From 5616fe293b606873ebba5b160fc83c8efe9c343c Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Thu, 7 Oct 2021 19:22:28 +0000 Subject: [PATCH 1/2] feat: add context manager support in client chore: fix docstring for first attribute of protos committer: @busunkim96 PiperOrigin-RevId: 401271153 Source-Link: https://github.com/googleapis/googleapis/commit/787f8c9a731f44e74a90b9847d48659ca9462d10 Source-Link: https://github.com/googleapis/googleapis-gen/commit/81decffe9fc72396a8153e756d1d67a6eecfd620 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiODFkZWNmZmU5ZmM3MjM5NmE4MTUzZTc1NmQxZDY3YTZlZWNmZDYyMCJ9 --- owl-bot-staging/v1/.coveragerc | 17 + owl-bot-staging/v1/MANIFEST.in | 2 + owl-bot-staging/v1/README.rst | 49 + owl-bot-staging/v1/docs/conf.py | 376 +++ .../identity_aware_proxy_admin_service.rst | 6 + .../identity_aware_proxy_o_auth_service.rst | 10 + owl-bot-staging/v1/docs/iap_v1/services.rst | 7 + owl-bot-staging/v1/docs/iap_v1/types.rst | 7 + owl-bot-staging/v1/docs/index.rst | 7 + .../v1/google/cloud/iap/__init__.py | 71 + owl-bot-staging/v1/google/cloud/iap/py.typed | 2 + .../v1/google/cloud/iap_v1/__init__.py | 72 + .../google/cloud/iap_v1/gapic_metadata.json | 167 ++ .../v1/google/cloud/iap_v1/py.typed | 2 + .../google/cloud/iap_v1/services/__init__.py | 15 + .../__init__.py | 22 + .../async_client.py | 558 ++++ .../client.py | 745 +++++ .../transports/__init__.py | 33 + .../transports/base.py | 235 ++ .../transports/grpc.py | 371 +++ .../transports/grpc_asyncio.py | 376 +++ .../__init__.py | 22 + .../async_client.py | 624 +++++ .../client.py | 820 ++++++ .../pagers.py | 140 + .../transports/__init__.py | 33 + .../transports/base.py | 276 ++ .../transports/grpc.py | 462 ++++ .../transports/grpc_asyncio.py | 467 ++++ .../v1/google/cloud/iap_v1/types/__init__.py | 64 + .../v1/google/cloud/iap_v1/types/service.py | 583 ++++ owl-bot-staging/v1/mypy.ini | 3 + owl-bot-staging/v1/noxfile.py | 132 + .../v1/scripts/fixup_iap_v1_keywords.py | 188 ++ owl-bot-staging/v1/setup.py | 54 + owl-bot-staging/v1/tests/__init__.py | 16 + owl-bot-staging/v1/tests/unit/__init__.py | 16 + .../v1/tests/unit/gapic/__init__.py | 16 + .../v1/tests/unit/gapic/iap_v1/__init__.py | 16 + ...test_identity_aware_proxy_admin_service.py | 1785 ++++++++++++ ...est_identity_aware_proxy_o_auth_service.py | 2401 +++++++++++++++++ 42 files changed, 11268 insertions(+) create mode 100644 owl-bot-staging/v1/.coveragerc create mode 100644 owl-bot-staging/v1/MANIFEST.in create mode 100644 owl-bot-staging/v1/README.rst create mode 100644 owl-bot-staging/v1/docs/conf.py create mode 100644 owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst create mode 100644 owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst create mode 100644 owl-bot-staging/v1/docs/iap_v1/services.rst create mode 100644 owl-bot-staging/v1/docs/iap_v1/types.rst create mode 100644 owl-bot-staging/v1/docs/index.rst create mode 100644 owl-bot-staging/v1/google/cloud/iap/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap/py.typed create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/py.typed create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py create mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/types/service.py create mode 100644 owl-bot-staging/v1/mypy.ini create mode 100644 owl-bot-staging/v1/noxfile.py create mode 100644 owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py create mode 100644 owl-bot-staging/v1/setup.py create mode 100644 owl-bot-staging/v1/tests/__init__.py create mode 100644 owl-bot-staging/v1/tests/unit/__init__.py create mode 100644 owl-bot-staging/v1/tests/unit/gapic/__init__.py create mode 100644 owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py create mode 100644 owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py create mode 100644 owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py diff --git a/owl-bot-staging/v1/.coveragerc b/owl-bot-staging/v1/.coveragerc new file mode 100644 index 0000000..f9b9e0f --- /dev/null +++ b/owl-bot-staging/v1/.coveragerc @@ -0,0 +1,17 @@ +[run] +branch = True + +[report] +show_missing = True +omit = + google/cloud/iap/__init__.py +exclude_lines = + # Re-enable the standard pragma + pragma: NO COVER + # Ignore debug-only repr + def __repr__ + # Ignore pkg_resources exceptions. + # This is added at the module level as a safeguard for if someone + # generates the code and tries to run it without pip installing. This + # makes it virtually impossible to test properly. + except pkg_resources.DistributionNotFound diff --git a/owl-bot-staging/v1/MANIFEST.in b/owl-bot-staging/v1/MANIFEST.in new file mode 100644 index 0000000..b3dbbc5 --- /dev/null +++ b/owl-bot-staging/v1/MANIFEST.in @@ -0,0 +1,2 @@ +recursive-include google/cloud/iap *.py +recursive-include google/cloud/iap_v1 *.py diff --git a/owl-bot-staging/v1/README.rst b/owl-bot-staging/v1/README.rst new file mode 100644 index 0000000..6d8e72a --- /dev/null +++ b/owl-bot-staging/v1/README.rst @@ -0,0 +1,49 @@ +Python Client for Google Cloud Iap API +================================================= + +Quick Start +----------- + +In order to use this library, you first need to go through the following steps: + +1. `Select or create a Cloud Platform project.`_ +2. `Enable billing for your project.`_ +3. Enable the Google Cloud Iap API. +4. `Setup Authentication.`_ + +.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project +.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project +.. _Setup Authentication.: https://googleapis.dev/python/google-api-core/latest/auth.html + +Installation +~~~~~~~~~~~~ + +Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to +create isolated Python environments. The basic problem it addresses is one of +dependencies and versions, and indirectly permissions. + +With `virtualenv`_, it's possible to install this library without needing system +install permissions, and without clashing with the installed system +dependencies. + +.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/ + + +Mac/Linux +^^^^^^^^^ + +.. code-block:: console + + python3 -m venv + source /bin/activate + /bin/pip install /path/to/library + + +Windows +^^^^^^^ + +.. code-block:: console + + python3 -m venv + \Scripts\activate + \Scripts\pip.exe install \path\to\library diff --git a/owl-bot-staging/v1/docs/conf.py b/owl-bot-staging/v1/docs/conf.py new file mode 100644 index 0000000..be35ede --- /dev/null +++ b/owl-bot-staging/v1/docs/conf.py @@ -0,0 +1,376 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# google-cloud-iap documentation build configuration file +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys +import os +import shlex + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.insert(0, os.path.abspath("..")) + +__version__ = "0.1.0" + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +needs_sphinx = "1.6.3" + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + "sphinx.ext.autodoc", + "sphinx.ext.autosummary", + "sphinx.ext.intersphinx", + "sphinx.ext.coverage", + "sphinx.ext.napoleon", + "sphinx.ext.todo", + "sphinx.ext.viewcode", +] + +# autodoc/autosummary flags +autoclass_content = "both" +autodoc_default_flags = ["members"] +autosummary_generate = True + + +# Add any paths that contain templates here, relative to this directory. +templates_path = ["_templates"] + +# Allow markdown includes (so releases.md can include CHANGLEOG.md) +# http://www.sphinx-doc.org/en/master/markdown.html +source_parsers = {".md": "recommonmark.parser.CommonMarkParser"} + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +source_suffix = [".rst", ".md"] + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = "index" + +# General information about the project. +project = u"google-cloud-iap" +copyright = u"2020, Google, LLC" +author = u"Google APIs" # TODO: autogenerate this bit + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The full version, including alpha/beta/rc tags. +release = __version__ +# The short X.Y version. +version = ".".join(release.split(".")[0:2]) + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ["_build"] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = "sphinx" + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = True + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = "alabaster" + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +html_theme_options = { + "description": "Google Cloud Client Libraries for Python", + "github_user": "googleapis", + "github_repo": "google-cloud-python", + "github_banner": True, + "font_family": "'Roboto', Georgia, sans", + "head_font_family": "'Roboto', Georgia, serif", + "code_font_family": "'Roboto Mono', 'Consolas', monospace", +} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ["_static"] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +# html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr' +# html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +# html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +# html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = "google-cloud-iap-doc" + +# -- Options for warnings ------------------------------------------------------ + + +suppress_warnings = [ + # Temporarily suppress this to avoid "more than one target found for + # cross-reference" warning, which are intractable for us to avoid while in + # a mono-repo. + # See https://github.com/sphinx-doc/sphinx/blob + # /2a65ffeef5c107c19084fabdd706cdff3f52d93c/sphinx/domains/python.py#L843 + "ref.python" +] + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + # Additional stuff for the LaTeX preamble. + # 'preamble': '', + # Latex figure (float) alignment + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + ( + master_doc, + "google-cloud-iap.tex", + u"google-cloud-iap Documentation", + author, + "manual", + ) +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ( + master_doc, + "google-cloud-iap", + u"Google Cloud Iap Documentation", + [author], + 1, + ) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ( + master_doc, + "google-cloud-iap", + u"google-cloud-iap Documentation", + author, + "google-cloud-iap", + "GAPIC library for Google Cloud Iap API", + "APIs", + ) +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + + +# Example configuration for intersphinx: refer to the Python standard library. +intersphinx_mapping = { + "python": ("http://python.readthedocs.org/en/latest/", None), + "gax": ("https://gax-python.readthedocs.org/en/latest/", None), + "google-auth": ("https://google-auth.readthedocs.io/en/stable", None), + "google-gax": ("https://gax-python.readthedocs.io/en/latest/", None), + "google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None), + "grpc": ("https://grpc.io/grpc/python/", None), + "requests": ("http://requests.kennethreitz.org/en/stable/", None), + "proto": ("https://proto-plus-python.readthedocs.io/en/stable", None), + "protobuf": ("https://googleapis.dev/python/protobuf/latest/", None), +} + + +# Napoleon settings +napoleon_google_docstring = True +napoleon_numpy_docstring = True +napoleon_include_private_with_doc = False +napoleon_include_special_with_doc = True +napoleon_use_admonition_for_examples = False +napoleon_use_admonition_for_notes = False +napoleon_use_admonition_for_references = False +napoleon_use_ivar = False +napoleon_use_param = True +napoleon_use_rtype = True diff --git a/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst b/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst new file mode 100644 index 0000000..1275baf --- /dev/null +++ b/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst @@ -0,0 +1,6 @@ +IdentityAwareProxyAdminService +------------------------------------------------ + +.. automodule:: google.cloud.iap_v1.services.identity_aware_proxy_admin_service + :members: + :inherited-members: diff --git a/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst b/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst new file mode 100644 index 0000000..172d1e6 --- /dev/null +++ b/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst @@ -0,0 +1,10 @@ +IdentityAwareProxyOAuthService +------------------------------------------------ + +.. automodule:: google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service + :members: + :inherited-members: + +.. automodule:: google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.pagers + :members: + :inherited-members: diff --git a/owl-bot-staging/v1/docs/iap_v1/services.rst b/owl-bot-staging/v1/docs/iap_v1/services.rst new file mode 100644 index 0000000..7f5aebf --- /dev/null +++ b/owl-bot-staging/v1/docs/iap_v1/services.rst @@ -0,0 +1,7 @@ +Services for Google Cloud Iap v1 API +==================================== +.. toctree:: + :maxdepth: 2 + + identity_aware_proxy_admin_service + identity_aware_proxy_o_auth_service diff --git a/owl-bot-staging/v1/docs/iap_v1/types.rst b/owl-bot-staging/v1/docs/iap_v1/types.rst new file mode 100644 index 0000000..cd228d8 --- /dev/null +++ b/owl-bot-staging/v1/docs/iap_v1/types.rst @@ -0,0 +1,7 @@ +Types for Google Cloud Iap v1 API +================================= + +.. automodule:: google.cloud.iap_v1.types + :members: + :undoc-members: + :show-inheritance: diff --git a/owl-bot-staging/v1/docs/index.rst b/owl-bot-staging/v1/docs/index.rst new file mode 100644 index 0000000..aa9d4a3 --- /dev/null +++ b/owl-bot-staging/v1/docs/index.rst @@ -0,0 +1,7 @@ +API Reference +------------- +.. toctree:: + :maxdepth: 2 + + iap_v1/services + iap_v1/types diff --git a/owl-bot-staging/v1/google/cloud/iap/__init__.py b/owl-bot-staging/v1/google/cloud/iap/__init__.py new file mode 100644 index 0000000..1f9d334 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap/__init__.py @@ -0,0 +1,71 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from google.cloud.iap_v1.services.identity_aware_proxy_admin_service.client import IdentityAwareProxyAdminServiceClient +from google.cloud.iap_v1.services.identity_aware_proxy_admin_service.async_client import IdentityAwareProxyAdminServiceAsyncClient +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.client import IdentityAwareProxyOAuthServiceClient +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.async_client import IdentityAwareProxyOAuthServiceAsyncClient + +from google.cloud.iap_v1.types.service import AccessDeniedPageSettings +from google.cloud.iap_v1.types.service import AccessSettings +from google.cloud.iap_v1.types.service import ApplicationSettings +from google.cloud.iap_v1.types.service import Brand +from google.cloud.iap_v1.types.service import CorsSettings +from google.cloud.iap_v1.types.service import CreateBrandRequest +from google.cloud.iap_v1.types.service import CreateIdentityAwareProxyClientRequest +from google.cloud.iap_v1.types.service import CsmSettings +from google.cloud.iap_v1.types.service import DeleteIdentityAwareProxyClientRequest +from google.cloud.iap_v1.types.service import GcipSettings +from google.cloud.iap_v1.types.service import GetBrandRequest +from google.cloud.iap_v1.types.service import GetIapSettingsRequest +from google.cloud.iap_v1.types.service import GetIdentityAwareProxyClientRequest +from google.cloud.iap_v1.types.service import IapSettings +from google.cloud.iap_v1.types.service import IdentityAwareProxyClient +from google.cloud.iap_v1.types.service import ListBrandsRequest +from google.cloud.iap_v1.types.service import ListBrandsResponse +from google.cloud.iap_v1.types.service import ListIdentityAwareProxyClientsRequest +from google.cloud.iap_v1.types.service import ListIdentityAwareProxyClientsResponse +from google.cloud.iap_v1.types.service import OAuthSettings +from google.cloud.iap_v1.types.service import ResetIdentityAwareProxyClientSecretRequest +from google.cloud.iap_v1.types.service import UpdateIapSettingsRequest + +__all__ = ('IdentityAwareProxyAdminServiceClient', + 'IdentityAwareProxyAdminServiceAsyncClient', + 'IdentityAwareProxyOAuthServiceClient', + 'IdentityAwareProxyOAuthServiceAsyncClient', + 'AccessDeniedPageSettings', + 'AccessSettings', + 'ApplicationSettings', + 'Brand', + 'CorsSettings', + 'CreateBrandRequest', + 'CreateIdentityAwareProxyClientRequest', + 'CsmSettings', + 'DeleteIdentityAwareProxyClientRequest', + 'GcipSettings', + 'GetBrandRequest', + 'GetIapSettingsRequest', + 'GetIdentityAwareProxyClientRequest', + 'IapSettings', + 'IdentityAwareProxyClient', + 'ListBrandsRequest', + 'ListBrandsResponse', + 'ListIdentityAwareProxyClientsRequest', + 'ListIdentityAwareProxyClientsResponse', + 'OAuthSettings', + 'ResetIdentityAwareProxyClientSecretRequest', + 'UpdateIapSettingsRequest', +) diff --git a/owl-bot-staging/v1/google/cloud/iap/py.typed b/owl-bot-staging/v1/google/cloud/iap/py.typed new file mode 100644 index 0000000..90095aa --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-iap package uses inline types. diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/__init__.py new file mode 100644 index 0000000..4fcec4b --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/__init__.py @@ -0,0 +1,72 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from .services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceClient +from .services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceAsyncClient +from .services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceClient +from .services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceAsyncClient + +from .types.service import AccessDeniedPageSettings +from .types.service import AccessSettings +from .types.service import ApplicationSettings +from .types.service import Brand +from .types.service import CorsSettings +from .types.service import CreateBrandRequest +from .types.service import CreateIdentityAwareProxyClientRequest +from .types.service import CsmSettings +from .types.service import DeleteIdentityAwareProxyClientRequest +from .types.service import GcipSettings +from .types.service import GetBrandRequest +from .types.service import GetIapSettingsRequest +from .types.service import GetIdentityAwareProxyClientRequest +from .types.service import IapSettings +from .types.service import IdentityAwareProxyClient +from .types.service import ListBrandsRequest +from .types.service import ListBrandsResponse +from .types.service import ListIdentityAwareProxyClientsRequest +from .types.service import ListIdentityAwareProxyClientsResponse +from .types.service import OAuthSettings +from .types.service import ResetIdentityAwareProxyClientSecretRequest +from .types.service import UpdateIapSettingsRequest + +__all__ = ( + 'IdentityAwareProxyAdminServiceAsyncClient', + 'IdentityAwareProxyOAuthServiceAsyncClient', +'AccessDeniedPageSettings', +'AccessSettings', +'ApplicationSettings', +'Brand', +'CorsSettings', +'CreateBrandRequest', +'CreateIdentityAwareProxyClientRequest', +'CsmSettings', +'DeleteIdentityAwareProxyClientRequest', +'GcipSettings', +'GetBrandRequest', +'GetIapSettingsRequest', +'GetIdentityAwareProxyClientRequest', +'IapSettings', +'IdentityAwareProxyAdminServiceClient', +'IdentityAwareProxyClient', +'IdentityAwareProxyOAuthServiceClient', +'ListBrandsRequest', +'ListBrandsResponse', +'ListIdentityAwareProxyClientsRequest', +'ListIdentityAwareProxyClientsResponse', +'OAuthSettings', +'ResetIdentityAwareProxyClientSecretRequest', +'UpdateIapSettingsRequest', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json b/owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json new file mode 100644 index 0000000..8eb05c4 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json @@ -0,0 +1,167 @@ + { + "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", + "language": "python", + "libraryPackage": "google.cloud.iap_v1", + "protoPackage": "google.cloud.iap.v1", + "schema": "1.0", + "services": { + "IdentityAwareProxyAdminService": { + "clients": { + "grpc": { + "libraryClient": "IdentityAwareProxyAdminServiceClient", + "rpcs": { + "GetIamPolicy": { + "methods": [ + "get_iam_policy" + ] + }, + "GetIapSettings": { + "methods": [ + "get_iap_settings" + ] + }, + "SetIamPolicy": { + "methods": [ + "set_iam_policy" + ] + }, + "TestIamPermissions": { + "methods": [ + "test_iam_permissions" + ] + }, + "UpdateIapSettings": { + "methods": [ + "update_iap_settings" + ] + } + } + }, + "grpc-async": { + "libraryClient": "IdentityAwareProxyAdminServiceAsyncClient", + "rpcs": { + "GetIamPolicy": { + "methods": [ + "get_iam_policy" + ] + }, + "GetIapSettings": { + "methods": [ + "get_iap_settings" + ] + }, + "SetIamPolicy": { + "methods": [ + "set_iam_policy" + ] + }, + "TestIamPermissions": { + "methods": [ + "test_iam_permissions" + ] + }, + "UpdateIapSettings": { + "methods": [ + "update_iap_settings" + ] + } + } + } + } + }, + "IdentityAwareProxyOAuthService": { + "clients": { + "grpc": { + "libraryClient": "IdentityAwareProxyOAuthServiceClient", + "rpcs": { + "CreateBrand": { + "methods": [ + "create_brand" + ] + }, + "CreateIdentityAwareProxyClient": { + "methods": [ + "create_identity_aware_proxy_client" + ] + }, + "DeleteIdentityAwareProxyClient": { + "methods": [ + "delete_identity_aware_proxy_client" + ] + }, + "GetBrand": { + "methods": [ + "get_brand" + ] + }, + "GetIdentityAwareProxyClient": { + "methods": [ + "get_identity_aware_proxy_client" + ] + }, + "ListBrands": { + "methods": [ + "list_brands" + ] + }, + "ListIdentityAwareProxyClients": { + "methods": [ + "list_identity_aware_proxy_clients" + ] + }, + "ResetIdentityAwareProxyClientSecret": { + "methods": [ + "reset_identity_aware_proxy_client_secret" + ] + } + } + }, + "grpc-async": { + "libraryClient": "IdentityAwareProxyOAuthServiceAsyncClient", + "rpcs": { + "CreateBrand": { + "methods": [ + "create_brand" + ] + }, + "CreateIdentityAwareProxyClient": { + "methods": [ + "create_identity_aware_proxy_client" + ] + }, + "DeleteIdentityAwareProxyClient": { + "methods": [ + "delete_identity_aware_proxy_client" + ] + }, + "GetBrand": { + "methods": [ + "get_brand" + ] + }, + "GetIdentityAwareProxyClient": { + "methods": [ + "get_identity_aware_proxy_client" + ] + }, + "ListBrands": { + "methods": [ + "list_brands" + ] + }, + "ListIdentityAwareProxyClients": { + "methods": [ + "list_identity_aware_proxy_clients" + ] + }, + "ResetIdentityAwareProxyClientSecret": { + "methods": [ + "reset_identity_aware_proxy_client_secret" + ] + } + } + } + } + } + } +} diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/py.typed b/owl-bot-staging/v1/google/cloud/iap_v1/py.typed new file mode 100644 index 0000000..90095aa --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-iap package uses inline types. diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py new file mode 100644 index 0000000..4de6597 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py new file mode 100644 index 0000000..c1a2292 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .client import IdentityAwareProxyAdminServiceClient +from .async_client import IdentityAwareProxyAdminServiceAsyncClient + +__all__ = ( + 'IdentityAwareProxyAdminServiceClient', + 'IdentityAwareProxyAdminServiceAsyncClient', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py new file mode 100644 index 0000000..b6b823f --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py @@ -0,0 +1,558 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +import functools +import re +from typing import Dict, Sequence, Tuple, Type, Union +import pkg_resources + +import google.api_core.client_options as ClientOptions # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.iap_v1.types import service +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from .transports.base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO +from .transports.grpc_asyncio import IdentityAwareProxyAdminServiceGrpcAsyncIOTransport +from .client import IdentityAwareProxyAdminServiceClient + + +class IdentityAwareProxyAdminServiceAsyncClient: + """APIs for Identity-Aware Proxy Admin configurations.""" + + _client: IdentityAwareProxyAdminServiceClient + + DEFAULT_ENDPOINT = IdentityAwareProxyAdminServiceClient.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = IdentityAwareProxyAdminServiceClient.DEFAULT_MTLS_ENDPOINT + + common_billing_account_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_billing_account_path) + parse_common_billing_account_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_billing_account_path) + common_folder_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_folder_path) + parse_common_folder_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_folder_path) + common_organization_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_organization_path) + parse_common_organization_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_organization_path) + common_project_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_project_path) + parse_common_project_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_project_path) + common_location_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_location_path) + parse_common_location_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_location_path) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyAdminServiceAsyncClient: The constructed client. + """ + return IdentityAwareProxyAdminServiceClient.from_service_account_info.__func__(IdentityAwareProxyAdminServiceAsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyAdminServiceAsyncClient: The constructed client. + """ + return IdentityAwareProxyAdminServiceClient.from_service_account_file.__func__(IdentityAwareProxyAdminServiceAsyncClient, filename, *args, **kwargs) # type: ignore + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> IdentityAwareProxyAdminServiceTransport: + """Returns the transport used by the client instance. + + Returns: + IdentityAwareProxyAdminServiceTransport: The transport used by the client instance. + """ + return self._client.transport + + get_transport_class = functools.partial(type(IdentityAwareProxyAdminServiceClient).get_transport_class, type(IdentityAwareProxyAdminServiceClient)) + + def __init__(self, *, + credentials: ga_credentials.Credentials = None, + transport: Union[str, IdentityAwareProxyAdminServiceTransport] = "grpc_asyncio", + client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the identity aware proxy admin service client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.IdentityAwareProxyAdminServiceTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client = IdentityAwareProxyAdminServiceClient( + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, + + ) + + async def set_iam_policy(self, + request: iam_policy_pb2.SetIamPolicyRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Sets the access control policy for an Identity-Aware Proxy + protected resource. Replaces any existing policy. More + information about managing access via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Args: + request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`): + The request object. Request message for `SetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). + + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy_pb2.SetIamPolicyRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.set_iam_policy, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("resource", request.resource), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_iam_policy(self, + request: iam_policy_pb2.GetIamPolicyRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Gets the access control policy for an Identity-Aware Proxy + protected resource. More information about managing access via + IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Args: + request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`): + The request object. Request message for `GetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). + + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy_pb2.GetIamPolicyRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_iam_policy, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("resource", request.resource), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def test_iam_permissions(self, + request: iam_policy_pb2.TestIamPermissionsRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> iam_policy_pb2.TestIamPermissionsResponse: + r"""Returns permissions that a caller has on the Identity-Aware + Proxy protected resource. More information about managing access + via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Args: + request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`): + The request object. Request message for + `TestIamPermissions` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy_pb2.TestIamPermissionsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.test_iam_permissions, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("resource", request.resource), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_iap_settings(self, + request: service.GetIapSettingsRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IapSettings: + r"""Gets the IAP settings on a particular IAP protected + resource. + + Args: + request (:class:`google.cloud.iap_v1.types.GetIapSettingsRequest`): + The request object. The request sent to GetIapSettings. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IapSettings: + The IAP configurable settings. + """ + # Create or coerce a protobuf request object. + request = service.GetIapSettingsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_iap_settings, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def update_iap_settings(self, + request: service.UpdateIapSettingsRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IapSettings: + r"""Updates the IAP settings on a particular IAP protected resource. + It replaces all fields unless the ``update_mask`` is set. + + Args: + request (:class:`google.cloud.iap_v1.types.UpdateIapSettingsRequest`): + The request object. The request sent to + UpdateIapSettings. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IapSettings: + The IAP configurable settings. + """ + # Create or coerce a protobuf request object. + request = service.UpdateIapSettingsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.update_iap_settings, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("iap_settings.name", request.iap_settings.name), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def __aenter__(self): + return self + + async def __aexit__(self, exc_type, exc, tb): + await self.transport.close() + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-iap", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ( + "IdentityAwareProxyAdminServiceAsyncClient", +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py new file mode 100644 index 0000000..21818c0 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py @@ -0,0 +1,745 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from distutils import util +import os +import re +from typing import Dict, Optional, Sequence, Tuple, Type, Union +import pkg_resources + +from google.api_core import client_options as client_options_lib # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.iap_v1.types import service +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from .transports.base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO +from .transports.grpc import IdentityAwareProxyAdminServiceGrpcTransport +from .transports.grpc_asyncio import IdentityAwareProxyAdminServiceGrpcAsyncIOTransport + + +class IdentityAwareProxyAdminServiceClientMeta(type): + """Metaclass for the IdentityAwareProxyAdminService client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + _transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyAdminServiceTransport]] + _transport_registry["grpc"] = IdentityAwareProxyAdminServiceGrpcTransport + _transport_registry["grpc_asyncio"] = IdentityAwareProxyAdminServiceGrpcAsyncIOTransport + + def get_transport_class(cls, + label: str = None, + ) -> Type[IdentityAwareProxyAdminServiceTransport]: + """Returns an appropriate transport class. + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class IdentityAwareProxyAdminServiceClient(metaclass=IdentityAwareProxyAdminServiceClientMeta): + """APIs for Identity-Aware Proxy Admin configurations.""" + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Converts api endpoint to mTLS endpoint. + + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + DEFAULT_ENDPOINT = "iap.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyAdminServiceClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyAdminServiceClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file( + filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> IdentityAwareProxyAdminServiceTransport: + """Returns the transport used by the client instance. + + Returns: + IdentityAwareProxyAdminServiceTransport: The transport used by the client + instance. + """ + return self._transport + + @staticmethod + def common_billing_account_path(billing_account: str, ) -> str: + """Returns a fully-qualified billing_account string.""" + return "billingAccounts/{billing_account}".format(billing_account=billing_account, ) + + @staticmethod + def parse_common_billing_account_path(path: str) -> Dict[str,str]: + """Parse a billing_account path into its component segments.""" + m = re.match(r"^billingAccounts/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_folder_path(folder: str, ) -> str: + """Returns a fully-qualified folder string.""" + return "folders/{folder}".format(folder=folder, ) + + @staticmethod + def parse_common_folder_path(path: str) -> Dict[str,str]: + """Parse a folder path into its component segments.""" + m = re.match(r"^folders/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_organization_path(organization: str, ) -> str: + """Returns a fully-qualified organization string.""" + return "organizations/{organization}".format(organization=organization, ) + + @staticmethod + def parse_common_organization_path(path: str) -> Dict[str,str]: + """Parse a organization path into its component segments.""" + m = re.match(r"^organizations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_project_path(project: str, ) -> str: + """Returns a fully-qualified project string.""" + return "projects/{project}".format(project=project, ) + + @staticmethod + def parse_common_project_path(path: str) -> Dict[str,str]: + """Parse a project path into its component segments.""" + m = re.match(r"^projects/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_location_path(project: str, location: str, ) -> str: + """Returns a fully-qualified location string.""" + return "projects/{project}/locations/{location}".format(project=project, location=location, ) + + @staticmethod + def parse_common_location_path(path: str) -> Dict[str,str]: + """Parse a location path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) + return m.groupdict() if m else {} + + def __init__(self, *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Union[str, IdentityAwareProxyAdminServiceTransport, None] = None, + client_options: Optional[client_options_lib.ClientOptions] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the identity aware proxy admin service client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, IdentityAwareProxyAdminServiceTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. It won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + if isinstance(client_options, dict): + client_options = client_options_lib.from_dict(client_options) + if client_options is None: + client_options = client_options_lib.ClientOptions() + + # Create SSL credentials for mutual TLS if needed. + use_client_cert = bool(util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))) + + client_cert_source_func = None + is_mtls = False + if use_client_cert: + if client_options.client_cert_source: + is_mtls = True + client_cert_source_func = client_options.client_cert_source + else: + is_mtls = mtls.has_default_client_cert_source() + if is_mtls: + client_cert_source_func = mtls.default_client_cert_source() + else: + client_cert_source_func = None + + # Figure out which api endpoint to use. + if client_options.api_endpoint is not None: + api_endpoint = client_options.api_endpoint + else: + use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") + if use_mtls_env == "never": + api_endpoint = self.DEFAULT_ENDPOINT + elif use_mtls_env == "always": + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + elif use_mtls_env == "auto": + if is_mtls: + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = self.DEFAULT_ENDPOINT + else: + raise MutualTLSChannelError( + "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " + "values: never, auto, always" + ) + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + if isinstance(transport, IdentityAwareProxyAdminServiceTransport): + # transport is a IdentityAwareProxyAdminServiceTransport instance. + if credentials or client_options.credentials_file: + raise ValueError("When providing a transport instance, " + "provide its credentials directly.") + if client_options.scopes: + raise ValueError( + "When providing a transport instance, provide its scopes " + "directly." + ) + self._transport = transport + else: + Transport = type(self).get_transport_class(transport) + self._transport = Transport( + credentials=credentials, + credentials_file=client_options.credentials_file, + host=api_endpoint, + scopes=client_options.scopes, + client_cert_source_for_mtls=client_cert_source_func, + quota_project_id=client_options.quota_project_id, + client_info=client_info, + always_use_jwt_access=True, + ) + + def set_iam_policy(self, + request: Union[iam_policy_pb2.SetIamPolicyRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Sets the access control policy for an Identity-Aware Proxy + protected resource. Replaces any existing policy. More + information about managing access via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Args: + request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]): + The request object. Request message for `SetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). + + """ + # Create or coerce a protobuf request object. + if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + request = iam_policy_pb2.SetIamPolicyRequest(**request) + elif not request: + # Null request, just make one. + request = iam_policy_pb2.SetIamPolicyRequest() + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.set_iam_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("resource", request.resource), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_iam_policy(self, + request: Union[iam_policy_pb2.GetIamPolicyRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy_pb2.Policy: + r"""Gets the access control policy for an Identity-Aware Proxy + protected resource. More information about managing access via + IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Args: + request (Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]): + The request object. Request message for `GetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). + + """ + # Create or coerce a protobuf request object. + if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + request = iam_policy_pb2.GetIamPolicyRequest(**request) + elif not request: + # Null request, just make one. + request = iam_policy_pb2.GetIamPolicyRequest() + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_iam_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("resource", request.resource), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def test_iam_permissions(self, + request: Union[iam_policy_pb2.TestIamPermissionsRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> iam_policy_pb2.TestIamPermissionsResponse: + r"""Returns permissions that a caller has on the Identity-Aware + Proxy protected resource. More information about managing access + via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Args: + request (Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]): + The request object. Request message for + `TestIamPermissions` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. + """ + # Create or coerce a protobuf request object. + if isinstance(request, dict): + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + request = iam_policy_pb2.TestIamPermissionsRequest(**request) + elif not request: + # Null request, just make one. + request = iam_policy_pb2.TestIamPermissionsRequest() + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.test_iam_permissions] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("resource", request.resource), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_iap_settings(self, + request: Union[service.GetIapSettingsRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IapSettings: + r"""Gets the IAP settings on a particular IAP protected + resource. + + Args: + request (Union[google.cloud.iap_v1.types.GetIapSettingsRequest, dict]): + The request object. The request sent to GetIapSettings. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IapSettings: + The IAP configurable settings. + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.GetIapSettingsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetIapSettingsRequest): + request = service.GetIapSettingsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_iap_settings] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def update_iap_settings(self, + request: Union[service.UpdateIapSettingsRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IapSettings: + r"""Updates the IAP settings on a particular IAP protected resource. + It replaces all fields unless the ``update_mask`` is set. + + Args: + request (Union[google.cloud.iap_v1.types.UpdateIapSettingsRequest, dict]): + The request object. The request sent to + UpdateIapSettings. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IapSettings: + The IAP configurable settings. + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.UpdateIapSettingsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.UpdateIapSettingsRequest): + request = service.UpdateIapSettingsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.update_iap_settings] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("iap_settings.name", request.iap_settings.name), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def __enter__(self): + return self + + def __exit__(self, type, value, traceback): + """Releases underlying transport's resources. + + .. warning:: + ONLY use as a context manager if the transport is NOT shared + with other clients! Exiting the with block will CLOSE the transport + and may cause errors in other clients! + """ + self.transport.close() + + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-iap", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ( + "IdentityAwareProxyAdminServiceClient", +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py new file mode 100644 index 0000000..dc8f65f --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from typing import Dict, Type + +from .base import IdentityAwareProxyAdminServiceTransport +from .grpc import IdentityAwareProxyAdminServiceGrpcTransport +from .grpc_asyncio import IdentityAwareProxyAdminServiceGrpcAsyncIOTransport + + +# Compile a registry of transports. +_transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyAdminServiceTransport]] +_transport_registry['grpc'] = IdentityAwareProxyAdminServiceGrpcTransport +_transport_registry['grpc_asyncio'] = IdentityAwareProxyAdminServiceGrpcAsyncIOTransport + +__all__ = ( + 'IdentityAwareProxyAdminServiceTransport', + 'IdentityAwareProxyAdminServiceGrpcTransport', + 'IdentityAwareProxyAdminServiceGrpcAsyncIOTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py new file mode 100644 index 0000000..bdd5bf9 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py @@ -0,0 +1,235 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import abc +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union +import packaging.version +import pkg_resources + +import google.auth # type: ignore +import google.api_core # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.iap_v1.types import service +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + 'google-cloud-iap', + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + +try: + # google.auth.__version__ was added in 1.26.0 + _GOOGLE_AUTH_VERSION = google.auth.__version__ +except AttributeError: + try: # try pkg_resources if it is available + _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version + except pkg_resources.DistributionNotFound: # pragma: NO COVER + _GOOGLE_AUTH_VERSION = None + + +class IdentityAwareProxyAdminServiceTransport(abc.ABC): + """Abstract transport class for IdentityAwareProxyAdminService.""" + + AUTH_SCOPES = ( + 'https://www.googleapis.com/auth/cloud-platform', + ) + + DEFAULT_HOST: str = 'iap.googleapis.com' + def __init__( + self, *, + host: str = DEFAULT_HOST, + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + """ + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ':' not in host: + host += ':443' + self._host = host + + scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) + + # Save the scopes. + self._scopes = scopes + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise core_exceptions.DuplicateCredentialArgs("'credentials_file' and 'credentials' are mutually exclusive") + + if credentials_file is not None: + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, + **scopes_kwargs, + quota_project_id=quota_project_id + ) + + elif credentials is None: + credentials, _ = google.auth.default(**scopes_kwargs, quota_project_id=quota_project_id) + + # If the credentials are service account credentials, then always try to use self signed JWT. + if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): + credentials = credentials.with_always_use_jwt_access(True) + + # Save the credentials. + self._credentials = credentials + + # TODO(busunkim): This method is in the base transport + # to avoid duplicating code across the transport classes. These functions + # should be deleted once the minimum required versions of google-auth is increased. + + # TODO: Remove this function once google-auth >= 1.25.0 is required + @classmethod + def _get_scopes_kwargs(cls, host: str, scopes: Optional[Sequence[str]]) -> Dict[str, Optional[Sequence[str]]]: + """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" + + scopes_kwargs = {} + + if _GOOGLE_AUTH_VERSION and ( + packaging.version.parse(_GOOGLE_AUTH_VERSION) + >= packaging.version.parse("1.25.0") + ): + scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} + else: + scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} + + return scopes_kwargs + + def _prep_wrapped_messages(self, client_info): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.set_iam_policy: gapic_v1.method.wrap_method( + self.set_iam_policy, + default_timeout=None, + client_info=client_info, + ), + self.get_iam_policy: gapic_v1.method.wrap_method( + self.get_iam_policy, + default_timeout=None, + client_info=client_info, + ), + self.test_iam_permissions: gapic_v1.method.wrap_method( + self.test_iam_permissions, + default_timeout=None, + client_info=client_info, + ), + self.get_iap_settings: gapic_v1.method.wrap_method( + self.get_iap_settings, + default_timeout=None, + client_info=client_info, + ), + self.update_iap_settings: gapic_v1.method.wrap_method( + self.update_iap_settings, + default_timeout=None, + client_info=client_info, + ), + } + + def close(self): + """Closes resources associated with the transport. + + .. warning:: + Only call this method if the transport is NOT shared + with other clients - this may cause errors in other clients! + """ + raise NotImplementedError() + + @property + def set_iam_policy(self) -> Callable[ + [iam_policy_pb2.SetIamPolicyRequest], + Union[ + policy_pb2.Policy, + Awaitable[policy_pb2.Policy] + ]]: + raise NotImplementedError() + + @property + def get_iam_policy(self) -> Callable[ + [iam_policy_pb2.GetIamPolicyRequest], + Union[ + policy_pb2.Policy, + Awaitable[policy_pb2.Policy] + ]]: + raise NotImplementedError() + + @property + def test_iam_permissions(self) -> Callable[ + [iam_policy_pb2.TestIamPermissionsRequest], + Union[ + iam_policy_pb2.TestIamPermissionsResponse, + Awaitable[iam_policy_pb2.TestIamPermissionsResponse] + ]]: + raise NotImplementedError() + + @property + def get_iap_settings(self) -> Callable[ + [service.GetIapSettingsRequest], + Union[ + service.IapSettings, + Awaitable[service.IapSettings] + ]]: + raise NotImplementedError() + + @property + def update_iap_settings(self) -> Callable[ + [service.UpdateIapSettingsRequest], + Union[ + service.IapSettings, + Awaitable[service.IapSettings] + ]]: + raise NotImplementedError() + + +__all__ = ( + 'IdentityAwareProxyAdminServiceTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py new file mode 100644 index 0000000..787db6e --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py @@ -0,0 +1,371 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import grpc_helpers # type: ignore +from google.api_core import gapic_v1 # type: ignore +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore + +import grpc # type: ignore + +from google.cloud.iap_v1.types import service +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from .base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO + + +class IdentityAwareProxyAdminServiceGrpcTransport(IdentityAwareProxyAdminServiceTransport): + """gRPC backend transport for IdentityAwareProxyAdminService. + + APIs for Identity-Aware Proxy Admin configurations. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + _stubs: Dict[str, Callable] + + def __init__(self, *, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Sequence[str] = None, + channel: grpc.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + channel (Optional[grpc.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @classmethod + def create_channel(cls, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Return the channel designed to connect to this service. + """ + return self._grpc_channel + + @property + def set_iam_policy(self) -> Callable[ + [iam_policy_pb2.SetIamPolicyRequest], + policy_pb2.Policy]: + r"""Return a callable for the set iam policy method over gRPC. + + Sets the access control policy for an Identity-Aware Proxy + protected resource. Replaces any existing policy. More + information about managing access via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Returns: + Callable[[~.SetIamPolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'set_iam_policy' not in self._stubs: + self._stubs['set_iam_policy'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/SetIamPolicy', + request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString, + response_deserializer=policy_pb2.Policy.FromString, + ) + return self._stubs['set_iam_policy'] + + @property + def get_iam_policy(self) -> Callable[ + [iam_policy_pb2.GetIamPolicyRequest], + policy_pb2.Policy]: + r"""Return a callable for the get iam policy method over gRPC. + + Gets the access control policy for an Identity-Aware Proxy + protected resource. More information about managing access via + IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Returns: + Callable[[~.GetIamPolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_iam_policy' not in self._stubs: + self._stubs['get_iam_policy'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIamPolicy', + request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString, + response_deserializer=policy_pb2.Policy.FromString, + ) + return self._stubs['get_iam_policy'] + + @property + def test_iam_permissions(self) -> Callable[ + [iam_policy_pb2.TestIamPermissionsRequest], + iam_policy_pb2.TestIamPermissionsResponse]: + r"""Return a callable for the test iam permissions method over gRPC. + + Returns permissions that a caller has on the Identity-Aware + Proxy protected resource. More information about managing access + via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Returns: + Callable[[~.TestIamPermissionsRequest], + ~.TestIamPermissionsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'test_iam_permissions' not in self._stubs: + self._stubs['test_iam_permissions'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/TestIamPermissions', + request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString, + response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString, + ) + return self._stubs['test_iam_permissions'] + + @property + def get_iap_settings(self) -> Callable[ + [service.GetIapSettingsRequest], + service.IapSettings]: + r"""Return a callable for the get iap settings method over gRPC. + + Gets the IAP settings on a particular IAP protected + resource. + + Returns: + Callable[[~.GetIapSettingsRequest], + ~.IapSettings]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_iap_settings' not in self._stubs: + self._stubs['get_iap_settings'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIapSettings', + request_serializer=service.GetIapSettingsRequest.serialize, + response_deserializer=service.IapSettings.deserialize, + ) + return self._stubs['get_iap_settings'] + + @property + def update_iap_settings(self) -> Callable[ + [service.UpdateIapSettingsRequest], + service.IapSettings]: + r"""Return a callable for the update iap settings method over gRPC. + + Updates the IAP settings on a particular IAP protected resource. + It replaces all fields unless the ``update_mask`` is set. + + Returns: + Callable[[~.UpdateIapSettingsRequest], + ~.IapSettings]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'update_iap_settings' not in self._stubs: + self._stubs['update_iap_settings'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/UpdateIapSettings', + request_serializer=service.UpdateIapSettingsRequest.serialize, + response_deserializer=service.IapSettings.deserialize, + ) + return self._stubs['update_iap_settings'] + + def close(self): + self.grpc_channel.close() + +__all__ = ( + 'IdentityAwareProxyAdminServiceGrpcTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py new file mode 100644 index 0000000..1c4a6d9 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py @@ -0,0 +1,376 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import gapic_v1 # type: ignore +from google.api_core import grpc_helpers_async # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +import packaging.version + +import grpc # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.iap_v1.types import service +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from .base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO +from .grpc import IdentityAwareProxyAdminServiceGrpcTransport + + +class IdentityAwareProxyAdminServiceGrpcAsyncIOTransport(IdentityAwareProxyAdminServiceTransport): + """gRPC AsyncIO backend transport for IdentityAwareProxyAdminService. + + APIs for Identity-Aware Proxy Admin configurations. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel(cls, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs + ) + + def __init__(self, *, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: aio.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id=None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[aio.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Return the channel from cache. + return self._grpc_channel + + @property + def set_iam_policy(self) -> Callable[ + [iam_policy_pb2.SetIamPolicyRequest], + Awaitable[policy_pb2.Policy]]: + r"""Return a callable for the set iam policy method over gRPC. + + Sets the access control policy for an Identity-Aware Proxy + protected resource. Replaces any existing policy. More + information about managing access via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Returns: + Callable[[~.SetIamPolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'set_iam_policy' not in self._stubs: + self._stubs['set_iam_policy'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/SetIamPolicy', + request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString, + response_deserializer=policy_pb2.Policy.FromString, + ) + return self._stubs['set_iam_policy'] + + @property + def get_iam_policy(self) -> Callable[ + [iam_policy_pb2.GetIamPolicyRequest], + Awaitable[policy_pb2.Policy]]: + r"""Return a callable for the get iam policy method over gRPC. + + Gets the access control policy for an Identity-Aware Proxy + protected resource. More information about managing access via + IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Returns: + Callable[[~.GetIamPolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_iam_policy' not in self._stubs: + self._stubs['get_iam_policy'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIamPolicy', + request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString, + response_deserializer=policy_pb2.Policy.FromString, + ) + return self._stubs['get_iam_policy'] + + @property + def test_iam_permissions(self) -> Callable[ + [iam_policy_pb2.TestIamPermissionsRequest], + Awaitable[iam_policy_pb2.TestIamPermissionsResponse]]: + r"""Return a callable for the test iam permissions method over gRPC. + + Returns permissions that a caller has on the Identity-Aware + Proxy protected resource. More information about managing access + via IAP can be found at: + https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api + + Returns: + Callable[[~.TestIamPermissionsRequest], + Awaitable[~.TestIamPermissionsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'test_iam_permissions' not in self._stubs: + self._stubs['test_iam_permissions'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/TestIamPermissions', + request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString, + response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString, + ) + return self._stubs['test_iam_permissions'] + + @property + def get_iap_settings(self) -> Callable[ + [service.GetIapSettingsRequest], + Awaitable[service.IapSettings]]: + r"""Return a callable for the get iap settings method over gRPC. + + Gets the IAP settings on a particular IAP protected + resource. + + Returns: + Callable[[~.GetIapSettingsRequest], + Awaitable[~.IapSettings]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_iap_settings' not in self._stubs: + self._stubs['get_iap_settings'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIapSettings', + request_serializer=service.GetIapSettingsRequest.serialize, + response_deserializer=service.IapSettings.deserialize, + ) + return self._stubs['get_iap_settings'] + + @property + def update_iap_settings(self) -> Callable[ + [service.UpdateIapSettingsRequest], + Awaitable[service.IapSettings]]: + r"""Return a callable for the update iap settings method over gRPC. + + Updates the IAP settings on a particular IAP protected resource. + It replaces all fields unless the ``update_mask`` is set. + + Returns: + Callable[[~.UpdateIapSettingsRequest], + Awaitable[~.IapSettings]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'update_iap_settings' not in self._stubs: + self._stubs['update_iap_settings'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyAdminService/UpdateIapSettings', + request_serializer=service.UpdateIapSettingsRequest.serialize, + response_deserializer=service.IapSettings.deserialize, + ) + return self._stubs['update_iap_settings'] + + def close(self): + return self.grpc_channel.close() + + +__all__ = ( + 'IdentityAwareProxyAdminServiceGrpcAsyncIOTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py new file mode 100644 index 0000000..a72eaaa --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .client import IdentityAwareProxyOAuthServiceClient +from .async_client import IdentityAwareProxyOAuthServiceAsyncClient + +__all__ = ( + 'IdentityAwareProxyOAuthServiceClient', + 'IdentityAwareProxyOAuthServiceAsyncClient', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py new file mode 100644 index 0000000..e1c1140 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py @@ -0,0 +1,624 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +import functools +import re +from typing import Dict, Sequence, Tuple, Type, Union +import pkg_resources + +import google.api_core.client_options as ClientOptions # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import pagers +from google.cloud.iap_v1.types import service +from .transports.base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO +from .transports.grpc_asyncio import IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport +from .client import IdentityAwareProxyOAuthServiceClient + + +class IdentityAwareProxyOAuthServiceAsyncClient: + """API to programmatically create, list and retrieve Identity + Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and + reset-secret of IAP OAuth clients. + """ + + _client: IdentityAwareProxyOAuthServiceClient + + DEFAULT_ENDPOINT = IdentityAwareProxyOAuthServiceClient.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = IdentityAwareProxyOAuthServiceClient.DEFAULT_MTLS_ENDPOINT + + common_billing_account_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_billing_account_path) + parse_common_billing_account_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_billing_account_path) + common_folder_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_folder_path) + parse_common_folder_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_folder_path) + common_organization_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_organization_path) + parse_common_organization_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_organization_path) + common_project_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_project_path) + parse_common_project_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_project_path) + common_location_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_location_path) + parse_common_location_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_location_path) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyOAuthServiceAsyncClient: The constructed client. + """ + return IdentityAwareProxyOAuthServiceClient.from_service_account_info.__func__(IdentityAwareProxyOAuthServiceAsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyOAuthServiceAsyncClient: The constructed client. + """ + return IdentityAwareProxyOAuthServiceClient.from_service_account_file.__func__(IdentityAwareProxyOAuthServiceAsyncClient, filename, *args, **kwargs) # type: ignore + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> IdentityAwareProxyOAuthServiceTransport: + """Returns the transport used by the client instance. + + Returns: + IdentityAwareProxyOAuthServiceTransport: The transport used by the client instance. + """ + return self._client.transport + + get_transport_class = functools.partial(type(IdentityAwareProxyOAuthServiceClient).get_transport_class, type(IdentityAwareProxyOAuthServiceClient)) + + def __init__(self, *, + credentials: ga_credentials.Credentials = None, + transport: Union[str, IdentityAwareProxyOAuthServiceTransport] = "grpc_asyncio", + client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the identity aware proxy o auth service client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.IdentityAwareProxyOAuthServiceTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client = IdentityAwareProxyOAuthServiceClient( + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, + + ) + + async def list_brands(self, + request: service.ListBrandsRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.ListBrandsResponse: + r"""Lists the existing brands for the project. + + Args: + request (:class:`google.cloud.iap_v1.types.ListBrandsRequest`): + The request object. The request sent to ListBrands. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.ListBrandsResponse: + Response message for ListBrands. + """ + # Create or coerce a protobuf request object. + request = service.ListBrandsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_brands, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def create_brand(self, + request: service.CreateBrandRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.Brand: + r"""Constructs a new OAuth brand for the project if one + does not exist. The created brand is "internal only", + meaning that OAuth clients created under it only accept + requests from users who belong to the same G Suite + organization as the project. The brand is created in an + un-reviewed status. NOTE: The "internal only" status can + be manually changed in the Google Cloud console. + Requires that a brand does not already exist for the + project, and that the specified support email is owned + by the caller. + + Args: + request (:class:`google.cloud.iap_v1.types.CreateBrandRequest`): + The request object. The request sent to CreateBrand. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.Brand: + OAuth brand data. + NOTE: Only contains a portion of the + data that describes a brand. + + """ + # Create or coerce a protobuf request object. + request = service.CreateBrandRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_brand, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_brand(self, + request: service.GetBrandRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.Brand: + r"""Retrieves the OAuth brand of the project. + + Args: + request (:class:`google.cloud.iap_v1.types.GetBrandRequest`): + The request object. The request sent to GetBrand. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.Brand: + OAuth brand data. + NOTE: Only contains a portion of the + data that describes a brand. + + """ + # Create or coerce a protobuf request object. + request = service.GetBrandRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_brand, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def create_identity_aware_proxy_client(self, + request: service.CreateIdentityAwareProxyClientRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IdentityAwareProxyClient: + r"""Creates an Identity Aware Proxy (IAP) OAuth client. + The client is owned by IAP. Requires that the brand for + the project exists and that it is set for internal-only + use. + + Args: + request (:class:`google.cloud.iap_v1.types.CreateIdentityAwareProxyClientRequest`): + The request object. The request sent to + CreateIdentityAwareProxyClient. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IdentityAwareProxyClient: + Contains the data that describes an + Identity Aware Proxy owned client. + + """ + # Create or coerce a protobuf request object. + request = service.CreateIdentityAwareProxyClientRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_identity_aware_proxy_client, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def list_identity_aware_proxy_clients(self, + request: service.ListIdentityAwareProxyClientsRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListIdentityAwareProxyClientsAsyncPager: + r"""Lists the existing clients for the brand. + + Args: + request (:class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest`): + The request object. The request sent to + ListIdentityAwareProxyClients. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.pagers.ListIdentityAwareProxyClientsAsyncPager: + Response message for + ListIdentityAwareProxyClients. + Iterating over this object will yield + results and resolve additional pages + automatically. + + """ + # Create or coerce a protobuf request object. + request = service.ListIdentityAwareProxyClientsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_identity_aware_proxy_clients, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListIdentityAwareProxyClientsAsyncPager( + method=rpc, + request=request, + response=response, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_identity_aware_proxy_client(self, + request: service.GetIdentityAwareProxyClientRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IdentityAwareProxyClient: + r"""Retrieves an Identity Aware Proxy (IAP) OAuth client. + Requires that the client is owned by IAP. + + Args: + request (:class:`google.cloud.iap_v1.types.GetIdentityAwareProxyClientRequest`): + The request object. The request sent to + GetIdentityAwareProxyClient. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IdentityAwareProxyClient: + Contains the data that describes an + Identity Aware Proxy owned client. + + """ + # Create or coerce a protobuf request object. + request = service.GetIdentityAwareProxyClientRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_identity_aware_proxy_client, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def reset_identity_aware_proxy_client_secret(self, + request: service.ResetIdentityAwareProxyClientSecretRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IdentityAwareProxyClient: + r"""Resets an Identity Aware Proxy (IAP) OAuth client + secret. Useful if the secret was compromised. Requires + that the client is owned by IAP. + + Args: + request (:class:`google.cloud.iap_v1.types.ResetIdentityAwareProxyClientSecretRequest`): + The request object. The request sent to + ResetIdentityAwareProxyClientSecret. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IdentityAwareProxyClient: + Contains the data that describes an + Identity Aware Proxy owned client. + + """ + # Create or coerce a protobuf request object. + request = service.ResetIdentityAwareProxyClientSecretRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.reset_identity_aware_proxy_client_secret, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def delete_identity_aware_proxy_client(self, + request: service.DeleteIdentityAwareProxyClientRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Deletes an Identity Aware Proxy (IAP) OAuth client. + Useful for removing obsolete clients, managing the + number of clients in a given project, and cleaning up + after tests. Requires that the client is owned by IAP. + + Args: + request (:class:`google.cloud.iap_v1.types.DeleteIdentityAwareProxyClientRequest`): + The request object. The request sent to + DeleteIdentityAwareProxyClient. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + # Create or coerce a protobuf request object. + request = service.DeleteIdentityAwareProxyClientRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.delete_identity_aware_proxy_client, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + async def __aenter__(self): + return self + + async def __aexit__(self, exc_type, exc, tb): + await self.transport.close() + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-iap", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ( + "IdentityAwareProxyOAuthServiceAsyncClient", +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py new file mode 100644 index 0000000..383ba2b --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py @@ -0,0 +1,820 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from distutils import util +import os +import re +from typing import Dict, Optional, Sequence, Tuple, Type, Union +import pkg_resources + +from google.api_core import client_options as client_options_lib # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import pagers +from google.cloud.iap_v1.types import service +from .transports.base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO +from .transports.grpc import IdentityAwareProxyOAuthServiceGrpcTransport +from .transports.grpc_asyncio import IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport + + +class IdentityAwareProxyOAuthServiceClientMeta(type): + """Metaclass for the IdentityAwareProxyOAuthService client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + _transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyOAuthServiceTransport]] + _transport_registry["grpc"] = IdentityAwareProxyOAuthServiceGrpcTransport + _transport_registry["grpc_asyncio"] = IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport + + def get_transport_class(cls, + label: str = None, + ) -> Type[IdentityAwareProxyOAuthServiceTransport]: + """Returns an appropriate transport class. + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class IdentityAwareProxyOAuthServiceClient(metaclass=IdentityAwareProxyOAuthServiceClientMeta): + """API to programmatically create, list and retrieve Identity + Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and + reset-secret of IAP OAuth clients. + """ + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Converts api endpoint to mTLS endpoint. + + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + DEFAULT_ENDPOINT = "iap.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyOAuthServiceClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + IdentityAwareProxyOAuthServiceClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file( + filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> IdentityAwareProxyOAuthServiceTransport: + """Returns the transport used by the client instance. + + Returns: + IdentityAwareProxyOAuthServiceTransport: The transport used by the client + instance. + """ + return self._transport + + @staticmethod + def common_billing_account_path(billing_account: str, ) -> str: + """Returns a fully-qualified billing_account string.""" + return "billingAccounts/{billing_account}".format(billing_account=billing_account, ) + + @staticmethod + def parse_common_billing_account_path(path: str) -> Dict[str,str]: + """Parse a billing_account path into its component segments.""" + m = re.match(r"^billingAccounts/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_folder_path(folder: str, ) -> str: + """Returns a fully-qualified folder string.""" + return "folders/{folder}".format(folder=folder, ) + + @staticmethod + def parse_common_folder_path(path: str) -> Dict[str,str]: + """Parse a folder path into its component segments.""" + m = re.match(r"^folders/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_organization_path(organization: str, ) -> str: + """Returns a fully-qualified organization string.""" + return "organizations/{organization}".format(organization=organization, ) + + @staticmethod + def parse_common_organization_path(path: str) -> Dict[str,str]: + """Parse a organization path into its component segments.""" + m = re.match(r"^organizations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_project_path(project: str, ) -> str: + """Returns a fully-qualified project string.""" + return "projects/{project}".format(project=project, ) + + @staticmethod + def parse_common_project_path(path: str) -> Dict[str,str]: + """Parse a project path into its component segments.""" + m = re.match(r"^projects/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_location_path(project: str, location: str, ) -> str: + """Returns a fully-qualified location string.""" + return "projects/{project}/locations/{location}".format(project=project, location=location, ) + + @staticmethod + def parse_common_location_path(path: str) -> Dict[str,str]: + """Parse a location path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) + return m.groupdict() if m else {} + + def __init__(self, *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Union[str, IdentityAwareProxyOAuthServiceTransport, None] = None, + client_options: Optional[client_options_lib.ClientOptions] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the identity aware proxy o auth service client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, IdentityAwareProxyOAuthServiceTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. It won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + if isinstance(client_options, dict): + client_options = client_options_lib.from_dict(client_options) + if client_options is None: + client_options = client_options_lib.ClientOptions() + + # Create SSL credentials for mutual TLS if needed. + use_client_cert = bool(util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))) + + client_cert_source_func = None + is_mtls = False + if use_client_cert: + if client_options.client_cert_source: + is_mtls = True + client_cert_source_func = client_options.client_cert_source + else: + is_mtls = mtls.has_default_client_cert_source() + if is_mtls: + client_cert_source_func = mtls.default_client_cert_source() + else: + client_cert_source_func = None + + # Figure out which api endpoint to use. + if client_options.api_endpoint is not None: + api_endpoint = client_options.api_endpoint + else: + use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") + if use_mtls_env == "never": + api_endpoint = self.DEFAULT_ENDPOINT + elif use_mtls_env == "always": + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + elif use_mtls_env == "auto": + if is_mtls: + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = self.DEFAULT_ENDPOINT + else: + raise MutualTLSChannelError( + "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " + "values: never, auto, always" + ) + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + if isinstance(transport, IdentityAwareProxyOAuthServiceTransport): + # transport is a IdentityAwareProxyOAuthServiceTransport instance. + if credentials or client_options.credentials_file: + raise ValueError("When providing a transport instance, " + "provide its credentials directly.") + if client_options.scopes: + raise ValueError( + "When providing a transport instance, provide its scopes " + "directly." + ) + self._transport = transport + else: + Transport = type(self).get_transport_class(transport) + self._transport = Transport( + credentials=credentials, + credentials_file=client_options.credentials_file, + host=api_endpoint, + scopes=client_options.scopes, + client_cert_source_for_mtls=client_cert_source_func, + quota_project_id=client_options.quota_project_id, + client_info=client_info, + always_use_jwt_access=True, + ) + + def list_brands(self, + request: Union[service.ListBrandsRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.ListBrandsResponse: + r"""Lists the existing brands for the project. + + Args: + request (Union[google.cloud.iap_v1.types.ListBrandsRequest, dict]): + The request object. The request sent to ListBrands. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.ListBrandsResponse: + Response message for ListBrands. + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.ListBrandsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ListBrandsRequest): + request = service.ListBrandsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_brands] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def create_brand(self, + request: Union[service.CreateBrandRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.Brand: + r"""Constructs a new OAuth brand for the project if one + does not exist. The created brand is "internal only", + meaning that OAuth clients created under it only accept + requests from users who belong to the same G Suite + organization as the project. The brand is created in an + un-reviewed status. NOTE: The "internal only" status can + be manually changed in the Google Cloud console. + Requires that a brand does not already exist for the + project, and that the specified support email is owned + by the caller. + + Args: + request (Union[google.cloud.iap_v1.types.CreateBrandRequest, dict]): + The request object. The request sent to CreateBrand. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.Brand: + OAuth brand data. + NOTE: Only contains a portion of the + data that describes a brand. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.CreateBrandRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.CreateBrandRequest): + request = service.CreateBrandRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_brand] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_brand(self, + request: Union[service.GetBrandRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.Brand: + r"""Retrieves the OAuth brand of the project. + + Args: + request (Union[google.cloud.iap_v1.types.GetBrandRequest, dict]): + The request object. The request sent to GetBrand. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.Brand: + OAuth brand data. + NOTE: Only contains a portion of the + data that describes a brand. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.GetBrandRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetBrandRequest): + request = service.GetBrandRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_brand] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def create_identity_aware_proxy_client(self, + request: Union[service.CreateIdentityAwareProxyClientRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IdentityAwareProxyClient: + r"""Creates an Identity Aware Proxy (IAP) OAuth client. + The client is owned by IAP. Requires that the brand for + the project exists and that it is set for internal-only + use. + + Args: + request (Union[google.cloud.iap_v1.types.CreateIdentityAwareProxyClientRequest, dict]): + The request object. The request sent to + CreateIdentityAwareProxyClient. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IdentityAwareProxyClient: + Contains the data that describes an + Identity Aware Proxy owned client. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.CreateIdentityAwareProxyClientRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.CreateIdentityAwareProxyClientRequest): + request = service.CreateIdentityAwareProxyClientRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_identity_aware_proxy_client] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def list_identity_aware_proxy_clients(self, + request: Union[service.ListIdentityAwareProxyClientsRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListIdentityAwareProxyClientsPager: + r"""Lists the existing clients for the brand. + + Args: + request (Union[google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest, dict]): + The request object. The request sent to + ListIdentityAwareProxyClients. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.pagers.ListIdentityAwareProxyClientsPager: + Response message for + ListIdentityAwareProxyClients. + Iterating over this object will yield + results and resolve additional pages + automatically. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.ListIdentityAwareProxyClientsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ListIdentityAwareProxyClientsRequest): + request = service.ListIdentityAwareProxyClientsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_identity_aware_proxy_clients] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListIdentityAwareProxyClientsPager( + method=rpc, + request=request, + response=response, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_identity_aware_proxy_client(self, + request: Union[service.GetIdentityAwareProxyClientRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IdentityAwareProxyClient: + r"""Retrieves an Identity Aware Proxy (IAP) OAuth client. + Requires that the client is owned by IAP. + + Args: + request (Union[google.cloud.iap_v1.types.GetIdentityAwareProxyClientRequest, dict]): + The request object. The request sent to + GetIdentityAwareProxyClient. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IdentityAwareProxyClient: + Contains the data that describes an + Identity Aware Proxy owned client. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.GetIdentityAwareProxyClientRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetIdentityAwareProxyClientRequest): + request = service.GetIdentityAwareProxyClientRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_identity_aware_proxy_client] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def reset_identity_aware_proxy_client_secret(self, + request: Union[service.ResetIdentityAwareProxyClientSecretRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.IdentityAwareProxyClient: + r"""Resets an Identity Aware Proxy (IAP) OAuth client + secret. Useful if the secret was compromised. Requires + that the client is owned by IAP. + + Args: + request (Union[google.cloud.iap_v1.types.ResetIdentityAwareProxyClientSecretRequest, dict]): + The request object. The request sent to + ResetIdentityAwareProxyClientSecret. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.iap_v1.types.IdentityAwareProxyClient: + Contains the data that describes an + Identity Aware Proxy owned client. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.ResetIdentityAwareProxyClientSecretRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ResetIdentityAwareProxyClientSecretRequest): + request = service.ResetIdentityAwareProxyClientSecretRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.reset_identity_aware_proxy_client_secret] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def delete_identity_aware_proxy_client(self, + request: Union[service.DeleteIdentityAwareProxyClientRequest, dict] = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Deletes an Identity Aware Proxy (IAP) OAuth client. + Useful for removing obsolete clients, managing the + number of clients in a given project, and cleaning up + after tests. Requires that the client is owned by IAP. + + Args: + request (Union[google.cloud.iap_v1.types.DeleteIdentityAwareProxyClientRequest, dict]): + The request object. The request sent to + DeleteIdentityAwareProxyClient. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.DeleteIdentityAwareProxyClientRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.DeleteIdentityAwareProxyClientRequest): + request = service.DeleteIdentityAwareProxyClientRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.delete_identity_aware_proxy_client] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Send the request. + rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + def __enter__(self): + return self + + def __exit__(self, type, value, traceback): + """Releases underlying transport's resources. + + .. warning:: + ONLY use as a context manager if the transport is NOT shared + with other clients! Exiting the with block will CLOSE the transport + and may cause errors in other clients! + """ + self.transport.close() + + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-iap", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ( + "IdentityAwareProxyOAuthServiceClient", +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py new file mode 100644 index 0000000..c4f6802 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py @@ -0,0 +1,140 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from typing import Any, AsyncIterator, Awaitable, Callable, Sequence, Tuple, Optional, Iterator + +from google.cloud.iap_v1.types import service + + +class ListIdentityAwareProxyClientsPager: + """A pager for iterating through ``list_identity_aware_proxy_clients`` requests. + + This class thinly wraps an initial + :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``identity_aware_proxy_clients`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListIdentityAwareProxyClients`` requests and continue to iterate + through the ``identity_aware_proxy_clients`` field on the + corresponding responses. + + All the usual :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., service.ListIdentityAwareProxyClientsResponse], + request: service.ListIdentityAwareProxyClientsRequest, + response: service.ListIdentityAwareProxyClientsResponse, + *, + metadata: Sequence[Tuple[str, str]] = ()): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest): + The initial request object. + response (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListIdentityAwareProxyClientsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterator[service.ListIdentityAwareProxyClientsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterator[service.IdentityAwareProxyClient]: + for page in self.pages: + yield from page.identity_aware_proxy_clients + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class ListIdentityAwareProxyClientsAsyncPager: + """A pager for iterating through ``list_identity_aware_proxy_clients`` requests. + + This class thinly wraps an initial + :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``identity_aware_proxy_clients`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListIdentityAwareProxyClients`` requests and continue to iterate + through the ``identity_aware_proxy_clients`` field on the + corresponding responses. + + All the usual :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., Awaitable[service.ListIdentityAwareProxyClientsResponse]], + request: service.ListIdentityAwareProxyClientsRequest, + response: service.ListIdentityAwareProxyClientsResponse, + *, + metadata: Sequence[Tuple[str, str]] = ()): + """Instantiates the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest): + The initial request object. + response (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListIdentityAwareProxyClientsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterator[service.ListIdentityAwareProxyClientsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, metadata=self._metadata) + yield self._response + + def __aiter__(self) -> AsyncIterator[service.IdentityAwareProxyClient]: + async def async_generator(): + async for page in self.pages: + for response in page.identity_aware_proxy_clients: + yield response + + return async_generator() + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py new file mode 100644 index 0000000..8d5ea7a --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from typing import Dict, Type + +from .base import IdentityAwareProxyOAuthServiceTransport +from .grpc import IdentityAwareProxyOAuthServiceGrpcTransport +from .grpc_asyncio import IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport + + +# Compile a registry of transports. +_transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyOAuthServiceTransport]] +_transport_registry['grpc'] = IdentityAwareProxyOAuthServiceGrpcTransport +_transport_registry['grpc_asyncio'] = IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport + +__all__ = ( + 'IdentityAwareProxyOAuthServiceTransport', + 'IdentityAwareProxyOAuthServiceGrpcTransport', + 'IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py new file mode 100644 index 0000000..eebe62c --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py @@ -0,0 +1,276 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import abc +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union +import packaging.version +import pkg_resources + +import google.auth # type: ignore +import google.api_core # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.iap_v1.types import service +from google.protobuf import empty_pb2 # type: ignore + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + 'google-cloud-iap', + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + +try: + # google.auth.__version__ was added in 1.26.0 + _GOOGLE_AUTH_VERSION = google.auth.__version__ +except AttributeError: + try: # try pkg_resources if it is available + _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version + except pkg_resources.DistributionNotFound: # pragma: NO COVER + _GOOGLE_AUTH_VERSION = None + + +class IdentityAwareProxyOAuthServiceTransport(abc.ABC): + """Abstract transport class for IdentityAwareProxyOAuthService.""" + + AUTH_SCOPES = ( + 'https://www.googleapis.com/auth/cloud-platform', + ) + + DEFAULT_HOST: str = 'iap.googleapis.com' + def __init__( + self, *, + host: str = DEFAULT_HOST, + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + """ + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ':' not in host: + host += ':443' + self._host = host + + scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) + + # Save the scopes. + self._scopes = scopes + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise core_exceptions.DuplicateCredentialArgs("'credentials_file' and 'credentials' are mutually exclusive") + + if credentials_file is not None: + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, + **scopes_kwargs, + quota_project_id=quota_project_id + ) + + elif credentials is None: + credentials, _ = google.auth.default(**scopes_kwargs, quota_project_id=quota_project_id) + + # If the credentials are service account credentials, then always try to use self signed JWT. + if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): + credentials = credentials.with_always_use_jwt_access(True) + + # Save the credentials. + self._credentials = credentials + + # TODO(busunkim): This method is in the base transport + # to avoid duplicating code across the transport classes. These functions + # should be deleted once the minimum required versions of google-auth is increased. + + # TODO: Remove this function once google-auth >= 1.25.0 is required + @classmethod + def _get_scopes_kwargs(cls, host: str, scopes: Optional[Sequence[str]]) -> Dict[str, Optional[Sequence[str]]]: + """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" + + scopes_kwargs = {} + + if _GOOGLE_AUTH_VERSION and ( + packaging.version.parse(_GOOGLE_AUTH_VERSION) + >= packaging.version.parse("1.25.0") + ): + scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} + else: + scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} + + return scopes_kwargs + + def _prep_wrapped_messages(self, client_info): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.list_brands: gapic_v1.method.wrap_method( + self.list_brands, + default_timeout=None, + client_info=client_info, + ), + self.create_brand: gapic_v1.method.wrap_method( + self.create_brand, + default_timeout=None, + client_info=client_info, + ), + self.get_brand: gapic_v1.method.wrap_method( + self.get_brand, + default_timeout=None, + client_info=client_info, + ), + self.create_identity_aware_proxy_client: gapic_v1.method.wrap_method( + self.create_identity_aware_proxy_client, + default_timeout=None, + client_info=client_info, + ), + self.list_identity_aware_proxy_clients: gapic_v1.method.wrap_method( + self.list_identity_aware_proxy_clients, + default_timeout=None, + client_info=client_info, + ), + self.get_identity_aware_proxy_client: gapic_v1.method.wrap_method( + self.get_identity_aware_proxy_client, + default_timeout=None, + client_info=client_info, + ), + self.reset_identity_aware_proxy_client_secret: gapic_v1.method.wrap_method( + self.reset_identity_aware_proxy_client_secret, + default_timeout=None, + client_info=client_info, + ), + self.delete_identity_aware_proxy_client: gapic_v1.method.wrap_method( + self.delete_identity_aware_proxy_client, + default_timeout=None, + client_info=client_info, + ), + } + + def close(self): + """Closes resources associated with the transport. + + .. warning:: + Only call this method if the transport is NOT shared + with other clients - this may cause errors in other clients! + """ + raise NotImplementedError() + + @property + def list_brands(self) -> Callable[ + [service.ListBrandsRequest], + Union[ + service.ListBrandsResponse, + Awaitable[service.ListBrandsResponse] + ]]: + raise NotImplementedError() + + @property + def create_brand(self) -> Callable[ + [service.CreateBrandRequest], + Union[ + service.Brand, + Awaitable[service.Brand] + ]]: + raise NotImplementedError() + + @property + def get_brand(self) -> Callable[ + [service.GetBrandRequest], + Union[ + service.Brand, + Awaitable[service.Brand] + ]]: + raise NotImplementedError() + + @property + def create_identity_aware_proxy_client(self) -> Callable[ + [service.CreateIdentityAwareProxyClientRequest], + Union[ + service.IdentityAwareProxyClient, + Awaitable[service.IdentityAwareProxyClient] + ]]: + raise NotImplementedError() + + @property + def list_identity_aware_proxy_clients(self) -> Callable[ + [service.ListIdentityAwareProxyClientsRequest], + Union[ + service.ListIdentityAwareProxyClientsResponse, + Awaitable[service.ListIdentityAwareProxyClientsResponse] + ]]: + raise NotImplementedError() + + @property + def get_identity_aware_proxy_client(self) -> Callable[ + [service.GetIdentityAwareProxyClientRequest], + Union[ + service.IdentityAwareProxyClient, + Awaitable[service.IdentityAwareProxyClient] + ]]: + raise NotImplementedError() + + @property + def reset_identity_aware_proxy_client_secret(self) -> Callable[ + [service.ResetIdentityAwareProxyClientSecretRequest], + Union[ + service.IdentityAwareProxyClient, + Awaitable[service.IdentityAwareProxyClient] + ]]: + raise NotImplementedError() + + @property + def delete_identity_aware_proxy_client(self) -> Callable[ + [service.DeleteIdentityAwareProxyClientRequest], + Union[ + empty_pb2.Empty, + Awaitable[empty_pb2.Empty] + ]]: + raise NotImplementedError() + + +__all__ = ( + 'IdentityAwareProxyOAuthServiceTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py new file mode 100644 index 0000000..da06527 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py @@ -0,0 +1,462 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import grpc_helpers # type: ignore +from google.api_core import gapic_v1 # type: ignore +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore + +import grpc # type: ignore + +from google.cloud.iap_v1.types import service +from google.protobuf import empty_pb2 # type: ignore +from .base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO + + +class IdentityAwareProxyOAuthServiceGrpcTransport(IdentityAwareProxyOAuthServiceTransport): + """gRPC backend transport for IdentityAwareProxyOAuthService. + + API to programmatically create, list and retrieve Identity + Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and + reset-secret of IAP OAuth clients. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + _stubs: Dict[str, Callable] + + def __init__(self, *, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Sequence[str] = None, + channel: grpc.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + channel (Optional[grpc.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @classmethod + def create_channel(cls, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Return the channel designed to connect to this service. + """ + return self._grpc_channel + + @property + def list_brands(self) -> Callable[ + [service.ListBrandsRequest], + service.ListBrandsResponse]: + r"""Return a callable for the list brands method over gRPC. + + Lists the existing brands for the project. + + Returns: + Callable[[~.ListBrandsRequest], + ~.ListBrandsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_brands' not in self._stubs: + self._stubs['list_brands'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListBrands', + request_serializer=service.ListBrandsRequest.serialize, + response_deserializer=service.ListBrandsResponse.deserialize, + ) + return self._stubs['list_brands'] + + @property + def create_brand(self) -> Callable[ + [service.CreateBrandRequest], + service.Brand]: + r"""Return a callable for the create brand method over gRPC. + + Constructs a new OAuth brand for the project if one + does not exist. The created brand is "internal only", + meaning that OAuth clients created under it only accept + requests from users who belong to the same G Suite + organization as the project. The brand is created in an + un-reviewed status. NOTE: The "internal only" status can + be manually changed in the Google Cloud console. + Requires that a brand does not already exist for the + project, and that the specified support email is owned + by the caller. + + Returns: + Callable[[~.CreateBrandRequest], + ~.Brand]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_brand' not in self._stubs: + self._stubs['create_brand'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateBrand', + request_serializer=service.CreateBrandRequest.serialize, + response_deserializer=service.Brand.deserialize, + ) + return self._stubs['create_brand'] + + @property + def get_brand(self) -> Callable[ + [service.GetBrandRequest], + service.Brand]: + r"""Return a callable for the get brand method over gRPC. + + Retrieves the OAuth brand of the project. + + Returns: + Callable[[~.GetBrandRequest], + ~.Brand]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_brand' not in self._stubs: + self._stubs['get_brand'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetBrand', + request_serializer=service.GetBrandRequest.serialize, + response_deserializer=service.Brand.deserialize, + ) + return self._stubs['get_brand'] + + @property + def create_identity_aware_proxy_client(self) -> Callable[ + [service.CreateIdentityAwareProxyClientRequest], + service.IdentityAwareProxyClient]: + r"""Return a callable for the create identity aware proxy + client method over gRPC. + + Creates an Identity Aware Proxy (IAP) OAuth client. + The client is owned by IAP. Requires that the brand for + the project exists and that it is set for internal-only + use. + + Returns: + Callable[[~.CreateIdentityAwareProxyClientRequest], + ~.IdentityAwareProxyClient]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_identity_aware_proxy_client' not in self._stubs: + self._stubs['create_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateIdentityAwareProxyClient', + request_serializer=service.CreateIdentityAwareProxyClientRequest.serialize, + response_deserializer=service.IdentityAwareProxyClient.deserialize, + ) + return self._stubs['create_identity_aware_proxy_client'] + + @property + def list_identity_aware_proxy_clients(self) -> Callable[ + [service.ListIdentityAwareProxyClientsRequest], + service.ListIdentityAwareProxyClientsResponse]: + r"""Return a callable for the list identity aware proxy + clients method over gRPC. + + Lists the existing clients for the brand. + + Returns: + Callable[[~.ListIdentityAwareProxyClientsRequest], + ~.ListIdentityAwareProxyClientsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_identity_aware_proxy_clients' not in self._stubs: + self._stubs['list_identity_aware_proxy_clients'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListIdentityAwareProxyClients', + request_serializer=service.ListIdentityAwareProxyClientsRequest.serialize, + response_deserializer=service.ListIdentityAwareProxyClientsResponse.deserialize, + ) + return self._stubs['list_identity_aware_proxy_clients'] + + @property + def get_identity_aware_proxy_client(self) -> Callable[ + [service.GetIdentityAwareProxyClientRequest], + service.IdentityAwareProxyClient]: + r"""Return a callable for the get identity aware proxy + client method over gRPC. + + Retrieves an Identity Aware Proxy (IAP) OAuth client. + Requires that the client is owned by IAP. + + Returns: + Callable[[~.GetIdentityAwareProxyClientRequest], + ~.IdentityAwareProxyClient]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_identity_aware_proxy_client' not in self._stubs: + self._stubs['get_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetIdentityAwareProxyClient', + request_serializer=service.GetIdentityAwareProxyClientRequest.serialize, + response_deserializer=service.IdentityAwareProxyClient.deserialize, + ) + return self._stubs['get_identity_aware_proxy_client'] + + @property + def reset_identity_aware_proxy_client_secret(self) -> Callable[ + [service.ResetIdentityAwareProxyClientSecretRequest], + service.IdentityAwareProxyClient]: + r"""Return a callable for the reset identity aware proxy + client secret method over gRPC. + + Resets an Identity Aware Proxy (IAP) OAuth client + secret. Useful if the secret was compromised. Requires + that the client is owned by IAP. + + Returns: + Callable[[~.ResetIdentityAwareProxyClientSecretRequest], + ~.IdentityAwareProxyClient]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'reset_identity_aware_proxy_client_secret' not in self._stubs: + self._stubs['reset_identity_aware_proxy_client_secret'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ResetIdentityAwareProxyClientSecret', + request_serializer=service.ResetIdentityAwareProxyClientSecretRequest.serialize, + response_deserializer=service.IdentityAwareProxyClient.deserialize, + ) + return self._stubs['reset_identity_aware_proxy_client_secret'] + + @property + def delete_identity_aware_proxy_client(self) -> Callable[ + [service.DeleteIdentityAwareProxyClientRequest], + empty_pb2.Empty]: + r"""Return a callable for the delete identity aware proxy + client method over gRPC. + + Deletes an Identity Aware Proxy (IAP) OAuth client. + Useful for removing obsolete clients, managing the + number of clients in a given project, and cleaning up + after tests. Requires that the client is owned by IAP. + + Returns: + Callable[[~.DeleteIdentityAwareProxyClientRequest], + ~.Empty]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'delete_identity_aware_proxy_client' not in self._stubs: + self._stubs['delete_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/DeleteIdentityAwareProxyClient', + request_serializer=service.DeleteIdentityAwareProxyClientRequest.serialize, + response_deserializer=empty_pb2.Empty.FromString, + ) + return self._stubs['delete_identity_aware_proxy_client'] + + def close(self): + self.grpc_channel.close() + +__all__ = ( + 'IdentityAwareProxyOAuthServiceGrpcTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py new file mode 100644 index 0000000..020f232 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py @@ -0,0 +1,467 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import gapic_v1 # type: ignore +from google.api_core import grpc_helpers_async # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +import packaging.version + +import grpc # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.iap_v1.types import service +from google.protobuf import empty_pb2 # type: ignore +from .base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO +from .grpc import IdentityAwareProxyOAuthServiceGrpcTransport + + +class IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport(IdentityAwareProxyOAuthServiceTransport): + """gRPC AsyncIO backend transport for IdentityAwareProxyOAuthService. + + API to programmatically create, list and retrieve Identity + Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and + reset-secret of IAP OAuth clients. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel(cls, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs + ) + + def __init__(self, *, + host: str = 'iap.googleapis.com', + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: aio.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id=None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[aio.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Return the channel from cache. + return self._grpc_channel + + @property + def list_brands(self) -> Callable[ + [service.ListBrandsRequest], + Awaitable[service.ListBrandsResponse]]: + r"""Return a callable for the list brands method over gRPC. + + Lists the existing brands for the project. + + Returns: + Callable[[~.ListBrandsRequest], + Awaitable[~.ListBrandsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_brands' not in self._stubs: + self._stubs['list_brands'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListBrands', + request_serializer=service.ListBrandsRequest.serialize, + response_deserializer=service.ListBrandsResponse.deserialize, + ) + return self._stubs['list_brands'] + + @property + def create_brand(self) -> Callable[ + [service.CreateBrandRequest], + Awaitable[service.Brand]]: + r"""Return a callable for the create brand method over gRPC. + + Constructs a new OAuth brand for the project if one + does not exist. The created brand is "internal only", + meaning that OAuth clients created under it only accept + requests from users who belong to the same G Suite + organization as the project. The brand is created in an + un-reviewed status. NOTE: The "internal only" status can + be manually changed in the Google Cloud console. + Requires that a brand does not already exist for the + project, and that the specified support email is owned + by the caller. + + Returns: + Callable[[~.CreateBrandRequest], + Awaitable[~.Brand]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_brand' not in self._stubs: + self._stubs['create_brand'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateBrand', + request_serializer=service.CreateBrandRequest.serialize, + response_deserializer=service.Brand.deserialize, + ) + return self._stubs['create_brand'] + + @property + def get_brand(self) -> Callable[ + [service.GetBrandRequest], + Awaitable[service.Brand]]: + r"""Return a callable for the get brand method over gRPC. + + Retrieves the OAuth brand of the project. + + Returns: + Callable[[~.GetBrandRequest], + Awaitable[~.Brand]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_brand' not in self._stubs: + self._stubs['get_brand'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetBrand', + request_serializer=service.GetBrandRequest.serialize, + response_deserializer=service.Brand.deserialize, + ) + return self._stubs['get_brand'] + + @property + def create_identity_aware_proxy_client(self) -> Callable[ + [service.CreateIdentityAwareProxyClientRequest], + Awaitable[service.IdentityAwareProxyClient]]: + r"""Return a callable for the create identity aware proxy + client method over gRPC. + + Creates an Identity Aware Proxy (IAP) OAuth client. + The client is owned by IAP. Requires that the brand for + the project exists and that it is set for internal-only + use. + + Returns: + Callable[[~.CreateIdentityAwareProxyClientRequest], + Awaitable[~.IdentityAwareProxyClient]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_identity_aware_proxy_client' not in self._stubs: + self._stubs['create_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateIdentityAwareProxyClient', + request_serializer=service.CreateIdentityAwareProxyClientRequest.serialize, + response_deserializer=service.IdentityAwareProxyClient.deserialize, + ) + return self._stubs['create_identity_aware_proxy_client'] + + @property + def list_identity_aware_proxy_clients(self) -> Callable[ + [service.ListIdentityAwareProxyClientsRequest], + Awaitable[service.ListIdentityAwareProxyClientsResponse]]: + r"""Return a callable for the list identity aware proxy + clients method over gRPC. + + Lists the existing clients for the brand. + + Returns: + Callable[[~.ListIdentityAwareProxyClientsRequest], + Awaitable[~.ListIdentityAwareProxyClientsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_identity_aware_proxy_clients' not in self._stubs: + self._stubs['list_identity_aware_proxy_clients'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListIdentityAwareProxyClients', + request_serializer=service.ListIdentityAwareProxyClientsRequest.serialize, + response_deserializer=service.ListIdentityAwareProxyClientsResponse.deserialize, + ) + return self._stubs['list_identity_aware_proxy_clients'] + + @property + def get_identity_aware_proxy_client(self) -> Callable[ + [service.GetIdentityAwareProxyClientRequest], + Awaitable[service.IdentityAwareProxyClient]]: + r"""Return a callable for the get identity aware proxy + client method over gRPC. + + Retrieves an Identity Aware Proxy (IAP) OAuth client. + Requires that the client is owned by IAP. + + Returns: + Callable[[~.GetIdentityAwareProxyClientRequest], + Awaitable[~.IdentityAwareProxyClient]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_identity_aware_proxy_client' not in self._stubs: + self._stubs['get_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetIdentityAwareProxyClient', + request_serializer=service.GetIdentityAwareProxyClientRequest.serialize, + response_deserializer=service.IdentityAwareProxyClient.deserialize, + ) + return self._stubs['get_identity_aware_proxy_client'] + + @property + def reset_identity_aware_proxy_client_secret(self) -> Callable[ + [service.ResetIdentityAwareProxyClientSecretRequest], + Awaitable[service.IdentityAwareProxyClient]]: + r"""Return a callable for the reset identity aware proxy + client secret method over gRPC. + + Resets an Identity Aware Proxy (IAP) OAuth client + secret. Useful if the secret was compromised. Requires + that the client is owned by IAP. + + Returns: + Callable[[~.ResetIdentityAwareProxyClientSecretRequest], + Awaitable[~.IdentityAwareProxyClient]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'reset_identity_aware_proxy_client_secret' not in self._stubs: + self._stubs['reset_identity_aware_proxy_client_secret'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ResetIdentityAwareProxyClientSecret', + request_serializer=service.ResetIdentityAwareProxyClientSecretRequest.serialize, + response_deserializer=service.IdentityAwareProxyClient.deserialize, + ) + return self._stubs['reset_identity_aware_proxy_client_secret'] + + @property + def delete_identity_aware_proxy_client(self) -> Callable[ + [service.DeleteIdentityAwareProxyClientRequest], + Awaitable[empty_pb2.Empty]]: + r"""Return a callable for the delete identity aware proxy + client method over gRPC. + + Deletes an Identity Aware Proxy (IAP) OAuth client. + Useful for removing obsolete clients, managing the + number of clients in a given project, and cleaning up + after tests. Requires that the client is owned by IAP. + + Returns: + Callable[[~.DeleteIdentityAwareProxyClientRequest], + Awaitable[~.Empty]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'delete_identity_aware_proxy_client' not in self._stubs: + self._stubs['delete_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( + '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/DeleteIdentityAwareProxyClient', + request_serializer=service.DeleteIdentityAwareProxyClientRequest.serialize, + response_deserializer=empty_pb2.Empty.FromString, + ) + return self._stubs['delete_identity_aware_proxy_client'] + + def close(self): + return self.grpc_channel.close() + + +__all__ = ( + 'IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py new file mode 100644 index 0000000..76995d8 --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py @@ -0,0 +1,64 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .service import ( + AccessDeniedPageSettings, + AccessSettings, + ApplicationSettings, + Brand, + CorsSettings, + CreateBrandRequest, + CreateIdentityAwareProxyClientRequest, + CsmSettings, + DeleteIdentityAwareProxyClientRequest, + GcipSettings, + GetBrandRequest, + GetIapSettingsRequest, + GetIdentityAwareProxyClientRequest, + IapSettings, + IdentityAwareProxyClient, + ListBrandsRequest, + ListBrandsResponse, + ListIdentityAwareProxyClientsRequest, + ListIdentityAwareProxyClientsResponse, + OAuthSettings, + ResetIdentityAwareProxyClientSecretRequest, + UpdateIapSettingsRequest, +) + +__all__ = ( + 'AccessDeniedPageSettings', + 'AccessSettings', + 'ApplicationSettings', + 'Brand', + 'CorsSettings', + 'CreateBrandRequest', + 'CreateIdentityAwareProxyClientRequest', + 'CsmSettings', + 'DeleteIdentityAwareProxyClientRequest', + 'GcipSettings', + 'GetBrandRequest', + 'GetIapSettingsRequest', + 'GetIdentityAwareProxyClientRequest', + 'IapSettings', + 'IdentityAwareProxyClient', + 'ListBrandsRequest', + 'ListBrandsResponse', + 'ListIdentityAwareProxyClientsRequest', + 'ListIdentityAwareProxyClientsResponse', + 'OAuthSettings', + 'ResetIdentityAwareProxyClientSecretRequest', + 'UpdateIapSettingsRequest', +) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/types/service.py b/owl-bot-staging/v1/google/cloud/iap_v1/types/service.py new file mode 100644 index 0000000..dc5e90d --- /dev/null +++ b/owl-bot-staging/v1/google/cloud/iap_v1/types/service.py @@ -0,0 +1,583 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import wrappers_pb2 # type: ignore + + +__protobuf__ = proto.module( + package='google.cloud.iap.v1', + manifest={ + 'GetIapSettingsRequest', + 'UpdateIapSettingsRequest', + 'IapSettings', + 'AccessSettings', + 'GcipSettings', + 'CorsSettings', + 'OAuthSettings', + 'ApplicationSettings', + 'CsmSettings', + 'AccessDeniedPageSettings', + 'ListBrandsRequest', + 'ListBrandsResponse', + 'CreateBrandRequest', + 'GetBrandRequest', + 'ListIdentityAwareProxyClientsRequest', + 'ListIdentityAwareProxyClientsResponse', + 'CreateIdentityAwareProxyClientRequest', + 'GetIdentityAwareProxyClientRequest', + 'ResetIdentityAwareProxyClientSecretRequest', + 'DeleteIdentityAwareProxyClientRequest', + 'Brand', + 'IdentityAwareProxyClient', + }, +) + + +class GetIapSettingsRequest(proto.Message): + r"""The request sent to GetIapSettings. + + Attributes: + name (str): + Required. The resource name for which to retrieve the + settings. Authorization: Requires the ``getSettings`` + permission for the associated resource. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + +class UpdateIapSettingsRequest(proto.Message): + r"""The request sent to UpdateIapSettings. + + Attributes: + iap_settings (google.cloud.iap_v1.types.IapSettings): + Required. The new values for the IAP settings to be updated. + Authorization: Requires the ``updateSettings`` permission + for the associated resource. + update_mask (google.protobuf.field_mask_pb2.FieldMask): + The field mask specifying which IAP settings + should be updated. If omitted, the all of the + settings are updated. See + https://developers.google.com/protocol- + buffers/docs/reference/google.protobuf#fieldmask + """ + + iap_settings = proto.Field( + proto.MESSAGE, + number=1, + message='IapSettings', + ) + update_mask = proto.Field( + proto.MESSAGE, + number=2, + message=field_mask_pb2.FieldMask, + ) + + +class IapSettings(proto.Message): + r"""The IAP configurable settings. + + Attributes: + name (str): + Required. The resource name of the IAP + protected resource. + access_settings (google.cloud.iap_v1.types.AccessSettings): + Top level wrapper for all access related + setting in IAP + application_settings (google.cloud.iap_v1.types.ApplicationSettings): + Top level wrapper for all application related + settings in IAP + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + access_settings = proto.Field( + proto.MESSAGE, + number=5, + message='AccessSettings', + ) + application_settings = proto.Field( + proto.MESSAGE, + number=6, + message='ApplicationSettings', + ) + + +class AccessSettings(proto.Message): + r"""Access related settings for IAP protected apps. + + Attributes: + gcip_settings (google.cloud.iap_v1.types.GcipSettings): + GCIP claims and endpoint configurations for + 3p identity providers. + cors_settings (google.cloud.iap_v1.types.CorsSettings): + Configuration to allow cross-origin requests + via IAP. + oauth_settings (google.cloud.iap_v1.types.OAuthSettings): + Settings to configure IAP's OAuth behavior. + """ + + gcip_settings = proto.Field( + proto.MESSAGE, + number=1, + message='GcipSettings', + ) + cors_settings = proto.Field( + proto.MESSAGE, + number=2, + message='CorsSettings', + ) + oauth_settings = proto.Field( + proto.MESSAGE, + number=3, + message='OAuthSettings', + ) + + +class GcipSettings(proto.Message): + r"""Allows customers to configure tenant_id for GCIP instance per-app. + + Attributes: + tenant_ids (Sequence[str]): + GCIP tenant ids that are linked to the IAP resource. + tenant_ids could be a string beginning with a number + character to indicate authenticating with GCIP tenant flow, + or in the format of \_ to indicate authenticating with GCIP + agent flow. If agent flow is used, tenant_ids should only + contain one single element, while for tenant flow, + tenant_ids can contain multiple elements. + login_page_uri (google.protobuf.wrappers_pb2.StringValue): + Login page URI associated with the GCIP + tenants. Typically, all resources within the + same project share the same login page, though + it could be overridden at the sub resource + level. + """ + + tenant_ids = proto.RepeatedField( + proto.STRING, + number=1, + ) + login_page_uri = proto.Field( + proto.MESSAGE, + number=2, + message=wrappers_pb2.StringValue, + ) + + +class CorsSettings(proto.Message): + r"""Allows customers to configure HTTP request paths that'll + allow HTTP OPTIONS call to bypass authentication and + authorization. + + Attributes: + allow_http_options (google.protobuf.wrappers_pb2.BoolValue): + Configuration to allow HTTP OPTIONS calls to + skip authorization. If undefined, IAP will not + apply any special logic to OPTIONS requests. + """ + + allow_http_options = proto.Field( + proto.MESSAGE, + number=1, + message=wrappers_pb2.BoolValue, + ) + + +class OAuthSettings(proto.Message): + r"""Configuration for OAuth login&consent flow behavior as well + as for OAuth Credentials. + + Attributes: + login_hint (google.protobuf.wrappers_pb2.StringValue): + Domain hint to send as hd=? parameter in + OAuth request flow. Enables redirect to primary + IDP by skipping Google's login screen. + https://developers.google.com/identity/protocols/OpenIDConnect#hd- + param Note: IAP does not verify that the id + token's hd claim matches this value since access + behavior is managed by IAM policies. + """ + + login_hint = proto.Field( + proto.MESSAGE, + number=2, + message=wrappers_pb2.StringValue, + ) + + +class ApplicationSettings(proto.Message): + r"""Wrapper over application specific settings for IAP. + + Attributes: + csm_settings (google.cloud.iap_v1.types.CsmSettings): + Settings to configure IAP's behavior for a + CSM mesh. + access_denied_page_settings (google.cloud.iap_v1.types.AccessDeniedPageSettings): + Customization for Access Denied page. + cookie_domain (google.protobuf.wrappers_pb2.StringValue): + The Domain value to set for cookies generated + by IAP. This value is not validated by the API, + but will be ignored at runtime if invalid. + """ + + csm_settings = proto.Field( + proto.MESSAGE, + number=1, + message='CsmSettings', + ) + access_denied_page_settings = proto.Field( + proto.MESSAGE, + number=2, + message='AccessDeniedPageSettings', + ) + cookie_domain = proto.Field( + proto.MESSAGE, + number=3, + message=wrappers_pb2.StringValue, + ) + + +class CsmSettings(proto.Message): + r"""Configuration for RCTokens generated for CSM workloads + protected by IAP. RCTokens are IAP generated JWTs that can be + verified at the application. The RCToken is primarily used for + ISTIO deployments, and can be scoped to a single mesh by + configuring the audience field accordingly + + Attributes: + rctoken_aud (google.protobuf.wrappers_pb2.StringValue): + Audience claim set in the generated RCToken. + This value is not validated by IAP. + """ + + rctoken_aud = proto.Field( + proto.MESSAGE, + number=1, + message=wrappers_pb2.StringValue, + ) + + +class AccessDeniedPageSettings(proto.Message): + r"""Custom content configuration for access denied page. + IAP allows customers to define a custom URI to use as the error + page when access is denied to users. If IAP prevents access to + this page, the default IAP error page will be displayed instead. + + Attributes: + access_denied_page_uri (google.protobuf.wrappers_pb2.StringValue): + The URI to be redirected to when access is + denied. + generate_troubleshooting_uri (google.protobuf.wrappers_pb2.BoolValue): + Whether to generate a troubleshooting URL on + access denied events to this application. + """ + + access_denied_page_uri = proto.Field( + proto.MESSAGE, + number=1, + message=wrappers_pb2.StringValue, + ) + generate_troubleshooting_uri = proto.Field( + proto.MESSAGE, + number=2, + message=wrappers_pb2.BoolValue, + ) + + +class ListBrandsRequest(proto.Message): + r"""The request sent to ListBrands. + + Attributes: + parent (str): + Required. GCP Project number/id. In the following format: + projects/{project_number/id}. + """ + + parent = proto.Field( + proto.STRING, + number=1, + ) + + +class ListBrandsResponse(proto.Message): + r"""Response message for ListBrands. + + Attributes: + brands (Sequence[google.cloud.iap_v1.types.Brand]): + Brands existing in the project. + """ + + brands = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='Brand', + ) + + +class CreateBrandRequest(proto.Message): + r"""The request sent to CreateBrand. + + Attributes: + parent (str): + Required. GCP Project number/id under which the brand is to + be created. In the following format: + projects/{project_number/id}. + brand (google.cloud.iap_v1.types.Brand): + Required. The brand to be created. + """ + + parent = proto.Field( + proto.STRING, + number=1, + ) + brand = proto.Field( + proto.MESSAGE, + number=2, + message='Brand', + ) + + +class GetBrandRequest(proto.Message): + r"""The request sent to GetBrand. + + Attributes: + name (str): + Required. Name of the brand to be fetched. In the following + format: projects/{project_number/id}/brands/{brand}. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + +class ListIdentityAwareProxyClientsRequest(proto.Message): + r"""The request sent to ListIdentityAwareProxyClients. + + Attributes: + parent (str): + Required. Full brand path. In the following format: + projects/{project_number/id}/brands/{brand}. + page_size (int): + The maximum number of clients to return. The + service may return fewer than this value. + If unspecified, at most 100 clients will be + returned. The maximum value is 1000; values + above 1000 will be coerced to 1000. + page_token (str): + A page token, received from a previous + ``ListIdentityAwareProxyClients`` call. Provide this to + retrieve the subsequent page. + + When paginating, all other parameters provided to + ``ListIdentityAwareProxyClients`` must match the call that + provided the page token. + """ + + parent = proto.Field( + proto.STRING, + number=1, + ) + page_size = proto.Field( + proto.INT32, + number=2, + ) + page_token = proto.Field( + proto.STRING, + number=3, + ) + + +class ListIdentityAwareProxyClientsResponse(proto.Message): + r"""Response message for ListIdentityAwareProxyClients. + + Attributes: + identity_aware_proxy_clients (Sequence[google.cloud.iap_v1.types.IdentityAwareProxyClient]): + Clients existing in the brand. + next_page_token (str): + A token, which can be send as ``page_token`` to retrieve the + next page. If this field is omitted, there are no subsequent + pages. + """ + + @property + def raw_page(self): + return self + + identity_aware_proxy_clients = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='IdentityAwareProxyClient', + ) + next_page_token = proto.Field( + proto.STRING, + number=2, + ) + + +class CreateIdentityAwareProxyClientRequest(proto.Message): + r"""The request sent to CreateIdentityAwareProxyClient. + + Attributes: + parent (str): + Required. Path to create the client in. In the following + format: projects/{project_number/id}/brands/{brand}. The + project must belong to a G Suite account. + identity_aware_proxy_client (google.cloud.iap_v1.types.IdentityAwareProxyClient): + Required. Identity Aware Proxy Client to be + created. + """ + + parent = proto.Field( + proto.STRING, + number=1, + ) + identity_aware_proxy_client = proto.Field( + proto.MESSAGE, + number=2, + message='IdentityAwareProxyClient', + ) + + +class GetIdentityAwareProxyClientRequest(proto.Message): + r"""The request sent to GetIdentityAwareProxyClient. + + Attributes: + name (str): + Required. Name of the Identity Aware Proxy client to be + fetched. In the following format: + projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + +class ResetIdentityAwareProxyClientSecretRequest(proto.Message): + r"""The request sent to ResetIdentityAwareProxyClientSecret. + + Attributes: + name (str): + Required. Name of the Identity Aware Proxy client to that + will have its secret reset. In the following format: + projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + +class DeleteIdentityAwareProxyClientRequest(proto.Message): + r"""The request sent to DeleteIdentityAwareProxyClient. + + Attributes: + name (str): + Required. Name of the Identity Aware Proxy client to be + deleted. In the following format: + projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + +class Brand(proto.Message): + r"""OAuth brand data. + NOTE: Only contains a portion of the data that describes a + brand. + + Attributes: + name (str): + Output only. Identifier of the brand. + NOTE: GCP project number achieves the same brand + identification purpose as only one brand per + project can be created. + support_email (str): + Support email displayed on the OAuth consent + screen. + application_title (str): + Application name displayed on OAuth consent + screen. + org_internal_only (bool): + Output only. Whether the brand is only + intended for usage inside the G Suite + organization only. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + support_email = proto.Field( + proto.STRING, + number=2, + ) + application_title = proto.Field( + proto.STRING, + number=3, + ) + org_internal_only = proto.Field( + proto.BOOL, + number=4, + ) + + +class IdentityAwareProxyClient(proto.Message): + r"""Contains the data that describes an Identity Aware Proxy + owned client. + + Attributes: + name (str): + Output only. Unique identifier of the OAuth + client. + secret (str): + Output only. Client secret of the OAuth + client. + display_name (str): + Human-friendly name given to the OAuth + client. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + secret = proto.Field( + proto.STRING, + number=2, + ) + display_name = proto.Field( + proto.STRING, + number=3, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/owl-bot-staging/v1/mypy.ini b/owl-bot-staging/v1/mypy.ini new file mode 100644 index 0000000..4505b48 --- /dev/null +++ b/owl-bot-staging/v1/mypy.ini @@ -0,0 +1,3 @@ +[mypy] +python_version = 3.6 +namespace_packages = True diff --git a/owl-bot-staging/v1/noxfile.py b/owl-bot-staging/v1/noxfile.py new file mode 100644 index 0000000..8181b39 --- /dev/null +++ b/owl-bot-staging/v1/noxfile.py @@ -0,0 +1,132 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import pathlib +import shutil +import subprocess +import sys + + +import nox # type: ignore + +CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute() + +LOWER_BOUND_CONSTRAINTS_FILE = CURRENT_DIRECTORY / "constraints.txt" +PACKAGE_NAME = subprocess.check_output([sys.executable, "setup.py", "--name"], encoding="utf-8") + + +nox.sessions = [ + "unit", + "cover", + "mypy", + "check_lower_bounds" + # exclude update_lower_bounds from default + "docs", +] + +@nox.session(python=['3.6', '3.7', '3.8', '3.9']) +def unit(session): + """Run the unit test suite.""" + + session.install('coverage', 'pytest', 'pytest-cov', 'asyncmock', 'pytest-asyncio') + session.install('-e', '.') + + session.run( + 'py.test', + '--quiet', + '--cov=google/cloud/iap_v1/', + '--cov-config=.coveragerc', + '--cov-report=term', + '--cov-report=html', + os.path.join('tests', 'unit', ''.join(session.posargs)) + ) + + +@nox.session(python='3.7') +def cover(session): + """Run the final coverage report. + This outputs the coverage report aggregating coverage from the unit + test runs (not system test runs), and then erases coverage data. + """ + session.install("coverage", "pytest-cov") + session.run("coverage", "report", "--show-missing", "--fail-under=100") + + session.run("coverage", "erase") + + +@nox.session(python=['3.6', '3.7']) +def mypy(session): + """Run the type checker.""" + session.install('mypy', 'types-pkg_resources') + session.install('.') + session.run( + 'mypy', + '--explicit-package-bases', + 'google', + ) + + +@nox.session +def update_lower_bounds(session): + """Update lower bounds in constraints.txt to match setup.py""" + session.install('google-cloud-testutils') + session.install('.') + + session.run( + 'lower-bound-checker', + 'update', + '--package-name', + PACKAGE_NAME, + '--constraints-file', + str(LOWER_BOUND_CONSTRAINTS_FILE), + ) + + +@nox.session +def check_lower_bounds(session): + """Check lower bounds in setup.py are reflected in constraints file""" + session.install('google-cloud-testutils') + session.install('.') + + session.run( + 'lower-bound-checker', + 'check', + '--package-name', + PACKAGE_NAME, + '--constraints-file', + str(LOWER_BOUND_CONSTRAINTS_FILE), + ) + +@nox.session(python='3.6') +def docs(session): + """Build the docs for this library.""" + + session.install("-e", ".") + session.install("sphinx<3.0.0", "alabaster", "recommonmark") + + shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) + session.run( + "sphinx-build", + "-W", # warnings as errors + "-T", # show full traceback on exception + "-N", # no colors + "-b", + "html", + "-d", + os.path.join("docs", "_build", "doctrees", ""), + os.path.join("docs", ""), + os.path.join("docs", "_build", "html", ""), + ) diff --git a/owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py b/owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py new file mode 100644 index 0000000..b3b4636 --- /dev/null +++ b/owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py @@ -0,0 +1,188 @@ +#! /usr/bin/env python3 +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import argparse +import os +import libcst as cst +import pathlib +import sys +from typing import (Any, Callable, Dict, List, Sequence, Tuple) + + +def partition( + predicate: Callable[[Any], bool], + iterator: Sequence[Any] +) -> Tuple[List[Any], List[Any]]: + """A stable, out-of-place partition.""" + results = ([], []) + + for i in iterator: + results[int(predicate(i))].append(i) + + # Returns trueList, falseList + return results[1], results[0] + + +class iapCallTransformer(cst.CSTTransformer): + CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') + METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { + 'create_brand': ('parent', 'brand', ), + 'create_identity_aware_proxy_client': ('parent', 'identity_aware_proxy_client', ), + 'delete_identity_aware_proxy_client': ('name', ), + 'get_brand': ('name', ), + 'get_iam_policy': ('resource', 'options', ), + 'get_iap_settings': ('name', ), + 'get_identity_aware_proxy_client': ('name', ), + 'list_brands': ('parent', ), + 'list_identity_aware_proxy_clients': ('parent', 'page_size', 'page_token', ), + 'reset_identity_aware_proxy_client_secret': ('name', ), + 'set_iam_policy': ('resource', 'policy', ), + 'test_iam_permissions': ('resource', 'permissions', ), + 'update_iap_settings': ('iap_settings', 'update_mask', ), + } + + def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: + try: + key = original.func.attr.value + kword_params = self.METHOD_TO_PARAMS[key] + except (AttributeError, KeyError): + # Either not a method from the API or too convoluted to be sure. + return updated + + # If the existing code is valid, keyword args come after positional args. + # Therefore, all positional args must map to the first parameters. + args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) + if any(k.keyword.value == "request" for k in kwargs): + # We've already fixed this file, don't fix it again. + return updated + + kwargs, ctrl_kwargs = partition( + lambda a: a.keyword.value not in self.CTRL_PARAMS, + kwargs + ) + + args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] + ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) + for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) + + request_arg = cst.Arg( + value=cst.Dict([ + cst.DictElement( + cst.SimpleString("'{}'".format(name)), +cst.Element(value=arg.value) + ) + # Note: the args + kwargs looks silly, but keep in mind that + # the control parameters had to be stripped out, and that + # those could have been passed positionally or by keyword. + for name, arg in zip(kword_params, args + kwargs)]), + keyword=cst.Name("request") + ) + + return updated.with_changes( + args=[request_arg] + ctrl_kwargs + ) + + +def fix_files( + in_dir: pathlib.Path, + out_dir: pathlib.Path, + *, + transformer=iapCallTransformer(), +): + """Duplicate the input dir to the output dir, fixing file method calls. + + Preconditions: + * in_dir is a real directory + * out_dir is a real, empty directory + """ + pyfile_gen = ( + pathlib.Path(os.path.join(root, f)) + for root, _, files in os.walk(in_dir) + for f in files if os.path.splitext(f)[1] == ".py" + ) + + for fpath in pyfile_gen: + with open(fpath, 'r') as f: + src = f.read() + + # Parse the code and insert method call fixes. + tree = cst.parse_module(src) + updated = tree.visit(transformer) + + # Create the path and directory structure for the new file. + updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) + updated_path.parent.mkdir(parents=True, exist_ok=True) + + # Generate the updated source file at the corresponding path. + with open(updated_path, 'w') as f: + f.write(updated.code) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description="""Fix up source that uses the iap client library. + +The existing sources are NOT overwritten but are copied to output_dir with changes made. + +Note: This tool operates at a best-effort level at converting positional + parameters in client method calls to keyword based parameters. + Cases where it WILL FAIL include + A) * or ** expansion in a method call. + B) Calls via function or method alias (includes free function calls) + C) Indirect or dispatched calls (e.g. the method is looked up dynamically) + + These all constitute false negatives. The tool will also detect false + positives when an API method shares a name with another method. +""") + parser.add_argument( + '-d', + '--input-directory', + required=True, + dest='input_dir', + help='the input directory to walk for python files to fix up', + ) + parser.add_argument( + '-o', + '--output-directory', + required=True, + dest='output_dir', + help='the directory to output files fixed via un-flattening', + ) + args = parser.parse_args() + input_dir = pathlib.Path(args.input_dir) + output_dir = pathlib.Path(args.output_dir) + if not input_dir.is_dir(): + print( + f"input directory '{input_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if not output_dir.is_dir(): + print( + f"output directory '{output_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if os.listdir(output_dir): + print( + f"output directory '{output_dir}' is not empty", + file=sys.stderr, + ) + sys.exit(-1) + + fix_files(input_dir, output_dir) diff --git a/owl-bot-staging/v1/setup.py b/owl-bot-staging/v1/setup.py new file mode 100644 index 0000000..8f288e2 --- /dev/null +++ b/owl-bot-staging/v1/setup.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import io +import os +import setuptools # type: ignore + +version = '0.1.0' + +package_root = os.path.abspath(os.path.dirname(__file__)) + +readme_filename = os.path.join(package_root, 'README.rst') +with io.open(readme_filename, encoding='utf-8') as readme_file: + readme = readme_file.read() + +setuptools.setup( + name='google-cloud-iap', + version=version, + long_description=readme, + packages=setuptools.PEP420PackageFinder.find(), + namespace_packages=('google', 'google.cloud'), + platforms='Posix; MacOS X; Windows', + include_package_data=True, + install_requires=( + 'google-api-core[grpc] >= 1.27.0, < 3.0.0dev', + 'libcst >= 0.2.5', + 'proto-plus >= 1.15.0', + 'packaging >= 14.3', 'grpc-google-iam-v1 >= 0.12.3, < 0.13dev', ), + python_requires='>=3.6', + classifiers=[ + 'Development Status :: 3 - Alpha', + 'Intended Audience :: Developers', + 'Operating System :: OS Independent', + 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', + 'Programming Language :: Python :: 3.9', + 'Topic :: Internet', + 'Topic :: Software Development :: Libraries :: Python Modules', + ], + zip_safe=False, +) diff --git a/owl-bot-staging/v1/tests/__init__.py b/owl-bot-staging/v1/tests/__init__.py new file mode 100644 index 0000000..b54a5fc --- /dev/null +++ b/owl-bot-staging/v1/tests/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/v1/tests/unit/__init__.py b/owl-bot-staging/v1/tests/unit/__init__.py new file mode 100644 index 0000000..b54a5fc --- /dev/null +++ b/owl-bot-staging/v1/tests/unit/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/v1/tests/unit/gapic/__init__.py b/owl-bot-staging/v1/tests/unit/gapic/__init__.py new file mode 100644 index 0000000..b54a5fc --- /dev/null +++ b/owl-bot-staging/v1/tests/unit/gapic/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py new file mode 100644 index 0000000..b54a5fc --- /dev/null +++ b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py new file mode 100644 index 0000000..ddadae0 --- /dev/null +++ b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py @@ -0,0 +1,1785 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import mock +import packaging.version + +import grpc +from grpc.experimental import aio +import math +import pytest +from proto.marshal.rules.dates import DurationRule, TimestampRule + + +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.api_core import path_template +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.iap_v1.services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceAsyncClient +from google.cloud.iap_v1.services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceClient +from google.cloud.iap_v1.services.identity_aware_proxy_admin_service import transports +from google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.base import _GOOGLE_AUTH_VERSION +from google.cloud.iap_v1.types import service +from google.iam.v1 import iam_policy_pb2 # type: ignore +from google.iam.v1 import options_pb2 # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from google.oauth2 import service_account +from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import wrappers_pb2 # type: ignore +from google.type import expr_pb2 # type: ignore +import google.auth + + +# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively +# through google-api-core: +# - Delete the auth "less than" test cases +# - Delete these pytest markers (Make the "greater than or equal to" tests the default). +requires_google_auth_lt_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), + reason="This test requires google-auth < 1.25.0", +) +requires_google_auth_gte_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), + reason="This test requires google-auth >= 1.25.0", +) + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return "foo.googleapis.com" if ("localhost" in client.DEFAULT_ENDPOINT) else client.DEFAULT_ENDPOINT + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(None) is None + assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint + assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(api_mtls_endpoint) == api_mtls_endpoint + assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(sandbox_endpoint) == sandbox_mtls_endpoint + assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) == sandbox_mtls_endpoint + assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi + + +@pytest.mark.parametrize("client_class", [ + IdentityAwareProxyAdminServiceClient, + IdentityAwareProxyAdminServiceAsyncClient, +]) +def test_identity_aware_proxy_admin_service_client_from_service_account_info(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object(service_account.Credentials, 'from_service_account_info') as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == 'iap.googleapis.com:443' + + +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), + (transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_identity_aware_proxy_admin_service_client_service_account_always_use_jwt(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize("client_class", [ + IdentityAwareProxyAdminServiceClient, + IdentityAwareProxyAdminServiceAsyncClient, +]) +def test_identity_aware_proxy_admin_service_client_from_service_account_file(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object(service_account.Credentials, 'from_service_account_file') as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == 'iap.googleapis.com:443' + + +def test_identity_aware_proxy_admin_service_client_get_transport_class(): + transport = IdentityAwareProxyAdminServiceClient.get_transport_class() + available_transports = [ + transports.IdentityAwareProxyAdminServiceGrpcTransport, + ] + assert transport in available_transports + + transport = IdentityAwareProxyAdminServiceClient.get_transport_class("grpc") + assert transport == transports.IdentityAwareProxyAdminServiceGrpcTransport + + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), + (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +@mock.patch.object(IdentityAwareProxyAdminServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceClient)) +@mock.patch.object(IdentityAwareProxyAdminServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceAsyncClient)) +def test_identity_aware_proxy_admin_service_client_client_options(client_class, transport_class, transport_name): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(IdentityAwareProxyAdminServiceClient, 'get_transport_class') as gtc: + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(IdentityAwareProxyAdminServiceClient, 'get_transport_class') as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class() + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): + with pytest.raises(ValueError): + client = client_class() + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + +@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [ + (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc", "true"), + (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio", "true"), + (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc", "false"), + (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio", "false"), +]) +@mock.patch.object(IdentityAwareProxyAdminServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceClient)) +@mock.patch.object(IdentityAwareProxyAdminServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceAsyncClient)) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_identity_aware_proxy_admin_service_client_mtls_env_auto(client_class, transport_class, transport_name, use_client_cert_env): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + options = client_options.ClientOptions(client_cert_source=client_cert_source_callback) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + with mock.patch.object(transport_class, '__init__') as patched: + with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): + with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=client_cert_source_callback): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + with mock.patch.object(transport_class, '__init__') as patched: + with mock.patch("google.auth.transport.mtls.has_default_client_cert_source", return_value=False): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), + (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_identity_aware_proxy_admin_service_client_client_options_scopes(client_class, transport_class, transport_name): + # Check the case scopes are provided. + options = client_options.ClientOptions( + scopes=["1", "2"], + ) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), + (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_identity_aware_proxy_admin_service_client_client_options_credentials_file(client_class, transport_class, transport_name): + # Check the case credentials file is provided. + options = client_options.ClientOptions( + credentials_file="credentials.json" + ) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_identity_aware_proxy_admin_service_client_client_options_from_dict(): + with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceGrpcTransport.__init__') as grpc_transport: + grpc_transport.return_value = None + client = IdentityAwareProxyAdminServiceClient( + client_options={'api_endpoint': 'squid.clam.whelk'} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_set_iam_policy(transport: str = 'grpc', request_type=iam_policy_pb2.SetIamPolicyRequest): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_iam_policy), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = policy_pb2.Policy( + version=774, + etag=b'etag_blob', + ) + response = client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.SetIamPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b'etag_blob' + + +def test_set_iam_policy_from_dict(): + test_set_iam_policy(request_type=dict) + + +def test_set_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_iam_policy), + '__call__') as call: + client.set_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.SetIamPolicyRequest() + + +@pytest.mark.asyncio +async def test_set_iam_policy_async(transport: str = 'grpc_asyncio', request_type=iam_policy_pb2.SetIamPolicyRequest): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_iam_policy), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy( + version=774, + etag=b'etag_blob', + )) + response = await client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.SetIamPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b'etag_blob' + + +@pytest.mark.asyncio +async def test_set_iam_policy_async_from_dict(): + await test_set_iam_policy_async(request_type=dict) + + +def test_set_iam_policy_field_headers(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy_pb2.SetIamPolicyRequest() + + request.resource = 'resource/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_iam_policy), + '__call__') as call: + call.return_value = policy_pb2.Policy() + client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'resource=resource/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_set_iam_policy_field_headers_async(): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy_pb2.SetIamPolicyRequest() + + request.resource = 'resource/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_iam_policy), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy()) + await client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'resource=resource/value', + ) in kw['metadata'] + +def test_set_iam_policy_from_dict_foreign(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.set_iam_policy), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = policy_pb2.Policy() + response = client.set_iam_policy(request={ + 'resource': 'resource_value', + 'policy': policy_pb2.Policy(version=774), + } + ) + call.assert_called() + + +def test_get_iam_policy(transport: str = 'grpc', request_type=iam_policy_pb2.GetIamPolicyRequest): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iam_policy), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = policy_pb2.Policy( + version=774, + etag=b'etag_blob', + ) + response = client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.GetIamPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b'etag_blob' + + +def test_get_iam_policy_from_dict(): + test_get_iam_policy(request_type=dict) + + +def test_get_iam_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iam_policy), + '__call__') as call: + client.get_iam_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.GetIamPolicyRequest() + + +@pytest.mark.asyncio +async def test_get_iam_policy_async(transport: str = 'grpc_asyncio', request_type=iam_policy_pb2.GetIamPolicyRequest): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iam_policy), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy( + version=774, + etag=b'etag_blob', + )) + response = await client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.GetIamPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, policy_pb2.Policy) + assert response.version == 774 + assert response.etag == b'etag_blob' + + +@pytest.mark.asyncio +async def test_get_iam_policy_async_from_dict(): + await test_get_iam_policy_async(request_type=dict) + + +def test_get_iam_policy_field_headers(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy_pb2.GetIamPolicyRequest() + + request.resource = 'resource/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iam_policy), + '__call__') as call: + call.return_value = policy_pb2.Policy() + client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'resource=resource/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_get_iam_policy_field_headers_async(): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy_pb2.GetIamPolicyRequest() + + request.resource = 'resource/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iam_policy), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy()) + await client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'resource=resource/value', + ) in kw['metadata'] + +def test_get_iam_policy_from_dict_foreign(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iam_policy), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = policy_pb2.Policy() + response = client.get_iam_policy(request={ + 'resource': 'resource_value', + 'options': options_pb2.GetPolicyOptions(requested_policy_version=2598), + } + ) + call.assert_called() + + +def test_test_iam_permissions(transport: str = 'grpc', request_type=iam_policy_pb2.TestIamPermissionsRequest): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = iam_policy_pb2.TestIamPermissionsResponse( + permissions=['permissions_value'], + ) + response = client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.TestIamPermissionsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, iam_policy_pb2.TestIamPermissionsResponse) + assert response.permissions == ['permissions_value'] + + +def test_test_iam_permissions_from_dict(): + test_test_iam_permissions(request_type=dict) + + +def test_test_iam_permissions_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), + '__call__') as call: + client.test_iam_permissions() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.TestIamPermissionsRequest() + + +@pytest.mark.asyncio +async def test_test_iam_permissions_async(transport: str = 'grpc_asyncio', request_type=iam_policy_pb2.TestIamPermissionsRequest): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(iam_policy_pb2.TestIamPermissionsResponse( + permissions=['permissions_value'], + )) + response = await client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == iam_policy_pb2.TestIamPermissionsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, iam_policy_pb2.TestIamPermissionsResponse) + assert response.permissions == ['permissions_value'] + + +@pytest.mark.asyncio +async def test_test_iam_permissions_async_from_dict(): + await test_test_iam_permissions_async(request_type=dict) + + +def test_test_iam_permissions_field_headers(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy_pb2.TestIamPermissionsRequest() + + request.resource = 'resource/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), + '__call__') as call: + call.return_value = iam_policy_pb2.TestIamPermissionsResponse() + client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'resource=resource/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_test_iam_permissions_field_headers_async(): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy_pb2.TestIamPermissionsRequest() + + request.resource = 'resource/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(iam_policy_pb2.TestIamPermissionsResponse()) + await client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'resource=resource/value', + ) in kw['metadata'] + +def test_test_iam_permissions_from_dict_foreign(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.test_iam_permissions), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = iam_policy_pb2.TestIamPermissionsResponse() + response = client.test_iam_permissions(request={ + 'resource': 'resource_value', + 'permissions': ['permissions_value'], + } + ) + call.assert_called() + + +def test_get_iap_settings(transport: str = 'grpc', request_type=service.GetIapSettingsRequest): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iap_settings), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.IapSettings( + name='name_value', + ) + response = client.get_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetIapSettingsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IapSettings) + assert response.name == 'name_value' + + +def test_get_iap_settings_from_dict(): + test_get_iap_settings(request_type=dict) + + +def test_get_iap_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iap_settings), + '__call__') as call: + client.get_iap_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetIapSettingsRequest() + + +@pytest.mark.asyncio +async def test_get_iap_settings_async(transport: str = 'grpc_asyncio', request_type=service.GetIapSettingsRequest): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iap_settings), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings( + name='name_value', + )) + response = await client.get_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetIapSettingsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IapSettings) + assert response.name == 'name_value' + + +@pytest.mark.asyncio +async def test_get_iap_settings_async_from_dict(): + await test_get_iap_settings_async(request_type=dict) + + +def test_get_iap_settings_field_headers(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetIapSettingsRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iap_settings), + '__call__') as call: + call.return_value = service.IapSettings() + client.get_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_get_iap_settings_field_headers_async(): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetIapSettingsRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_iap_settings), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings()) + await client.get_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +def test_update_iap_settings(transport: str = 'grpc', request_type=service.UpdateIapSettingsRequest): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_iap_settings), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.IapSettings( + name='name_value', + ) + response = client.update_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdateIapSettingsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IapSettings) + assert response.name == 'name_value' + + +def test_update_iap_settings_from_dict(): + test_update_iap_settings(request_type=dict) + + +def test_update_iap_settings_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_iap_settings), + '__call__') as call: + client.update_iap_settings() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdateIapSettingsRequest() + + +@pytest.mark.asyncio +async def test_update_iap_settings_async(transport: str = 'grpc_asyncio', request_type=service.UpdateIapSettingsRequest): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_iap_settings), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings( + name='name_value', + )) + response = await client.update_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdateIapSettingsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IapSettings) + assert response.name == 'name_value' + + +@pytest.mark.asyncio +async def test_update_iap_settings_async_from_dict(): + await test_update_iap_settings_async(request_type=dict) + + +def test_update_iap_settings_field_headers(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateIapSettingsRequest() + + request.iap_settings.name = 'iap_settings.name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_iap_settings), + '__call__') as call: + call.return_value = service.IapSettings() + client.update_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'iap_settings.name=iap_settings.name/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_update_iap_settings_field_headers_async(): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateIapSettingsRequest() + + request.iap_settings.name = 'iap_settings.name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_iap_settings), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings()) + await client.update_iap_settings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'iap_settings.name=iap_settings.name/value', + ) in kw['metadata'] + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IdentityAwareProxyAdminServiceClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IdentityAwareProxyAdminServiceClient( + client_options={"scopes": ["1", "2"]}, + transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = IdentityAwareProxyAdminServiceClient(transport=transport) + assert client.transport is transport + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + +@pytest.mark.parametrize("transport_class", [ + transports.IdentityAwareProxyAdminServiceGrpcTransport, + transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, +]) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, 'default') as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, + transports.IdentityAwareProxyAdminServiceGrpcTransport, + ) + +def test_identity_aware_proxy_admin_service_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.IdentityAwareProxyAdminServiceTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json" + ) + + +def test_identity_aware_proxy_admin_service_base_transport(): + # Instantiate the base transport. + with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport.__init__') as Transport: + Transport.return_value = None + transport = transports.IdentityAwareProxyAdminServiceTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + 'set_iam_policy', + 'get_iam_policy', + 'test_iam_permissions', + 'get_iap_settings', + 'update_iap_settings', + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + with pytest.raises(NotImplementedError): + transport.close() + + +@requires_google_auth_gte_1_25_0 +def test_identity_aware_proxy_admin_service_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IdentityAwareProxyAdminServiceTransport( + credentials_file="credentials.json", + quota_project_id="octopus", + ) + load_creds.assert_called_once_with("credentials.json", + scopes=None, + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id="octopus", + ) + + +@requires_google_auth_lt_1_25_0 +def test_identity_aware_proxy_admin_service_base_transport_with_credentials_file_old_google_auth(): + # Instantiate the base transport with a credentials file + with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IdentityAwareProxyAdminServiceTransport( + credentials_file="credentials.json", + quota_project_id="octopus", + ) + load_creds.assert_called_once_with("credentials.json", scopes=( + 'https://www.googleapis.com/auth/cloud-platform', + ), + quota_project_id="octopus", + ) + + +def test_identity_aware_proxy_admin_service_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, 'default', autospec=True) as adc, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IdentityAwareProxyAdminServiceTransport() + adc.assert_called_once() + + +@requires_google_auth_gte_1_25_0 +def test_identity_aware_proxy_admin_service_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + IdentityAwareProxyAdminServiceClient() + adc.assert_called_once_with( + scopes=None, + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id=None, + ) + + +@requires_google_auth_lt_1_25_0 +def test_identity_aware_proxy_admin_service_auth_adc_old_google_auth(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + IdentityAwareProxyAdminServiceClient() + adc.assert_called_once_with( + scopes=( 'https://www.googleapis.com/auth/cloud-platform',), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.IdentityAwareProxyAdminServiceGrpcTransport, + transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, + ], +) +@requires_google_auth_gte_1_25_0 +def test_identity_aware_proxy_admin_service_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=( 'https://www.googleapis.com/auth/cloud-platform',), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.IdentityAwareProxyAdminServiceGrpcTransport, + transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, + ], +) +@requires_google_auth_lt_1_25_0 +def test_identity_aware_proxy_admin_service_transport_auth_adc_old_google_auth(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus") + adc.assert_called_once_with(scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.IdentityAwareProxyAdminServiceGrpcTransport, grpc_helpers), + (transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, grpc_helpers_async) + ], +) +def test_identity_aware_proxy_admin_service_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class( + quota_project_id="octopus", + scopes=["1", "2"] + ) + + create_channel.assert_called_with( + "iap.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + scopes=["1", "2"], + default_host="iap.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyAdminServiceGrpcTransport, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport]) +def test_identity_aware_proxy_admin_service_grpc_transport_client_cert_source_for_mtls( + transport_class +): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, + private_key=expected_key + ) + + +def test_identity_aware_proxy_admin_service_host_no_port(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com'), + ) + assert client.transport._host == 'iap.googleapis.com:443' + + +def test_identity_aware_proxy_admin_service_host_with_port(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com:8000'), + ) + assert client.transport._host == 'iap.googleapis.com:8000' + +def test_identity_aware_proxy_admin_service_grpc_transport_channel(): + channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_identity_aware_proxy_admin_service_grpc_asyncio_transport_channel(): + channel = aio.secure_channel('http://localhost/', grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyAdminServiceGrpcTransport, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport]) +def test_identity_aware_proxy_admin_service_transport_channel_mtls_with_client_cert_source( + transport_class +): + with mock.patch("grpc.ssl_channel_credentials", autospec=True) as grpc_ssl_channel_cred: + with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, 'default') as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyAdminServiceGrpcTransport, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport]) +def test_identity_aware_proxy_admin_service_transport_channel_mtls_with_adc( + transport_class +): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_common_billing_account_path(): + billing_account = "squid" + expected = "billingAccounts/{billing_account}".format(billing_account=billing_account, ) + actual = IdentityAwareProxyAdminServiceClient.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "clam", + } + path = IdentityAwareProxyAdminServiceClient.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyAdminServiceClient.parse_common_billing_account_path(path) + assert expected == actual + +def test_common_folder_path(): + folder = "whelk" + expected = "folders/{folder}".format(folder=folder, ) + actual = IdentityAwareProxyAdminServiceClient.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "octopus", + } + path = IdentityAwareProxyAdminServiceClient.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyAdminServiceClient.parse_common_folder_path(path) + assert expected == actual + +def test_common_organization_path(): + organization = "oyster" + expected = "organizations/{organization}".format(organization=organization, ) + actual = IdentityAwareProxyAdminServiceClient.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "nudibranch", + } + path = IdentityAwareProxyAdminServiceClient.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyAdminServiceClient.parse_common_organization_path(path) + assert expected == actual + +def test_common_project_path(): + project = "cuttlefish" + expected = "projects/{project}".format(project=project, ) + actual = IdentityAwareProxyAdminServiceClient.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "mussel", + } + path = IdentityAwareProxyAdminServiceClient.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyAdminServiceClient.parse_common_project_path(path) + assert expected == actual + +def test_common_location_path(): + project = "winkle" + location = "nautilus" + expected = "projects/{project}/locations/{location}".format(project=project, location=location, ) + actual = IdentityAwareProxyAdminServiceClient.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "scallop", + "location": "abalone", + } + path = IdentityAwareProxyAdminServiceClient.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyAdminServiceClient.parse_common_location_path(path) + assert expected == actual + + +def test_client_withDEFAULT_CLIENT_INFO(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object(transports.IdentityAwareProxyAdminServiceTransport, '_prep_wrapped_messages') as prep: + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object(transports.IdentityAwareProxyAdminServiceTransport, '_prep_wrapped_messages') as prep: + transport_class = IdentityAwareProxyAdminServiceClient.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + +@pytest.mark.asyncio +async def test_transport_close_async(): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc_asyncio", + ) + with mock.patch.object(type(getattr(client.transport, "grpc_channel")), "close") as close: + async with client: + close.assert_not_called() + close.assert_called_once() + +def test_transport_close(): + transports = { + "grpc": "_grpc_channel", + } + + for transport, close_name in transports.items(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport + ) + with mock.patch.object(type(getattr(client.transport, close_name)), "close") as close: + with client: + close.assert_not_called() + close.assert_called_once() + +def test_client_ctx(): + transports = [ + 'grpc', + ] + for transport in transports: + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport + ) + # Test client calls underlying transport. + with mock.patch.object(type(client.transport), "close") as close: + close.assert_not_called() + with client: + pass + close.assert_called() diff --git a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py new file mode 100644 index 0000000..f57bf11 --- /dev/null +++ b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py @@ -0,0 +1,2401 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import mock +import packaging.version + +import grpc +from grpc.experimental import aio +import math +import pytest +from proto.marshal.rules.dates import DurationRule, TimestampRule + + +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.api_core import path_template +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceAsyncClient +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceClient +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import pagers +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import transports +from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.base import _GOOGLE_AUTH_VERSION +from google.cloud.iap_v1.types import service +from google.oauth2 import service_account +import google.auth + + +# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively +# through google-api-core: +# - Delete the auth "less than" test cases +# - Delete these pytest markers (Make the "greater than or equal to" tests the default). +requires_google_auth_lt_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), + reason="This test requires google-auth < 1.25.0", +) +requires_google_auth_gte_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), + reason="This test requires google-auth >= 1.25.0", +) + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return "foo.googleapis.com" if ("localhost" in client.DEFAULT_ENDPOINT) else client.DEFAULT_ENDPOINT + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(None) is None + assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint + assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(api_mtls_endpoint) == api_mtls_endpoint + assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(sandbox_endpoint) == sandbox_mtls_endpoint + assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) == sandbox_mtls_endpoint + assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi + + +@pytest.mark.parametrize("client_class", [ + IdentityAwareProxyOAuthServiceClient, + IdentityAwareProxyOAuthServiceAsyncClient, +]) +def test_identity_aware_proxy_o_auth_service_client_from_service_account_info(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object(service_account.Credentials, 'from_service_account_info') as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == 'iap.googleapis.com:443' + + +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), + (transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_identity_aware_proxy_o_auth_service_client_service_account_always_use_jwt(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize("client_class", [ + IdentityAwareProxyOAuthServiceClient, + IdentityAwareProxyOAuthServiceAsyncClient, +]) +def test_identity_aware_proxy_o_auth_service_client_from_service_account_file(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object(service_account.Credentials, 'from_service_account_file') as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == 'iap.googleapis.com:443' + + +def test_identity_aware_proxy_o_auth_service_client_get_transport_class(): + transport = IdentityAwareProxyOAuthServiceClient.get_transport_class() + available_transports = [ + transports.IdentityAwareProxyOAuthServiceGrpcTransport, + ] + assert transport in available_transports + + transport = IdentityAwareProxyOAuthServiceClient.get_transport_class("grpc") + assert transport == transports.IdentityAwareProxyOAuthServiceGrpcTransport + + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), + (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +@mock.patch.object(IdentityAwareProxyOAuthServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceClient)) +@mock.patch.object(IdentityAwareProxyOAuthServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceAsyncClient)) +def test_identity_aware_proxy_o_auth_service_client_client_options(client_class, transport_class, transport_name): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(IdentityAwareProxyOAuthServiceClient, 'get_transport_class') as gtc: + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(IdentityAwareProxyOAuthServiceClient, 'get_transport_class') as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class() + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): + with pytest.raises(ValueError): + client = client_class() + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + +@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [ + (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc", "true"), + (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio", "true"), + (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc", "false"), + (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio", "false"), +]) +@mock.patch.object(IdentityAwareProxyOAuthServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceClient)) +@mock.patch.object(IdentityAwareProxyOAuthServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceAsyncClient)) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_identity_aware_proxy_o_auth_service_client_mtls_env_auto(client_class, transport_class, transport_name, use_client_cert_env): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + options = client_options.ClientOptions(client_cert_source=client_cert_source_callback) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + with mock.patch.object(transport_class, '__init__') as patched: + with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): + with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=client_cert_source_callback): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + with mock.patch.object(transport_class, '__init__') as patched: + with mock.patch("google.auth.transport.mtls.has_default_client_cert_source", return_value=False): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), + (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_identity_aware_proxy_o_auth_service_client_client_options_scopes(client_class, transport_class, transport_name): + # Check the case scopes are provided. + options = client_options.ClientOptions( + scopes=["1", "2"], + ) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), + (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_identity_aware_proxy_o_auth_service_client_client_options_credentials_file(client_class, transport_class, transport_name): + # Check the case credentials file is provided. + options = client_options.ClientOptions( + credentials_file="credentials.json" + ) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_identity_aware_proxy_o_auth_service_client_client_options_from_dict(): + with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceGrpcTransport.__init__') as grpc_transport: + grpc_transport.return_value = None + client = IdentityAwareProxyOAuthServiceClient( + client_options={'api_endpoint': 'squid.clam.whelk'} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_list_brands(transport: str = 'grpc', request_type=service.ListBrandsRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_brands), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListBrandsResponse( + ) + response = client.list_brands(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListBrandsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.ListBrandsResponse) + + +def test_list_brands_from_dict(): + test_list_brands(request_type=dict) + + +def test_list_brands_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_brands), + '__call__') as call: + client.list_brands() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListBrandsRequest() + + +@pytest.mark.asyncio +async def test_list_brands_async(transport: str = 'grpc_asyncio', request_type=service.ListBrandsRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_brands), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.ListBrandsResponse( + )) + response = await client.list_brands(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListBrandsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.ListBrandsResponse) + + +@pytest.mark.asyncio +async def test_list_brands_async_from_dict(): + await test_list_brands_async(request_type=dict) + + +def test_list_brands_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListBrandsRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_brands), + '__call__') as call: + call.return_value = service.ListBrandsResponse() + client.list_brands(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_list_brands_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListBrandsRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_brands), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.ListBrandsResponse()) + await client.list_brands(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +def test_create_brand(transport: str = 'grpc', request_type=service.CreateBrandRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_brand), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.Brand( + name='name_value', + support_email='support_email_value', + application_title='application_title_value', + org_internal_only=True, + ) + response = client.create_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateBrandRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.Brand) + assert response.name == 'name_value' + assert response.support_email == 'support_email_value' + assert response.application_title == 'application_title_value' + assert response.org_internal_only is True + + +def test_create_brand_from_dict(): + test_create_brand(request_type=dict) + + +def test_create_brand_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_brand), + '__call__') as call: + client.create_brand() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateBrandRequest() + + +@pytest.mark.asyncio +async def test_create_brand_async(transport: str = 'grpc_asyncio', request_type=service.CreateBrandRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_brand), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.Brand( + name='name_value', + support_email='support_email_value', + application_title='application_title_value', + org_internal_only=True, + )) + response = await client.create_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateBrandRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.Brand) + assert response.name == 'name_value' + assert response.support_email == 'support_email_value' + assert response.application_title == 'application_title_value' + assert response.org_internal_only is True + + +@pytest.mark.asyncio +async def test_create_brand_async_from_dict(): + await test_create_brand_async(request_type=dict) + + +def test_create_brand_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateBrandRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_brand), + '__call__') as call: + call.return_value = service.Brand() + client.create_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_create_brand_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateBrandRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_brand), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.Brand()) + await client.create_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +def test_get_brand(transport: str = 'grpc', request_type=service.GetBrandRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_brand), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.Brand( + name='name_value', + support_email='support_email_value', + application_title='application_title_value', + org_internal_only=True, + ) + response = client.get_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetBrandRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.Brand) + assert response.name == 'name_value' + assert response.support_email == 'support_email_value' + assert response.application_title == 'application_title_value' + assert response.org_internal_only is True + + +def test_get_brand_from_dict(): + test_get_brand(request_type=dict) + + +def test_get_brand_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_brand), + '__call__') as call: + client.get_brand() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetBrandRequest() + + +@pytest.mark.asyncio +async def test_get_brand_async(transport: str = 'grpc_asyncio', request_type=service.GetBrandRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_brand), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.Brand( + name='name_value', + support_email='support_email_value', + application_title='application_title_value', + org_internal_only=True, + )) + response = await client.get_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetBrandRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.Brand) + assert response.name == 'name_value' + assert response.support_email == 'support_email_value' + assert response.application_title == 'application_title_value' + assert response.org_internal_only is True + + +@pytest.mark.asyncio +async def test_get_brand_async_from_dict(): + await test_get_brand_async(request_type=dict) + + +def test_get_brand_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetBrandRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_brand), + '__call__') as call: + call.return_value = service.Brand() + client.get_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_get_brand_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetBrandRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_brand), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.Brand()) + await client.get_brand(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +def test_create_identity_aware_proxy_client(transport: str = 'grpc', request_type=service.CreateIdentityAwareProxyClientRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_identity_aware_proxy_client), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.IdentityAwareProxyClient( + name='name_value', + secret='secret_value', + display_name='display_name_value', + ) + response = client.create_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateIdentityAwareProxyClientRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IdentityAwareProxyClient) + assert response.name == 'name_value' + assert response.secret == 'secret_value' + assert response.display_name == 'display_name_value' + + +def test_create_identity_aware_proxy_client_from_dict(): + test_create_identity_aware_proxy_client(request_type=dict) + + +def test_create_identity_aware_proxy_client_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_identity_aware_proxy_client), + '__call__') as call: + client.create_identity_aware_proxy_client() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateIdentityAwareProxyClientRequest() + + +@pytest.mark.asyncio +async def test_create_identity_aware_proxy_client_async(transport: str = 'grpc_asyncio', request_type=service.CreateIdentityAwareProxyClientRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_identity_aware_proxy_client), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient( + name='name_value', + secret='secret_value', + display_name='display_name_value', + )) + response = await client.create_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateIdentityAwareProxyClientRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IdentityAwareProxyClient) + assert response.name == 'name_value' + assert response.secret == 'secret_value' + assert response.display_name == 'display_name_value' + + +@pytest.mark.asyncio +async def test_create_identity_aware_proxy_client_async_from_dict(): + await test_create_identity_aware_proxy_client_async(request_type=dict) + + +def test_create_identity_aware_proxy_client_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateIdentityAwareProxyClientRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_identity_aware_proxy_client), + '__call__') as call: + call.return_value = service.IdentityAwareProxyClient() + client.create_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_create_identity_aware_proxy_client_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateIdentityAwareProxyClientRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_identity_aware_proxy_client), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient()) + await client.create_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +def test_list_identity_aware_proxy_clients(transport: str = 'grpc', request_type=service.ListIdentityAwareProxyClientsRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListIdentityAwareProxyClientsResponse( + next_page_token='next_page_token_value', + ) + response = client.list_identity_aware_proxy_clients(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListIdentityAwareProxyClientsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListIdentityAwareProxyClientsPager) + assert response.next_page_token == 'next_page_token_value' + + +def test_list_identity_aware_proxy_clients_from_dict(): + test_list_identity_aware_proxy_clients(request_type=dict) + + +def test_list_identity_aware_proxy_clients_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__') as call: + client.list_identity_aware_proxy_clients() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListIdentityAwareProxyClientsRequest() + + +@pytest.mark.asyncio +async def test_list_identity_aware_proxy_clients_async(transport: str = 'grpc_asyncio', request_type=service.ListIdentityAwareProxyClientsRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.ListIdentityAwareProxyClientsResponse( + next_page_token='next_page_token_value', + )) + response = await client.list_identity_aware_proxy_clients(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListIdentityAwareProxyClientsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListIdentityAwareProxyClientsAsyncPager) + assert response.next_page_token == 'next_page_token_value' + + +@pytest.mark.asyncio +async def test_list_identity_aware_proxy_clients_async_from_dict(): + await test_list_identity_aware_proxy_clients_async(request_type=dict) + + +def test_list_identity_aware_proxy_clients_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListIdentityAwareProxyClientsRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__') as call: + call.return_value = service.ListIdentityAwareProxyClientsResponse() + client.list_identity_aware_proxy_clients(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_list_identity_aware_proxy_clients_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListIdentityAwareProxyClientsRequest() + + request.parent = 'parent/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.ListIdentityAwareProxyClientsResponse()) + await client.list_identity_aware_proxy_clients(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent/value', + ) in kw['metadata'] + + +def test_list_identity_aware_proxy_clients_pager(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + next_page_token='abc', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[], + next_page_token='def', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + ], + next_page_token='ghi', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + ), + RuntimeError, + ) + + metadata = () + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ('parent', ''), + )), + ) + pager = client.list_identity_aware_proxy_clients(request={}) + + assert pager._metadata == metadata + + results = [i for i in pager] + assert len(results) == 6 + assert all(isinstance(i, service.IdentityAwareProxyClient) + for i in results) + +def test_list_identity_aware_proxy_clients_pages(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + next_page_token='abc', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[], + next_page_token='def', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + ], + next_page_token='ghi', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + ), + RuntimeError, + ) + pages = list(client.list_identity_aware_proxy_clients(request={}).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.asyncio +async def test_list_identity_aware_proxy_clients_async_pager(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + next_page_token='abc', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[], + next_page_token='def', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + ], + next_page_token='ghi', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + ), + RuntimeError, + ) + async_pager = await client.list_identity_aware_proxy_clients(request={},) + assert async_pager.next_page_token == 'abc' + responses = [] + async for response in async_pager: + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, service.IdentityAwareProxyClient) + for i in responses) + +@pytest.mark.asyncio +async def test_list_identity_aware_proxy_clients_async_pages(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_identity_aware_proxy_clients), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + next_page_token='abc', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[], + next_page_token='def', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + ], + next_page_token='ghi', + ), + service.ListIdentityAwareProxyClientsResponse( + identity_aware_proxy_clients=[ + service.IdentityAwareProxyClient(), + service.IdentityAwareProxyClient(), + ], + ), + RuntimeError, + ) + pages = [] + async for page_ in (await client.list_identity_aware_proxy_clients(request={})).pages: + pages.append(page_) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +def test_get_identity_aware_proxy_client(transport: str = 'grpc', request_type=service.GetIdentityAwareProxyClientRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_identity_aware_proxy_client), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.IdentityAwareProxyClient( + name='name_value', + secret='secret_value', + display_name='display_name_value', + ) + response = client.get_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetIdentityAwareProxyClientRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IdentityAwareProxyClient) + assert response.name == 'name_value' + assert response.secret == 'secret_value' + assert response.display_name == 'display_name_value' + + +def test_get_identity_aware_proxy_client_from_dict(): + test_get_identity_aware_proxy_client(request_type=dict) + + +def test_get_identity_aware_proxy_client_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_identity_aware_proxy_client), + '__call__') as call: + client.get_identity_aware_proxy_client() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetIdentityAwareProxyClientRequest() + + +@pytest.mark.asyncio +async def test_get_identity_aware_proxy_client_async(transport: str = 'grpc_asyncio', request_type=service.GetIdentityAwareProxyClientRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_identity_aware_proxy_client), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient( + name='name_value', + secret='secret_value', + display_name='display_name_value', + )) + response = await client.get_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetIdentityAwareProxyClientRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IdentityAwareProxyClient) + assert response.name == 'name_value' + assert response.secret == 'secret_value' + assert response.display_name == 'display_name_value' + + +@pytest.mark.asyncio +async def test_get_identity_aware_proxy_client_async_from_dict(): + await test_get_identity_aware_proxy_client_async(request_type=dict) + + +def test_get_identity_aware_proxy_client_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetIdentityAwareProxyClientRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_identity_aware_proxy_client), + '__call__') as call: + call.return_value = service.IdentityAwareProxyClient() + client.get_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_get_identity_aware_proxy_client_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetIdentityAwareProxyClientRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_identity_aware_proxy_client), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient()) + await client.get_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +def test_reset_identity_aware_proxy_client_secret(transport: str = 'grpc', request_type=service.ResetIdentityAwareProxyClientSecretRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.reset_identity_aware_proxy_client_secret), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = service.IdentityAwareProxyClient( + name='name_value', + secret='secret_value', + display_name='display_name_value', + ) + response = client.reset_identity_aware_proxy_client_secret(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.ResetIdentityAwareProxyClientSecretRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IdentityAwareProxyClient) + assert response.name == 'name_value' + assert response.secret == 'secret_value' + assert response.display_name == 'display_name_value' + + +def test_reset_identity_aware_proxy_client_secret_from_dict(): + test_reset_identity_aware_proxy_client_secret(request_type=dict) + + +def test_reset_identity_aware_proxy_client_secret_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.reset_identity_aware_proxy_client_secret), + '__call__') as call: + client.reset_identity_aware_proxy_client_secret() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.ResetIdentityAwareProxyClientSecretRequest() + + +@pytest.mark.asyncio +async def test_reset_identity_aware_proxy_client_secret_async(transport: str = 'grpc_asyncio', request_type=service.ResetIdentityAwareProxyClientSecretRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.reset_identity_aware_proxy_client_secret), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient( + name='name_value', + secret='secret_value', + display_name='display_name_value', + )) + response = await client.reset_identity_aware_proxy_client_secret(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.ResetIdentityAwareProxyClientSecretRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.IdentityAwareProxyClient) + assert response.name == 'name_value' + assert response.secret == 'secret_value' + assert response.display_name == 'display_name_value' + + +@pytest.mark.asyncio +async def test_reset_identity_aware_proxy_client_secret_async_from_dict(): + await test_reset_identity_aware_proxy_client_secret_async(request_type=dict) + + +def test_reset_identity_aware_proxy_client_secret_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ResetIdentityAwareProxyClientSecretRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.reset_identity_aware_proxy_client_secret), + '__call__') as call: + call.return_value = service.IdentityAwareProxyClient() + client.reset_identity_aware_proxy_client_secret(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_reset_identity_aware_proxy_client_secret_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ResetIdentityAwareProxyClientSecretRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.reset_identity_aware_proxy_client_secret), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient()) + await client.reset_identity_aware_proxy_client_secret(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +def test_delete_identity_aware_proxy_client(transport: str = 'grpc', request_type=service.DeleteIdentityAwareProxyClientRequest): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_identity_aware_proxy_client), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = None + response = client.delete_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.DeleteIdentityAwareProxyClientRequest() + + # Establish that the response is the type that we expect. + assert response is None + + +def test_delete_identity_aware_proxy_client_from_dict(): + test_delete_identity_aware_proxy_client(request_type=dict) + + +def test_delete_identity_aware_proxy_client_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_identity_aware_proxy_client), + '__call__') as call: + client.delete_identity_aware_proxy_client() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.DeleteIdentityAwareProxyClientRequest() + + +@pytest.mark.asyncio +async def test_delete_identity_aware_proxy_client_async(transport: str = 'grpc_asyncio', request_type=service.DeleteIdentityAwareProxyClientRequest): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_identity_aware_proxy_client), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + response = await client.delete_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.DeleteIdentityAwareProxyClientRequest() + + # Establish that the response is the type that we expect. + assert response is None + + +@pytest.mark.asyncio +async def test_delete_identity_aware_proxy_client_async_from_dict(): + await test_delete_identity_aware_proxy_client_async(request_type=dict) + + +def test_delete_identity_aware_proxy_client_field_headers(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DeleteIdentityAwareProxyClientRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_identity_aware_proxy_client), + '__call__') as call: + call.return_value = None + client.delete_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_delete_identity_aware_proxy_client_field_headers_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DeleteIdentityAwareProxyClientRequest() + + request.name = 'name/value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_identity_aware_proxy_client), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + await client.delete_identity_aware_proxy_client(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name/value', + ) in kw['metadata'] + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IdentityAwareProxyOAuthServiceClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IdentityAwareProxyOAuthServiceClient( + client_options={"scopes": ["1", "2"]}, + transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = IdentityAwareProxyOAuthServiceClient(transport=transport) + assert client.transport is transport + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + +@pytest.mark.parametrize("transport_class", [ + transports.IdentityAwareProxyOAuthServiceGrpcTransport, + transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, +]) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, 'default') as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, + transports.IdentityAwareProxyOAuthServiceGrpcTransport, + ) + +def test_identity_aware_proxy_o_auth_service_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.IdentityAwareProxyOAuthServiceTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json" + ) + + +def test_identity_aware_proxy_o_auth_service_base_transport(): + # Instantiate the base transport. + with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport.__init__') as Transport: + Transport.return_value = None + transport = transports.IdentityAwareProxyOAuthServiceTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + 'list_brands', + 'create_brand', + 'get_brand', + 'create_identity_aware_proxy_client', + 'list_identity_aware_proxy_clients', + 'get_identity_aware_proxy_client', + 'reset_identity_aware_proxy_client_secret', + 'delete_identity_aware_proxy_client', + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + with pytest.raises(NotImplementedError): + transport.close() + + +@requires_google_auth_gte_1_25_0 +def test_identity_aware_proxy_o_auth_service_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IdentityAwareProxyOAuthServiceTransport( + credentials_file="credentials.json", + quota_project_id="octopus", + ) + load_creds.assert_called_once_with("credentials.json", + scopes=None, + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id="octopus", + ) + + +@requires_google_auth_lt_1_25_0 +def test_identity_aware_proxy_o_auth_service_base_transport_with_credentials_file_old_google_auth(): + # Instantiate the base transport with a credentials file + with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IdentityAwareProxyOAuthServiceTransport( + credentials_file="credentials.json", + quota_project_id="octopus", + ) + load_creds.assert_called_once_with("credentials.json", scopes=( + 'https://www.googleapis.com/auth/cloud-platform', + ), + quota_project_id="octopus", + ) + + +def test_identity_aware_proxy_o_auth_service_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, 'default', autospec=True) as adc, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IdentityAwareProxyOAuthServiceTransport() + adc.assert_called_once() + + +@requires_google_auth_gte_1_25_0 +def test_identity_aware_proxy_o_auth_service_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + IdentityAwareProxyOAuthServiceClient() + adc.assert_called_once_with( + scopes=None, + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id=None, + ) + + +@requires_google_auth_lt_1_25_0 +def test_identity_aware_proxy_o_auth_service_auth_adc_old_google_auth(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + IdentityAwareProxyOAuthServiceClient() + adc.assert_called_once_with( + scopes=( 'https://www.googleapis.com/auth/cloud-platform',), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.IdentityAwareProxyOAuthServiceGrpcTransport, + transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, + ], +) +@requires_google_auth_gte_1_25_0 +def test_identity_aware_proxy_o_auth_service_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=( 'https://www.googleapis.com/auth/cloud-platform',), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.IdentityAwareProxyOAuthServiceGrpcTransport, + transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, + ], +) +@requires_google_auth_lt_1_25_0 +def test_identity_aware_proxy_o_auth_service_transport_auth_adc_old_google_auth(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus") + adc.assert_called_once_with(scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.IdentityAwareProxyOAuthServiceGrpcTransport, grpc_helpers), + (transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, grpc_helpers_async) + ], +) +def test_identity_aware_proxy_o_auth_service_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class( + quota_project_id="octopus", + scopes=["1", "2"] + ) + + create_channel.assert_called_with( + "iap.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + scopes=["1", "2"], + default_host="iap.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyOAuthServiceGrpcTransport, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport]) +def test_identity_aware_proxy_o_auth_service_grpc_transport_client_cert_source_for_mtls( + transport_class +): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, + private_key=expected_key + ) + + +def test_identity_aware_proxy_o_auth_service_host_no_port(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com'), + ) + assert client.transport._host == 'iap.googleapis.com:443' + + +def test_identity_aware_proxy_o_auth_service_host_with_port(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com:8000'), + ) + assert client.transport._host == 'iap.googleapis.com:8000' + +def test_identity_aware_proxy_o_auth_service_grpc_transport_channel(): + channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_identity_aware_proxy_o_auth_service_grpc_asyncio_transport_channel(): + channel = aio.secure_channel('http://localhost/', grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyOAuthServiceGrpcTransport, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport]) +def test_identity_aware_proxy_o_auth_service_transport_channel_mtls_with_client_cert_source( + transport_class +): + with mock.patch("grpc.ssl_channel_credentials", autospec=True) as grpc_ssl_channel_cred: + with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, 'default') as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyOAuthServiceGrpcTransport, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport]) +def test_identity_aware_proxy_o_auth_service_transport_channel_mtls_with_adc( + transport_class +): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_common_billing_account_path(): + billing_account = "squid" + expected = "billingAccounts/{billing_account}".format(billing_account=billing_account, ) + actual = IdentityAwareProxyOAuthServiceClient.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "clam", + } + path = IdentityAwareProxyOAuthServiceClient.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyOAuthServiceClient.parse_common_billing_account_path(path) + assert expected == actual + +def test_common_folder_path(): + folder = "whelk" + expected = "folders/{folder}".format(folder=folder, ) + actual = IdentityAwareProxyOAuthServiceClient.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "octopus", + } + path = IdentityAwareProxyOAuthServiceClient.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyOAuthServiceClient.parse_common_folder_path(path) + assert expected == actual + +def test_common_organization_path(): + organization = "oyster" + expected = "organizations/{organization}".format(organization=organization, ) + actual = IdentityAwareProxyOAuthServiceClient.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "nudibranch", + } + path = IdentityAwareProxyOAuthServiceClient.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyOAuthServiceClient.parse_common_organization_path(path) + assert expected == actual + +def test_common_project_path(): + project = "cuttlefish" + expected = "projects/{project}".format(project=project, ) + actual = IdentityAwareProxyOAuthServiceClient.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "mussel", + } + path = IdentityAwareProxyOAuthServiceClient.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyOAuthServiceClient.parse_common_project_path(path) + assert expected == actual + +def test_common_location_path(): + project = "winkle" + location = "nautilus" + expected = "projects/{project}/locations/{location}".format(project=project, location=location, ) + actual = IdentityAwareProxyOAuthServiceClient.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "scallop", + "location": "abalone", + } + path = IdentityAwareProxyOAuthServiceClient.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = IdentityAwareProxyOAuthServiceClient.parse_common_location_path(path) + assert expected == actual + + +def test_client_withDEFAULT_CLIENT_INFO(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object(transports.IdentityAwareProxyOAuthServiceTransport, '_prep_wrapped_messages') as prep: + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object(transports.IdentityAwareProxyOAuthServiceTransport, '_prep_wrapped_messages') as prep: + transport_class = IdentityAwareProxyOAuthServiceClient.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + +@pytest.mark.asyncio +async def test_transport_close_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc_asyncio", + ) + with mock.patch.object(type(getattr(client.transport, "grpc_channel")), "close") as close: + async with client: + close.assert_not_called() + close.assert_called_once() + +def test_transport_close(): + transports = { + "grpc": "_grpc_channel", + } + + for transport, close_name in transports.items(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport + ) + with mock.patch.object(type(getattr(client.transport, close_name)), "close") as close: + with client: + close.assert_not_called() + close.assert_called_once() + +def test_client_ctx(): + transports = [ + 'grpc', + ] + for transport in transports: + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport + ) + # Test client calls underlying transport. + with mock.patch.object(type(client.transport), "close") as close: + close.assert_not_called() + with client: + pass + close.assert_called() From b070ac4d4e5ec10c3dd0d0459aff215ee900f498 Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Thu, 7 Oct 2021 19:24:11 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=A6=89=20Updates=20from=20OwlBot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --- .../async_client.py | 6 + .../client.py | 18 +- .../transports/base.py | 9 + .../transports/grpc.py | 3 + .../transports/grpc_asyncio.py | 3 + .../async_client.py | 6 + .../client.py | 18 +- .../transports/base.py | 9 + .../transports/grpc.py | 3 + .../transports/grpc_asyncio.py | 3 + google/cloud/iap_v1/types/service.py | 16 + owl-bot-staging/v1/.coveragerc | 17 - owl-bot-staging/v1/MANIFEST.in | 2 - owl-bot-staging/v1/README.rst | 49 - owl-bot-staging/v1/docs/conf.py | 376 --- .../identity_aware_proxy_admin_service.rst | 6 - .../identity_aware_proxy_o_auth_service.rst | 10 - owl-bot-staging/v1/docs/iap_v1/services.rst | 7 - owl-bot-staging/v1/docs/iap_v1/types.rst | 7 - owl-bot-staging/v1/docs/index.rst | 7 - .../v1/google/cloud/iap/__init__.py | 71 - owl-bot-staging/v1/google/cloud/iap/py.typed | 2 - .../v1/google/cloud/iap_v1/__init__.py | 72 - .../google/cloud/iap_v1/gapic_metadata.json | 167 -- .../v1/google/cloud/iap_v1/py.typed | 2 - .../google/cloud/iap_v1/services/__init__.py | 15 - .../__init__.py | 22 - .../async_client.py | 558 ---- .../client.py | 745 ----- .../transports/__init__.py | 33 - .../transports/base.py | 235 -- .../transports/grpc.py | 371 --- .../transports/grpc_asyncio.py | 376 --- .../__init__.py | 22 - .../async_client.py | 624 ----- .../client.py | 820 ------ .../pagers.py | 140 - .../transports/__init__.py | 33 - .../transports/base.py | 276 -- .../transports/grpc.py | 462 ---- .../transports/grpc_asyncio.py | 467 ---- .../v1/google/cloud/iap_v1/types/__init__.py | 64 - .../v1/google/cloud/iap_v1/types/service.py | 583 ---- owl-bot-staging/v1/mypy.ini | 3 - owl-bot-staging/v1/noxfile.py | 132 - .../v1/scripts/fixup_iap_v1_keywords.py | 188 -- owl-bot-staging/v1/setup.py | 54 - owl-bot-staging/v1/tests/__init__.py | 16 - owl-bot-staging/v1/tests/unit/__init__.py | 16 - .../v1/tests/unit/gapic/__init__.py | 16 - .../v1/tests/unit/gapic/iap_v1/__init__.py | 16 - ...test_identity_aware_proxy_admin_service.py | 1785 ------------ ...est_identity_aware_proxy_o_auth_service.py | 2401 ----------------- ...test_identity_aware_proxy_admin_service.py | 50 + ...est_identity_aware_proxy_o_auth_service.py | 50 + 55 files changed, 186 insertions(+), 11276 deletions(-) delete mode 100644 owl-bot-staging/v1/.coveragerc delete mode 100644 owl-bot-staging/v1/MANIFEST.in delete mode 100644 owl-bot-staging/v1/README.rst delete mode 100644 owl-bot-staging/v1/docs/conf.py delete mode 100644 owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst delete mode 100644 owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst delete mode 100644 owl-bot-staging/v1/docs/iap_v1/services.rst delete mode 100644 owl-bot-staging/v1/docs/iap_v1/types.rst delete mode 100644 owl-bot-staging/v1/docs/index.rst delete mode 100644 owl-bot-staging/v1/google/cloud/iap/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap/py.typed delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/py.typed delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py delete mode 100644 owl-bot-staging/v1/google/cloud/iap_v1/types/service.py delete mode 100644 owl-bot-staging/v1/mypy.ini delete mode 100644 owl-bot-staging/v1/noxfile.py delete mode 100644 owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py delete mode 100644 owl-bot-staging/v1/setup.py delete mode 100644 owl-bot-staging/v1/tests/__init__.py delete mode 100644 owl-bot-staging/v1/tests/unit/__init__.py delete mode 100644 owl-bot-staging/v1/tests/unit/gapic/__init__.py delete mode 100644 owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py delete mode 100644 owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py delete mode 100644 owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py index f09ee93..5696b8f 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py @@ -536,6 +536,12 @@ async def update_iap_settings( # Done; return the response. return response + async def __aenter__(self): + return self + + async def __aexit__(self, exc_type, exc, tb): + await self.transport.close() + try: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py index 84c2181..552deaa 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py @@ -338,10 +338,7 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, - always_use_jwt_access=( - Transport == type(self).get_transport_class("grpc") - or Transport == type(self).get_transport_class("grpc_asyncio") - ), + always_use_jwt_access=True, ) def set_iam_policy( @@ -709,6 +706,19 @@ def update_iap_settings( # Done; return the response. return response + def __enter__(self): + return self + + def __exit__(self, type, value, traceback): + """Releases underlying transport's resources. + + .. warning:: + ONLY use as a context manager if the transport is NOT shared + with other clients! Exiting the with block will CLOSE the transport + and may cause errors in other clients! + """ + self.transport.close() + try: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py index b5ef863..193ff54 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py @@ -173,6 +173,15 @@ def _prep_wrapped_messages(self, client_info): ), } + def close(self): + """Closes resources associated with the transport. + + .. warning:: + Only call this method if the transport is NOT shared + with other clients - this may cause errors in other clients! + """ + raise NotImplementedError() + @property def set_iam_policy( self, diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py index d18eab4..8750ad4 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py @@ -373,5 +373,8 @@ def update_iap_settings( ) return self._stubs["update_iap_settings"] + def close(self): + self.grpc_channel.close() + __all__ = ("IdentityAwareProxyAdminServiceGrpcTransport",) diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py index 47166e5..7db3404 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py @@ -376,5 +376,8 @@ def update_iap_settings( ) return self._stubs["update_iap_settings"] + def close(self): + return self.grpc_channel.close() + __all__ = ("IdentityAwareProxyAdminServiceGrpcAsyncIOTransport",) diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py index 5a509b1..be71693 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py @@ -581,6 +581,12 @@ async def delete_identity_aware_proxy_client( request, retry=retry, timeout=timeout, metadata=metadata, ) + async def __aenter__(self): + return self + + async def __aexit__(self, exc_type, exc, tb): + await self.transport.close() + try: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py index 2277440..36168fb 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py @@ -340,10 +340,7 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, - always_use_jwt_access=( - Transport == type(self).get_transport_class("grpc") - or Transport == type(self).get_transport_class("grpc_asyncio") - ), + always_use_jwt_access=True, ) def list_brands( @@ -773,6 +770,19 @@ def delete_identity_aware_proxy_client( request, retry=retry, timeout=timeout, metadata=metadata, ) + def __enter__(self): + return self + + def __exit__(self, type, value, traceback): + """Releases underlying transport's resources. + + .. warning:: + ONLY use as a context manager if the transport is NOT shared + with other clients! Exiting the with block will CLOSE the transport + and may cause errors in other clients! + """ + self.transport.close() + try: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py index bd36596..a9fd7f8 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py @@ -189,6 +189,15 @@ def _prep_wrapped_messages(self, client_info): ), } + def close(self): + """Closes resources associated with the transport. + + .. warning:: + Only call this method if the transport is NOT shared + with other clients - this may cause errors in other clients! + """ + raise NotImplementedError() + @property def list_brands( self, diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py index 19c7516..7d66e85 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py @@ -478,5 +478,8 @@ def delete_identity_aware_proxy_client( ) return self._stubs["delete_identity_aware_proxy_client"] + def close(self): + self.grpc_channel.close() + __all__ = ("IdentityAwareProxyOAuthServiceGrpcTransport",) diff --git a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py index 0803439..6453269 100644 --- a/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py +++ b/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py @@ -488,5 +488,8 @@ def delete_identity_aware_proxy_client( ) return self._stubs["delete_identity_aware_proxy_client"] + def close(self): + return self.grpc_channel.close() + __all__ = ("IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport",) diff --git a/google/cloud/iap_v1/types/service.py b/google/cloud/iap_v1/types/service.py index 47e5cfe..eaca5b5 100644 --- a/google/cloud/iap_v1/types/service.py +++ b/google/cloud/iap_v1/types/service.py @@ -50,6 +50,7 @@ class GetIapSettingsRequest(proto.Message): r"""The request sent to GetIapSettings. + Attributes: name (str): Required. The resource name for which to retrieve the @@ -62,6 +63,7 @@ class GetIapSettingsRequest(proto.Message): class UpdateIapSettingsRequest(proto.Message): r"""The request sent to UpdateIapSettings. + Attributes: iap_settings (google.cloud.iap_v1.types.IapSettings): Required. The new values for the IAP settings to be updated. @@ -83,6 +85,7 @@ class UpdateIapSettingsRequest(proto.Message): class IapSettings(proto.Message): r"""The IAP configurable settings. + Attributes: name (str): Required. The resource name of the IAP @@ -104,6 +107,7 @@ class IapSettings(proto.Message): class AccessSettings(proto.Message): r"""Access related settings for IAP protected apps. + Attributes: gcip_settings (google.cloud.iap_v1.types.GcipSettings): GCIP claims and endpoint configurations for @@ -122,6 +126,7 @@ class AccessSettings(proto.Message): class GcipSettings(proto.Message): r"""Allows customers to configure tenant_id for GCIP instance per-app. + Attributes: tenant_ids (Sequence[str]): GCIP tenant ids that are linked to the IAP resource. @@ -182,6 +187,7 @@ class OAuthSettings(proto.Message): class ApplicationSettings(proto.Message): r"""Wrapper over application specific settings for IAP. + Attributes: csm_settings (google.cloud.iap_v1.types.CsmSettings): Settings to configure IAP's behavior for a @@ -246,6 +252,7 @@ class AccessDeniedPageSettings(proto.Message): class ListBrandsRequest(proto.Message): r"""The request sent to ListBrands. + Attributes: parent (str): Required. GCP Project number/id. In the following format: @@ -257,6 +264,7 @@ class ListBrandsRequest(proto.Message): class ListBrandsResponse(proto.Message): r"""Response message for ListBrands. + Attributes: brands (Sequence[google.cloud.iap_v1.types.Brand]): Brands existing in the project. @@ -267,6 +275,7 @@ class ListBrandsResponse(proto.Message): class CreateBrandRequest(proto.Message): r"""The request sent to CreateBrand. + Attributes: parent (str): Required. GCP Project number/id under which the brand is to @@ -282,6 +291,7 @@ class CreateBrandRequest(proto.Message): class GetBrandRequest(proto.Message): r"""The request sent to GetBrand. + Attributes: name (str): Required. Name of the brand to be fetched. In the following @@ -293,6 +303,7 @@ class GetBrandRequest(proto.Message): class ListIdentityAwareProxyClientsRequest(proto.Message): r"""The request sent to ListIdentityAwareProxyClients. + Attributes: parent (str): Required. Full brand path. In the following format: @@ -320,6 +331,7 @@ class ListIdentityAwareProxyClientsRequest(proto.Message): class ListIdentityAwareProxyClientsResponse(proto.Message): r"""Response message for ListIdentityAwareProxyClients. + Attributes: identity_aware_proxy_clients (Sequence[google.cloud.iap_v1.types.IdentityAwareProxyClient]): Clients existing in the brand. @@ -341,6 +353,7 @@ def raw_page(self): class CreateIdentityAwareProxyClientRequest(proto.Message): r"""The request sent to CreateIdentityAwareProxyClient. + Attributes: parent (str): Required. Path to create the client in. In the following @@ -359,6 +372,7 @@ class CreateIdentityAwareProxyClientRequest(proto.Message): class GetIdentityAwareProxyClientRequest(proto.Message): r"""The request sent to GetIdentityAwareProxyClient. + Attributes: name (str): Required. Name of the Identity Aware Proxy client to be @@ -371,6 +385,7 @@ class GetIdentityAwareProxyClientRequest(proto.Message): class ResetIdentityAwareProxyClientSecretRequest(proto.Message): r"""The request sent to ResetIdentityAwareProxyClientSecret. + Attributes: name (str): Required. Name of the Identity Aware Proxy client to that @@ -383,6 +398,7 @@ class ResetIdentityAwareProxyClientSecretRequest(proto.Message): class DeleteIdentityAwareProxyClientRequest(proto.Message): r"""The request sent to DeleteIdentityAwareProxyClient. + Attributes: name (str): Required. Name of the Identity Aware Proxy client to be diff --git a/owl-bot-staging/v1/.coveragerc b/owl-bot-staging/v1/.coveragerc deleted file mode 100644 index f9b9e0f..0000000 --- a/owl-bot-staging/v1/.coveragerc +++ /dev/null @@ -1,17 +0,0 @@ -[run] -branch = True - -[report] -show_missing = True -omit = - google/cloud/iap/__init__.py -exclude_lines = - # Re-enable the standard pragma - pragma: NO COVER - # Ignore debug-only repr - def __repr__ - # Ignore pkg_resources exceptions. - # This is added at the module level as a safeguard for if someone - # generates the code and tries to run it without pip installing. This - # makes it virtually impossible to test properly. - except pkg_resources.DistributionNotFound diff --git a/owl-bot-staging/v1/MANIFEST.in b/owl-bot-staging/v1/MANIFEST.in deleted file mode 100644 index b3dbbc5..0000000 --- a/owl-bot-staging/v1/MANIFEST.in +++ /dev/null @@ -1,2 +0,0 @@ -recursive-include google/cloud/iap *.py -recursive-include google/cloud/iap_v1 *.py diff --git a/owl-bot-staging/v1/README.rst b/owl-bot-staging/v1/README.rst deleted file mode 100644 index 6d8e72a..0000000 --- a/owl-bot-staging/v1/README.rst +++ /dev/null @@ -1,49 +0,0 @@ -Python Client for Google Cloud Iap API -================================================= - -Quick Start ------------ - -In order to use this library, you first need to go through the following steps: - -1. `Select or create a Cloud Platform project.`_ -2. `Enable billing for your project.`_ -3. Enable the Google Cloud Iap API. -4. `Setup Authentication.`_ - -.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project -.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project -.. _Setup Authentication.: https://googleapis.dev/python/google-api-core/latest/auth.html - -Installation -~~~~~~~~~~~~ - -Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to -create isolated Python environments. The basic problem it addresses is one of -dependencies and versions, and indirectly permissions. - -With `virtualenv`_, it's possible to install this library without needing system -install permissions, and without clashing with the installed system -dependencies. - -.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/ - - -Mac/Linux -^^^^^^^^^ - -.. code-block:: console - - python3 -m venv - source /bin/activate - /bin/pip install /path/to/library - - -Windows -^^^^^^^ - -.. code-block:: console - - python3 -m venv - \Scripts\activate - \Scripts\pip.exe install \path\to\library diff --git a/owl-bot-staging/v1/docs/conf.py b/owl-bot-staging/v1/docs/conf.py deleted file mode 100644 index be35ede..0000000 --- a/owl-bot-staging/v1/docs/conf.py +++ /dev/null @@ -1,376 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# google-cloud-iap documentation build configuration file -# -# This file is execfile()d with the current directory set to its -# containing dir. -# -# Note that not all possible configuration values are present in this -# autogenerated file. -# -# All configuration values have a default; values that are commented out -# serve to show the default. - -import sys -import os -import shlex - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -sys.path.insert(0, os.path.abspath("..")) - -__version__ = "0.1.0" - -# -- General configuration ------------------------------------------------ - -# If your documentation needs a minimal Sphinx version, state it here. -needs_sphinx = "1.6.3" - -# Add any Sphinx extension module names here, as strings. They can be -# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom -# ones. -extensions = [ - "sphinx.ext.autodoc", - "sphinx.ext.autosummary", - "sphinx.ext.intersphinx", - "sphinx.ext.coverage", - "sphinx.ext.napoleon", - "sphinx.ext.todo", - "sphinx.ext.viewcode", -] - -# autodoc/autosummary flags -autoclass_content = "both" -autodoc_default_flags = ["members"] -autosummary_generate = True - - -# Add any paths that contain templates here, relative to this directory. -templates_path = ["_templates"] - -# Allow markdown includes (so releases.md can include CHANGLEOG.md) -# http://www.sphinx-doc.org/en/master/markdown.html -source_parsers = {".md": "recommonmark.parser.CommonMarkParser"} - -# The suffix(es) of source filenames. -# You can specify multiple suffix as a list of string: -source_suffix = [".rst", ".md"] - -# The encoding of source files. -# source_encoding = 'utf-8-sig' - -# The master toctree document. -master_doc = "index" - -# General information about the project. -project = u"google-cloud-iap" -copyright = u"2020, Google, LLC" -author = u"Google APIs" # TODO: autogenerate this bit - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The full version, including alpha/beta/rc tags. -release = __version__ -# The short X.Y version. -version = ".".join(release.split(".")[0:2]) - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -# -# This is also used if you do content translation via gettext catalogs. -# Usually you set "language" from the command line for these cases. -language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -# today = '' -# Else, today_fmt is used as the format for a strftime call. -# today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = ["_build"] - -# The reST default role (used for this markup: `text`) to use for all -# documents. -# default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -# add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -# add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -# show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = "sphinx" - -# A list of ignored prefixes for module index sorting. -# modindex_common_prefix = [] - -# If true, keep warnings as "system message" paragraphs in the built documents. -# keep_warnings = False - -# If true, `todo` and `todoList` produce output, else they produce nothing. -todo_include_todos = True - - -# -- Options for HTML output ---------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = "alabaster" - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -html_theme_options = { - "description": "Google Cloud Client Libraries for Python", - "github_user": "googleapis", - "github_repo": "google-cloud-python", - "github_banner": True, - "font_family": "'Roboto', Georgia, sans", - "head_font_family": "'Roboto', Georgia, serif", - "code_font_family": "'Roboto Mono', 'Consolas', monospace", -} - -# Add any paths that contain custom themes here, relative to this directory. -# html_theme_path = [] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -# html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -# html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -# html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -# html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ["_static"] - -# Add any extra paths that contain custom files (such as robots.txt or -# .htaccess) here, relative to this directory. These files are copied -# directly to the root of the documentation. -# html_extra_path = [] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -# html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -# html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -# html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -# html_additional_pages = {} - -# If false, no module index is generated. -# html_domain_indices = True - -# If false, no index is generated. -# html_use_index = True - -# If true, the index is split into individual pages for each letter. -# html_split_index = False - -# If true, links to the reST sources are added to the pages. -# html_show_sourcelink = True - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -# html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -# html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -# html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g. ".xhtml"). -# html_file_suffix = None - -# Language to be used for generating the HTML full-text search index. -# Sphinx supports the following languages: -# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' -# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr' -# html_search_language = 'en' - -# A dictionary with options for the search language support, empty by default. -# Now only 'ja' uses this config value -# html_search_options = {'type': 'default'} - -# The name of a javascript file (relative to the configuration directory) that -# implements a search results scorer. If empty, the default will be used. -# html_search_scorer = 'scorer.js' - -# Output file base name for HTML help builder. -htmlhelp_basename = "google-cloud-iap-doc" - -# -- Options for warnings ------------------------------------------------------ - - -suppress_warnings = [ - # Temporarily suppress this to avoid "more than one target found for - # cross-reference" warning, which are intractable for us to avoid while in - # a mono-repo. - # See https://github.com/sphinx-doc/sphinx/blob - # /2a65ffeef5c107c19084fabdd706cdff3f52d93c/sphinx/domains/python.py#L843 - "ref.python" -] - -# -- Options for LaTeX output --------------------------------------------- - -latex_elements = { - # The paper size ('letterpaper' or 'a4paper'). - # 'papersize': 'letterpaper', - # The font size ('10pt', '11pt' or '12pt'). - # 'pointsize': '10pt', - # Additional stuff for the LaTeX preamble. - # 'preamble': '', - # Latex figure (float) alignment - # 'figure_align': 'htbp', -} - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, -# author, documentclass [howto, manual, or own class]). -latex_documents = [ - ( - master_doc, - "google-cloud-iap.tex", - u"google-cloud-iap Documentation", - author, - "manual", - ) -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -# latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -# latex_use_parts = False - -# If true, show page references after internal links. -# latex_show_pagerefs = False - -# If true, show URL addresses after external links. -# latex_show_urls = False - -# Documents to append as an appendix to all manuals. -# latex_appendices = [] - -# If false, no module index is generated. -# latex_domain_indices = True - - -# -- Options for manual page output --------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ( - master_doc, - "google-cloud-iap", - u"Google Cloud Iap Documentation", - [author], - 1, - ) -] - -# If true, show URL addresses after external links. -# man_show_urls = False - - -# -- Options for Texinfo output ------------------------------------------- - -# Grouping the document tree into Texinfo files. List of tuples -# (source start file, target name, title, author, -# dir menu entry, description, category) -texinfo_documents = [ - ( - master_doc, - "google-cloud-iap", - u"google-cloud-iap Documentation", - author, - "google-cloud-iap", - "GAPIC library for Google Cloud Iap API", - "APIs", - ) -] - -# Documents to append as an appendix to all manuals. -# texinfo_appendices = [] - -# If false, no module index is generated. -# texinfo_domain_indices = True - -# How to display URL addresses: 'footnote', 'no', or 'inline'. -# texinfo_show_urls = 'footnote' - -# If true, do not generate a @detailmenu in the "Top" node's menu. -# texinfo_no_detailmenu = False - - -# Example configuration for intersphinx: refer to the Python standard library. -intersphinx_mapping = { - "python": ("http://python.readthedocs.org/en/latest/", None), - "gax": ("https://gax-python.readthedocs.org/en/latest/", None), - "google-auth": ("https://google-auth.readthedocs.io/en/stable", None), - "google-gax": ("https://gax-python.readthedocs.io/en/latest/", None), - "google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None), - "grpc": ("https://grpc.io/grpc/python/", None), - "requests": ("http://requests.kennethreitz.org/en/stable/", None), - "proto": ("https://proto-plus-python.readthedocs.io/en/stable", None), - "protobuf": ("https://googleapis.dev/python/protobuf/latest/", None), -} - - -# Napoleon settings -napoleon_google_docstring = True -napoleon_numpy_docstring = True -napoleon_include_private_with_doc = False -napoleon_include_special_with_doc = True -napoleon_use_admonition_for_examples = False -napoleon_use_admonition_for_notes = False -napoleon_use_admonition_for_references = False -napoleon_use_ivar = False -napoleon_use_param = True -napoleon_use_rtype = True diff --git a/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst b/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst deleted file mode 100644 index 1275baf..0000000 --- a/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_admin_service.rst +++ /dev/null @@ -1,6 +0,0 @@ -IdentityAwareProxyAdminService ------------------------------------------------- - -.. automodule:: google.cloud.iap_v1.services.identity_aware_proxy_admin_service - :members: - :inherited-members: diff --git a/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst b/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst deleted file mode 100644 index 172d1e6..0000000 --- a/owl-bot-staging/v1/docs/iap_v1/identity_aware_proxy_o_auth_service.rst +++ /dev/null @@ -1,10 +0,0 @@ -IdentityAwareProxyOAuthService ------------------------------------------------- - -.. automodule:: google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service - :members: - :inherited-members: - -.. automodule:: google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.pagers - :members: - :inherited-members: diff --git a/owl-bot-staging/v1/docs/iap_v1/services.rst b/owl-bot-staging/v1/docs/iap_v1/services.rst deleted file mode 100644 index 7f5aebf..0000000 --- a/owl-bot-staging/v1/docs/iap_v1/services.rst +++ /dev/null @@ -1,7 +0,0 @@ -Services for Google Cloud Iap v1 API -==================================== -.. toctree:: - :maxdepth: 2 - - identity_aware_proxy_admin_service - identity_aware_proxy_o_auth_service diff --git a/owl-bot-staging/v1/docs/iap_v1/types.rst b/owl-bot-staging/v1/docs/iap_v1/types.rst deleted file mode 100644 index cd228d8..0000000 --- a/owl-bot-staging/v1/docs/iap_v1/types.rst +++ /dev/null @@ -1,7 +0,0 @@ -Types for Google Cloud Iap v1 API -================================= - -.. automodule:: google.cloud.iap_v1.types - :members: - :undoc-members: - :show-inheritance: diff --git a/owl-bot-staging/v1/docs/index.rst b/owl-bot-staging/v1/docs/index.rst deleted file mode 100644 index aa9d4a3..0000000 --- a/owl-bot-staging/v1/docs/index.rst +++ /dev/null @@ -1,7 +0,0 @@ -API Reference -------------- -.. toctree:: - :maxdepth: 2 - - iap_v1/services - iap_v1/types diff --git a/owl-bot-staging/v1/google/cloud/iap/__init__.py b/owl-bot-staging/v1/google/cloud/iap/__init__.py deleted file mode 100644 index 1f9d334..0000000 --- a/owl-bot-staging/v1/google/cloud/iap/__init__.py +++ /dev/null @@ -1,71 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -from google.cloud.iap_v1.services.identity_aware_proxy_admin_service.client import IdentityAwareProxyAdminServiceClient -from google.cloud.iap_v1.services.identity_aware_proxy_admin_service.async_client import IdentityAwareProxyAdminServiceAsyncClient -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.client import IdentityAwareProxyOAuthServiceClient -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.async_client import IdentityAwareProxyOAuthServiceAsyncClient - -from google.cloud.iap_v1.types.service import AccessDeniedPageSettings -from google.cloud.iap_v1.types.service import AccessSettings -from google.cloud.iap_v1.types.service import ApplicationSettings -from google.cloud.iap_v1.types.service import Brand -from google.cloud.iap_v1.types.service import CorsSettings -from google.cloud.iap_v1.types.service import CreateBrandRequest -from google.cloud.iap_v1.types.service import CreateIdentityAwareProxyClientRequest -from google.cloud.iap_v1.types.service import CsmSettings -from google.cloud.iap_v1.types.service import DeleteIdentityAwareProxyClientRequest -from google.cloud.iap_v1.types.service import GcipSettings -from google.cloud.iap_v1.types.service import GetBrandRequest -from google.cloud.iap_v1.types.service import GetIapSettingsRequest -from google.cloud.iap_v1.types.service import GetIdentityAwareProxyClientRequest -from google.cloud.iap_v1.types.service import IapSettings -from google.cloud.iap_v1.types.service import IdentityAwareProxyClient -from google.cloud.iap_v1.types.service import ListBrandsRequest -from google.cloud.iap_v1.types.service import ListBrandsResponse -from google.cloud.iap_v1.types.service import ListIdentityAwareProxyClientsRequest -from google.cloud.iap_v1.types.service import ListIdentityAwareProxyClientsResponse -from google.cloud.iap_v1.types.service import OAuthSettings -from google.cloud.iap_v1.types.service import ResetIdentityAwareProxyClientSecretRequest -from google.cloud.iap_v1.types.service import UpdateIapSettingsRequest - -__all__ = ('IdentityAwareProxyAdminServiceClient', - 'IdentityAwareProxyAdminServiceAsyncClient', - 'IdentityAwareProxyOAuthServiceClient', - 'IdentityAwareProxyOAuthServiceAsyncClient', - 'AccessDeniedPageSettings', - 'AccessSettings', - 'ApplicationSettings', - 'Brand', - 'CorsSettings', - 'CreateBrandRequest', - 'CreateIdentityAwareProxyClientRequest', - 'CsmSettings', - 'DeleteIdentityAwareProxyClientRequest', - 'GcipSettings', - 'GetBrandRequest', - 'GetIapSettingsRequest', - 'GetIdentityAwareProxyClientRequest', - 'IapSettings', - 'IdentityAwareProxyClient', - 'ListBrandsRequest', - 'ListBrandsResponse', - 'ListIdentityAwareProxyClientsRequest', - 'ListIdentityAwareProxyClientsResponse', - 'OAuthSettings', - 'ResetIdentityAwareProxyClientSecretRequest', - 'UpdateIapSettingsRequest', -) diff --git a/owl-bot-staging/v1/google/cloud/iap/py.typed b/owl-bot-staging/v1/google/cloud/iap/py.typed deleted file mode 100644 index 90095aa..0000000 --- a/owl-bot-staging/v1/google/cloud/iap/py.typed +++ /dev/null @@ -1,2 +0,0 @@ -# Marker file for PEP 561. -# The google-cloud-iap package uses inline types. diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/__init__.py deleted file mode 100644 index 4fcec4b..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/__init__.py +++ /dev/null @@ -1,72 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -from .services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceClient -from .services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceAsyncClient -from .services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceClient -from .services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceAsyncClient - -from .types.service import AccessDeniedPageSettings -from .types.service import AccessSettings -from .types.service import ApplicationSettings -from .types.service import Brand -from .types.service import CorsSettings -from .types.service import CreateBrandRequest -from .types.service import CreateIdentityAwareProxyClientRequest -from .types.service import CsmSettings -from .types.service import DeleteIdentityAwareProxyClientRequest -from .types.service import GcipSettings -from .types.service import GetBrandRequest -from .types.service import GetIapSettingsRequest -from .types.service import GetIdentityAwareProxyClientRequest -from .types.service import IapSettings -from .types.service import IdentityAwareProxyClient -from .types.service import ListBrandsRequest -from .types.service import ListBrandsResponse -from .types.service import ListIdentityAwareProxyClientsRequest -from .types.service import ListIdentityAwareProxyClientsResponse -from .types.service import OAuthSettings -from .types.service import ResetIdentityAwareProxyClientSecretRequest -from .types.service import UpdateIapSettingsRequest - -__all__ = ( - 'IdentityAwareProxyAdminServiceAsyncClient', - 'IdentityAwareProxyOAuthServiceAsyncClient', -'AccessDeniedPageSettings', -'AccessSettings', -'ApplicationSettings', -'Brand', -'CorsSettings', -'CreateBrandRequest', -'CreateIdentityAwareProxyClientRequest', -'CsmSettings', -'DeleteIdentityAwareProxyClientRequest', -'GcipSettings', -'GetBrandRequest', -'GetIapSettingsRequest', -'GetIdentityAwareProxyClientRequest', -'IapSettings', -'IdentityAwareProxyAdminServiceClient', -'IdentityAwareProxyClient', -'IdentityAwareProxyOAuthServiceClient', -'ListBrandsRequest', -'ListBrandsResponse', -'ListIdentityAwareProxyClientsRequest', -'ListIdentityAwareProxyClientsResponse', -'OAuthSettings', -'ResetIdentityAwareProxyClientSecretRequest', -'UpdateIapSettingsRequest', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json b/owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json deleted file mode 100644 index 8eb05c4..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/gapic_metadata.json +++ /dev/null @@ -1,167 +0,0 @@ - { - "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", - "language": "python", - "libraryPackage": "google.cloud.iap_v1", - "protoPackage": "google.cloud.iap.v1", - "schema": "1.0", - "services": { - "IdentityAwareProxyAdminService": { - "clients": { - "grpc": { - "libraryClient": "IdentityAwareProxyAdminServiceClient", - "rpcs": { - "GetIamPolicy": { - "methods": [ - "get_iam_policy" - ] - }, - "GetIapSettings": { - "methods": [ - "get_iap_settings" - ] - }, - "SetIamPolicy": { - "methods": [ - "set_iam_policy" - ] - }, - "TestIamPermissions": { - "methods": [ - "test_iam_permissions" - ] - }, - "UpdateIapSettings": { - "methods": [ - "update_iap_settings" - ] - } - } - }, - "grpc-async": { - "libraryClient": "IdentityAwareProxyAdminServiceAsyncClient", - "rpcs": { - "GetIamPolicy": { - "methods": [ - "get_iam_policy" - ] - }, - "GetIapSettings": { - "methods": [ - "get_iap_settings" - ] - }, - "SetIamPolicy": { - "methods": [ - "set_iam_policy" - ] - }, - "TestIamPermissions": { - "methods": [ - "test_iam_permissions" - ] - }, - "UpdateIapSettings": { - "methods": [ - "update_iap_settings" - ] - } - } - } - } - }, - "IdentityAwareProxyOAuthService": { - "clients": { - "grpc": { - "libraryClient": "IdentityAwareProxyOAuthServiceClient", - "rpcs": { - "CreateBrand": { - "methods": [ - "create_brand" - ] - }, - "CreateIdentityAwareProxyClient": { - "methods": [ - "create_identity_aware_proxy_client" - ] - }, - "DeleteIdentityAwareProxyClient": { - "methods": [ - "delete_identity_aware_proxy_client" - ] - }, - "GetBrand": { - "methods": [ - "get_brand" - ] - }, - "GetIdentityAwareProxyClient": { - "methods": [ - "get_identity_aware_proxy_client" - ] - }, - "ListBrands": { - "methods": [ - "list_brands" - ] - }, - "ListIdentityAwareProxyClients": { - "methods": [ - "list_identity_aware_proxy_clients" - ] - }, - "ResetIdentityAwareProxyClientSecret": { - "methods": [ - "reset_identity_aware_proxy_client_secret" - ] - } - } - }, - "grpc-async": { - "libraryClient": "IdentityAwareProxyOAuthServiceAsyncClient", - "rpcs": { - "CreateBrand": { - "methods": [ - "create_brand" - ] - }, - "CreateIdentityAwareProxyClient": { - "methods": [ - "create_identity_aware_proxy_client" - ] - }, - "DeleteIdentityAwareProxyClient": { - "methods": [ - "delete_identity_aware_proxy_client" - ] - }, - "GetBrand": { - "methods": [ - "get_brand" - ] - }, - "GetIdentityAwareProxyClient": { - "methods": [ - "get_identity_aware_proxy_client" - ] - }, - "ListBrands": { - "methods": [ - "list_brands" - ] - }, - "ListIdentityAwareProxyClients": { - "methods": [ - "list_identity_aware_proxy_clients" - ] - }, - "ResetIdentityAwareProxyClientSecret": { - "methods": [ - "reset_identity_aware_proxy_client_secret" - ] - } - } - } - } - } - } -} diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/py.typed b/owl-bot-staging/v1/google/cloud/iap_v1/py.typed deleted file mode 100644 index 90095aa..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/py.typed +++ /dev/null @@ -1,2 +0,0 @@ -# Marker file for PEP 561. -# The google-cloud-iap package uses inline types. diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py deleted file mode 100644 index 4de6597..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py deleted file mode 100644 index c1a2292..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/__init__.py +++ /dev/null @@ -1,22 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from .client import IdentityAwareProxyAdminServiceClient -from .async_client import IdentityAwareProxyAdminServiceAsyncClient - -__all__ = ( - 'IdentityAwareProxyAdminServiceClient', - 'IdentityAwareProxyAdminServiceAsyncClient', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py deleted file mode 100644 index b6b823f..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/async_client.py +++ /dev/null @@ -1,558 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -import functools -import re -from typing import Dict, Sequence, Tuple, Type, Union -import pkg_resources - -import google.api_core.client_options as ClientOptions # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.iap_v1.types import service -from google.iam.v1 import iam_policy_pb2 # type: ignore -from google.iam.v1 import policy_pb2 # type: ignore -from .transports.base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO -from .transports.grpc_asyncio import IdentityAwareProxyAdminServiceGrpcAsyncIOTransport -from .client import IdentityAwareProxyAdminServiceClient - - -class IdentityAwareProxyAdminServiceAsyncClient: - """APIs for Identity-Aware Proxy Admin configurations.""" - - _client: IdentityAwareProxyAdminServiceClient - - DEFAULT_ENDPOINT = IdentityAwareProxyAdminServiceClient.DEFAULT_ENDPOINT - DEFAULT_MTLS_ENDPOINT = IdentityAwareProxyAdminServiceClient.DEFAULT_MTLS_ENDPOINT - - common_billing_account_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_billing_account_path) - parse_common_billing_account_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_billing_account_path) - common_folder_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_folder_path) - parse_common_folder_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_folder_path) - common_organization_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_organization_path) - parse_common_organization_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_organization_path) - common_project_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_project_path) - parse_common_project_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_project_path) - common_location_path = staticmethod(IdentityAwareProxyAdminServiceClient.common_location_path) - parse_common_location_path = staticmethod(IdentityAwareProxyAdminServiceClient.parse_common_location_path) - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyAdminServiceAsyncClient: The constructed client. - """ - return IdentityAwareProxyAdminServiceClient.from_service_account_info.__func__(IdentityAwareProxyAdminServiceAsyncClient, info, *args, **kwargs) # type: ignore - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyAdminServiceAsyncClient: The constructed client. - """ - return IdentityAwareProxyAdminServiceClient.from_service_account_file.__func__(IdentityAwareProxyAdminServiceAsyncClient, filename, *args, **kwargs) # type: ignore - - from_service_account_json = from_service_account_file - - @property - def transport(self) -> IdentityAwareProxyAdminServiceTransport: - """Returns the transport used by the client instance. - - Returns: - IdentityAwareProxyAdminServiceTransport: The transport used by the client instance. - """ - return self._client.transport - - get_transport_class = functools.partial(type(IdentityAwareProxyAdminServiceClient).get_transport_class, type(IdentityAwareProxyAdminServiceClient)) - - def __init__(self, *, - credentials: ga_credentials.Credentials = None, - transport: Union[str, IdentityAwareProxyAdminServiceTransport] = "grpc_asyncio", - client_options: ClientOptions = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the identity aware proxy admin service client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Union[str, ~.IdentityAwareProxyAdminServiceTransport]): The - transport to use. If set to None, a transport is chosen - automatically. - client_options (ClientOptions): Custom options for the client. It - won't take effect if a ``transport`` instance is provided. - (1) The ``api_endpoint`` property can be used to override the - default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT - environment variable can also be used to override the endpoint: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto switch to the - default mTLS endpoint if client certificate is present, this is - the default value). However, the ``api_endpoint`` property takes - precedence if provided. - (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide client certificate for mutual TLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - """ - self._client = IdentityAwareProxyAdminServiceClient( - credentials=credentials, - transport=transport, - client_options=client_options, - client_info=client_info, - - ) - - async def set_iam_policy(self, - request: iam_policy_pb2.SetIamPolicyRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> policy_pb2.Policy: - r"""Sets the access control policy for an Identity-Aware Proxy - protected resource. Replaces any existing policy. More - information about managing access via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Args: - request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`): - The request object. Request message for `SetIamPolicy` - method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.iam.v1.policy_pb2.Policy: - Defines an Identity and Access Management (IAM) policy. It is used to - specify access control policies for Cloud Platform - resources. - - A Policy is a collection of bindings. A binding binds - one or more members to a single role. Members can be - user accounts, service accounts, Google groups, and - domains (such as G Suite). A role is a named list of - permissions (defined by IAM or configured by users). - A binding can optionally specify a condition, which - is a logic expression that further constrains the - role binding based on attributes about the request - and/or target resource. - - **JSON Example** - - { - "bindings": [ - { - "role": - "roles/resourcemanager.organizationAdmin", - "members": [ "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - - }, { "role": - "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { "title": "expirable access", - "description": "Does not grant access after - Sep 2020", "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", } } - - ] - - } - - **YAML Example** - - bindings: - members: - user:\ mike@example.com - - group:\ admins@example.com - domain:google.com - - serviceAccount:\ my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - user:\ eve@example.com role: - roles/resourcemanager.organizationViewer - condition: title: expirable access description: - Does not grant access after Sep 2020 expression: - request.time < - timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the - [IAM developer's - guide](\ https://cloud.google.com/iam/docs). - - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = iam_policy_pb2.SetIamPolicyRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.set_iam_policy, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("resource", request.resource), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def get_iam_policy(self, - request: iam_policy_pb2.GetIamPolicyRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> policy_pb2.Policy: - r"""Gets the access control policy for an Identity-Aware Proxy - protected resource. More information about managing access via - IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Args: - request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`): - The request object. Request message for `GetIamPolicy` - method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.iam.v1.policy_pb2.Policy: - Defines an Identity and Access Management (IAM) policy. It is used to - specify access control policies for Cloud Platform - resources. - - A Policy is a collection of bindings. A binding binds - one or more members to a single role. Members can be - user accounts, service accounts, Google groups, and - domains (such as G Suite). A role is a named list of - permissions (defined by IAM or configured by users). - A binding can optionally specify a condition, which - is a logic expression that further constrains the - role binding based on attributes about the request - and/or target resource. - - **JSON Example** - - { - "bindings": [ - { - "role": - "roles/resourcemanager.organizationAdmin", - "members": [ "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - - }, { "role": - "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { "title": "expirable access", - "description": "Does not grant access after - Sep 2020", "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", } } - - ] - - } - - **YAML Example** - - bindings: - members: - user:\ mike@example.com - - group:\ admins@example.com - domain:google.com - - serviceAccount:\ my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - user:\ eve@example.com role: - roles/resourcemanager.organizationViewer - condition: title: expirable access description: - Does not grant access after Sep 2020 expression: - request.time < - timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the - [IAM developer's - guide](\ https://cloud.google.com/iam/docs). - - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = iam_policy_pb2.GetIamPolicyRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.get_iam_policy, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("resource", request.resource), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def test_iam_permissions(self, - request: iam_policy_pb2.TestIamPermissionsRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> iam_policy_pb2.TestIamPermissionsResponse: - r"""Returns permissions that a caller has on the Identity-Aware - Proxy protected resource. More information about managing access - via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Args: - request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`): - The request object. Request message for - `TestIamPermissions` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: - Response message for TestIamPermissions method. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = iam_policy_pb2.TestIamPermissionsRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.test_iam_permissions, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("resource", request.resource), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def get_iap_settings(self, - request: service.GetIapSettingsRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IapSettings: - r"""Gets the IAP settings on a particular IAP protected - resource. - - Args: - request (:class:`google.cloud.iap_v1.types.GetIapSettingsRequest`): - The request object. The request sent to GetIapSettings. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IapSettings: - The IAP configurable settings. - """ - # Create or coerce a protobuf request object. - request = service.GetIapSettingsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.get_iap_settings, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def update_iap_settings(self, - request: service.UpdateIapSettingsRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IapSettings: - r"""Updates the IAP settings on a particular IAP protected resource. - It replaces all fields unless the ``update_mask`` is set. - - Args: - request (:class:`google.cloud.iap_v1.types.UpdateIapSettingsRequest`): - The request object. The request sent to - UpdateIapSettings. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IapSettings: - The IAP configurable settings. - """ - # Create or coerce a protobuf request object. - request = service.UpdateIapSettingsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.update_iap_settings, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("iap_settings.name", request.iap_settings.name), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def __aenter__(self): - return self - - async def __aexit__(self, exc_type, exc, tb): - await self.transport.close() - -try: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=pkg_resources.get_distribution( - "google-cloud-iap", - ).version, - ) -except pkg_resources.DistributionNotFound: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() - - -__all__ = ( - "IdentityAwareProxyAdminServiceAsyncClient", -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py deleted file mode 100644 index 21818c0..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py +++ /dev/null @@ -1,745 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -from distutils import util -import os -import re -from typing import Dict, Optional, Sequence, Tuple, Type, Union -import pkg_resources - -from google.api_core import client_options as client_options_lib # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport import mtls # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.auth.exceptions import MutualTLSChannelError # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.iap_v1.types import service -from google.iam.v1 import iam_policy_pb2 # type: ignore -from google.iam.v1 import policy_pb2 # type: ignore -from .transports.base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO -from .transports.grpc import IdentityAwareProxyAdminServiceGrpcTransport -from .transports.grpc_asyncio import IdentityAwareProxyAdminServiceGrpcAsyncIOTransport - - -class IdentityAwareProxyAdminServiceClientMeta(type): - """Metaclass for the IdentityAwareProxyAdminService client. - - This provides class-level methods for building and retrieving - support objects (e.g. transport) without polluting the client instance - objects. - """ - _transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyAdminServiceTransport]] - _transport_registry["grpc"] = IdentityAwareProxyAdminServiceGrpcTransport - _transport_registry["grpc_asyncio"] = IdentityAwareProxyAdminServiceGrpcAsyncIOTransport - - def get_transport_class(cls, - label: str = None, - ) -> Type[IdentityAwareProxyAdminServiceTransport]: - """Returns an appropriate transport class. - - Args: - label: The name of the desired transport. If none is - provided, then the first transport in the registry is used. - - Returns: - The transport class to use. - """ - # If a specific transport is requested, return that one. - if label: - return cls._transport_registry[label] - - # No transport is requested; return the default (that is, the first one - # in the dictionary). - return next(iter(cls._transport_registry.values())) - - -class IdentityAwareProxyAdminServiceClient(metaclass=IdentityAwareProxyAdminServiceClientMeta): - """APIs for Identity-Aware Proxy Admin configurations.""" - - @staticmethod - def _get_default_mtls_endpoint(api_endpoint): - """Converts api endpoint to mTLS endpoint. - - Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to - "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. - Args: - api_endpoint (Optional[str]): the api endpoint to convert. - Returns: - str: converted mTLS api endpoint. - """ - if not api_endpoint: - return api_endpoint - - mtls_endpoint_re = re.compile( - r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" - ) - - m = mtls_endpoint_re.match(api_endpoint) - name, mtls, sandbox, googledomain = m.groups() - if mtls or not googledomain: - return api_endpoint - - if sandbox: - return api_endpoint.replace( - "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" - ) - - return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") - - DEFAULT_ENDPOINT = "iap.googleapis.com" - DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore - DEFAULT_ENDPOINT - ) - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyAdminServiceClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_info(info) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyAdminServiceClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_file( - filename) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - from_service_account_json = from_service_account_file - - @property - def transport(self) -> IdentityAwareProxyAdminServiceTransport: - """Returns the transport used by the client instance. - - Returns: - IdentityAwareProxyAdminServiceTransport: The transport used by the client - instance. - """ - return self._transport - - @staticmethod - def common_billing_account_path(billing_account: str, ) -> str: - """Returns a fully-qualified billing_account string.""" - return "billingAccounts/{billing_account}".format(billing_account=billing_account, ) - - @staticmethod - def parse_common_billing_account_path(path: str) -> Dict[str,str]: - """Parse a billing_account path into its component segments.""" - m = re.match(r"^billingAccounts/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_folder_path(folder: str, ) -> str: - """Returns a fully-qualified folder string.""" - return "folders/{folder}".format(folder=folder, ) - - @staticmethod - def parse_common_folder_path(path: str) -> Dict[str,str]: - """Parse a folder path into its component segments.""" - m = re.match(r"^folders/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_organization_path(organization: str, ) -> str: - """Returns a fully-qualified organization string.""" - return "organizations/{organization}".format(organization=organization, ) - - @staticmethod - def parse_common_organization_path(path: str) -> Dict[str,str]: - """Parse a organization path into its component segments.""" - m = re.match(r"^organizations/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_project_path(project: str, ) -> str: - """Returns a fully-qualified project string.""" - return "projects/{project}".format(project=project, ) - - @staticmethod - def parse_common_project_path(path: str) -> Dict[str,str]: - """Parse a project path into its component segments.""" - m = re.match(r"^projects/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_location_path(project: str, location: str, ) -> str: - """Returns a fully-qualified location string.""" - return "projects/{project}/locations/{location}".format(project=project, location=location, ) - - @staticmethod - def parse_common_location_path(path: str) -> Dict[str,str]: - """Parse a location path into its component segments.""" - m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) - return m.groupdict() if m else {} - - def __init__(self, *, - credentials: Optional[ga_credentials.Credentials] = None, - transport: Union[str, IdentityAwareProxyAdminServiceTransport, None] = None, - client_options: Optional[client_options_lib.ClientOptions] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the identity aware proxy admin service client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Union[str, IdentityAwareProxyAdminServiceTransport]): The - transport to use. If set to None, a transport is chosen - automatically. - client_options (google.api_core.client_options.ClientOptions): Custom options for the - client. It won't take effect if a ``transport`` instance is provided. - (1) The ``api_endpoint`` property can be used to override the - default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT - environment variable can also be used to override the endpoint: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto switch to the - default mTLS endpoint if client certificate is present, this is - the default value). However, the ``api_endpoint`` property takes - precedence if provided. - (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide client certificate for mutual TLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - """ - if isinstance(client_options, dict): - client_options = client_options_lib.from_dict(client_options) - if client_options is None: - client_options = client_options_lib.ClientOptions() - - # Create SSL credentials for mutual TLS if needed. - use_client_cert = bool(util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))) - - client_cert_source_func = None - is_mtls = False - if use_client_cert: - if client_options.client_cert_source: - is_mtls = True - client_cert_source_func = client_options.client_cert_source - else: - is_mtls = mtls.has_default_client_cert_source() - if is_mtls: - client_cert_source_func = mtls.default_client_cert_source() - else: - client_cert_source_func = None - - # Figure out which api endpoint to use. - if client_options.api_endpoint is not None: - api_endpoint = client_options.api_endpoint - else: - use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") - if use_mtls_env == "never": - api_endpoint = self.DEFAULT_ENDPOINT - elif use_mtls_env == "always": - api_endpoint = self.DEFAULT_MTLS_ENDPOINT - elif use_mtls_env == "auto": - if is_mtls: - api_endpoint = self.DEFAULT_MTLS_ENDPOINT - else: - api_endpoint = self.DEFAULT_ENDPOINT - else: - raise MutualTLSChannelError( - "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " - "values: never, auto, always" - ) - - # Save or instantiate the transport. - # Ordinarily, we provide the transport, but allowing a custom transport - # instance provides an extensibility point for unusual situations. - if isinstance(transport, IdentityAwareProxyAdminServiceTransport): - # transport is a IdentityAwareProxyAdminServiceTransport instance. - if credentials or client_options.credentials_file: - raise ValueError("When providing a transport instance, " - "provide its credentials directly.") - if client_options.scopes: - raise ValueError( - "When providing a transport instance, provide its scopes " - "directly." - ) - self._transport = transport - else: - Transport = type(self).get_transport_class(transport) - self._transport = Transport( - credentials=credentials, - credentials_file=client_options.credentials_file, - host=api_endpoint, - scopes=client_options.scopes, - client_cert_source_for_mtls=client_cert_source_func, - quota_project_id=client_options.quota_project_id, - client_info=client_info, - always_use_jwt_access=True, - ) - - def set_iam_policy(self, - request: Union[iam_policy_pb2.SetIamPolicyRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> policy_pb2.Policy: - r"""Sets the access control policy for an Identity-Aware Proxy - protected resource. Replaces any existing policy. More - information about managing access via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Args: - request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]): - The request object. Request message for `SetIamPolicy` - method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.iam.v1.policy_pb2.Policy: - Defines an Identity and Access Management (IAM) policy. It is used to - specify access control policies for Cloud Platform - resources. - - A Policy is a collection of bindings. A binding binds - one or more members to a single role. Members can be - user accounts, service accounts, Google groups, and - domains (such as G Suite). A role is a named list of - permissions (defined by IAM or configured by users). - A binding can optionally specify a condition, which - is a logic expression that further constrains the - role binding based on attributes about the request - and/or target resource. - - **JSON Example** - - { - "bindings": [ - { - "role": - "roles/resourcemanager.organizationAdmin", - "members": [ "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - - }, { "role": - "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { "title": "expirable access", - "description": "Does not grant access after - Sep 2020", "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", } } - - ] - - } - - **YAML Example** - - bindings: - members: - user:\ mike@example.com - - group:\ admins@example.com - domain:google.com - - serviceAccount:\ my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - user:\ eve@example.com role: - roles/resourcemanager.organizationViewer - condition: title: expirable access description: - Does not grant access after Sep 2020 expression: - request.time < - timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the - [IAM developer's - guide](\ https://cloud.google.com/iam/docs). - - """ - # Create or coerce a protobuf request object. - if isinstance(request, dict): - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - request = iam_policy_pb2.SetIamPolicyRequest(**request) - elif not request: - # Null request, just make one. - request = iam_policy_pb2.SetIamPolicyRequest() - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.set_iam_policy] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("resource", request.resource), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def get_iam_policy(self, - request: Union[iam_policy_pb2.GetIamPolicyRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> policy_pb2.Policy: - r"""Gets the access control policy for an Identity-Aware Proxy - protected resource. More information about managing access via - IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Args: - request (Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]): - The request object. Request message for `GetIamPolicy` - method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.iam.v1.policy_pb2.Policy: - Defines an Identity and Access Management (IAM) policy. It is used to - specify access control policies for Cloud Platform - resources. - - A Policy is a collection of bindings. A binding binds - one or more members to a single role. Members can be - user accounts, service accounts, Google groups, and - domains (such as G Suite). A role is a named list of - permissions (defined by IAM or configured by users). - A binding can optionally specify a condition, which - is a logic expression that further constrains the - role binding based on attributes about the request - and/or target resource. - - **JSON Example** - - { - "bindings": [ - { - "role": - "roles/resourcemanager.organizationAdmin", - "members": [ "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - - }, { "role": - "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { "title": "expirable access", - "description": "Does not grant access after - Sep 2020", "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", } } - - ] - - } - - **YAML Example** - - bindings: - members: - user:\ mike@example.com - - group:\ admins@example.com - domain:google.com - - serviceAccount:\ my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - user:\ eve@example.com role: - roles/resourcemanager.organizationViewer - condition: title: expirable access description: - Does not grant access after Sep 2020 expression: - request.time < - timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the - [IAM developer's - guide](\ https://cloud.google.com/iam/docs). - - """ - # Create or coerce a protobuf request object. - if isinstance(request, dict): - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - request = iam_policy_pb2.GetIamPolicyRequest(**request) - elif not request: - # Null request, just make one. - request = iam_policy_pb2.GetIamPolicyRequest() - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_iam_policy] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("resource", request.resource), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def test_iam_permissions(self, - request: Union[iam_policy_pb2.TestIamPermissionsRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> iam_policy_pb2.TestIamPermissionsResponse: - r"""Returns permissions that a caller has on the Identity-Aware - Proxy protected resource. More information about managing access - via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Args: - request (Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]): - The request object. Request message for - `TestIamPermissions` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: - Response message for TestIamPermissions method. - """ - # Create or coerce a protobuf request object. - if isinstance(request, dict): - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - request = iam_policy_pb2.TestIamPermissionsRequest(**request) - elif not request: - # Null request, just make one. - request = iam_policy_pb2.TestIamPermissionsRequest() - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.test_iam_permissions] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("resource", request.resource), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def get_iap_settings(self, - request: Union[service.GetIapSettingsRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IapSettings: - r"""Gets the IAP settings on a particular IAP protected - resource. - - Args: - request (Union[google.cloud.iap_v1.types.GetIapSettingsRequest, dict]): - The request object. The request sent to GetIapSettings. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IapSettings: - The IAP configurable settings. - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.GetIapSettingsRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.GetIapSettingsRequest): - request = service.GetIapSettingsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_iap_settings] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def update_iap_settings(self, - request: Union[service.UpdateIapSettingsRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IapSettings: - r"""Updates the IAP settings on a particular IAP protected resource. - It replaces all fields unless the ``update_mask`` is set. - - Args: - request (Union[google.cloud.iap_v1.types.UpdateIapSettingsRequest, dict]): - The request object. The request sent to - UpdateIapSettings. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IapSettings: - The IAP configurable settings. - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.UpdateIapSettingsRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.UpdateIapSettingsRequest): - request = service.UpdateIapSettingsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.update_iap_settings] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("iap_settings.name", request.iap_settings.name), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def __enter__(self): - return self - - def __exit__(self, type, value, traceback): - """Releases underlying transport's resources. - - .. warning:: - ONLY use as a context manager if the transport is NOT shared - with other clients! Exiting the with block will CLOSE the transport - and may cause errors in other clients! - """ - self.transport.close() - - - -try: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=pkg_resources.get_distribution( - "google-cloud-iap", - ).version, - ) -except pkg_resources.DistributionNotFound: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() - - -__all__ = ( - "IdentityAwareProxyAdminServiceClient", -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py deleted file mode 100644 index dc8f65f..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/__init__.py +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -from typing import Dict, Type - -from .base import IdentityAwareProxyAdminServiceTransport -from .grpc import IdentityAwareProxyAdminServiceGrpcTransport -from .grpc_asyncio import IdentityAwareProxyAdminServiceGrpcAsyncIOTransport - - -# Compile a registry of transports. -_transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyAdminServiceTransport]] -_transport_registry['grpc'] = IdentityAwareProxyAdminServiceGrpcTransport -_transport_registry['grpc_asyncio'] = IdentityAwareProxyAdminServiceGrpcAsyncIOTransport - -__all__ = ( - 'IdentityAwareProxyAdminServiceTransport', - 'IdentityAwareProxyAdminServiceGrpcTransport', - 'IdentityAwareProxyAdminServiceGrpcAsyncIOTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py deleted file mode 100644 index bdd5bf9..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/base.py +++ /dev/null @@ -1,235 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import abc -from typing import Awaitable, Callable, Dict, Optional, Sequence, Union -import packaging.version -import pkg_resources - -import google.auth # type: ignore -import google.api_core # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.iap_v1.types import service -from google.iam.v1 import iam_policy_pb2 # type: ignore -from google.iam.v1 import policy_pb2 # type: ignore - -try: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=pkg_resources.get_distribution( - 'google-cloud-iap', - ).version, - ) -except pkg_resources.DistributionNotFound: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() - -try: - # google.auth.__version__ was added in 1.26.0 - _GOOGLE_AUTH_VERSION = google.auth.__version__ -except AttributeError: - try: # try pkg_resources if it is available - _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version - except pkg_resources.DistributionNotFound: # pragma: NO COVER - _GOOGLE_AUTH_VERSION = None - - -class IdentityAwareProxyAdminServiceTransport(abc.ABC): - """Abstract transport class for IdentityAwareProxyAdminService.""" - - AUTH_SCOPES = ( - 'https://www.googleapis.com/auth/cloud-platform', - ) - - DEFAULT_HOST: str = 'iap.googleapis.com' - def __init__( - self, *, - host: str = DEFAULT_HOST, - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - **kwargs, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A list of scopes. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ':' not in host: - host += ':443' - self._host = host - - scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) - - # Save the scopes. - self._scopes = scopes - - # If no credentials are provided, then determine the appropriate - # defaults. - if credentials and credentials_file: - raise core_exceptions.DuplicateCredentialArgs("'credentials_file' and 'credentials' are mutually exclusive") - - if credentials_file is not None: - credentials, _ = google.auth.load_credentials_from_file( - credentials_file, - **scopes_kwargs, - quota_project_id=quota_project_id - ) - - elif credentials is None: - credentials, _ = google.auth.default(**scopes_kwargs, quota_project_id=quota_project_id) - - # If the credentials are service account credentials, then always try to use self signed JWT. - if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) - - # Save the credentials. - self._credentials = credentials - - # TODO(busunkim): This method is in the base transport - # to avoid duplicating code across the transport classes. These functions - # should be deleted once the minimum required versions of google-auth is increased. - - # TODO: Remove this function once google-auth >= 1.25.0 is required - @classmethod - def _get_scopes_kwargs(cls, host: str, scopes: Optional[Sequence[str]]) -> Dict[str, Optional[Sequence[str]]]: - """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" - - scopes_kwargs = {} - - if _GOOGLE_AUTH_VERSION and ( - packaging.version.parse(_GOOGLE_AUTH_VERSION) - >= packaging.version.parse("1.25.0") - ): - scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} - else: - scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} - - return scopes_kwargs - - def _prep_wrapped_messages(self, client_info): - # Precompute the wrapped methods. - self._wrapped_methods = { - self.set_iam_policy: gapic_v1.method.wrap_method( - self.set_iam_policy, - default_timeout=None, - client_info=client_info, - ), - self.get_iam_policy: gapic_v1.method.wrap_method( - self.get_iam_policy, - default_timeout=None, - client_info=client_info, - ), - self.test_iam_permissions: gapic_v1.method.wrap_method( - self.test_iam_permissions, - default_timeout=None, - client_info=client_info, - ), - self.get_iap_settings: gapic_v1.method.wrap_method( - self.get_iap_settings, - default_timeout=None, - client_info=client_info, - ), - self.update_iap_settings: gapic_v1.method.wrap_method( - self.update_iap_settings, - default_timeout=None, - client_info=client_info, - ), - } - - def close(self): - """Closes resources associated with the transport. - - .. warning:: - Only call this method if the transport is NOT shared - with other clients - this may cause errors in other clients! - """ - raise NotImplementedError() - - @property - def set_iam_policy(self) -> Callable[ - [iam_policy_pb2.SetIamPolicyRequest], - Union[ - policy_pb2.Policy, - Awaitable[policy_pb2.Policy] - ]]: - raise NotImplementedError() - - @property - def get_iam_policy(self) -> Callable[ - [iam_policy_pb2.GetIamPolicyRequest], - Union[ - policy_pb2.Policy, - Awaitable[policy_pb2.Policy] - ]]: - raise NotImplementedError() - - @property - def test_iam_permissions(self) -> Callable[ - [iam_policy_pb2.TestIamPermissionsRequest], - Union[ - iam_policy_pb2.TestIamPermissionsResponse, - Awaitable[iam_policy_pb2.TestIamPermissionsResponse] - ]]: - raise NotImplementedError() - - @property - def get_iap_settings(self) -> Callable[ - [service.GetIapSettingsRequest], - Union[ - service.IapSettings, - Awaitable[service.IapSettings] - ]]: - raise NotImplementedError() - - @property - def update_iap_settings(self) -> Callable[ - [service.UpdateIapSettingsRequest], - Union[ - service.IapSettings, - Awaitable[service.IapSettings] - ]]: - raise NotImplementedError() - - -__all__ = ( - 'IdentityAwareProxyAdminServiceTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py deleted file mode 100644 index 787db6e..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc.py +++ /dev/null @@ -1,371 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import warnings -from typing import Callable, Dict, Optional, Sequence, Tuple, Union - -from google.api_core import grpc_helpers # type: ignore -from google.api_core import gapic_v1 # type: ignore -import google.auth # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore - -import grpc # type: ignore - -from google.cloud.iap_v1.types import service -from google.iam.v1 import iam_policy_pb2 # type: ignore -from google.iam.v1 import policy_pb2 # type: ignore -from .base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO - - -class IdentityAwareProxyAdminServiceGrpcTransport(IdentityAwareProxyAdminServiceTransport): - """gRPC backend transport for IdentityAwareProxyAdminService. - - APIs for Identity-Aware Proxy Admin configurations. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - _stubs: Dict[str, Callable] - - def __init__(self, *, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: str = None, - scopes: Sequence[str] = None, - channel: grpc.Channel = None, - api_mtls_endpoint: str = None, - client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, - ssl_channel_credentials: grpc.ChannelCredentials = None, - client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if ``channel`` is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional(Sequence[str])): A list of scopes. This argument is - ignored if ``channel`` is provided. - channel (Optional[grpc.Channel]): A ``Channel`` instance through - which to make calls. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if ``channel`` is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if ``channel`` or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if channel: - # Ignore credentials if a channel was passed. - credentials = False - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - ) - - if not self._grpc_channel: - self._grpc_channel = type(self).create_channel( - self._host, - credentials=self._credentials, - credentials_file=credentials_file, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Wrap messages. This must be done after self._grpc_channel exists - self._prep_wrapped_messages(client_info) - - @classmethod - def create_channel(cls, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: str = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs) -> grpc.Channel: - """Create and return a gRPC channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - grpc.Channel: A gRPC channel object. - - Raises: - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - - return grpc_helpers.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs - ) - - @property - def grpc_channel(self) -> grpc.Channel: - """Return the channel designed to connect to this service. - """ - return self._grpc_channel - - @property - def set_iam_policy(self) -> Callable[ - [iam_policy_pb2.SetIamPolicyRequest], - policy_pb2.Policy]: - r"""Return a callable for the set iam policy method over gRPC. - - Sets the access control policy for an Identity-Aware Proxy - protected resource. Replaces any existing policy. More - information about managing access via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Returns: - Callable[[~.SetIamPolicyRequest], - ~.Policy]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'set_iam_policy' not in self._stubs: - self._stubs['set_iam_policy'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/SetIamPolicy', - request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString, - response_deserializer=policy_pb2.Policy.FromString, - ) - return self._stubs['set_iam_policy'] - - @property - def get_iam_policy(self) -> Callable[ - [iam_policy_pb2.GetIamPolicyRequest], - policy_pb2.Policy]: - r"""Return a callable for the get iam policy method over gRPC. - - Gets the access control policy for an Identity-Aware Proxy - protected resource. More information about managing access via - IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Returns: - Callable[[~.GetIamPolicyRequest], - ~.Policy]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_iam_policy' not in self._stubs: - self._stubs['get_iam_policy'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIamPolicy', - request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString, - response_deserializer=policy_pb2.Policy.FromString, - ) - return self._stubs['get_iam_policy'] - - @property - def test_iam_permissions(self) -> Callable[ - [iam_policy_pb2.TestIamPermissionsRequest], - iam_policy_pb2.TestIamPermissionsResponse]: - r"""Return a callable for the test iam permissions method over gRPC. - - Returns permissions that a caller has on the Identity-Aware - Proxy protected resource. More information about managing access - via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Returns: - Callable[[~.TestIamPermissionsRequest], - ~.TestIamPermissionsResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'test_iam_permissions' not in self._stubs: - self._stubs['test_iam_permissions'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/TestIamPermissions', - request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString, - response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString, - ) - return self._stubs['test_iam_permissions'] - - @property - def get_iap_settings(self) -> Callable[ - [service.GetIapSettingsRequest], - service.IapSettings]: - r"""Return a callable for the get iap settings method over gRPC. - - Gets the IAP settings on a particular IAP protected - resource. - - Returns: - Callable[[~.GetIapSettingsRequest], - ~.IapSettings]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_iap_settings' not in self._stubs: - self._stubs['get_iap_settings'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIapSettings', - request_serializer=service.GetIapSettingsRequest.serialize, - response_deserializer=service.IapSettings.deserialize, - ) - return self._stubs['get_iap_settings'] - - @property - def update_iap_settings(self) -> Callable[ - [service.UpdateIapSettingsRequest], - service.IapSettings]: - r"""Return a callable for the update iap settings method over gRPC. - - Updates the IAP settings on a particular IAP protected resource. - It replaces all fields unless the ``update_mask`` is set. - - Returns: - Callable[[~.UpdateIapSettingsRequest], - ~.IapSettings]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'update_iap_settings' not in self._stubs: - self._stubs['update_iap_settings'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/UpdateIapSettings', - request_serializer=service.UpdateIapSettingsRequest.serialize, - response_deserializer=service.IapSettings.deserialize, - ) - return self._stubs['update_iap_settings'] - - def close(self): - self.grpc_channel.close() - -__all__ = ( - 'IdentityAwareProxyAdminServiceGrpcTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py deleted file mode 100644 index 1c4a6d9..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_admin_service/transports/grpc_asyncio.py +++ /dev/null @@ -1,376 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import warnings -from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union - -from google.api_core import gapic_v1 # type: ignore -from google.api_core import grpc_helpers_async # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -import packaging.version - -import grpc # type: ignore -from grpc.experimental import aio # type: ignore - -from google.cloud.iap_v1.types import service -from google.iam.v1 import iam_policy_pb2 # type: ignore -from google.iam.v1 import policy_pb2 # type: ignore -from .base import IdentityAwareProxyAdminServiceTransport, DEFAULT_CLIENT_INFO -from .grpc import IdentityAwareProxyAdminServiceGrpcTransport - - -class IdentityAwareProxyAdminServiceGrpcAsyncIOTransport(IdentityAwareProxyAdminServiceTransport): - """gRPC AsyncIO backend transport for IdentityAwareProxyAdminService. - - APIs for Identity-Aware Proxy Admin configurations. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - - _grpc_channel: aio.Channel - _stubs: Dict[str, Callable] = {} - - @classmethod - def create_channel(cls, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs) -> aio.Channel: - """Create and return a gRPC AsyncIO channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - aio.Channel: A gRPC AsyncIO channel object. - """ - - return grpc_helpers_async.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs - ) - - def __init__(self, *, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - channel: aio.Channel = None, - api_mtls_endpoint: str = None, - client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, - ssl_channel_credentials: grpc.ChannelCredentials = None, - client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, - quota_project_id=None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if ``channel`` is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - channel (Optional[aio.Channel]): A ``Channel`` instance through - which to make calls. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if ``channel`` is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if ``channel`` or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if channel: - # Ignore credentials if a channel was passed. - credentials = False - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - ) - - if not self._grpc_channel: - self._grpc_channel = type(self).create_channel( - self._host, - credentials=self._credentials, - credentials_file=credentials_file, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Wrap messages. This must be done after self._grpc_channel exists - self._prep_wrapped_messages(client_info) - - @property - def grpc_channel(self) -> aio.Channel: - """Create the channel designed to connect to this service. - - This property caches on the instance; repeated calls return - the same channel. - """ - # Return the channel from cache. - return self._grpc_channel - - @property - def set_iam_policy(self) -> Callable[ - [iam_policy_pb2.SetIamPolicyRequest], - Awaitable[policy_pb2.Policy]]: - r"""Return a callable for the set iam policy method over gRPC. - - Sets the access control policy for an Identity-Aware Proxy - protected resource. Replaces any existing policy. More - information about managing access via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Returns: - Callable[[~.SetIamPolicyRequest], - Awaitable[~.Policy]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'set_iam_policy' not in self._stubs: - self._stubs['set_iam_policy'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/SetIamPolicy', - request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString, - response_deserializer=policy_pb2.Policy.FromString, - ) - return self._stubs['set_iam_policy'] - - @property - def get_iam_policy(self) -> Callable[ - [iam_policy_pb2.GetIamPolicyRequest], - Awaitable[policy_pb2.Policy]]: - r"""Return a callable for the get iam policy method over gRPC. - - Gets the access control policy for an Identity-Aware Proxy - protected resource. More information about managing access via - IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Returns: - Callable[[~.GetIamPolicyRequest], - Awaitable[~.Policy]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_iam_policy' not in self._stubs: - self._stubs['get_iam_policy'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIamPolicy', - request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString, - response_deserializer=policy_pb2.Policy.FromString, - ) - return self._stubs['get_iam_policy'] - - @property - def test_iam_permissions(self) -> Callable[ - [iam_policy_pb2.TestIamPermissionsRequest], - Awaitable[iam_policy_pb2.TestIamPermissionsResponse]]: - r"""Return a callable for the test iam permissions method over gRPC. - - Returns permissions that a caller has on the Identity-Aware - Proxy protected resource. More information about managing access - via IAP can be found at: - https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api - - Returns: - Callable[[~.TestIamPermissionsRequest], - Awaitable[~.TestIamPermissionsResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'test_iam_permissions' not in self._stubs: - self._stubs['test_iam_permissions'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/TestIamPermissions', - request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString, - response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString, - ) - return self._stubs['test_iam_permissions'] - - @property - def get_iap_settings(self) -> Callable[ - [service.GetIapSettingsRequest], - Awaitable[service.IapSettings]]: - r"""Return a callable for the get iap settings method over gRPC. - - Gets the IAP settings on a particular IAP protected - resource. - - Returns: - Callable[[~.GetIapSettingsRequest], - Awaitable[~.IapSettings]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_iap_settings' not in self._stubs: - self._stubs['get_iap_settings'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/GetIapSettings', - request_serializer=service.GetIapSettingsRequest.serialize, - response_deserializer=service.IapSettings.deserialize, - ) - return self._stubs['get_iap_settings'] - - @property - def update_iap_settings(self) -> Callable[ - [service.UpdateIapSettingsRequest], - Awaitable[service.IapSettings]]: - r"""Return a callable for the update iap settings method over gRPC. - - Updates the IAP settings on a particular IAP protected resource. - It replaces all fields unless the ``update_mask`` is set. - - Returns: - Callable[[~.UpdateIapSettingsRequest], - Awaitable[~.IapSettings]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'update_iap_settings' not in self._stubs: - self._stubs['update_iap_settings'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyAdminService/UpdateIapSettings', - request_serializer=service.UpdateIapSettingsRequest.serialize, - response_deserializer=service.IapSettings.deserialize, - ) - return self._stubs['update_iap_settings'] - - def close(self): - return self.grpc_channel.close() - - -__all__ = ( - 'IdentityAwareProxyAdminServiceGrpcAsyncIOTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py deleted file mode 100644 index a72eaaa..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/__init__.py +++ /dev/null @@ -1,22 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from .client import IdentityAwareProxyOAuthServiceClient -from .async_client import IdentityAwareProxyOAuthServiceAsyncClient - -__all__ = ( - 'IdentityAwareProxyOAuthServiceClient', - 'IdentityAwareProxyOAuthServiceAsyncClient', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py deleted file mode 100644 index e1c1140..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/async_client.py +++ /dev/null @@ -1,624 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -import functools -import re -from typing import Dict, Sequence, Tuple, Type, Union -import pkg_resources - -import google.api_core.client_options as ClientOptions # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import pagers -from google.cloud.iap_v1.types import service -from .transports.base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO -from .transports.grpc_asyncio import IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport -from .client import IdentityAwareProxyOAuthServiceClient - - -class IdentityAwareProxyOAuthServiceAsyncClient: - """API to programmatically create, list and retrieve Identity - Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and - reset-secret of IAP OAuth clients. - """ - - _client: IdentityAwareProxyOAuthServiceClient - - DEFAULT_ENDPOINT = IdentityAwareProxyOAuthServiceClient.DEFAULT_ENDPOINT - DEFAULT_MTLS_ENDPOINT = IdentityAwareProxyOAuthServiceClient.DEFAULT_MTLS_ENDPOINT - - common_billing_account_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_billing_account_path) - parse_common_billing_account_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_billing_account_path) - common_folder_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_folder_path) - parse_common_folder_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_folder_path) - common_organization_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_organization_path) - parse_common_organization_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_organization_path) - common_project_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_project_path) - parse_common_project_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_project_path) - common_location_path = staticmethod(IdentityAwareProxyOAuthServiceClient.common_location_path) - parse_common_location_path = staticmethod(IdentityAwareProxyOAuthServiceClient.parse_common_location_path) - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyOAuthServiceAsyncClient: The constructed client. - """ - return IdentityAwareProxyOAuthServiceClient.from_service_account_info.__func__(IdentityAwareProxyOAuthServiceAsyncClient, info, *args, **kwargs) # type: ignore - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyOAuthServiceAsyncClient: The constructed client. - """ - return IdentityAwareProxyOAuthServiceClient.from_service_account_file.__func__(IdentityAwareProxyOAuthServiceAsyncClient, filename, *args, **kwargs) # type: ignore - - from_service_account_json = from_service_account_file - - @property - def transport(self) -> IdentityAwareProxyOAuthServiceTransport: - """Returns the transport used by the client instance. - - Returns: - IdentityAwareProxyOAuthServiceTransport: The transport used by the client instance. - """ - return self._client.transport - - get_transport_class = functools.partial(type(IdentityAwareProxyOAuthServiceClient).get_transport_class, type(IdentityAwareProxyOAuthServiceClient)) - - def __init__(self, *, - credentials: ga_credentials.Credentials = None, - transport: Union[str, IdentityAwareProxyOAuthServiceTransport] = "grpc_asyncio", - client_options: ClientOptions = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the identity aware proxy o auth service client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Union[str, ~.IdentityAwareProxyOAuthServiceTransport]): The - transport to use. If set to None, a transport is chosen - automatically. - client_options (ClientOptions): Custom options for the client. It - won't take effect if a ``transport`` instance is provided. - (1) The ``api_endpoint`` property can be used to override the - default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT - environment variable can also be used to override the endpoint: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto switch to the - default mTLS endpoint if client certificate is present, this is - the default value). However, the ``api_endpoint`` property takes - precedence if provided. - (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide client certificate for mutual TLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - """ - self._client = IdentityAwareProxyOAuthServiceClient( - credentials=credentials, - transport=transport, - client_options=client_options, - client_info=client_info, - - ) - - async def list_brands(self, - request: service.ListBrandsRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.ListBrandsResponse: - r"""Lists the existing brands for the project. - - Args: - request (:class:`google.cloud.iap_v1.types.ListBrandsRequest`): - The request object. The request sent to ListBrands. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.ListBrandsResponse: - Response message for ListBrands. - """ - # Create or coerce a protobuf request object. - request = service.ListBrandsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.list_brands, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def create_brand(self, - request: service.CreateBrandRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.Brand: - r"""Constructs a new OAuth brand for the project if one - does not exist. The created brand is "internal only", - meaning that OAuth clients created under it only accept - requests from users who belong to the same G Suite - organization as the project. The brand is created in an - un-reviewed status. NOTE: The "internal only" status can - be manually changed in the Google Cloud console. - Requires that a brand does not already exist for the - project, and that the specified support email is owned - by the caller. - - Args: - request (:class:`google.cloud.iap_v1.types.CreateBrandRequest`): - The request object. The request sent to CreateBrand. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.Brand: - OAuth brand data. - NOTE: Only contains a portion of the - data that describes a brand. - - """ - # Create or coerce a protobuf request object. - request = service.CreateBrandRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.create_brand, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def get_brand(self, - request: service.GetBrandRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.Brand: - r"""Retrieves the OAuth brand of the project. - - Args: - request (:class:`google.cloud.iap_v1.types.GetBrandRequest`): - The request object. The request sent to GetBrand. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.Brand: - OAuth brand data. - NOTE: Only contains a portion of the - data that describes a brand. - - """ - # Create or coerce a protobuf request object. - request = service.GetBrandRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.get_brand, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def create_identity_aware_proxy_client(self, - request: service.CreateIdentityAwareProxyClientRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IdentityAwareProxyClient: - r"""Creates an Identity Aware Proxy (IAP) OAuth client. - The client is owned by IAP. Requires that the brand for - the project exists and that it is set for internal-only - use. - - Args: - request (:class:`google.cloud.iap_v1.types.CreateIdentityAwareProxyClientRequest`): - The request object. The request sent to - CreateIdentityAwareProxyClient. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IdentityAwareProxyClient: - Contains the data that describes an - Identity Aware Proxy owned client. - - """ - # Create or coerce a protobuf request object. - request = service.CreateIdentityAwareProxyClientRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.create_identity_aware_proxy_client, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def list_identity_aware_proxy_clients(self, - request: service.ListIdentityAwareProxyClientsRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> pagers.ListIdentityAwareProxyClientsAsyncPager: - r"""Lists the existing clients for the brand. - - Args: - request (:class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest`): - The request object. The request sent to - ListIdentityAwareProxyClients. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.pagers.ListIdentityAwareProxyClientsAsyncPager: - Response message for - ListIdentityAwareProxyClients. - Iterating over this object will yield - results and resolve additional pages - automatically. - - """ - # Create or coerce a protobuf request object. - request = service.ListIdentityAwareProxyClientsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.list_identity_aware_proxy_clients, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__aiter__` convenience method. - response = pagers.ListIdentityAwareProxyClientsAsyncPager( - method=rpc, - request=request, - response=response, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def get_identity_aware_proxy_client(self, - request: service.GetIdentityAwareProxyClientRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IdentityAwareProxyClient: - r"""Retrieves an Identity Aware Proxy (IAP) OAuth client. - Requires that the client is owned by IAP. - - Args: - request (:class:`google.cloud.iap_v1.types.GetIdentityAwareProxyClientRequest`): - The request object. The request sent to - GetIdentityAwareProxyClient. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IdentityAwareProxyClient: - Contains the data that describes an - Identity Aware Proxy owned client. - - """ - # Create or coerce a protobuf request object. - request = service.GetIdentityAwareProxyClientRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.get_identity_aware_proxy_client, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def reset_identity_aware_proxy_client_secret(self, - request: service.ResetIdentityAwareProxyClientSecretRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IdentityAwareProxyClient: - r"""Resets an Identity Aware Proxy (IAP) OAuth client - secret. Useful if the secret was compromised. Requires - that the client is owned by IAP. - - Args: - request (:class:`google.cloud.iap_v1.types.ResetIdentityAwareProxyClientSecretRequest`): - The request object. The request sent to - ResetIdentityAwareProxyClientSecret. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IdentityAwareProxyClient: - Contains the data that describes an - Identity Aware Proxy owned client. - - """ - # Create or coerce a protobuf request object. - request = service.ResetIdentityAwareProxyClientSecretRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.reset_identity_aware_proxy_client_secret, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def delete_identity_aware_proxy_client(self, - request: service.DeleteIdentityAwareProxyClientRequest = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> None: - r"""Deletes an Identity Aware Proxy (IAP) OAuth client. - Useful for removing obsolete clients, managing the - number of clients in a given project, and cleaning up - after tests. Requires that the client is owned by IAP. - - Args: - request (:class:`google.cloud.iap_v1.types.DeleteIdentityAwareProxyClientRequest`): - The request object. The request sent to - DeleteIdentityAwareProxyClient. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - """ - # Create or coerce a protobuf request object. - request = service.DeleteIdentityAwareProxyClientRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.delete_identity_aware_proxy_client, - default_timeout=None, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - async def __aenter__(self): - return self - - async def __aexit__(self, exc_type, exc, tb): - await self.transport.close() - -try: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=pkg_resources.get_distribution( - "google-cloud-iap", - ).version, - ) -except pkg_resources.DistributionNotFound: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() - - -__all__ = ( - "IdentityAwareProxyOAuthServiceAsyncClient", -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py deleted file mode 100644 index 383ba2b..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py +++ /dev/null @@ -1,820 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -from distutils import util -import os -import re -from typing import Dict, Optional, Sequence, Tuple, Type, Union -import pkg_resources - -from google.api_core import client_options as client_options_lib # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport import mtls # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.auth.exceptions import MutualTLSChannelError # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import pagers -from google.cloud.iap_v1.types import service -from .transports.base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO -from .transports.grpc import IdentityAwareProxyOAuthServiceGrpcTransport -from .transports.grpc_asyncio import IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport - - -class IdentityAwareProxyOAuthServiceClientMeta(type): - """Metaclass for the IdentityAwareProxyOAuthService client. - - This provides class-level methods for building and retrieving - support objects (e.g. transport) without polluting the client instance - objects. - """ - _transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyOAuthServiceTransport]] - _transport_registry["grpc"] = IdentityAwareProxyOAuthServiceGrpcTransport - _transport_registry["grpc_asyncio"] = IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport - - def get_transport_class(cls, - label: str = None, - ) -> Type[IdentityAwareProxyOAuthServiceTransport]: - """Returns an appropriate transport class. - - Args: - label: The name of the desired transport. If none is - provided, then the first transport in the registry is used. - - Returns: - The transport class to use. - """ - # If a specific transport is requested, return that one. - if label: - return cls._transport_registry[label] - - # No transport is requested; return the default (that is, the first one - # in the dictionary). - return next(iter(cls._transport_registry.values())) - - -class IdentityAwareProxyOAuthServiceClient(metaclass=IdentityAwareProxyOAuthServiceClientMeta): - """API to programmatically create, list and retrieve Identity - Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and - reset-secret of IAP OAuth clients. - """ - - @staticmethod - def _get_default_mtls_endpoint(api_endpoint): - """Converts api endpoint to mTLS endpoint. - - Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to - "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. - Args: - api_endpoint (Optional[str]): the api endpoint to convert. - Returns: - str: converted mTLS api endpoint. - """ - if not api_endpoint: - return api_endpoint - - mtls_endpoint_re = re.compile( - r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" - ) - - m = mtls_endpoint_re.match(api_endpoint) - name, mtls, sandbox, googledomain = m.groups() - if mtls or not googledomain: - return api_endpoint - - if sandbox: - return api_endpoint.replace( - "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" - ) - - return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") - - DEFAULT_ENDPOINT = "iap.googleapis.com" - DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore - DEFAULT_ENDPOINT - ) - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyOAuthServiceClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_info(info) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - IdentityAwareProxyOAuthServiceClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_file( - filename) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - from_service_account_json = from_service_account_file - - @property - def transport(self) -> IdentityAwareProxyOAuthServiceTransport: - """Returns the transport used by the client instance. - - Returns: - IdentityAwareProxyOAuthServiceTransport: The transport used by the client - instance. - """ - return self._transport - - @staticmethod - def common_billing_account_path(billing_account: str, ) -> str: - """Returns a fully-qualified billing_account string.""" - return "billingAccounts/{billing_account}".format(billing_account=billing_account, ) - - @staticmethod - def parse_common_billing_account_path(path: str) -> Dict[str,str]: - """Parse a billing_account path into its component segments.""" - m = re.match(r"^billingAccounts/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_folder_path(folder: str, ) -> str: - """Returns a fully-qualified folder string.""" - return "folders/{folder}".format(folder=folder, ) - - @staticmethod - def parse_common_folder_path(path: str) -> Dict[str,str]: - """Parse a folder path into its component segments.""" - m = re.match(r"^folders/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_organization_path(organization: str, ) -> str: - """Returns a fully-qualified organization string.""" - return "organizations/{organization}".format(organization=organization, ) - - @staticmethod - def parse_common_organization_path(path: str) -> Dict[str,str]: - """Parse a organization path into its component segments.""" - m = re.match(r"^organizations/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_project_path(project: str, ) -> str: - """Returns a fully-qualified project string.""" - return "projects/{project}".format(project=project, ) - - @staticmethod - def parse_common_project_path(path: str) -> Dict[str,str]: - """Parse a project path into its component segments.""" - m = re.match(r"^projects/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_location_path(project: str, location: str, ) -> str: - """Returns a fully-qualified location string.""" - return "projects/{project}/locations/{location}".format(project=project, location=location, ) - - @staticmethod - def parse_common_location_path(path: str) -> Dict[str,str]: - """Parse a location path into its component segments.""" - m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) - return m.groupdict() if m else {} - - def __init__(self, *, - credentials: Optional[ga_credentials.Credentials] = None, - transport: Union[str, IdentityAwareProxyOAuthServiceTransport, None] = None, - client_options: Optional[client_options_lib.ClientOptions] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the identity aware proxy o auth service client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Union[str, IdentityAwareProxyOAuthServiceTransport]): The - transport to use. If set to None, a transport is chosen - automatically. - client_options (google.api_core.client_options.ClientOptions): Custom options for the - client. It won't take effect if a ``transport`` instance is provided. - (1) The ``api_endpoint`` property can be used to override the - default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT - environment variable can also be used to override the endpoint: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto switch to the - default mTLS endpoint if client certificate is present, this is - the default value). However, the ``api_endpoint`` property takes - precedence if provided. - (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide client certificate for mutual TLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - """ - if isinstance(client_options, dict): - client_options = client_options_lib.from_dict(client_options) - if client_options is None: - client_options = client_options_lib.ClientOptions() - - # Create SSL credentials for mutual TLS if needed. - use_client_cert = bool(util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))) - - client_cert_source_func = None - is_mtls = False - if use_client_cert: - if client_options.client_cert_source: - is_mtls = True - client_cert_source_func = client_options.client_cert_source - else: - is_mtls = mtls.has_default_client_cert_source() - if is_mtls: - client_cert_source_func = mtls.default_client_cert_source() - else: - client_cert_source_func = None - - # Figure out which api endpoint to use. - if client_options.api_endpoint is not None: - api_endpoint = client_options.api_endpoint - else: - use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") - if use_mtls_env == "never": - api_endpoint = self.DEFAULT_ENDPOINT - elif use_mtls_env == "always": - api_endpoint = self.DEFAULT_MTLS_ENDPOINT - elif use_mtls_env == "auto": - if is_mtls: - api_endpoint = self.DEFAULT_MTLS_ENDPOINT - else: - api_endpoint = self.DEFAULT_ENDPOINT - else: - raise MutualTLSChannelError( - "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " - "values: never, auto, always" - ) - - # Save or instantiate the transport. - # Ordinarily, we provide the transport, but allowing a custom transport - # instance provides an extensibility point for unusual situations. - if isinstance(transport, IdentityAwareProxyOAuthServiceTransport): - # transport is a IdentityAwareProxyOAuthServiceTransport instance. - if credentials or client_options.credentials_file: - raise ValueError("When providing a transport instance, " - "provide its credentials directly.") - if client_options.scopes: - raise ValueError( - "When providing a transport instance, provide its scopes " - "directly." - ) - self._transport = transport - else: - Transport = type(self).get_transport_class(transport) - self._transport = Transport( - credentials=credentials, - credentials_file=client_options.credentials_file, - host=api_endpoint, - scopes=client_options.scopes, - client_cert_source_for_mtls=client_cert_source_func, - quota_project_id=client_options.quota_project_id, - client_info=client_info, - always_use_jwt_access=True, - ) - - def list_brands(self, - request: Union[service.ListBrandsRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.ListBrandsResponse: - r"""Lists the existing brands for the project. - - Args: - request (Union[google.cloud.iap_v1.types.ListBrandsRequest, dict]): - The request object. The request sent to ListBrands. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.ListBrandsResponse: - Response message for ListBrands. - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.ListBrandsRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.ListBrandsRequest): - request = service.ListBrandsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.list_brands] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def create_brand(self, - request: Union[service.CreateBrandRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.Brand: - r"""Constructs a new OAuth brand for the project if one - does not exist. The created brand is "internal only", - meaning that OAuth clients created under it only accept - requests from users who belong to the same G Suite - organization as the project. The brand is created in an - un-reviewed status. NOTE: The "internal only" status can - be manually changed in the Google Cloud console. - Requires that a brand does not already exist for the - project, and that the specified support email is owned - by the caller. - - Args: - request (Union[google.cloud.iap_v1.types.CreateBrandRequest, dict]): - The request object. The request sent to CreateBrand. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.Brand: - OAuth brand data. - NOTE: Only contains a portion of the - data that describes a brand. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.CreateBrandRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.CreateBrandRequest): - request = service.CreateBrandRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.create_brand] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def get_brand(self, - request: Union[service.GetBrandRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.Brand: - r"""Retrieves the OAuth brand of the project. - - Args: - request (Union[google.cloud.iap_v1.types.GetBrandRequest, dict]): - The request object. The request sent to GetBrand. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.Brand: - OAuth brand data. - NOTE: Only contains a portion of the - data that describes a brand. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.GetBrandRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.GetBrandRequest): - request = service.GetBrandRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_brand] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def create_identity_aware_proxy_client(self, - request: Union[service.CreateIdentityAwareProxyClientRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IdentityAwareProxyClient: - r"""Creates an Identity Aware Proxy (IAP) OAuth client. - The client is owned by IAP. Requires that the brand for - the project exists and that it is set for internal-only - use. - - Args: - request (Union[google.cloud.iap_v1.types.CreateIdentityAwareProxyClientRequest, dict]): - The request object. The request sent to - CreateIdentityAwareProxyClient. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IdentityAwareProxyClient: - Contains the data that describes an - Identity Aware Proxy owned client. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.CreateIdentityAwareProxyClientRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.CreateIdentityAwareProxyClientRequest): - request = service.CreateIdentityAwareProxyClientRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.create_identity_aware_proxy_client] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def list_identity_aware_proxy_clients(self, - request: Union[service.ListIdentityAwareProxyClientsRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> pagers.ListIdentityAwareProxyClientsPager: - r"""Lists the existing clients for the brand. - - Args: - request (Union[google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest, dict]): - The request object. The request sent to - ListIdentityAwareProxyClients. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.pagers.ListIdentityAwareProxyClientsPager: - Response message for - ListIdentityAwareProxyClients. - Iterating over this object will yield - results and resolve additional pages - automatically. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.ListIdentityAwareProxyClientsRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.ListIdentityAwareProxyClientsRequest): - request = service.ListIdentityAwareProxyClientsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.list_identity_aware_proxy_clients] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__iter__` convenience method. - response = pagers.ListIdentityAwareProxyClientsPager( - method=rpc, - request=request, - response=response, - metadata=metadata, - ) - - # Done; return the response. - return response - - def get_identity_aware_proxy_client(self, - request: Union[service.GetIdentityAwareProxyClientRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IdentityAwareProxyClient: - r"""Retrieves an Identity Aware Proxy (IAP) OAuth client. - Requires that the client is owned by IAP. - - Args: - request (Union[google.cloud.iap_v1.types.GetIdentityAwareProxyClientRequest, dict]): - The request object. The request sent to - GetIdentityAwareProxyClient. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IdentityAwareProxyClient: - Contains the data that describes an - Identity Aware Proxy owned client. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.GetIdentityAwareProxyClientRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.GetIdentityAwareProxyClientRequest): - request = service.GetIdentityAwareProxyClientRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_identity_aware_proxy_client] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def reset_identity_aware_proxy_client_secret(self, - request: Union[service.ResetIdentityAwareProxyClientSecretRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> service.IdentityAwareProxyClient: - r"""Resets an Identity Aware Proxy (IAP) OAuth client - secret. Useful if the secret was compromised. Requires - that the client is owned by IAP. - - Args: - request (Union[google.cloud.iap_v1.types.ResetIdentityAwareProxyClientSecretRequest, dict]): - The request object. The request sent to - ResetIdentityAwareProxyClientSecret. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.iap_v1.types.IdentityAwareProxyClient: - Contains the data that describes an - Identity Aware Proxy owned client. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.ResetIdentityAwareProxyClientSecretRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.ResetIdentityAwareProxyClientSecretRequest): - request = service.ResetIdentityAwareProxyClientSecretRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.reset_identity_aware_proxy_client_secret] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def delete_identity_aware_proxy_client(self, - request: Union[service.DeleteIdentityAwareProxyClientRequest, dict] = None, - *, - retry: retries.Retry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> None: - r"""Deletes an Identity Aware Proxy (IAP) OAuth client. - Useful for removing obsolete clients, managing the - number of clients in a given project, and cleaning up - after tests. Requires that the client is owned by IAP. - - Args: - request (Union[google.cloud.iap_v1.types.DeleteIdentityAwareProxyClientRequest, dict]): - The request object. The request sent to - DeleteIdentityAwareProxyClient. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a service.DeleteIdentityAwareProxyClientRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, service.DeleteIdentityAwareProxyClientRequest): - request = service.DeleteIdentityAwareProxyClientRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.delete_identity_aware_proxy_client] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Send the request. - rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - def __enter__(self): - return self - - def __exit__(self, type, value, traceback): - """Releases underlying transport's resources. - - .. warning:: - ONLY use as a context manager if the transport is NOT shared - with other clients! Exiting the with block will CLOSE the transport - and may cause errors in other clients! - """ - self.transport.close() - - - -try: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=pkg_resources.get_distribution( - "google-cloud-iap", - ).version, - ) -except pkg_resources.DistributionNotFound: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() - - -__all__ = ( - "IdentityAwareProxyOAuthServiceClient", -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py deleted file mode 100644 index c4f6802..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/pagers.py +++ /dev/null @@ -1,140 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from typing import Any, AsyncIterator, Awaitable, Callable, Sequence, Tuple, Optional, Iterator - -from google.cloud.iap_v1.types import service - - -class ListIdentityAwareProxyClientsPager: - """A pager for iterating through ``list_identity_aware_proxy_clients`` requests. - - This class thinly wraps an initial - :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` object, and - provides an ``__iter__`` method to iterate through its - ``identity_aware_proxy_clients`` field. - - If there are more pages, the ``__iter__`` method will make additional - ``ListIdentityAwareProxyClients`` requests and continue to iterate - through the ``identity_aware_proxy_clients`` field on the - corresponding responses. - - All the usual :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., service.ListIdentityAwareProxyClientsResponse], - request: service.ListIdentityAwareProxyClientsRequest, - response: service.ListIdentityAwareProxyClientsResponse, - *, - metadata: Sequence[Tuple[str, str]] = ()): - """Instantiate the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest): - The initial request object. - response (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse): - The initial response object. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - """ - self._method = method - self._request = service.ListIdentityAwareProxyClientsRequest(request) - self._response = response - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - def pages(self) -> Iterator[service.ListIdentityAwareProxyClientsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = self._method(self._request, metadata=self._metadata) - yield self._response - - def __iter__(self) -> Iterator[service.IdentityAwareProxyClient]: - for page in self.pages: - yield from page.identity_aware_proxy_clients - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class ListIdentityAwareProxyClientsAsyncPager: - """A pager for iterating through ``list_identity_aware_proxy_clients`` requests. - - This class thinly wraps an initial - :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` object, and - provides an ``__aiter__`` method to iterate through its - ``identity_aware_proxy_clients`` field. - - If there are more pages, the ``__aiter__`` method will make additional - ``ListIdentityAwareProxyClients`` requests and continue to iterate - through the ``identity_aware_proxy_clients`` field on the - corresponding responses. - - All the usual :class:`google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., Awaitable[service.ListIdentityAwareProxyClientsResponse]], - request: service.ListIdentityAwareProxyClientsRequest, - response: service.ListIdentityAwareProxyClientsResponse, - *, - metadata: Sequence[Tuple[str, str]] = ()): - """Instantiates the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsRequest): - The initial request object. - response (google.cloud.iap_v1.types.ListIdentityAwareProxyClientsResponse): - The initial response object. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - """ - self._method = method - self._request = service.ListIdentityAwareProxyClientsRequest(request) - self._response = response - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - async def pages(self) -> AsyncIterator[service.ListIdentityAwareProxyClientsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = await self._method(self._request, metadata=self._metadata) - yield self._response - - def __aiter__(self) -> AsyncIterator[service.IdentityAwareProxyClient]: - async def async_generator(): - async for page in self.pages: - for response in page.identity_aware_proxy_clients: - yield response - - return async_generator() - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py deleted file mode 100644 index 8d5ea7a..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/__init__.py +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -from typing import Dict, Type - -from .base import IdentityAwareProxyOAuthServiceTransport -from .grpc import IdentityAwareProxyOAuthServiceGrpcTransport -from .grpc_asyncio import IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport - - -# Compile a registry of transports. -_transport_registry = OrderedDict() # type: Dict[str, Type[IdentityAwareProxyOAuthServiceTransport]] -_transport_registry['grpc'] = IdentityAwareProxyOAuthServiceGrpcTransport -_transport_registry['grpc_asyncio'] = IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport - -__all__ = ( - 'IdentityAwareProxyOAuthServiceTransport', - 'IdentityAwareProxyOAuthServiceGrpcTransport', - 'IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py deleted file mode 100644 index eebe62c..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/base.py +++ /dev/null @@ -1,276 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import abc -from typing import Awaitable, Callable, Dict, Optional, Sequence, Union -import packaging.version -import pkg_resources - -import google.auth # type: ignore -import google.api_core # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.iap_v1.types import service -from google.protobuf import empty_pb2 # type: ignore - -try: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=pkg_resources.get_distribution( - 'google-cloud-iap', - ).version, - ) -except pkg_resources.DistributionNotFound: - DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() - -try: - # google.auth.__version__ was added in 1.26.0 - _GOOGLE_AUTH_VERSION = google.auth.__version__ -except AttributeError: - try: # try pkg_resources if it is available - _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version - except pkg_resources.DistributionNotFound: # pragma: NO COVER - _GOOGLE_AUTH_VERSION = None - - -class IdentityAwareProxyOAuthServiceTransport(abc.ABC): - """Abstract transport class for IdentityAwareProxyOAuthService.""" - - AUTH_SCOPES = ( - 'https://www.googleapis.com/auth/cloud-platform', - ) - - DEFAULT_HOST: str = 'iap.googleapis.com' - def __init__( - self, *, - host: str = DEFAULT_HOST, - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - **kwargs, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A list of scopes. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - """ - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ':' not in host: - host += ':443' - self._host = host - - scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) - - # Save the scopes. - self._scopes = scopes - - # If no credentials are provided, then determine the appropriate - # defaults. - if credentials and credentials_file: - raise core_exceptions.DuplicateCredentialArgs("'credentials_file' and 'credentials' are mutually exclusive") - - if credentials_file is not None: - credentials, _ = google.auth.load_credentials_from_file( - credentials_file, - **scopes_kwargs, - quota_project_id=quota_project_id - ) - - elif credentials is None: - credentials, _ = google.auth.default(**scopes_kwargs, quota_project_id=quota_project_id) - - # If the credentials are service account credentials, then always try to use self signed JWT. - if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) - - # Save the credentials. - self._credentials = credentials - - # TODO(busunkim): This method is in the base transport - # to avoid duplicating code across the transport classes. These functions - # should be deleted once the minimum required versions of google-auth is increased. - - # TODO: Remove this function once google-auth >= 1.25.0 is required - @classmethod - def _get_scopes_kwargs(cls, host: str, scopes: Optional[Sequence[str]]) -> Dict[str, Optional[Sequence[str]]]: - """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" - - scopes_kwargs = {} - - if _GOOGLE_AUTH_VERSION and ( - packaging.version.parse(_GOOGLE_AUTH_VERSION) - >= packaging.version.parse("1.25.0") - ): - scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} - else: - scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} - - return scopes_kwargs - - def _prep_wrapped_messages(self, client_info): - # Precompute the wrapped methods. - self._wrapped_methods = { - self.list_brands: gapic_v1.method.wrap_method( - self.list_brands, - default_timeout=None, - client_info=client_info, - ), - self.create_brand: gapic_v1.method.wrap_method( - self.create_brand, - default_timeout=None, - client_info=client_info, - ), - self.get_brand: gapic_v1.method.wrap_method( - self.get_brand, - default_timeout=None, - client_info=client_info, - ), - self.create_identity_aware_proxy_client: gapic_v1.method.wrap_method( - self.create_identity_aware_proxy_client, - default_timeout=None, - client_info=client_info, - ), - self.list_identity_aware_proxy_clients: gapic_v1.method.wrap_method( - self.list_identity_aware_proxy_clients, - default_timeout=None, - client_info=client_info, - ), - self.get_identity_aware_proxy_client: gapic_v1.method.wrap_method( - self.get_identity_aware_proxy_client, - default_timeout=None, - client_info=client_info, - ), - self.reset_identity_aware_proxy_client_secret: gapic_v1.method.wrap_method( - self.reset_identity_aware_proxy_client_secret, - default_timeout=None, - client_info=client_info, - ), - self.delete_identity_aware_proxy_client: gapic_v1.method.wrap_method( - self.delete_identity_aware_proxy_client, - default_timeout=None, - client_info=client_info, - ), - } - - def close(self): - """Closes resources associated with the transport. - - .. warning:: - Only call this method if the transport is NOT shared - with other clients - this may cause errors in other clients! - """ - raise NotImplementedError() - - @property - def list_brands(self) -> Callable[ - [service.ListBrandsRequest], - Union[ - service.ListBrandsResponse, - Awaitable[service.ListBrandsResponse] - ]]: - raise NotImplementedError() - - @property - def create_brand(self) -> Callable[ - [service.CreateBrandRequest], - Union[ - service.Brand, - Awaitable[service.Brand] - ]]: - raise NotImplementedError() - - @property - def get_brand(self) -> Callable[ - [service.GetBrandRequest], - Union[ - service.Brand, - Awaitable[service.Brand] - ]]: - raise NotImplementedError() - - @property - def create_identity_aware_proxy_client(self) -> Callable[ - [service.CreateIdentityAwareProxyClientRequest], - Union[ - service.IdentityAwareProxyClient, - Awaitable[service.IdentityAwareProxyClient] - ]]: - raise NotImplementedError() - - @property - def list_identity_aware_proxy_clients(self) -> Callable[ - [service.ListIdentityAwareProxyClientsRequest], - Union[ - service.ListIdentityAwareProxyClientsResponse, - Awaitable[service.ListIdentityAwareProxyClientsResponse] - ]]: - raise NotImplementedError() - - @property - def get_identity_aware_proxy_client(self) -> Callable[ - [service.GetIdentityAwareProxyClientRequest], - Union[ - service.IdentityAwareProxyClient, - Awaitable[service.IdentityAwareProxyClient] - ]]: - raise NotImplementedError() - - @property - def reset_identity_aware_proxy_client_secret(self) -> Callable[ - [service.ResetIdentityAwareProxyClientSecretRequest], - Union[ - service.IdentityAwareProxyClient, - Awaitable[service.IdentityAwareProxyClient] - ]]: - raise NotImplementedError() - - @property - def delete_identity_aware_proxy_client(self) -> Callable[ - [service.DeleteIdentityAwareProxyClientRequest], - Union[ - empty_pb2.Empty, - Awaitable[empty_pb2.Empty] - ]]: - raise NotImplementedError() - - -__all__ = ( - 'IdentityAwareProxyOAuthServiceTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py deleted file mode 100644 index da06527..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc.py +++ /dev/null @@ -1,462 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import warnings -from typing import Callable, Dict, Optional, Sequence, Tuple, Union - -from google.api_core import grpc_helpers # type: ignore -from google.api_core import gapic_v1 # type: ignore -import google.auth # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore - -import grpc # type: ignore - -from google.cloud.iap_v1.types import service -from google.protobuf import empty_pb2 # type: ignore -from .base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO - - -class IdentityAwareProxyOAuthServiceGrpcTransport(IdentityAwareProxyOAuthServiceTransport): - """gRPC backend transport for IdentityAwareProxyOAuthService. - - API to programmatically create, list and retrieve Identity - Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and - reset-secret of IAP OAuth clients. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - _stubs: Dict[str, Callable] - - def __init__(self, *, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: str = None, - scopes: Sequence[str] = None, - channel: grpc.Channel = None, - api_mtls_endpoint: str = None, - client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, - ssl_channel_credentials: grpc.ChannelCredentials = None, - client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if ``channel`` is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional(Sequence[str])): A list of scopes. This argument is - ignored if ``channel`` is provided. - channel (Optional[grpc.Channel]): A ``Channel`` instance through - which to make calls. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if ``channel`` is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if ``channel`` or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if channel: - # Ignore credentials if a channel was passed. - credentials = False - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - ) - - if not self._grpc_channel: - self._grpc_channel = type(self).create_channel( - self._host, - credentials=self._credentials, - credentials_file=credentials_file, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Wrap messages. This must be done after self._grpc_channel exists - self._prep_wrapped_messages(client_info) - - @classmethod - def create_channel(cls, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: str = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs) -> grpc.Channel: - """Create and return a gRPC channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - grpc.Channel: A gRPC channel object. - - Raises: - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - - return grpc_helpers.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs - ) - - @property - def grpc_channel(self) -> grpc.Channel: - """Return the channel designed to connect to this service. - """ - return self._grpc_channel - - @property - def list_brands(self) -> Callable[ - [service.ListBrandsRequest], - service.ListBrandsResponse]: - r"""Return a callable for the list brands method over gRPC. - - Lists the existing brands for the project. - - Returns: - Callable[[~.ListBrandsRequest], - ~.ListBrandsResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_brands' not in self._stubs: - self._stubs['list_brands'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListBrands', - request_serializer=service.ListBrandsRequest.serialize, - response_deserializer=service.ListBrandsResponse.deserialize, - ) - return self._stubs['list_brands'] - - @property - def create_brand(self) -> Callable[ - [service.CreateBrandRequest], - service.Brand]: - r"""Return a callable for the create brand method over gRPC. - - Constructs a new OAuth brand for the project if one - does not exist. The created brand is "internal only", - meaning that OAuth clients created under it only accept - requests from users who belong to the same G Suite - organization as the project. The brand is created in an - un-reviewed status. NOTE: The "internal only" status can - be manually changed in the Google Cloud console. - Requires that a brand does not already exist for the - project, and that the specified support email is owned - by the caller. - - Returns: - Callable[[~.CreateBrandRequest], - ~.Brand]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_brand' not in self._stubs: - self._stubs['create_brand'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateBrand', - request_serializer=service.CreateBrandRequest.serialize, - response_deserializer=service.Brand.deserialize, - ) - return self._stubs['create_brand'] - - @property - def get_brand(self) -> Callable[ - [service.GetBrandRequest], - service.Brand]: - r"""Return a callable for the get brand method over gRPC. - - Retrieves the OAuth brand of the project. - - Returns: - Callable[[~.GetBrandRequest], - ~.Brand]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_brand' not in self._stubs: - self._stubs['get_brand'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetBrand', - request_serializer=service.GetBrandRequest.serialize, - response_deserializer=service.Brand.deserialize, - ) - return self._stubs['get_brand'] - - @property - def create_identity_aware_proxy_client(self) -> Callable[ - [service.CreateIdentityAwareProxyClientRequest], - service.IdentityAwareProxyClient]: - r"""Return a callable for the create identity aware proxy - client method over gRPC. - - Creates an Identity Aware Proxy (IAP) OAuth client. - The client is owned by IAP. Requires that the brand for - the project exists and that it is set for internal-only - use. - - Returns: - Callable[[~.CreateIdentityAwareProxyClientRequest], - ~.IdentityAwareProxyClient]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_identity_aware_proxy_client' not in self._stubs: - self._stubs['create_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateIdentityAwareProxyClient', - request_serializer=service.CreateIdentityAwareProxyClientRequest.serialize, - response_deserializer=service.IdentityAwareProxyClient.deserialize, - ) - return self._stubs['create_identity_aware_proxy_client'] - - @property - def list_identity_aware_proxy_clients(self) -> Callable[ - [service.ListIdentityAwareProxyClientsRequest], - service.ListIdentityAwareProxyClientsResponse]: - r"""Return a callable for the list identity aware proxy - clients method over gRPC. - - Lists the existing clients for the brand. - - Returns: - Callable[[~.ListIdentityAwareProxyClientsRequest], - ~.ListIdentityAwareProxyClientsResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_identity_aware_proxy_clients' not in self._stubs: - self._stubs['list_identity_aware_proxy_clients'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListIdentityAwareProxyClients', - request_serializer=service.ListIdentityAwareProxyClientsRequest.serialize, - response_deserializer=service.ListIdentityAwareProxyClientsResponse.deserialize, - ) - return self._stubs['list_identity_aware_proxy_clients'] - - @property - def get_identity_aware_proxy_client(self) -> Callable[ - [service.GetIdentityAwareProxyClientRequest], - service.IdentityAwareProxyClient]: - r"""Return a callable for the get identity aware proxy - client method over gRPC. - - Retrieves an Identity Aware Proxy (IAP) OAuth client. - Requires that the client is owned by IAP. - - Returns: - Callable[[~.GetIdentityAwareProxyClientRequest], - ~.IdentityAwareProxyClient]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_identity_aware_proxy_client' not in self._stubs: - self._stubs['get_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetIdentityAwareProxyClient', - request_serializer=service.GetIdentityAwareProxyClientRequest.serialize, - response_deserializer=service.IdentityAwareProxyClient.deserialize, - ) - return self._stubs['get_identity_aware_proxy_client'] - - @property - def reset_identity_aware_proxy_client_secret(self) -> Callable[ - [service.ResetIdentityAwareProxyClientSecretRequest], - service.IdentityAwareProxyClient]: - r"""Return a callable for the reset identity aware proxy - client secret method over gRPC. - - Resets an Identity Aware Proxy (IAP) OAuth client - secret. Useful if the secret was compromised. Requires - that the client is owned by IAP. - - Returns: - Callable[[~.ResetIdentityAwareProxyClientSecretRequest], - ~.IdentityAwareProxyClient]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'reset_identity_aware_proxy_client_secret' not in self._stubs: - self._stubs['reset_identity_aware_proxy_client_secret'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ResetIdentityAwareProxyClientSecret', - request_serializer=service.ResetIdentityAwareProxyClientSecretRequest.serialize, - response_deserializer=service.IdentityAwareProxyClient.deserialize, - ) - return self._stubs['reset_identity_aware_proxy_client_secret'] - - @property - def delete_identity_aware_proxy_client(self) -> Callable[ - [service.DeleteIdentityAwareProxyClientRequest], - empty_pb2.Empty]: - r"""Return a callable for the delete identity aware proxy - client method over gRPC. - - Deletes an Identity Aware Proxy (IAP) OAuth client. - Useful for removing obsolete clients, managing the - number of clients in a given project, and cleaning up - after tests. Requires that the client is owned by IAP. - - Returns: - Callable[[~.DeleteIdentityAwareProxyClientRequest], - ~.Empty]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'delete_identity_aware_proxy_client' not in self._stubs: - self._stubs['delete_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/DeleteIdentityAwareProxyClient', - request_serializer=service.DeleteIdentityAwareProxyClientRequest.serialize, - response_deserializer=empty_pb2.Empty.FromString, - ) - return self._stubs['delete_identity_aware_proxy_client'] - - def close(self): - self.grpc_channel.close() - -__all__ = ( - 'IdentityAwareProxyOAuthServiceGrpcTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py b/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py deleted file mode 100644 index 020f232..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/transports/grpc_asyncio.py +++ /dev/null @@ -1,467 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import warnings -from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union - -from google.api_core import gapic_v1 # type: ignore -from google.api_core import grpc_helpers_async # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -import packaging.version - -import grpc # type: ignore -from grpc.experimental import aio # type: ignore - -from google.cloud.iap_v1.types import service -from google.protobuf import empty_pb2 # type: ignore -from .base import IdentityAwareProxyOAuthServiceTransport, DEFAULT_CLIENT_INFO -from .grpc import IdentityAwareProxyOAuthServiceGrpcTransport - - -class IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport(IdentityAwareProxyOAuthServiceTransport): - """gRPC AsyncIO backend transport for IdentityAwareProxyOAuthService. - - API to programmatically create, list and retrieve Identity - Aware Proxy (IAP) OAuth brands; and create, retrieve, delete and - reset-secret of IAP OAuth clients. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - - _grpc_channel: aio.Channel - _stubs: Dict[str, Callable] = {} - - @classmethod - def create_channel(cls, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs) -> aio.Channel: - """Create and return a gRPC AsyncIO channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - aio.Channel: A gRPC AsyncIO channel object. - """ - - return grpc_helpers_async.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs - ) - - def __init__(self, *, - host: str = 'iap.googleapis.com', - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - channel: aio.Channel = None, - api_mtls_endpoint: str = None, - client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, - ssl_channel_credentials: grpc.ChannelCredentials = None, - client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, - quota_project_id=None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if ``channel`` is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - channel (Optional[aio.Channel]): A ``Channel`` instance through - which to make calls. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if ``channel`` is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if ``channel`` or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if channel: - # Ignore credentials if a channel was passed. - credentials = False - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - ) - - if not self._grpc_channel: - self._grpc_channel = type(self).create_channel( - self._host, - credentials=self._credentials, - credentials_file=credentials_file, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Wrap messages. This must be done after self._grpc_channel exists - self._prep_wrapped_messages(client_info) - - @property - def grpc_channel(self) -> aio.Channel: - """Create the channel designed to connect to this service. - - This property caches on the instance; repeated calls return - the same channel. - """ - # Return the channel from cache. - return self._grpc_channel - - @property - def list_brands(self) -> Callable[ - [service.ListBrandsRequest], - Awaitable[service.ListBrandsResponse]]: - r"""Return a callable for the list brands method over gRPC. - - Lists the existing brands for the project. - - Returns: - Callable[[~.ListBrandsRequest], - Awaitable[~.ListBrandsResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_brands' not in self._stubs: - self._stubs['list_brands'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListBrands', - request_serializer=service.ListBrandsRequest.serialize, - response_deserializer=service.ListBrandsResponse.deserialize, - ) - return self._stubs['list_brands'] - - @property - def create_brand(self) -> Callable[ - [service.CreateBrandRequest], - Awaitable[service.Brand]]: - r"""Return a callable for the create brand method over gRPC. - - Constructs a new OAuth brand for the project if one - does not exist. The created brand is "internal only", - meaning that OAuth clients created under it only accept - requests from users who belong to the same G Suite - organization as the project. The brand is created in an - un-reviewed status. NOTE: The "internal only" status can - be manually changed in the Google Cloud console. - Requires that a brand does not already exist for the - project, and that the specified support email is owned - by the caller. - - Returns: - Callable[[~.CreateBrandRequest], - Awaitable[~.Brand]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_brand' not in self._stubs: - self._stubs['create_brand'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateBrand', - request_serializer=service.CreateBrandRequest.serialize, - response_deserializer=service.Brand.deserialize, - ) - return self._stubs['create_brand'] - - @property - def get_brand(self) -> Callable[ - [service.GetBrandRequest], - Awaitable[service.Brand]]: - r"""Return a callable for the get brand method over gRPC. - - Retrieves the OAuth brand of the project. - - Returns: - Callable[[~.GetBrandRequest], - Awaitable[~.Brand]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_brand' not in self._stubs: - self._stubs['get_brand'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetBrand', - request_serializer=service.GetBrandRequest.serialize, - response_deserializer=service.Brand.deserialize, - ) - return self._stubs['get_brand'] - - @property - def create_identity_aware_proxy_client(self) -> Callable[ - [service.CreateIdentityAwareProxyClientRequest], - Awaitable[service.IdentityAwareProxyClient]]: - r"""Return a callable for the create identity aware proxy - client method over gRPC. - - Creates an Identity Aware Proxy (IAP) OAuth client. - The client is owned by IAP. Requires that the brand for - the project exists and that it is set for internal-only - use. - - Returns: - Callable[[~.CreateIdentityAwareProxyClientRequest], - Awaitable[~.IdentityAwareProxyClient]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_identity_aware_proxy_client' not in self._stubs: - self._stubs['create_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/CreateIdentityAwareProxyClient', - request_serializer=service.CreateIdentityAwareProxyClientRequest.serialize, - response_deserializer=service.IdentityAwareProxyClient.deserialize, - ) - return self._stubs['create_identity_aware_proxy_client'] - - @property - def list_identity_aware_proxy_clients(self) -> Callable[ - [service.ListIdentityAwareProxyClientsRequest], - Awaitable[service.ListIdentityAwareProxyClientsResponse]]: - r"""Return a callable for the list identity aware proxy - clients method over gRPC. - - Lists the existing clients for the brand. - - Returns: - Callable[[~.ListIdentityAwareProxyClientsRequest], - Awaitable[~.ListIdentityAwareProxyClientsResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_identity_aware_proxy_clients' not in self._stubs: - self._stubs['list_identity_aware_proxy_clients'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ListIdentityAwareProxyClients', - request_serializer=service.ListIdentityAwareProxyClientsRequest.serialize, - response_deserializer=service.ListIdentityAwareProxyClientsResponse.deserialize, - ) - return self._stubs['list_identity_aware_proxy_clients'] - - @property - def get_identity_aware_proxy_client(self) -> Callable[ - [service.GetIdentityAwareProxyClientRequest], - Awaitable[service.IdentityAwareProxyClient]]: - r"""Return a callable for the get identity aware proxy - client method over gRPC. - - Retrieves an Identity Aware Proxy (IAP) OAuth client. - Requires that the client is owned by IAP. - - Returns: - Callable[[~.GetIdentityAwareProxyClientRequest], - Awaitable[~.IdentityAwareProxyClient]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_identity_aware_proxy_client' not in self._stubs: - self._stubs['get_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/GetIdentityAwareProxyClient', - request_serializer=service.GetIdentityAwareProxyClientRequest.serialize, - response_deserializer=service.IdentityAwareProxyClient.deserialize, - ) - return self._stubs['get_identity_aware_proxy_client'] - - @property - def reset_identity_aware_proxy_client_secret(self) -> Callable[ - [service.ResetIdentityAwareProxyClientSecretRequest], - Awaitable[service.IdentityAwareProxyClient]]: - r"""Return a callable for the reset identity aware proxy - client secret method over gRPC. - - Resets an Identity Aware Proxy (IAP) OAuth client - secret. Useful if the secret was compromised. Requires - that the client is owned by IAP. - - Returns: - Callable[[~.ResetIdentityAwareProxyClientSecretRequest], - Awaitable[~.IdentityAwareProxyClient]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'reset_identity_aware_proxy_client_secret' not in self._stubs: - self._stubs['reset_identity_aware_proxy_client_secret'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/ResetIdentityAwareProxyClientSecret', - request_serializer=service.ResetIdentityAwareProxyClientSecretRequest.serialize, - response_deserializer=service.IdentityAwareProxyClient.deserialize, - ) - return self._stubs['reset_identity_aware_proxy_client_secret'] - - @property - def delete_identity_aware_proxy_client(self) -> Callable[ - [service.DeleteIdentityAwareProxyClientRequest], - Awaitable[empty_pb2.Empty]]: - r"""Return a callable for the delete identity aware proxy - client method over gRPC. - - Deletes an Identity Aware Proxy (IAP) OAuth client. - Useful for removing obsolete clients, managing the - number of clients in a given project, and cleaning up - after tests. Requires that the client is owned by IAP. - - Returns: - Callable[[~.DeleteIdentityAwareProxyClientRequest], - Awaitable[~.Empty]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'delete_identity_aware_proxy_client' not in self._stubs: - self._stubs['delete_identity_aware_proxy_client'] = self.grpc_channel.unary_unary( - '/google.cloud.iap.v1.IdentityAwareProxyOAuthService/DeleteIdentityAwareProxyClient', - request_serializer=service.DeleteIdentityAwareProxyClientRequest.serialize, - response_deserializer=empty_pb2.Empty.FromString, - ) - return self._stubs['delete_identity_aware_proxy_client'] - - def close(self): - return self.grpc_channel.close() - - -__all__ = ( - 'IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py b/owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py deleted file mode 100644 index 76995d8..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/types/__init__.py +++ /dev/null @@ -1,64 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from .service import ( - AccessDeniedPageSettings, - AccessSettings, - ApplicationSettings, - Brand, - CorsSettings, - CreateBrandRequest, - CreateIdentityAwareProxyClientRequest, - CsmSettings, - DeleteIdentityAwareProxyClientRequest, - GcipSettings, - GetBrandRequest, - GetIapSettingsRequest, - GetIdentityAwareProxyClientRequest, - IapSettings, - IdentityAwareProxyClient, - ListBrandsRequest, - ListBrandsResponse, - ListIdentityAwareProxyClientsRequest, - ListIdentityAwareProxyClientsResponse, - OAuthSettings, - ResetIdentityAwareProxyClientSecretRequest, - UpdateIapSettingsRequest, -) - -__all__ = ( - 'AccessDeniedPageSettings', - 'AccessSettings', - 'ApplicationSettings', - 'Brand', - 'CorsSettings', - 'CreateBrandRequest', - 'CreateIdentityAwareProxyClientRequest', - 'CsmSettings', - 'DeleteIdentityAwareProxyClientRequest', - 'GcipSettings', - 'GetBrandRequest', - 'GetIapSettingsRequest', - 'GetIdentityAwareProxyClientRequest', - 'IapSettings', - 'IdentityAwareProxyClient', - 'ListBrandsRequest', - 'ListBrandsResponse', - 'ListIdentityAwareProxyClientsRequest', - 'ListIdentityAwareProxyClientsResponse', - 'OAuthSettings', - 'ResetIdentityAwareProxyClientSecretRequest', - 'UpdateIapSettingsRequest', -) diff --git a/owl-bot-staging/v1/google/cloud/iap_v1/types/service.py b/owl-bot-staging/v1/google/cloud/iap_v1/types/service.py deleted file mode 100644 index dc5e90d..0000000 --- a/owl-bot-staging/v1/google/cloud/iap_v1/types/service.py +++ /dev/null @@ -1,583 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import proto # type: ignore - -from google.protobuf import field_mask_pb2 # type: ignore -from google.protobuf import wrappers_pb2 # type: ignore - - -__protobuf__ = proto.module( - package='google.cloud.iap.v1', - manifest={ - 'GetIapSettingsRequest', - 'UpdateIapSettingsRequest', - 'IapSettings', - 'AccessSettings', - 'GcipSettings', - 'CorsSettings', - 'OAuthSettings', - 'ApplicationSettings', - 'CsmSettings', - 'AccessDeniedPageSettings', - 'ListBrandsRequest', - 'ListBrandsResponse', - 'CreateBrandRequest', - 'GetBrandRequest', - 'ListIdentityAwareProxyClientsRequest', - 'ListIdentityAwareProxyClientsResponse', - 'CreateIdentityAwareProxyClientRequest', - 'GetIdentityAwareProxyClientRequest', - 'ResetIdentityAwareProxyClientSecretRequest', - 'DeleteIdentityAwareProxyClientRequest', - 'Brand', - 'IdentityAwareProxyClient', - }, -) - - -class GetIapSettingsRequest(proto.Message): - r"""The request sent to GetIapSettings. - - Attributes: - name (str): - Required. The resource name for which to retrieve the - settings. Authorization: Requires the ``getSettings`` - permission for the associated resource. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - - -class UpdateIapSettingsRequest(proto.Message): - r"""The request sent to UpdateIapSettings. - - Attributes: - iap_settings (google.cloud.iap_v1.types.IapSettings): - Required. The new values for the IAP settings to be updated. - Authorization: Requires the ``updateSettings`` permission - for the associated resource. - update_mask (google.protobuf.field_mask_pb2.FieldMask): - The field mask specifying which IAP settings - should be updated. If omitted, the all of the - settings are updated. See - https://developers.google.com/protocol- - buffers/docs/reference/google.protobuf#fieldmask - """ - - iap_settings = proto.Field( - proto.MESSAGE, - number=1, - message='IapSettings', - ) - update_mask = proto.Field( - proto.MESSAGE, - number=2, - message=field_mask_pb2.FieldMask, - ) - - -class IapSettings(proto.Message): - r"""The IAP configurable settings. - - Attributes: - name (str): - Required. The resource name of the IAP - protected resource. - access_settings (google.cloud.iap_v1.types.AccessSettings): - Top level wrapper for all access related - setting in IAP - application_settings (google.cloud.iap_v1.types.ApplicationSettings): - Top level wrapper for all application related - settings in IAP - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - access_settings = proto.Field( - proto.MESSAGE, - number=5, - message='AccessSettings', - ) - application_settings = proto.Field( - proto.MESSAGE, - number=6, - message='ApplicationSettings', - ) - - -class AccessSettings(proto.Message): - r"""Access related settings for IAP protected apps. - - Attributes: - gcip_settings (google.cloud.iap_v1.types.GcipSettings): - GCIP claims and endpoint configurations for - 3p identity providers. - cors_settings (google.cloud.iap_v1.types.CorsSettings): - Configuration to allow cross-origin requests - via IAP. - oauth_settings (google.cloud.iap_v1.types.OAuthSettings): - Settings to configure IAP's OAuth behavior. - """ - - gcip_settings = proto.Field( - proto.MESSAGE, - number=1, - message='GcipSettings', - ) - cors_settings = proto.Field( - proto.MESSAGE, - number=2, - message='CorsSettings', - ) - oauth_settings = proto.Field( - proto.MESSAGE, - number=3, - message='OAuthSettings', - ) - - -class GcipSettings(proto.Message): - r"""Allows customers to configure tenant_id for GCIP instance per-app. - - Attributes: - tenant_ids (Sequence[str]): - GCIP tenant ids that are linked to the IAP resource. - tenant_ids could be a string beginning with a number - character to indicate authenticating with GCIP tenant flow, - or in the format of \_ to indicate authenticating with GCIP - agent flow. If agent flow is used, tenant_ids should only - contain one single element, while for tenant flow, - tenant_ids can contain multiple elements. - login_page_uri (google.protobuf.wrappers_pb2.StringValue): - Login page URI associated with the GCIP - tenants. Typically, all resources within the - same project share the same login page, though - it could be overridden at the sub resource - level. - """ - - tenant_ids = proto.RepeatedField( - proto.STRING, - number=1, - ) - login_page_uri = proto.Field( - proto.MESSAGE, - number=2, - message=wrappers_pb2.StringValue, - ) - - -class CorsSettings(proto.Message): - r"""Allows customers to configure HTTP request paths that'll - allow HTTP OPTIONS call to bypass authentication and - authorization. - - Attributes: - allow_http_options (google.protobuf.wrappers_pb2.BoolValue): - Configuration to allow HTTP OPTIONS calls to - skip authorization. If undefined, IAP will not - apply any special logic to OPTIONS requests. - """ - - allow_http_options = proto.Field( - proto.MESSAGE, - number=1, - message=wrappers_pb2.BoolValue, - ) - - -class OAuthSettings(proto.Message): - r"""Configuration for OAuth login&consent flow behavior as well - as for OAuth Credentials. - - Attributes: - login_hint (google.protobuf.wrappers_pb2.StringValue): - Domain hint to send as hd=? parameter in - OAuth request flow. Enables redirect to primary - IDP by skipping Google's login screen. - https://developers.google.com/identity/protocols/OpenIDConnect#hd- - param Note: IAP does not verify that the id - token's hd claim matches this value since access - behavior is managed by IAM policies. - """ - - login_hint = proto.Field( - proto.MESSAGE, - number=2, - message=wrappers_pb2.StringValue, - ) - - -class ApplicationSettings(proto.Message): - r"""Wrapper over application specific settings for IAP. - - Attributes: - csm_settings (google.cloud.iap_v1.types.CsmSettings): - Settings to configure IAP's behavior for a - CSM mesh. - access_denied_page_settings (google.cloud.iap_v1.types.AccessDeniedPageSettings): - Customization for Access Denied page. - cookie_domain (google.protobuf.wrappers_pb2.StringValue): - The Domain value to set for cookies generated - by IAP. This value is not validated by the API, - but will be ignored at runtime if invalid. - """ - - csm_settings = proto.Field( - proto.MESSAGE, - number=1, - message='CsmSettings', - ) - access_denied_page_settings = proto.Field( - proto.MESSAGE, - number=2, - message='AccessDeniedPageSettings', - ) - cookie_domain = proto.Field( - proto.MESSAGE, - number=3, - message=wrappers_pb2.StringValue, - ) - - -class CsmSettings(proto.Message): - r"""Configuration for RCTokens generated for CSM workloads - protected by IAP. RCTokens are IAP generated JWTs that can be - verified at the application. The RCToken is primarily used for - ISTIO deployments, and can be scoped to a single mesh by - configuring the audience field accordingly - - Attributes: - rctoken_aud (google.protobuf.wrappers_pb2.StringValue): - Audience claim set in the generated RCToken. - This value is not validated by IAP. - """ - - rctoken_aud = proto.Field( - proto.MESSAGE, - number=1, - message=wrappers_pb2.StringValue, - ) - - -class AccessDeniedPageSettings(proto.Message): - r"""Custom content configuration for access denied page. - IAP allows customers to define a custom URI to use as the error - page when access is denied to users. If IAP prevents access to - this page, the default IAP error page will be displayed instead. - - Attributes: - access_denied_page_uri (google.protobuf.wrappers_pb2.StringValue): - The URI to be redirected to when access is - denied. - generate_troubleshooting_uri (google.protobuf.wrappers_pb2.BoolValue): - Whether to generate a troubleshooting URL on - access denied events to this application. - """ - - access_denied_page_uri = proto.Field( - proto.MESSAGE, - number=1, - message=wrappers_pb2.StringValue, - ) - generate_troubleshooting_uri = proto.Field( - proto.MESSAGE, - number=2, - message=wrappers_pb2.BoolValue, - ) - - -class ListBrandsRequest(proto.Message): - r"""The request sent to ListBrands. - - Attributes: - parent (str): - Required. GCP Project number/id. In the following format: - projects/{project_number/id}. - """ - - parent = proto.Field( - proto.STRING, - number=1, - ) - - -class ListBrandsResponse(proto.Message): - r"""Response message for ListBrands. - - Attributes: - brands (Sequence[google.cloud.iap_v1.types.Brand]): - Brands existing in the project. - """ - - brands = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='Brand', - ) - - -class CreateBrandRequest(proto.Message): - r"""The request sent to CreateBrand. - - Attributes: - parent (str): - Required. GCP Project number/id under which the brand is to - be created. In the following format: - projects/{project_number/id}. - brand (google.cloud.iap_v1.types.Brand): - Required. The brand to be created. - """ - - parent = proto.Field( - proto.STRING, - number=1, - ) - brand = proto.Field( - proto.MESSAGE, - number=2, - message='Brand', - ) - - -class GetBrandRequest(proto.Message): - r"""The request sent to GetBrand. - - Attributes: - name (str): - Required. Name of the brand to be fetched. In the following - format: projects/{project_number/id}/brands/{brand}. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - - -class ListIdentityAwareProxyClientsRequest(proto.Message): - r"""The request sent to ListIdentityAwareProxyClients. - - Attributes: - parent (str): - Required. Full brand path. In the following format: - projects/{project_number/id}/brands/{brand}. - page_size (int): - The maximum number of clients to return. The - service may return fewer than this value. - If unspecified, at most 100 clients will be - returned. The maximum value is 1000; values - above 1000 will be coerced to 1000. - page_token (str): - A page token, received from a previous - ``ListIdentityAwareProxyClients`` call. Provide this to - retrieve the subsequent page. - - When paginating, all other parameters provided to - ``ListIdentityAwareProxyClients`` must match the call that - provided the page token. - """ - - parent = proto.Field( - proto.STRING, - number=1, - ) - page_size = proto.Field( - proto.INT32, - number=2, - ) - page_token = proto.Field( - proto.STRING, - number=3, - ) - - -class ListIdentityAwareProxyClientsResponse(proto.Message): - r"""Response message for ListIdentityAwareProxyClients. - - Attributes: - identity_aware_proxy_clients (Sequence[google.cloud.iap_v1.types.IdentityAwareProxyClient]): - Clients existing in the brand. - next_page_token (str): - A token, which can be send as ``page_token`` to retrieve the - next page. If this field is omitted, there are no subsequent - pages. - """ - - @property - def raw_page(self): - return self - - identity_aware_proxy_clients = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='IdentityAwareProxyClient', - ) - next_page_token = proto.Field( - proto.STRING, - number=2, - ) - - -class CreateIdentityAwareProxyClientRequest(proto.Message): - r"""The request sent to CreateIdentityAwareProxyClient. - - Attributes: - parent (str): - Required. Path to create the client in. In the following - format: projects/{project_number/id}/brands/{brand}. The - project must belong to a G Suite account. - identity_aware_proxy_client (google.cloud.iap_v1.types.IdentityAwareProxyClient): - Required. Identity Aware Proxy Client to be - created. - """ - - parent = proto.Field( - proto.STRING, - number=1, - ) - identity_aware_proxy_client = proto.Field( - proto.MESSAGE, - number=2, - message='IdentityAwareProxyClient', - ) - - -class GetIdentityAwareProxyClientRequest(proto.Message): - r"""The request sent to GetIdentityAwareProxyClient. - - Attributes: - name (str): - Required. Name of the Identity Aware Proxy client to be - fetched. In the following format: - projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - - -class ResetIdentityAwareProxyClientSecretRequest(proto.Message): - r"""The request sent to ResetIdentityAwareProxyClientSecret. - - Attributes: - name (str): - Required. Name of the Identity Aware Proxy client to that - will have its secret reset. In the following format: - projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - - -class DeleteIdentityAwareProxyClientRequest(proto.Message): - r"""The request sent to DeleteIdentityAwareProxyClient. - - Attributes: - name (str): - Required. Name of the Identity Aware Proxy client to be - deleted. In the following format: - projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - - -class Brand(proto.Message): - r"""OAuth brand data. - NOTE: Only contains a portion of the data that describes a - brand. - - Attributes: - name (str): - Output only. Identifier of the brand. - NOTE: GCP project number achieves the same brand - identification purpose as only one brand per - project can be created. - support_email (str): - Support email displayed on the OAuth consent - screen. - application_title (str): - Application name displayed on OAuth consent - screen. - org_internal_only (bool): - Output only. Whether the brand is only - intended for usage inside the G Suite - organization only. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - support_email = proto.Field( - proto.STRING, - number=2, - ) - application_title = proto.Field( - proto.STRING, - number=3, - ) - org_internal_only = proto.Field( - proto.BOOL, - number=4, - ) - - -class IdentityAwareProxyClient(proto.Message): - r"""Contains the data that describes an Identity Aware Proxy - owned client. - - Attributes: - name (str): - Output only. Unique identifier of the OAuth - client. - secret (str): - Output only. Client secret of the OAuth - client. - display_name (str): - Human-friendly name given to the OAuth - client. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - secret = proto.Field( - proto.STRING, - number=2, - ) - display_name = proto.Field( - proto.STRING, - number=3, - ) - - -__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/owl-bot-staging/v1/mypy.ini b/owl-bot-staging/v1/mypy.ini deleted file mode 100644 index 4505b48..0000000 --- a/owl-bot-staging/v1/mypy.ini +++ /dev/null @@ -1,3 +0,0 @@ -[mypy] -python_version = 3.6 -namespace_packages = True diff --git a/owl-bot-staging/v1/noxfile.py b/owl-bot-staging/v1/noxfile.py deleted file mode 100644 index 8181b39..0000000 --- a/owl-bot-staging/v1/noxfile.py +++ /dev/null @@ -1,132 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import os -import pathlib -import shutil -import subprocess -import sys - - -import nox # type: ignore - -CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute() - -LOWER_BOUND_CONSTRAINTS_FILE = CURRENT_DIRECTORY / "constraints.txt" -PACKAGE_NAME = subprocess.check_output([sys.executable, "setup.py", "--name"], encoding="utf-8") - - -nox.sessions = [ - "unit", - "cover", - "mypy", - "check_lower_bounds" - # exclude update_lower_bounds from default - "docs", -] - -@nox.session(python=['3.6', '3.7', '3.8', '3.9']) -def unit(session): - """Run the unit test suite.""" - - session.install('coverage', 'pytest', 'pytest-cov', 'asyncmock', 'pytest-asyncio') - session.install('-e', '.') - - session.run( - 'py.test', - '--quiet', - '--cov=google/cloud/iap_v1/', - '--cov-config=.coveragerc', - '--cov-report=term', - '--cov-report=html', - os.path.join('tests', 'unit', ''.join(session.posargs)) - ) - - -@nox.session(python='3.7') -def cover(session): - """Run the final coverage report. - This outputs the coverage report aggregating coverage from the unit - test runs (not system test runs), and then erases coverage data. - """ - session.install("coverage", "pytest-cov") - session.run("coverage", "report", "--show-missing", "--fail-under=100") - - session.run("coverage", "erase") - - -@nox.session(python=['3.6', '3.7']) -def mypy(session): - """Run the type checker.""" - session.install('mypy', 'types-pkg_resources') - session.install('.') - session.run( - 'mypy', - '--explicit-package-bases', - 'google', - ) - - -@nox.session -def update_lower_bounds(session): - """Update lower bounds in constraints.txt to match setup.py""" - session.install('google-cloud-testutils') - session.install('.') - - session.run( - 'lower-bound-checker', - 'update', - '--package-name', - PACKAGE_NAME, - '--constraints-file', - str(LOWER_BOUND_CONSTRAINTS_FILE), - ) - - -@nox.session -def check_lower_bounds(session): - """Check lower bounds in setup.py are reflected in constraints file""" - session.install('google-cloud-testutils') - session.install('.') - - session.run( - 'lower-bound-checker', - 'check', - '--package-name', - PACKAGE_NAME, - '--constraints-file', - str(LOWER_BOUND_CONSTRAINTS_FILE), - ) - -@nox.session(python='3.6') -def docs(session): - """Build the docs for this library.""" - - session.install("-e", ".") - session.install("sphinx<3.0.0", "alabaster", "recommonmark") - - shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) - session.run( - "sphinx-build", - "-W", # warnings as errors - "-T", # show full traceback on exception - "-N", # no colors - "-b", - "html", - "-d", - os.path.join("docs", "_build", "doctrees", ""), - os.path.join("docs", ""), - os.path.join("docs", "_build", "html", ""), - ) diff --git a/owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py b/owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py deleted file mode 100644 index b3b4636..0000000 --- a/owl-bot-staging/v1/scripts/fixup_iap_v1_keywords.py +++ /dev/null @@ -1,188 +0,0 @@ -#! /usr/bin/env python3 -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import argparse -import os -import libcst as cst -import pathlib -import sys -from typing import (Any, Callable, Dict, List, Sequence, Tuple) - - -def partition( - predicate: Callable[[Any], bool], - iterator: Sequence[Any] -) -> Tuple[List[Any], List[Any]]: - """A stable, out-of-place partition.""" - results = ([], []) - - for i in iterator: - results[int(predicate(i))].append(i) - - # Returns trueList, falseList - return results[1], results[0] - - -class iapCallTransformer(cst.CSTTransformer): - CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') - METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'create_brand': ('parent', 'brand', ), - 'create_identity_aware_proxy_client': ('parent', 'identity_aware_proxy_client', ), - 'delete_identity_aware_proxy_client': ('name', ), - 'get_brand': ('name', ), - 'get_iam_policy': ('resource', 'options', ), - 'get_iap_settings': ('name', ), - 'get_identity_aware_proxy_client': ('name', ), - 'list_brands': ('parent', ), - 'list_identity_aware_proxy_clients': ('parent', 'page_size', 'page_token', ), - 'reset_identity_aware_proxy_client_secret': ('name', ), - 'set_iam_policy': ('resource', 'policy', ), - 'test_iam_permissions': ('resource', 'permissions', ), - 'update_iap_settings': ('iap_settings', 'update_mask', ), - } - - def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: - try: - key = original.func.attr.value - kword_params = self.METHOD_TO_PARAMS[key] - except (AttributeError, KeyError): - # Either not a method from the API or too convoluted to be sure. - return updated - - # If the existing code is valid, keyword args come after positional args. - # Therefore, all positional args must map to the first parameters. - args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) - if any(k.keyword.value == "request" for k in kwargs): - # We've already fixed this file, don't fix it again. - return updated - - kwargs, ctrl_kwargs = partition( - lambda a: a.keyword.value not in self.CTRL_PARAMS, - kwargs - ) - - args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] - ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) - for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) - - request_arg = cst.Arg( - value=cst.Dict([ - cst.DictElement( - cst.SimpleString("'{}'".format(name)), -cst.Element(value=arg.value) - ) - # Note: the args + kwargs looks silly, but keep in mind that - # the control parameters had to be stripped out, and that - # those could have been passed positionally or by keyword. - for name, arg in zip(kword_params, args + kwargs)]), - keyword=cst.Name("request") - ) - - return updated.with_changes( - args=[request_arg] + ctrl_kwargs - ) - - -def fix_files( - in_dir: pathlib.Path, - out_dir: pathlib.Path, - *, - transformer=iapCallTransformer(), -): - """Duplicate the input dir to the output dir, fixing file method calls. - - Preconditions: - * in_dir is a real directory - * out_dir is a real, empty directory - """ - pyfile_gen = ( - pathlib.Path(os.path.join(root, f)) - for root, _, files in os.walk(in_dir) - for f in files if os.path.splitext(f)[1] == ".py" - ) - - for fpath in pyfile_gen: - with open(fpath, 'r') as f: - src = f.read() - - # Parse the code and insert method call fixes. - tree = cst.parse_module(src) - updated = tree.visit(transformer) - - # Create the path and directory structure for the new file. - updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) - updated_path.parent.mkdir(parents=True, exist_ok=True) - - # Generate the updated source file at the corresponding path. - with open(updated_path, 'w') as f: - f.write(updated.code) - - -if __name__ == '__main__': - parser = argparse.ArgumentParser( - description="""Fix up source that uses the iap client library. - -The existing sources are NOT overwritten but are copied to output_dir with changes made. - -Note: This tool operates at a best-effort level at converting positional - parameters in client method calls to keyword based parameters. - Cases where it WILL FAIL include - A) * or ** expansion in a method call. - B) Calls via function or method alias (includes free function calls) - C) Indirect or dispatched calls (e.g. the method is looked up dynamically) - - These all constitute false negatives. The tool will also detect false - positives when an API method shares a name with another method. -""") - parser.add_argument( - '-d', - '--input-directory', - required=True, - dest='input_dir', - help='the input directory to walk for python files to fix up', - ) - parser.add_argument( - '-o', - '--output-directory', - required=True, - dest='output_dir', - help='the directory to output files fixed via un-flattening', - ) - args = parser.parse_args() - input_dir = pathlib.Path(args.input_dir) - output_dir = pathlib.Path(args.output_dir) - if not input_dir.is_dir(): - print( - f"input directory '{input_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if not output_dir.is_dir(): - print( - f"output directory '{output_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if os.listdir(output_dir): - print( - f"output directory '{output_dir}' is not empty", - file=sys.stderr, - ) - sys.exit(-1) - - fix_files(input_dir, output_dir) diff --git a/owl-bot-staging/v1/setup.py b/owl-bot-staging/v1/setup.py deleted file mode 100644 index 8f288e2..0000000 --- a/owl-bot-staging/v1/setup.py +++ /dev/null @@ -1,54 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import io -import os -import setuptools # type: ignore - -version = '0.1.0' - -package_root = os.path.abspath(os.path.dirname(__file__)) - -readme_filename = os.path.join(package_root, 'README.rst') -with io.open(readme_filename, encoding='utf-8') as readme_file: - readme = readme_file.read() - -setuptools.setup( - name='google-cloud-iap', - version=version, - long_description=readme, - packages=setuptools.PEP420PackageFinder.find(), - namespace_packages=('google', 'google.cloud'), - platforms='Posix; MacOS X; Windows', - include_package_data=True, - install_requires=( - 'google-api-core[grpc] >= 1.27.0, < 3.0.0dev', - 'libcst >= 0.2.5', - 'proto-plus >= 1.15.0', - 'packaging >= 14.3', 'grpc-google-iam-v1 >= 0.12.3, < 0.13dev', ), - python_requires='>=3.6', - classifiers=[ - 'Development Status :: 3 - Alpha', - 'Intended Audience :: Developers', - 'Operating System :: OS Independent', - 'Programming Language :: Python :: 3.6', - 'Programming Language :: Python :: 3.7', - 'Programming Language :: Python :: 3.8', - 'Programming Language :: Python :: 3.9', - 'Topic :: Internet', - 'Topic :: Software Development :: Libraries :: Python Modules', - ], - zip_safe=False, -) diff --git a/owl-bot-staging/v1/tests/__init__.py b/owl-bot-staging/v1/tests/__init__.py deleted file mode 100644 index b54a5fc..0000000 --- a/owl-bot-staging/v1/tests/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/v1/tests/unit/__init__.py b/owl-bot-staging/v1/tests/unit/__init__.py deleted file mode 100644 index b54a5fc..0000000 --- a/owl-bot-staging/v1/tests/unit/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/v1/tests/unit/gapic/__init__.py b/owl-bot-staging/v1/tests/unit/gapic/__init__.py deleted file mode 100644 index b54a5fc..0000000 --- a/owl-bot-staging/v1/tests/unit/gapic/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py deleted file mode 100644 index b54a5fc..0000000 --- a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py deleted file mode 100644 index ddadae0..0000000 --- a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py +++ /dev/null @@ -1,1785 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import os -import mock -import packaging.version - -import grpc -from grpc.experimental import aio -import math -import pytest -from proto.marshal.rules.dates import DurationRule, TimestampRule - - -from google.api_core import client_options -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1 -from google.api_core import grpc_helpers -from google.api_core import grpc_helpers_async -from google.api_core import path_template -from google.auth import credentials as ga_credentials -from google.auth.exceptions import MutualTLSChannelError -from google.cloud.iap_v1.services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceAsyncClient -from google.cloud.iap_v1.services.identity_aware_proxy_admin_service import IdentityAwareProxyAdminServiceClient -from google.cloud.iap_v1.services.identity_aware_proxy_admin_service import transports -from google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.base import _GOOGLE_AUTH_VERSION -from google.cloud.iap_v1.types import service -from google.iam.v1 import iam_policy_pb2 # type: ignore -from google.iam.v1 import options_pb2 # type: ignore -from google.iam.v1 import policy_pb2 # type: ignore -from google.oauth2 import service_account -from google.protobuf import field_mask_pb2 # type: ignore -from google.protobuf import wrappers_pb2 # type: ignore -from google.type import expr_pb2 # type: ignore -import google.auth - - -# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively -# through google-api-core: -# - Delete the auth "less than" test cases -# - Delete these pytest markers (Make the "greater than or equal to" tests the default). -requires_google_auth_lt_1_25_0 = pytest.mark.skipif( - packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), - reason="This test requires google-auth < 1.25.0", -) -requires_google_auth_gte_1_25_0 = pytest.mark.skipif( - packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), - reason="This test requires google-auth >= 1.25.0", -) - -def client_cert_source_callback(): - return b"cert bytes", b"key bytes" - - -# If default endpoint is localhost, then default mtls endpoint will be the same. -# This method modifies the default endpoint so the client can produce a different -# mtls endpoint for endpoint testing purposes. -def modify_default_endpoint(client): - return "foo.googleapis.com" if ("localhost" in client.DEFAULT_ENDPOINT) else client.DEFAULT_ENDPOINT - - -def test__get_default_mtls_endpoint(): - api_endpoint = "example.googleapis.com" - api_mtls_endpoint = "example.mtls.googleapis.com" - sandbox_endpoint = "example.sandbox.googleapis.com" - sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" - non_googleapi = "api.example.com" - - assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(None) is None - assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint - assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(api_mtls_endpoint) == api_mtls_endpoint - assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(sandbox_endpoint) == sandbox_mtls_endpoint - assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) == sandbox_mtls_endpoint - assert IdentityAwareProxyAdminServiceClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi - - -@pytest.mark.parametrize("client_class", [ - IdentityAwareProxyAdminServiceClient, - IdentityAwareProxyAdminServiceAsyncClient, -]) -def test_identity_aware_proxy_admin_service_client_from_service_account_info(client_class): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object(service_account.Credentials, 'from_service_account_info') as factory: - factory.return_value = creds - info = {"valid": True} - client = client_class.from_service_account_info(info) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == 'iap.googleapis.com:443' - - -@pytest.mark.parametrize("transport_class,transport_name", [ - (transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), - (transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -def test_identity_aware_proxy_admin_service_client_service_account_always_use_jwt(transport_class, transport_name): - with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=True) - use_jwt.assert_called_once_with(True) - - with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=False) - use_jwt.assert_not_called() - - -@pytest.mark.parametrize("client_class", [ - IdentityAwareProxyAdminServiceClient, - IdentityAwareProxyAdminServiceAsyncClient, -]) -def test_identity_aware_proxy_admin_service_client_from_service_account_file(client_class): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object(service_account.Credentials, 'from_service_account_file') as factory: - factory.return_value = creds - client = client_class.from_service_account_file("dummy/file/path.json") - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - client = client_class.from_service_account_json("dummy/file/path.json") - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == 'iap.googleapis.com:443' - - -def test_identity_aware_proxy_admin_service_client_get_transport_class(): - transport = IdentityAwareProxyAdminServiceClient.get_transport_class() - available_transports = [ - transports.IdentityAwareProxyAdminServiceGrpcTransport, - ] - assert transport in available_transports - - transport = IdentityAwareProxyAdminServiceClient.get_transport_class("grpc") - assert transport == transports.IdentityAwareProxyAdminServiceGrpcTransport - - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), - (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -@mock.patch.object(IdentityAwareProxyAdminServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceClient)) -@mock.patch.object(IdentityAwareProxyAdminServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceAsyncClient)) -def test_identity_aware_proxy_admin_service_client_client_options(client_class, transport_class, transport_name): - # Check that if channel is provided we won't create a new one. - with mock.patch.object(IdentityAwareProxyAdminServiceClient, 'get_transport_class') as gtc: - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials() - ) - client = client_class(transport=transport) - gtc.assert_not_called() - - # Check that if channel is provided via str we will create a new one. - with mock.patch.object(IdentityAwareProxyAdminServiceClient, 'get_transport_class') as gtc: - client = client_class(transport=transport_name) - gtc.assert_called() - - # Check the case api_endpoint is provided. - options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "never". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "always". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_MTLS_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has - # unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): - with pytest.raises(MutualTLSChannelError): - client = client_class() - - # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): - with pytest.raises(ValueError): - client = client_class() - - # Check the case quota_project_id is provided - options = client_options.ClientOptions(quota_project_id="octopus") - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id="octopus", - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - -@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [ - (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc", "true"), - (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio", "true"), - (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc", "false"), - (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio", "false"), -]) -@mock.patch.object(IdentityAwareProxyAdminServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceClient)) -@mock.patch.object(IdentityAwareProxyAdminServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyAdminServiceAsyncClient)) -@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) -def test_identity_aware_proxy_admin_service_client_mtls_env_auto(client_class, transport_class, transport_name, use_client_cert_env): - # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default - # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. - - # Check the case client_cert_source is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - options = client_options.ClientOptions(client_cert_source=client_cert_source_callback) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - - if use_client_cert_env == "false": - expected_client_cert_source = None - expected_host = client.DEFAULT_ENDPOINT - else: - expected_client_cert_source = client_cert_source_callback - expected_host = client.DEFAULT_MTLS_ENDPOINT - - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case ADC client cert is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - with mock.patch.object(transport_class, '__init__') as patched: - with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): - with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=client_cert_source_callback): - if use_client_cert_env == "false": - expected_host = client.DEFAULT_ENDPOINT - expected_client_cert_source = None - else: - expected_host = client.DEFAULT_MTLS_ENDPOINT - expected_client_cert_source = client_cert_source_callback - - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case client_cert_source and ADC client cert are not provided. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - with mock.patch.object(transport_class, '__init__') as patched: - with mock.patch("google.auth.transport.mtls.has_default_client_cert_source", return_value=False): - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), - (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -def test_identity_aware_proxy_admin_service_client_client_options_scopes(client_class, transport_class, transport_name): - # Check the case scopes are provided. - options = client_options.ClientOptions( - scopes=["1", "2"], - ) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=["1", "2"], - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (IdentityAwareProxyAdminServiceClient, transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"), - (IdentityAwareProxyAdminServiceAsyncClient, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -def test_identity_aware_proxy_admin_service_client_client_options_credentials_file(client_class, transport_class, transport_name): - # Check the case credentials file is provided. - options = client_options.ClientOptions( - credentials_file="credentials.json" - ) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file="credentials.json", - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - -def test_identity_aware_proxy_admin_service_client_client_options_from_dict(): - with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceGrpcTransport.__init__') as grpc_transport: - grpc_transport.return_value = None - client = IdentityAwareProxyAdminServiceClient( - client_options={'api_endpoint': 'squid.clam.whelk'} - ) - grpc_transport.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - -def test_set_iam_policy(transport: str = 'grpc', request_type=iam_policy_pb2.SetIamPolicyRequest): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.set_iam_policy), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = policy_pb2.Policy( - version=774, - etag=b'etag_blob', - ) - response = client.set_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.SetIamPolicyRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, policy_pb2.Policy) - assert response.version == 774 - assert response.etag == b'etag_blob' - - -def test_set_iam_policy_from_dict(): - test_set_iam_policy(request_type=dict) - - -def test_set_iam_policy_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.set_iam_policy), - '__call__') as call: - client.set_iam_policy() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.SetIamPolicyRequest() - - -@pytest.mark.asyncio -async def test_set_iam_policy_async(transport: str = 'grpc_asyncio', request_type=iam_policy_pb2.SetIamPolicyRequest): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.set_iam_policy), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy( - version=774, - etag=b'etag_blob', - )) - response = await client.set_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.SetIamPolicyRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, policy_pb2.Policy) - assert response.version == 774 - assert response.etag == b'etag_blob' - - -@pytest.mark.asyncio -async def test_set_iam_policy_async_from_dict(): - await test_set_iam_policy_async(request_type=dict) - - -def test_set_iam_policy_field_headers(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = iam_policy_pb2.SetIamPolicyRequest() - - request.resource = 'resource/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.set_iam_policy), - '__call__') as call: - call.return_value = policy_pb2.Policy() - client.set_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'resource=resource/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_set_iam_policy_field_headers_async(): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = iam_policy_pb2.SetIamPolicyRequest() - - request.resource = 'resource/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.set_iam_policy), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy()) - await client.set_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'resource=resource/value', - ) in kw['metadata'] - -def test_set_iam_policy_from_dict_foreign(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.set_iam_policy), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = policy_pb2.Policy() - response = client.set_iam_policy(request={ - 'resource': 'resource_value', - 'policy': policy_pb2.Policy(version=774), - } - ) - call.assert_called() - - -def test_get_iam_policy(transport: str = 'grpc', request_type=iam_policy_pb2.GetIamPolicyRequest): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iam_policy), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = policy_pb2.Policy( - version=774, - etag=b'etag_blob', - ) - response = client.get_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.GetIamPolicyRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, policy_pb2.Policy) - assert response.version == 774 - assert response.etag == b'etag_blob' - - -def test_get_iam_policy_from_dict(): - test_get_iam_policy(request_type=dict) - - -def test_get_iam_policy_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iam_policy), - '__call__') as call: - client.get_iam_policy() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.GetIamPolicyRequest() - - -@pytest.mark.asyncio -async def test_get_iam_policy_async(transport: str = 'grpc_asyncio', request_type=iam_policy_pb2.GetIamPolicyRequest): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iam_policy), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy( - version=774, - etag=b'etag_blob', - )) - response = await client.get_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.GetIamPolicyRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, policy_pb2.Policy) - assert response.version == 774 - assert response.etag == b'etag_blob' - - -@pytest.mark.asyncio -async def test_get_iam_policy_async_from_dict(): - await test_get_iam_policy_async(request_type=dict) - - -def test_get_iam_policy_field_headers(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = iam_policy_pb2.GetIamPolicyRequest() - - request.resource = 'resource/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iam_policy), - '__call__') as call: - call.return_value = policy_pb2.Policy() - client.get_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'resource=resource/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_get_iam_policy_field_headers_async(): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = iam_policy_pb2.GetIamPolicyRequest() - - request.resource = 'resource/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iam_policy), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy_pb2.Policy()) - await client.get_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'resource=resource/value', - ) in kw['metadata'] - -def test_get_iam_policy_from_dict_foreign(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iam_policy), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = policy_pb2.Policy() - response = client.get_iam_policy(request={ - 'resource': 'resource_value', - 'options': options_pb2.GetPolicyOptions(requested_policy_version=2598), - } - ) - call.assert_called() - - -def test_test_iam_permissions(transport: str = 'grpc', request_type=iam_policy_pb2.TestIamPermissionsRequest): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.test_iam_permissions), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = iam_policy_pb2.TestIamPermissionsResponse( - permissions=['permissions_value'], - ) - response = client.test_iam_permissions(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.TestIamPermissionsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, iam_policy_pb2.TestIamPermissionsResponse) - assert response.permissions == ['permissions_value'] - - -def test_test_iam_permissions_from_dict(): - test_test_iam_permissions(request_type=dict) - - -def test_test_iam_permissions_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.test_iam_permissions), - '__call__') as call: - client.test_iam_permissions() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.TestIamPermissionsRequest() - - -@pytest.mark.asyncio -async def test_test_iam_permissions_async(transport: str = 'grpc_asyncio', request_type=iam_policy_pb2.TestIamPermissionsRequest): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.test_iam_permissions), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(iam_policy_pb2.TestIamPermissionsResponse( - permissions=['permissions_value'], - )) - response = await client.test_iam_permissions(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == iam_policy_pb2.TestIamPermissionsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, iam_policy_pb2.TestIamPermissionsResponse) - assert response.permissions == ['permissions_value'] - - -@pytest.mark.asyncio -async def test_test_iam_permissions_async_from_dict(): - await test_test_iam_permissions_async(request_type=dict) - - -def test_test_iam_permissions_field_headers(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = iam_policy_pb2.TestIamPermissionsRequest() - - request.resource = 'resource/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.test_iam_permissions), - '__call__') as call: - call.return_value = iam_policy_pb2.TestIamPermissionsResponse() - client.test_iam_permissions(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'resource=resource/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_test_iam_permissions_field_headers_async(): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = iam_policy_pb2.TestIamPermissionsRequest() - - request.resource = 'resource/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.test_iam_permissions), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(iam_policy_pb2.TestIamPermissionsResponse()) - await client.test_iam_permissions(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'resource=resource/value', - ) in kw['metadata'] - -def test_test_iam_permissions_from_dict_foreign(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.test_iam_permissions), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = iam_policy_pb2.TestIamPermissionsResponse() - response = client.test_iam_permissions(request={ - 'resource': 'resource_value', - 'permissions': ['permissions_value'], - } - ) - call.assert_called() - - -def test_get_iap_settings(transport: str = 'grpc', request_type=service.GetIapSettingsRequest): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iap_settings), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.IapSettings( - name='name_value', - ) - response = client.get_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetIapSettingsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IapSettings) - assert response.name == 'name_value' - - -def test_get_iap_settings_from_dict(): - test_get_iap_settings(request_type=dict) - - -def test_get_iap_settings_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iap_settings), - '__call__') as call: - client.get_iap_settings() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetIapSettingsRequest() - - -@pytest.mark.asyncio -async def test_get_iap_settings_async(transport: str = 'grpc_asyncio', request_type=service.GetIapSettingsRequest): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iap_settings), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings( - name='name_value', - )) - response = await client.get_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetIapSettingsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IapSettings) - assert response.name == 'name_value' - - -@pytest.mark.asyncio -async def test_get_iap_settings_async_from_dict(): - await test_get_iap_settings_async(request_type=dict) - - -def test_get_iap_settings_field_headers(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.GetIapSettingsRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iap_settings), - '__call__') as call: - call.return_value = service.IapSettings() - client.get_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_get_iap_settings_field_headers_async(): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.GetIapSettingsRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_iap_settings), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings()) - await client.get_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -def test_update_iap_settings(transport: str = 'grpc', request_type=service.UpdateIapSettingsRequest): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_iap_settings), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.IapSettings( - name='name_value', - ) - response = client.update_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.UpdateIapSettingsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IapSettings) - assert response.name == 'name_value' - - -def test_update_iap_settings_from_dict(): - test_update_iap_settings(request_type=dict) - - -def test_update_iap_settings_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_iap_settings), - '__call__') as call: - client.update_iap_settings() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.UpdateIapSettingsRequest() - - -@pytest.mark.asyncio -async def test_update_iap_settings_async(transport: str = 'grpc_asyncio', request_type=service.UpdateIapSettingsRequest): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_iap_settings), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings( - name='name_value', - )) - response = await client.update_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.UpdateIapSettingsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IapSettings) - assert response.name == 'name_value' - - -@pytest.mark.asyncio -async def test_update_iap_settings_async_from_dict(): - await test_update_iap_settings_async(request_type=dict) - - -def test_update_iap_settings_field_headers(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.UpdateIapSettingsRequest() - - request.iap_settings.name = 'iap_settings.name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_iap_settings), - '__call__') as call: - call.return_value = service.IapSettings() - client.update_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'iap_settings.name=iap_settings.name/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_update_iap_settings_field_headers_async(): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.UpdateIapSettingsRequest() - - request.iap_settings.name = 'iap_settings.name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_iap_settings), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IapSettings()) - await client.update_iap_settings(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'iap_settings.name=iap_settings.name/value', - ) in kw['metadata'] - - -def test_credentials_transport_error(): - # It is an error to provide credentials and a transport instance. - transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # It is an error to provide a credentials file and a transport instance. - transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = IdentityAwareProxyAdminServiceClient( - client_options={"credentials_file": "credentials.json"}, - transport=transport, - ) - - # It is an error to provide scopes and a transport instance. - transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = IdentityAwareProxyAdminServiceClient( - client_options={"scopes": ["1", "2"]}, - transport=transport, - ) - - -def test_transport_instance(): - # A client may be instantiated with a custom transport instance. - transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - client = IdentityAwareProxyAdminServiceClient(transport=transport) - assert client.transport is transport - -def test_transport_get_channel(): - # A client may be instantiated with a custom transport instance. - transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - - transport = transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - -@pytest.mark.parametrize("transport_class", [ - transports.IdentityAwareProxyAdminServiceGrpcTransport, - transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, -]) -def test_transport_adc(transport_class): - # Test default credentials are used if not provided. - with mock.patch.object(google.auth, 'default') as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class() - adc.assert_called_once() - -def test_transport_grpc_default(): - # A client should use the gRPC transport by default. - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - assert isinstance( - client.transport, - transports.IdentityAwareProxyAdminServiceGrpcTransport, - ) - -def test_identity_aware_proxy_admin_service_base_transport_error(): - # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(core_exceptions.DuplicateCredentialArgs): - transport = transports.IdentityAwareProxyAdminServiceTransport( - credentials=ga_credentials.AnonymousCredentials(), - credentials_file="credentials.json" - ) - - -def test_identity_aware_proxy_admin_service_base_transport(): - # Instantiate the base transport. - with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport.__init__') as Transport: - Transport.return_value = None - transport = transports.IdentityAwareProxyAdminServiceTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Every method on the transport should just blindly - # raise NotImplementedError. - methods = ( - 'set_iam_policy', - 'get_iam_policy', - 'test_iam_permissions', - 'get_iap_settings', - 'update_iap_settings', - ) - for method in methods: - with pytest.raises(NotImplementedError): - getattr(transport, method)(request=object()) - - with pytest.raises(NotImplementedError): - transport.close() - - -@requires_google_auth_gte_1_25_0 -def test_identity_aware_proxy_admin_service_base_transport_with_credentials_file(): - # Instantiate the base transport with a credentials file - with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.IdentityAwareProxyAdminServiceTransport( - credentials_file="credentials.json", - quota_project_id="octopus", - ) - load_creds.assert_called_once_with("credentials.json", - scopes=None, - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id="octopus", - ) - - -@requires_google_auth_lt_1_25_0 -def test_identity_aware_proxy_admin_service_base_transport_with_credentials_file_old_google_auth(): - # Instantiate the base transport with a credentials file - with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.IdentityAwareProxyAdminServiceTransport( - credentials_file="credentials.json", - quota_project_id="octopus", - ) - load_creds.assert_called_once_with("credentials.json", scopes=( - 'https://www.googleapis.com/auth/cloud-platform', - ), - quota_project_id="octopus", - ) - - -def test_identity_aware_proxy_admin_service_base_transport_with_adc(): - # Test the default credentials are used if credentials and credentials_file are None. - with mock.patch.object(google.auth, 'default', autospec=True) as adc, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.IdentityAwareProxyAdminServiceTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.IdentityAwareProxyAdminServiceTransport() - adc.assert_called_once() - - -@requires_google_auth_gte_1_25_0 -def test_identity_aware_proxy_admin_service_auth_adc(): - # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - IdentityAwareProxyAdminServiceClient() - adc.assert_called_once_with( - scopes=None, - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id=None, - ) - - -@requires_google_auth_lt_1_25_0 -def test_identity_aware_proxy_admin_service_auth_adc_old_google_auth(): - # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - IdentityAwareProxyAdminServiceClient() - adc.assert_called_once_with( - scopes=( 'https://www.googleapis.com/auth/cloud-platform',), - quota_project_id=None, - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.IdentityAwareProxyAdminServiceGrpcTransport, - transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, - ], -) -@requires_google_auth_gte_1_25_0 -def test_identity_aware_proxy_admin_service_transport_auth_adc(transport_class): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - adc.assert_called_once_with( - scopes=["1", "2"], - default_scopes=( 'https://www.googleapis.com/auth/cloud-platform',), - quota_project_id="octopus", - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.IdentityAwareProxyAdminServiceGrpcTransport, - transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, - ], -) -@requires_google_auth_lt_1_25_0 -def test_identity_aware_proxy_admin_service_transport_auth_adc_old_google_auth(transport_class): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class(quota_project_id="octopus") - adc.assert_called_once_with(scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id="octopus", - ) - - -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.IdentityAwareProxyAdminServiceGrpcTransport, grpc_helpers), - (transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, grpc_helpers_async) - ], -) -def test_identity_aware_proxy_admin_service_transport_create_channel(transport_class, grpc_helpers): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - transport_class( - quota_project_id="octopus", - scopes=["1", "2"] - ) - - create_channel.assert_called_with( - "iap.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - scopes=["1", "2"], - default_host="iap.googleapis.com", - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyAdminServiceGrpcTransport, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport]) -def test_identity_aware_proxy_admin_service_grpc_transport_client_cert_source_for_mtls( - transport_class -): - cred = ga_credentials.AnonymousCredentials() - - # Check ssl_channel_credentials is used if provided. - with mock.patch.object(transport_class, "create_channel") as mock_create_channel: - mock_ssl_channel_creds = mock.Mock() - transport_class( - host="squid.clam.whelk", - credentials=cred, - ssl_channel_credentials=mock_ssl_channel_creds - ) - mock_create_channel.assert_called_once_with( - "squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_channel_creds, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls - # is used. - with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): - with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: - transport_class( - credentials=cred, - client_cert_source_for_mtls=client_cert_source_callback - ) - expected_cert, expected_key = client_cert_source_callback() - mock_ssl_cred.assert_called_once_with( - certificate_chain=expected_cert, - private_key=expected_key - ) - - -def test_identity_aware_proxy_admin_service_host_no_port(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com'), - ) - assert client.transport._host == 'iap.googleapis.com:443' - - -def test_identity_aware_proxy_admin_service_host_with_port(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com:8000'), - ) - assert client.transport._host == 'iap.googleapis.com:8000' - -def test_identity_aware_proxy_admin_service_grpc_transport_channel(): - channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.IdentityAwareProxyAdminServiceGrpcTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -def test_identity_aware_proxy_admin_service_grpc_asyncio_transport_channel(): - channel = aio.secure_channel('http://localhost/', grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyAdminServiceGrpcTransport, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport]) -def test_identity_aware_proxy_admin_service_transport_channel_mtls_with_client_cert_source( - transport_class -): - with mock.patch("grpc.ssl_channel_credentials", autospec=True) as grpc_ssl_channel_cred: - with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: - mock_ssl_cred = mock.Mock() - grpc_ssl_channel_cred.return_value = mock_ssl_cred - - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - - cred = ga_credentials.AnonymousCredentials() - with pytest.warns(DeprecationWarning): - with mock.patch.object(google.auth, 'default') as adc: - adc.return_value = (cred, None) - transport = transport_class( - host="squid.clam.whelk", - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=client_cert_source_callback, - ) - adc.assert_called_once() - - grpc_ssl_channel_cred.assert_called_once_with( - certificate_chain=b"cert bytes", private_key=b"key bytes" - ) - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - assert transport._ssl_channel_credentials == mock_ssl_cred - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyAdminServiceGrpcTransport, transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport]) -def test_identity_aware_proxy_admin_service_transport_channel_mtls_with_adc( - transport_class -): - mock_ssl_cred = mock.Mock() - with mock.patch.multiple( - "google.auth.transport.grpc.SslCredentials", - __init__=mock.Mock(return_value=None), - ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), - ): - with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - mock_cred = mock.Mock() - - with pytest.warns(DeprecationWarning): - transport = transport_class( - host="squid.clam.whelk", - credentials=mock_cred, - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=None, - ) - - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=mock_cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - - -def test_common_billing_account_path(): - billing_account = "squid" - expected = "billingAccounts/{billing_account}".format(billing_account=billing_account, ) - actual = IdentityAwareProxyAdminServiceClient.common_billing_account_path(billing_account) - assert expected == actual - - -def test_parse_common_billing_account_path(): - expected = { - "billing_account": "clam", - } - path = IdentityAwareProxyAdminServiceClient.common_billing_account_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyAdminServiceClient.parse_common_billing_account_path(path) - assert expected == actual - -def test_common_folder_path(): - folder = "whelk" - expected = "folders/{folder}".format(folder=folder, ) - actual = IdentityAwareProxyAdminServiceClient.common_folder_path(folder) - assert expected == actual - - -def test_parse_common_folder_path(): - expected = { - "folder": "octopus", - } - path = IdentityAwareProxyAdminServiceClient.common_folder_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyAdminServiceClient.parse_common_folder_path(path) - assert expected == actual - -def test_common_organization_path(): - organization = "oyster" - expected = "organizations/{organization}".format(organization=organization, ) - actual = IdentityAwareProxyAdminServiceClient.common_organization_path(organization) - assert expected == actual - - -def test_parse_common_organization_path(): - expected = { - "organization": "nudibranch", - } - path = IdentityAwareProxyAdminServiceClient.common_organization_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyAdminServiceClient.parse_common_organization_path(path) - assert expected == actual - -def test_common_project_path(): - project = "cuttlefish" - expected = "projects/{project}".format(project=project, ) - actual = IdentityAwareProxyAdminServiceClient.common_project_path(project) - assert expected == actual - - -def test_parse_common_project_path(): - expected = { - "project": "mussel", - } - path = IdentityAwareProxyAdminServiceClient.common_project_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyAdminServiceClient.parse_common_project_path(path) - assert expected == actual - -def test_common_location_path(): - project = "winkle" - location = "nautilus" - expected = "projects/{project}/locations/{location}".format(project=project, location=location, ) - actual = IdentityAwareProxyAdminServiceClient.common_location_path(project, location) - assert expected == actual - - -def test_parse_common_location_path(): - expected = { - "project": "scallop", - "location": "abalone", - } - path = IdentityAwareProxyAdminServiceClient.common_location_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyAdminServiceClient.parse_common_location_path(path) - assert expected == actual - - -def test_client_withDEFAULT_CLIENT_INFO(): - client_info = gapic_v1.client_info.ClientInfo() - - with mock.patch.object(transports.IdentityAwareProxyAdminServiceTransport, '_prep_wrapped_messages') as prep: - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - with mock.patch.object(transports.IdentityAwareProxyAdminServiceTransport, '_prep_wrapped_messages') as prep: - transport_class = IdentityAwareProxyAdminServiceClient.get_transport_class() - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - -@pytest.mark.asyncio -async def test_transport_close_async(): - client = IdentityAwareProxyAdminServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc_asyncio", - ) - with mock.patch.object(type(getattr(client.transport, "grpc_channel")), "close") as close: - async with client: - close.assert_not_called() - close.assert_called_once() - -def test_transport_close(): - transports = { - "grpc": "_grpc_channel", - } - - for transport, close_name in transports.items(): - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport - ) - with mock.patch.object(type(getattr(client.transport, close_name)), "close") as close: - with client: - close.assert_not_called() - close.assert_called_once() - -def test_client_ctx(): - transports = [ - 'grpc', - ] - for transport in transports: - client = IdentityAwareProxyAdminServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport - ) - # Test client calls underlying transport. - with mock.patch.object(type(client.transport), "close") as close: - close.assert_not_called() - with client: - pass - close.assert_called() diff --git a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py b/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py deleted file mode 100644 index f57bf11..0000000 --- a/owl-bot-staging/v1/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py +++ /dev/null @@ -1,2401 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import os -import mock -import packaging.version - -import grpc -from grpc.experimental import aio -import math -import pytest -from proto.marshal.rules.dates import DurationRule, TimestampRule - - -from google.api_core import client_options -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1 -from google.api_core import grpc_helpers -from google.api_core import grpc_helpers_async -from google.api_core import path_template -from google.auth import credentials as ga_credentials -from google.auth.exceptions import MutualTLSChannelError -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceAsyncClient -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import IdentityAwareProxyOAuthServiceClient -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import pagers -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import transports -from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.base import _GOOGLE_AUTH_VERSION -from google.cloud.iap_v1.types import service -from google.oauth2 import service_account -import google.auth - - -# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively -# through google-api-core: -# - Delete the auth "less than" test cases -# - Delete these pytest markers (Make the "greater than or equal to" tests the default). -requires_google_auth_lt_1_25_0 = pytest.mark.skipif( - packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), - reason="This test requires google-auth < 1.25.0", -) -requires_google_auth_gte_1_25_0 = pytest.mark.skipif( - packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), - reason="This test requires google-auth >= 1.25.0", -) - -def client_cert_source_callback(): - return b"cert bytes", b"key bytes" - - -# If default endpoint is localhost, then default mtls endpoint will be the same. -# This method modifies the default endpoint so the client can produce a different -# mtls endpoint for endpoint testing purposes. -def modify_default_endpoint(client): - return "foo.googleapis.com" if ("localhost" in client.DEFAULT_ENDPOINT) else client.DEFAULT_ENDPOINT - - -def test__get_default_mtls_endpoint(): - api_endpoint = "example.googleapis.com" - api_mtls_endpoint = "example.mtls.googleapis.com" - sandbox_endpoint = "example.sandbox.googleapis.com" - sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" - non_googleapi = "api.example.com" - - assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(None) is None - assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint - assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(api_mtls_endpoint) == api_mtls_endpoint - assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(sandbox_endpoint) == sandbox_mtls_endpoint - assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) == sandbox_mtls_endpoint - assert IdentityAwareProxyOAuthServiceClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi - - -@pytest.mark.parametrize("client_class", [ - IdentityAwareProxyOAuthServiceClient, - IdentityAwareProxyOAuthServiceAsyncClient, -]) -def test_identity_aware_proxy_o_auth_service_client_from_service_account_info(client_class): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object(service_account.Credentials, 'from_service_account_info') as factory: - factory.return_value = creds - info = {"valid": True} - client = client_class.from_service_account_info(info) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == 'iap.googleapis.com:443' - - -@pytest.mark.parametrize("transport_class,transport_name", [ - (transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), - (transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -def test_identity_aware_proxy_o_auth_service_client_service_account_always_use_jwt(transport_class, transport_name): - with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=True) - use_jwt.assert_called_once_with(True) - - with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=False) - use_jwt.assert_not_called() - - -@pytest.mark.parametrize("client_class", [ - IdentityAwareProxyOAuthServiceClient, - IdentityAwareProxyOAuthServiceAsyncClient, -]) -def test_identity_aware_proxy_o_auth_service_client_from_service_account_file(client_class): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object(service_account.Credentials, 'from_service_account_file') as factory: - factory.return_value = creds - client = client_class.from_service_account_file("dummy/file/path.json") - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - client = client_class.from_service_account_json("dummy/file/path.json") - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == 'iap.googleapis.com:443' - - -def test_identity_aware_proxy_o_auth_service_client_get_transport_class(): - transport = IdentityAwareProxyOAuthServiceClient.get_transport_class() - available_transports = [ - transports.IdentityAwareProxyOAuthServiceGrpcTransport, - ] - assert transport in available_transports - - transport = IdentityAwareProxyOAuthServiceClient.get_transport_class("grpc") - assert transport == transports.IdentityAwareProxyOAuthServiceGrpcTransport - - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), - (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -@mock.patch.object(IdentityAwareProxyOAuthServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceClient)) -@mock.patch.object(IdentityAwareProxyOAuthServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceAsyncClient)) -def test_identity_aware_proxy_o_auth_service_client_client_options(client_class, transport_class, transport_name): - # Check that if channel is provided we won't create a new one. - with mock.patch.object(IdentityAwareProxyOAuthServiceClient, 'get_transport_class') as gtc: - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials() - ) - client = client_class(transport=transport) - gtc.assert_not_called() - - # Check that if channel is provided via str we will create a new one. - with mock.patch.object(IdentityAwareProxyOAuthServiceClient, 'get_transport_class') as gtc: - client = client_class(transport=transport_name) - gtc.assert_called() - - # Check the case api_endpoint is provided. - options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "never". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "always". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_MTLS_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has - # unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): - with pytest.raises(MutualTLSChannelError): - client = client_class() - - # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): - with pytest.raises(ValueError): - client = client_class() - - # Check the case quota_project_id is provided - options = client_options.ClientOptions(quota_project_id="octopus") - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id="octopus", - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - -@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [ - (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc", "true"), - (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio", "true"), - (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc", "false"), - (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio", "false"), -]) -@mock.patch.object(IdentityAwareProxyOAuthServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceClient)) -@mock.patch.object(IdentityAwareProxyOAuthServiceAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(IdentityAwareProxyOAuthServiceAsyncClient)) -@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) -def test_identity_aware_proxy_o_auth_service_client_mtls_env_auto(client_class, transport_class, transport_name, use_client_cert_env): - # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default - # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. - - # Check the case client_cert_source is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - options = client_options.ClientOptions(client_cert_source=client_cert_source_callback) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - - if use_client_cert_env == "false": - expected_client_cert_source = None - expected_host = client.DEFAULT_ENDPOINT - else: - expected_client_cert_source = client_cert_source_callback - expected_host = client.DEFAULT_MTLS_ENDPOINT - - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case ADC client cert is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - with mock.patch.object(transport_class, '__init__') as patched: - with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): - with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=client_cert_source_callback): - if use_client_cert_env == "false": - expected_host = client.DEFAULT_ENDPOINT - expected_client_cert_source = None - else: - expected_host = client.DEFAULT_MTLS_ENDPOINT - expected_client_cert_source = client_cert_source_callback - - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - # Check the case client_cert_source and ADC client cert are not provided. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - with mock.patch.object(transport_class, '__init__') as patched: - with mock.patch("google.auth.transport.mtls.has_default_client_cert_source", return_value=False): - patched.return_value = None - client = client_class() - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), - (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -def test_identity_aware_proxy_o_auth_service_client_client_options_scopes(client_class, transport_class, transport_name): - # Check the case scopes are provided. - options = client_options.ClientOptions( - scopes=["1", "2"], - ) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=["1", "2"], - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (IdentityAwareProxyOAuthServiceClient, transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"), - (IdentityAwareProxyOAuthServiceAsyncClient, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"), -]) -def test_identity_aware_proxy_o_auth_service_client_client_options_credentials_file(client_class, transport_class, transport_name): - # Check the case credentials file is provided. - options = client_options.ClientOptions( - credentials_file="credentials.json" - ) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file="credentials.json", - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - -def test_identity_aware_proxy_o_auth_service_client_client_options_from_dict(): - with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceGrpcTransport.__init__') as grpc_transport: - grpc_transport.return_value = None - client = IdentityAwareProxyOAuthServiceClient( - client_options={'api_endpoint': 'squid.clam.whelk'} - ) - grpc_transport.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - ) - - -def test_list_brands(transport: str = 'grpc', request_type=service.ListBrandsRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_brands), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.ListBrandsResponse( - ) - response = client.list_brands(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.ListBrandsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.ListBrandsResponse) - - -def test_list_brands_from_dict(): - test_list_brands(request_type=dict) - - -def test_list_brands_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_brands), - '__call__') as call: - client.list_brands() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.ListBrandsRequest() - - -@pytest.mark.asyncio -async def test_list_brands_async(transport: str = 'grpc_asyncio', request_type=service.ListBrandsRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_brands), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.ListBrandsResponse( - )) - response = await client.list_brands(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.ListBrandsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.ListBrandsResponse) - - -@pytest.mark.asyncio -async def test_list_brands_async_from_dict(): - await test_list_brands_async(request_type=dict) - - -def test_list_brands_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.ListBrandsRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_brands), - '__call__') as call: - call.return_value = service.ListBrandsResponse() - client.list_brands(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_list_brands_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.ListBrandsRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_brands), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.ListBrandsResponse()) - await client.list_brands(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -def test_create_brand(transport: str = 'grpc', request_type=service.CreateBrandRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_brand), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.Brand( - name='name_value', - support_email='support_email_value', - application_title='application_title_value', - org_internal_only=True, - ) - response = client.create_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.CreateBrandRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.Brand) - assert response.name == 'name_value' - assert response.support_email == 'support_email_value' - assert response.application_title == 'application_title_value' - assert response.org_internal_only is True - - -def test_create_brand_from_dict(): - test_create_brand(request_type=dict) - - -def test_create_brand_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_brand), - '__call__') as call: - client.create_brand() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.CreateBrandRequest() - - -@pytest.mark.asyncio -async def test_create_brand_async(transport: str = 'grpc_asyncio', request_type=service.CreateBrandRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_brand), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.Brand( - name='name_value', - support_email='support_email_value', - application_title='application_title_value', - org_internal_only=True, - )) - response = await client.create_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.CreateBrandRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.Brand) - assert response.name == 'name_value' - assert response.support_email == 'support_email_value' - assert response.application_title == 'application_title_value' - assert response.org_internal_only is True - - -@pytest.mark.asyncio -async def test_create_brand_async_from_dict(): - await test_create_brand_async(request_type=dict) - - -def test_create_brand_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.CreateBrandRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_brand), - '__call__') as call: - call.return_value = service.Brand() - client.create_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_create_brand_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.CreateBrandRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_brand), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.Brand()) - await client.create_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -def test_get_brand(transport: str = 'grpc', request_type=service.GetBrandRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_brand), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.Brand( - name='name_value', - support_email='support_email_value', - application_title='application_title_value', - org_internal_only=True, - ) - response = client.get_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetBrandRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.Brand) - assert response.name == 'name_value' - assert response.support_email == 'support_email_value' - assert response.application_title == 'application_title_value' - assert response.org_internal_only is True - - -def test_get_brand_from_dict(): - test_get_brand(request_type=dict) - - -def test_get_brand_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_brand), - '__call__') as call: - client.get_brand() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetBrandRequest() - - -@pytest.mark.asyncio -async def test_get_brand_async(transport: str = 'grpc_asyncio', request_type=service.GetBrandRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_brand), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.Brand( - name='name_value', - support_email='support_email_value', - application_title='application_title_value', - org_internal_only=True, - )) - response = await client.get_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetBrandRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.Brand) - assert response.name == 'name_value' - assert response.support_email == 'support_email_value' - assert response.application_title == 'application_title_value' - assert response.org_internal_only is True - - -@pytest.mark.asyncio -async def test_get_brand_async_from_dict(): - await test_get_brand_async(request_type=dict) - - -def test_get_brand_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.GetBrandRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_brand), - '__call__') as call: - call.return_value = service.Brand() - client.get_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_get_brand_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.GetBrandRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_brand), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.Brand()) - await client.get_brand(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -def test_create_identity_aware_proxy_client(transport: str = 'grpc', request_type=service.CreateIdentityAwareProxyClientRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_identity_aware_proxy_client), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.IdentityAwareProxyClient( - name='name_value', - secret='secret_value', - display_name='display_name_value', - ) - response = client.create_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.CreateIdentityAwareProxyClientRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IdentityAwareProxyClient) - assert response.name == 'name_value' - assert response.secret == 'secret_value' - assert response.display_name == 'display_name_value' - - -def test_create_identity_aware_proxy_client_from_dict(): - test_create_identity_aware_proxy_client(request_type=dict) - - -def test_create_identity_aware_proxy_client_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_identity_aware_proxy_client), - '__call__') as call: - client.create_identity_aware_proxy_client() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.CreateIdentityAwareProxyClientRequest() - - -@pytest.mark.asyncio -async def test_create_identity_aware_proxy_client_async(transport: str = 'grpc_asyncio', request_type=service.CreateIdentityAwareProxyClientRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_identity_aware_proxy_client), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient( - name='name_value', - secret='secret_value', - display_name='display_name_value', - )) - response = await client.create_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.CreateIdentityAwareProxyClientRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IdentityAwareProxyClient) - assert response.name == 'name_value' - assert response.secret == 'secret_value' - assert response.display_name == 'display_name_value' - - -@pytest.mark.asyncio -async def test_create_identity_aware_proxy_client_async_from_dict(): - await test_create_identity_aware_proxy_client_async(request_type=dict) - - -def test_create_identity_aware_proxy_client_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.CreateIdentityAwareProxyClientRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_identity_aware_proxy_client), - '__call__') as call: - call.return_value = service.IdentityAwareProxyClient() - client.create_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_create_identity_aware_proxy_client_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.CreateIdentityAwareProxyClientRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_identity_aware_proxy_client), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient()) - await client.create_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -def test_list_identity_aware_proxy_clients(transport: str = 'grpc', request_type=service.ListIdentityAwareProxyClientsRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.ListIdentityAwareProxyClientsResponse( - next_page_token='next_page_token_value', - ) - response = client.list_identity_aware_proxy_clients(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.ListIdentityAwareProxyClientsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListIdentityAwareProxyClientsPager) - assert response.next_page_token == 'next_page_token_value' - - -def test_list_identity_aware_proxy_clients_from_dict(): - test_list_identity_aware_proxy_clients(request_type=dict) - - -def test_list_identity_aware_proxy_clients_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__') as call: - client.list_identity_aware_proxy_clients() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.ListIdentityAwareProxyClientsRequest() - - -@pytest.mark.asyncio -async def test_list_identity_aware_proxy_clients_async(transport: str = 'grpc_asyncio', request_type=service.ListIdentityAwareProxyClientsRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.ListIdentityAwareProxyClientsResponse( - next_page_token='next_page_token_value', - )) - response = await client.list_identity_aware_proxy_clients(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.ListIdentityAwareProxyClientsRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListIdentityAwareProxyClientsAsyncPager) - assert response.next_page_token == 'next_page_token_value' - - -@pytest.mark.asyncio -async def test_list_identity_aware_proxy_clients_async_from_dict(): - await test_list_identity_aware_proxy_clients_async(request_type=dict) - - -def test_list_identity_aware_proxy_clients_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.ListIdentityAwareProxyClientsRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__') as call: - call.return_value = service.ListIdentityAwareProxyClientsResponse() - client.list_identity_aware_proxy_clients(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_list_identity_aware_proxy_clients_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.ListIdentityAwareProxyClientsRequest() - - request.parent = 'parent/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.ListIdentityAwareProxyClientsResponse()) - await client.list_identity_aware_proxy_clients(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent/value', - ) in kw['metadata'] - - -def test_list_identity_aware_proxy_clients_pager(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - next_page_token='abc', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[], - next_page_token='def', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - ], - next_page_token='ghi', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - ), - RuntimeError, - ) - - metadata = () - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ('parent', ''), - )), - ) - pager = client.list_identity_aware_proxy_clients(request={}) - - assert pager._metadata == metadata - - results = [i for i in pager] - assert len(results) == 6 - assert all(isinstance(i, service.IdentityAwareProxyClient) - for i in results) - -def test_list_identity_aware_proxy_clients_pages(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - next_page_token='abc', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[], - next_page_token='def', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - ], - next_page_token='ghi', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - ), - RuntimeError, - ) - pages = list(client.list_identity_aware_proxy_clients(request={}).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.asyncio -async def test_list_identity_aware_proxy_clients_async_pager(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - next_page_token='abc', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[], - next_page_token='def', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - ], - next_page_token='ghi', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - ), - RuntimeError, - ) - async_pager = await client.list_identity_aware_proxy_clients(request={},) - assert async_pager.next_page_token == 'abc' - responses = [] - async for response in async_pager: - responses.append(response) - - assert len(responses) == 6 - assert all(isinstance(i, service.IdentityAwareProxyClient) - for i in responses) - -@pytest.mark.asyncio -async def test_list_identity_aware_proxy_clients_async_pages(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_identity_aware_proxy_clients), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - next_page_token='abc', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[], - next_page_token='def', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - ], - next_page_token='ghi', - ), - service.ListIdentityAwareProxyClientsResponse( - identity_aware_proxy_clients=[ - service.IdentityAwareProxyClient(), - service.IdentityAwareProxyClient(), - ], - ), - RuntimeError, - ) - pages = [] - async for page_ in (await client.list_identity_aware_proxy_clients(request={})).pages: - pages.append(page_) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -def test_get_identity_aware_proxy_client(transport: str = 'grpc', request_type=service.GetIdentityAwareProxyClientRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_identity_aware_proxy_client), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.IdentityAwareProxyClient( - name='name_value', - secret='secret_value', - display_name='display_name_value', - ) - response = client.get_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetIdentityAwareProxyClientRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IdentityAwareProxyClient) - assert response.name == 'name_value' - assert response.secret == 'secret_value' - assert response.display_name == 'display_name_value' - - -def test_get_identity_aware_proxy_client_from_dict(): - test_get_identity_aware_proxy_client(request_type=dict) - - -def test_get_identity_aware_proxy_client_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_identity_aware_proxy_client), - '__call__') as call: - client.get_identity_aware_proxy_client() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetIdentityAwareProxyClientRequest() - - -@pytest.mark.asyncio -async def test_get_identity_aware_proxy_client_async(transport: str = 'grpc_asyncio', request_type=service.GetIdentityAwareProxyClientRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_identity_aware_proxy_client), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient( - name='name_value', - secret='secret_value', - display_name='display_name_value', - )) - response = await client.get_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.GetIdentityAwareProxyClientRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IdentityAwareProxyClient) - assert response.name == 'name_value' - assert response.secret == 'secret_value' - assert response.display_name == 'display_name_value' - - -@pytest.mark.asyncio -async def test_get_identity_aware_proxy_client_async_from_dict(): - await test_get_identity_aware_proxy_client_async(request_type=dict) - - -def test_get_identity_aware_proxy_client_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.GetIdentityAwareProxyClientRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_identity_aware_proxy_client), - '__call__') as call: - call.return_value = service.IdentityAwareProxyClient() - client.get_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_get_identity_aware_proxy_client_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.GetIdentityAwareProxyClientRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_identity_aware_proxy_client), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient()) - await client.get_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -def test_reset_identity_aware_proxy_client_secret(transport: str = 'grpc', request_type=service.ResetIdentityAwareProxyClientSecretRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.reset_identity_aware_proxy_client_secret), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = service.IdentityAwareProxyClient( - name='name_value', - secret='secret_value', - display_name='display_name_value', - ) - response = client.reset_identity_aware_proxy_client_secret(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.ResetIdentityAwareProxyClientSecretRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IdentityAwareProxyClient) - assert response.name == 'name_value' - assert response.secret == 'secret_value' - assert response.display_name == 'display_name_value' - - -def test_reset_identity_aware_proxy_client_secret_from_dict(): - test_reset_identity_aware_proxy_client_secret(request_type=dict) - - -def test_reset_identity_aware_proxy_client_secret_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.reset_identity_aware_proxy_client_secret), - '__call__') as call: - client.reset_identity_aware_proxy_client_secret() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.ResetIdentityAwareProxyClientSecretRequest() - - -@pytest.mark.asyncio -async def test_reset_identity_aware_proxy_client_secret_async(transport: str = 'grpc_asyncio', request_type=service.ResetIdentityAwareProxyClientSecretRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.reset_identity_aware_proxy_client_secret), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient( - name='name_value', - secret='secret_value', - display_name='display_name_value', - )) - response = await client.reset_identity_aware_proxy_client_secret(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.ResetIdentityAwareProxyClientSecretRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.IdentityAwareProxyClient) - assert response.name == 'name_value' - assert response.secret == 'secret_value' - assert response.display_name == 'display_name_value' - - -@pytest.mark.asyncio -async def test_reset_identity_aware_proxy_client_secret_async_from_dict(): - await test_reset_identity_aware_proxy_client_secret_async(request_type=dict) - - -def test_reset_identity_aware_proxy_client_secret_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.ResetIdentityAwareProxyClientSecretRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.reset_identity_aware_proxy_client_secret), - '__call__') as call: - call.return_value = service.IdentityAwareProxyClient() - client.reset_identity_aware_proxy_client_secret(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_reset_identity_aware_proxy_client_secret_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.ResetIdentityAwareProxyClientSecretRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.reset_identity_aware_proxy_client_secret), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(service.IdentityAwareProxyClient()) - await client.reset_identity_aware_proxy_client_secret(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -def test_delete_identity_aware_proxy_client(transport: str = 'grpc', request_type=service.DeleteIdentityAwareProxyClientRequest): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_identity_aware_proxy_client), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = None - response = client.delete_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.DeleteIdentityAwareProxyClientRequest() - - # Establish that the response is the type that we expect. - assert response is None - - -def test_delete_identity_aware_proxy_client_from_dict(): - test_delete_identity_aware_proxy_client(request_type=dict) - - -def test_delete_identity_aware_proxy_client_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_identity_aware_proxy_client), - '__call__') as call: - client.delete_identity_aware_proxy_client() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == service.DeleteIdentityAwareProxyClientRequest() - - -@pytest.mark.asyncio -async def test_delete_identity_aware_proxy_client_async(transport: str = 'grpc_asyncio', request_type=service.DeleteIdentityAwareProxyClientRequest): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_identity_aware_proxy_client), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) - response = await client.delete_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == service.DeleteIdentityAwareProxyClientRequest() - - # Establish that the response is the type that we expect. - assert response is None - - -@pytest.mark.asyncio -async def test_delete_identity_aware_proxy_client_async_from_dict(): - await test_delete_identity_aware_proxy_client_async(request_type=dict) - - -def test_delete_identity_aware_proxy_client_field_headers(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.DeleteIdentityAwareProxyClientRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_identity_aware_proxy_client), - '__call__') as call: - call.return_value = None - client.delete_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_delete_identity_aware_proxy_client_field_headers_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = service.DeleteIdentityAwareProxyClientRequest() - - request.name = 'name/value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_identity_aware_proxy_client), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) - await client.delete_identity_aware_proxy_client(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name/value', - ) in kw['metadata'] - - -def test_credentials_transport_error(): - # It is an error to provide credentials and a transport instance. - transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # It is an error to provide a credentials file and a transport instance. - transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = IdentityAwareProxyOAuthServiceClient( - client_options={"credentials_file": "credentials.json"}, - transport=transport, - ) - - # It is an error to provide scopes and a transport instance. - transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = IdentityAwareProxyOAuthServiceClient( - client_options={"scopes": ["1", "2"]}, - transport=transport, - ) - - -def test_transport_instance(): - # A client may be instantiated with a custom transport instance. - transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - client = IdentityAwareProxyOAuthServiceClient(transport=transport) - assert client.transport is transport - -def test_transport_get_channel(): - # A client may be instantiated with a custom transport instance. - transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - - transport = transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - -@pytest.mark.parametrize("transport_class", [ - transports.IdentityAwareProxyOAuthServiceGrpcTransport, - transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, -]) -def test_transport_adc(transport_class): - # Test default credentials are used if not provided. - with mock.patch.object(google.auth, 'default') as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class() - adc.assert_called_once() - -def test_transport_grpc_default(): - # A client should use the gRPC transport by default. - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - assert isinstance( - client.transport, - transports.IdentityAwareProxyOAuthServiceGrpcTransport, - ) - -def test_identity_aware_proxy_o_auth_service_base_transport_error(): - # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(core_exceptions.DuplicateCredentialArgs): - transport = transports.IdentityAwareProxyOAuthServiceTransport( - credentials=ga_credentials.AnonymousCredentials(), - credentials_file="credentials.json" - ) - - -def test_identity_aware_proxy_o_auth_service_base_transport(): - # Instantiate the base transport. - with mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport.__init__') as Transport: - Transport.return_value = None - transport = transports.IdentityAwareProxyOAuthServiceTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Every method on the transport should just blindly - # raise NotImplementedError. - methods = ( - 'list_brands', - 'create_brand', - 'get_brand', - 'create_identity_aware_proxy_client', - 'list_identity_aware_proxy_clients', - 'get_identity_aware_proxy_client', - 'reset_identity_aware_proxy_client_secret', - 'delete_identity_aware_proxy_client', - ) - for method in methods: - with pytest.raises(NotImplementedError): - getattr(transport, method)(request=object()) - - with pytest.raises(NotImplementedError): - transport.close() - - -@requires_google_auth_gte_1_25_0 -def test_identity_aware_proxy_o_auth_service_base_transport_with_credentials_file(): - # Instantiate the base transport with a credentials file - with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.IdentityAwareProxyOAuthServiceTransport( - credentials_file="credentials.json", - quota_project_id="octopus", - ) - load_creds.assert_called_once_with("credentials.json", - scopes=None, - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id="octopus", - ) - - -@requires_google_auth_lt_1_25_0 -def test_identity_aware_proxy_o_auth_service_base_transport_with_credentials_file_old_google_auth(): - # Instantiate the base transport with a credentials file - with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.IdentityAwareProxyOAuthServiceTransport( - credentials_file="credentials.json", - quota_project_id="octopus", - ) - load_creds.assert_called_once_with("credentials.json", scopes=( - 'https://www.googleapis.com/auth/cloud-platform', - ), - quota_project_id="octopus", - ) - - -def test_identity_aware_proxy_o_auth_service_base_transport_with_adc(): - # Test the default credentials are used if credentials and credentials_file are None. - with mock.patch.object(google.auth, 'default', autospec=True) as adc, mock.patch('google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service.transports.IdentityAwareProxyOAuthServiceTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.IdentityAwareProxyOAuthServiceTransport() - adc.assert_called_once() - - -@requires_google_auth_gte_1_25_0 -def test_identity_aware_proxy_o_auth_service_auth_adc(): - # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - IdentityAwareProxyOAuthServiceClient() - adc.assert_called_once_with( - scopes=None, - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id=None, - ) - - -@requires_google_auth_lt_1_25_0 -def test_identity_aware_proxy_o_auth_service_auth_adc_old_google_auth(): - # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - IdentityAwareProxyOAuthServiceClient() - adc.assert_called_once_with( - scopes=( 'https://www.googleapis.com/auth/cloud-platform',), - quota_project_id=None, - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.IdentityAwareProxyOAuthServiceGrpcTransport, - transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, - ], -) -@requires_google_auth_gte_1_25_0 -def test_identity_aware_proxy_o_auth_service_transport_auth_adc(transport_class): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - adc.assert_called_once_with( - scopes=["1", "2"], - default_scopes=( 'https://www.googleapis.com/auth/cloud-platform',), - quota_project_id="octopus", - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.IdentityAwareProxyOAuthServiceGrpcTransport, - transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, - ], -) -@requires_google_auth_lt_1_25_0 -def test_identity_aware_proxy_o_auth_service_transport_auth_adc_old_google_auth(transport_class): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class(quota_project_id="octopus") - adc.assert_called_once_with(scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id="octopus", - ) - - -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.IdentityAwareProxyOAuthServiceGrpcTransport, grpc_helpers), - (transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, grpc_helpers_async) - ], -) -def test_identity_aware_proxy_o_auth_service_transport_create_channel(transport_class, grpc_helpers): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - transport_class( - quota_project_id="octopus", - scopes=["1", "2"] - ) - - create_channel.assert_called_with( - "iap.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - scopes=["1", "2"], - default_host="iap.googleapis.com", - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyOAuthServiceGrpcTransport, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport]) -def test_identity_aware_proxy_o_auth_service_grpc_transport_client_cert_source_for_mtls( - transport_class -): - cred = ga_credentials.AnonymousCredentials() - - # Check ssl_channel_credentials is used if provided. - with mock.patch.object(transport_class, "create_channel") as mock_create_channel: - mock_ssl_channel_creds = mock.Mock() - transport_class( - host="squid.clam.whelk", - credentials=cred, - ssl_channel_credentials=mock_ssl_channel_creds - ) - mock_create_channel.assert_called_once_with( - "squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_channel_creds, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls - # is used. - with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): - with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: - transport_class( - credentials=cred, - client_cert_source_for_mtls=client_cert_source_callback - ) - expected_cert, expected_key = client_cert_source_callback() - mock_ssl_cred.assert_called_once_with( - certificate_chain=expected_cert, - private_key=expected_key - ) - - -def test_identity_aware_proxy_o_auth_service_host_no_port(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com'), - ) - assert client.transport._host == 'iap.googleapis.com:443' - - -def test_identity_aware_proxy_o_auth_service_host_with_port(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions(api_endpoint='iap.googleapis.com:8000'), - ) - assert client.transport._host == 'iap.googleapis.com:8000' - -def test_identity_aware_proxy_o_auth_service_grpc_transport_channel(): - channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.IdentityAwareProxyOAuthServiceGrpcTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -def test_identity_aware_proxy_o_auth_service_grpc_asyncio_transport_channel(): - channel = aio.secure_channel('http://localhost/', grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyOAuthServiceGrpcTransport, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport]) -def test_identity_aware_proxy_o_auth_service_transport_channel_mtls_with_client_cert_source( - transport_class -): - with mock.patch("grpc.ssl_channel_credentials", autospec=True) as grpc_ssl_channel_cred: - with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: - mock_ssl_cred = mock.Mock() - grpc_ssl_channel_cred.return_value = mock_ssl_cred - - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - - cred = ga_credentials.AnonymousCredentials() - with pytest.warns(DeprecationWarning): - with mock.patch.object(google.auth, 'default') as adc: - adc.return_value = (cred, None) - transport = transport_class( - host="squid.clam.whelk", - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=client_cert_source_callback, - ) - adc.assert_called_once() - - grpc_ssl_channel_cred.assert_called_once_with( - certificate_chain=b"cert bytes", private_key=b"key bytes" - ) - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - assert transport._ssl_channel_credentials == mock_ssl_cred - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize("transport_class", [transports.IdentityAwareProxyOAuthServiceGrpcTransport, transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport]) -def test_identity_aware_proxy_o_auth_service_transport_channel_mtls_with_adc( - transport_class -): - mock_ssl_cred = mock.Mock() - with mock.patch.multiple( - "google.auth.transport.grpc.SslCredentials", - __init__=mock.Mock(return_value=None), - ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), - ): - with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - mock_cred = mock.Mock() - - with pytest.warns(DeprecationWarning): - transport = transport_class( - host="squid.clam.whelk", - credentials=mock_cred, - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=None, - ) - - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=mock_cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - - -def test_common_billing_account_path(): - billing_account = "squid" - expected = "billingAccounts/{billing_account}".format(billing_account=billing_account, ) - actual = IdentityAwareProxyOAuthServiceClient.common_billing_account_path(billing_account) - assert expected == actual - - -def test_parse_common_billing_account_path(): - expected = { - "billing_account": "clam", - } - path = IdentityAwareProxyOAuthServiceClient.common_billing_account_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyOAuthServiceClient.parse_common_billing_account_path(path) - assert expected == actual - -def test_common_folder_path(): - folder = "whelk" - expected = "folders/{folder}".format(folder=folder, ) - actual = IdentityAwareProxyOAuthServiceClient.common_folder_path(folder) - assert expected == actual - - -def test_parse_common_folder_path(): - expected = { - "folder": "octopus", - } - path = IdentityAwareProxyOAuthServiceClient.common_folder_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyOAuthServiceClient.parse_common_folder_path(path) - assert expected == actual - -def test_common_organization_path(): - organization = "oyster" - expected = "organizations/{organization}".format(organization=organization, ) - actual = IdentityAwareProxyOAuthServiceClient.common_organization_path(organization) - assert expected == actual - - -def test_parse_common_organization_path(): - expected = { - "organization": "nudibranch", - } - path = IdentityAwareProxyOAuthServiceClient.common_organization_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyOAuthServiceClient.parse_common_organization_path(path) - assert expected == actual - -def test_common_project_path(): - project = "cuttlefish" - expected = "projects/{project}".format(project=project, ) - actual = IdentityAwareProxyOAuthServiceClient.common_project_path(project) - assert expected == actual - - -def test_parse_common_project_path(): - expected = { - "project": "mussel", - } - path = IdentityAwareProxyOAuthServiceClient.common_project_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyOAuthServiceClient.parse_common_project_path(path) - assert expected == actual - -def test_common_location_path(): - project = "winkle" - location = "nautilus" - expected = "projects/{project}/locations/{location}".format(project=project, location=location, ) - actual = IdentityAwareProxyOAuthServiceClient.common_location_path(project, location) - assert expected == actual - - -def test_parse_common_location_path(): - expected = { - "project": "scallop", - "location": "abalone", - } - path = IdentityAwareProxyOAuthServiceClient.common_location_path(**expected) - - # Check that the path construction is reversible. - actual = IdentityAwareProxyOAuthServiceClient.parse_common_location_path(path) - assert expected == actual - - -def test_client_withDEFAULT_CLIENT_INFO(): - client_info = gapic_v1.client_info.ClientInfo() - - with mock.patch.object(transports.IdentityAwareProxyOAuthServiceTransport, '_prep_wrapped_messages') as prep: - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - with mock.patch.object(transports.IdentityAwareProxyOAuthServiceTransport, '_prep_wrapped_messages') as prep: - transport_class = IdentityAwareProxyOAuthServiceClient.get_transport_class() - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - -@pytest.mark.asyncio -async def test_transport_close_async(): - client = IdentityAwareProxyOAuthServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc_asyncio", - ) - with mock.patch.object(type(getattr(client.transport, "grpc_channel")), "close") as close: - async with client: - close.assert_not_called() - close.assert_called_once() - -def test_transport_close(): - transports = { - "grpc": "_grpc_channel", - } - - for transport, close_name in transports.items(): - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport - ) - with mock.patch.object(type(getattr(client.transport, close_name)), "close") as close: - with client: - close.assert_not_called() - close.assert_called_once() - -def test_client_ctx(): - transports = [ - 'grpc', - ] - for transport in transports: - client = IdentityAwareProxyOAuthServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport - ) - # Test client calls underlying transport. - with mock.patch.object(type(client.transport), "close") as close: - close.assert_not_called() - with client: - pass - close.assert_called() diff --git a/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py b/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py index f34f677..0d9c828 100644 --- a/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py +++ b/tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py @@ -29,6 +29,7 @@ from google.api_core import gapic_v1 from google.api_core import grpc_helpers from google.api_core import grpc_helpers_async +from google.api_core import path_template from google.auth import credentials as ga_credentials from google.auth.exceptions import MutualTLSChannelError from google.cloud.iap_v1.services.identity_aware_proxy_admin_service import ( @@ -1413,6 +1414,9 @@ def test_identity_aware_proxy_admin_service_base_transport(): with pytest.raises(NotImplementedError): getattr(transport, method)(request=object()) + with pytest.raises(NotImplementedError): + transport.close() + @requires_google_auth_gte_1_25_0 def test_identity_aware_proxy_admin_service_base_transport_with_credentials_file(): @@ -1886,3 +1890,49 @@ def test_client_withDEFAULT_CLIENT_INFO(): credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, ) prep.assert_called_once_with(client_info) + + +@pytest.mark.asyncio +async def test_transport_close_async(): + client = IdentityAwareProxyAdminServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc_asyncio", + ) + with mock.patch.object( + type(getattr(client.transport, "grpc_channel")), "close" + ) as close: + async with client: + close.assert_not_called() + close.assert_called_once() + + +def test_transport_close(): + transports = { + "grpc": "_grpc_channel", + } + + for transport, close_name in transports.items(): + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + with mock.patch.object( + type(getattr(client.transport, close_name)), "close" + ) as close: + with client: + close.assert_not_called() + close.assert_called_once() + + +def test_client_ctx(): + transports = [ + "grpc", + ] + for transport in transports: + client = IdentityAwareProxyAdminServiceClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + # Test client calls underlying transport. + with mock.patch.object(type(client.transport), "close") as close: + close.assert_not_called() + with client: + pass + close.assert_called() diff --git a/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py b/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py index 428e965..421da4d 100644 --- a/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py +++ b/tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py @@ -29,6 +29,7 @@ from google.api_core import gapic_v1 from google.api_core import grpc_helpers from google.api_core import grpc_helpers_async +from google.api_core import path_template from google.auth import credentials as ga_credentials from google.auth.exceptions import MutualTLSChannelError from google.cloud.iap_v1.services.identity_aware_proxy_o_auth_service import ( @@ -2023,6 +2024,9 @@ def test_identity_aware_proxy_o_auth_service_base_transport(): with pytest.raises(NotImplementedError): getattr(transport, method)(request=object()) + with pytest.raises(NotImplementedError): + transport.close() + @requires_google_auth_gte_1_25_0 def test_identity_aware_proxy_o_auth_service_base_transport_with_credentials_file(): @@ -2496,3 +2500,49 @@ def test_client_withDEFAULT_CLIENT_INFO(): credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, ) prep.assert_called_once_with(client_info) + + +@pytest.mark.asyncio +async def test_transport_close_async(): + client = IdentityAwareProxyOAuthServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc_asyncio", + ) + with mock.patch.object( + type(getattr(client.transport, "grpc_channel")), "close" + ) as close: + async with client: + close.assert_not_called() + close.assert_called_once() + + +def test_transport_close(): + transports = { + "grpc": "_grpc_channel", + } + + for transport, close_name in transports.items(): + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + with mock.patch.object( + type(getattr(client.transport, close_name)), "close" + ) as close: + with client: + close.assert_not_called() + close.assert_called_once() + + +def test_client_ctx(): + transports = [ + "grpc", + ] + for transport in transports: + client = IdentityAwareProxyOAuthServiceClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + # Test client calls underlying transport. + with mock.patch.object(type(client.transport), "close") as close: + close.assert_not_called() + with client: + pass + close.assert_called()