diff --git a/packages/google-auth/google/auth/_default.py b/packages/google-auth/google/auth/_default.py index cb40c1fa6d77..9fb6da1f2b5f 100644 --- a/packages/google-auth/google/auth/_default.py +++ b/packages/google-auth/google/auth/_default.py @@ -22,7 +22,7 @@ import json import logging import os -from typing import Optional, Sequence, TYPE_CHECKING +from typing import Optional, Sequence, TYPE_CHECKING, Union import warnings from google.auth import environment_vars @@ -591,7 +591,7 @@ def _apply_quota_project_id(credentials, quota_project_id): def default( - scopes: Optional[Sequence[str]] = None, + scopes: Optional[Union[Sequence[str], str]] = None, request: Optional["google.auth.transport.Request"] = None, quota_project_id: Optional[str] = None, default_scopes: Optional[Sequence[str]] = None, @@ -666,7 +666,7 @@ def default( credentials, project_id = google.auth.default() Args: - scopes (Sequence[str]): The list of scopes for the credentials. If + scopes (Optional[Union[Sequence[str], str]]): The list of scopes for the credentials. If specified, the credentials will automatically be scoped if necessary. request (Optional[google.auth.transport.Request]): An object used to make diff --git a/packages/google-auth/google/auth/app_engine.py b/packages/google-auth/google/auth/app_engine.py index 49f6457f4af1..4b151fa0f627 100644 --- a/packages/google-auth/google/auth/app_engine.py +++ b/packages/google-auth/google/auth/app_engine.py @@ -95,11 +95,11 @@ def __init__( ): """ Args: - scopes (Sequence[str]): Scopes to request from the App Identity + scopes (Optional[Sequence[str]]): Scopes to request from the App Identity API. - default_scopes (Sequence[str]): Default scopes passed by a + default_scopes (Optional[Sequence[str]]): Default scopes passed by a Google client library. Use 'scopes' for user-defined scopes. - service_account_id (str): The service account ID passed into + service_account_id (Optional[str]): The service account ID passed into :func:`google.appengine.api.app_identity.get_access_token`. If not specified, the default application service account ID will be used. diff --git a/packages/google-auth/google/auth/credentials.py b/packages/google-auth/google/auth/credentials.py index 1e16ca2e87a7..34fee12fc102 100644 --- a/packages/google-auth/google/auth/credentials.py +++ b/packages/google-auth/google/auth/credentials.py @@ -16,14 +16,14 @@ """Interfaces for credentials.""" import abc +import datetime from enum import Enum import logging import os -from typing import Dict, List, Optional, TYPE_CHECKING +from typing import Dict, List, Optional, Sequence, TYPE_CHECKING, Union from urllib.parse import urlparse import warnings - from google.auth import _helpers, environment_vars from google.auth import _regional_access_boundary_utils from google.auth import exceptions @@ -66,16 +66,16 @@ class Credentials(_BaseCredentials): def __init__(self): super(Credentials, self).__init__() - self.expiry = None + self.expiry: Optional[datetime.datetime] = None """Optional[datetime]: When the token expires and is no longer valid. If this is None, the token is assumed to never expire.""" - self._quota_project_id = None + self._quota_project_id: Optional[str] = None """Optional[str]: Project to use for quota and billing purposes.""" - self._trust_boundary = None + self._trust_boundary: Optional[dict] = None """Optional[dict]: Cache of a trust boundary response which has a list of allowed regions and an encoded string representation of credentials trust boundary.""" - self._universe_domain = DEFAULT_UNIVERSE_DOMAIN + self._universe_domain: Optional[str] = DEFAULT_UNIVERSE_DOMAIN """Optional[str]: The universe domain value, default is googleapis.com """ @@ -617,12 +617,18 @@ class Scoped(ReadOnlyScoped): """ @abc.abstractmethod - def with_scopes(self, scopes, default_scopes=None): + def with_scopes( + self, + scopes: Optional[Sequence[str]], + default_scopes: Optional[Sequence[str]] = None, + ): """Create a copy of these credentials with the specified scopes. Args: - scopes (Sequence[str]): The list of scopes to attach to the + scopes (Optional[Sequence[str]]): The list of scopes to attach to the current credentials. + default_scopes (Optional[Sequence[str]]): Default scopes passed by a + Google client library. Use 'scopes' for user-defined scopes. Raises: NotImplementedError: If the credentials' scopes can not be changed. @@ -632,7 +638,11 @@ def with_scopes(self, scopes, default_scopes=None): raise NotImplementedError("This class does not require scoping.") -def with_scopes_if_required(credentials, scopes, default_scopes=None): +def with_scopes_if_required( + credentials, + scopes: Optional[Union[str, Sequence[str]]], + default_scopes: Optional[Sequence[str]] = None, +): """Creates a copy of the credentials with scopes if scoping is required. This helper function is useful when you do not know (or care to know) the @@ -645,8 +655,8 @@ def with_scopes_if_required(credentials, scopes, default_scopes=None): Args: credentials (google.auth.credentials.Credentials): The credentials to scope if necessary. - scopes (Sequence[str]): The list of scopes to use. - default_scopes (Sequence[str]): Default scopes passed by a + scopes (Optional[Union[str, Sequence[str]]]): The list of scopes to use. + default_scopes (Optional[Sequence[str]]): Default scopes passed by a Google client library. Use 'scopes' for user-defined scopes. Returns: @@ -654,8 +664,12 @@ def with_scopes_if_required(credentials, scopes, default_scopes=None): credentials, or the passed in credentials instance if no scoping was required. """ + # wrap single-string scopes in a list + scopes_seq: Optional[Sequence[str]] = ( + [scopes] if isinstance(scopes, str) else scopes + ) if isinstance(credentials, Scoped) and credentials.requires_scopes: - return credentials.with_scopes(scopes, default_scopes=default_scopes) + return credentials.with_scopes(scopes_seq, default_scopes=default_scopes) else: return credentials diff --git a/packages/google-auth/google/auth/crypt/rsa.py b/packages/google-auth/google/auth/crypt/rsa.py index 639be9069549..efadd72e960a 100644 --- a/packages/google-auth/google/auth/crypt/rsa.py +++ b/packages/google-auth/google/auth/crypt/rsa.py @@ -16,7 +16,7 @@ RSA cryptography signer and verifier. This file provides a shared wrapper, that defers to _python_rsa or _cryptography_rsa -for implmentations using different third party libraries +for implementations using different third party libraries """ from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey diff --git a/packages/google-auth/google/auth/transport/_mtls_helper.py b/packages/google-auth/google/auth/transport/_mtls_helper.py index d6450291c7f2..75016384bbc3 100644 --- a/packages/google-auth/google/auth/transport/_mtls_helper.py +++ b/packages/google-auth/google/auth/transport/_mtls_helper.py @@ -50,7 +50,7 @@ b"-----BEGIN PASSPHRASE-----(.+)-----END PASSPHRASE-----", re.DOTALL ) -# Temporary patch to accomodate incorrect cert config in Cloud Run prod environment. +# Temporary patch to accommodate incorrect cert config in Cloud Run prod environment. _WELL_KNOWN_CLOUD_RUN_CERT_PATH = ( "/var/run/secrets/workload-spiffe-credentials/certificates.pem" )