diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1/services/security_center/transports/base.py index 1eb5b65a..8b8719b2 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/base.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/base.py @@ -116,7 +116,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py index 523ad20d..409d20b7 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc.py @@ -75,6 +75,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -115,6 +116,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -168,7 +171,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py index 4dcdf582..7c83eee0 100644 --- a/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py +++ b/google/cloud/securitycenter_v1/services/security_center/transports/grpc_asyncio.py @@ -121,6 +121,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -162,6 +163,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -214,7 +217,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py index dad8d297..580a82d6 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/base.py @@ -113,7 +113,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py index 1a4e4886..76795564 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc.py @@ -72,6 +72,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -112,6 +113,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -165,7 +168,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py index 34e2ee8f..345bbc25 100644 --- a/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py +++ b/google/cloud/securitycenter_v1beta1/services/security_center/transports/grpc_asyncio.py @@ -118,6 +118,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -159,6 +160,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -211,7 +214,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py index 05748267..784492f2 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/base.py @@ -118,7 +118,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py index 57e8287f..a5c0867f 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc.py @@ -77,6 +77,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -117,6 +118,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -170,7 +173,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py index 606fb3a7..0fc54f7a 100644 --- a/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py +++ b/google/cloud/securitycenter_v1p1beta1/services/security_center/transports/grpc_asyncio.py @@ -123,6 +123,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -164,6 +165,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -216,7 +219,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/unit/gapic/securitycenter_v1/test_security_center.py b/tests/unit/gapic/securitycenter_v1/test_security_center.py index 44b79ccf..7fac76c8 100644 --- a/tests/unit/gapic/securitycenter_v1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1/test_security_center.py @@ -156,7 +156,25 @@ def test_security_center_client_service_account_always_use_jwt(client_class): ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.SecurityCenterGrpcTransport, "grpc"), + (transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_security_center_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -6876,7 +6894,7 @@ def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_cl "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -6985,7 +7003,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -7032,7 +7050,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class): "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ diff --git a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py index 86d2bb14..7cb1fe75 100644 --- a/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1beta1/test_security_center.py @@ -155,7 +155,25 @@ def test_security_center_client_service_account_always_use_jwt(client_class): ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.SecurityCenterGrpcTransport, "grpc"), + (transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_security_center_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -5387,7 +5405,7 @@ def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_cl "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -5496,7 +5514,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -5543,7 +5561,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class): "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ diff --git a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py index eaf64143..a048f6a6 100644 --- a/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1p1beta1/test_security_center.py @@ -160,7 +160,25 @@ def test_security_center_client_service_account_always_use_jwt(client_class): ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.SecurityCenterGrpcTransport, "grpc"), + (transports.SecurityCenterGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_security_center_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -7066,7 +7084,7 @@ def test_security_center_grpc_transport_client_cert_source_for_mtls(transport_cl "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -7175,7 +7193,7 @@ def test_security_center_transport_channel_mtls_with_client_cert_source( "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -7222,7 +7240,7 @@ def test_security_center_transport_channel_mtls_with_adc(transport_class): "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[