feat: Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, i… · googleapis/google-auth-library-python@395e405
@@ -12,6 +12,7 @@
1212# See the License for the specific language governing permissions and
1313# limitations under the License.
141415+import json
1516import os
1617import re
1718@@ -638,3 +639,74 @@ def test_crypto_error(self):
638639_mtls_helper.decrypt_private_key(
639640ENCRYPTED_EC_PRIVATE_KEY, b"wrong_password"
640641 )
642+643+def test_check_use_client_cert(self, monkeypatch):
644+monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "true")
645+use_client_cert = _mtls_helper.check_use_client_cert()
646+assert use_client_cert == "true"
647+648+def test_check_use_client_cert_for_workload_with_config_file(self, monkeypatch):
649+config_data = {
650+"version": 1,
651+"cert_configs": {
652+"workload": {
653+"cert_path": "path/to/cert/file",
654+"key_path": "path/to/key/file",
655+ }
656+ },
657+ }
658+config_filename = "mock_certificate_config.json"
659+config_file_content = json.dumps(config_data)
660+monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
661+monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
662+# Use mock_open to simulate the file in memory
663+mock_file_handle = mock.mock_open(read_data=config_file_content)
664+with mock.patch("builtins.open", mock_file_handle):
665+use_client_cert = _mtls_helper.check_use_client_cert()
666+assert use_client_cert == "true"
667+668+def test_check_use_client_cert_false(self, monkeypatch):
669+monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
670+use_client_cert = _mtls_helper.check_use_client_cert()
671+assert use_client_cert == "false"
672+673+def test_check_use_client_cert_for_workload_with_config_file_not_found(
674+self, monkeypatch
675+ ):
676+monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
677+use_client_cert = _mtls_helper.check_use_client_cert()
678+assert use_client_cert == "false"
679+680+def test_check_use_client_cert_for_workload_with_config_file_not_json(
681+self, monkeypatch
682+ ):
683+config_filename = "mock_certificate_config.json"
684+config_file_content = "not_valid_json"
685+monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
686+monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
687+# Use mock_open to simulate the file in memory
688+mock_file_handle = mock.mock_open(read_data=config_file_content)
689+with mock.patch("builtins.open", mock_file_handle):
690+use_client_cert = _mtls_helper.check_use_client_cert()
691+assert use_client_cert == "false"
692+693+def test_check_use_client_cert_for_workload_with_config_file_no_workload(
694+self, monkeypatch
695+ ):
696+config_data = {"version": 1, "cert_configs": {"dummy_key": {}}}
697+config_filename = "mock_certificate_config.json"
698+config_file_content = json.dumps(config_data)
699+monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
700+monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
701+# Use mock_open to simulate the file in memory
702+mock_file_handle = mock.mock_open(read_data=config_file_content)
703+with mock.patch("builtins.open", mock_file_handle):
704+use_client_cert = _mtls_helper.check_use_client_cert()
705+assert use_client_cert == "false"
706+707+def test_check_use_client_cert_when_file_does_not_exist(self, monkeypatch):
708+config_filename = "mock_certificate_config.json"
709+monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
710+monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
711+use_client_cert = _mtls_helper.check_use_client_cert()
712+assert use_client_cert == "false"