From ad65aade357a811bcd41344702d48c497034c9e1 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 20 May 2021 18:02:41 -0600 Subject: [PATCH] chore: upgrade gapic-generator-python to 0.46.3 (#19) fix: add async client to %name_%version/init.py feat: support self-signed JWT flow for service accounts chore: enable GAPIC metadata generation chore: sort subpackages in %namespace/%name/init.py --- google/cloud/policytroubleshooter/__init__.py | 20 +- .../cloud/policytroubleshooter_v1/__init__.py | 9 +- .../gapic_metadata.json | 33 ++ .../services/__init__.py | 1 - .../services/iam_checker/__init__.py | 2 - .../services/iam_checker/async_client.py | 25 +- .../services/iam_checker/client.py | 59 ++-- .../iam_checker/transports/__init__.py | 2 - .../services/iam_checker/transports/base.py | 104 +++++-- .../services/iam_checker/transports/grpc.py | 22 +- .../iam_checker/transports/grpc_asyncio.py | 23 +- .../policytroubleshooter_v1/types/__init__.py | 2 - .../policytroubleshooter_v1/types/checker.py | 4 - .../types/explanations.py | 35 +-- .../fixup_policytroubleshooter_v1_keywords.py | 7 +- setup.py | 1 + testing/constraints-3.6.txt | 2 + tests/__init__.py | 15 + tests/unit/__init__.py | 15 + tests/unit/gapic/__init__.py | 15 + .../gapic/policytroubleshooter_v1/__init__.py | 1 - .../test_iam_checker.py | 292 ++++++++++++++---- 22 files changed, 486 insertions(+), 203 deletions(-) create mode 100644 google/cloud/policytroubleshooter_v1/gapic_metadata.json create mode 100644 tests/__init__.py create mode 100644 tests/unit/__init__.py create mode 100644 tests/unit/gapic/__init__.py diff --git a/google/cloud/policytroubleshooter/__init__.py b/google/cloud/policytroubleshooter/__init__.py index 7a04686..48a4b45 100644 --- a/google/cloud/policytroubleshooter/__init__.py +++ b/google/cloud/policytroubleshooter/__init__.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,32 +14,33 @@ # limitations under the License. # -from google.cloud.policytroubleshooter_v1.services.iam_checker.async_client import ( - IamCheckerAsyncClient, -) from google.cloud.policytroubleshooter_v1.services.iam_checker.client import ( IamCheckerClient, ) +from google.cloud.policytroubleshooter_v1.services.iam_checker.async_client import ( + IamCheckerAsyncClient, +) + from google.cloud.policytroubleshooter_v1.types.checker import ( TroubleshootIamPolicyRequest, ) from google.cloud.policytroubleshooter_v1.types.checker import ( TroubleshootIamPolicyResponse, ) -from google.cloud.policytroubleshooter_v1.types.explanations import AccessState from google.cloud.policytroubleshooter_v1.types.explanations import AccessTuple from google.cloud.policytroubleshooter_v1.types.explanations import BindingExplanation from google.cloud.policytroubleshooter_v1.types.explanations import ExplainedPolicy +from google.cloud.policytroubleshooter_v1.types.explanations import AccessState from google.cloud.policytroubleshooter_v1.types.explanations import HeuristicRelevance __all__ = ( - "AccessState", + "IamCheckerClient", + "IamCheckerAsyncClient", + "TroubleshootIamPolicyRequest", + "TroubleshootIamPolicyResponse", "AccessTuple", "BindingExplanation", "ExplainedPolicy", + "AccessState", "HeuristicRelevance", - "IamCheckerAsyncClient", - "IamCheckerClient", - "TroubleshootIamPolicyRequest", - "TroubleshootIamPolicyResponse", ) diff --git a/google/cloud/policytroubleshooter_v1/__init__.py b/google/cloud/policytroubleshooter_v1/__init__.py index 72967a3..bb51d51 100644 --- a/google/cloud/policytroubleshooter_v1/__init__.py +++ b/google/cloud/policytroubleshooter_v1/__init__.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,22 +15,24 @@ # from .services.iam_checker import IamCheckerClient +from .services.iam_checker import IamCheckerAsyncClient + from .types.checker import TroubleshootIamPolicyRequest from .types.checker import TroubleshootIamPolicyResponse -from .types.explanations import AccessState from .types.explanations import AccessTuple from .types.explanations import BindingExplanation from .types.explanations import ExplainedPolicy +from .types.explanations import AccessState from .types.explanations import HeuristicRelevance - __all__ = ( + "IamCheckerAsyncClient", "AccessState", "AccessTuple", "BindingExplanation", "ExplainedPolicy", "HeuristicRelevance", + "IamCheckerClient", "TroubleshootIamPolicyRequest", "TroubleshootIamPolicyResponse", - "IamCheckerClient", ) diff --git a/google/cloud/policytroubleshooter_v1/gapic_metadata.json b/google/cloud/policytroubleshooter_v1/gapic_metadata.json new file mode 100644 index 0000000..d4950b1 --- /dev/null +++ b/google/cloud/policytroubleshooter_v1/gapic_metadata.json @@ -0,0 +1,33 @@ + { + "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", + "language": "python", + "libraryPackage": "google.cloud.policytroubleshooter_v1", + "protoPackage": "google.cloud.policytroubleshooter.v1", + "schema": "1.0", + "services": { + "IamChecker": { + "clients": { + "grpc": { + "libraryClient": "IamCheckerClient", + "rpcs": { + "TroubleshootIamPolicy": { + "methods": [ + "troubleshoot_iam_policy" + ] + } + } + }, + "grpc-async": { + "libraryClient": "IamCheckerAsyncClient", + "rpcs": { + "TroubleshootIamPolicy": { + "methods": [ + "troubleshoot_iam_policy" + ] + } + } + } + } + } + } +} diff --git a/google/cloud/policytroubleshooter_v1/services/__init__.py b/google/cloud/policytroubleshooter_v1/services/__init__.py index 42ffdf2..4de6597 100644 --- a/google/cloud/policytroubleshooter_v1/services/__init__.py +++ b/google/cloud/policytroubleshooter_v1/services/__init__.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/google/cloud/policytroubleshooter_v1/services/iam_checker/__init__.py b/google/cloud/policytroubleshooter_v1/services/iam_checker/__init__.py index 6d44645..0c9260e 100644 --- a/google/cloud/policytroubleshooter_v1/services/iam_checker/__init__.py +++ b/google/cloud/policytroubleshooter_v1/services/iam_checker/__init__.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - from .client import IamCheckerClient from .async_client import IamCheckerAsyncClient diff --git a/google/cloud/policytroubleshooter_v1/services/iam_checker/async_client.py b/google/cloud/policytroubleshooter_v1/services/iam_checker/async_client.py index 6c11eb1..b577b0e 100644 --- a/google/cloud/policytroubleshooter_v1/services/iam_checker/async_client.py +++ b/google/cloud/policytroubleshooter_v1/services/iam_checker/async_client.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - from collections import OrderedDict import functools import re @@ -22,15 +20,14 @@ import pkg_resources import google.api_core.client_options as ClientOptions # type: ignore -from google.api_core import exceptions # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore from google.api_core import gapic_v1 # type: ignore from google.api_core import retry as retries # type: ignore -from google.auth import credentials # type: ignore +from google.auth import credentials as ga_credentials # type: ignore from google.oauth2 import service_account # type: ignore from google.cloud.policytroubleshooter_v1.types import checker from google.cloud.policytroubleshooter_v1.types import explanations - from .transports.base import IamCheckerTransport, DEFAULT_CLIENT_INFO from .transports.grpc_asyncio import IamCheckerGrpcAsyncIOTransport from .client import IamCheckerClient @@ -53,18 +50,14 @@ class IamCheckerAsyncClient: parse_common_billing_account_path = staticmethod( IamCheckerClient.parse_common_billing_account_path ) - common_folder_path = staticmethod(IamCheckerClient.common_folder_path) parse_common_folder_path = staticmethod(IamCheckerClient.parse_common_folder_path) - common_organization_path = staticmethod(IamCheckerClient.common_organization_path) parse_common_organization_path = staticmethod( IamCheckerClient.parse_common_organization_path ) - common_project_path = staticmethod(IamCheckerClient.common_project_path) parse_common_project_path = staticmethod(IamCheckerClient.parse_common_project_path) - common_location_path = staticmethod(IamCheckerClient.common_location_path) parse_common_location_path = staticmethod( IamCheckerClient.parse_common_location_path @@ -72,7 +65,8 @@ class IamCheckerAsyncClient: @classmethod def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials info. + """Creates an instance of this client using the provided credentials + info. Args: info (dict): The service account private key info. @@ -87,7 +81,7 @@ def from_service_account_info(cls, info: dict, *args, **kwargs): @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials - file. + file. Args: filename (str): The path to the service account private key json @@ -104,7 +98,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): @property def transport(self) -> IamCheckerTransport: - """Return the transport used by the client instance. + """Returns the transport used by the client instance. Returns: IamCheckerTransport: The transport used by the client instance. @@ -118,12 +112,12 @@ def transport(self) -> IamCheckerTransport: def __init__( self, *, - credentials: credentials.Credentials = None, + credentials: ga_credentials.Credentials = None, transport: Union[str, IamCheckerTransport] = "grpc_asyncio", client_options: ClientOptions = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: - """Instantiate the iam checker client. + """Instantiates the iam checker client. Args: credentials (Optional[google.auth.credentials.Credentials]): The @@ -155,7 +149,6 @@ def __init__( google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport creation failed for any reason. """ - self._client = IamCheckerClient( credentials=credentials, transport=transport, @@ -179,7 +172,6 @@ async def troubleshoot_iam_policy( request (:class:`google.cloud.policytroubleshooter_v1.types.TroubleshootIamPolicyRequest`): The request object. Request for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. - retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. @@ -193,7 +185,6 @@ async def troubleshoot_iam_policy( """ # Create or coerce a protobuf request object. - request = checker.TroubleshootIamPolicyRequest(request) # Wrap the RPC method; this adds retry and timeout information, diff --git a/google/cloud/policytroubleshooter_v1/services/iam_checker/client.py b/google/cloud/policytroubleshooter_v1/services/iam_checker/client.py index 22f94d4..85b2b6e 100644 --- a/google/cloud/policytroubleshooter_v1/services/iam_checker/client.py +++ b/google/cloud/policytroubleshooter_v1/services/iam_checker/client.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - from collections import OrderedDict from distutils import util import os @@ -23,10 +21,10 @@ import pkg_resources from google.api_core import client_options as client_options_lib # type: ignore -from google.api_core import exceptions # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore from google.api_core import gapic_v1 # type: ignore from google.api_core import retry as retries # type: ignore -from google.auth import credentials # type: ignore +from google.auth import credentials as ga_credentials # type: ignore from google.auth.transport import mtls # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore from google.auth.exceptions import MutualTLSChannelError # type: ignore @@ -34,7 +32,6 @@ from google.cloud.policytroubleshooter_v1.types import checker from google.cloud.policytroubleshooter_v1.types import explanations - from .transports.base import IamCheckerTransport, DEFAULT_CLIENT_INFO from .transports.grpc import IamCheckerGrpcTransport from .transports.grpc_asyncio import IamCheckerGrpcAsyncIOTransport @@ -53,7 +50,7 @@ class IamCheckerClientMeta(type): _transport_registry["grpc_asyncio"] = IamCheckerGrpcAsyncIOTransport def get_transport_class(cls, label: str = None,) -> Type[IamCheckerTransport]: - """Return an appropriate transport class. + """Returns an appropriate transport class. Args: label: The name of the desired transport. If none is @@ -79,7 +76,8 @@ class IamCheckerClient(metaclass=IamCheckerClientMeta): @staticmethod def _get_default_mtls_endpoint(api_endpoint): - """Convert api endpoint to mTLS endpoint. + """Converts api endpoint to mTLS endpoint. + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. Args: @@ -113,7 +111,8 @@ def _get_default_mtls_endpoint(api_endpoint): @classmethod def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials info. + """Creates an instance of this client using the provided credentials + info. Args: info (dict): The service account private key info. @@ -130,7 +129,7 @@ def from_service_account_info(cls, info: dict, *args, **kwargs): @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials - file. + file. Args: filename (str): The path to the service account private key json @@ -149,16 +148,17 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): @property def transport(self) -> IamCheckerTransport: - """Return the transport used by the client instance. + """Returns the transport used by the client instance. Returns: - IamCheckerTransport: The transport used by the client instance. + IamCheckerTransport: The transport used by the client + instance. """ return self._transport @staticmethod def common_billing_account_path(billing_account: str,) -> str: - """Return a fully-qualified billing_account string.""" + """Returns a fully-qualified billing_account string.""" return "billingAccounts/{billing_account}".format( billing_account=billing_account, ) @@ -171,7 +171,7 @@ def parse_common_billing_account_path(path: str) -> Dict[str, str]: @staticmethod def common_folder_path(folder: str,) -> str: - """Return a fully-qualified folder string.""" + """Returns a fully-qualified folder string.""" return "folders/{folder}".format(folder=folder,) @staticmethod @@ -182,7 +182,7 @@ def parse_common_folder_path(path: str) -> Dict[str, str]: @staticmethod def common_organization_path(organization: str,) -> str: - """Return a fully-qualified organization string.""" + """Returns a fully-qualified organization string.""" return "organizations/{organization}".format(organization=organization,) @staticmethod @@ -193,7 +193,7 @@ def parse_common_organization_path(path: str) -> Dict[str, str]: @staticmethod def common_project_path(project: str,) -> str: - """Return a fully-qualified project string.""" + """Returns a fully-qualified project string.""" return "projects/{project}".format(project=project,) @staticmethod @@ -204,7 +204,7 @@ def parse_common_project_path(path: str) -> Dict[str, str]: @staticmethod def common_location_path(project: str, location: str,) -> str: - """Return a fully-qualified location string.""" + """Returns a fully-qualified location string.""" return "projects/{project}/locations/{location}".format( project=project, location=location, ) @@ -218,12 +218,12 @@ def parse_common_location_path(path: str) -> Dict[str, str]: def __init__( self, *, - credentials: Optional[credentials.Credentials] = None, + credentials: Optional[ga_credentials.Credentials] = None, transport: Union[str, IamCheckerTransport, None] = None, client_options: Optional[client_options_lib.ClientOptions] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: - """Instantiate the iam checker client. + """Instantiates the iam checker client. Args: credentials (Optional[google.auth.credentials.Credentials]): The @@ -278,9 +278,10 @@ def __init__( client_cert_source_func = client_options.client_cert_source else: is_mtls = mtls.has_default_client_cert_source() - client_cert_source_func = ( - mtls.default_client_cert_source() if is_mtls else None - ) + if is_mtls: + client_cert_source_func = mtls.default_client_cert_source() + else: + client_cert_source_func = None # Figure out which api endpoint to use. if client_options.api_endpoint is not None: @@ -292,12 +293,14 @@ def __init__( elif use_mtls_env == "always": api_endpoint = self.DEFAULT_MTLS_ENDPOINT elif use_mtls_env == "auto": - api_endpoint = ( - self.DEFAULT_MTLS_ENDPOINT if is_mtls else self.DEFAULT_ENDPOINT - ) + if is_mtls: + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = self.DEFAULT_ENDPOINT else: raise MutualTLSChannelError( - "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted values: never, auto, always" + "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " + "values: never, auto, always" ) # Save or instantiate the transport. @@ -312,8 +315,8 @@ def __init__( ) if client_options.scopes: raise ValueError( - "When providing a transport instance, " - "provide its scopes directly." + "When providing a transport instance, provide its scopes " + "directly." ) self._transport = transport else: @@ -344,7 +347,6 @@ def troubleshoot_iam_policy( request (google.cloud.policytroubleshooter_v1.types.TroubleshootIamPolicyRequest): The request object. Request for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.v1.IamChecker.TroubleshootIamPolicy]. - retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. @@ -358,7 +360,6 @@ def troubleshoot_iam_policy( """ # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes # in a checker.TroubleshootIamPolicyRequest. # There's no risk of modifying the input as we've already verified diff --git a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/__init__.py b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/__init__.py index 9ae7ea8..5822400 100644 --- a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/__init__.py +++ b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/__init__.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - from collections import OrderedDict from typing import Dict, Type diff --git a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/base.py b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/base.py index 954e5e7..9d4297f 100644 --- a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/base.py +++ b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/base.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,20 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. # - import abc -import typing +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union +import packaging.version import pkg_resources -from google import auth # type: ignore -from google.api_core import exceptions # type: ignore +import google.auth # type: ignore +import google.api_core # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore from google.api_core import gapic_v1 # type: ignore from google.api_core import retry as retries # type: ignore -from google.auth import credentials # type: ignore +from google.auth import credentials as ga_credentials # type: ignore from google.cloud.policytroubleshooter_v1.types import checker - try: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( gapic_version=pkg_resources.get_distribution( @@ -37,27 +36,41 @@ except pkg_resources.DistributionNotFound: DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() +try: + # google.auth.__version__ was added in 1.26.0 + _GOOGLE_AUTH_VERSION = google.auth.__version__ +except AttributeError: + try: # try pkg_resources if it is available + _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version + except pkg_resources.DistributionNotFound: # pragma: NO COVER + _GOOGLE_AUTH_VERSION = None + +_API_CORE_VERSION = google.api_core.__version__ + class IamCheckerTransport(abc.ABC): """Abstract transport class for IamChecker.""" AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",) + DEFAULT_HOST: str = "policytroubleshooter.googleapis.com" + def __init__( self, *, - host: str = "policytroubleshooter.googleapis.com", - credentials: credentials.Credentials = None, - credentials_file: typing.Optional[str] = None, - scopes: typing.Optional[typing.Sequence[str]] = AUTH_SCOPES, - quota_project_id: typing.Optional[str] = None, + host: str = DEFAULT_HOST, + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, **kwargs, ) -> None: """Instantiate the transport. Args: - host (Optional[str]): The hostname to connect to. + host (Optional[str]): + The hostname to connect to. credentials (Optional[google.auth.credentials.Credentials]): The authorization credentials to attach to requests. These credentials identify the application to the service; if none @@ -66,7 +79,7 @@ def __init__( credentials_file (Optional[str]): A file with credentials that can be loaded with :func:`google.auth.load_credentials_from_file`. This argument is mutually exclusive with credentials. - scope (Optional[Sequence[str]]): A list of scopes. + scopes (Optional[Sequence[str]]): A list of scopes. quota_project_id (Optional[str]): An optional project to use for billing and quota. client_info (google.api_core.gapic_v1.client_info.ClientInfo): @@ -80,29 +93,76 @@ def __init__( host += ":443" self._host = host + scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) + # Save the scopes. self._scopes = scopes or self.AUTH_SCOPES # If no credentials are provided, then determine the appropriate # defaults. if credentials and credentials_file: - raise exceptions.DuplicateCredentialArgs( + raise core_exceptions.DuplicateCredentialArgs( "'credentials_file' and 'credentials' are mutually exclusive" ) if credentials_file is not None: - credentials, _ = auth.load_credentials_from_file( - credentials_file, scopes=self._scopes, quota_project_id=quota_project_id + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, **scopes_kwargs, quota_project_id=quota_project_id ) elif credentials is None: - credentials, _ = auth.default( - scopes=self._scopes, quota_project_id=quota_project_id + credentials, _ = google.auth.default( + **scopes_kwargs, quota_project_id=quota_project_id ) # Save the credentials. self._credentials = credentials + # TODO(busunkim): These two class methods are in the base transport + # to avoid duplicating code across the transport classes. These functions + # should be deleted once the minimum required versions of google-api-core + # and google-auth are increased. + + # TODO: Remove this function once google-auth >= 1.25.0 is required + @classmethod + def _get_scopes_kwargs( + cls, host: str, scopes: Optional[Sequence[str]] + ) -> Dict[str, Optional[Sequence[str]]]: + """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" + + scopes_kwargs = {} + + if _GOOGLE_AUTH_VERSION and ( + packaging.version.parse(_GOOGLE_AUTH_VERSION) + >= packaging.version.parse("1.25.0") + ): + scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} + else: + scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} + + return scopes_kwargs + + # TODO: Remove this function once google-api-core >= 1.26.0 is required + @classmethod + def _get_self_signed_jwt_kwargs( + cls, host: str, scopes: Optional[Sequence[str]] + ) -> Dict[str, Union[Optional[Sequence[str]], str]]: + """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version""" + + self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {} + + if _API_CORE_VERSION and ( + packaging.version.parse(_API_CORE_VERSION) + >= packaging.version.parse("1.26.0") + ): + self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES + self_signed_jwt_kwargs["scopes"] = scopes + self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST + else: + self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES + + return self_signed_jwt_kwargs + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { @@ -116,11 +176,11 @@ def _prep_wrapped_messages(self, client_info): @property def troubleshoot_iam_policy( self, - ) -> typing.Callable[ + ) -> Callable[ [checker.TroubleshootIamPolicyRequest], - typing.Union[ + Union[ checker.TroubleshootIamPolicyResponse, - typing.Awaitable[checker.TroubleshootIamPolicyResponse], + Awaitable[checker.TroubleshootIamPolicyResponse], ], ]: raise NotImplementedError() diff --git a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc.py b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc.py index 118ee12..891cb65 100644 --- a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc.py +++ b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,20 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. # - import warnings -from typing import Callable, Dict, Optional, Sequence, Tuple +from typing import Callable, Dict, Optional, Sequence, Tuple, Union from google.api_core import grpc_helpers # type: ignore from google.api_core import gapic_v1 # type: ignore -from google import auth # type: ignore -from google.auth import credentials # type: ignore +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore import grpc # type: ignore from google.cloud.policytroubleshooter_v1.types import checker - from .base import IamCheckerTransport, DEFAULT_CLIENT_INFO @@ -52,7 +49,7 @@ def __init__( self, *, host: str = "policytroubleshooter.googleapis.com", - credentials: credentials.Credentials = None, + credentials: ga_credentials.Credentials = None, credentials_file: str = None, scopes: Sequence[str] = None, channel: grpc.Channel = None, @@ -66,7 +63,8 @@ def __init__( """Instantiate the transport. Args: - host (Optional[str]): The hostname to connect to. + host (Optional[str]): + The hostname to connect to. credentials (Optional[google.auth.credentials.Credentials]): The authorization credentials to attach to requests. These credentials identify the application to the service; if none @@ -176,7 +174,7 @@ def __init__( def create_channel( cls, host: str = "policytroubleshooter.googleapis.com", - credentials: credentials.Credentials = None, + credentials: ga_credentials.Credentials = None, credentials_file: str = None, scopes: Optional[Sequence[str]] = None, quota_project_id: Optional[str] = None, @@ -207,13 +205,15 @@ def create_channel( google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ - scopes = scopes or cls.AUTH_SCOPES + + self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes) + return grpc_helpers.create_channel( host, credentials=credentials, credentials_file=credentials_file, - scopes=scopes, quota_project_id=quota_project_id, + **self_signed_jwt_kwargs, **kwargs, ) diff --git a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc_asyncio.py b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc_asyncio.py index 3ee8fdd..02b95bf 100644 --- a/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc_asyncio.py +++ b/google/cloud/policytroubleshooter_v1/services/iam_checker/transports/grpc_asyncio.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,21 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. # - import warnings -from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union from google.api_core import gapic_v1 # type: ignore from google.api_core import grpc_helpers_async # type: ignore -from google import auth # type: ignore -from google.auth import credentials # type: ignore +from google.auth import credentials as ga_credentials # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore +import packaging.version import grpc # type: ignore from grpc.experimental import aio # type: ignore from google.cloud.policytroubleshooter_v1.types import checker - from .base import IamCheckerTransport, DEFAULT_CLIENT_INFO from .grpc import IamCheckerGrpcTransport @@ -55,7 +52,7 @@ class IamCheckerGrpcAsyncIOTransport(IamCheckerTransport): def create_channel( cls, host: str = "policytroubleshooter.googleapis.com", - credentials: credentials.Credentials = None, + credentials: ga_credentials.Credentials = None, credentials_file: Optional[str] = None, scopes: Optional[Sequence[str]] = None, quota_project_id: Optional[str] = None, @@ -82,13 +79,15 @@ def create_channel( Returns: aio.Channel: A gRPC AsyncIO channel object. """ - scopes = scopes or cls.AUTH_SCOPES + + self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes) + return grpc_helpers_async.create_channel( host, credentials=credentials, credentials_file=credentials_file, - scopes=scopes, quota_project_id=quota_project_id, + **self_signed_jwt_kwargs, **kwargs, ) @@ -96,7 +95,7 @@ def __init__( self, *, host: str = "policytroubleshooter.googleapis.com", - credentials: credentials.Credentials = None, + credentials: ga_credentials.Credentials = None, credentials_file: Optional[str] = None, scopes: Optional[Sequence[str]] = None, channel: aio.Channel = None, @@ -110,7 +109,8 @@ def __init__( """Instantiate the transport. Args: - host (Optional[str]): The hostname to connect to. + host (Optional[str]): + The hostname to connect to. credentials (Optional[google.auth.credentials.Credentials]): The authorization credentials to attach to requests. These credentials identify the application to the service; if none @@ -168,7 +168,6 @@ def __init__( # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None - else: if api_mtls_endpoint: host = api_mtls_endpoint diff --git a/google/cloud/policytroubleshooter_v1/types/__init__.py b/google/cloud/policytroubleshooter_v1/types/__init__.py index 50f84bc..58b413b 100644 --- a/google/cloud/policytroubleshooter_v1/types/__init__.py +++ b/google/cloud/policytroubleshooter_v1/types/__init__.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - from .checker import ( TroubleshootIamPolicyRequest, TroubleshootIamPolicyResponse, diff --git a/google/cloud/policytroubleshooter_v1/types/checker.py b/google/cloud/policytroubleshooter_v1/types/checker.py index f6fa773..26275ce 100644 --- a/google/cloud/policytroubleshooter_v1/types/checker.py +++ b/google/cloud/policytroubleshooter_v1/types/checker.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,10 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # - import proto # type: ignore - from google.cloud.policytroubleshooter_v1.types import explanations @@ -69,7 +66,6 @@ class TroubleshootIamPolicyResponse(proto.Message): """ access = proto.Field(proto.ENUM, number=1, enum=explanations.AccessState,) - explained_policies = proto.RepeatedField( proto.MESSAGE, number=2, message=explanations.ExplainedPolicy, ) diff --git a/google/cloud/policytroubleshooter_v1/types/explanations.py b/google/cloud/policytroubleshooter_v1/types/explanations.py index e66a21d..b06fbf8 100644 --- a/google/cloud/policytroubleshooter_v1/types/explanations.py +++ b/google/cloud/policytroubleshooter_v1/types/explanations.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,12 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. # - import proto # type: ignore - -from google.iam.v1 import policy_pb2 as gi_policy # type: ignore -from google.type import expr_pb2 as expr # type: ignore +from google.iam.v1 import policy_pb2 # type: ignore +from google.type import expr_pb2 # type: ignore __protobuf__ = proto.module( @@ -83,11 +80,9 @@ class AccessTuple(proto.Message): https://cloud.google.com/iam/help/roles/reference. """ - principal = proto.Field(proto.STRING, number=1) - - full_resource_name = proto.Field(proto.STRING, number=2) - - permission = proto.Field(proto.STRING, number=3) + principal = proto.Field(proto.STRING, number=1,) + full_resource_name = proto.Field(proto.STRING, number=2,) + permission = proto.Field(proto.STRING, number=3,) class ExplainedPolicy(proto.Message): @@ -137,15 +132,11 @@ class ExplainedPolicy(proto.Message): """ access = proto.Field(proto.ENUM, number=1, enum="AccessState",) - - full_resource_name = proto.Field(proto.STRING, number=2) - - policy = proto.Field(proto.MESSAGE, number=3, message=gi_policy.Policy,) - + full_resource_name = proto.Field(proto.STRING, number=2,) + policy = proto.Field(proto.MESSAGE, number=3, message=policy_pb2.Policy,) binding_explanations = proto.RepeatedField( proto.MESSAGE, number=4, message="BindingExplanation", ) - relevance = proto.Field(proto.ENUM, number=5, enum="HeuristicRelevance",) @@ -231,7 +222,6 @@ class Membership(proto.Enum): class AnnotatedMembership(proto.Message): r"""Details about whether the binding includes the member. - Attributes: membership (google.cloud.policytroubleshooter_v1.types.BindingExplanation.Membership): Indicates whether the binding includes the @@ -244,26 +234,19 @@ class AnnotatedMembership(proto.Message): membership = proto.Field( proto.ENUM, number=1, enum="BindingExplanation.Membership", ) - relevance = proto.Field(proto.ENUM, number=2, enum="HeuristicRelevance",) access = proto.Field(proto.ENUM, number=1, enum="AccessState",) - - role = proto.Field(proto.STRING, number=2) - + role = proto.Field(proto.STRING, number=2,) role_permission = proto.Field(proto.ENUM, number=3, enum=RolePermission,) - role_permission_relevance = proto.Field( proto.ENUM, number=4, enum="HeuristicRelevance", ) - memberships = proto.MapField( proto.STRING, proto.MESSAGE, number=5, message=AnnotatedMembership, ) - relevance = proto.Field(proto.ENUM, number=6, enum="HeuristicRelevance",) - - condition = proto.Field(proto.MESSAGE, number=7, message=expr.Expr,) + condition = proto.Field(proto.MESSAGE, number=7, message=expr_pb2.Expr,) __all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/scripts/fixup_policytroubleshooter_v1_keywords.py b/scripts/fixup_policytroubleshooter_v1_keywords.py index 8f142c7..e3169aa 100644 --- a/scripts/fixup_policytroubleshooter_v1_keywords.py +++ b/scripts/fixup_policytroubleshooter_v1_keywords.py @@ -1,6 +1,5 @@ #! /usr/bin/env python3 # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,7 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - import argparse import os import libcst as cst @@ -41,8 +39,7 @@ def partition( class policytroubleshooterCallTransformer(cst.CSTTransformer): CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'troubleshoot_iam_policy': ('access_tuple', ), - + 'troubleshoot_iam_policy': ('access_tuple', ), } def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: @@ -73,7 +70,7 @@ def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: value=cst.Dict([ cst.DictElement( cst.SimpleString("'{}'".format(name)), - cst.Element(value=arg.value) +cst.Element(value=arg.value) ) # Note: the args + kwargs looks silly, but keep in mind that # the control parameters had to be stripped out, and that diff --git a/setup.py b/setup.py index 9647170..d48cfaa 100644 --- a/setup.py +++ b/setup.py @@ -29,6 +29,7 @@ "libcst >= 0.2.5", "proto-plus >= 1.15.0", "grpc-google-iam-v1", + "packaging >= 14.3", ] package_root = os.path.abspath(os.path.dirname(__file__)) diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt index 5d1420d..a8a5ff6 100644 --- a/testing/constraints-3.6.txt +++ b/testing/constraints-3.6.txt @@ -23,3 +23,5 @@ google-api-core==1.22.2 grpc-google-iam-v1==0.12.3 libcst==0.2.5 proto-plus==1.15.0 +packaging==14.3 +google-auth==1.24.0 # TODO: remove when google-auth>=1.25.0 is transitively required through google-api-core diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 0000000..4de6597 --- /dev/null +++ b/tests/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/__init__.py b/tests/unit/__init__.py new file mode 100644 index 0000000..4de6597 --- /dev/null +++ b/tests/unit/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/gapic/__init__.py b/tests/unit/gapic/__init__.py new file mode 100644 index 0000000..4de6597 --- /dev/null +++ b/tests/unit/gapic/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/gapic/policytroubleshooter_v1/__init__.py b/tests/unit/gapic/policytroubleshooter_v1/__init__.py index 42ffdf2..4de6597 100644 --- a/tests/unit/gapic/policytroubleshooter_v1/__init__.py +++ b/tests/unit/gapic/policytroubleshooter_v1/__init__.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/tests/unit/gapic/policytroubleshooter_v1/test_iam_checker.py b/tests/unit/gapic/policytroubleshooter_v1/test_iam_checker.py index 88b297c..2b3c037 100644 --- a/tests/unit/gapic/policytroubleshooter_v1/test_iam_checker.py +++ b/tests/unit/gapic/policytroubleshooter_v1/test_iam_checker.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- - # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,9 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. # - import os import mock +import packaging.version import grpc from grpc.experimental import aio @@ -24,22 +23,52 @@ import pytest from proto.marshal.rules.dates import DurationRule, TimestampRule -from google import auth + from google.api_core import client_options -from google.api_core import exceptions +from google.api_core import exceptions as core_exceptions from google.api_core import gapic_v1 from google.api_core import grpc_helpers from google.api_core import grpc_helpers_async -from google.auth import credentials +from google.auth import credentials as ga_credentials from google.auth.exceptions import MutualTLSChannelError from google.cloud.policytroubleshooter_v1.services.iam_checker import ( IamCheckerAsyncClient, ) from google.cloud.policytroubleshooter_v1.services.iam_checker import IamCheckerClient from google.cloud.policytroubleshooter_v1.services.iam_checker import transports +from google.cloud.policytroubleshooter_v1.services.iam_checker.transports.base import ( + _API_CORE_VERSION, +) +from google.cloud.policytroubleshooter_v1.services.iam_checker.transports.base import ( + _GOOGLE_AUTH_VERSION, +) from google.cloud.policytroubleshooter_v1.types import checker from google.cloud.policytroubleshooter_v1.types import explanations from google.oauth2 import service_account +import google.auth + + +# TODO(busunkim): Once google-api-core >= 1.26.0 is required: +# - Delete all the api-core and auth "less than" test cases +# - Delete these pytest markers (Make the "greater than or equal to" tests the default). +requires_google_auth_lt_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), + reason="This test requires google-auth < 1.25.0", +) +requires_google_auth_gte_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), + reason="This test requires google-auth >= 1.25.0", +) + +requires_api_core_lt_1_26_0 = pytest.mark.skipif( + packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"), + reason="This test requires google-api-core < 1.26.0", +) + +requires_api_core_gte_1_26_0 = pytest.mark.skipif( + packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"), + reason="This test requires google-api-core >= 1.26.0", +) def client_cert_source_callback(): @@ -85,7 +114,7 @@ def test__get_default_mtls_endpoint(): @pytest.mark.parametrize("client_class", [IamCheckerClient, IamCheckerAsyncClient,]) def test_iam_checker_client_from_service_account_info(client_class): - creds = credentials.AnonymousCredentials() + creds = ga_credentials.AnonymousCredentials() with mock.patch.object( service_account.Credentials, "from_service_account_info" ) as factory: @@ -100,7 +129,7 @@ def test_iam_checker_client_from_service_account_info(client_class): @pytest.mark.parametrize("client_class", [IamCheckerClient, IamCheckerAsyncClient,]) def test_iam_checker_client_from_service_account_file(client_class): - creds = credentials.AnonymousCredentials() + creds = ga_credentials.AnonymousCredentials() with mock.patch.object( service_account.Credentials, "from_service_account_file" ) as factory: @@ -151,7 +180,7 @@ def test_iam_checker_client_client_options( ): # Check that if channel is provided we won't create a new one. with mock.patch.object(IamCheckerClient, "get_transport_class") as gtc: - transport = transport_class(credentials=credentials.AnonymousCredentials()) + transport = transport_class(credentials=ga_credentials.AnonymousCredentials()) client = client_class(transport=transport) gtc.assert_not_called() @@ -435,7 +464,7 @@ def test_troubleshoot_iam_policy( transport: str = "grpc", request_type=checker.TroubleshootIamPolicyRequest ): client = IamCheckerClient( - credentials=credentials.AnonymousCredentials(), transport=transport, + credentials=ga_credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, @@ -450,19 +479,15 @@ def test_troubleshoot_iam_policy( call.return_value = checker.TroubleshootIamPolicyResponse( access=explanations.AccessState.GRANTED, ) - response = client.troubleshoot_iam_policy(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == checker.TroubleshootIamPolicyRequest() # Establish that the response is the type that we expect. - assert isinstance(response, checker.TroubleshootIamPolicyResponse) - assert response.access == explanations.AccessState.GRANTED @@ -474,7 +499,7 @@ def test_troubleshoot_iam_policy_empty_call(): # This test is a coverage failsafe to make sure that totally empty calls, # i.e. request == None and no flattened fields passed, work. client = IamCheckerClient( - credentials=credentials.AnonymousCredentials(), transport="grpc", + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", ) # Mock the actual call within the gRPC stub, and fake the request. @@ -484,7 +509,6 @@ def test_troubleshoot_iam_policy_empty_call(): client.troubleshoot_iam_policy() call.assert_called() _, args, _ = call.mock_calls[0] - assert args[0] == checker.TroubleshootIamPolicyRequest() @@ -493,7 +517,7 @@ async def test_troubleshoot_iam_policy_async( transport: str = "grpc_asyncio", request_type=checker.TroubleshootIamPolicyRequest ): client = IamCheckerAsyncClient( - credentials=credentials.AnonymousCredentials(), transport=transport, + credentials=ga_credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, @@ -510,18 +534,15 @@ async def test_troubleshoot_iam_policy_async( access=explanations.AccessState.GRANTED, ) ) - response = await client.troubleshoot_iam_policy(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) _, args, _ = call.mock_calls[0] - assert args[0] == checker.TroubleshootIamPolicyRequest() # Establish that the response is the type that we expect. assert isinstance(response, checker.TroubleshootIamPolicyResponse) - assert response.access == explanations.AccessState.GRANTED @@ -533,16 +554,16 @@ async def test_troubleshoot_iam_policy_async_from_dict(): def test_credentials_transport_error(): # It is an error to provide credentials and a transport instance. transport = transports.IamCheckerGrpcTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), ) with pytest.raises(ValueError): client = IamCheckerClient( - credentials=credentials.AnonymousCredentials(), transport=transport, + credentials=ga_credentials.AnonymousCredentials(), transport=transport, ) # It is an error to provide a credentials file and a transport instance. transport = transports.IamCheckerGrpcTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), ) with pytest.raises(ValueError): client = IamCheckerClient( @@ -552,7 +573,7 @@ def test_credentials_transport_error(): # It is an error to provide scopes and a transport instance. transport = transports.IamCheckerGrpcTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), ) with pytest.raises(ValueError): client = IamCheckerClient( @@ -563,7 +584,7 @@ def test_credentials_transport_error(): def test_transport_instance(): # A client may be instantiated with a custom transport instance. transport = transports.IamCheckerGrpcTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), ) client = IamCheckerClient(transport=transport) assert client.transport is transport @@ -572,13 +593,13 @@ def test_transport_instance(): def test_transport_get_channel(): # A client may be instantiated with a custom transport instance. transport = transports.IamCheckerGrpcTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), ) channel = transport.grpc_channel assert channel transport = transports.IamCheckerGrpcAsyncIOTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), ) channel = transport.grpc_channel assert channel @@ -590,23 +611,23 @@ def test_transport_get_channel(): ) def test_transport_adc(transport_class): # Test default credentials are used if not provided. - with mock.patch.object(auth, "default") as adc: - adc.return_value = (credentials.AnonymousCredentials(), None) + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) transport_class() adc.assert_called_once() def test_transport_grpc_default(): # A client should use the gRPC transport by default. - client = IamCheckerClient(credentials=credentials.AnonymousCredentials(),) + client = IamCheckerClient(credentials=ga_credentials.AnonymousCredentials(),) assert isinstance(client.transport, transports.IamCheckerGrpcTransport,) def test_iam_checker_base_transport_error(): # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(exceptions.DuplicateCredentialArgs): + with pytest.raises(core_exceptions.DuplicateCredentialArgs): transport = transports.IamCheckerTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), credentials_file="credentials.json", ) @@ -618,7 +639,7 @@ def test_iam_checker_base_transport(): ) as Transport: Transport.return_value = None transport = transports.IamCheckerTransport( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), ) # Every method on the transport should just blindly @@ -629,15 +650,37 @@ def test_iam_checker_base_transport(): getattr(transport, method)(request=object()) +@requires_google_auth_gte_1_25_0 def test_iam_checker_base_transport_with_credentials_file(): # Instantiate the base transport with a credentials file with mock.patch.object( - auth, "load_credentials_from_file" + google.auth, "load_credentials_from_file", autospec=True ) as load_creds, mock.patch( "google.cloud.policytroubleshooter_v1.services.iam_checker.transports.IamCheckerTransport._prep_wrapped_messages" ) as Transport: Transport.return_value = None - load_creds.return_value = (credentials.AnonymousCredentials(), None) + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IamCheckerTransport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@requires_google_auth_lt_1_25_0 +def test_iam_checker_base_transport_with_credentials_file_old_google_auth(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.policytroubleshooter_v1.services.iam_checker.transports.IamCheckerTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) transport = transports.IamCheckerTransport( credentials_file="credentials.json", quota_project_id="octopus", ) @@ -650,19 +693,33 @@ def test_iam_checker_base_transport_with_credentials_file(): def test_iam_checker_base_transport_with_adc(): # Test the default credentials are used if credentials and credentials_file are None. - with mock.patch.object(auth, "default") as adc, mock.patch( + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( "google.cloud.policytroubleshooter_v1.services.iam_checker.transports.IamCheckerTransport._prep_wrapped_messages" ) as Transport: Transport.return_value = None - adc.return_value = (credentials.AnonymousCredentials(), None) + adc.return_value = (ga_credentials.AnonymousCredentials(), None) transport = transports.IamCheckerTransport() adc.assert_called_once() +@requires_google_auth_gte_1_25_0 def test_iam_checker_auth_adc(): # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(auth, "default") as adc: - adc.return_value = (credentials.AnonymousCredentials(), None) + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + IamCheckerClient() + adc.assert_called_once_with( + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@requires_google_auth_lt_1_25_0 +def test_iam_checker_auth_adc_old_google_auth(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) IamCheckerClient() adc.assert_called_once_with( scopes=("https://www.googleapis.com/auth/cloud-platform",), @@ -670,26 +727,156 @@ def test_iam_checker_auth_adc(): ) -def test_iam_checker_transport_auth_adc(): +@pytest.mark.parametrize( + "transport_class", + [transports.IamCheckerGrpcTransport, transports.IamCheckerGrpcAsyncIOTransport,], +) +@requires_google_auth_gte_1_25_0 +def test_iam_checker_transport_auth_adc(transport_class): # If credentials and host are not provided, the transport class should use # ADC credentials. - with mock.patch.object(auth, "default") as adc: - adc.return_value = (credentials.AnonymousCredentials(), None) - transports.IamCheckerGrpcTransport( - host="squid.clam.whelk", quota_project_id="octopus" + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", ) + + +@pytest.mark.parametrize( + "transport_class", + [transports.IamCheckerGrpcTransport, transports.IamCheckerGrpcAsyncIOTransport,], +) +@requires_google_auth_lt_1_25_0 +def test_iam_checker_transport_auth_adc_old_google_auth(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus") adc.assert_called_once_with( scopes=("https://www.googleapis.com/auth/cloud-platform",), quota_project_id="octopus", ) +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.IamCheckerGrpcTransport, grpc_helpers), + (transports.IamCheckerGrpcAsyncIOTransport, grpc_helpers_async), + ], +) +@requires_api_core_gte_1_26_0 +def test_iam_checker_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "policytroubleshooter.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=["1", "2"], + default_host="policytroubleshooter.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.IamCheckerGrpcTransport, grpc_helpers), + (transports.IamCheckerGrpcAsyncIOTransport, grpc_helpers_async), + ], +) +@requires_api_core_lt_1_26_0 +def test_iam_checker_transport_create_channel_old_api_core( + transport_class, grpc_helpers +): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus") + + create_channel.assert_called_with( + "policytroubleshooter.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + scopes=("https://www.googleapis.com/auth/cloud-platform",), + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.IamCheckerGrpcTransport, grpc_helpers), + (transports.IamCheckerGrpcAsyncIOTransport, grpc_helpers_async), + ], +) +@requires_api_core_lt_1_26_0 +def test_iam_checker_transport_create_channel_user_scopes( + transport_class, grpc_helpers +): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "policytroubleshooter.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + scopes=["1", "2"], + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + @pytest.mark.parametrize( "transport_class", [transports.IamCheckerGrpcTransport, transports.IamCheckerGrpcAsyncIOTransport], ) def test_iam_checker_grpc_transport_client_cert_source_for_mtls(transport_class): - cred = credentials.AnonymousCredentials() + cred = ga_credentials.AnonymousCredentials() # Check ssl_channel_credentials is used if provided. with mock.patch.object(transport_class, "create_channel") as mock_create_channel: @@ -728,7 +915,7 @@ def test_iam_checker_grpc_transport_client_cert_source_for_mtls(transport_class) def test_iam_checker_host_no_port(): client = IamCheckerClient( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), client_options=client_options.ClientOptions( api_endpoint="policytroubleshooter.googleapis.com" ), @@ -738,7 +925,7 @@ def test_iam_checker_host_no_port(): def test_iam_checker_host_with_port(): client = IamCheckerClient( - credentials=credentials.AnonymousCredentials(), + credentials=ga_credentials.AnonymousCredentials(), client_options=client_options.ClientOptions( api_endpoint="policytroubleshooter.googleapis.com:8000" ), @@ -789,9 +976,9 @@ def test_iam_checker_transport_channel_mtls_with_client_cert_source(transport_cl mock_grpc_channel = mock.Mock() grpc_create_channel.return_value = mock_grpc_channel - cred = credentials.AnonymousCredentials() + cred = ga_credentials.AnonymousCredentials() with pytest.warns(DeprecationWarning): - with mock.patch.object(auth, "default") as adc: + with mock.patch.object(google.auth, "default") as adc: adc.return_value = (cred, None) transport = transport_class( host="squid.clam.whelk", @@ -864,7 +1051,6 @@ def test_iam_checker_transport_channel_mtls_with_adc(transport_class): def test_common_billing_account_path(): billing_account = "squid" - expected = "billingAccounts/{billing_account}".format( billing_account=billing_account, ) @@ -885,7 +1071,6 @@ def test_parse_common_billing_account_path(): def test_common_folder_path(): folder = "whelk" - expected = "folders/{folder}".format(folder=folder,) actual = IamCheckerClient.common_folder_path(folder) assert expected == actual @@ -904,7 +1089,6 @@ def test_parse_common_folder_path(): def test_common_organization_path(): organization = "oyster" - expected = "organizations/{organization}".format(organization=organization,) actual = IamCheckerClient.common_organization_path(organization) assert expected == actual @@ -923,7 +1107,6 @@ def test_parse_common_organization_path(): def test_common_project_path(): project = "cuttlefish" - expected = "projects/{project}".format(project=project,) actual = IamCheckerClient.common_project_path(project) assert expected == actual @@ -943,7 +1126,6 @@ def test_parse_common_project_path(): def test_common_location_path(): project = "winkle" location = "nautilus" - expected = "projects/{project}/locations/{location}".format( project=project, location=location, ) @@ -970,7 +1152,7 @@ def test_client_withDEFAULT_CLIENT_INFO(): transports.IamCheckerTransport, "_prep_wrapped_messages" ) as prep: client = IamCheckerClient( - credentials=credentials.AnonymousCredentials(), client_info=client_info, + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, ) prep.assert_called_once_with(client_info) @@ -979,6 +1161,6 @@ def test_client_withDEFAULT_CLIENT_INFO(): ) as prep: transport_class = IamCheckerClient.get_transport_class() transport = transport_class( - credentials=credentials.AnonymousCredentials(), client_info=client_info, + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, ) prep.assert_called_once_with(client_info)