From aaaec29793ec671c12326fa9efae1424c7204fc7 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sat, 24 Jul 2021 10:16:39 +0000 Subject: [PATCH] fix: enable self signed jwt for grpc (#93) PiperOrigin-RevId: 386504689 Source-Link: https://github.com/googleapis/googleapis/commit/762094a99ac6e03a17516b13dfbef37927267a70 Source-Link: https://github.com/googleapis/googleapis-gen/commit/6bfc480e1a161d5de121c2bcc3745885d33b265a --- .../services/web_security_scanner/client.py | 4 +++ .../services/web_security_scanner/client.py | 4 +++ .../services/web_security_scanner/client.py | 4 +++ .../test_web_security_scanner.py | 31 +++++++++++-------- .../test_web_security_scanner.py | 31 +++++++++++-------- .../test_web_security_scanner.py | 31 +++++++++++-------- 6 files changed, 66 insertions(+), 39 deletions(-) diff --git a/google/cloud/websecurityscanner_v1/services/web_security_scanner/client.py b/google/cloud/websecurityscanner_v1/services/web_security_scanner/client.py index 975c24c..7881267 100644 --- a/google/cloud/websecurityscanner_v1/services/web_security_scanner/client.py +++ b/google/cloud/websecurityscanner_v1/services/web_security_scanner/client.py @@ -364,6 +364,10 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), ) def create_scan_config( diff --git a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/client.py b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/client.py index 70be14d..8e615b0 100644 --- a/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/client.py +++ b/google/cloud/websecurityscanner_v1alpha/services/web_security_scanner/client.py @@ -395,6 +395,10 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), ) def create_scan_config( diff --git a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/client.py b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/client.py index 134fce8..29a0910 100644 --- a/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/client.py +++ b/google/cloud/websecurityscanner_v1beta/services/web_security_scanner/client.py @@ -397,6 +397,10 @@ def __init__( client_cert_source_for_mtls=client_cert_source_func, quota_project_id=client_options.quota_project_id, client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), ) def create_scan_config( diff --git a/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py b/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py index baf1f52..e939fb1 100644 --- a/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py +++ b/tests/unit/gapic/websecurityscanner_v1/test_web_security_scanner.py @@ -133,18 +133,6 @@ def test_web_security_scanner_client_from_service_account_info(client_class): assert client.transport._host == "websecurityscanner.googleapis.com:443" -@pytest.mark.parametrize( - "client_class", [WebSecurityScannerClient, WebSecurityScannerAsyncClient,] -) -def test_web_security_scanner_client_service_account_always_use_jwt(client_class): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - client = client_class(credentials=creds) - use_jwt.assert_not_called() - - @pytest.mark.parametrize( "transport_class,transport_name", [ @@ -152,7 +140,7 @@ def test_web_security_scanner_client_service_account_always_use_jwt(client_class (transports.WebSecurityScannerGrpcAsyncIOTransport, "grpc_asyncio"), ], ) -def test_web_security_scanner_client_service_account_always_use_jwt_true( +def test_web_security_scanner_client_service_account_always_use_jwt( transport_class, transport_name ): with mock.patch.object( @@ -162,6 +150,13 @@ def test_web_security_scanner_client_service_account_always_use_jwt_true( transport = transport_class(credentials=creds, always_use_jwt_access=True) use_jwt.assert_called_once_with(True) + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + @pytest.mark.parametrize( "client_class", [WebSecurityScannerClient, WebSecurityScannerAsyncClient,] @@ -242,6 +237,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -258,6 +254,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -274,6 +271,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -302,6 +300,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -378,6 +377,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -411,6 +411,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -432,6 +433,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -462,6 +464,7 @@ def test_web_security_scanner_client_client_options_scopes( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -492,6 +495,7 @@ def test_web_security_scanner_client_client_options_credentials_file( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -511,6 +515,7 @@ def test_web_security_scanner_client_client_options_from_dict(): client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) diff --git a/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py b/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py index ddad04f..dd05f7d 100644 --- a/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py +++ b/tests/unit/gapic/websecurityscanner_v1alpha/test_web_security_scanner.py @@ -134,18 +134,6 @@ def test_web_security_scanner_client_from_service_account_info(client_class): assert client.transport._host == "websecurityscanner.googleapis.com:443" -@pytest.mark.parametrize( - "client_class", [WebSecurityScannerClient, WebSecurityScannerAsyncClient,] -) -def test_web_security_scanner_client_service_account_always_use_jwt(client_class): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - client = client_class(credentials=creds) - use_jwt.assert_not_called() - - @pytest.mark.parametrize( "transport_class,transport_name", [ @@ -153,7 +141,7 @@ def test_web_security_scanner_client_service_account_always_use_jwt(client_class (transports.WebSecurityScannerGrpcAsyncIOTransport, "grpc_asyncio"), ], ) -def test_web_security_scanner_client_service_account_always_use_jwt_true( +def test_web_security_scanner_client_service_account_always_use_jwt( transport_class, transport_name ): with mock.patch.object( @@ -163,6 +151,13 @@ def test_web_security_scanner_client_service_account_always_use_jwt_true( transport = transport_class(credentials=creds, always_use_jwt_access=True) use_jwt.assert_called_once_with(True) + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + @pytest.mark.parametrize( "client_class", [WebSecurityScannerClient, WebSecurityScannerAsyncClient,] @@ -243,6 +238,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -259,6 +255,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -275,6 +272,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -303,6 +301,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -379,6 +378,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -412,6 +412,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -433,6 +434,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -463,6 +465,7 @@ def test_web_security_scanner_client_client_options_scopes( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -493,6 +496,7 @@ def test_web_security_scanner_client_client_options_credentials_file( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -512,6 +516,7 @@ def test_web_security_scanner_client_client_options_from_dict(): client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) diff --git a/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py b/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py index 5d74a26..3569589 100644 --- a/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py +++ b/tests/unit/gapic/websecurityscanner_v1beta/test_web_security_scanner.py @@ -137,18 +137,6 @@ def test_web_security_scanner_client_from_service_account_info(client_class): assert client.transport._host == "websecurityscanner.googleapis.com:443" -@pytest.mark.parametrize( - "client_class", [WebSecurityScannerClient, WebSecurityScannerAsyncClient,] -) -def test_web_security_scanner_client_service_account_always_use_jwt(client_class): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - client = client_class(credentials=creds) - use_jwt.assert_not_called() - - @pytest.mark.parametrize( "transport_class,transport_name", [ @@ -156,7 +144,7 @@ def test_web_security_scanner_client_service_account_always_use_jwt(client_class (transports.WebSecurityScannerGrpcAsyncIOTransport, "grpc_asyncio"), ], ) -def test_web_security_scanner_client_service_account_always_use_jwt_true( +def test_web_security_scanner_client_service_account_always_use_jwt( transport_class, transport_name ): with mock.patch.object( @@ -166,6 +154,13 @@ def test_web_security_scanner_client_service_account_always_use_jwt_true( transport = transport_class(credentials=creds, always_use_jwt_access=True) use_jwt.assert_called_once_with(True) + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + @pytest.mark.parametrize( "client_class", [WebSecurityScannerClient, WebSecurityScannerAsyncClient,] @@ -246,6 +241,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -262,6 +258,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is @@ -278,6 +275,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has @@ -306,6 +304,7 @@ def test_web_security_scanner_client_client_options( client_cert_source_for_mtls=None, quota_project_id="octopus", client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -382,6 +381,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case ADC client cert is provided. Whether client cert is used depends on @@ -415,6 +415,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=expected_client_cert_source, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) # Check the case client_cert_source and ADC client cert are not provided. @@ -436,6 +437,7 @@ def test_web_security_scanner_client_mtls_env_auto( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -466,6 +468,7 @@ def test_web_security_scanner_client_client_options_scopes( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -496,6 +499,7 @@ def test_web_security_scanner_client_client_options_credentials_file( client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, ) @@ -515,6 +519,7 @@ def test_web_security_scanner_client_client_options_from_dict(): client_cert_source_for_mtls=None, quota_project_id=None, client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, )