Skip to content
This repository has been archived by the owner on Oct 31, 2023. It is now read-only.

Commit

Permalink
fix: enable self signed jwt for grpc (#53)
Browse files Browse the repository at this point in the history 
PiperOrigin-RevId: 386504689

Source-Link: googleapis/googleapis@762094a

Source-Link: googleapis/googleapis-gen@6bfc480
  • Loading branch information
@gcf-owl-bot
gcf-owl-bot[bot] committed Jul 24, 2021
1 parent b38db87 commit 8b6c798
Show file tree
Hide file tree
Showing 16 changed files with 176 additions and 94 deletions.
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/applications/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def get_application(
Expand Down
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/authorized_certificates/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def list_authorized_certificates(
Expand Down
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/authorized_domains/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def list_authorized_domains(
Expand Down
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/domain_mappings/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -333,6 +333,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def list_domain_mappings(
Expand Down
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/firewall/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def list_ingress_rules(
Expand Down
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/instances/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def list_instances(
Expand Down
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/services/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def list_services(
Expand Down
4 changes: 4 additions & 0 deletions google/cloud/appengine_admin_v1/services/versions/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def list_versions(
Expand Down
29 changes: 18 additions & 11 deletions tests/unit/gapic/appengine_admin_v1/test_applications.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,24 +122,14 @@ def test_applications_client_from_service_account_info(client_class):
assert client.transport._host == "appengine.googleapis.com:443"


@pytest.mark.parametrize("client_class", [ApplicationsClient, ApplicationsAsyncClient,])
def test_applications_client_service_account_always_use_jwt(client_class):
with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"transport_class,transport_name",
[
(transports.ApplicationsGrpcTransport, "grpc"),
(transports.ApplicationsGrpcAsyncIOTransport, "grpc_asyncio"),
],
)
def test_applications_client_service_account_always_use_jwt_true(
def test_applications_client_service_account_always_use_jwt(
transport_class, transport_name
):
with mock.patch.object(
Expand All @@ -149,6 +139,13 @@ def test_applications_client_service_account_always_use_jwt_true(
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)

with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=False)
use_jwt.assert_not_called()


@pytest.mark.parametrize("client_class", [ApplicationsClient, ApplicationsAsyncClient,])
def test_applications_client_from_service_account_file(client_class):
Expand Down Expand Up @@ -225,6 +222,7 @@ def test_applications_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -241,6 +239,7 @@ def test_applications_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -257,6 +256,7 @@ def test_applications_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
Expand Down Expand Up @@ -285,6 +285,7 @@ def test_applications_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down Expand Up @@ -349,6 +350,7 @@ def test_applications_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case ADC client cert is provided. Whether client cert is used depends on
Expand Down Expand Up @@ -382,6 +384,7 @@ def test_applications_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case client_cert_source and ADC client cert are not provided.
Expand All @@ -403,6 +406,7 @@ def test_applications_client_mtls_env_auto(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down Expand Up @@ -433,6 +437,7 @@ def test_applications_client_client_options_scopes(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down Expand Up @@ -463,6 +468,7 @@ def test_applications_client_client_options_credentials_file(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand All @@ -480,6 +486,7 @@ def test_applications_client_client_options_from_dict():
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down
31 changes: 18 additions & 13 deletions tests/unit/gapic/appengine_admin_v1/test_authorized_certificates.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,26 +126,14 @@ def test_authorized_certificates_client_from_service_account_info(client_class):
assert client.transport._host == "appengine.googleapis.com:443"


@pytest.mark.parametrize(
"client_class", [AuthorizedCertificatesClient, AuthorizedCertificatesAsyncClient,]
)
def test_authorized_certificates_client_service_account_always_use_jwt(client_class):
with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"transport_class,transport_name",
[
(transports.AuthorizedCertificatesGrpcTransport, "grpc"),
(transports.AuthorizedCertificatesGrpcAsyncIOTransport, "grpc_asyncio"),
],
)
def test_authorized_certificates_client_service_account_always_use_jwt_true(
def test_authorized_certificates_client_service_account_always_use_jwt(
transport_class, transport_name
):
with mock.patch.object(
Expand All @@ -155,6 +143,13 @@ def test_authorized_certificates_client_service_account_always_use_jwt_true(
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)

with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=False)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"client_class", [AuthorizedCertificatesClient, AuthorizedCertificatesAsyncClient,]
Expand Down Expand Up @@ -239,6 +234,7 @@ def test_authorized_certificates_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -255,6 +251,7 @@ def test_authorized_certificates_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -271,6 +268,7 @@ def test_authorized_certificates_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
Expand Down Expand Up @@ -299,6 +297,7 @@ def test_authorized_certificates_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down Expand Up @@ -375,6 +374,7 @@ def test_authorized_certificates_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case ADC client cert is provided. Whether client cert is used depends on
Expand Down Expand Up @@ -408,6 +408,7 @@ def test_authorized_certificates_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case client_cert_source and ADC client cert are not provided.
Expand All @@ -429,6 +430,7 @@ def test_authorized_certificates_client_mtls_env_auto(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down Expand Up @@ -463,6 +465,7 @@ def test_authorized_certificates_client_client_options_scopes(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down Expand Up @@ -497,6 +500,7 @@ def test_authorized_certificates_client_client_options_credentials_file(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand All @@ -516,6 +520,7 @@ def test_authorized_certificates_client_client_options_from_dict():
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down
Loading

0 comments on commit 8b6c798

Please sign in to comment.