From 5cda9acc4f7b1aa83bc73700f9cef4f84cc2306a Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 30 Jun 2021 11:36:22 +0000 Subject: [PATCH] fix: disable always_use_jwt_access (#74) Committer: @busunkim96 PiperOrigin-RevId: 382142900 Source-Link: https://github.com/googleapis/googleapis/commit/513440fda515f3c799c22a30e3906dcda325004e Source-Link: https://github.com/googleapis/googleapis-gen/commit/7b1e2c31233f79a704ec21ca410bf661d6bc68d0 --- .../transports/base.py | 2 +- .../transports/grpc.py | 5 +++- .../transports/grpc_asyncio.py | 5 +++- .../transports/base.py | 2 +- .../transports/grpc.py | 5 +++- .../transports/grpc_asyncio.py | 5 +++- .../test_certificate_authority_service.py | 26 ++++++++++++++++--- .../test_certificate_authority_service.py | 26 ++++++++++++++++--- 8 files changed, 62 insertions(+), 14 deletions(-) diff --git a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py index da9e402..cc414bc 100644 --- a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py +++ b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py @@ -101,7 +101,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py index fe5f05e..cb30d98 100644 --- a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py +++ b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py @@ -62,6 +62,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -102,6 +103,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -155,7 +158,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py index 24a87f8..9ed5273 100644 --- a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py +++ b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py @@ -110,6 +110,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -151,6 +152,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -203,7 +206,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py index 5ab6612..bb30c01 100644 --- a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py +++ b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py @@ -101,7 +101,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py index 6f10684..433bee4 100644 --- a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py +++ b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py @@ -62,6 +62,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -102,6 +103,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -155,7 +158,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py index ef479cf..242b281 100644 --- a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py +++ b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py @@ -110,6 +110,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -151,6 +152,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -203,7 +206,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py b/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py index f051022..4131fdf 100644 --- a/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py +++ b/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py @@ -151,7 +151,25 @@ def test_certificate_authority_service_client_service_account_always_use_jwt( ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.CertificateAuthorityServiceGrpcTransport, "grpc"), + (transports.CertificateAuthorityServiceGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_certificate_authority_service_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -8378,7 +8396,7 @@ def test_certificate_authority_service_grpc_transport_client_cert_source_for_mtl "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -8487,7 +8505,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_client_cert_s "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -8534,7 +8552,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_adc(transport "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ diff --git a/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py b/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py index 99db0e3..9ab157e 100644 --- a/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py +++ b/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py @@ -151,7 +151,25 @@ def test_certificate_authority_service_client_service_account_always_use_jwt( ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.CertificateAuthorityServiceGrpcTransport, "grpc"), + (transports.CertificateAuthorityServiceGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_certificate_authority_service_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -6199,7 +6217,7 @@ def test_certificate_authority_service_grpc_transport_client_cert_source_for_mtl "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -6308,7 +6326,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_client_cert_s "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -6355,7 +6373,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_adc(transport "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[