TJB-1
diff --git a/‎google/auth/_default.py
Lines changed: 2 additions & 2 deletions b/‎google/auth/_default.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎google/auth/_helpers.py
Lines changed: 11 additions & 6 deletions b/‎google/auth/_helpers.py
Lines changed: 11 additions & 6 deletions
diff --git a/‎google/auth/_service_account_info.py
Lines changed: 3 additions & 2 deletions b/‎google/auth/_service_account_info.py
Lines changed: 3 additions & 2 deletions
diff --git a/‎google/auth/api_key.py
Lines changed: 2 additions & 1 deletion b/‎google/auth/api_key.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎google/auth/app_engine.py
Lines changed: 7 additions & 6 deletions b/‎google/auth/app_engine.py
Lines changed: 7 additions & 6 deletions
diff --git a/‎google/auth/aws.py
Lines changed: 6 additions & 4 deletions b/‎google/auth/aws.py
Lines changed: 6 additions & 4 deletions
diff --git a/‎google/auth/compute_engine/credentials.py
Lines changed: 3 additions & 3 deletions b/‎google/auth/compute_engine/credentials.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎google/auth/credentials.py
Lines changed: 5 additions & 4 deletions b/‎google/auth/credentials.py
Lines changed: 5 additions & 4 deletions
diff --git a/‎google/auth/crypt/_python_rsa.py
Lines changed: 4 additions & 3 deletions b/‎google/auth/crypt/_python_rsa.py
Lines changed: 4 additions & 3 deletions
diff --git a/‎google/auth/crypt/base.py
Lines changed: 2 additions & 1 deletion b/‎google/auth/crypt/base.py
Lines changed: 2 additions & 1 deletion
@@ -434,7 +434,7 @@ def _get_impersonated_service_account_credentials(filename, info, scopes):
                 filename, source_credentials_info
             )
         else:
-            raise ValueError(
+            raise exceptions.InvalidType(
                 "source credential of type {} is not supported.".format(
                     source_credentials_type
                 )
@@ -443,7 +443,7 @@ def _get_impersonated_service_account_credentials(filename, info, scopes):
         start_index = impersonation_url.rfind("/")
         end_index = impersonation_url.find(":generateAccessToken")
         if start_index == -1 or end_index == -1 or start_index > end_index:
-            raise ValueError(
+            raise exceptions.InvalidValue(
                 "Cannot extract target principal from {}".format(impersonation_url)
             )
         target_principal = impersonation_url[start_index + 1 : end_index]
 
@@ -22,6 +22,7 @@
 import six
 from six.moves import urllib
 
+from google.auth import exceptions
 
 # Token server doesn't provide a new a token when doing refresh unless the
 # token is expiring within 30 seconds, so refresh threshold should not be
@@ -51,10 +52,10 @@ def decorator(method):
             Callable: the same method passed in with an updated docstring.
 
         Raises:
-            ValueError: if the method already has a docstring.
+            google.auth.exceptions.InvalidOperation: if the method already has a docstring.
         """
         if method.__doc__:
-            raise ValueError("Method already has a docstring.")
+            raise exceptions.InvalidOperation("Method already has a docstring.")
 
         source_method = getattr(source_class, method.__name__)
         method.__doc__ = source_method.__doc__
@@ -101,13 +102,15 @@ def to_bytes(value, encoding="utf-8"):
             passed in if it started out as bytes.
 
     Raises:
-        ValueError: If the value could not be converted to bytes.
+        google.auth.exceptions.InvalidValue: If the value could not be converted to bytes.
     """
     result = value.encode(encoding) if isinstance(value, six.text_type) else value
     if isinstance(result, six.binary_type):
         return result
     else:
-        raise ValueError("{0!r} could not be converted to bytes".format(value))
+        raise exceptions.InvalidValue(
+            "{0!r} could not be converted to bytes".format(value)
+        )
 
 
 def from_bytes(value):
@@ -121,13 +124,15 @@ def from_bytes(value):
             if it started out as unicode.
 
     Raises:
-        ValueError: If the value could not be converted to unicode.
+        google.auth.exceptions.InvalidValue: If the value could not be converted to unicode.
     """
     result = value.decode("utf-8") if isinstance(value, six.binary_type) else value
     if isinstance(result, six.text_type):
         return result
     else:
-        raise ValueError("{0!r} could not be converted to unicode".format(value))
+        raise exceptions.InvalidValue(
+            "{0!r} could not be converted to unicode".format(value)
+        )
 
 
 def update_query(url, params, remove=None):
 
@@ -20,6 +20,7 @@
 import six
 
 from google.auth import crypt
+from google.auth import exceptions
 
 
 def from_dict(data, require=None, use_rsa_signer=True):
@@ -40,15 +41,15 @@ def from_dict(data, require=None, use_rsa_signer=True):
             service account file.
 
     Raises:
-        ValueError: if the data was in the wrong format, or if one of the
+        MalformedError: if the data was in the wrong format, or if one of the
             required keys is missing.
     """
     keys_needed = set(require if require is not None else [])
 
     missing = keys_needed.difference(six.iterkeys(data))
 
     if missing:
-        raise ValueError(
+        raise exceptions.MalformedError(
             "Service account info was not in the expected format, missing "
             "fields {}.".format(", ".join(missing))
         )
 
@@ -20,6 +20,7 @@
 
 from google.auth import _helpers
 from google.auth import credentials
+from google.auth import exceptions
 
 
 class Credentials(credentials.Credentials):
@@ -36,7 +37,7 @@ def __init__(self, token):
         """
         super(Credentials, self).__init__()
         if not token:
-            raise ValueError("Token must be a non-empty API key string")
+            raise exceptions.InvalidValue("Token must be a non-empty API key string")
         self.token = token
 
     @property
 
@@ -27,6 +27,7 @@
 from google.auth import _helpers
 from google.auth import credentials
 from google.auth import crypt
+from google.auth import exceptions
 
 # pytype: disable=import-error
 try:
@@ -67,13 +68,13 @@ def get_project_id():
         str: The project ID
 
     Raises:
-        EnvironmentError: If the App Engine APIs are unavailable.
+        google.auth.exceptions.OSError: If the App Engine APIs are unavailable.
     """
     # pylint: disable=missing-raises-doc
-    # Pylint rightfully thinks EnvironmentError is OSError, but doesn't
+    # Pylint rightfully thinks google.auth.exceptions.OSError is OSError, but doesn't
     # realize it's a valid alias.
     if app_identity is None:
-        raise EnvironmentError("The App Engine APIs are not available.")
+        raise exceptions.OSError("The App Engine APIs are not available.")
     return app_identity.get_application_id()
 
 
@@ -107,13 +108,13 @@ def __init__(
                 and billing.
 
         Raises:
-            EnvironmentError: If the App Engine APIs are unavailable.
+            google.auth.exceptions.OSError: If the App Engine APIs are unavailable.
         """
         # pylint: disable=missing-raises-doc
-        # Pylint rightfully thinks EnvironmentError is OSError, but doesn't
+        # Pylint rightfully thinks google.auth.exceptions.OSError is OSError, but doesn't
         # realize it's a valid alias.
         if app_identity is None:
-            raise EnvironmentError("The App Engine APIs are not available.")
+            raise exceptions.OSError("The App Engine APIs are not available.")
 
         super(Credentials, self).__init__()
         self._scopes = scopes
 
@@ -123,7 +123,7 @@ def get_request_options(
         )
         # Validate provided URL.
         if not uri.hostname or uri.scheme != "https":
-            raise ValueError("Invalid AWS service URL")
+            raise exceptions.InvalidResource("Invalid AWS service URL")
 
         header_map = _generate_authentication_header_map(
             host=uri.hostname,
@@ -408,9 +408,11 @@ def __init__(
             env_id, env_version = (None, None)
 
         if env_id != "aws" or self._cred_verification_url is None:
-            raise ValueError("No valid AWS 'credential_source' provided")
+            raise exceptions.InvalidResource(
+                "No valid AWS 'credential_source' provided"
+            )
         elif int(env_version or "") != 1:
-            raise ValueError(
+            raise exceptions.InvalidValue(
                 "aws version '{}' is not supported in the current build.".format(
                     env_version
                 )
@@ -428,7 +430,7 @@ def validate_metadata_server_url_if_any(url_string, name_of_data):
         if url_string:
             url = urlparse(url_string)
             if url.hostname != "169.254.169.254" and url.hostname != "fd00:ec2::254":
-                raise ValueError(
+                raise exceptions.InvalidResource(
                     "Invalid hostname '{}' for '{}'".format(url.hostname, name_of_data)
                 )
 
 
@@ -221,7 +221,7 @@ def __init__(
 
         if use_metadata_identity_endpoint:
             if token_uri or additional_claims or service_account_email or signer:
-                raise ValueError(
+                raise exceptions.MalformedError(
                     "If use_metadata_identity_endpoint is set, token_uri, "
                     "additional_claims, service_account_email, signer arguments"
                     " must not be set"
@@ -312,7 +312,7 @@ def with_token_uri(self, token_uri):
         # since the signer is already instantiated,
         # the request is not needed
         if self._use_metadata_identity_endpoint:
-            raise ValueError(
+            raise exceptions.MalformedError(
                 "If use_metadata_identity_endpoint is set, token_uri" " must not be set"
             )
         else:
@@ -423,7 +423,7 @@ def sign_bytes(self, message):
                 Signer is not available if metadata identity endpoint is used.
         """
         if self._use_metadata_identity_endpoint:
-            raise ValueError(
+            raise exceptions.InvalidOperation(
                 "Signer is not available if metadata identity endpoint is used"
             )
         return self._signer.sign(message)
 
@@ -21,6 +21,7 @@
 import six
 
 from google.auth import _helpers, environment_vars
+from google.auth import exceptions
 
 
 @six.add_metaclass(abc.ABCMeta)
@@ -190,20 +191,20 @@ def valid(self):
         return True
 
     def refresh(self, request):
-        """Raises :class:`ValueError``, anonymous credentials cannot be
+        """Raises :class:``InvalidOperation``, anonymous credentials cannot be
         refreshed."""
-        raise ValueError("Anonymous credentials cannot be refreshed.")
+        raise exceptions.InvalidOperation("Anonymous credentials cannot be refreshed.")
 
     def apply(self, headers, token=None):
         """Anonymous credentials do nothing to the request.
 
         The optional ``token`` argument is not supported.
 
         Raises:
-            ValueError: If a token was specified.
+            google.auth.exceptions.InvalidValue: If a token was specified.
         """
         if token is not None:
-            raise ValueError("Anonymous credentials don't support tokens.")
+            raise exceptions.InvalidValue("Anonymous credentials don't support tokens.")
 
     def before_request(self, request, method, url, headers):
         """Anonymous credentials do nothing to the request."""
 
@@ -29,6 +29,7 @@
 import six
 
 from google.auth import _helpers
+from google.auth import exceptions
 from google.auth.crypt import base
 
 _POW2 = (128, 64, 32, 16, 8, 4, 2, 1)
@@ -101,7 +102,7 @@ def from_string(cls, public_key):
             der = rsa.pem.load_pem(public_key, "CERTIFICATE")
             asn1_cert, remaining = decoder.decode(der, asn1Spec=Certificate())
             if remaining != b"":
-                raise ValueError("Unused bytes", remaining)
+                raise exceptions.InvalidValue("Unused bytes", remaining)
 
             cert_info = asn1_cert["tbsCertificate"]["subjectPublicKeyInfo"]
             key_bytes = _bit_list_to_bytes(cert_info["subjectPublicKey"])
@@ -162,12 +163,12 @@ def from_string(cls, key, key_id=None):
         elif marker_id == 1:
             key_info, remaining = decoder.decode(key_bytes, asn1Spec=_PKCS8_SPEC)
             if remaining != b"":
-                raise ValueError("Unused bytes", remaining)
+                raise exceptions.InvalidValue("Unused bytes", remaining)
             private_key_info = key_info.getComponentByName("privateKey")
             private_key = rsa.key.PrivateKey.load_pkcs1(
                 private_key_info.asOctets(), format="DER"
             )
         else:
-            raise ValueError("No key could be detected.")
+            raise exceptions.MalformedError("No key could be detected.")
 
         return cls(private_key, key_id=key_id)
@@ -20,6 +20,7 @@
 
 import six
 
+from google.auth import exceptions
 
 _JSON_FILE_PRIVATE_KEY = "private_key"
 _JSON_FILE_PRIVATE_KEY_ID = "private_key_id"
@@ -106,7 +107,7 @@ def from_service_account_info(cls, info):
             ValueError: If the info is not in the expected format.
         """
         if _JSON_FILE_PRIVATE_KEY not in info:
-            raise ValueError(
+            raise exceptions.MalformedError(
                 "The private_key field was not found in the service account " "info."
             )
Original file line number	Diff line number	Diff line change
`@@ -434,7 +434,7 @@ def _get_impersonated_service_account_credentials(filename, info, scopes):`
`434`	`434`	`filename, source_credentials_info`
`435`	`435`	`)`
`436`	`436`	`else:`
`437`		`- raise ValueError(`
	`437`	`+ raise exceptions.InvalidType(`
`438`	`438`	`"source credential of type {} is not supported.".format(`
`439`	`439`	`source_credentials_type`
`440`	`440`	`)`
`@@ -443,7 +443,7 @@ def _get_impersonated_service_account_credentials(filename, info, scopes):`
`443`	`443`	`start_index = impersonation_url.rfind("/")`
`444`	`444`	`end_index = impersonation_url.find(":generateAccessToken")`
`445`	`445`	`if start_index == -1 or end_index == -1 or start_index > end_index:`
`446`		`- raise ValueError(`
	`446`	`+ raise exceptions.InvalidValue(`
`447`	`447`	`"Cannot extract target principal from {}".format(impersonation_url)`
`448`	`448`	`)`
`449`	`449`	`target_principal = impersonation_url[start_index + 1 : end_index]`