Skip to content

chore(tests): allow expired secret in system tests #1883

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
daniel-sanche merged 3 commits into from
Dec 4, 2025
Merged

chore(tests): allow expired secret in system tests #1883

daniel-sanche merged 3 commits into from
Dec 4, 2025

Conversation

@daniel-sanche
Copy link
Collaborator

@daniel-sanche daniel-sanche commented Dec 4, 2025

Allow system tests to pass, even if the secret is found to be expired

Long term, we should re-think these tests. But this will unblock work in this repo

Context: #1882

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 4, 2025

Summary of Changes

Hello @daniel-sanche, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a short-term fix to prevent system tests from failing due to expired authorized_user.json credentials. By introducing specific exception handling, the tests will now proceed without error when encountering a RefreshError related to an expired token from this particular credential type. This change aims to unblock development efforts while a more comprehensive solution for handling these test scenarios is planned for the future.

Highlights

  • Test Tolerance for Expired Credentials: The system tests have been updated to tolerate RefreshError exceptions specifically when an authorized_user.json credential's token has expired or been revoked. This allows tests to pass under these conditions.
  • Temporary Unblocker: This change is a temporary measure to unblock ongoing work in the repository, acknowledging that a more permanent solution or re-evaluation of these tests is needed in the long term, as indicated by a linked GitHub issue.
  • Targeted Exception Handling: The modification introduces a try-except block around the credential refresh logic, specifically catching RefreshError and conditionally ignoring it only if the GOOGLE_APPLICATION_CREDENTIALS environment variable points to an authorized_user.json file and the error message indicates an expired or revoked token.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a workaround to the system tests to ignore RefreshError for expired authorized user credentials, unblocking other work. The changes are applied to both synchronous and asynchronous tests. My review identifies a potential AttributeError in the new logic in both modified files, which could occur if the GOOGLE_APPLICATION_CREDENTIALS environment variable is not set. I've provided code suggestions to fix this potential crash.

@daniel-sanche daniel-sanche marked this pull request as ready for review December 4, 2025 21:38
@daniel-sanche daniel-sanche requested review from a team as code owners December 4, 2025 21:38
@daniel-sanche daniel-sanche merged commit 3e8a566 into main Dec 4, 2025
14 checks passed
@daniel-sanche daniel-sanche deleted the skip_secret_tests branch December 4, 2025 21:57
@chalmerlowe chalmerlowe mentioned this pull request Dec 22, 2025
Merged
gcf-merge-on-green bot pushed a commit that referenced this pull request Dec 22, 2025
@google-labs-jules
test: handle invalid_grant in default creds system tests (#1901)
cccad82 
Updated `system_tests/system_tests_sync/test_default.py` and `system_tests/system_tests_async/test_default.py` to catch `RefreshError` and check for "invalid_grant" in the error message when running with `authorized_user.json` credentials. This allows the test to pass by confirming the library correctly received the error from the server, acknowledging that the CI credentials are often stale.

This builds on @daniel-sanche' work in [PR #1883](https://togithub.com/googleapis/google-auth-library-python/pull/1883).

Recent changes to `main` appear to have adjusted the response values in these tests and was leading to them failing during CI/CD presubmit tests ([see example below](https://togithub.com/googleapis/google-auth-library-python/pull/1901#issuecomment-3682277336)). This update now prevents those failing tests.


---
*PR created automatically by Jules for task [5370487295365926138](https://jules.google.com/task/5370487295365926138) started by @chalmerlowe*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Linchin Linchin Linchin approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Linchin Linchin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@daniel-sanche @Linchin