no_9&JEfzE^V5j@gh8FgVP$Lvl~Rc_qM)( zaA6U#Rpj|?f?9-QwyjrGH4IlDMlQUe_X1_+`IhFkdcD5{7?WmJKRm%m z7;jK*r6|&Uxe(c3_Tn3YH@dZ_<3N}@1d{7@N3Wg=f`=gB-5xR@yk~fh55)_?<+OE8 z67SKRvw`q1!DQsE#I{tl1W8ix%d9IjT)eUUbL|~tW~y}z(}O-z_2FYHoACwtz&@Ae z06nowr(5&F?9GzG~8@0+UPSWv5SaCT>_)U08&XoxJ-^+6(?L?z^C=w=CK95Fj zG@CdC6q|{L90vz5O(!)+#A8E7*XSwSv;pxx0Qws?2M}YAk^Fx^KD`EIEwu}YlbDb)x2vNxq&l)v zWp==KqV2#r6G5RNuSRfo0RY}HK5{nuA6D2ci8IM!@9Q);icQFpo$O=Q#j-4-MkS1roDjoj_QqlRTkR=^hidjc@zS zTX-_G6mMHko8qph6IuujH4ad3p_wds$ZQdiD+%DQ=FiXhlti%y#2Jp6@vXO#xcDIFJr64uY-kHKQ0x&^Wr^t?6o>6 z5hO+Y*{E$yJwF@rr8zF6ZwO*eRhHNsx)T9>vq7_pYxJPOsn*ml2o`LX?U^b@bT9ko zkMs38v0Eu>%WnzINkmFq3LwJn6hAmhBB9$?>qaf1+3_;DY{H@>ujipl39a4lH_OA~ z#@6#HueF^oxT^iM-3x6k0eIdQR%bnA>H+Dr^EEM-u!0_=G@8x($~wE8GuQjP(?F?F zKt(^(qWB+aBO8A;KM5`Sh`tAgEY7P7^+nX5fs8KHSk)` zr}Rb9EDbgXS3z_gTT!m`${JeV7fQ*T>jKU;nbWzz+2AL#>332OGmO#8+DATGxUZMW z1?>n*5qPM3IV`-LD)+T`qYc2eOpFnFZ%n(YBQI)j6u6^Y$)5-pYVInV}ulzbd80p9%kuQd;ThR?CbTykNDAi5aInT)CPUO;jo=$@QOM1&n-@O z+p2_JJG8}@d2xE9fMz-Y3(G}6UFRhX!YUnH!gf*VtTg;gyH#tV zg@e+Nf%$G=f2!>N6zRX)0@dw+2$D;KV_pe$T)b?0y>227c}B1(>j?(JlGV6>5^b%Y zT)hDH*r5^GoqxHQWYiLJjx9#xZ(%HyL4I({Oy&DfnM>6Ub2TaRbbaURZaB{3 zrP$rLzhHmr@9a(MaJ-eNE3Z@9znu^(ad#TWH-Z!l4C38fxB6VG=*6*Ii*3ZDF=t)Hu&5knpKsn*6U`LiABGVh>7EV8Vb6vPx?rIhP} zcrU=`gbKAZld+`1Hjr~WmnE3upWS(YZtEe@qp`bZOzp9~EA{`!LjD!?stAS!tf~UM zoWtu85kF#z3sr%wk-$jGZgorM$h;!`vQ!yFFy_&AyZp2J^zlL=*@pSZ-37i6XU!wT zc-&u@5~+`=H-;D1@PMSexfDFMN@cZ%VhhhfHZH%4+)|C8dfzB@qVMZBGK8>NCFa%o zt$vqdvSV_6xC8|S0vli~14uRU4QNR+lr>a6y^@t8+*5jLK~ciROmfDs-EDl&ggnbR z{48U|33q1S%3XKu_p(iz$yg}t_|MYUhK>d95;@7zN)rNe6WE{hh3Z~kROng^*4gFs zAPW~^P#8)0wC)vAO{jX|?{z9E$}r1Q93Hs!6n~e%IuU)tkcEH0ACK$T%NoGpooc$H z*2p0>#gi-r#d6iTrMj5!PdlFVGs1Sl0oy|=5-ytd6q6If^C%aKABsj!GHjMhd_$j+ z*ZBETl;VCJiqB#2BEg`shKM`=jbaUcVr!r9^$VZ~pA9R!seefkq_y#aHrkfn4#`A^ zdKDuYOv%f}x9&wRI;|%sLD3p1dCh5o81)V_T;_T`{kB_N!ORn(w4ml)7@KVeV%3bO z=Gw#lwl~$EqKctRzmDfSrcG>plf3T^NUyr?w7BQwALf-3#K{yt20RR&zuo~F4#{pz zD}A=im?J^Se%4{3Q_13lWxwcCVINg;H$AKs#eXbH)CyA%69P!Qw^;GNNfbYbi3Z)J!0O(rcS5Zy$q~3bGoa zy|DR^u>-kgV$>@!hZrnJ|BS1OD+Tlg9w%pVp&>uL!7*3sfTDrjSgs=-rJIxU@|B0xwK-pNpV)>;sa4F*eiMbsVjs!5n`{N_e~TliE7(f#BU@;Zw}=Z%{cT4Z<84#- zNh>4c)sL*>ySrP85m4|Ci!Q;{1N4lK8IO4}`BpzMCSLmH+bc*OYBt80lVx9u@R*YK z<EYmW@ekrN7mpji)RXbC%=}lB3b8G1!sdcy=*CuW zcuxa%&$D)>XQ}Sls3zrhzy_PYRC^_z`v5wS9sAGgb`A{T?=DBiQ^(IP7H{}`azu&SfE8OgbdU9Z-h`3 z(x_K@4`9Ng$<$C1)^56S!@ktx9jZkPw$e$&ELKo!FTgCgG5k-6K7x?SW?pK{no5C| zX**JnRd@GZlI*Cu`YjEzfXRPC`~Klw$oJlM5X9ZRe2et}H?V*mJH^CVz=Meq^1j!_ m*q*t@7_`vj_gOw-2^zB&K&hgIuYhb8=% Date: Tue, 4 Apr 2023 23:39:03 +0000 Subject: [PATCH 3/4] Fix CI error. --- tests/transport/test_urllib3.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/transport/test_urllib3.py b/tests/transport/test_urllib3.py index eb82b7744..5bdfac95e 100644 --- a/tests/transport/test_urllib3.py +++ b/tests/transport/test_urllib3.py @@ -82,6 +82,9 @@ def urlopen(self, method, url, body=None, headers=None, **kwargs): self.requests.append((method, url, body, headers, kwargs)) return self.responses.pop(0) + def clear(self): + pass + class ResponseStub(object): def __init__(self, status=http_client.OK, data=None): From 236f7fbd9a43f2b908a0bc595347b687da0a03e1 Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Wed, 5 Apr 2023 16:28:51 +0000 Subject: [PATCH 4/4] Fix coverage test. --- google/auth/jwt.py | 4 ++-- tests/test_jwt.py | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/google/auth/jwt.py b/google/auth/jwt.py index ef2d6fd9c..026aec554 100644 --- a/google/auth/jwt.py +++ b/google/auth/jwt.py @@ -591,8 +591,8 @@ def signer(self): return self._signer @property # type: ignore - def additonal_claims(self): - """Additional claims the JWT object was created with.""" + def additional_claims(self): + """ Additional claims the JWT object was created with.""" return self._additional_claims diff --git a/tests/test_jwt.py b/tests/test_jwt.py index d45d5daa9..28660ea33 100644 --- a/tests/test_jwt.py +++ b/tests/test_jwt.py @@ -464,6 +464,7 @@ def test_with_quota_project(self): assert new_credentials._subject == self.credentials._subject assert new_credentials._audience == self.credentials._audience assert new_credentials._additional_claims == self.credentials._additional_claims + assert new_credentials.additional_claims == self.credentials._additional_claims assert new_credentials._quota_project_id == quota_project_id def test_sign_bytes(self):