Skip to content

Commit 8e52d1e

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
fix: enable self signed jwt for grpc (#53)
PiperOrigin-RevId: 386504689 Source-Link: googleapis/googleapis@762094a Source-Link: googleapis/googleapis-gen@6bfc480
1 parent 4a068c2 commit 8e52d1e

File tree

16 files changed

+176
-94
lines changed

16 files changed

+176
-94
lines changed

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/applications/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -330,6 +330,10 @@ def __init__(
330330
client_cert_source_for_mtls=client_cert_source_func,
331331
quota_project_id=client_options.quota_project_id,
332332
client_info=client_info,
333+
always_use_jwt_access=(
334+
Transport == type(self).get_transport_class("grpc")
335+
or Transport == type(self).get_transport_class("grpc_asyncio")
336+
),
333337
)
334338

335339
def get_application(

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/authorized_certificates/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -335,6 +335,10 @@ def __init__(
335335
client_cert_source_for_mtls=client_cert_source_func,
336336
quota_project_id=client_options.quota_project_id,
337337
client_info=client_info,
338+
always_use_jwt_access=(
339+
Transport == type(self).get_transport_class("grpc")
340+
or Transport == type(self).get_transport_class("grpc_asyncio")
341+
),
338342
)
339343

340344
def list_authorized_certificates(

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/authorized_domains/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -334,6 +334,10 @@ def __init__(
334334
client_cert_source_for_mtls=client_cert_source_func,
335335
quota_project_id=client_options.quota_project_id,
336336
client_info=client_info,
337+
always_use_jwt_access=(
338+
Transport == type(self).get_transport_class("grpc")
339+
or Transport == type(self).get_transport_class("grpc_asyncio")
340+
),
337341
)
338342

339343
def list_authorized_domains(

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/domain_mappings/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -333,6 +333,10 @@ def __init__(
333333
client_cert_source_for_mtls=client_cert_source_func,
334334
quota_project_id=client_options.quota_project_id,
335335
client_info=client_info,
336+
always_use_jwt_access=(
337+
Transport == type(self).get_transport_class("grpc")
338+
or Transport == type(self).get_transport_class("grpc_asyncio")
339+
),
336340
)
337341

338342
def list_domain_mappings(

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/firewall/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -338,6 +338,10 @@ def __init__(
338338
client_cert_source_for_mtls=client_cert_source_func,
339339
quota_project_id=client_options.quota_project_id,
340340
client_info=client_info,
341+
always_use_jwt_access=(
342+
Transport == type(self).get_transport_class("grpc")
343+
or Transport == type(self).get_transport_class("grpc_asyncio")
344+
),
341345
)
342346

343347
def list_ingress_rules(

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/instances/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -348,6 +348,10 @@ def __init__(
348348
client_cert_source_for_mtls=client_cert_source_func,
349349
quota_project_id=client_options.quota_project_id,
350350
client_info=client_info,
351+
always_use_jwt_access=(
352+
Transport == type(self).get_transport_class("grpc")
353+
or Transport == type(self).get_transport_class("grpc_asyncio")
354+
),
351355
)
352356

353357
def list_instances(

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/services/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -332,6 +332,10 @@ def __init__(
332332
client_cert_source_for_mtls=client_cert_source_func,
333333
quota_project_id=client_options.quota_project_id,
334334
client_info=client_info,
335+
always_use_jwt_access=(
336+
Transport == type(self).get_transport_class("grpc")
337+
or Transport == type(self).get_transport_class("grpc_asyncio")
338+
),
335339
)
336340

337341
def list_services(

packages/google-cloud-appengine-admin/google/cloud/appengine_admin_v1/services/versions/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -335,6 +335,10 @@ def __init__(
335335
client_cert_source_for_mtls=client_cert_source_func,
336336
quota_project_id=client_options.quota_project_id,
337337
client_info=client_info,
338+
always_use_jwt_access=(
339+
Transport == type(self).get_transport_class("grpc")
340+
or Transport == type(self).get_transport_class("grpc_asyncio")
341+
),
338342
)
339343

340344
def list_versions(

packages/google-cloud-appengine-admin/tests/unit/gapic/appengine_admin_v1/test_applications.py

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -122,24 +122,14 @@ def test_applications_client_from_service_account_info(client_class):
122122
assert client.transport._host == "appengine.googleapis.com:443"
123123

124124

125-
@pytest.mark.parametrize("client_class", [ApplicationsClient, ApplicationsAsyncClient,])
126-
def test_applications_client_service_account_always_use_jwt(client_class):
127-
with mock.patch.object(
128-
service_account.Credentials, "with_always_use_jwt_access", create=True
129-
) as use_jwt:
130-
creds = service_account.Credentials(None, None, None)
131-
client = client_class(credentials=creds)
132-
use_jwt.assert_not_called()
133-
134-
135125
@pytest.mark.parametrize(
136126
"transport_class,transport_name",
137127
[
138128
(transports.ApplicationsGrpcTransport, "grpc"),
139129
(transports.ApplicationsGrpcAsyncIOTransport, "grpc_asyncio"),
140130
],
141131
)
142-
def test_applications_client_service_account_always_use_jwt_true(
132+
def test_applications_client_service_account_always_use_jwt(
143133
transport_class, transport_name
144134
):
145135
with mock.patch.object(
@@ -149,6 +139,13 @@ def test_applications_client_service_account_always_use_jwt_true(
149139
transport = transport_class(credentials=creds, always_use_jwt_access=True)
150140
use_jwt.assert_called_once_with(True)
151141

142+
with mock.patch.object(
143+
service_account.Credentials, "with_always_use_jwt_access", create=True
144+
) as use_jwt:
145+
creds = service_account.Credentials(None, None, None)
146+
transport = transport_class(credentials=creds, always_use_jwt_access=False)
147+
use_jwt.assert_not_called()
148+
152149

153150
@pytest.mark.parametrize("client_class", [ApplicationsClient, ApplicationsAsyncClient,])
154151
def test_applications_client_from_service_account_file(client_class):
@@ -225,6 +222,7 @@ def test_applications_client_client_options(
225222
client_cert_source_for_mtls=None,
226223
quota_project_id=None,
227224
client_info=transports.base.DEFAULT_CLIENT_INFO,
225+
always_use_jwt_access=True,
228226
)
229227

230228
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -241,6 +239,7 @@ def test_applications_client_client_options(
241239
client_cert_source_for_mtls=None,
242240
quota_project_id=None,
243241
client_info=transports.base.DEFAULT_CLIENT_INFO,
242+
always_use_jwt_access=True,
244243
)
245244

246245
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -257,6 +256,7 @@ def test_applications_client_client_options(
257256
client_cert_source_for_mtls=None,
258257
quota_project_id=None,
259258
client_info=transports.base.DEFAULT_CLIENT_INFO,
259+
always_use_jwt_access=True,
260260
)
261261

262262
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -285,6 +285,7 @@ def test_applications_client_client_options(
285285
client_cert_source_for_mtls=None,
286286
quota_project_id="octopus",
287287
client_info=transports.base.DEFAULT_CLIENT_INFO,
288+
always_use_jwt_access=True,
288289
)
289290

290291

@@ -349,6 +350,7 @@ def test_applications_client_mtls_env_auto(
349350
client_cert_source_for_mtls=expected_client_cert_source,
350351
quota_project_id=None,
351352
client_info=transports.base.DEFAULT_CLIENT_INFO,
353+
always_use_jwt_access=True,
352354
)
353355

354356
# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -382,6 +384,7 @@ def test_applications_client_mtls_env_auto(
382384
client_cert_source_for_mtls=expected_client_cert_source,
383385
quota_project_id=None,
384386
client_info=transports.base.DEFAULT_CLIENT_INFO,
387+
always_use_jwt_access=True,
385388
)
386389

387390
# Check the case client_cert_source and ADC client cert are not provided.
@@ -403,6 +406,7 @@ def test_applications_client_mtls_env_auto(
403406
client_cert_source_for_mtls=None,
404407
quota_project_id=None,
405408
client_info=transports.base.DEFAULT_CLIENT_INFO,
409+
always_use_jwt_access=True,
406410
)
407411

408412

@@ -433,6 +437,7 @@ def test_applications_client_client_options_scopes(
433437
client_cert_source_for_mtls=None,
434438
quota_project_id=None,
435439
client_info=transports.base.DEFAULT_CLIENT_INFO,
440+
always_use_jwt_access=True,
436441
)
437442

438443

@@ -463,6 +468,7 @@ def test_applications_client_client_options_credentials_file(
463468
client_cert_source_for_mtls=None,
464469
quota_project_id=None,
465470
client_info=transports.base.DEFAULT_CLIENT_INFO,
471+
always_use_jwt_access=True,
466472
)
467473

468474

@@ -480,6 +486,7 @@ def test_applications_client_client_options_from_dict():
480486
client_cert_source_for_mtls=None,
481487
quota_project_id=None,
482488
client_info=transports.base.DEFAULT_CLIENT_INFO,
489+
always_use_jwt_access=True,
483490
)
484491

485492

packages/google-cloud-appengine-admin/tests/unit/gapic/appengine_admin_v1/test_authorized_certificates.py

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -126,26 +126,14 @@ def test_authorized_certificates_client_from_service_account_info(client_class):
126126
assert client.transport._host == "appengine.googleapis.com:443"
127127

128128

129-
@pytest.mark.parametrize(
130-
"client_class", [AuthorizedCertificatesClient, AuthorizedCertificatesAsyncClient,]
131-
)
132-
def test_authorized_certificates_client_service_account_always_use_jwt(client_class):
133-
with mock.patch.object(
134-
service_account.Credentials, "with_always_use_jwt_access", create=True
135-
) as use_jwt:
136-
creds = service_account.Credentials(None, None, None)
137-
client = client_class(credentials=creds)
138-
use_jwt.assert_not_called()
139-
140-
141129
@pytest.mark.parametrize(
142130
"transport_class,transport_name",
143131
[
144132
(transports.AuthorizedCertificatesGrpcTransport, "grpc"),
145133
(transports.AuthorizedCertificatesGrpcAsyncIOTransport, "grpc_asyncio"),
146134
],
147135
)
148-
def test_authorized_certificates_client_service_account_always_use_jwt_true(
136+
def test_authorized_certificates_client_service_account_always_use_jwt(
149137
transport_class, transport_name
150138
):
151139
with mock.patch.object(
@@ -155,6 +143,13 @@ def test_authorized_certificates_client_service_account_always_use_jwt_true(
155143
transport = transport_class(credentials=creds, always_use_jwt_access=True)
156144
use_jwt.assert_called_once_with(True)
157145

146+
with mock.patch.object(
147+
service_account.Credentials, "with_always_use_jwt_access", create=True
148+
) as use_jwt:
149+
creds = service_account.Credentials(None, None, None)
150+
transport = transport_class(credentials=creds, always_use_jwt_access=False)
151+
use_jwt.assert_not_called()
152+
158153

159154
@pytest.mark.parametrize(
160155
"client_class", [AuthorizedCertificatesClient, AuthorizedCertificatesAsyncClient,]
@@ -239,6 +234,7 @@ def test_authorized_certificates_client_client_options(
239234
client_cert_source_for_mtls=None,
240235
quota_project_id=None,
241236
client_info=transports.base.DEFAULT_CLIENT_INFO,
237+
always_use_jwt_access=True,
242238
)
243239

244240
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -255,6 +251,7 @@ def test_authorized_certificates_client_client_options(
255251
client_cert_source_for_mtls=None,
256252
quota_project_id=None,
257253
client_info=transports.base.DEFAULT_CLIENT_INFO,
254+
always_use_jwt_access=True,
258255
)
259256

260257
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -271,6 +268,7 @@ def test_authorized_certificates_client_client_options(
271268
client_cert_source_for_mtls=None,
272269
quota_project_id=None,
273270
client_info=transports.base.DEFAULT_CLIENT_INFO,
271+
always_use_jwt_access=True,
274272
)
275273

276274
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -299,6 +297,7 @@ def test_authorized_certificates_client_client_options(
299297
client_cert_source_for_mtls=None,
300298
quota_project_id="octopus",
301299
client_info=transports.base.DEFAULT_CLIENT_INFO,
300+
always_use_jwt_access=True,
302301
)
303302

304303

@@ -375,6 +374,7 @@ def test_authorized_certificates_client_mtls_env_auto(
375374
client_cert_source_for_mtls=expected_client_cert_source,
376375
quota_project_id=None,
377376
client_info=transports.base.DEFAULT_CLIENT_INFO,
377+
always_use_jwt_access=True,
378378
)
379379

380380
# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -408,6 +408,7 @@ def test_authorized_certificates_client_mtls_env_auto(
408408
client_cert_source_for_mtls=expected_client_cert_source,
409409
quota_project_id=None,
410410
client_info=transports.base.DEFAULT_CLIENT_INFO,
411+
always_use_jwt_access=True,
411412
)
412413

413414
# Check the case client_cert_source and ADC client cert are not provided.
@@ -429,6 +430,7 @@ def test_authorized_certificates_client_mtls_env_auto(
429430
client_cert_source_for_mtls=None,
430431
quota_project_id=None,
431432
client_info=transports.base.DEFAULT_CLIENT_INFO,
433+
always_use_jwt_access=True,
432434
)
433435

434436

@@ -463,6 +465,7 @@ def test_authorized_certificates_client_client_options_scopes(
463465
client_cert_source_for_mtls=None,
464466
quota_project_id=None,
465467
client_info=transports.base.DEFAULT_CLIENT_INFO,
468+
always_use_jwt_access=True,
466469
)
467470

468471

@@ -497,6 +500,7 @@ def test_authorized_certificates_client_client_options_credentials_file(
497500
client_cert_source_for_mtls=None,
498501
quota_project_id=None,
499502
client_info=transports.base.DEFAULT_CLIENT_INFO,
503+
always_use_jwt_access=True,
500504
)
501505

502506

@@ -516,6 +520,7 @@ def test_authorized_certificates_client_client_options_from_dict():
516520
client_cert_source_for_mtls=None,
517521
quota_project_id=None,
518522
client_info=transports.base.DEFAULT_CLIENT_INFO,
523+
always_use_jwt_access=True,
519524
)
520525

521526

0 commit comments

Comments
 (0)