implement review changes

Author: harkamaljot

google/auth/compute_engine/credentials.py

@@ -87,10 +87,10 @@ def __init__(
             self._universe_domain = universe_domain
             self._universe_domain_cached = True
 
-    def _retrieve_info(self, request):
-        """Retrieve information about the service account.
+    def _retrieve_scopes(self, request):
+        """Retrieve scopes about the service account.
 
-        Updates the scopes and retrieves the full service account email.
+        Updates the scopes for the assosiated service account.
 
         Args:
             request (google.auth.transport.Request): The object used to make
@@ -100,9 +100,7 @@ def _retrieve_info(self, request):
             request, service_account=self._service_account_email
         )
 
-        # Don't override scopes requested by the user.
-        if self._scopes is None:
-            self._scopes = info["scopes"]
+        self._scopes = info["scopes"]
 
     def _metric_header_for_usage(self):
         return metrics.CRED_TYPE_SA_MDS
@@ -121,7 +119,8 @@ def refresh(self, request):
         """
         scopes = self._scopes if self._scopes is not None else self._default_scopes
         try:
-            self._retrieve_info(request)
+            if self._scopes is None:
+                self._retrieve_scopes(request)
             self.token, self.expiry = _metadata.get_service_account_token(
                 request, service_account=self._service_account_email, scopes=scopes
             )

tests/compute_engine/test_credentials.py

@@ -98,11 +98,48 @@ def test_default_state(self):
         return_value=datetime.datetime.min + _helpers.REFRESH_THRESHOLD,
     )
     @mock.patch("google.auth.compute_engine._metadata.get", autospec=True)
-    def test_refresh_success(self, get, utcnow):
+    def test_refresh_success_with_service_account_email(self, get, utcnow):
+        service_account_email = "[email protected]"
+        self.credentials.service_account_email = service_account_email
         get.side_effect = [
             {
                 # First request is for sevice account info.
-                "email": "[email protected]",
+                "email": service_account_email,
+                "scopes": ["one", "two"],
+            },
+            {
+                # Second request is for the token.
+                "access_token": "token",
+                "expires_in": 500,
+            },
+        ]
+
+        # Refresh credentials
+        self.credentials.refresh(None)
+
+        # Check that the credentials have the token and proper expiration
+        assert self.credentials.token == "token"
+        assert self.credentials.expiry == (utcnow() + datetime.timedelta(seconds=500))
+
+        # Check the credential info
+        assert self.credentials.service_account_email == service_account_email
+        assert self.credentials._scopes == ["one", "two"]
+
+        # Check that the credentials are valid (have a token and are not
+        # expired)
+        assert self.credentials.valid
+
+    @mock.patch(
+        "google.auth._helpers.utcnow",
+        return_value=datetime.datetime.min + _helpers.REFRESH_THRESHOLD,
+    )
+    @mock.patch("google.auth.compute_engine._metadata.get", autospec=True)
+    def test_refresh_success_with_default_email(self, get, utcnow):
+        service_account_email = "[email protected]"
+        get.side_effect = [
+            {
+                # First request is for sevice account info.
+                "email": service_account_email,
                 "scopes": ["one", "two"],
             },
             {