Skip to content

fix: Improve ADC related errors and warnings #1237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
arithmetic1728 merged 3 commits into from
Feb 28, 2023
Merged

fix: Improve ADC related errors and warnings #1237

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aa115f3
fix: Improve ADC related errors and warnings
wangyutongg Feb 24, 2023
703c850
Run lint and blacken
wangyutongg Feb 27, 2023
b65099d
Refresh system test credentials
wangyutongg Feb 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 8 additions & 13 deletions google/auth/_default.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,23 +48,18 @@
)

# Help message when no credentials can be found.
_HELP_MESSAGE = """\
Could not automatically determine credentials. Please set {env} or \
explicitly create credentials and re-run the application. For more \
information, please see \
https://cloud.google.com/docs/authentication/getting-started
""".format(
env=environment_vars.CREDENTIALS
).strip()
_CLOUD_SDK_MISSING_CREDENTIALS = """\
Your default credentials were not found. To set up Application Default Credentials, \
see https://cloud.google.com/docs/authentication/external/set-up-adc for more information.\
"""

# Warning when using Cloud SDK user credentials
_CLOUD_SDK_CREDENTIALS_WARNING = """\
Your application has authenticated using end user credentials from Google \
Cloud SDK without a quota project. You might receive a "quota exceeded" \
or "API not enabled" error. We recommend you rerun \
`gcloud auth application-default login` and make sure a quota project is \
added. Or you can use service accounts instead. For more information \
about service accounts, see https://cloud.google.com/docs/authentication/"""
or "API not enabled" error. See the following page for troubleshooting: \
https://cloud.google.com/docs/authentication/adc-troubleshooting/user-creds. \
"""

# The subject token type used for AWS external_account credentials.
_AWS_SUBJECT_TOKEN_TYPE = "urn:ietf:params:aws:token-type:aws4_request"
Expand Down Expand Up @@ -650,4 +645,4 @@ def default(scopes=None, request=None, quota_project_id=None, default_scopes=Non
)
return credentials, effective_project_id

raise exceptions.DefaultCredentialsError(_HELP_MESSAGE)
raise exceptions.DefaultCredentialsError(_CLOUD_SDK_MISSING_CREDENTIALS)
2 changes: 1 addition & 1 deletion google/auth/_default_async.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -281,4 +281,4 @@ def default_async(scopes=None, request=None, quota_project_id=None):
)
return credentials, effective_project_id

raise exceptions.DefaultCredentialsError(_default._HELP_MESSAGE)
raise exceptions.DefaultCredentialsError(_default._CLOUD_SDK_MISSING_CREDENTIALS)
Binary file modified system_tests/secrets.tar.enc
View file
Open in desktop
Binary file not shown.
6 changes: 4 additions & 2 deletions tests/test__default.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -916,9 +916,11 @@ def test_default_without_project_id(
autospec=True,
)
def test_default_fail(unused_gce, unused_gae, unused_sdk, unused_explicit):
with pytest.raises(exceptions.DefaultCredentialsError):
with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
assert _default.default()

assert excinfo.match(_default._CLOUD_SDK_MISSING_CREDENTIALS)


@mock.patch(
"google.auth._default._get_explicit_environ_credentials",
Expand Down Expand Up @@ -1128,7 +1130,7 @@ def test_default_environ_external_credentials_bad_format(monkeypatch, tmpdir):
def test_default_warning_without_quota_project_id_for_user_creds(get_adc_path):
get_adc_path.return_value = AUTHORIZED_USER_CLOUD_SDK_FILE

with pytest.warns(UserWarning, match="Cloud SDK"):
with pytest.warns(UserWarning, match=_default._CLOUD_SDK_CREDENTIALS_WARNING):
credentials, project_id = _default.default(quota_project_id=None)


Expand Down