fix: Make systems tests resilient and fix the unit tests for async flow

agrawalradhika-cell · agrawalradhika-cell · commit a3b4ad76fcb2 · 2026-02-17T08:45:59.000-08:00
Signed-off-by: Radhika Agrawal &lt;agrawalradhika@google.com&gt;
diff --git a/system_tests/system_tests_sync/test_service_account.py b/system_tests/system_tests_sync/test_service_account.py
@@ -41,12 +41,12 @@ def test_refresh_success(http_request, credentials, token_info):
 
     assert info["email"] == credentials.service_account_email
     info_scopes = _helpers.string_to_scopes(info["scope"])
-    assert set(info_scopes) == set(
+    assert set(info_scopes).issubset(set(
         [
             "https://www.googleapis.com/auth/userinfo.email",
             "https://www.googleapis.com/auth/userinfo.profile",
         ]
-    )
+    ))
 
 def test_iam_signer(http_request, credentials):
     credentials = credentials.with_scopes(
diff --git a/tests/transport/aio/test_sessions_mtls.py b/tests/transport/aio/test_sessions_mtls.py
@@ -34,86 +34,89 @@
 
 class TestSessionsMtls:
     @pytest.mark.asyncio
-    @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"})
-    @mock.patch("os.path.exists")
-    @mock.patch(
-        "builtins.open",
-        new_callable=mock.mock_open,
-        read_data=json.dumps(VALID_WORKLOAD_CONFIG),
-    )
-    @mock.patch("google.auth.aio.transport.mtls.get_client_cert_and_key")
-    @mock.patch("ssl.create_default_context")
-    async def test_configure_mtls_channel(
-        self, mock_ssl, mock_helper, mock_file, mock_exists
-    ):
+    async def test_configure_mtls_channel(self):
         """
         Tests that the mTLS channel configures correctly when a
         valid workload config is mocked.
         """
-        mock_exists.return_value = True
-        mock_helper.return_value = (True, b"fake_cert_data", b"fake_key_data")
-
-        mock_context = mock.Mock(spec=ssl.SSLContext)
-        mock_ssl.return_value = mock_context
+        with mock.patch.dict(
+            os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}
+        ), mock.patch("os.path.exists") as mock_exists, mock.patch(
+            "builtins.open", mock.mock_open(read_data=json.dumps(VALID_WORKLOAD_CONFIG))
+        ), mock.patch(
+            "google.auth.aio.transport.mtls.get_client_cert_and_key"
+        ) as mock_helper, mock.patch(
+            "ssl.create_default_context"
+        ) as mock_ssl:
+            mock_exists.return_value = True
+            mock_helper.return_value = (True, b"fake_cert_data", b"fake_key_data")
+
+            mock_context = mock.Mock(spec=ssl.SSLContext)
+            mock_ssl.return_value = mock_context
+
+            # Use AsyncMock for credentials to avoid "coroutine never awaited" warnings
+            mock_creds = mock.AsyncMock(spec=credentials.Credentials)
+            session = sessions.AsyncAuthorizedSession(mock_creds)
 
-        mock_creds = mock.Mock(spec=credentials.Credentials)
-        session = sessions.AsyncAuthorizedSession(mock_creds)
-        await session.configure_mtls_channel()
+            await session.configure_mtls_channel()
 
-        assert session._is_mtls is True
-        assert mock_context.load_cert_chain.called
+            assert session._is_mtls is True
+            assert mock_context.load_cert_chain.called
 
     @pytest.mark.asyncio
-    @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"})
-    @mock.patch("os.path.exists")
-    async def test_configure_mtls_channel_disabled(self, mock_exists):
+    async def test_configure_mtls_channel_disabled(self):
         """
         Tests behavior when the config file does not exist.
         """
-        mock_exists.return_value = False
-        mock_creds = mock.Mock(spec=credentials.Credentials)
+        with mock.patch.dict(
+            os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}
+        ), mock.patch("os.path.exists") as mock_exists:
+            mock_exists.return_value = False
+            mock_creds = mock.AsyncMock(spec=credentials.Credentials)
+            session = sessions.AsyncAuthorizedSession(mock_creds)
 
-        session = sessions.AsyncAuthorizedSession(mock_creds)
-        await session.configure_mtls_channel()
+            await session.configure_mtls_channel()
 
-        # If the file doesn't exist, it shouldn't error; it just won't use mTLS
-        assert session._is_mtls is False
+            # If the file doesn't exist, it shouldn't error; it just won't use mTLS
+            assert session._is_mtls is False
 
     @pytest.mark.asyncio
-    @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"})
-    @mock.patch("os.path.exists")
-    @mock.patch(
-        "builtins.open", new_callable=mock.mock_open, read_data='{"invalid": "format"}'
-    )
-    async def test_configure_mtls_channel_invalid_format(self, mock_file, mock_exists):
+    async def test_configure_mtls_channel_invalid_format(self):
         """
         Verifies that the MutualTLSChannelError is raised for bad formats.
         """
-        mock_exists.return_value = True
-        mock_creds = mock.Mock(spec=credentials.Credentials)
+        with mock.patch.dict(
+            os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}
+        ), mock.patch("os.path.exists") as mock_exists, mock.patch(
+            "builtins.open", mock.mock_open(read_data='{"invalid": "format"}')
+        ):
+            mock_exists.return_value = True
+            mock_creds = mock.AsyncMock(spec=credentials.Credentials)
+            session = sessions.AsyncAuthorizedSession(mock_creds)
 
-        session = sessions.AsyncAuthorizedSession(mock_creds)
-        with pytest.raises(exceptions.MutualTLSChannelError):
-            await session.configure_mtls_channel()
+            with pytest.raises(exceptions.MutualTLSChannelError):
+                await session.configure_mtls_channel()
 
     @pytest.mark.asyncio
-    @mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"})
-    @mock.patch(
-        "google.auth.transport.mtls.has_default_client_cert_source",
-        return_value=True,
-    )
-    async def test_configure_mtls_channel_mock_callback(self, mock_has_cert):
+    async def test_configure_mtls_channel_mock_callback(self):
         """
         Tests mTLS configuration using bytes-returning callback.
         """
 
         def mock_callback():
             return (b"fake_cert_bytes", b"fake_key_bytes")
 
-        mock_creds = mock.Mock(spec=credentials.Credentials)
-
-        with mock.patch("ssl.SSLContext.load_cert_chain"):
+        with mock.patch.dict(
+            os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}
+        ), mock.patch(
+            "google.auth.transport.mtls.has_default_client_cert_source",
+            return_value=True,
+        ), mock.patch(
+            "ssl.SSLContext.load_cert_chain"
+        ):
+            mock_creds = mock.AsyncMock(spec=credentials.Credentials)
             session = sessions.AsyncAuthorizedSession(mock_creds)
+
             await session.configure_mtls_channel(client_cert_callback=mock_callback)
 
             assert session._is_mtls is True

Original file line number	Diff line number	Diff line change
`@@ -41,12 +41,12 @@ def test_refresh_success(http_request, credentials, token_info):`
`41`	`41`
`42`	`42`	`assert info["email"] == credentials.service_account_email`
`43`	`43`	`info_scopes = _helpers.string_to_scopes(info["scope"])`
`44`		`- assert set(info_scopes) == set(`
	`44`	`+ assert set(info_scopes).issubset(set(`
`45`	`45`	`[`
`46`	`46`	`"https://www.googleapis.com/auth/userinfo.email",`
`47`	`47`	`"https://www.googleapis.com/auth/userinfo.profile",`
`48`	`48`	`]`
`49`		`- )`
	`49`	`+ ))`
`50`	`50`
`51`	`51`	`def test_iam_signer(http_request, credentials):`
`52`	`52`	`credentials = credentials.with_scopes(`