Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
This repository was archived by the owner on Mar 6, 2026. It is now read-only.

Commit 02e7163

Browse filesBrowse files
andyrzhaoandyrzhao
authored
fix(auth): Fix test coverage for mtls_helper (#1886)
Uses the conventional mock.patch decorators instead of monkeypatch to satisfy the coverage analyzer. This brings coverage from 99% to 100%
1 parent 08fabf7 commit 02e7163
Copy full SHA for 02e7163

1 file changed

+70-74Lines changed: 70 additions & 74 deletions

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎tests/transport/test__mtls_helper.py‎

Copy file name to clipboardExpand all lines: tests/transport/test__mtls_helper.py
+70-74Lines changed: 70 additions & 74 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
# See the License for the specific language governing permissions and
1313
# limitations under the License.
1414

15-
import json
1615
import os
1716
import re
1817

@@ -739,81 +738,78 @@ def test_crypto_error(self):
739738
ENCRYPTED_EC_PRIVATE_KEY, b"wrong_password"
740739
)
741740

742-
def test_check_use_client_cert(self, monkeypatch):
743-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "true")
744-
use_client_cert = _mtls_helper.check_use_client_cert()
745-
assert use_client_cert is True
746741

747-
def test_check_use_client_cert_for_workload_with_config_file(self, monkeypatch):
748-
config_data = {
749-
"version": 1,
750-
"cert_configs": {
751-
"workload": {
752-
"cert_path": "path/to/cert/file",
753-
"key_path": "path/to/key/file",
754-
}
755-
},
756-
}
757-
config_filename = "mock_certificate_config.json"
758-
config_file_content = json.dumps(config_data)
759-
monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
760-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
761-
# Use mock_open to simulate the file in memory
762-
mock_file_handle = mock.mock_open(read_data=config_file_content)
763-
with mock.patch("builtins.open", mock_file_handle):
764-
use_client_cert = _mtls_helper.check_use_client_cert()
765-
assert use_client_cert is True
766-
767-
def test_check_use_client_cert_false(self, monkeypatch):
768-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
769-
use_client_cert = _mtls_helper.check_use_client_cert()
770-
assert use_client_cert is False
771-
772-
def test_check_use_client_cert_unsupported_value(self, monkeypatch):
773-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "dummy")
774-
use_client_cert = _mtls_helper.check_use_client_cert()
775-
assert use_client_cert is False
776-
777-
def test_check_use_client_cert_for_workload_with_config_file_not_found(
778-
self, monkeypatch
779-
):
780-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
781-
use_client_cert = _mtls_helper.check_use_client_cert()
782-
assert use_client_cert is False
742+
class TestCheckUseClientCert(object):
743+
@mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"})
744+
def test_env_var_explicit_true(self):
745+
assert _mtls_helper.check_use_client_cert() is True
783746

784-
def test_check_use_client_cert_for_workload_with_config_file_not_json(
785-
self, monkeypatch
786-
):
787-
config_filename = "mock_certificate_config.json"
788-
config_file_content = "not_valid_json"
789-
monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
790-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
791-
# Use mock_open to simulate the file in memory
792-
mock_file_handle = mock.mock_open(read_data=config_file_content)
793-
with mock.patch("builtins.open", mock_file_handle):
794-
use_client_cert = _mtls_helper.check_use_client_cert()
795-
assert use_client_cert is False
796-
797-
def test_check_use_client_cert_for_workload_with_config_file_no_workload(
798-
self, monkeypatch
799-
):
800-
config_data = {"version": 1, "cert_configs": {"dummy_key": {}}}
801-
config_filename = "mock_certificate_config.json"
802-
config_file_content = json.dumps(config_data)
803-
monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
804-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
805-
# Use mock_open to simulate the file in memory
806-
mock_file_handle = mock.mock_open(read_data=config_file_content)
807-
with mock.patch("builtins.open", mock_file_handle):
808-
use_client_cert = _mtls_helper.check_use_client_cert()
809-
assert use_client_cert is False
810-
811-
def test_check_use_client_cert_when_file_does_not_exist(self, monkeypatch):
812-
config_filename = "mock_certificate_config.json"
813-
monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
814-
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
815-
use_client_cert = _mtls_helper.check_use_client_cert()
816-
assert use_client_cert is False
747+
@mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "True"})
748+
def test_env_var_explicit_true_capitalized(self):
749+
assert _mtls_helper.check_use_client_cert() is True
750+
751+
@mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"})
752+
def test_env_var_explicit_false(self):
753+
assert _mtls_helper.check_use_client_cert() is False
754+
755+
@mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "garbage"})
756+
def test_env_var_explicit_garbage(self):
757+
assert _mtls_helper.check_use_client_cert() is False
758+
759+
@mock.patch("builtins.open", autospec=True)
760+
@mock.patch.dict(
761+
os.environ,
762+
{
763+
"GOOGLE_API_USE_CLIENT_CERTIFICATE": "",
764+
"GOOGLE_API_CERTIFICATE_CONFIG": "/path/to/config",
765+
},
766+
)
767+
def test_config_file_success(self, mock_file):
768+
# We manually apply mock_open here so we can keep autospec=True on the decorator
769+
mock_file.side_effect = mock.mock_open(
770+
read_data='{"cert_configs": {"workload": "exists"}}'
771+
)
772+
assert _mtls_helper.check_use_client_cert() is True
773+
774+
@mock.patch("builtins.open", autospec=True)
775+
@mock.patch.dict(
776+
os.environ,
777+
{
778+
"GOOGLE_API_USE_CLIENT_CERTIFICATE": "",
779+
"GOOGLE_API_CERTIFICATE_CONFIG": "/path/to/config",
780+
},
781+
)
782+
def test_config_file_missing_keys(self, mock_file):
783+
mock_file.side_effect = mock.mock_open(read_data='{"cert_configs": {}}')
784+
assert _mtls_helper.check_use_client_cert() is False
785+
786+
@mock.patch("builtins.open", autospec=True)
787+
@mock.patch.dict(
788+
os.environ,
789+
{
790+
"GOOGLE_API_USE_CLIENT_CERTIFICATE": "",
791+
"GOOGLE_API_CERTIFICATE_CONFIG": "/path/to/config",
792+
},
793+
)
794+
def test_config_file_bad_json(self, mock_file):
795+
mock_file.side_effect = mock.mock_open(read_data="{bad_json")
796+
assert _mtls_helper.check_use_client_cert() is False
797+
798+
@mock.patch("builtins.open", autospec=True)
799+
@mock.patch.dict(
800+
os.environ,
801+
{
802+
"GOOGLE_API_USE_CLIENT_CERTIFICATE": "",
803+
"GOOGLE_API_CERTIFICATE_CONFIG": "/path/does/not/exist",
804+
},
805+
)
806+
def test_config_file_not_found(self, mock_file):
807+
mock_file.side_effect = FileNotFoundError
808+
assert _mtls_helper.check_use_client_cert() is False
809+
810+
@mock.patch.dict(os.environ, {}, clear=True)
811+
def test_no_env_vars_set(self):
812+
assert _mtls_helper.check_use_client_cert() is False
817813

818814

819815
class TestMtlsHelper:

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.