fix: Update the dosctring and refine the try-catch blocks

Signed-off-by: Radhika Agrawal <agrawalradhika@google.com>

Author: agrawalradhika-cell

google/auth/transport/_mtls_helper.py

@@ -16,7 +16,7 @@
 
 import json
 import logging
-from os import environ, path, getenv
+from os import environ, getenv, path
 import re
 import subprocess
 
@@ -408,7 +408,8 @@ def client_cert_callback():
 
 
 def check_use_client_cert():
-    """Returns whether the client certificate should to be used for mTLS.
+    """Returns the value of the GOOGLE_API_USE_CLIENT_CERTIFICATE variable,
+    or an inferred 'true' or 'false' value if unset.
 
     The function checks the value of GOOGLE_API_USE_CLIENT_CERTIFICATE
     environment variable, and GOOGLE_API_CERTIFICATE_CONFIG environment variable
@@ -419,8 +420,9 @@ def check_use_client_cert():
     "workload" section and "false" otherwise.
 
     Returns:
-        str: A string("true" or "false") indicating if client certificate should
-          be used.
+        str: A string("true" or "false" or value of the 
+         GOOGLE_API_USE_CLIENT_CERTIFICATE variable set) indicating if client
+         certificate should be used.
     """
     use_client_cert = getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE")
     # Check if the value of GOOGLE_API_USE_CLIENT_CERTIFICATE is set.
@@ -433,25 +435,16 @@ def check_use_client_cert():
             try:
                 with open(cert_path, "r") as f:
                     content = json.load(f)
-            except json.JSONDecodeError:
-                _LOGGER.debug("JSON decode error.")
-                return "false"
-            except FileNotFoundError:
-                _LOGGER.debug("Certificate config file not found.")
-                return "false"
-            except OSError:
-                _LOGGER.debug("OS error.")
-                return "false"
-            try:
-                if content["cert_configs"]["workload"]:
+                    # verify json has workload key
+                    content["cert_configs"]["workload"]
                     return "true"
-            except KeyError:
-                _LOGGER.debug(
-                    "Certificate config file content does not contain 'workload'"
-                    " section in 'cert_configs'."
-                )
-                return "false"
-            except TypeError:
-                _LOGGER.debug("Certificate config file content is not a JSON object.")
+            except (
+                FileNotFoundError,
+                OSError,
+                KeyError,
+                TypeError,
+                json.JSONDecodeError,
+            ) as e:
+                _LOGGER.debug("error decoding certificate: %s", e)
                 return "false"
         return "false"

google/auth/transport/requests.py

@@ -444,7 +444,7 @@ def configure_mtls_channel(self, client_cert_callback=None):
             google.auth.exceptions.MutualTLSChannelError: If mutual TLS channel
                 creation failed for any reason.
         """
-        use_client_cert = _mtls_helper.check_use_client_cert()
+        use_client_cert = google.auth.transport._mtls_helper.check_use_client_cert()
         if use_client_cert != "true":
             self._is_mtls = False
             return

google/auth/transport/urllib3.py

@@ -335,7 +335,7 @@ def configure_mtls_channel(self, client_cert_callback=None):
             google.auth.exceptions.MutualTLSChannelError: If mutual TLS channel
                 creation failed for any reason.
         """
-        use_client_cert = _mtls_helper.check_use_client_cert()
+        use_client_cert = transport._mtls_helper.check_use_client_cert()
         if use_client_cert != "true":
             return False
         try: