From 20a72aa0524fabb855cfda8589dd3722e4c65bdd Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sat, 24 Jul 2021 13:42:25 +0000 Subject: [PATCH] fix: enable self signed jwt for grpc (#217) PiperOrigin-RevId: 386504689 Source-Link: https://github.com/googleapis/googleapis/commit/762094a99ac6e03a17516b13dfbef37927267a70 Source-Link: https://github.com/googleapis/googleapis-gen/commit/6bfc480e1a161d5de121c2bcc3745885d33b265a --- .../automl_v1/services/auto_ml/client.py | 4 +++ .../services/prediction_service/client.py | 4 +++ .../automl_v1beta1/services/auto_ml/client.py | 4 +++ .../services/prediction_service/client.py | 4 +++ tests/unit/gapic/automl_v1/test_auto_ml.py | 31 +++++++++++-------- .../automl_v1/test_prediction_service.py | 31 +++++++++++-------- .../unit/gapic/automl_v1beta1/test_auto_ml.py | 31 +++++++++++-------- .../automl_v1beta1/test_prediction_service.py | 31 +++++++++++-------- 8 files changed, 88 insertions(+), 52 deletions(-) diff --git a/google/cloud/automl_v1/services/auto_ml/client.py b/google/cloud/automl_v1/services/auto_ml/client.py index 5aa1029b..bc732357 100644 --- a/google/cloud/automl_v1/services/auto_ml/client.py +++ b/google/cloud/automl_v1/services/auto_ml/client.py @@ -435,6 +435,10 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), ) def create_dataset( diff --git a/google/cloud/automl_v1/services/prediction_service/client.py b/google/cloud/automl_v1/services/prediction_service/client.py index fdb7e73c..d64407c4 100644 --- a/google/cloud/automl_v1/services/prediction_service/client.py +++ b/google/cloud/automl_v1/services/prediction_service/client.py @@ -355,6 +355,10 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), ) def predict( diff --git a/google/cloud/automl_v1beta1/services/auto_ml/client.py b/google/cloud/automl_v1beta1/services/auto_ml/client.py index 52e296a4..c31da67d 100644 --- a/google/cloud/automl_v1beta1/services/auto_ml/client.py +++ b/google/cloud/automl_v1beta1/services/auto_ml/client.py @@ -483,6 +483,10 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), ) def create_dataset( diff --git a/google/cloud/automl_v1beta1/services/prediction_service/client.py b/google/cloud/automl_v1beta1/services/prediction_service/client.py index d5968efc..1d9ca992 100644 --- a/google/cloud/automl_v1beta1/services/prediction_service/client.py +++ b/google/cloud/automl_v1beta1/services/prediction_service/client.py @@ -355,6 +355,10 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), ) def predict( diff --git a/tests/unit/gapic/automl_v1/test_auto_ml.py b/tests/unit/gapic/automl_v1/test_auto_ml.py index 93440c78..c906c83e 100644 --- a/tests/unit/gapic/automl_v1/test_auto_ml.py +++ b/tests/unit/gapic/automl_v1/test_auto_ml.py @@ -129,16 +129,6 @@ def test_auto_ml_client_from_service_account_info(client_class): assert client.transport._host == "automl.googleapis.com:443" -@pytest.mark.parametrize("client_class", [AutoMlClient, AutoMlAsyncClient,]) -def test_auto_ml_client_service_account_always_use_jwt(client_class): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - client = client_class(credentials=creds) - use_jwt.assert_not_called() - - @pytest.mark.parametrize( "transport_class,transport_name", [ @@ -146,9 +136,7 @@ def test_auto_ml_client_service_account_always_use_jwt(client_class): (transports.AutoMlGrpcAsyncIOTransport, "grpc_asyncio"), ], ) -def test_auto_ml_client_service_account_always_use_jwt_true( - transport_class, transport_name -): +def test_auto_ml_client_service_account_always_use_jwt(transport_class, transport_name): with mock.patch.object( service_account.Credentials, "with_always_use_jwt_access", create=True ) as use_jwt: @@ -156,6 +144,13 @@ def test_auto_ml_client_service_account_always_use_jwt_true( transport = transport_class(credentials=creds, always_use_jwt_access=True) use_jwt.assert_called_once_with(True) + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + @pytest.mark.parametrize("client_class", [AutoMlClient, AutoMlAsyncClient,]) def test_auto_ml_client_from_service_account_file(client_class): @@ -224,6 +219,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -240,6 +236,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -256,6 +253,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -284,6 +282,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -346,6 +345,7 @@ def test_auto_ml_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -379,6 +379,7 @@ def test_auto_ml_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -400,6 +401,7 @@ def test_auto_ml_client_mtls_env_auto( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -426,6 +428,7 @@ def test_auto_ml_client_client_options_scopes( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -452,6 +455,7 @@ def test_auto_ml_client_client_options_credentials_file( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -469,6 +473,7 @@ def test_auto_ml_client_client_options_from_dict(): client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) diff --git a/tests/unit/gapic/automl_v1/test_prediction_service.py b/tests/unit/gapic/automl_v1/test_prediction_service.py index 2afcf784..93df8b43 100644 --- a/tests/unit/gapic/automl_v1/test_prediction_service.py +++ b/tests/unit/gapic/automl_v1/test_prediction_service.py @@ -130,18 +130,6 @@ def test_prediction_service_client_from_service_account_info(client_class): assert client.transport._host == "automl.googleapis.com:443" -@pytest.mark.parametrize( - "client_class", [PredictionServiceClient, PredictionServiceAsyncClient,] -) -def test_prediction_service_client_service_account_always_use_jwt(client_class): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - client = client_class(credentials=creds) - use_jwt.assert_not_called() - - @pytest.mark.parametrize( "transport_class,transport_name", [ @@ -149,7 +137,7 @@ def test_prediction_service_client_service_account_always_use_jwt(client_class): (transports.PredictionServiceGrpcAsyncIOTransport, "grpc_asyncio"), ], ) -def test_prediction_service_client_service_account_always_use_jwt_true( +def test_prediction_service_client_service_account_always_use_jwt( transport_class, transport_name ): with mock.patch.object( @@ -159,6 +147,13 @@ def test_prediction_service_client_service_account_always_use_jwt_true( transport = transport_class(credentials=creds, always_use_jwt_access=True) use_jwt.assert_called_once_with(True) + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + @pytest.mark.parametrize( "client_class", [PredictionServiceClient, PredictionServiceAsyncClient,] @@ -239,6 +234,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -255,6 +251,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -271,6 +268,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -299,6 +297,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -375,6 +374,7 @@ def test_prediction_service_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -408,6 +408,7 @@ def test_prediction_service_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -429,6 +430,7 @@ def test_prediction_service_client_mtls_env_auto( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -459,6 +461,7 @@ def test_prediction_service_client_client_options_scopes( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -489,6 +492,7 @@ def test_prediction_service_client_client_options_credentials_file( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -508,6 +512,7 @@ def test_prediction_service_client_client_options_from_dict(): client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) diff --git a/tests/unit/gapic/automl_v1beta1/test_auto_ml.py b/tests/unit/gapic/automl_v1beta1/test_auto_ml.py index fa2dee38..912f04bd 100644 --- a/tests/unit/gapic/automl_v1beta1/test_auto_ml.py +++ b/tests/unit/gapic/automl_v1beta1/test_auto_ml.py @@ -140,16 +140,6 @@ def test_auto_ml_client_from_service_account_info(client_class): assert client.transport._host == "automl.googleapis.com:443" -@pytest.mark.parametrize("client_class", [AutoMlClient, AutoMlAsyncClient,]) -def test_auto_ml_client_service_account_always_use_jwt(client_class): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - client = client_class(credentials=creds) - use_jwt.assert_not_called() - - @pytest.mark.parametrize( "transport_class,transport_name", [ @@ -157,9 +147,7 @@ def test_auto_ml_client_service_account_always_use_jwt(client_class): (transports.AutoMlGrpcAsyncIOTransport, "grpc_asyncio"), ], ) -def test_auto_ml_client_service_account_always_use_jwt_true( - transport_class, transport_name -): +def test_auto_ml_client_service_account_always_use_jwt(transport_class, transport_name): with mock.patch.object( service_account.Credentials, "with_always_use_jwt_access", create=True ) as use_jwt: @@ -167,6 +155,13 @@ def test_auto_ml_client_service_account_always_use_jwt_true( transport = transport_class(credentials=creds, always_use_jwt_access=True) use_jwt.assert_called_once_with(True) + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + @pytest.mark.parametrize("client_class", [AutoMlClient, AutoMlAsyncClient,]) def test_auto_ml_client_from_service_account_file(client_class): @@ -235,6 +230,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -251,6 +247,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -267,6 +264,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -295,6 +293,7 @@ def test_auto_ml_client_client_options(client_class, transport_class, transport_ client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -357,6 +356,7 @@ def test_auto_ml_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -390,6 +390,7 @@ def test_auto_ml_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -411,6 +412,7 @@ def test_auto_ml_client_mtls_env_auto( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -437,6 +439,7 @@ def test_auto_ml_client_client_options_scopes( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -463,6 +466,7 @@ def test_auto_ml_client_client_options_credentials_file( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -480,6 +484,7 @@ def test_auto_ml_client_client_options_from_dict(): client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) diff --git a/tests/unit/gapic/automl_v1beta1/test_prediction_service.py b/tests/unit/gapic/automl_v1beta1/test_prediction_service.py index e34c812e..47f66dd1 100644 --- a/tests/unit/gapic/automl_v1beta1/test_prediction_service.py +++ b/tests/unit/gapic/automl_v1beta1/test_prediction_service.py @@ -133,18 +133,6 @@ def test_prediction_service_client_from_service_account_info(client_class): assert client.transport._host == "automl.googleapis.com:443" -@pytest.mark.parametrize( - "client_class", [PredictionServiceClient, PredictionServiceAsyncClient,] -) -def test_prediction_service_client_service_account_always_use_jwt(client_class): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - client = client_class(credentials=creds) - use_jwt.assert_not_called() - - @pytest.mark.parametrize( "transport_class,transport_name", [ @@ -152,7 +140,7 @@ def test_prediction_service_client_service_account_always_use_jwt(client_class): (transports.PredictionServiceGrpcAsyncIOTransport, "grpc_asyncio"), ], ) -def test_prediction_service_client_service_account_always_use_jwt_true( +def test_prediction_service_client_service_account_always_use_jwt( transport_class, transport_name ): with mock.patch.object( @@ -162,6 +150,13 @@ def test_prediction_service_client_service_account_always_use_jwt_true( transport = transport_class(credentials=creds, always_use_jwt_access=True) use_jwt.assert_called_once_with(True) + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + @pytest.mark.parametrize( "client_class", [PredictionServiceClient, PredictionServiceAsyncClient,] @@ -242,6 +237,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -258,6 +254,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -274,6 +271,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -302,6 +300,7 @@ def test_prediction_service_client_client_options( client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -378,6 +377,7 @@ def test_prediction_service_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -411,6 +411,7 @@ def test_prediction_service_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -432,6 +433,7 @@ def test_prediction_service_client_mtls_env_auto( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -462,6 +464,7 @@ def test_prediction_service_client_client_options_scopes( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -492,6 +495,7 @@ def test_prediction_service_client_client_options_credentials_file( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -511,6 +515,7 @@ def test_prediction_service_client_client_options_from_dict(): client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, )