kiarina-lib-google-auth 1.6.1__tar.gz → 1.6.3__tar.gz

kiarina_lib_google_auth-1.6.3/.env.sample

@@ -0,0 +1,2 @@
+# Test settings file path
+KIARINA_LIB_GOOGLE_AUTH_TEST_SETTINGS_FILE=packages/kiarina-lib-google-auth/test_settings.yaml

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/.gitignore

@@ -25,6 +25,7 @@ htmlcov/
 # Project specific
 *.log
 tmp/
+packages/*/test_settings.yaml
 
 # Test data
 tests/data/large/

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/CHANGELOG.md

@@ -7,6 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.6.3] - 2025-10-13
+
+### Changed
+- Updated `pydantic-settings-manager` dependency from `>=2.1.0` to `>=2.3.0`
+- Improved test configuration approach using YAML-based settings file instead of individual environment variables
+- Tests now use `pydantic-settings-manager` with multiple named configurations for different authentication scenarios
+- Added `test_settings.sample.yaml` as a template for test configuration
+- Added `.env.sample` to document required environment variables
+- Reorganized `GoogleAuthSettings` field order for better readability (common fields first)
+- Enhanced test coverage with more comprehensive authentication method tests
+- Simplified test fixtures using session-scoped `load_settings` fixture
+
+## [1.6.2] - 2025-10-10
+
+### Changed
+- No changes
+
 ## [1.6.1] - 2025-10-10
 
 ### Changed

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: kiarina-lib-google-auth
-Version: 1.6.1
+Version: 1.6.3
 Summary: Google Cloud client library for kiarina namespace
 Project-URL: Homepage, https://github.com/kiarina/kiarina-python
 Project-URL: Repository, https://github.com/kiarina/kiarina-python
@@ -21,7 +21,7 @@ Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Typing :: Typed
 Requires-Python: >=3.12
 Requires-Dist: google-api-python-client>=2.184.0
-Requires-Dist: pydantic-settings-manager>=2.1.0
+Requires-Dist: pydantic-settings-manager>=2.3.0
 Requires-Dist: pydantic-settings>=2.10.1
 Description-Content-Type: text/markdown
 
@@ -461,26 +461,53 @@ mise run package:test kiarina-lib-google-auth --coverage
 
 ### Test Configuration
 
-Some tests require actual GCP credentials. Set the following environment variables:
+Some tests require actual GCP credentials. Create a test settings file and set the environment variable to point to it:
 
 ```bash
-# Service account key file
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE="~/path/to/sa-key.json"
+# Create test settings file from sample
+cp packages/kiarina-lib-google-auth/test_settings.sample.yaml \
+   packages/kiarina-lib-google-auth/test_settings.yaml
 
-# Service account key data (JSON string)
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_DATA='{"type": "service_account", ...}'
-
-# Authorized user file
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_FILE="~/.config/gcloud/application_default_credentials.json"
-
-# Authorized user data (JSON string)
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_DATA='{"type": "authorized_user", ...}'
+# Edit the file with your actual credentials
+# Then set the environment variable
+export KIARINA_LIB_GOOGLE_AUTH_TEST_SETTINGS_FILE="packages/kiarina-lib-google-auth/test_settings.yaml"
+```
 
-# Target service account for impersonation tests
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_IMPERSONATE_SA="target-sa@project.iam.gserviceaccount.com"
+The test settings file should contain multiple named configurations for different authentication scenarios:
+
+```yaml
+kiarina.lib.google.auth:
+  default:
+    type: default
+  service_account_file:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_file: ~/.gcp/service-account/your-project/your-service-account/key.json
+  service_account_data:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_data: '{"type":"service_account","project_id":"...","private_key":"...","client_email":"..."}'
+  service_account_impersonate:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_file: ~/.gcp/service-account/your-project/your-service-account/key.json
+    impersonate_service_account: impersonated-account@your-project.iam.gserviceaccount.com
+  user_account_file:
+    type: user_account
+    project_id: your-project-id
+    user_account_email: your-email@example.com
+    authorized_user_file: ~/.gcp/oauth2/your-project/authorized_user.json
+  user_account_data:
+    type: user_account
+    project_id: your-project-id
+    user_account_email: your-email@example.com
+    authorized_user_data: '{"type":"authorized_user","client_id":"...","client_secret":"...","refresh_token":"..."}'
 ```
 
-Tests will be skipped (xfail) if these environment variables are not set.
+**Note**: The `test_settings.yaml` file is gitignored to prevent accidental credential exposure.
 
 ## Dependencies
 

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/README.md

@@ -434,26 +434,53 @@ mise run package:test kiarina-lib-google-auth --coverage
 
 ### Test Configuration
 
-Some tests require actual GCP credentials. Set the following environment variables:
+Some tests require actual GCP credentials. Create a test settings file and set the environment variable to point to it:
 
 ```bash
-# Service account key file
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE="~/path/to/sa-key.json"
+# Create test settings file from sample
+cp packages/kiarina-lib-google-auth/test_settings.sample.yaml \
+   packages/kiarina-lib-google-auth/test_settings.yaml
 
-# Service account key data (JSON string)
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_DATA='{"type": "service_account", ...}'
-
-# Authorized user file
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_FILE="~/.config/gcloud/application_default_credentials.json"
-
-# Authorized user data (JSON string)
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_DATA='{"type": "authorized_user", ...}'
+# Edit the file with your actual credentials
+# Then set the environment variable
+export KIARINA_LIB_GOOGLE_AUTH_TEST_SETTINGS_FILE="packages/kiarina-lib-google-auth/test_settings.yaml"
+```
 
-# Target service account for impersonation tests
-export KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_IMPERSONATE_SA="target-sa@project.iam.gserviceaccount.com"
+The test settings file should contain multiple named configurations for different authentication scenarios:
+
+```yaml
+kiarina.lib.google.auth:
+  default:
+    type: default
+  service_account_file:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_file: ~/.gcp/service-account/your-project/your-service-account/key.json
+  service_account_data:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_data: '{"type":"service_account","project_id":"...","private_key":"...","client_email":"..."}'
+  service_account_impersonate:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_file: ~/.gcp/service-account/your-project/your-service-account/key.json
+    impersonate_service_account: impersonated-account@your-project.iam.gserviceaccount.com
+  user_account_file:
+    type: user_account
+    project_id: your-project-id
+    user_account_email: your-email@example.com
+    authorized_user_file: ~/.gcp/oauth2/your-project/authorized_user.json
+  user_account_data:
+    type: user_account
+    project_id: your-project-id
+    user_account_email: your-email@example.com
+    authorized_user_data: '{"type":"authorized_user","client_id":"...","client_secret":"...","refresh_token":"..."}'
 ```
 
-Tests will be skipped (xfail) if these environment variables are not set.
+**Note**: The `test_settings.yaml` file is gitignored to prevent accidental credential exposure.
 
 ## Dependencies
 

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "kiarina-lib-google-auth"
-version = "1.6.1"
+version = "1.6.3"
 description = "Google Cloud client library for kiarina namespace"
 readme = "README.md"
 license = "MIT"
@@ -25,7 +25,7 @@ requires-python = ">=3.12"
 dependencies = [
     "google-api-python-client>=2.184.0",
     "pydantic-settings>=2.10.1",
-    "pydantic-settings-manager>=2.1.0",
+    "pydantic-settings-manager>=2.3.0",
 ]
 
 [project.urls]

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/src/kiarina/lib/google/auth/_helpers/get_credentials.py

@@ -19,7 +19,7 @@ def get_credentials(
     cache: CredentialsCache | None = None,
 ) -> Credentials:
     if settings is None:
-        settings = settings_manager.get_settings_by_key(config_key)
+        settings = settings_manager.get_settings(config_key)
 
     credentials: Credentials
 

kiarina_lib_google_auth-1.6.3/test_settings.sample.yaml

@@ -0,0 +1,31 @@
+kiarina.lib.google.auth:
+  default:
+    type: default
+  service_account_file:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_file: ~/.gcp/service-account/your-project/your-service-account/key.json
+  service_account_data:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    # cat $service_account_file | jq -c .
+    service_account_data: '{"type":"service_account","project_id":"your-project-id","private_key_id":"...","private_key":"...","client_email":"your-service-account@your-project.iam.gserviceaccount.com","client_id":"...","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"..."}'
+  service_account_impersonate:
+    type: service_account
+    project_id: your-project-id
+    service_account_email: your-service-account@your-project.iam.gserviceaccount.com
+    service_account_file: ~/.gcp/service-account/your-project/your-service-account/key.json
+    impersonate_service_account: impersonated-account@your-project.iam.gserviceaccount.com
+  user_account_file:
+    type: user_account
+    project_id: your-project-id
+    user_account_email: your-email@example.com
+    authorized_user_file: ~/.gcp/oauth2/your-project/authorized_user.json
+  user_account_data:
+    type: user_account
+    project_id: your-project-id
+    user_account_email: your-email@example.com
+    # cat $authorized_user_file | jq -c .
+    authorized_user_data: '{"type":"authorized_user","client_id":"...","client_secret":"...","refresh_token":"..."}'

kiarina_lib_google_auth-1.6.3/tests/conftest.py

@@ -0,0 +1,27 @@
+import os
+
+import pytest
+from pydantic_settings_manager import load_user_configs
+
+import kiarina.utils.file as kf
+
+
+@pytest.fixture(scope="session")
+def load_settings():
+    env_var = "KIARINA_LIB_GOOGLE_AUTH_TEST_SETTINGS_FILE"
+
+    if env_var not in os.environ:
+        pytest.skip(f"Environment variable {env_var} not set, skipping tests.")
+
+    test_settings_file = os.environ[env_var]
+    test_settings_file = os.path.expanduser(test_settings_file)
+
+    if not os.path.exists(test_settings_file):
+        raise FileNotFoundError(f"Settings file not found: {test_settings_file}")
+
+    user_configs = kf.read_yaml_dict(test_settings_file)
+
+    if not user_configs:
+        raise ValueError(f"Settings file is empty or invalid: {test_settings_file}")
+
+    load_user_configs(user_configs)

kiarina_lib_google_auth-1.6.3/tests/test_get_credentials.py

@@ -0,0 +1,52 @@
+import os
+
+import google.auth.compute_engine.credentials
+import google.oauth2.credentials
+import google.oauth2.service_account
+from google.auth import impersonated_credentials
+import pytest
+
+from kiarina.lib.google.auth import get_credentials
+
+
+@pytest.mark.xfail(
+    not os.path.exists(
+        os.path.expanduser("~/.config/gcloud/application_default_credentials.json")
+    ),
+    reason="ADC file not set",
+)
+def test_default(load_settings):
+    credentials = get_credentials("default")
+    assert isinstance(
+        credentials,
+        (
+            google.auth.compute_engine.credentials.Credentials,
+            google.oauth2.service_account.Credentials,
+            google.oauth2.credentials.Credentials,
+        ),
+    )
+
+
+def test_service_account_file(load_settings):
+    credentials = get_credentials("service_account_file")
+    assert isinstance(credentials, google.oauth2.service_account.Credentials)
+
+
+def test_service_account_data(load_settings):
+    credentials = get_credentials("service_account_data")
+    assert isinstance(credentials, google.oauth2.service_account.Credentials)
+
+
+def test_impersonate_service_account(load_settings):
+    credentials = get_credentials("service_account_impersonate")
+    assert isinstance(credentials, impersonated_credentials.Credentials)
+
+
+def test_user_account_file(load_settings):
+    credentials = get_credentials("user_account_file")
+    assert isinstance(credentials, google.oauth2.credentials.Credentials)
+
+
+def test_user_account_data(load_settings):
+    credentials = get_credentials("user_account_data")
+    assert isinstance(credentials, google.oauth2.credentials.Credentials)

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/tests/test_get_default_credentials.py

@@ -4,6 +4,7 @@ import google.oauth2.credentials
 import google.oauth2.service_account
 import pytest
 
+from kiarina.lib.google.auth import settings_manager
 from kiarina.lib.google.auth._utils.get_default_credentials import (
     get_default_credentials,
 )
@@ -21,15 +22,12 @@ def test_adc():
     assert isinstance(credentials, google.oauth2.credentials.Credentials)
 
 
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE" not in os.environ,
-    reason="GCP SA key file not set",
-)
-def test_service_account():
-    # Set the environment variable to point to a service account key file
-    os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = os.path.expanduser(
-        os.environ["KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE"]
-    )
+def test_service_account(load_settings, monkeypatch):
+    if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:
+        settings = settings_manager.get_settings("service_account_file")
+        monkeypatch.setenv(
+            "GOOGLE_APPLICATION_CREDENTIALS", settings.service_account_file
+        )
 
     credentials = get_default_credentials()
     print(f"Obtained service account credentials of type: {type(credentials)}")

kiarina_lib_google_auth-1.6.3/tests/test_get_self_signed_jwt.py

@@ -0,0 +1,9 @@
+from kiarina.lib.google.auth import get_self_signed_jwt
+
+
+def test_get_self_signed_jwt(load_settings):
+    jwt = get_self_signed_jwt(
+        "service_account_file",
+        audience="https://blazeworks.jp/",
+    )
+    assert jwt.count(".") == 2

kiarina_lib_google_auth-1.6.3/tests/test_get_service_account_credentials.py

@@ -0,0 +1,27 @@
+import google.oauth2.service_account
+import pytest
+
+from kiarina.lib.google.auth import settings_manager, get_service_account_credentials
+
+
+def test_file(load_settings):
+    settings = settings_manager.get_settings("service_account_file")
+    credentials = get_service_account_credentials(
+        service_account_file=settings.service_account_file
+    )
+    assert isinstance(credentials, google.oauth2.service_account.Credentials)
+
+
+def test_nonexistent_file():
+    with pytest.raises(ValueError, match="Service account file does not exist"):
+        get_service_account_credentials(
+            service_account_file="/path/to/nonexistent/file.json"
+        )
+
+
+def test_data(load_settings):
+    settings = settings_manager.get_settings("service_account_data")
+    credentials = get_service_account_credentials(
+        service_account_data=settings.get_service_account_data()
+    )
+    assert isinstance(credentials, google.oauth2.service_account.Credentials)

kiarina_lib_google_auth-1.6.3/tests/test_get_user_account_credentials.py

@@ -0,0 +1,76 @@
+from google.oauth2.credentials import Credentials
+import pytest
+
+from kiarina.lib.google.auth import (
+    CredentialsCache,
+    settings_manager,
+    get_user_account_credentials,
+)
+
+
+def test_file(load_settings):
+    settings = settings_manager.get_settings("user_account_file")
+    credentials = get_user_account_credentials(
+        authorized_user_file=settings.authorized_user_file,
+        scopes=settings.scopes,
+    )
+    assert isinstance(credentials, Credentials)
+
+
+def test_nonexistent_file():
+    with pytest.raises(ValueError, match="Authorized user file does not exist"):
+        get_user_account_credentials(
+            authorized_user_file="/path/to/nonexistent/file.json",
+            scopes=["https://www.googleapis.com/auth/devstorage.read_only"],
+        )
+
+
+def test_data(load_settings):
+    settings = settings_manager.get_settings("user_account_data")
+    credentials = get_user_account_credentials(
+        authorized_user_data=settings.get_authorized_user_data(),
+        scopes=settings.scopes,
+    )
+    assert isinstance(credentials, Credentials)
+
+
+def test_cache(load_settings):
+    set_counter = 0
+
+    class InMemoryCache(CredentialsCache):
+        def __init__(self):
+            self._cache: str | None = None
+
+        def get(self) -> str | None:
+            return self._cache
+
+        def set(self, value: str) -> None:
+            self._cache = value
+
+            nonlocal set_counter
+            set_counter += 1
+
+    cache = InMemoryCache()
+
+    settings = settings_manager.get_settings("user_account_data")
+    credentials = get_user_account_credentials(
+        authorized_user_data=settings.get_authorized_user_data(),
+        scopes=settings.scopes,
+        cache=cache,
+    )
+
+    assert isinstance(credentials, Credentials)
+    assert credentials.valid is True
+    assert cache.get() is not None
+    assert set_counter == 1
+
+    credentials2 = get_user_account_credentials(
+        authorized_user_data=settings.get_authorized_user_data(),
+        scopes=settings.scopes,
+        cache=cache,
+    )
+
+    assert isinstance(credentials2, Credentials)
+    assert credentials2.valid is True
+    assert credentials2.token == credentials.token
+    assert set_counter == 1  # Cache should be used, so set() not called

kiarina_lib_google_auth-1.6.1/tests/test_get_credentials.py

@@ -1,83 +0,0 @@
-import os
-
-import google.auth.compute_engine.credentials
-import google.oauth2.credentials
-import google.oauth2.service_account
-from google.auth import impersonated_credentials
-import pytest
-
-from kiarina.lib.google.auth import GoogleAuthSettings, get_credentials
-
-
-@pytest.mark.xfail(
-    not os.path.exists(
-        os.path.expanduser("~/.config/gcloud/application_default_credentials.json")
-    ),
-    reason="ADC file not set",
-)
-def test_default():
-    credentials = get_credentials(settings=GoogleAuthSettings())
-    assert isinstance(
-        credentials,
-        (
-            google.auth.compute_engine.credentials.Credentials,
-            google.oauth2.service_account.Credentials,
-            google.oauth2.credentials.Credentials,
-        ),
-    )
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE" not in os.environ,
-    reason="GCP SA key file not set",
-)
-def test_service_account():
-    credentials = get_credentials(
-        settings=GoogleAuthSettings(
-            type="service_account",
-            service_account_file=os.environ[
-                "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE"
-            ],
-        )
-    )
-    assert isinstance(credentials, google.oauth2.service_account.Credentials)
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_FILE" not in os.environ,
-    reason="GCP authorized user file not set",
-)
-def test_user_account():
-    credentials = get_credentials(
-        settings=GoogleAuthSettings(
-            type="user_account",
-            authorized_user_file=os.environ[
-                "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_FILE"
-            ],
-            scopes=["https://www.googleapis.com/auth/devstorage.read_only"],
-        )
-    )
-    assert isinstance(credentials, google.oauth2.credentials.Credentials)
-
-
-@pytest.mark.xfail(
-    (
-        "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE" not in os.environ
-        or "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_IMPERSONATE_SA" not in os.environ
-    ),
-    reason="GCP SA key file not set",
-)
-def test_impersonate_service_account():
-    credentials = get_credentials(
-        settings=GoogleAuthSettings(
-            type="service_account",
-            service_account_file=os.environ[
-                "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE"
-            ],
-            impersonate_service_account=os.environ[
-                "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_IMPERSONATE_SA"
-            ],
-            scopes=["https://www.googleapis.com/auth/devstorage.read_only"],
-        )
-    )
-    assert isinstance(credentials, impersonated_credentials.Credentials)

kiarina_lib_google_auth-1.6.1/tests/test_get_self_signed_jwt.py

@@ -1,22 +0,0 @@
-import os
-
-import pytest
-
-from kiarina.lib.google.auth import GoogleAuthSettings, get_self_signed_jwt
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE" not in os.environ,
-    reason="GCP SA key file not set",
-)
-def test_get_self_signed_jwt():
-    jwt = get_self_signed_jwt(
-        settings=GoogleAuthSettings(
-            type="service_account",
-            service_account_file=os.environ[
-                "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE"
-            ],
-        ),
-        audience="https://blazeworks.jp/",
-    )
-    assert jwt.count(".") == 2

kiarina_lib_google_auth-1.6.1/tests/test_get_service_account_credentials.py

@@ -1,38 +0,0 @@
-import json
-import os
-
-import google.oauth2.service_account
-import pytest
-
-from kiarina.lib.google.auth import get_service_account_credentials
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE" not in os.environ,
-    reason="GCP SA key file not set",
-)
-def test_file():
-    credentials = get_service_account_credentials(
-        service_account_file=os.environ["KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_FILE"]
-    )
-    assert isinstance(credentials, google.oauth2.service_account.Credentials)
-
-
-def test_nonexistent_file():
-    with pytest.raises(ValueError, match="Service account file does not exist"):
-        get_service_account_credentials(
-            service_account_file="/path/to/nonexistent/file.json"
-        )
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_DATA" not in os.environ,
-    reason="GCP SA key data not set",
-)
-def test_data():
-    credentials = get_service_account_credentials(
-        service_account_data=json.loads(
-            os.environ["KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_SA_KEY_DATA"]
-        )
-    )
-    assert isinstance(credentials, google.oauth2.service_account.Credentials)

kiarina_lib_google_auth-1.6.1/tests/test_get_user_account_credentials.py

@@ -1,125 +0,0 @@
-import json
-import os
-
-from google.oauth2.credentials import Credentials
-import pytest
-
-from kiarina.lib.google.auth import CredentialsCache, get_user_account_credentials
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_FILE" not in os.environ,
-    reason="GCP authorized user file not set",
-)
-def test_file():
-    credentials = get_user_account_credentials(
-        authorized_user_file=os.environ[
-            "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_FILE"
-        ],
-        scopes=["https://www.googleapis.com/auth/devstorage.read_only"],
-    )
-    assert isinstance(credentials, Credentials)
-
-
-def test_nonexistent_file():
-    with pytest.raises(ValueError, match="Authorized user file does not exist"):
-        get_user_account_credentials(
-            authorized_user_file="/path/to/nonexistent/file.json",
-            scopes=["https://www.googleapis.com/auth/devstorage.read_only"],
-        )
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_DATA" not in os.environ,
-    reason="GCP authorized user data not set",
-)
-def test_data():
-    credentials = get_user_account_credentials(
-        authorized_user_data=json.loads(
-            os.environ["KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_DATA"]
-        ),
-        scopes=["https://www.googleapis.com/auth/devstorage.read_only"],
-    )
-    assert isinstance(credentials, Credentials)
-
-
-@pytest.mark.xfail(
-    "KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_DATA" not in os.environ,
-    reason="GCP authorized user data not set",
-)
-def test_cache():
-    from unittest.mock import patch, MagicMock
-
-    class InMemoryCache(CredentialsCache):
-        def __init__(self):
-            self._cache: str | None = None
-
-        def get(self) -> str | None:
-            return self._cache
-
-        def set(self, value: str) -> None:
-            self._cache = value
-
-    cache = InMemoryCache()
-    scopes = ["https://www.googleapis.com/auth/devstorage.read_only"]
-
-    # Mock Credentials to control valid/expired state
-    with patch(
-        "kiarina.lib.google.auth._utils.get_user_account_credentials.Credentials"
-    ) as MockCredentials:
-        # First call: credentials are invalid and need refresh
-        mock_creds_invalid = MagicMock(spec=Credentials)
-        mock_creds_invalid.valid = False
-        mock_creds_invalid.expired = True
-        mock_creds_invalid.refresh_token = "mock_refresh_token"
-        mock_creds_invalid.to_json.return_value = json.dumps(
-            {
-                "type": "authorized_user",
-                "client_id": "mock_client_id",
-                "client_secret": "mock_client_secret",
-                "refresh_token": "mock_refresh_token",
-            }
-        )
-
-        # After refresh, credentials become valid
-        def refresh_side_effect(_):
-            mock_creds_invalid.valid = True
-            mock_creds_invalid.expired = False
-
-        mock_creds_invalid.refresh.side_effect = refresh_side_effect
-
-        MockCredentials.from_authorized_user_info.return_value = mock_creds_invalid
-
-        # First call: should refresh and cache
-        credentials = get_user_account_credentials(
-            authorized_user_data=json.loads(
-                os.environ["KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_DATA"]
-            ),
-            scopes=scopes,
-            cache=cache,
-        )
-
-        assert isinstance(credentials, MagicMock)
-        assert credentials.valid is True
-        assert cache.get() is not None
-        mock_creds_invalid.refresh.assert_called_once()
-
-        # Second call: should use cached credentials
-        mock_creds_cached = MagicMock(spec=Credentials)
-        mock_creds_cached.valid = True
-        mock_creds_cached.expired = False
-
-        MockCredentials.from_authorized_user_info.return_value = mock_creds_cached
-
-        credentials2 = get_user_account_credentials(
-            authorized_user_data=json.loads(
-                os.environ["KIARINA_LIB_GOOGLE_AUTH_TEST_GCP_AUTHORIZED_USER_DATA"]
-            ),
-            scopes=scopes,
-            cache=cache,
-        )
-
-        assert isinstance(credentials2, MagicMock)
-        assert credentials2.valid is True
-        # Cached credentials should not need refresh
-        mock_creds_cached.refresh.assert_not_called()

{kiarina_lib_google_auth-1.6.1 → kiarina_lib_google_auth-1.6.3}/src/kiarina/lib/google/auth/settings.py

@@ -12,6 +12,34 @@ class GoogleAuthSettings(BaseSettings):
 
     type: Literal["default", "service_account", "user_account"] = "default"
 
+    # --------------------------------------------------
+    # Fields (common)
+    # --------------------------------------------------
+
+    project_id: str | None = None
+
+    impersonate_service_account: str | None = None
+    """
+    Email address of the service account to impersonate
+
+    The source principal requires the roles/iam.serviceAccountTokenCreator role.
+    Note that this required permission is not included in the roles/owner role.
+    """
+
+    scopes: list[str] = Field(
+        default_factory=lambda: [
+            "https://www.googleapis.com/auth/cloud-platform",  # All GCP resources
+            "https://www.googleapis.com/auth/drive",  # Google Drive resources
+            "https://www.googleapis.com/auth/spreadsheets",  # Google Sheets resources
+        ]
+    )
+    """
+    List of scopes to request during the authentication
+
+    Specify the scopes required for impersonation authentication.
+    Specify the scopes required for user account authentication.
+    """
+
     # --------------------------------------------------
     # Fields (service_account)
     # --------------------------------------------------
@@ -48,34 +76,6 @@ class GoogleAuthSettings(BaseSettings):
     Refreshed credentials will be cached.
     """
 
-    # --------------------------------------------------
-    # Fields (common)
-    # --------------------------------------------------
-
-    impersonate_service_account: str | None = None
-    """
-    Email address of the service account to impersonate
-
-    The source principal requires the roles/iam.serviceAccountTokenCreator role.
-    Note that this required permission is not included in the roles/owner role.
-    """
-
-    scopes: list[str] = Field(
-        default_factory=lambda: [
-            "https://www.googleapis.com/auth/cloud-platform",  # All GCP resources
-            "https://www.googleapis.com/auth/drive",  # Google Drive resources
-            "https://www.googleapis.com/auth/spreadsheets",  # Google Sheets resources
-        ]
-    )
-    """
-    List of scopes to request during the authentication
-
-    Specify the scopes required for impersonation authentication.
-    Specify the scopes required for user account authentication.
-    """
-
-    project_id: str | None = None
-
     # --------------------------------------------------
     # Validators
     # --------------------------------------------------