Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add delegate_credentials #299

Merged
merged 15 commits into from
Nov 9, 2018
Merged

Add delegate_credentials #299

merged 15 commits into from
Nov 9, 2018

Conversation

salrashid123
Copy link
Contributor

@salrashid123 salrashid123 commented Oct 12, 2018

Delegate Credentials is basically a way for a user or (more common) service account to impersonate another service account.

Ref:

I've verified the sample with service_account, user_credentials and with GCE metadata server.


sample usage

scopes = ['https://www.googleapis.com/auth/devstorage.read_only']
svc_account_file = '/path/to/svc_account.json'

os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = svc_account_file
root_credentials, project = google.auth.default(scopes=scopes)

#project = 'your_project'
#root_credentials = google.oauth2.service_account.Credentials.from_service_account_file(svc_account_file)

#user_creds_file = '/path/to/user_creds.json'
#root_credentials = credentials.Credentials.from_authorized_user_file(user_creds_file, scopes=scopes)

print "Try to list buckets in destination project (this will fail because current user/svc does not have access")
try:    
    client = storage.Client(credentials=root_credentials)
    buckets = client.list_buckets(project='your_project')
    for bkt in buckets:
      print bkt
except google.api_core.exceptions.Forbidden as e:
  print e
  pass

print('--------------------------------------------------------')
# now use as [email protected], get an access_token for
# [email protected]   (that account _does_ have access)

new_scopes = ['https://www.googleapis.com/auth/devstorage.read_only']
delegate_credentials = DelegateCredentials(
              root_credentials = root_credentials,
              principal='[email protected]',
              new_scopes = new_scopes,
              delegates=[],
              lifetime=500)

print("listing bucket in destination project:")
client = storage.Client(credentials=delegate_credentials)
buckets = client.list_buckets(project='fabled-ray-104117')
for bkt in buckets:
  print bkt.name

For https://github.com/googleapis/google-cloud-common/issues/266

/comments off

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Oct 12, 2018
@theacodes theacodes self-requested a review October 12, 2018 22:31
@salrashid123
Copy link
Contributor Author

Some comments on the PR

(CI seems to be 'stuck' on one test currently)


I originally wanted to use google.auth.transport.AuthorizedSession in DelegateCredentials._updateToken() but the the embedded mock request object passed in through to the AuthorizedSession seems to get reset. So instead, i used the request directly

authed_session = AuthorizedSession(self._root_credentials)
response = authed_session.post(iam_endpoint,
                               headers={'Content-Type': 'application/json'},
                               json=body)
if (response.status_code == 200):
    token_response = json.loads(response.content)
    self.token = token_response['accessToken']
    self.expiry = datetime.datetime.strptime(token_response['expireTime'], '%Y-%m-%dT%H:%M:%SZ')

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

but hte actual API returns just seconds (i'd expect second resolution for this type of api, actually). I'll file a bug to update the docs; I've taken this into account in the PR

From the API response

{
    "expireTime": "2018-10-13T16:51:00Z", 
    "accessToken": "<redacted>"
}

@salrashid123
Copy link
Contributor Author

changed the name of the function from DelegateCredentials --> ImpersonatedCredentials.

ref:

docs/user-guide.rst Outdated Show resolved Hide resolved
client = storage.Client(credentials=root_credentials)

impersonated_credentials = ImpersonatedCredentials(
root_credentials = root_credentials,

This comment was marked as spam.

This comment was marked as spam.

google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
google/auth/impersonated_credentials.py Outdated Show resolved Hide resolved
@salrashid123
Copy link
Contributor Author

Not sure how to squish these to make the linter happy...

google/auth/impersonated_credentials.py:77:80: E501 line too long (80 > 79 characters)
google/auth/impersonated_credentials.py:78:80: E501 line too long (83 > 79 characters)
google/auth/impersonated_credentials.py:176:80: E501 line too long (80 > 79 characters)

@theacodes
Copy link
Contributor

@salrashid123 I made significant changes, but this is ready to merge. Can you please do a real-world test of the changes before we merge this in?

Thank you for all of your work and patience on this!

@salrashid123
Copy link
Contributor Author

sure, for the record, there's the sample real testing done for the initial source_credentials as a service account and running inside GCE as computecredentials.

#!/usr/bin/python
from google.cloud import storage
import google.auth
from google.oauth2 import credentials
from google.oauth2 import service_account


from google.auth import impersonated_credentials
import google.api_core.exceptions
import os, time

# Create source identity:
# gcloud iam service-accounts create source-serviceaccount --display-name="Source Identity"
# gcloud iam service-accounts keys  create svc-src.json --iam-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com


# Create target identity
# gcloud iam service-accounts create target-serviceaccount --display-name="Target Identity"

# Allow source to impersonate target
# gcloud iam service-accounts add-iam-policy-binding target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --member='serviceAccount:source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/iam.serviceAccountTokenCreator'

# Add resource ACL to target
# gcloud projects add-iam-policy-binding mineral-minutia-820 --member='serviceAccount:target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com' --role='roles/storage.admin'

# Test the app below


# now create a GCE instance of the same source identity.
# comment out the service account section and uncomment the ComputeCredential section (as ADC)
# gcloud compute instances create impersonate-test --service-account=source-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com --scopes=https://www.googleapis.com/auth/iam
# Upload the source below to GCE and rerun the test

# For service account credentials
svc_account_file = 'svc-src.json'

target_scopes = ['https://www.googleapis.com/auth/devstorage.read_only']
source_credentials = service_account.Credentials.from_service_account_file(
    svc_account_file,
    scopes=target_scopes)


# For ComputeCredentials
# source_credentials, project = google.auth.default() 



try:
  client = storage.Client(credentials=source_credentials)
  buckets = client.list_buckets(project='mineral-minutia-820')
  for bucket in buckets:
    print bucket.name
except google.api_core.exceptions.Forbidden:
  print ">>>>> Forbidden"
  pass

# now try delegation
target_credentials = impersonated_credentials.Credentials(
    source_credentials = source_credentials,
    target_principal='target-serviceaccount@mineral-minutia-820.iam.gserviceaccount.com',
    target_scopes = target_scopes,
    delegates=[],
    lifetime=500)
client = storage.Client(credentials=target_credentials)
buckets = client.list_buckets(project='mineral-minutia-820')
for bucket in buckets:
    print bucket.name

@theacodes
Copy link
Contributor

Cool, we should probably try to turn that into a system test at some point, but it's not needed right now.

Let me know how testing goes, then we can merge and release.

@salrashid123
Copy link
Contributor Author

@theacodes
I already ran through those tests (been running live tests also to verify refresh() behavior w/ one credential in loop, etc)

@theacodes
Copy link
Contributor

Cool, let's get this merged.

@theacodes theacodes merged commit 1fbc679 into googleapis:master Nov 9, 2018
@salrashid123 salrashid123 deleted the add-delegated-auth branch November 9, 2018 19:35
bors bot added a commit to mozilla/normandy that referenced this pull request Nov 12, 2018
1617: Scheduled weekly dependency update for week 45 r=peterbe a=pyup-bot






### Update [botocore](https://pypi.org/project/botocore) from **1.12.33** to **1.12.42**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.12.42
   ```
   =======

* api-change:``mediapackage``: Update mediapackage client to latest version
   ```
   
  
  
   ### 1.12.41
   ```
   =======

* api-change:``medialive``: Update medialive client to latest version
* api-change:``dlm``: Update dlm client to latest version
* api-change:``events``: Update events client to latest version
   ```
   
  
  
   ### 1.12.40
   ```
   =======

* api-change:``dms``: Update dms client to latest version
* api-change:``ce``: Update ce client to latest version
* api-change:``ec2``: Update ec2 client to latest version
   ```
   
  
  
   ### 1.12.39
   ```
   =======

* api-change:``codebuild``: Update codebuild client to latest version
* api-change:``pinpoint``: Update pinpoint client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``pinpoint-email``: Update pinpoint-email client to latest version
* api-change:``apigateway``: Update apigateway client to latest version
* api-change:``waf-regional``: Update waf-regional client to latest version
* bugfix:session config: Added the default session configuration tuples back to session.session_vars_map.
   ```
   
  
  
   ### 1.12.38
   ```
   =======

* api-change:``eks``: Update eks client to latest version
* enhancement:Configuration: Added new configuration provider methods allowing for more flexibility in how a botocore session loads a particular configuration value.
* api-change:``serverlessrepo``: Update serverlessrepo client to latest version
   ```
   
  
  
   ### 1.12.37
   ```
   =======

* api-change:``rekognition``: Update rekognition client to latest version
* api-change:``clouddirectory``: Update clouddirectory client to latest version
   ```
   
  
  
   ### 1.12.36
   ```
   =======

* api-change:``servicecatalog``: Update servicecatalog client to latest version
* enhancement:Exceptions: Add the ability to pickle botocore exceptions (`834 &lt;https://github.com/boto/botocore/issues/834&gt;`__)
   ```
   
  
  
   ### 1.12.35
   ```
   =======

* api-change:``mediastore-data``: Update mediastore-data client to latest version
* api-change:``secretsmanager``: Update secretsmanager client to latest version
* api-change:``greengrass``: Update greengrass client to latest version
* api-change:``config``: Update config client to latest version
   ```
   
  
  
   ### 1.12.34
   ```
   =======

* api-change:``chime``: Update chime client to latest version
* api-change:``rds``: Update rds client to latest version
* api-change:``dms``: Update dms client to latest version
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/botocore
  - Changelog: https://pyup.io/changelogs/botocore/
  - Repo: https://github.com/boto/botocore
</details>





### Update [future](https://pypi.org/project/future) from **0.17.0** to **0.17.1**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/future
  - Changelog: https://pyup.io/changelogs/future/
  - Homepage: https://python-future.org
  - Docs: https://pythonhosted.org/future/
</details>





### Update [MarkupSafe](https://pypi.org/project/MarkupSafe) from **1.0** to **1.1.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.1.0
   ```
   -------------

Released 2018-11-05

-   Drop support for Python 2.6 and 3.3.
-   Build wheels for Linux, Mac, and Windows, allowing systems without
    a compiler to take advantage of the C extension speedups. (`104`_)
-   Use newer CPython API on Python 3, resulting in a 1.5x speedup.
    (`64`_)
-   ``escape`` wraps ``__html__`` result in ``Markup``, consistent with
    documented behavior. (`69`_)

.. _64: pallets/markupsafe#64
.. _69: pallets/markupsafe#69
.. _104: pallets/markupsafe#104
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/markupsafe
  - Changelog: https://pyup.io/changelogs/markupsafe/
  - Homepage: https://www.palletsprojects.com/p/markupsafe/
</details>





### Update [urllib3](https://pypi.org/project/urllib3) from **1.24** to **1.24.1**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/urllib3
  - Changelog: https://pyup.io/changelogs/urllib3/
  - Docs: https://urllib3.readthedocs.io/
</details>





### Update [pyparsing](https://pypi.org/project/pyparsing) from **2.2.2** to **2.3.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 2.3.0
   ```
   -----------------------------
- NEW SUPPORT FOR UNICODE CHARACTER RANGES
  This release introduces the pyparsing_unicode namespace class, defining
  a series of language character sets to simplify the definition of alphas,
  nums, alphanums, and printables in the following language sets:
   . Arabic
   . Chinese
   . Cyrillic
   . Devanagari
   . Greek
   . Hebrew
   . Japanese (including Kanji, Katakana, and Hirigana subsets)
   . Korean
   . Latin1 (includes 7 and 8-bit Latin characters)
   . Thai
   . CJK (combination of Chinese, Japanese, and Korean sets)

  For example, your code can define words using:

    korean_word = Word(pyparsing_unicode.Korean.alphas)

  See their use in the updated examples greetingInGreek.py and
  greetingInKorean.py.

  This namespace class also offers access to these sets using their
  unicode identifiers.

- POSSIBLE API CHANGE: Fixed bug where a parse action that explicitly 
  returned the input ParseResults could add another nesting level in
  the results if the current expression had a results name.

        vals = pp.OneOrMore(pp.pyparsing_common.integer)(&quot;int_values&quot;)
        
        def add_total(tokens):
            tokens[&#39;total&#39;] = sum(tokens)
            return tokens   this line can be removed

        vals.addParseAction(add_total)
        print(vals.parseString(&quot;244 23 13 2343&quot;).dump())

  Before the fix, this code would print (note the extra nesting level):
  
    [244, 23, 13, 2343]
    - int_values: [244, 23, 13, 2343]
      - int_values: [244, 23, 13, 2343]
      - total: 2623
    - total: 2623

  With the fix, this code now prints:
  
    [244, 23, 13, 2343]
    - int_values: [244, 23, 13, 2343]
    - total: 2623

  This fix will change the structure of ParseResults returned if a 
  program defines a parse action that returns the tokens that were 
  sent in. This is not necessary, and statements like &quot;return tokens&quot; 
  in the example above can be safely deleted prior to upgrading to 
  this release, in order to avoid the bug and get the new behavior.

  Reported by seron in Issue 22, nice catch!

- POSSIBLE API CHANGE: Fixed a related bug where a results name 
  erroneously created a second level of hierarchy in the returned 
  ParseResults. The intent for accumulating results names into ParseResults
  is that, in the absence of Group&#39;ing, all names get merged into a
  common namespace. This allows us to write:
  
       key_value_expr = (Word(alphas)(&quot;key&quot;) + &#39;=&#39; + Word(nums)(&quot;value&quot;))
       result = key_value_expr.parseString(&quot;a = 100&quot;) 
    
  and have result structured as {&quot;key&quot;: &quot;a&quot;, &quot;value&quot;: &quot;100&quot;} 
  instead of [{&quot;key&quot;: &quot;a&quot;}, {&quot;value&quot;: &quot;100&quot;}].
  
  However, if a named expression is used in a higher-level non-Group 
  expression that *also* has a name, a false sub-level would be created 
  in the namespace:

        num = pp.Word(pp.nums)
        num_pair = (&quot;[&quot; + (num(&quot;A&quot;) + num(&quot;B&quot;))(&quot;values&quot;) + &quot;]&quot;)
        U = num_pair.parseString(&quot;[ 10 20 ]&quot;)
        print(U.dump())

  Since there is no grouping, &quot;A&quot;, &quot;B&quot;, and &quot;values&quot; should all appear
  at the same level in the results, as:
  
        [&#39;[&#39;, &#39;10&#39;, &#39;20&#39;, &#39;]&#39;]
        - A: &#39;10&#39;
        - B: &#39;20&#39;
        - values: [&#39;10&#39;, &#39;20&#39;]

  Instead, an extra level of &quot;A&quot; and &quot;B&quot; show up under &quot;values&quot;:
  
        [&#39;[&#39;, &#39;10&#39;, &#39;20&#39;, &#39;]&#39;]
        - A: &#39;10&#39;
        - B: &#39;20&#39;
        - values: [&#39;10&#39;, &#39;20&#39;]
          - A: &#39;10&#39;
          - B: &#39;20&#39;

  This bug has been fixed. Now, if this hierarchy is desired, then a
  Group should be added:
  
        num_pair = (&quot;[&quot; + pp.Group(num(&quot;A&quot;) + num(&quot;B&quot;))(&quot;values&quot;) + &quot;]&quot;)

  Giving:
  
        [&#39;[&#39;, [&#39;10&#39;, &#39;20&#39;], &#39;]&#39;]
        - values: [&#39;10&#39;, &#39;20&#39;]
          - A: &#39;10&#39;
          - B: &#39;20&#39;

  But in no case should &quot;A&quot; and &quot;B&quot; appear in multiple levels. This bug-fix
  fixes that.
  
  If you have current code which relies on this behavior, then add or remove
  Groups as necessary to get your intended results structure.
  
  Reported by Athanasios Anastasiou.

- IndexError&#39;s raised in parse actions will get explicitly reraised 
  as ParseExceptions that wrap the original IndexError. Since 
  IndexError sometimes occurs as part of pyparsing&#39;s normal parsing 
  logic, IndexErrors that are raised during a parse action may have
  gotten silently reinterpreted as parsing errors. To retain the 
  information from the IndexError, these exceptions will now be 
  raised as ParseExceptions that reference the original IndexError. 
  This wrapping will only be visible when run under Python3, since it
  emulates &quot;raise ... from ...&quot; syntax. 
  
  Addresses Issue 4, reported by guswns0528.

- Added Char class to simplify defining expressions of a single
  character. (Char(&quot;abc&quot;) is equivalent to Word(&quot;abc&quot;, exact=1))

- Added class PrecededBy to perform lookbehind tests. PrecededBy is 
  used in the same way as FollowedBy, passing in an expression that
  must occur just prior to the current parse location.
  
  For fixed-length expressions like a Literal, Keyword, Char, or a 
  Word with an `exact` or `maxLen` length given, `PrecededBy(expr)` 
  is sufficient. For varying length expressions like a Word with no 
  given maximum length, `PrecededBy` must be constructed with an 
  integer `retreat` argument, as in 
  `PrecededBy(Word(alphas, nums), retreat=10)`, to specify the maximum 
  number of characters pyparsing must look backward to make a match. 
  pyparsing will check all the values from 1 up to retreat characters 
  back from the current parse location.

  When stepping backwards through the input string, PrecededBy does 
  *not* skip over whitespace.
  
  PrecededBy can be created with a results name so that, even though
  it always returns an empty parse result, the result *can* include
  named results.
  
  Idea first suggested in Issue 30 by Freakwill.

- Updated FollowedBy to accept expressions that contain named results,
  so that results names defined in the lookahead expression will be 
  returned, even though FollowedBy always returns an empty list.
  Inspired by the same feature implemented in PrecededBy.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyparsing
  - Changelog: https://pyup.io/changelogs/pyparsing/
  - Repo: https://github.com/pyparsing/pyparsing/
  - Docs: https://pythonhosted.org/pyparsing/
</details>





### Update [google-api-core](https://pypi.org/project/google-api-core) from **1.5.0** to **1.5.2**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/google-api-core
  - Repo: https://github.com/GoogleCloudPlatform/google-cloud-python
</details>





### Update [google-auth](https://pypi.org/project/google-auth) from **1.5.1** to **1.6.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.6.0
   ```
   ------

11-09-2018 11:07 PST

New Features
++++++++++++

- Add google.auth.impersonated_credentials ([299](googleapis/google-auth-library-python#299))

Documentation
+++++++++++++

- Update link to documentation for default credentials ([296](googleapis/google-auth-library-python#296))
- Update github issue templates ([300](googleapis/google-auth-library-python#300))
- Remove punctuation which becomes part of the url ([284](googleapis/google-auth-library-python#284))

Internal / Testing Changes
++++++++++++++++++++++++++

- Update trampoline.sh ([302](googleapis/google-auth-library-python#302))
- Enable static type checking with pytype ([298](googleapis/google-auth-library-python#298))
- Make classifiers in setup.py an array. ([280](googleapis/google-auth-library-python#280))
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/google-auth
  - Changelog: https://pyup.io/changelogs/google-auth/
  - Repo: https://github.com/GoogleCloudPlatform/google-auth-library-python
</details>





### Update [googleapis-common-protos](https://pypi.org/project/googleapis-common-protos) from **1.5.3** to **1.5.5**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/googleapis-common-protos
  - Repo: https://github.com/googleapis/googleapis
</details>





### Update [cachetools](https://pypi.org/project/cachetools) from **2.1.0** to **3.0.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 3.0.0
   ```
   -------------------

- Officially support Python 3.7.

- Drop Python 3.3 support (breaking change).

- Remove ``missing`` cache constructor parameter (breaking change).

- Remove ``self`` from ``cachedmethod`` key arguments (breaking
  change).

- Add support for ``maxsize=None`` in ``cachetools.func`` decorators.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/cachetools
  - Changelog: https://pyup.io/changelogs/cachetools/
  - Repo: https://github.com/tkem/cachetools
</details>





### Update [boto3](https://pypi.org/project/boto3) from **1.9.33** to **1.9.42**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.9.42
   ```
   ======

* api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version
   ```
   
  
  
   ### 1.9.41
   ```
   ======

* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``dlm``: [``botocore``] Update dlm client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
   ```
   
  
  
   ### 1.9.40
   ```
   ======

* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
   ```
   
  
  
   ### 1.9.39
   ```
   ======

* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``pinpoint-email``: [``botocore``] Update pinpoint-email client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``waf-regional``: [``botocore``] Update waf-regional client to latest version
* bugfix:session config: [``botocore``] Added the default session configuration tuples back to session.session_vars_map.
   ```
   
  
  
   ### 1.9.38
   ```
   ======

* api-change:``eks``: [``botocore``] Update eks client to latest version
* enhancement:Configuration: [``botocore``] Added new configuration provider methods allowing for more flexibility in how a botocore session loads a particular configuration value.
* api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version
   ```
   
  
  
   ### 1.9.37
   ```
   ======

* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
* api-change:``clouddirectory``: [``botocore``] Update clouddirectory client to latest version
   ```
   
  
  
   ### 1.9.36
   ```
   ======

* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* enhancement:Exceptions: [``botocore``] Add the ability to pickle botocore exceptions (`834 &lt;https://github.com/boto/botocore/issues/834&gt;`__)
   ```
   
  
  
   ### 1.9.35
   ```
   ======

* api-change:``mediastore-data``: [``botocore``] Update mediastore-data client to latest version
* api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version
* api-change:``greengrass``: [``botocore``] Update greengrass client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
   ```
   
  
  
   ### 1.9.34
   ```
   ======

* api-change:``chime``: [``botocore``] Update chime client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/boto3
  - Changelog: https://pyup.io/changelogs/boto3/
  - Repo: https://github.com/boto/boto3
</details>





### Update [psycopg2](https://pypi.org/project/psycopg2) from **2.7.5** to **2.7.6.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 2.7.6
   ```
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Close named cursors if exist, even if `~cursor.execute()` wasn&#39;t called
  (:ticket:`746`).
- Fixed building on modern FreeBSD versions with Python 3.7 (:ticket:`755`).
- Fixed hang trying to :sql:`COPY` via `~cursor.execute()` in asynchronous
  connections (:ticket:`781`).
- Fixed adaptation of arrays of empty arrays (:ticket:`788`).
- Fixed segfault accessing the connection&#39;s `~connection.readonly` and
  `~connection.deferrable` attributes repeatedly (:ticket:`790`).
- `~psycopg2.extras.execute_values()` accepts `~psycopg2.sql.Composable`
  objects (:ticket:`794`).
- `~psycopg2.errorcodes` map updated to PostgreSQL 11.
- Wheel package compiled against PostgreSQL 10.5 libpq and OpenSSL 1.0.2p.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/psycopg2
  - Changelog: https://pyup.io/changelogs/psycopg2/
  - Homepage: http://initd.org/psycopg/
</details>





### Update [pytest](https://pypi.org/project/pytest) from **3.9.3** to **3.10.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 3.10.1
   ```
   ==========================

Bug Fixes
---------

- `4287 &lt;https://github.com/pytest-dev/pytest/issues/4287&gt;`_: Fix nested usage of debugging plugin (pdb), e.g. with pytester&#39;s ``testdir.runpytest``.


- `4304 &lt;https://github.com/pytest-dev/pytest/issues/4304&gt;`_: Block the ``stepwise`` plugin if ``cacheprovider`` is also blocked, as one depends on the other.


- `4306 &lt;https://github.com/pytest-dev/pytest/issues/4306&gt;`_: Parse ``minversion`` as an actual version and not as dot-separated strings.


- `4310 &lt;https://github.com/pytest-dev/pytest/issues/4310&gt;`_: Fix duplicate collection due to multiple args matching the same packages.


- `4321 &lt;https://github.com/pytest-dev/pytest/issues/4321&gt;`_: Fix ``item.nodeid`` with resolved symlinks.


- `4325 &lt;https://github.com/pytest-dev/pytest/issues/4325&gt;`_: Fix collection of direct symlinked files, where the target does not match ``python_files``.


- `4329 &lt;https://github.com/pytest-dev/pytest/issues/4329&gt;`_: Fix TypeError in report_collect with _collect_report_last_write.



Trivial/Internal Changes
------------------------

- `4305 &lt;https://github.com/pytest-dev/pytest/issues/4305&gt;`_: Replace byte/unicode helpers in test_capture with python level syntax.
   ```
   
  
  
   ### 3.10.0
   ```
   ==========================

Features
--------

- `2619 &lt;https://github.com/pytest-dev/pytest/issues/2619&gt;`_: Resume capturing output after ``continue`` with ``__import__(&quot;pdb&quot;).set_trace()``.

  This also adds a new ``pytest_leave_pdb`` hook, and passes in ``pdb`` to the
  existing ``pytest_enter_pdb`` hook.


- `4147 &lt;https://github.com/pytest-dev/pytest/issues/4147&gt;`_: Add ``--sw``, ``--stepwise`` as an alternative to ``--lf -x`` for stopping at the first failure, but starting the next test invocation from that test.  See `the documentation &lt;https://docs.pytest.org/en/latest/cache.htmlstepwise&gt;`__ for more info.


- `4188 &lt;https://github.com/pytest-dev/pytest/issues/4188&gt;`_: Make ``--color`` emit colorful dots when not running in verbose mode. Earlier, it would only colorize the test-by-test output if ``--verbose`` was also passed.


- `4225 &lt;https://github.com/pytest-dev/pytest/issues/4225&gt;`_: Improve performance with collection reporting in non-quiet mode with terminals.

  The &quot;collecting …&quot; message is only printed/updated every 0.5s.



Bug Fixes
---------

- `2701 &lt;https://github.com/pytest-dev/pytest/issues/2701&gt;`_: Fix false ``RemovedInPytest4Warning: usage of Session... is deprecated, please use pytest`` warnings.


- `4046 &lt;https://github.com/pytest-dev/pytest/issues/4046&gt;`_: Fix problems with running tests in package ``__init__.py`` files.


- `4260 &lt;https://github.com/pytest-dev/pytest/issues/4260&gt;`_: Swallow warnings during anonymous compilation of source.


- `4262 &lt;https://github.com/pytest-dev/pytest/issues/4262&gt;`_: Fix access denied error when deleting stale directories created by ``tmpdir`` / ``tmp_path``.


- `611 &lt;https://github.com/pytest-dev/pytest/issues/611&gt;`_: Naming a fixture ``request`` will now raise a warning: the ``request`` fixture is internal and
  should not be overwritten as it will lead to internal errors.

- `4266 &lt;https://github.com/pytest-dev/pytest/issues/4266&gt;`_: Handle (ignore) exceptions raised during collection, e.g. with Django&#39;s LazySettings proxy class.



Improved Documentation
----------------------

- `4255 &lt;https://github.com/pytest-dev/pytest/issues/4255&gt;`_: Added missing documentation about the fact that module names passed to filter warnings are not regex-escaped.



Trivial/Internal Changes
------------------------

- `4272 &lt;https://github.com/pytest-dev/pytest/issues/4272&gt;`_: Display cachedir also in non-verbose mode if non-default.


- `4277 &lt;https://github.com/pytest-dev/pytest/issues/4277&gt;`_: pdb: improve message about output capturing with ``set_trace``.

  Do not display &quot;IO-capturing turned off/on&quot; when ``-s`` is used to avoid
  confusion.


- `4279 &lt;https://github.com/pytest-dev/pytest/issues/4279&gt;`_: Improve message and stack level of warnings issued by ``monkeypatch.setenv`` when the value of the environment variable is not a ``str``.
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pytest
  - Changelog: https://pyup.io/changelogs/pytest/
  - Homepage: https://docs.pytest.org/en/latest/
</details>





### Update [pytest-testrail](https://pypi.org/project/pytest-testrail) from **2.3.0** to **2.3.1**.


<details>
  <summary>Changelog</summary>
  
  
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pytest-testrail
  - Changelog: https://pyup.io/changelogs/pytest-testrail/
  - Repo: http://github.com/allankp/pytest-testrail/
</details>





### Update [requests](https://pypi.org/project/requests) from **2.20.0** to **2.20.1**.


<details>
  <summary>Changelog</summary>
  
  
   ### 2.20.1
   ```
   -------------------

**Bugfixes**

- Fixed bug with unintended Authorization header stripping for
  redirects using default ports (http/80, https/443).
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/requests
  - Changelog: https://pyup.io/changelogs/requests/
  - Homepage: http://python-requests.org
</details>





### Update [Sphinx](https://pypi.org/project/Sphinx) from **1.8.1** to **1.8.2**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.8.2
   ```
   =====================================

Incompatible changes
--------------------

* 5497: Do not include MathJax.js and jsmath.js unless it is really needed

Features added
--------------

* 5471: Show appropriate deprecation warnings

Bugs fixed
----------

* 5490: latex: enumerated list causes a crash with recommonmark
* 5492: sphinx-build fails to build docs w/ Python &lt; 3.5.2
* 3704: latex: wrong ``\label`` positioning for figures with a legend
* 5496: C++, fix assertion when a symbol is declared more than twice.
* 5493: gettext: crashed with broken template
* 5495: csv-table directive with file option in included file is broken (refs:
  4821)
* 5498: autodoc: unable to find type hints for a ``functools.partial``
* 5480: autodoc: unable to find type hints for unresolvable Forward references
* 5419: incompatible math_block node has been generated
* 5548: Fix ensuredir() in case of pre-existing file
* 5549: graphviz Correctly deal with non-existing static dir
* 3002: i18n: multiple footnote_references referring same footnote causes
  duplicated node_ids
* 5563: latex: footnote_references generated by extension causes LaTeX builder
  crashed
* 5561: make all-pdf fails with old xindy version
* 5557: quickstart: --no-batchfile isn&#39;t honored
* 3080: texinfo: multiline rubrics are broken
* 3080: texinfo: multiline citations are broken
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/sphinx
  - Changelog: https://pyup.io/changelogs/sphinx/
  - Homepage: http://sphinx-doc.org/
</details>







Co-authored-by: pyup-bot <[email protected]>
takirala referenced this pull request in d2iq-archive/dcos-commons Dec 13, 2018
This PR contains the following updates:

| Package | Update | Change | References |
|---|---|---|---|
| google-auth | minor | `==1.5.1` -> `==1.6.1` | [source](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python) |

---

### Release Notes

<details>
<summary>GoogleCloudPlatform/google-auth-library-python</summary>

### [`v1.6.1`](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/blob/master/CHANGELOG.rst#v161)

[Compare Source](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/compare/v1.6.0...v1.6.1)

11-12-2018 10:10 PST

Implementation Changes
\++++++++++++++++++++++

-   Automatically refresh impersonated credentials (`#&#8203;304 <https://github.com/googleapis/google-auth-library-python/pull/304>`\_)

### [`v1.6.0`](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/blob/master/CHANGELOG.rst#v160)

[Compare Source](https://renovatebot.com/gh/GoogleCloudPlatform/google-auth-library-python/compare/v1.5.1...v1.6.0)

11-09-2018 11:07 PST

New Features
\++++++++++++

-   Add google.auth.impersonated_credentials (`#&#8203;299 <https://github.com/googleapis/google-auth-library-python/pull/299>`_)

Documentation
\+++++++++++++

-   Update link to documentation for default credentials (`#&#8203;296 <https://github.com/googleapis/google-auth-library-python/pull/296>`\_)
-   Update github issue templates (`#&#8203;300 <https://github.com/googleapis/google-auth-library-python/pull/300>`\_)
-   Remove punctuation which becomes part of the url (`#&#8203;284 <https://github.com/googleapis/google-auth-library-python/pull/284>`\_)

Internal / Testing Changes
\++++++++++++++++++++++++++

-   Update trampoline.sh (`#&#8203;302 <https://github.com/googleapis/google-auth-library-python/pull/302>`\_)
-   Enable static type checking with pytype (`#&#8203;298 <https://github.com/googleapis/google-auth-library-python/pull/298>`\_)
-   Make classifiers in setup.py an array. (`#&#8203;280 <https://github.com/googleapis/google-auth-library-python/pull/280>`\_)

</details>

---

### Renovate configuration

:date: **Schedule**: At any time (no schedule defined).

:vertical_traffic_light: **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

:recycle: **Rebasing**: Whenever PR becomes conflicted, or if you modify the PR title to begin with "`rebase!`".

:no_bell: **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- renovate-rebase -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://renovatebot.com/gh/marketplace/renovate). View repository job log [here](https://renovatebot.com/dashboard#mesosphere/dcos-commons).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants