From 099f589840131116359fde934af155690c73037d Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 1 Jul 2021 02:26:12 +0000 Subject: [PATCH] fix: disable always_use_jwt_access (#83) Committer: @busunkim96 PiperOrigin-RevId: 382142900 Source-Link: https://github.com/googleapis/googleapis/commit/513440fda515f3c799c22a30e3906dcda325004e Source-Link: https://github.com/googleapis/googleapis-gen/commit/7b1e2c31233f79a704ec21ca410bf661d6bc68d0 --- .../web_security_scanner/transports/base.py | 2 +- .../web_security_scanner/transports/grpc.py | 5 +++- .../transports/grpc_asyncio.py | 5 +++- .../web_security_scanner/transports/base.py | 2 +- .../web_security_scanner/transports/grpc.py | 5 +++- .../transports/grpc_asyncio.py | 5 +++- .../web_security_scanner/transports/base.py | 2 +- .../web_security_scanner/transports/grpc.py | 5 +++- .../transports/grpc_asyncio.py | 5 +++- .../test_web_security_scanner.py | 26 ++++++++++++++++--- .../test_web_security_scanner.py | 26 ++++++++++++++++--- .../test_web_security_scanner.py | 26 ++++++++++++++++--- 12 files changed, 93 insertions(+), 21 deletions(-) diff --git a/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/base.py b/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/base.py index 2dc2171..78a037b 100644 --- a/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/base.py +++ b/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/base.py @@ -102,7 +102,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc.py b/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc.py index 9e044c3..04cf05b 100644 --- a/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc.py +++ b/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc.py @@ -64,6 +64,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -104,6 +105,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -156,7 +159,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc_asyncio.py b/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc_asyncio.py index 30c49f4..79827a3 100644 --- a/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc_asyncio.py +++ b/google/cloud/websecurityscanner_v1/services/web_security_scanner/transports/grpc_asyncio.py @@ -110,6 +110,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -151,6 +152,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -202,7 +205,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/base.py b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/base.py index 1964901..5057c45 100644 --- a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/base.py +++ b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/base.py @@ -103,7 +103,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc.py b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc.py index 7ed24e1..97d0d28 100644 --- a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc.py +++ b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc.py @@ -65,6 +65,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -105,6 +106,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -157,7 +160,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc_asyncio.py b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc_asyncio.py index 62ea7d3..7296a6d 100644 --- a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc_asyncio.py +++ b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/transports/grpc_asyncio.py @@ -111,6 +111,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -152,6 +153,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -203,7 +206,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/base.py b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/base.py index a372305..2ec097f 100644 --- a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/base.py +++ b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/base.py @@ -103,7 +103,7 @@ def __init__( scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) # Save the scopes. - self._scopes = scopes or self.AUTH_SCOPES + self._scopes = scopes # If no credentials are provided, then determine the appropriate # defaults. diff --git a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc.py b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc.py index a87a223..5a8f541 100644 --- a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc.py +++ b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc.py @@ -65,6 +65,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -105,6 +106,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -157,7 +160,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc_asyncio.py b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc_asyncio.py index c467e0b..15bcfab 100644 --- a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc_asyncio.py +++ b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/transports/grpc_asyncio.py @@ -111,6 +111,7 @@ def __init__( client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -152,6 +153,8 @@ def __init__( API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -203,7 +206,7 @@ def __init__( scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py b/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py index 0b88cbb..baf1f52 100644 --- a/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py +++ b/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py @@ -142,7 +142,25 @@ def test_web_security_scanner_client_service_account_always_use_jwt(client_class ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.WebSecurityScannerGrpcTransport, "grpc"), + (transports.WebSecurityScannerGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_web_security_scanner_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -3485,7 +3503,7 @@ def test_web_security_scanner_grpc_transport_client_cert_source_for_mtls( "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -3594,7 +3612,7 @@ def test_web_security_scanner_transport_channel_mtls_with_client_cert_source( "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -3641,7 +3659,7 @@ def test_web_security_scanner_transport_channel_mtls_with_adc(transport_class): "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ diff --git a/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py b/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py index a6cdf70..ddad04f 100644 --- a/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py +++ b/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py @@ -143,7 +143,25 @@ def test_web_security_scanner_client_service_account_always_use_jwt(client_class ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.WebSecurityScannerGrpcTransport, "grpc"), + (transports.WebSecurityScannerGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_web_security_scanner_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -4424,7 +4442,7 @@ def test_web_security_scanner_grpc_transport_client_cert_source_for_mtls( "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -4533,7 +4551,7 @@ def test_web_security_scanner_transport_channel_mtls_with_client_cert_source( "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -4580,7 +4598,7 @@ def test_web_security_scanner_transport_channel_mtls_with_adc(transport_class): "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ diff --git a/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py b/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py index b623a5b..5d74a26 100644 --- a/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py +++ b/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py @@ -146,7 +146,25 @@ def test_web_security_scanner_client_service_account_always_use_jwt(client_class ) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.WebSecurityScannerGrpcTransport, "grpc"), + (transports.WebSecurityScannerGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_web_security_scanner_client_service_account_always_use_jwt_true( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) @pytest.mark.parametrize( @@ -4469,7 +4487,7 @@ def test_web_security_scanner_grpc_transport_client_cert_source_for_mtls( "squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_channel_creds, quota_project_id=None, options=[ @@ -4578,7 +4596,7 @@ def test_web_security_scanner_transport_channel_mtls_with_client_cert_source( "mtls.squid.clam.whelk:443", credentials=cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[ @@ -4625,7 +4643,7 @@ def test_web_security_scanner_transport_channel_mtls_with_adc(transport_class): "mtls.squid.clam.whelk:443", credentials=mock_cred, credentials_file=None, - scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=None, ssl_credentials=mock_ssl_cred, quota_project_id=None, options=[