From 9b3584dcf00f50ceab9529f758da3e4ddd5a602c Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 23 Jun 2021 17:48:19 -0600 Subject: [PATCH] feat: add always_use_jwt_access (#70) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: remove all monolith Bazel deps chore: release gapic-generator-csharp v1.3.7 chore: release gapic-generator-go 0.20.5 chore: release gapic-generator-java 1.0.14 chore: release gapic-generator-php 1.0.1 chore: release gapic-generator-python 0.50.0 chore: update gapic-generator-ruby to the latest commit chore: release gapic-generator-typescript 1.5.0 Committer: @miraleung PiperOrigin-RevId: 380641501 Source-Link: https://github.com/googleapis/googleapis/commit/076f7e9f0b258bdb54338895d7251b202e8f0de3 Source-Link: https://github.com/googleapis/googleapis-gen/commit/27e4c88b4048e5f56508d4e1aa417d60a3380892 * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md * fix: require google-api-core>=1.26.0 * fix: fix typo in setup.py Co-authored-by: Owl Bot Co-authored-by: Bu Sun Kim Co-authored-by: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> --- .coveragerc | 1 - .../transports/base.py | 40 +++---- .../transports/grpc.py | 7 +- .../transports/grpc_asyncio.py | 7 +- .../transports/base.py | 40 +++---- .../transports/grpc.py | 7 +- .../transports/grpc_asyncio.py | 7 +- setup.py | 2 +- testing/constraints-3.6.txt | 2 +- .../test_certificate_authority_service.py | 113 +++--------------- .../test_certificate_authority_service.py | 113 +++--------------- 11 files changed, 82 insertions(+), 257 deletions(-) diff --git a/.coveragerc b/.coveragerc index 5a36429..1d90766 100644 --- a/.coveragerc +++ b/.coveragerc @@ -2,7 +2,6 @@ branch = True [report] -fail_under = 100 show_missing = True omit = google/cloud/security/privateca/__init__.py diff --git a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py index 9a0216f..da9e402 100644 --- a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py +++ b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/base.py @@ -25,6 +25,7 @@ from google.api_core import retry as retries # type: ignore from google.api_core import operations_v1 # type: ignore from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore from google.cloud.security.privateca_v1.types import resources from google.cloud.security.privateca_v1.types import service @@ -48,8 +49,6 @@ except pkg_resources.DistributionNotFound: # pragma: NO COVER _GOOGLE_AUTH_VERSION = None -_API_CORE_VERSION = google.api_core.__version__ - class CertificateAuthorityServiceTransport(abc.ABC): """Abstract transport class for CertificateAuthorityService.""" @@ -67,6 +66,7 @@ def __init__( scopes: Optional[Sequence[str]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, **kwargs, ) -> None: """Instantiate the transport. @@ -90,6 +90,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. """ # Save the hostname. Default to port 443 (HTTPS) if none is specified. if ":" not in host: @@ -118,13 +120,20 @@ def __init__( **scopes_kwargs, quota_project_id=quota_project_id ) + # If the credentials is service account credentials, then always try to use self signed JWT. + if ( + always_use_jwt_access + and isinstance(credentials, service_account.Credentials) + and hasattr(service_account.Credentials, "with_always_use_jwt_access") + ): + credentials = credentials.with_always_use_jwt_access(True) + # Save the credentials. self._credentials = credentials - # TODO(busunkim): These two class methods are in the base transport + # TODO(busunkim): This method is in the base transport # to avoid duplicating code across the transport classes. These functions - # should be deleted once the minimum required versions of google-api-core - # and google-auth are increased. + # should be deleted once the minimum required versions of google-auth is increased. # TODO: Remove this function once google-auth >= 1.25.0 is required @classmethod @@ -145,27 +154,6 @@ def _get_scopes_kwargs( return scopes_kwargs - # TODO: Remove this function once google-api-core >= 1.26.0 is required - @classmethod - def _get_self_signed_jwt_kwargs( - cls, host: str, scopes: Optional[Sequence[str]] - ) -> Dict[str, Union[Optional[Sequence[str]], str]]: - """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version""" - - self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {} - - if _API_CORE_VERSION and ( - packaging.version.parse(_API_CORE_VERSION) - >= packaging.version.parse("1.26.0") - ): - self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES - self_signed_jwt_kwargs["scopes"] = scopes - self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST - else: - self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES - - return self_signed_jwt_kwargs - def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py index 68885f4..fe5f05e 100644 --- a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py +++ b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc.py @@ -155,6 +155,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, + always_use_jwt_access=True, ) if not self._grpc_channel: @@ -210,14 +211,14 @@ def create_channel( and ``credentials_file`` are passed. """ - self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes) - return grpc_helpers.create_channel( host, credentials=credentials, credentials_file=credentials_file, quota_project_id=quota_project_id, - **self_signed_jwt_kwargs, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, **kwargs, ) diff --git a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py index 738f641..24a87f8 100644 --- a/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py +++ b/google/cloud/security/privateca_v1/services/certificate_authority_service/transports/grpc_asyncio.py @@ -85,14 +85,14 @@ def create_channel( aio.Channel: A gRPC AsyncIO channel object. """ - self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes) - return grpc_helpers_async.create_channel( host, credentials=credentials, credentials_file=credentials_file, quota_project_id=quota_project_id, - **self_signed_jwt_kwargs, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, **kwargs, ) @@ -203,6 +203,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, + always_use_jwt_access=True, ) if not self._grpc_channel: diff --git a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py index e47a764..5ab6612 100644 --- a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py +++ b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/base.py @@ -25,6 +25,7 @@ from google.api_core import retry as retries # type: ignore from google.api_core import operations_v1 # type: ignore from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore from google.cloud.security.privateca_v1beta1.types import resources from google.cloud.security.privateca_v1beta1.types import service @@ -48,8 +49,6 @@ except pkg_resources.DistributionNotFound: # pragma: NO COVER _GOOGLE_AUTH_VERSION = None -_API_CORE_VERSION = google.api_core.__version__ - class CertificateAuthorityServiceTransport(abc.ABC): """Abstract transport class for CertificateAuthorityService.""" @@ -67,6 +66,7 @@ def __init__( scopes: Optional[Sequence[str]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, **kwargs, ) -> None: """Instantiate the transport. @@ -90,6 +90,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. """ # Save the hostname. Default to port 443 (HTTPS) if none is specified. if ":" not in host: @@ -118,13 +120,20 @@ def __init__( **scopes_kwargs, quota_project_id=quota_project_id ) + # If the credentials is service account credentials, then always try to use self signed JWT. + if ( + always_use_jwt_access + and isinstance(credentials, service_account.Credentials) + and hasattr(service_account.Credentials, "with_always_use_jwt_access") + ): + credentials = credentials.with_always_use_jwt_access(True) + # Save the credentials. self._credentials = credentials - # TODO(busunkim): These two class methods are in the base transport + # TODO(busunkim): This method is in the base transport # to avoid duplicating code across the transport classes. These functions - # should be deleted once the minimum required versions of google-api-core - # and google-auth are increased. + # should be deleted once the minimum required versions of google-auth is increased. # TODO: Remove this function once google-auth >= 1.25.0 is required @classmethod @@ -145,27 +154,6 @@ def _get_scopes_kwargs( return scopes_kwargs - # TODO: Remove this function once google-api-core >= 1.26.0 is required - @classmethod - def _get_self_signed_jwt_kwargs( - cls, host: str, scopes: Optional[Sequence[str]] - ) -> Dict[str, Union[Optional[Sequence[str]], str]]: - """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version""" - - self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {} - - if _API_CORE_VERSION and ( - packaging.version.parse(_API_CORE_VERSION) - >= packaging.version.parse("1.26.0") - ): - self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES - self_signed_jwt_kwargs["scopes"] = scopes - self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST - else: - self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES - - return self_signed_jwt_kwargs - def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { diff --git a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py index dfbd38f..6f10684 100644 --- a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py +++ b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc.py @@ -155,6 +155,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, + always_use_jwt_access=True, ) if not self._grpc_channel: @@ -210,14 +211,14 @@ def create_channel( and ``credentials_file`` are passed. """ - self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes) - return grpc_helpers.create_channel( host, credentials=credentials, credentials_file=credentials_file, quota_project_id=quota_project_id, - **self_signed_jwt_kwargs, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, **kwargs, ) diff --git a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py index 88f8ced..ef479cf 100644 --- a/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py +++ b/google/cloud/security/privateca_v1beta1/services/certificate_authority_service/transports/grpc_asyncio.py @@ -85,14 +85,14 @@ def create_channel( aio.Channel: A gRPC AsyncIO channel object. """ - self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes) - return grpc_helpers_async.create_channel( host, credentials=credentials, credentials_file=credentials_file, quota_project_id=quota_project_id, - **self_signed_jwt_kwargs, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, **kwargs, ) @@ -203,6 +203,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, + always_use_jwt_access=True, ) if not self._grpc_channel: diff --git a/setup.py b/setup.py index bc87127..fc508d6 100644 --- a/setup.py +++ b/setup.py @@ -41,7 +41,7 @@ platforms="Posix; MacOS X; Windows", include_package_data=True, install_requires=( - "google-api-core[grpc] >= 1.22.2, < 2.0.0dev", + "google-api-core[grpc] >= 1.26.0, <2.0.0dev", "proto-plus >= 1.4.0", "packaging >= 14.3", ), diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt index aab6847..9fef823 100644 --- a/testing/constraints-3.6.txt +++ b/testing/constraints-3.6.txt @@ -5,6 +5,6 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-api-core==1.22.2 +google-api-core==1.26.0 proto-plus==1.4.0 packaging==14.3 diff --git a/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py b/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py index ad655bf..f051022 100644 --- a/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py +++ b/tests/unit/gapic/privateca_v1/test_certificate_authority_service.py @@ -46,9 +46,6 @@ from google.cloud.security.privateca_v1.services.certificate_authority_service import ( transports, ) -from google.cloud.security.privateca_v1.services.certificate_authority_service.transports.base import ( - _API_CORE_VERSION, -) from google.cloud.security.privateca_v1.services.certificate_authority_service.transports.base import ( _GOOGLE_AUTH_VERSION, ) @@ -63,8 +60,9 @@ import google.auth -# TODO(busunkim): Once google-api-core >= 1.26.0 is required: -# - Delete all the api-core and auth "less than" test cases +# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively +# through google-api-core: +# - Delete the auth "less than" test cases # - Delete these pytest markers (Make the "greater than or equal to" tests the default). requires_google_auth_lt_1_25_0 = pytest.mark.skipif( packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), @@ -75,16 +73,6 @@ reason="This test requires google-auth >= 1.25.0", ) -requires_api_core_lt_1_26_0 = pytest.mark.skipif( - packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"), - reason="This test requires google-api-core < 1.26.0", -) - -requires_api_core_gte_1_26_0 = pytest.mark.skipif( - packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"), - reason="This test requires google-api-core >= 1.26.0", -) - def client_cert_source_callback(): return b"cert bytes", b"key bytes" @@ -151,6 +139,21 @@ def test_certificate_authority_service_client_from_service_account_info(client_c assert client.transport._host == "privateca.googleapis.com:443" +@pytest.mark.parametrize( + "client_class", + [CertificateAuthorityServiceClient, CertificateAuthorityServiceAsyncClient,], +) +def test_certificate_authority_service_client_service_account_always_use_jwt( + client_class, +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + client = client_class(credentials=creds) + use_jwt.assert_called_with(True) + + @pytest.mark.parametrize( "client_class", [CertificateAuthorityServiceClient, CertificateAuthorityServiceAsyncClient,], @@ -8321,7 +8324,6 @@ def test_certificate_authority_service_transport_auth_adc_old_google_auth( ), ], ) -@requires_api_core_gte_1_26_0 def test_certificate_authority_service_transport_create_channel( transport_class, grpc_helpers ): @@ -8352,85 +8354,6 @@ def test_certificate_authority_service_transport_create_channel( ) -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.CertificateAuthorityServiceGrpcTransport, grpc_helpers), - ( - transports.CertificateAuthorityServiceGrpcAsyncIOTransport, - grpc_helpers_async, - ), - ], -) -@requires_api_core_lt_1_26_0 -def test_certificate_authority_service_transport_create_channel_old_api_core( - transport_class, grpc_helpers -): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - transport_class(quota_project_id="octopus") - - create_channel.assert_called_with( - "privateca.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - scopes=("https://www.googleapis.com/auth/cloud-platform",), - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.CertificateAuthorityServiceGrpcTransport, grpc_helpers), - ( - transports.CertificateAuthorityServiceGrpcAsyncIOTransport, - grpc_helpers_async, - ), - ], -) -@requires_api_core_lt_1_26_0 -def test_certificate_authority_service_transport_create_channel_user_scopes( - transport_class, grpc_helpers -): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - - create_channel.assert_called_with( - "privateca.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - scopes=["1", "2"], - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - @pytest.mark.parametrize( "transport_class", [ diff --git a/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py b/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py index e0f948a..99db0e3 100644 --- a/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py +++ b/tests/unit/gapic/privateca_v1beta1/test_certificate_authority_service.py @@ -46,9 +46,6 @@ from google.cloud.security.privateca_v1beta1.services.certificate_authority_service import ( transports, ) -from google.cloud.security.privateca_v1beta1.services.certificate_authority_service.transports.base import ( - _API_CORE_VERSION, -) from google.cloud.security.privateca_v1beta1.services.certificate_authority_service.transports.base import ( _GOOGLE_AUTH_VERSION, ) @@ -63,8 +60,9 @@ import google.auth -# TODO(busunkim): Once google-api-core >= 1.26.0 is required: -# - Delete all the api-core and auth "less than" test cases +# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively +# through google-api-core: +# - Delete the auth "less than" test cases # - Delete these pytest markers (Make the "greater than or equal to" tests the default). requires_google_auth_lt_1_25_0 = pytest.mark.skipif( packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), @@ -75,16 +73,6 @@ reason="This test requires google-auth >= 1.25.0", ) -requires_api_core_lt_1_26_0 = pytest.mark.skipif( - packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"), - reason="This test requires google-api-core < 1.26.0", -) - -requires_api_core_gte_1_26_0 = pytest.mark.skipif( - packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"), - reason="This test requires google-api-core >= 1.26.0", -) - def client_cert_source_callback(): return b"cert bytes", b"key bytes" @@ -151,6 +139,21 @@ def test_certificate_authority_service_client_from_service_account_info(client_c assert client.transport._host == "privateca.googleapis.com:443" +@pytest.mark.parametrize( + "client_class", + [CertificateAuthorityServiceClient, CertificateAuthorityServiceAsyncClient,], +) +def test_certificate_authority_service_client_service_account_always_use_jwt( + client_class, +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + client = client_class(credentials=creds) + use_jwt.assert_called_with(True) + + @pytest.mark.parametrize( "client_class", [CertificateAuthorityServiceClient, CertificateAuthorityServiceAsyncClient,], @@ -6142,7 +6145,6 @@ def test_certificate_authority_service_transport_auth_adc_old_google_auth( ), ], ) -@requires_api_core_gte_1_26_0 def test_certificate_authority_service_transport_create_channel( transport_class, grpc_helpers ): @@ -6173,85 +6175,6 @@ def test_certificate_authority_service_transport_create_channel( ) -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.CertificateAuthorityServiceGrpcTransport, grpc_helpers), - ( - transports.CertificateAuthorityServiceGrpcAsyncIOTransport, - grpc_helpers_async, - ), - ], -) -@requires_api_core_lt_1_26_0 -def test_certificate_authority_service_transport_create_channel_old_api_core( - transport_class, grpc_helpers -): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - transport_class(quota_project_id="octopus") - - create_channel.assert_called_with( - "privateca.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - scopes=("https://www.googleapis.com/auth/cloud-platform",), - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.CertificateAuthorityServiceGrpcTransport, grpc_helpers), - ( - transports.CertificateAuthorityServiceGrpcAsyncIOTransport, - grpc_helpers_async, - ), - ], -) -@requires_api_core_lt_1_26_0 -def test_certificate_authority_service_transport_create_channel_user_scopes( - transport_class, grpc_helpers -): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - - create_channel.assert_called_with( - "privateca.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - scopes=["1", "2"], - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - @pytest.mark.parametrize( "transport_class", [