diff --git a/.gitignore b/.gitignore index f01e60ec0..6d86d1f7a 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,3 @@ pylintrc.test pytype_output/ .python-version -.DS_Store -cert_path -key_path \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 593596e0c..532d7d925 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ [1]: https://pypi.org/project/google-auth/#history +### [1.19.2](https://www.github.com/googleapis/google-auth-library-python/compare/v1.19.1...v1.19.2) (2020-07-17) + + +### Bug fixes + +* Revert "fix: migrate signBlob to iamcredentials.googleapis.com" ([#563](https://www.github.com/googleapis/google-auth-library-python/issues/563)) ([a48b5b](https://www.github.com/googleapis/google-auth-library-python/commit/a48b5b9135b30ff06f1fe18dd9dbe92ffcf3a272)) + ### [1.19.1](https://www.github.com/googleapis/google-auth-library-python/compare/v1.19.0...v1.19.1) (2020-07-15) diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index c04a6c63e..ac65343ee 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -19,7 +19,7 @@ A few notes on making changes to ``google-auth-library-python``. using ``nox -s docgen``. - The change must work fully on the following CPython versions: 2.7, - 3.5, 3.6, 3.7 across macOS, Linux, and Windows. + 3.5, 3.6, 3.7, 3.8 across macOS, Linux, and Windows. - The codebase *must* have 100% test statement coverage after each commit. You can test coverage via ``nox -e cover``. diff --git a/google/auth/iam.py b/google/auth/iam.py index 9e3887909..bd0500457 100644 --- a/google/auth/iam.py +++ b/google/auth/iam.py @@ -28,7 +28,7 @@ from google.auth import crypt from google.auth import exceptions -_IAM_API_ROOT_URI = "https://iamcredentials.googleapis.com/v1" +_IAM_API_ROOT_URI = "https://iam.googleapis.com/v1" _SIGN_BLOB_URI = _IAM_API_ROOT_URI + "/projects/-/serviceAccounts/{}:signBlob?alt=json" @@ -71,7 +71,7 @@ def _make_signing_request(self, message): url = _SIGN_BLOB_URI.format(self._service_account_email) headers = {} body = json.dumps( - {"payload": base64.b64encode(message).decode("utf-8")} + {"bytesToSign": base64.b64encode(message).decode("utf-8")} ).encode("utf-8") self._credentials.before_request(self._request, method, url, headers) @@ -97,4 +97,4 @@ def key_id(self): @_helpers.copy_docstring(crypt.Signer) def sign(self, message): response = self._make_signing_request(message) - return base64.b64decode(response["signedBlob"]) + return base64.b64decode(response["signature"]) diff --git a/setup.py b/setup.py index 52033def6..629e059df 100644 --- a/setup.py +++ b/setup.py @@ -32,7 +32,7 @@ with io.open("README.rst", "r") as fh: long_description = fh.read() -version = "1.19.1" +version = "1.19.2" setup( name="google-auth", diff --git a/system_tests/test_service_account.py b/system_tests/test_service_account.py index 498b75b22..262ce84f5 100644 --- a/system_tests/test_service_account.py +++ b/system_tests/test_service_account.py @@ -16,7 +16,6 @@ from google.auth import _helpers from google.auth import exceptions -from google.auth import iam from google.oauth2 import service_account @@ -47,19 +46,3 @@ def test_refresh_success(http_request, credentials, token_info): "https://www.googleapis.com/auth/userinfo.profile", ] ) - -def test_iam_signer(http_request, credentials): - credentials = credentials.with_scopes( - ["https://www.googleapis.com/auth/iam"] - ) - - # Verify iamcredentials signer. - signer = iam.Signer( - http_request, - credentials, - credentials.service_account_email - ) - - signed_blob = signer.sign("message") - - assert isinstance(signed_blob, bytes) diff --git a/tests/compute_engine/test_credentials.py b/tests/compute_engine/test_credentials.py index 4ee653676..8c95e2437 100644 --- a/tests/compute_engine/test_credentials.py +++ b/tests/compute_engine/test_credentials.py @@ -363,11 +363,11 @@ def test_with_target_audience_integration(self): signature = base64.b64encode(b"some-signature").decode("utf-8") responses.add( responses.POST, - "https://iamcredentials.googleapis.com/v1/projects/-/" - "serviceAccounts/service-account@example.com:signBlob?alt=json", + "https://iam.googleapis.com/v1/projects/-/serviceAccounts/" + "service-account@example.com:signBlob?alt=json", status=200, content_type="application/json", - json={"keyId": "some-key-id", "signedBlob": signature}, + json={"keyId": "some-key-id", "signature": signature}, ) id_token = "{}.{}.{}".format( @@ -477,11 +477,11 @@ def test_with_quota_project_integration(self): signature = base64.b64encode(b"some-signature").decode("utf-8") responses.add( responses.POST, - "https://iamcredentials.googleapis.com/v1/projects/-/" - "serviceAccounts/service-account@example.com:signBlob?alt=json", + "https://iam.googleapis.com/v1/projects/-/serviceAccounts/" + "service-account@example.com:signBlob?alt=json", status=200, content_type="application/json", - json={"keyId": "some-key-id", "signedBlob": signature}, + json={"keyId": "some-key-id", "signature": signature}, ) id_token = "{}.{}.{}".format( diff --git a/tests/test_iam.py b/tests/test_iam.py index e20eebaa7..4367fe7a8 100644 --- a/tests/test_iam.py +++ b/tests/test_iam.py @@ -81,7 +81,7 @@ def test_key_id(self): def test_sign_bytes(self): signature = b"DEADBEEF" encoded_signature = base64.b64encode(signature).decode("utf-8") - request = make_request(http_client.OK, data={"signedBlob": encoded_signature}) + request = make_request(http_client.OK, data={"signature": encoded_signature}) credentials = make_credentials() signer = iam.Signer(request, credentials, mock.sentinel.service_account_email)