diff --git a/.coveragerc b/.coveragerc index ca48f2f..cf90d98 100644 --- a/.coveragerc +++ b/.coveragerc @@ -1,27 +1,10 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Generated by synthtool. DO NOT EDIT! [run] branch = True [report] -fail_under = 100 show_missing = True -omit = google/cloud/iam_credentials_v1/__init__.py +omit = + google/cloud/iam_credentials/__init__.py exclude_lines = # Re-enable the standard pragma pragma: NO COVER diff --git a/docs/credentials_v1/services.rst b/docs/credentials_v1/services.rst deleted file mode 100644 index c47ca81..0000000 --- a/docs/credentials_v1/services.rst +++ /dev/null @@ -1,6 +0,0 @@ -Services for Google Iam Credentials v1 API -========================================== -.. toctree:: - :maxdepth: 2 - - iam_credentials diff --git a/docs/credentials_v1/iam_credentials.rst b/docs/iam_credentials_v1/iam_credentials.rst similarity index 100% rename from docs/credentials_v1/iam_credentials.rst rename to docs/iam_credentials_v1/iam_credentials.rst diff --git a/docs/iam_credentials_v1/services.rst b/docs/iam_credentials_v1/services.rst new file mode 100644 index 0000000..d64253c --- /dev/null +++ b/docs/iam_credentials_v1/services.rst @@ -0,0 +1,6 @@ +Services for Google Cloud Iam Credentials v1 API +================================================ +.. toctree:: + :maxdepth: 2 + + iam_credentials diff --git a/docs/credentials_v1/types.rst b/docs/iam_credentials_v1/types.rst similarity index 54% rename from docs/credentials_v1/types.rst rename to docs/iam_credentials_v1/types.rst index 46e5276..665288e 100644 --- a/docs/credentials_v1/types.rst +++ b/docs/iam_credentials_v1/types.rst @@ -1,5 +1,5 @@ -Types for Google Iam Credentials v1 API -======================================= +Types for Google Cloud Iam Credentials v1 API +============================================= .. automodule:: google.cloud.iam_credentials_v1.types :members: diff --git a/docs/index.rst b/docs/index.rst index ef44a2d..f207e85 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -6,21 +6,21 @@ API Reference ------------- .. toctree:: - :maxdepth: 2 + :maxdepth: 2 - credentials_v1/services - credentials_v1/types + iam_credentials_v1/services + iam_credentials_v1/types Migration Guide --------------- -See the guide below for instructions on migrating to the 2.x release of this library. +See the guide below for instructions on migrating to the latest version. .. toctree:: - :maxdepth: 2 + :maxdepth: 2 - UPGRADING +  UPGRADING Changelog @@ -29,6 +29,6 @@ Changelog For a list of all ``google-cloud-iam`` releases: .. toctree:: - :maxdepth: 2 + :maxdepth: 2 - changelog + changelog diff --git a/google/cloud/iam_credentials/py.typed b/google/cloud/iam_credentials/py.typed index 4d9bf55..a8a7868 100644 --- a/google/cloud/iam_credentials/py.typed +++ b/google/cloud/iam_credentials/py.typed @@ -1,2 +1,2 @@ # Marker file for PEP 561. -# The google-iam-credentials package uses inline types. +# The google-cloud-iam package uses inline types. diff --git a/google/cloud/iam_credentials_v1/gapic_metadata.json b/google/cloud/iam_credentials_v1/gapic_metadata.json index 82b1d8a..7ec643e 100644 --- a/google/cloud/iam_credentials_v1/gapic_metadata.json +++ b/google/cloud/iam_credentials_v1/gapic_metadata.json @@ -1,7 +1,7 @@ { "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", "language": "python", - "libraryPackage": "google.iam.credentials_v1", + "libraryPackage": "google.cloud.iam_credentials_v1", "protoPackage": "google.iam.credentials.v1", "schema": "1.0", "services": { diff --git a/google/cloud/iam_credentials_v1/py.typed b/google/cloud/iam_credentials_v1/py.typed index 4d9bf55..a8a7868 100644 --- a/google/cloud/iam_credentials_v1/py.typed +++ b/google/cloud/iam_credentials_v1/py.typed @@ -1,2 +1,2 @@ # Marker file for PEP 561. -# The google-iam-credentials package uses inline types. +# The google-cloud-iam package uses inline types. diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py b/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py index 0b01592..f7b0ab4 100644 --- a/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py +++ b/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py @@ -19,14 +19,17 @@ from typing import Dict, Sequence, Tuple, Type, Union import pkg_resources -from google.api_core.client_options import ClientOptions # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore +from google.api_core.client_options import ClientOptions +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry as retries from google.auth import credentials as ga_credentials # type: ignore from google.oauth2 import service_account # type: ignore -OptionalRetry = Union[retries.Retry, object] +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object] # type: ignore from google.cloud.iam_credentials_v1.types import common from google.protobuf import duration_pb2 # type: ignore diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/client.py b/google/cloud/iam_credentials_v1/services/iam_credentials/client.py index 7263878..661ccf1 100644 --- a/google/cloud/iam_credentials_v1/services/iam_credentials/client.py +++ b/google/cloud/iam_credentials_v1/services/iam_credentials/client.py @@ -14,23 +14,25 @@ # limitations under the License. # from collections import OrderedDict -from distutils import util import os import re from typing import Dict, Optional, Sequence, Tuple, Type, Union import pkg_resources -from google.api_core import client_options as client_options_lib # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore +from google.api_core import client_options as client_options_lib +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry as retries from google.auth import credentials as ga_credentials # type: ignore from google.auth.transport import mtls # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore from google.auth.exceptions import MutualTLSChannelError # type: ignore from google.oauth2 import service_account # type: ignore -OptionalRetry = Union[retries.Retry, object] +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object] # type: ignore from google.cloud.iam_credentials_v1.types import common from google.protobuf import duration_pb2 # type: ignore @@ -294,8 +296,15 @@ def __init__( client_options = client_options_lib.ClientOptions() # Create SSL credentials for mutual TLS if needed. - use_client_cert = bool( - util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) + if os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") not in ( + "true", + "false", + ): + raise ValueError( + "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" + ) + use_client_cert = ( + os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") == "true" ) client_cert_source_func = None diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py index 5fdabe0..e1bb7cd 100644 --- a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py +++ b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py @@ -18,10 +18,10 @@ import pkg_resources import google.auth # type: ignore -import google.api_core # type: ignore -from google.api_core import exceptions as core_exceptions # type: ignore -from google.api_core import gapic_v1 # type: ignore -from google.api_core import retry as retries # type: ignore +import google.api_core +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry as retries from google.auth import credentials as ga_credentials # type: ignore from google.oauth2 import service_account # type: ignore diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py index d60689c..252760f 100644 --- a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py +++ b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py @@ -16,8 +16,8 @@ import warnings from typing import Callable, Dict, Optional, Sequence, Tuple, Union -from google.api_core import grpc_helpers # type: ignore -from google.api_core import gapic_v1 # type: ignore +from google.api_core import grpc_helpers +from google.api_core import gapic_v1 import google.auth # type: ignore from google.auth import credentials as ga_credentials # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py index 49f1204..28c8c73 100644 --- a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py +++ b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py @@ -16,8 +16,8 @@ import warnings from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union -from google.api_core import gapic_v1 # type: ignore -from google.api_core import grpc_helpers_async # type: ignore +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers_async from google.auth import credentials as ga_credentials # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore diff --git a/mypy.ini b/mypy.ini new file mode 100644 index 0000000..4505b48 --- /dev/null +++ b/mypy.ini @@ -0,0 +1,3 @@ +[mypy] +python_version = 3.6 +namespace_packages = True diff --git a/noxfile.py b/noxfile.py index de41c6b..2a2001c 100644 --- a/noxfile.py +++ b/noxfile.py @@ -175,7 +175,7 @@ def cover(session): test runs (not system test runs), and then erases coverage data. """ session.install("coverage", "pytest-cov") - session.run("coverage", "report", "--show-missing", "--fail-under=99") + session.run("coverage", "report", "--show-missing", "--fail-under=100") session.run("coverage", "erase") diff --git a/owlbot.py b/owlbot.py deleted file mode 100644 index b4d2072..0000000 --- a/owlbot.py +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""This script is used to synthesize generated parts of this library.""" - -import synthtool as s -from synthtool import gcp -from synthtool.languages import python - -common = gcp.CommonTemplates() - -default_version = "v1" - -for library in s.get_staging_dirs(default_version): - if library.name =="v1": - # Fix namespace - s.replace( - library / "google/iam/**/*.py", - "google.iam.credentials_v1", - "google.cloud.iam_credentials_v1", - ) - s.replace( - library / "tests/unit/gapic/**/*.py", - "google.iam.credentials_v1", - "google.cloud.iam_credentials_v1", - ) - s.replace( - library / "docs/**/*.rst", - "google.iam.credentials_v1", - "google.cloud.iam_credentials_v1", - ) - - # Rename package to `google-cloud-iam` - s.replace( - [library / "**/*.rst", library / "*/**/*.py", library / "**/*.md"], - "google-iam-credentials", - "google-cloud-iam" - ) - - # Comment out broken assertion in unit test - # https://github.com/googleapis/gapic-generator-python/issues/897 - s.replace( - library / "tests/**/*.py", - "assert args\[0\]\.lifetime == duration_pb2\.Duration\(seconds=751\)", - "# assert args[0].lifetime == duration_pb2.Duration(seconds=751)" - ) - - s.move(library / "google/iam/credentials/", "google/cloud/iam_credentials") - s.move(library / "google/iam/credentials_v1", "google/cloud/iam_credentials_v1") - s.move(library / "tests") - s.move(library / "scripts") - s.move(library / "docs", excludes=["index.rst"]) - s.move(library / "google/cloud/iam_credentials_v1/proto") - -s.remove_staging_dirs() - -# ---------------------------------------------------------------------------- -# Add templated files -# ---------------------------------------------------------------------------- -templated_files = common.py_library( - samples=False, # set to True only if there are samples - microgenerator=True, - cov_level=99, -) -python.py_samples(skip_readmes=True) -s.move(templated_files, excludes=[".coveragerc"]) # microgenerator has a good .coveragerc file - -# TODO(busunkim): Use latest sphinx after microgenerator transition -s.replace("noxfile.py", """['"]sphinx['"]""", '"sphinx<3.0.0"') - -s.shell.run(["nox", "-s", "blacken"], hide_output=False) - diff --git a/scripts/fixup_credentials_v1_keywords.py b/scripts/fixup_iam_credentials_v1_keywords.py similarity index 96% rename from scripts/fixup_credentials_v1_keywords.py rename to scripts/fixup_iam_credentials_v1_keywords.py index 9510dab..bef0e22 100644 --- a/scripts/fixup_credentials_v1_keywords.py +++ b/scripts/fixup_iam_credentials_v1_keywords.py @@ -36,7 +36,7 @@ def partition( return results[1], results[0] -class credentialsCallTransformer(cst.CSTTransformer): +class iam_credentialsCallTransformer(cst.CSTTransformer): CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { 'generate_access_token': ('name', 'scope', 'delegates', 'lifetime', ), @@ -91,7 +91,7 @@ def fix_files( in_dir: pathlib.Path, out_dir: pathlib.Path, *, - transformer=credentialsCallTransformer(), + transformer=iam_credentialsCallTransformer(), ): """Duplicate the input dir to the output dir, fixing file method calls. @@ -124,7 +124,7 @@ def fix_files( if __name__ == '__main__': parser = argparse.ArgumentParser( - description="""Fix up source that uses the credentials client library. + description="""Fix up source that uses the iam_credentials client library. The existing sources are NOT overwritten but are copied to output_dir with changes made. diff --git a/setup.py b/setup.py index 5baf59e..79dcd68 100644 --- a/setup.py +++ b/setup.py @@ -80,7 +80,7 @@ install_requires=dependencies, extras_require={"fixup": ["libcst >= 0.2.5"]}, python_requires=">=3.6", - scripts=["scripts/fixup_credentials_v1_keywords.py"], + scripts=["scripts/fixup_iam_credentials_v1_keywords.py"], include_package_data=True, zip_safe=False, ) diff --git a/tests/unit/gapic/iam_credentials_v1/__init__.py b/tests/unit/gapic/iam_credentials_v1/__init__.py new file mode 100644 index 0000000..4de6597 --- /dev/null +++ b/tests/unit/gapic/iam_credentials_v1/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/gapic/iam_credentials_v1/test_iam_credentials.py b/tests/unit/gapic/iam_credentials_v1/test_iam_credentials.py new file mode 100644 index 0000000..dae2006 --- /dev/null +++ b/tests/unit/gapic/iam_credentials_v1/test_iam_credentials.py @@ -0,0 +1,2042 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import mock + +import grpc +from grpc.experimental import aio +import math +import pytest +from proto.marshal.rules.dates import DurationRule, TimestampRule + + +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.api_core import path_template +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.iam_credentials_v1.services.iam_credentials import ( + IAMCredentialsAsyncClient, +) +from google.cloud.iam_credentials_v1.services.iam_credentials import ( + IAMCredentialsClient, +) +from google.cloud.iam_credentials_v1.services.iam_credentials import transports +from google.cloud.iam_credentials_v1.types import common +from google.oauth2 import service_account +from google.protobuf import duration_pb2 # type: ignore +from google.protobuf import timestamp_pb2 # type: ignore +import google.auth + + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return ( + "foo.googleapis.com" + if ("localhost" in client.DEFAULT_ENDPOINT) + else client.DEFAULT_ENDPOINT + ) + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert IAMCredentialsClient._get_default_mtls_endpoint(None) is None + assert ( + IAMCredentialsClient._get_default_mtls_endpoint(api_endpoint) + == api_mtls_endpoint + ) + assert ( + IAMCredentialsClient._get_default_mtls_endpoint(api_mtls_endpoint) + == api_mtls_endpoint + ) + assert ( + IAMCredentialsClient._get_default_mtls_endpoint(sandbox_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + IAMCredentialsClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + IAMCredentialsClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi + ) + + +@pytest.mark.parametrize( + "client_class", [IAMCredentialsClient, IAMCredentialsAsyncClient,] +) +def test_iam_credentials_client_from_service_account_info(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "iamcredentials.googleapis.com:443" + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.IAMCredentialsGrpcTransport, "grpc"), + (transports.IAMCredentialsGrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_iam_credentials_client_service_account_always_use_jwt( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "client_class", [IAMCredentialsClient, IAMCredentialsAsyncClient,] +) +def test_iam_credentials_client_from_service_account_file(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_file" + ) as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "iamcredentials.googleapis.com:443" + + +def test_iam_credentials_client_get_transport_class(): + transport = IAMCredentialsClient.get_transport_class() + available_transports = [ + transports.IAMCredentialsGrpcTransport, + ] + assert transport in available_transports + + transport = IAMCredentialsClient.get_transport_class("grpc") + assert transport == transports.IAMCredentialsGrpcTransport + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (IAMCredentialsClient, transports.IAMCredentialsGrpcTransport, "grpc"), + ( + IAMCredentialsAsyncClient, + transports.IAMCredentialsGrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +@mock.patch.object( + IAMCredentialsClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(IAMCredentialsClient), +) +@mock.patch.object( + IAMCredentialsAsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(IAMCredentialsAsyncClient), +) +def test_iam_credentials_client_client_options( + client_class, transport_class, transport_name +): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(IAMCredentialsClient, "get_transport_class") as gtc: + transport = transport_class(credentials=ga_credentials.AnonymousCredentials()) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(IAMCredentialsClient, "get_transport_class") as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name, client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class() + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"} + ): + with pytest.raises(ValueError): + client = client_class() + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name, client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name,use_client_cert_env", + [ + (IAMCredentialsClient, transports.IAMCredentialsGrpcTransport, "grpc", "true"), + ( + IAMCredentialsAsyncClient, + transports.IAMCredentialsGrpcAsyncIOTransport, + "grpc_asyncio", + "true", + ), + (IAMCredentialsClient, transports.IAMCredentialsGrpcTransport, "grpc", "false"), + ( + IAMCredentialsAsyncClient, + transports.IAMCredentialsGrpcAsyncIOTransport, + "grpc_asyncio", + "false", + ), + ], +) +@mock.patch.object( + IAMCredentialsClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(IAMCredentialsClient), +) +@mock.patch.object( + IAMCredentialsAsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(IAMCredentialsAsyncClient), +) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_iam_credentials_client_mtls_env_auto( + client_class, transport_class, transport_name, use_client_cert_env +): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + options = client_options.ClientOptions( + client_cert_source=client_cert_source_callback + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name, client_options=options) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, + ): + with mock.patch( + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (IAMCredentialsClient, transports.IAMCredentialsGrpcTransport, "grpc"), + ( + IAMCredentialsAsyncClient, + transports.IAMCredentialsGrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_iam_credentials_client_client_options_scopes( + client_class, transport_class, transport_name +): + # Check the case scopes are provided. + options = client_options.ClientOptions(scopes=["1", "2"],) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name, client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (IAMCredentialsClient, transports.IAMCredentialsGrpcTransport, "grpc"), + ( + IAMCredentialsAsyncClient, + transports.IAMCredentialsGrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_iam_credentials_client_client_options_credentials_file( + client_class, transport_class, transport_name +): + # Check the case credentials file is provided. + options = client_options.ClientOptions(credentials_file="credentials.json") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(transport=transport_name, client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_iam_credentials_client_client_options_from_dict(): + with mock.patch( + "google.cloud.iam_credentials_v1.services.iam_credentials.transports.IAMCredentialsGrpcTransport.__init__" + ) as grpc_transport: + grpc_transport.return_value = None + client = IAMCredentialsClient( + client_options={"api_endpoint": "squid.clam.whelk"} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_generate_access_token( + transport: str = "grpc", request_type=common.GenerateAccessTokenRequest +): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_access_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = common.GenerateAccessTokenResponse( + access_token="access_token_value", + ) + response = client.generate_access_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == common.GenerateAccessTokenRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.GenerateAccessTokenResponse) + assert response.access_token == "access_token_value" + + +def test_generate_access_token_from_dict(): + test_generate_access_token(request_type=dict) + + +def test_generate_access_token_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_access_token), "__call__" + ) as call: + client.generate_access_token() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == common.GenerateAccessTokenRequest() + + +@pytest.mark.asyncio +async def test_generate_access_token_async( + transport: str = "grpc_asyncio", request_type=common.GenerateAccessTokenRequest +): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_access_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.GenerateAccessTokenResponse(access_token="access_token_value",) + ) + response = await client.generate_access_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == common.GenerateAccessTokenRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.GenerateAccessTokenResponse) + assert response.access_token == "access_token_value" + + +@pytest.mark.asyncio +async def test_generate_access_token_async_from_dict(): + await test_generate_access_token_async(request_type=dict) + + +def test_generate_access_token_field_headers(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.GenerateAccessTokenRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_access_token), "__call__" + ) as call: + call.return_value = common.GenerateAccessTokenResponse() + client.generate_access_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_generate_access_token_field_headers_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.GenerateAccessTokenRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_access_token), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.GenerateAccessTokenResponse() + ) + await client.generate_access_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_generate_access_token_flattened(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_access_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = common.GenerateAccessTokenResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.generate_access_token( + name="name_value", + delegates=["delegates_value"], + scope=["scope_value"], + lifetime=duration_pb2.Duration(seconds=751), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].scope + mock_val = ["scope_value"] + assert arg == mock_val + assert DurationRule().to_proto(args[0].lifetime) == duration_pb2.Duration( + seconds=751 + ) + + +def test_generate_access_token_flattened_error(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.generate_access_token( + common.GenerateAccessTokenRequest(), + name="name_value", + delegates=["delegates_value"], + scope=["scope_value"], + lifetime=duration_pb2.Duration(seconds=751), + ) + + +@pytest.mark.asyncio +async def test_generate_access_token_flattened_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_access_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = common.GenerateAccessTokenResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.GenerateAccessTokenResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.generate_access_token( + name="name_value", + delegates=["delegates_value"], + scope=["scope_value"], + lifetime=duration_pb2.Duration(seconds=751), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].scope + mock_val = ["scope_value"] + assert arg == mock_val + assert DurationRule().to_proto(args[0].lifetime) == duration_pb2.Duration( + seconds=751 + ) + + +@pytest.mark.asyncio +async def test_generate_access_token_flattened_error_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.generate_access_token( + common.GenerateAccessTokenRequest(), + name="name_value", + delegates=["delegates_value"], + scope=["scope_value"], + lifetime=duration_pb2.Duration(seconds=751), + ) + + +def test_generate_id_token( + transport: str = "grpc", request_type=common.GenerateIdTokenRequest +): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_id_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = common.GenerateIdTokenResponse(token="token_value",) + response = client.generate_id_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == common.GenerateIdTokenRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.GenerateIdTokenResponse) + assert response.token == "token_value" + + +def test_generate_id_token_from_dict(): + test_generate_id_token(request_type=dict) + + +def test_generate_id_token_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_id_token), "__call__" + ) as call: + client.generate_id_token() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == common.GenerateIdTokenRequest() + + +@pytest.mark.asyncio +async def test_generate_id_token_async( + transport: str = "grpc_asyncio", request_type=common.GenerateIdTokenRequest +): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_id_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.GenerateIdTokenResponse(token="token_value",) + ) + response = await client.generate_id_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == common.GenerateIdTokenRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.GenerateIdTokenResponse) + assert response.token == "token_value" + + +@pytest.mark.asyncio +async def test_generate_id_token_async_from_dict(): + await test_generate_id_token_async(request_type=dict) + + +def test_generate_id_token_field_headers(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.GenerateIdTokenRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_id_token), "__call__" + ) as call: + call.return_value = common.GenerateIdTokenResponse() + client.generate_id_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_generate_id_token_field_headers_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.GenerateIdTokenRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_id_token), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.GenerateIdTokenResponse() + ) + await client.generate_id_token(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_generate_id_token_flattened(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_id_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = common.GenerateIdTokenResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.generate_id_token( + name="name_value", + delegates=["delegates_value"], + audience="audience_value", + include_email=True, + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].audience + mock_val = "audience_value" + assert arg == mock_val + arg = args[0].include_email + mock_val = True + assert arg == mock_val + + +def test_generate_id_token_flattened_error(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.generate_id_token( + common.GenerateIdTokenRequest(), + name="name_value", + delegates=["delegates_value"], + audience="audience_value", + include_email=True, + ) + + +@pytest.mark.asyncio +async def test_generate_id_token_flattened_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_id_token), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = common.GenerateIdTokenResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.GenerateIdTokenResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.generate_id_token( + name="name_value", + delegates=["delegates_value"], + audience="audience_value", + include_email=True, + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].audience + mock_val = "audience_value" + assert arg == mock_val + arg = args[0].include_email + mock_val = True + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_generate_id_token_flattened_error_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.generate_id_token( + common.GenerateIdTokenRequest(), + name="name_value", + delegates=["delegates_value"], + audience="audience_value", + include_email=True, + ) + + +def test_sign_blob(transport: str = "grpc", request_type=common.SignBlobRequest): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_blob), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = common.SignBlobResponse( + key_id="key_id_value", signed_blob=b"signed_blob_blob", + ) + response = client.sign_blob(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == common.SignBlobRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.SignBlobResponse) + assert response.key_id == "key_id_value" + assert response.signed_blob == b"signed_blob_blob" + + +def test_sign_blob_from_dict(): + test_sign_blob(request_type=dict) + + +def test_sign_blob_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_blob), "__call__") as call: + client.sign_blob() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == common.SignBlobRequest() + + +@pytest.mark.asyncio +async def test_sign_blob_async( + transport: str = "grpc_asyncio", request_type=common.SignBlobRequest +): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_blob), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.SignBlobResponse( + key_id="key_id_value", signed_blob=b"signed_blob_blob", + ) + ) + response = await client.sign_blob(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == common.SignBlobRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.SignBlobResponse) + assert response.key_id == "key_id_value" + assert response.signed_blob == b"signed_blob_blob" + + +@pytest.mark.asyncio +async def test_sign_blob_async_from_dict(): + await test_sign_blob_async(request_type=dict) + + +def test_sign_blob_field_headers(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.SignBlobRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_blob), "__call__") as call: + call.return_value = common.SignBlobResponse() + client.sign_blob(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_sign_blob_field_headers_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.SignBlobRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_blob), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.SignBlobResponse() + ) + await client.sign_blob(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_sign_blob_flattened(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_blob), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = common.SignBlobResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.sign_blob( + name="name_value", delegates=["delegates_value"], payload=b"payload_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].payload + mock_val = b"payload_blob" + assert arg == mock_val + + +def test_sign_blob_flattened_error(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.sign_blob( + common.SignBlobRequest(), + name="name_value", + delegates=["delegates_value"], + payload=b"payload_blob", + ) + + +@pytest.mark.asyncio +async def test_sign_blob_flattened_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_blob), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = common.SignBlobResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.SignBlobResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.sign_blob( + name="name_value", delegates=["delegates_value"], payload=b"payload_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].payload + mock_val = b"payload_blob" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_sign_blob_flattened_error_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.sign_blob( + common.SignBlobRequest(), + name="name_value", + delegates=["delegates_value"], + payload=b"payload_blob", + ) + + +def test_sign_jwt(transport: str = "grpc", request_type=common.SignJwtRequest): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = common.SignJwtResponse( + key_id="key_id_value", signed_jwt="signed_jwt_value", + ) + response = client.sign_jwt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == common.SignJwtRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.SignJwtResponse) + assert response.key_id == "key_id_value" + assert response.signed_jwt == "signed_jwt_value" + + +def test_sign_jwt_from_dict(): + test_sign_jwt(request_type=dict) + + +def test_sign_jwt_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call: + client.sign_jwt() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == common.SignJwtRequest() + + +@pytest.mark.asyncio +async def test_sign_jwt_async( + transport: str = "grpc_asyncio", request_type=common.SignJwtRequest +): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.SignJwtResponse( + key_id="key_id_value", signed_jwt="signed_jwt_value", + ) + ) + response = await client.sign_jwt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == common.SignJwtRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, common.SignJwtResponse) + assert response.key_id == "key_id_value" + assert response.signed_jwt == "signed_jwt_value" + + +@pytest.mark.asyncio +async def test_sign_jwt_async_from_dict(): + await test_sign_jwt_async(request_type=dict) + + +def test_sign_jwt_field_headers(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.SignJwtRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call: + call.return_value = common.SignJwtResponse() + client.sign_jwt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_sign_jwt_field_headers_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = common.SignJwtRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.SignJwtResponse() + ) + await client.sign_jwt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_sign_jwt_flattened(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = common.SignJwtResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.sign_jwt( + name="name_value", delegates=["delegates_value"], payload="payload_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].payload + mock_val = "payload_value" + assert arg == mock_val + + +def test_sign_jwt_flattened_error(): + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.sign_jwt( + common.SignJwtRequest(), + name="name_value", + delegates=["delegates_value"], + payload="payload_value", + ) + + +@pytest.mark.asyncio +async def test_sign_jwt_flattened_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = common.SignJwtResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + common.SignJwtResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.sign_jwt( + name="name_value", delegates=["delegates_value"], payload="payload_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].delegates + mock_val = ["delegates_value"] + assert arg == mock_val + arg = args[0].payload + mock_val = "payload_value" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_sign_jwt_flattened_error_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.sign_jwt( + common.SignJwtRequest(), + name="name_value", + delegates=["delegates_value"], + payload="payload_value", + ) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.IAMCredentialsGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.IAMCredentialsGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IAMCredentialsClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.IAMCredentialsGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = IAMCredentialsClient( + client_options={"scopes": ["1", "2"]}, transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.IAMCredentialsGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = IAMCredentialsClient(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.IAMCredentialsGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.IAMCredentialsGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.IAMCredentialsGrpcTransport, + transports.IAMCredentialsGrpcAsyncIOTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),) + assert isinstance(client.transport, transports.IAMCredentialsGrpcTransport,) + + +def test_iam_credentials_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.IAMCredentialsTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_iam_credentials_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.iam_credentials_v1.services.iam_credentials.transports.IAMCredentialsTransport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.IAMCredentialsTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + "generate_access_token", + "generate_id_token", + "sign_blob", + "sign_jwt", + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + with pytest.raises(NotImplementedError): + transport.close() + + +def test_iam_credentials_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.iam_credentials_v1.services.iam_credentials.transports.IAMCredentialsTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IAMCredentialsTransport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +def test_iam_credentials_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( + "google.cloud.iam_credentials_v1.services.iam_credentials.transports.IAMCredentialsTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.IAMCredentialsTransport() + adc.assert_called_once() + + +def test_iam_credentials_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + IAMCredentialsClient() + adc.assert_called_once_with( + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.IAMCredentialsGrpcTransport, + transports.IAMCredentialsGrpcAsyncIOTransport, + ], +) +def test_iam_credentials_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.IAMCredentialsGrpcTransport, grpc_helpers), + (transports.IAMCredentialsGrpcAsyncIOTransport, grpc_helpers_async), + ], +) +def test_iam_credentials_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "iamcredentials.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=["1", "2"], + default_host="iamcredentials.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.IAMCredentialsGrpcTransport, + transports.IAMCredentialsGrpcAsyncIOTransport, + ], +) +def test_iam_credentials_grpc_transport_client_cert_source_for_mtls(transport_class): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + +def test_iam_credentials_host_no_port(): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="iamcredentials.googleapis.com" + ), + ) + assert client.transport._host == "iamcredentials.googleapis.com:443" + + +def test_iam_credentials_host_with_port(): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="iamcredentials.googleapis.com:8000" + ), + ) + assert client.transport._host == "iamcredentials.googleapis.com:8000" + + +def test_iam_credentials_grpc_transport_channel(): + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.IAMCredentialsGrpcTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_iam_credentials_grpc_asyncio_transport_channel(): + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.IAMCredentialsGrpcAsyncIOTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.IAMCredentialsGrpcTransport, + transports.IAMCredentialsGrpcAsyncIOTransport, + ], +) +def test_iam_credentials_transport_channel_mtls_with_client_cert_source( + transport_class, +): + with mock.patch( + "grpc.ssl_channel_credentials", autospec=True + ) as grpc_ssl_channel_cred: + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.IAMCredentialsGrpcTransport, + transports.IAMCredentialsGrpcAsyncIOTransport, + ], +) +def test_iam_credentials_transport_channel_mtls_with_adc(transport_class): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_service_account_path(): + project = "squid" + service_account = "clam" + expected = "projects/{project}/serviceAccounts/{service_account}".format( + project=project, service_account=service_account, + ) + actual = IAMCredentialsClient.service_account_path(project, service_account) + assert expected == actual + + +def test_parse_service_account_path(): + expected = { + "project": "whelk", + "service_account": "octopus", + } + path = IAMCredentialsClient.service_account_path(**expected) + + # Check that the path construction is reversible. + actual = IAMCredentialsClient.parse_service_account_path(path) + assert expected == actual + + +def test_common_billing_account_path(): + billing_account = "oyster" + expected = "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + actual = IAMCredentialsClient.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "nudibranch", + } + path = IAMCredentialsClient.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = IAMCredentialsClient.parse_common_billing_account_path(path) + assert expected == actual + + +def test_common_folder_path(): + folder = "cuttlefish" + expected = "folders/{folder}".format(folder=folder,) + actual = IAMCredentialsClient.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "mussel", + } + path = IAMCredentialsClient.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = IAMCredentialsClient.parse_common_folder_path(path) + assert expected == actual + + +def test_common_organization_path(): + organization = "winkle" + expected = "organizations/{organization}".format(organization=organization,) + actual = IAMCredentialsClient.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "nautilus", + } + path = IAMCredentialsClient.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = IAMCredentialsClient.parse_common_organization_path(path) + assert expected == actual + + +def test_common_project_path(): + project = "scallop" + expected = "projects/{project}".format(project=project,) + actual = IAMCredentialsClient.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "abalone", + } + path = IAMCredentialsClient.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = IAMCredentialsClient.parse_common_project_path(path) + assert expected == actual + + +def test_common_location_path(): + project = "squid" + location = "clam" + expected = "projects/{project}/locations/{location}".format( + project=project, location=location, + ) + actual = IAMCredentialsClient.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "whelk", + "location": "octopus", + } + path = IAMCredentialsClient.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = IAMCredentialsClient.parse_common_location_path(path) + assert expected == actual + + +def test_client_withDEFAULT_CLIENT_INFO(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object( + transports.IAMCredentialsTransport, "_prep_wrapped_messages" + ) as prep: + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object( + transports.IAMCredentialsTransport, "_prep_wrapped_messages" + ) as prep: + transport_class = IAMCredentialsClient.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + +@pytest.mark.asyncio +async def test_transport_close_async(): + client = IAMCredentialsAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc_asyncio", + ) + with mock.patch.object( + type(getattr(client.transport, "grpc_channel")), "close" + ) as close: + async with client: + close.assert_not_called() + close.assert_called_once() + + +def test_transport_close(): + transports = { + "grpc": "_grpc_channel", + } + + for transport, close_name in transports.items(): + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + with mock.patch.object( + type(getattr(client.transport, close_name)), "close" + ) as close: + with client: + close.assert_not_called() + close.assert_called_once() + + +def test_client_ctx(): + transports = [ + "grpc", + ] + for transport in transports: + client = IAMCredentialsClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport + ) + # Test client calls underlying transport. + with mock.patch.object(type(client.transport), "close") as close: + close.assert_not_called() + with client: + pass + close.assert_called()