From 0582bbd7731fcc121049c12464f318b4624fe63e Mon Sep 17 00:00:00 2001
From: Jon Wayne Parrott <jonwayne@google.com>
Date: Mon, 24 Oct 2016 22:16:46 -0700
Subject: [PATCH 1/2] Add system tests for service account credentials

---
 .travis.yml                          |   9 +++-
 scripts/decrypt-secrets.sh           |  27 ++++++++++
 scripts/encrypt-secrets.sh           |  32 ++++++++++++
 scripts/travis.sh                    |  36 +++++++++++++
 setup.py                             |   2 +-
 system_tests/.gitignore              |   2 +
 system_tests/__init__.py             |   0
 system_tests/conftest.py             |  73 +++++++++++++++++++++++++++
 system_tests/secrets.tar.enc         | Bin 0 -> 11808 bytes
 system_tests/test_service_account.py |  43 ++++++++++++++++
 tox.ini                              |  18 ++++++-
 11 files changed, 238 insertions(+), 4 deletions(-)
 create mode 100755 scripts/decrypt-secrets.sh
 create mode 100755 scripts/encrypt-secrets.sh
 create mode 100755 scripts/travis.sh
 create mode 100644 system_tests/.gitignore
 create mode 100644 system_tests/__init__.py
 create mode 100644 system_tests/conftest.py
 create mode 100644 system_tests/secrets.tar.enc
 create mode 100644 system_tests/test_service_account.py

diff --git a/.travis.yml b/.travis.yml
index 295f14cb5..a56fb349b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -16,13 +16,17 @@ matrix:
     env: TOXENV=pypy
   - python: 3.5
     env: TOXENV=cover
+  - python: 3.5
+    env: TOXENV=py35-system SYSTEM_TEST=1
+  - python: 2.7
+    env: TOXENV=py27-system SYSTEM_TEST=1
 cache:
   directories:
   - ${HOME}/.cache
 install:
 - pip install --upgrade tox
 script:
-- tox
+- scripts/travis.sh
 deploy:
   provider: pypi
   user: google_opensource
@@ -32,3 +36,6 @@ deploy:
   on:
     tags: true
     repo: GoogleCloudPlatform/google-auth-library-python
+env:
+  global:
+    secure: KjV9daSNZsM3/jth2d87MEu4irHtwNwUcdIUVglz3QrIX7fAcbFqHu/2Ux3yGC+iPJd5/i2jZWWz9F6iyuKdhyMySz2WaBsbySmCs1pREcRYWcK5GL49yPb3ZOZucprD/n0VIer0+eublQeBQRMxNdxfJEs6tgkHxTeiOJ3mHaeLa/nE1PXW9Ih6fgS5NT/7CE7SO0fw1th9ZdLdRyo3a9fphDWqiGlt0oRURRnoJ7qctLYAZ7uXDn3c6oXJ/dZsio6Hjx16dPNjn0dpkpCBFYN3D7wXD02Ysm/7u+SGl2FjqA76FmmnJsqJ5Nog1QV4v7YpJdTtpfXBOuXAov4Fz9xHVssX4dYZkW5JKsfVFFIilo1vQbO4mBjYw58/gJswJygD5smwO2GawAfm62mGpdx4mFv2lwZoqJbLg1qcuI/qc8DqPrc3Y1nVNu3oGdMcts5q2IeuZgI1yzdb/Qz0gtkkIDtPzoyBlAZE9hsylBI7SdoP7VpmP+vIW21yC3GpE3TajbVD8p53c70fV4YH0LSX6pFF6RBuSFLwarG+WYtPTEy2k3d0ATMdH0gBaf19FJ04RTwsbYZPqAy328Dl3RLioZffm8BHAeKzuVsocrIiiHjJM6PqtL4II0UfbiKahxLcI7t1cGTWVhUtqrnZKZwJrbLYGd08aBvioTne/Nk=
diff --git a/scripts/decrypt-secrets.sh b/scripts/decrypt-secrets.sh
new file mode 100755
index 000000000..e02bfc10b
--- /dev/null
+++ b/scripts/decrypt-secrets.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+openssl aes-256-cbc -k "$1" \
+    -in system_tests/secrets.tar.enc \
+    -out system_tests/secrets.tar -d
+tar xvf system_tests/secrets.tar
+rm system_tests/secrets.tar
diff --git a/scripts/encrypt-secrets.sh b/scripts/encrypt-secrets.sh
new file mode 100755
index 000000000..c6291b7f3
--- /dev/null
+++ b/scripts/encrypt-secrets.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+read -s -p "Enter password for encryption: " PASSWORD
+echo
+
+tar cvf system_tests/secrets.tar system_tests/data
+openssl aes-256-cbc -k "$PASSWORD" \
+    -in system_tests/secrets.tar \
+    -out system_tests/secrets.tar.enc
+rm system_tests/secrets.tar
+
+travis encrypt "SECRETS_PASSWORD=$PASSWORD" --add --override
diff --git a/scripts/travis.sh b/scripts/travis.sh
new file mode 100755
index 000000000..84a227a82
--- /dev/null
+++ b/scripts/travis.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOT=$( dirname "$DIR" )
+
+# Work from the project root.
+cd $ROOT
+
+# Decrypt secrets and run system tests if not on an external PR.
+if [[ -n $SYSTEM_TEST ]]; then
+    if [[ $TRAVIS_SECURE_ENV_VARS == "true" ]]; then
+        echo 'Extracting secrets.'
+        scripts/decrypt-secrets.sh "$SECRETS_PASSWORD"
+    else
+        # This is an external PR, so just mark system tests as green.
+        echo 'In system test but secrets are not available, skipping.'
+        exit 0
+    fi
+fi
+
+# Run tox.
+tox
diff --git a/setup.py b/setup.py
index 26b520e4c..5ee243fed 100644
--- a/setup.py
+++ b/setup.py
@@ -35,7 +35,7 @@
     description='Google Authentication Library',
     long_description=long_description,
     url='https://github.com/GoogleCloudPlatform/google-auth-library-python',
-    packages=find_packages(exclude='tests'),
+    packages=find_packages(exclude=('tests', 'system_tests')),
     namespace_packages=('google',),
     install_requires=DEPENDENCIES,
     license='Apache 2.0',
diff --git a/system_tests/.gitignore b/system_tests/.gitignore
new file mode 100644
index 000000000..f6bf39d14
--- /dev/null
+++ b/system_tests/.gitignore
@@ -0,0 +1,2 @@
+data
+secrets.tar
diff --git a/system_tests/__init__.py b/system_tests/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/system_tests/conftest.py b/system_tests/conftest.py
new file mode 100644
index 000000000..7c934ffec
--- /dev/null
+++ b/system_tests/conftest.py
@@ -0,0 +1,73 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import os
+
+from google.auth import _helpers
+import google.auth.transport.urllib3
+import pytest
+
+
+HERE = os.path.dirname(__file__)
+DATA_DIR = os.path.join(HERE, 'data')
+HTTP = google.auth.transport.urllib3._make_default_http()
+TOKEN_INFO_URL = 'https://www.googleapis.com/oauth2/v3/tokeninfo'
+
+
+@pytest.fixture
+def service_account_file():
+    """The full path to a valid service account key file."""
+    yield os.path.join(DATA_DIR, 'service_account.json')
+
+
+@pytest.fixture
+def request():
+    """A transport.request object."""
+    yield google.auth.transport.urllib3.Request(HTTP)
+
+
+@pytest.fixture
+def token_info(request):
+    """Returns a function that obtains OAuth2 token info."""
+    def _token_info(access_token=None, id_token=None):
+        query_params = {}
+
+        if access_token is not None:
+            query_params['access_token'] = access_token
+        elif id_token is not None:
+            query_params['id_token'] = id_token
+        else:
+            raise ValueError('No token specified.')
+
+        url = _helpers.update_query(TOKEN_INFO_URL, query_params)
+
+        response = request(url=url, method='GET')
+
+        return json.loads(response.data.decode('utf-8'))
+
+    yield _token_info
+
+
+def verify_environment():
+    """Checks to make sure that requisite data files are available."""
+    if not os.path.exists(DATA_DIR):
+        raise EnvironmentError(
+            'In order to run system tests, test data must exist in '
+            'system_tests/data. See CONTRIBUTING.rst for details.')
+
+
+def pytest_configure(config):
+    """Pytest hook that runs before Pytest collects any tests."""
+    verify_environment()
diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
new file mode 100644
index 0000000000000000000000000000000000000000..bbe290fc27fb0556b6b4032b0a5e1d78482471dc
GIT binary patch
literal 11808
zcmV+*F5l5pVQh3|WM5y~D-XL=mzU+Vb<~xphM7*Ey5SDsy7oXjE3>4YOm=n*KT|?-
zs6D{rPdymeLw87=Khe1wrs{yg9i$V7-6M+~nQe)r&i}XKOcBjkK!*Cp4q#Kmi>8y2
zwp}~o!$JZ80;n<d+>Ak-3SVg)U(f<qK+MT`QvPFPr6)o%zD#?w0H+mP81^|Is+ZSG
ztc8Snvrd9xH|ivuBV^Z5a^YAtgTPACHP}rZZdfjro2+!LpP=kUQ0D)pZVGB<hW0Nl
zG8iE>nR0iUj0SrHCQvrok%n+r4~WhxK7Jr0-T?DMOBF*rUC!cLlpLQyb!kY5_jShR
z8XAQC*6)M=B>j!;Ejk_)q>sy}#JLyO?U?Ne-#!ly1pGUNta=1sMMd<_o=C(u%R&QL
zn(@rzjteuL2)ql}p^YC}u4d6_0iY&LvF;~tM`(Dy8gNQbht$2E&#<KTVps#9>ZvsG
zYq#U3_2)Ko!03VP(Eg%TC<yY+^M}D4Jip4$WUt9McVwM1tvwW{9*~20BzMjDM%+cS
zx53{%rj~z=k<+`=25f!33-+2C0E+q6?VVYHn~}_ZB==N3s$cu$z@)01_8R@@iLC(s
z@X6Y$)5@Ovv8@Wf3_C<86H27M0dZKc^q({9H=4)yZ0j1iSd;T;LRH;4ox+=G?uM3+
z{qLhemvjdH%Ps#=D(Z`8`Txnc&>nk2266e1%3w411eya<m+?86hw7i4<#Ej?YiRWa
zCfDyvFZ;ByU1l4-k1-+L2VsL=9kROXFAT`<93g4SzN?Tjk#$5@8%;paVkM0P7$bD?
zX~Z%At+AJED^O~&AN4$LE^PNelB<X*_bbh!c{}ecH|_M!H%_m5&bFq2r(x_f!}#ti
zmZ?*AfggzEq@MIBUp>_(cN%+ZcOLd8e6jS~6K87j&QPfWt`Ni7&<7<dn32@NWInVa
z#XJ9i0Un83S0s$R+zhf1_Eye3VRy8&yD%hfoQW%|fm`Z$u0K|Lf&2PHk{D0`;b>?c
z^oHp+Nq_#3L`A>D_f{X1pj$)nd-`a50IVws(#9$OXjnP3aoOxrx&p3Q&a){-xHV*H
z&pXmZLE3(2nQ@uSoCp6c!avAj*Ji=Jo*(ITOFSwLMz>WqwOm+mX8ri@Ri1d))P@GG
zV#5U+{rZ@BaL5vCjOA-3z8k6$=acavB>3xO4_icQ4v!nLzF=BAMG=t6(b@C-C`R?{
z(!6$L^i$E9Ghko-+=ir4T{BUY@|@8_tU`s`y}C)}G9>x{J6nscc*3*c*cm8l=LyuA
z`gV}14!poTHq#I==>sQ|LbIMlmdchesAho;HNd4~Fl1FFltj<CHGkx|Lu|eZhbE~!
zv=n;+)|NufFj^~52PVCka{xu6k1w<F7Fq6`S17`X2U<@NHl@(&>SgfEv*Un1q*>1D
zNKU2<GH=XvS57}s7ly7}#T)=`hZ7_-f1Vbw{!ooDaCWT{Ku(rmY*{|!tld%q>7)OH
zk;aK`YggAzvc&xh{KCL3b+TYk_;)B}X7x;SV33a(UxF0;C29o+%A8fql=$qPi~++=
z(7{(1s*uWQQ}{!GKhpBtRR-t19|FKAlF1*T4LRx;X>k*_5j{Uj_1{4i2N2Q(L~ReB
z-r=u1s`{;XKKNFe_ZAeX1s@61kJdRxR-@iH2MPvYCh4FhPl^Br7_lxM(Mu#6ADiZ>
zJn6}n!sOayQle#knWGQ#w=?p-d}{qh*j!*^Z)~;hjS8J5uJ*89`(^X1GvWGSNIRay
zU;#c%q3M>D=j%I`Njznz-xeXWk#+{r(&-56g$#^T+t!=+cHnJO@|vl#s%iTNjhCRx
zpw}UmVeF+ZDTgHb3EM-}o<LWdqU|Osbl}^(yYU2)_Q_*g7$QD+lkLBqniKlWrM}>O
z=|tln)DE~m_d!iqV+nzb4G<ks=qaYxInc*i54P&~-nkHJe_~GWMWQS-fXoun19iXq
zP#^P0LVJ5N-e$I%g6iEz+iVOr^(RY53AGczD%o_ZfWndwMC!57w=}wA&%AQ}Xx4uz
z$ON3pk`Ic_!7JK3_kf_TZ*f!dxDb5<*C=;MDXT#gR%}?9MXPp*ed}*u{KATV!Qh${
z*F(<>Dr?Yte~!|!T^2p)lkE6r_ye;`34dW1Sb6k6XrzEs2CJgt=UL1v)1Krbvom4q
zWMcMje)l}~&?5^lkCX1yo(sXtc?JQ-_^%83)RsjrA%qXxXO$iDuS>RGE)Tg}6@ygQ
z@SFTGE&u5VrUvIkPsrn)7R-qhL}vjJmaID7I0*4dN9FF6=1nT$_a$@g5lepmzCRT@
zf=N1+D=_(J9wiV^gU&!~2X`*c_RW=Q5SuLb=V)<ruRsgyPdGXcj5cy3Z=_=ZQB<)Y
zPPpXT)Zj%}GCUtRX0Awi3r%Y!WGs5c1CQze^_86zq1J(g0#!TnfbR4=rc05y&CVl3
zoiBf|{IT_HjM^)a6&97c1Y%te$C8%RHe(-UT)>~<IxeZ{mc&F+kxZIsLkekK#j^qM
z@&mIm+`^26U=jbV1ka-Zy-+nn%GqP#f8xA=uQa~cP0V&;GaWA!NFD&k?+P<pkK*l&
z$bN%+ACB7h5#gHjtzdc9XYu0o<ma%xnKB!pmi_WTV{jZ?n8BO6R&<xW?#<ds&><KY
zmZ<RmAo>T%iZ{T?SkG2dSaVN3%)hJS*A@hQL~=8!4dd~F8W0>DLJ}20WIrP@rYdyU
z$|<O1k<z3Zw)vef8d*_KmdC!CU^56r{TAnb`sBG?^hAsU8c2qs;BpCq;@6Nea9s#p
zzj|4(^e)GRN}nCEp2-Jd`9DMZ%jQdVgd`{_)NJpZL*B_S9i=~uMrD@@63iuXUMM2_
zF(S~FmlL-uFSPAKi}Qm0QhZZRAdQ7|;`JXHW1Kg0K8WwUa~aZ~>%^$>fnWX6R!oAs
zA$}m{K!^Fo^n5(Jcy$U_7(X#y$#IFjbjl<IG*d<+s#IaYlj3_yTBtZ7&C{bq$e!YF
zy_@a-9invJXBe=eYX~A>(F2iQr*loK&xvv)gkaE;7#OKsSa8DMdw-U0Lqg$5mPs+y
zL|Kgi<PD0djLk;`^y^#AT)NeNH3Y9OmZ;1|4|J@pBMmOFCFv!KPTw7aEjyL27=o}S
z9#l-OQE1Un#VM8eq<O7vMHrM$!AeFUV|g~FYMP};q#mo%>S4=#OA9x+W4qm^L^3(g
z-DJxjPo4v`$5JoBMi7&()Q1I_T=b*ewTNbTLH4%!Y{~p-bAF04v#=EknvmaDFsvYk
zPAg^q%2*Z66aEZhT^c=b=ppCx9^q~*P!`cL&|vy#sC)t7`(Tg1O}DUL9<%WkDa31f
z^kYr{7cfUb;uDqGL4Wfo@Qye;!6SG~OoMDk!L}#=Nsfc#7fLNRSZk?tWmx@KB7SJZ
zt}TcD$e=-~E-u?`IoqC-9qD#4J7TDQCoJYnx1<;<>F#fis6$D&FgfR^?ixDO!y=jl
ziZ;DuwosCQTW-zNI?6Qy2n&ooUjzJncxkXB+@S!5I27Sb?B+2l?ElO2A7al!3k=sx
z7lshld%S<y0@43cb*?^OoLugCZ5lH!C{<bukUG*2(}0B~;!?Q<kYXT{+3r&G9C-yR
zA5Rhqbz5-Yl;e5W9VUnnhfJ^Z@zIP(jB#Zi#B^stqH*c5aS`Y}wc?saIk^P<+<xCT
z`RpDsvn{J(phWU!zAuoRB<hz5<0(pv^yn_g6>V0)Q{JwP-IamQ_3EidYNvMN$Ko*-
z5at^B5P!oowc=liqL0-0vbGO^PL}nK=c}j;nyRSPFLC8mUz*GW$UY^G(gIj@23v75
zW1WyBq{l;om)Ez&R$=g^yM$^(%lWPYza7f%82ryZ5Dr_7(Y}DTEKG~ib1{<lrKfoD
zlmBFag?+U71h@l370U*cfj1tD!|@p6iF=`{SjG2w{k+n&SFZnC7=of?BY}fbX*boU
z2$LjGDHTjXs((zKBC<&`1G^BBP*dgxQIATxs)EymW{^n~#D;8tTGs@m0dL880!Iwl
zC97+i@&`eZlY);7K$Rm{Ev8eQ%?#^0FgxAL29IEY&=_dHH2rxHwzwD!--;Q7uW%@F
zzy?e(&|mw3GrncMFeS&Kyh?C&B`;6OL@z!OS#;p_1^?1yo`kcyCWzx0Rp#?rFXpHT
zc3&vpvDjiSspJIM0V1m&gRDmT{vTeTeN+!Soia~+MIw#<7$|k!`1k90?H#R^1WP8n
zk-)v+@zrmgGMp`~aeDYI!<V+bJx>FNWp$zKwHBJB64MW%MvUVv7NK!;rAE>T%l__u
zm6bXbW8PjGQQhoffLP<w<=OQ=t%G5al2kk!t^}D5<u6e_Lh;59r`Ou72NO*q#2oAu
zSrJH-m?AVeagSma4VQ@|i<X8@bHn6c5$PX@`2pUpeBQ%gH&I#*mu^Br{5s!)BW9b4
z&$C)C1I=+p)NJ3O@xjW^zgbdXUZ9Z;)7f856o~+sEAx@pbv>mh&@lerWo<PQH>6qN
zgGRmBjCwQC^Fh6yM2u7u$Ms!YrVcgNA!=AhkpoNuTQU|k{TI@?Y1Lu9q3ced*i_-s
z-EF7`2c@bMwcGozs5a+wvR#iA4vgSuU<a#uxQ}^)(t`hrR@!E|+l3=o|K42GlP;YQ
z*Z=jXUg&g>eRewBo)}EAf-BWUI-~*wSWfpzY=4K@2Yuz@ht_PuJXTM5OmRlD?!;uC
zfr2oOU|tDHp_+A$y=c8W@L^VhQc0d++RFj^*DPG2STRZGpt-y^vO3FiT*3*uoGUqI
z;DwTL7Nh;nn>d%&J(W#$Iv`f}&r(wbS-{1nXbRq1)zum}ayol+jB6rCSnCiBIaTkV
za_Q8qwnKo)x;LN>8MFrytmi8@<4%yo7;2|6cz)BKrVrIplY9$J(C#X(KU~m5RT^2w
zFyui&Ig<E61YQ?%e+X^-mZ{My@%Czo5fT|3O9q{1ubBZwH=C6BjlHC>aTh;l35Bn6
z7Q`?pe(FoxE-Y1=(HDZ+V1UsPLfSsWBYf(mB{={tu;2_!@7u$(R51zIl7{R-&^B_e
z>7W2W4P9dVpJ;(?^&zu4MQ)pPM9n0*72o&kI6-Mcu)=t;*v$TgSoJN{LXAOeIDtU>
zMqHkY?Ew!&Bb-<Bije0+LeqO8@5G4upFY-Wn^r{XRvq<t59J5J{Q7M94(2n^iWR~-
z{`dEpo>|55cWF0_2)JvEbjUFzhAnVsM%T79{Vp1%@!3P<XJkMbt0$CD68Ohd^j(7H
z!xT<EfPxes?uN(omP~H=5V<B&lnb&<mhM02W0TCEYP~Dhz5XX@FI1_sy@Jg|uj+JW
z*%h&=$#6YG1o&@8)4S^yB`!!1lj@9B@FbTz?wjl8DMh;h&{_EIm@7{PV}2MP2olZZ
zGin9q_jV9=XqtGZZEeW)bo!WDf<kW1godJDcG?1fqS~P+4PiB2>=y5l_rIR1^CtQm
zV`0U;Gg~tDfGdlVwW$^aJY_hAx@u4@UZ68u1+0I{;*YrfRA@54v+yz`*w4a<!6G+S
zbei3AsN@|_27Bttn&}L*zfN9EdrQfO>(9sm*$-fCC2&|=y9o+aA)=_!8)|}46GG|C
zm$=axh6=~&ZK9I)A`-Mo&&W?ow{^{X@AB$+ov<LN+UM}C2p<;s;x8O-A!PwuVouPH
zO#&8fS>L1>NsO*rNzs2+ft!&sMS}S+yGZ@gcrRLbcOd3$&~Tk_*9+xk?^Wgl;M^+(
zA*-Zy@k^f#EUEY?3!S1ZD9nXDQY}S!&_1xbZJ@`u&d{}aj@19`=4S$ZnihOzHNq#a
zQ3lf<(y{t|>TB9NQNMJ_e$U^_y?~pTvUMq>5GeMA!hu0ei7k{i>`?Fp5dtVE3tZ+k
zCkIf<2{0fy3GXTR9d*n~j7Kk-igsswBnuFl*%koz{$dj0Gwp4*NU}*sUh3#<va#m<
zB1qKEsypD(W1_w%FwEE)dPh1{g$4}fh$7$S_EjH2s@jU=09HV9z$uH;YqZ`zNe7oz
z^v~KFVkcaH#W<dI;OaU+hT6L<H42)Bz?}~_$#f8OAj1j)Sm(4QU@Rs(u6K9C4?`&D
zilSIU2jXlr&(jcqTb90t*<&B>v`oN|-a+^hrk?4|1CaXQ0t1A0=X3G-OaB?WIj{|z
zk^hw9bmF9|%7dF)VM8IoDDeD#i2C3MQC*K{*!DnQd7)X67zDv1@1_RiZr`x;IR8lY
zfc;dzzeHGT4eg>$2t0Dzw}wbQg~Q_NF_tA>$&!#gsh&=c;JvyicfjldsdgP<;qtij
zrT9|k?5eKM(XGdQD7Yi1m2ZwWH2ylPLYfnvdAC!dyzt<Pk~n4_kwa|S6IQ>IG5q^;
z;1&^uJh}=f`;QrmbE>FJ_*v#$K)BnV&kraes3Mmy`*<(VqI7!EXJ=Wo5bLEVUIth3
zx;qOyk%eWj2;t3@74H_k{D=hTa^z&8({R?%2R8L96(h0BXIKjfe5><K3J_f+ba*y+
zw)P)nhej+*{U1i>voL_Ugu8b3jyzbqSpNN^_5~<_ku5A2JrN<p8i^C;LNtZiv)HqO
zw-EDaDR4|IVGJLel~<}tX2Qs|!<18=A#!IZ?rGGsSAS_ix-v?QrNRr5_iAk%bYmcy
zODSFs9UDYIGX46@7O%&RRq<457JCN)0%^hqM49*w`GGf!^u&PxMhHjn%Y9fnJWr}!
zM%Pj03jIgk`{u<kPo7rOApqnb_A{(<*@5urav@aOO{_W3kAAz(j3mrT5}l6LkuCzt
zWYGwp_&TC90}m470k0W{VpJg11T@@pl}}Pulm>QYUT>lTfEpG$l%f;soBTKSpCihz
z*pW6&4#GM~jt6~cJ1ROhWA*lZkymiGoG<yYqB=bSK;HO_2p;(9_G&w?@Aj6u`BFzd
z=Vh)sj~;u*ym{5#a2xxQ)VVrXCt*Aw7VCt<6CJ`P4vtpuvc`Q)1VwH3exlvU+i<rB
zJ~WC`arr3JfNDc2se?JaJzFv>IO21Z56^Fv6EH5U*uD1;H{}MN4bOR{_N~qHP5Q>O
z5`o&&niN1R;(GBHo;+*QS%3%1qje}Lmb4peLH9>&j;Z4z{3;MtBxBt%qf5&P_d$zi
zwmlvN<<M2#9@urE_>_2Uq_a5k{B$mbs#}L$`rI6wQyz?=esn@ax1IXub-maaogQp3
zLXeZ3xqSfYeOqCkb6+)=I<}LG8tqs4#{8kh!zQnCEHm2XAP`en#GAcPm5v01lya1D
zJUjP*&S~+>UR;&U3QD6grKMIS2L~QISC+X7Ys2L{Z;C_Dy)jezrQ^hWXTU!<9Mp4V
z5%gZ6{@V%EE`)S?Zu};(YTL9xrM6su@v-lWnER||EJbf3XLeD6n?op;EPS6fVMyO2
zGVU|*Fl7j{pQhq3)lxZOqjfX*-UJAV%c?uUv0v>$j%@mUY?@ncOWxcG0<_FA8>IGY
z*q!?>0|;-!3!2tIjKiR9KO2Fs?TJ4P;l%cHy5l+0oNHN1BX-tWb2x-QNBYv!$WWLm
zC?`YuGc_Ts3Sy9~WuE|^U$IJ!egz)kI-plf0!k*&YF(8zAn4m3=WF}Oj!;H}%OII}
z$4$ykqaG4yex+beGKF^)-wi1^uV1V=tHAP3Q+a~ra5bTABie7N;OL!cYaH<0$?V(O
z-S5Lm!SdWb;hdS{F+AfU_jc;2J7bM#$zU0Rje%A75IcBTNxyWwWC3cT`kJ}Xu$)Mk
zdqC6px(qrsjasDcL7Tw}=JDyyFmR)w@`QA*S1B5}Z|O6_=+2{9;3=>1>J&s&XZ9mB
zKM`Q&rO^m0=`G8h3k9yA))!mS=|n3vV}znwrW-dX5qjl&j*D#(H=<U1$lI!Pf16F=
zgWp>)(?F^j7QUlaUPD8&BQ=8ht6wDv%x-6d=q9u*n?YM)*+ZDxN%r)*x<l?VCDW6u
zmF_sdNVCyeUb6CK=fX`AVu@ZrN_1*mE{m=Gg>Oflt6AGNf0T{t2@O0lSSsz4SQ|j_
z)jCt>WnmKbjxX~_R?2d@vg<9W4sk2SYHWd8721c1<VZHHTGB@LBky$Ws9xtf4v0&R
zg5&-k1&|ldLNHXa{fzc84R_Y`D#4<<{01KvM_PF`nXrwu-Xcn$+pz@JI7lSuMB01w
zPHizALUe)-A4XuLYz}I|$TG(V8=$o&41j-knUsBdev~0|kSm9ewbt@(!QHQsw@JFl
zI298?;tku=lSb*^@r-QoyRHx@3nEu`y|wKYrHX5VyY$ja<E5DH+e$2YE_nhMHx|0y
zReKs%aSunbCYH1FdSJX$ipP*Z4<4*sVh4QKQGMjG#YRn^#i&4Q*$}#6t0X{dov=;E
z&Ln1pR|w}$xL%>Y6jXGLybXX-oBrW<&Jb1sswl?`Vn9z}>4q-BoI5a3m4n}i1WkGe
z6hA|@Y+ozr_$*3Sd5qWZH<t(43V2~(h_Ofi9OY3+yA^fFs?*9j6VQ!sowshU*HQ8f
z;Jm;PcP2C?KMiqfS6jQV&q!<C^M6%rq%_d6&^-N_HY4ZCoaPWsS$XqPy+-0Q(5Hpm
zIhzmhM%i7MV^(5yu1uB27`u)5^f%nLBfpmXog<wqa+)8es5uvn{jU*1Qq8S;<KntF
zs(GCiJq}IvTKBX@_!{Ww*%Bes+RE5alf11!O_xVzyeQpG8t9qBmJYi8?H>_XPi@H7
zI1(5(<GmJ;!ah|j>hNh2ml{x6{>;mI4NuRe)uT9kIj0aX0P?}9#}a5vAe%~~*)@0S
z)}Tz6j6pLN_4HMu$HLn`#{1u7h~({PVYw&vQVUa9_e{<IT7O=2hvYy~wNutGOqE7S
zkhVP{hd`DAJ0uQRzN2?aPO}K{jmiBed@Kj@`1ak__^HB5H7OnCix6!Zozq3C#h@e&
zP3Eq_d#3v`?#<aVSsaGCHC#Ss02F%++s5x`L}CHx^3`q1U%13>p!I>79$~3xQ=D0N
zPd~jf{(oNC<DQVa!T>Iv-o9gK?b@-)s~_#QJuLAcV-uF~k0BXnU^S9)$->YEQ!iC#
z-pa-v#l52N9nAoYTCcA$eKNK;u)I)gD_S<h8tYUFJBz)FEt0M=`<1j<t%;TZ^@CSW
zY1avP;cu+vvt0R~NHVk7MRk#*>+w-)yeG}W^vgG<UrmYCzii$vFxgVx{=e!k&OeOl
z_+cgzNAOVXa^5zUo~ZtC>RMa%w2A@FvOQO+1$UR>qEe-CR*gDqkupcPpN?hKc^gLg
zqvkcSuh$yWVwKr7U&D;fFDDi|o*8IE__t{r&ubWRHy6KiZJ22Da3wj8*kGcV>*{`9
zCed}TUKqawpYfH<#MJgj@Mxb6#myHnqNS@AL$DFxzce{F`i|f+eFpB<^=<B7TMjs<
ztwrJuJ)d-Uvg}77X>c@y$HdtU`~2?n3wB!K2x(eD?I42cfps0C$72wlX6oQNpsLJ_
zO437xZ#QU(;SACMK0j+lgx2j^<8o(o&-RLL9M`naclOy%Yd(YiADWfO5eUa%DcKS!
zFon9A<A2qZ-|9qR^?@!k5*bq4v!?w|UETKy=EkY7Yp|Z{GEYb@UzL6!DaqTTS`&5B
z(5u~y?G|@8NQ4_EB`E@Ai>EEvf-_{xuF$HJ+!xzJBhG+^3v!kmM|hYpFRFs1fT=X*
zit>===ZLT)nLDHY8z_~#OBHjT>WY!7NzNzNDdjBrMsL{j)#Mw@Z7?4kIn3OtojU^1
zbt|F*DEAd{m0V)S>Ou)iSk=7BkARDzxnXN`;akqTHeHs1Zn~naRk6rf;JPfXhGYvF
z23rK#O{wL#Qn)ooV?{W?Q;=jrKpF7lAAvDG$bP)5F#D!a_2<^%FSZ(Rl?V**GYp*f
zk&{s;L*5_*UZ=C-t|{?_Rg{YrN8AqW>)=tNCvI}RT0m78NTtrpDZsP4cFH?BvAK~!
z!#d~OJ$-cVNn!w9;U18Eo^wp`LsIaNQjTdpq4mm=u%y=;|31YhT86aQFr2V#4*Xd6
z7}dRk@1*^fUz&Ke0YT<ALNy$x)EAF44An0JLMnkXaE;$<`WG<xc$Z6M9*E%mhn|~$
z!weUq+#Iu`eGoFj<*WvsrviC0NG)Zgje*&@e&Tm9bc0@luw0hqU88<q!n%M1ulb;K
z)p<wM+}`Z>3$~@h<l+>TM4%UTGrRD<sxZlfdZUyItZpU0MDjjVOxImMtFD3`Aa``F
z-150NrQ6ux+j?drBAk2NWOcG7_Bj$DK~G`%qv5549TaePhd&l)@##-pB!O+AgMlyq
zy~%=nkBUD>j9O?8^vxzSBfYUhvS1ruCIm+aX*6wm0RIJ&p|pLmpb&%{s1FctRz8fF
zG8vCj%7T9@V3?0<`qlkbwRpGM^()GB&R6DsGpGd4z!>Ka6L|Uu@Fr?Aio*hJUfz<8
zpZ<IAz%x){lXn@X$&up?Erl^dv6dgvR8G!?_v4L^|4HG`K{@htUgxC1B~s!HL2MR(
z1n1mMenb)hGBF820tl@3ZbDoh+;ejkonW$m%4*R!c1QhLyj=T0|IAu&PXWz?#l75r
ze>^pDg?E-LJGvUol2es<OQki6P^&?Q-uU5aec9dkpS!V}U5Hp*+BOSz|6j^kqqrUy
zcP!lmWM?o^yJE!O@gkj>n`4E5xOK*m;zVvn(YjH$kBq<i;z)h3NWb*BbH_@pkW)uA
zCiV&<wz*s}PB#TslyweD1{ir|50k4Cxk}&<foKjtOTICi)P_n532$5!&iumy`z1lM
z+?Zp1$;6@-IU4(p^rtFjp)v|EKGjV@^o=B3y23)ltVKr{i*H%fd+tlq8B6=lBqMLT
zFZ=>Sr(JIkN|*}ah(oaNxUcXEZ-!VA3`fd)F(Bu!VV<W;s4Eo>wh$<(f!0L7JoXb$
zcH#9Xl;E{S3Zqajb|Rn6$hh)1m5ye_NY{EmG`rd+R3s7U%U0+IEhTd(AVD>}b>XES
zXvs;w6T)X_sPy6ym<^CR)wO(rSOX9qfTuf~c+s%;xUY4?{6hGI@IU)jB+OqH=)0pV
zw}VKDR}7?Mb{Gp<pbAlx$3Lf<68G6(!3svw3Vp9OfEVVT=eB_1)fW#N?5lo<JEHDe
zA3pj7Y(L=wKA;R(lq&2;awJi_t4B>M((G{AgS(<PbWQ9Y4hIqJh9I=p^?qVme_#Ny
z@4MJ?s|>ojt>boCvE!!0`X#iQLu57NdN0yo70J>Hk*8<e1|8LznGAW^3IZJjn~AtJ
zYGoO|kP1-ge10Cus06_Gu)-CKM%Kd(<sN74G6%v|J-!_;2gu+quZ&Knsq1R>{W*Lx
z?O~%v=ESe83845n<eIWYt=6?{6T_4f){oBWg`dB#YADjT?%g(n$WR8cc56YzBSzw`
zRxB5`@jx{{6|FVRZxQx$eQ4~^Dk;mRLV30V+8XN~a^7ft;*Fh{^$%s@uJd*8Njus@
zI&!Q`k;|)IW6&*GJoBk&vf<HvG#nq8r{E!Z1(3krSD+*chlZDdp{W=O`>;D{%WRFB
zpt>1L5qUHBu3rB#ZN90mE}T(i6R~7*85No^`{h;!hH4)UNA^L-rzWf55kzr1TO#tw
zA8qhu85Qg8WMdH$7q4waSn+5kSi2#J{7Dw+0Li!cZolfF62><)-kko>srT`}AdRJC
zP8#|A1hYt1`s(u^^}2s*tPvsXXbs9v2Fx;3C2;ELOK>=<Dx{W<TVt|n$nG$tQ|0KE
zdH}VQ1tBc>Y*-utQrJU7X<p7OWWRcNUQ&v>qY=4mu+JD%Vz<@14ukQIQ|vMvChe(g
zb^dF})0~DbJZSdn)nIpP10=$y*gJaPV}Ek|S+Dea#~FEcUBNJKWn@XGFnL@L1FTTR
z8~{20K{0&NTtts$rO-p&@aS4J+vPt;@&#Z;Cmae}-mtUcnYrj3&DIfG#QiBiVaxlk
z?#nk2sUIApjRM9UH3hKII=s2^p{}M)1-SglGz|@uX<wdfN%#Q5F|3BBrjAcb()}}G
zW`|@YiUEb64L1=Dq`0Y7TEbaA_fL|w(@-Y`kN2lOCvgqgFdR6J@0}PUrsQv%*&pQR
zCn=7{9-AteMh!R(lzc}(0D^P>2>8|8%5XT>tN+ae{8BQ>rU05xR(lkxf1qJF$n)Ap
z(N6g+><~46(JvffN*|0l{Bsiwkiiy3FZNh9%o5aZKO#$ZPXaB@D=J^4s1X=EH`S=q
z66t}^&+*54S1Wsm*%<^M=QfT64?9)@YkTlei)D^jVZ*X^T4z(Px)d6B%UsC!9Y!x8
zOTQ|@fPH#2*nOU9lX=8==wnl9cmhYD@SNT_MTGWtNjZBE;GM0Zn!2Vp<1!0j7e|pg
z3yUF;tJw2DDzFMe0tX*(==t?viN1Lz{4?xGJ$t5y{t3o;wzlU%TT%gQjKPhkEsDy6
z*c9Cj?cp7^Ca)Z_Q60W4Xgu#=vez`3eJNT?lTMQssQIO`#_vXyr%#D>XC?$cA-7nk
z?BkbG6{1>#F?3&=xyRVF9mL_c7_at<?Zmk%htTv*>|{$}Jy8yWEH1n?qMN&Y=U-#V
zf!={0tLaXSM(jMgitXJGbOE*|+cFWwDP7zG1Wl23^A{AEY(m_X9Jfdyb+3I^uMhVy
z15<|DYn~H6n{%c9THN@-#NnG6AEIfHg2-$iGTDKuHoQmf@R_G{4~?^J86yo^4V>tE
z<ck#zD~TOuWxTB6@50cvKpT%J#eg%&-t)A;1e{jWJdm>kk|RgSFQ>^m{RfzKLv5o}
zHxD_Zt4-X6xmcDOD^|Q01c?oBT7hmi@(M;*RM1znUhw-@bMMXyj+0U=Rb|cK#BYcZ
z^p*R9g=j37|A3s)*1yQjjjMXc@ZY|>a(AAU?L#>u*ck8~>#e=~U+N+b942W7f_K7k
zr`X!1<AUH_&8yKDs{l=|4>2GuSqrx37P{fkeFe2{hs4h4X0znJ*)kKvT}Mb*$WWT#
z(QU-;e(tTV1SGl>qZ?40Sv3)Hf4K)NK4t{t=o636TZmNPSMFzvCSVNE7`lR<gpI)k
zbxb2=!l~Z8@0%DvFZY=~LQbp8aM<T`>c;qh-Lep&%}aORWg(s(cZnq^$zUqwZA_L(
zgUv=zW#0BnQCdsZ#FA8c@vSXcl8%>3KC7Vt$W&%%Qn%FaBkn*AegNhbs7;8D{JYLB
zkNBnl4-h%4Diw-$${r*<AunmS$lv+!X75E;{`=V$wVY`6R8`$X;)kOqX+89m?iw{m
zpSdFlTCexGDa7ymo<0Nn%`3_s^~UcF7`}8!Atm38#^SR1!TU6zA6Jn`ei_Sc5j%e*
zO4kUy=5f;3c{<3l-DLgXK?%0HlGh_G`^tZO8WHw;1%o6l9<27l_8+%8F|~^3W{c5f
zdt`dog_vK&jTz*8lo=Tr{V=~DCY&JBbxhXhK9E6F(CeI+QeBPJG+wih*G$oj1{3lC
zg~}k$OOIP-M5pp|ZxP3Z5%AL&Jc`_y;7X46vIE0CF!<68ebTRlQ@^UCcsk?gT+UVE
zb|#O&_sg&7?FjKN>)Y!GWte*!M9}d2^u#S~U^%<*+2t9~UbbEub*f|ot1mO}79b!*
zHkx|ougH50p)4~^I}ZGF`&0|5<mUJYQ{?B@1mnXGA*H&(v<=`*n|*X8&+zNJV;xIo
z;V=r#=S(3M(l_qFKC6dFEB@)+u5e_k%r^eW$KPNGV=x8k`1L1QHzsT}-08~a1<Efe
zyQk)?8HvPYM}aqhk_#iq*PiCg2*?;)Mam`NZjtO<t)@`Pfp1F{H#-0E+B$oYSpK3x
ztJS&)*ww9ERUro|DFIWXi@Q%i>Kvhk@AU^n@R&Is0WTEetpnhNL}`6#0Xhr^&Qh?J
zpi0-tnSzj9*M9y0jF4i5hDx>xiO!X%p{|K`;V_9ueLp;(&H(^;hzpH?zf;0-P;$XF
zqk2})0)mLN4TM}Z4ZJ+{LIQNfU<2)P90Vo*51e+ogrwYRjDmY=2(`+ucl$sJ?-oJg
zy2Jesbu>P}$jZWSIg38(ZtEpy@GRh%foPi5rNL%NdGc%M@dSiLvj?NJ|K6$J&z;O6
z^Y2Fz_n5#Y@%WzDD*4X)hoW%J_wKhH5Pr<BK?j%Q^~w-$tx}27Y-mr=r|LEUxrUtP
zw08pEFyx~NqI!NQJg;18hNt|qJh<UY5)@(1xrL<yBkH_=53L<vv5YK7Ond@+KSc`n
zu(*}0tdHCKx_4qSRXzqN)AJpk{ewN5snfQ&%>4%NoREJ`X{QoE4U2bp#4T0%Kgcbv
zI#)qFdnR8R1K)%e)<n-V1J(^bCxmIhO5*UM%Iqz4KaVOa+8?~y)T3kJfc!80IB{&o
ztdxL*MKWpvBhJoRudN`Ehp7l>1Qel~l1N8uo1QCJCvaW~=cxPAGRiBL^`laRu)ZWY
z_U@okus!v@XHsLMOqKc4JC1k?tkMWVIyqVsKzOL6g*~)KnSJ9`pFj%U@a40WzPGkV
zuNd$C*!wXhyleN_Vup&0B{%MM^8E{r1G65~b$qOs3}EB^B1Is}G<o0b)}J4J?jWxP
zpKOVRu1~0DPvin=Ui&8@zg(s?X<o|uqkYOsdCRtB`Mm}6hSMXwa(YjAVn22fEeO-=
zLhkI=ZzIsx+qlZd0SPygWrnF50xW!`$=zaT)IQj~5UW)yJW(E32fyBT5(ES6d(Rk}
z9<6N=xD7mH#$G%O*Y=O#_W*Y`k)Vwfj7kvW;N)oRn^LmzU&dO{OgzTi$j_7Bi7rB-
zmO$%~sW76XUb0XW>l)nY5g=p^G?O&F>>cfD(2pO?ta2?@5FfbNTf>RJ(Fh0D@24Ss
zOv}bBB8x&=0TH{iaPZcgPn}mAKVE>meAkA0UckUPeNe<2uaosVYnraPYTDs^H=7dX
zN__!ei~9VIh|dFOHP--HaH3TNB_d8!PvoU=*nyDzmg~N0FVU~Ji10_Kj(H>kd|u;z
z+z+ABzYQ)x#xy+bCp_O2EnG@O-YJf3;#Ue=!7e^7S=}y6=Cw~H^*nm_WbF*ePF{#)
zFcYlytiQEW(7H=GL4I#Z#3B^pL+DK`-{p^^FZwx90$>`IOHBSOxnc!dK9+MyMKlkV
zZ)>5oM$j?^fkz6U3dQeGOD4s-;Zufb^VKymd|`F!<ApX4iaXed#&^Q}?Vi@0npjwX
zpinrWBzL7$m&<w=I(4)-UP*kO7HkmySqOyGjcfa1?gzC|ug#cLvnv)E-<Kh@YHkz{
zOjhA4pBLkCRwhO#NOq@(9Oz2c-tFb$nLMohvQ=*reTr0EG3VYXO6M7M<0(AAOa@Xm
zW9Vpcc)#y@BmaCi7U|s_e*m+1L(b}9+L${TSSrlJvv)S?Rq4#HPj?ijJ*7Y(e35ay
zG|z;!c#9)sjb6^SD9XKZxPn+yij?yYwkUrpQB#6pqV$=XA4~BMjgGnn%1PLiJt;{~
zFZ)+BNlulPAyo#E^qX~$@AYi998!IXyPZJ#B8i6d1S?8846o7h55-L|wB;|Xo8g$!
zQ7$v1z`m!&#KYMf$g}23U)CfXPXXSjNQAc<)|I^j79$R-DTd#%>m*;lZ=PEhd>yMv
OdGC0ssEfhEg0G~Cf#2Q$

literal 0
HcmV?d00001

diff --git a/system_tests/test_service_account.py b/system_tests/test_service_account.py
new file mode 100644
index 000000000..e897c6f84
--- /dev/null
+++ b/system_tests/test_service_account.py
@@ -0,0 +1,43 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from google.auth import exceptions
+from google.oauth2 import service_account
+import pytest
+
+
+@pytest.fixture
+def credentials(service_account_file):
+    yield service_account.Credentials.from_service_account_file(
+        service_account_file)
+
+
+def test_refresh_no_scopes(request, credentials):
+    with pytest.raises(exceptions.RefreshError):
+        credentials.refresh(request)
+
+
+def test_refresh_success(request, credentials, token_info):
+    credentials = credentials.with_scopes(['email', 'profile'])
+
+    credentials.refresh(request)
+
+    assert credentials.token
+
+    info = token_info(credentials.token)
+
+    assert info['email'] == credentials._service_account_email
+    assert info['scope'] == (
+        'https://www.googleapis.com/auth/userinfo.email '
+        'https://www.googleapis.com/auth/userinfo.profile')
diff --git a/tox.ini b/tox.ini
index bc7d15406..10f7d9946 100644
--- a/tox.ini
+++ b/tox.ini
@@ -21,6 +21,20 @@ commands =
 deps =
   {[testenv]deps}
 
+[testenv:py35-system]
+basepython = python3.5
+commands =
+  py.test system_tests
+deps =
+  {[testenv]deps}
+
+[testenv:py27-system]
+basepython = python2.7
+commands =
+  py.test system_tests
+deps =
+  {[testenv]deps}
+
 [testenv:docgen]
 basepython = python3.5
 deps =
@@ -46,10 +60,10 @@ commands =
   python setup.py check --metadata --restructuredtext --strict
   flake8 \
     --import-order-style=google \
-    --application-import-names="google,tests" \
+    --application-import-names="google,tests,system_tests" \
     google tests
   pylint --rcfile pylintrc google
-  pylint --rcfile pylintrc.tests tests
+  pylint --rcfile pylintrc.tests tests system_tests
 deps =
   flake8
   flake8-import-order

From 1b0d525443a65d9500f8937687795695ab54a693 Mon Sep 17 00:00:00 2001
From: Jon Wayne Parrott <jonwayne@google.com>
Date: Mon, 24 Oct 2016 22:57:44 -0700
Subject: [PATCH 2/2] Disable HTTPS in system tests, address review comments

---
 system_tests/conftest.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/system_tests/conftest.py b/system_tests/conftest.py
index 7c934ffec..066f80531 100644
--- a/system_tests/conftest.py
+++ b/system_tests/conftest.py
@@ -18,11 +18,12 @@
 from google.auth import _helpers
 import google.auth.transport.urllib3
 import pytest
+import urllib3
 
 
 HERE = os.path.dirname(__file__)
 DATA_DIR = os.path.join(HERE, 'data')
-HTTP = google.auth.transport.urllib3._make_default_http()
+HTTP = urllib3.PoolManager()
 TOKEN_INFO_URL = 'https://www.googleapis.com/oauth2/v3/tokeninfo'
 
 
@@ -62,7 +63,7 @@ def _token_info(access_token=None, id_token=None):
 
 def verify_environment():
     """Checks to make sure that requisite data files are available."""
-    if not os.path.exists(DATA_DIR):
+    if not os.path.isdir(DATA_DIR):
         raise EnvironmentError(
             'In order to run system tests, test data must exist in '
             'system_tests/data. See CONTRIBUTING.rst for details.')