From 01439e37877d6e80e7bebe2143e971a0dee91f9f Mon Sep 17 00:00:00 2001 From: Bu Sun Kim Date: Mon, 28 Jun 2021 23:04:27 +0000 Subject: [PATCH 1/3] fix: disable always_use_jwt_access Some APIs with Cloud Storage integrations seem to have failing samples when non-default scopes are provided. This PR disables the feature globally for now while we investigate. We can no longer rollback da119c72c8 as some libraries have been released with the change and removing the kwarg would be a breaking change. --- .../%sub/services/%service/transports/base.py.j2 | 4 ++-- .../%sub/services/%service/transports/grpc.py.j2 | 2 +- .../%sub/services/%service/transports/grpc_asyncio.py.j2 | 2 +- .../tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 | 2 +- .../cloud/asset_v1/services/asset_service/transports/base.py | 2 +- .../cloud/asset_v1/services/asset_service/transports/grpc.py | 2 +- .../services/asset_service/transports/grpc_asyncio.py | 2 +- .../asset/tests/unit/gapic/asset_v1/test_asset_service.py | 2 +- .../services/iam_credentials/transports/base.py | 2 +- .../services/iam_credentials/transports/grpc.py | 2 +- .../services/iam_credentials/transports/grpc_asyncio.py | 2 +- .../tests/unit/gapic/credentials_v1/test_iam_credentials.py | 2 +- .../logging_v2/services/config_service_v2/transports/base.py | 2 +- .../logging_v2/services/config_service_v2/transports/grpc.py | 2 +- .../services/config_service_v2/transports/grpc_asyncio.py | 2 +- .../logging_v2/services/logging_service_v2/transports/base.py | 2 +- .../logging_v2/services/logging_service_v2/transports/grpc.py | 2 +- .../services/logging_service_v2/transports/grpc_asyncio.py | 2 +- .../logging_v2/services/metrics_service_v2/transports/base.py | 2 +- .../logging_v2/services/metrics_service_v2/transports/grpc.py | 2 +- .../services/metrics_service_v2/transports/grpc_asyncio.py | 2 +- .../tests/unit/gapic/logging_v2/test_config_service_v2.py | 2 +- .../tests/unit/gapic/logging_v2/test_logging_service_v2.py | 2 +- .../tests/unit/gapic/logging_v2/test_metrics_service_v2.py | 2 +- .../cloud/redis_v1/services/cloud_redis/transports/base.py | 2 +- .../cloud/redis_v1/services/cloud_redis/transports/grpc.py | 2 +- .../redis_v1/services/cloud_redis/transports/grpc_asyncio.py | 2 +- .../redis/tests/unit/gapic/redis_v1/test_cloud_redis.py | 2 +- 28 files changed, 29 insertions(+), 29 deletions(-) diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 index df07685e6c..b984ca2ab2 100644 --- a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 +++ b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 @@ -130,8 +130,8 @@ class {{ service.name }}Transport(abc.ABC): # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) - + credentials = credentials.with_always_use_jwt_access(False) + # Save the credentials. self._credentials = credentials diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 index c2dd618569..2a56a2b3bb 100644 --- a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 +++ b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 @@ -150,7 +150,7 @@ class {{ service.name }}GrpcTransport({{ service.name }}Transport): scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 index 24fc3476a1..d6a3b3385e 100644 --- a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 +++ b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 @@ -195,7 +195,7 @@ class {{ service.grpc_asyncio_transport_name }}({{ service.name }}Transport): scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 index 587679e8df..6db0a3d5b1 100644 --- a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 +++ b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 @@ -123,7 +123,7 @@ def test_{{ service.client_name|snake_case }}_service_account_always_use_jwt(cli with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() @pytest.mark.parametrize("client_class", [ diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py index cd427b6a2a..aed5fb2b30 100644 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py @@ -120,7 +120,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) + credentials = credentials.with_always_use_jwt_access(False) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py index 60326ac61d..4c99d602a5 100644 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py @@ -150,7 +150,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py index 748505dd03..f58ad96614 100644 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py @@ -195,7 +195,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py index 018e0e9dbd..3d0e59a254 100644 --- a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py +++ b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py @@ -113,7 +113,7 @@ def test_asset_service_client_service_account_always_use_jwt(client_class): with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() @pytest.mark.parametrize("client_class", [ diff --git a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py index 4c45c7dda0..135e4953de 100644 --- a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py +++ b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py @@ -117,7 +117,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) + credentials = credentials.with_always_use_jwt_access(False) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py index 76c83a0b03..00825b5f01 100644 --- a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py +++ b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py @@ -155,7 +155,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py index 65aa22ae67..e55deb75d0 100644 --- a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py +++ b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py @@ -200,7 +200,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py index 4f77de8600..22e551683e 100644 --- a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py +++ b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py @@ -105,7 +105,7 @@ def test_iam_credentials_client_service_account_always_use_jwt(client_class): with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() @pytest.mark.parametrize("client_class", [ diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py index 1c5dae9241..ea9d63f690 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py @@ -121,7 +121,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) + credentials = credentials.with_always_use_jwt_access(False) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py index 7544123281..48114e68f8 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py @@ -147,7 +147,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py index 970b3049a7..73bb836301 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py @@ -192,7 +192,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py index 4dd3a95225..b941ba8158 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py @@ -122,7 +122,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) + credentials = credentials.with_always_use_jwt_access(False) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py index bf8e6e527c..76381915b4 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py @@ -147,7 +147,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py index dd27784197..8889964516 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py @@ -192,7 +192,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py index dbd78ea6a7..24f8a1b00a 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py @@ -122,7 +122,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) + credentials = credentials.with_always_use_jwt_access(False) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py index a8bbf146c9..46057e5791 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py @@ -147,7 +147,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py index bb19604e44..76b5767c96 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py @@ -192,7 +192,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py index 7677467375..5e9af1b8cd 100644 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -106,7 +106,7 @@ def test_config_service_v2_client_service_account_always_use_jwt(client_class): with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() @pytest.mark.parametrize("client_class", [ diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py index 19889d562b..4bda9a669c 100644 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -112,7 +112,7 @@ def test_logging_service_v2_client_service_account_always_use_jwt(client_class): with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() @pytest.mark.parametrize("client_class", [ diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index cb8188a8b9..19872e352a 100644 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -110,7 +110,7 @@ def test_metrics_service_v2_client_service_account_always_use_jwt(client_class): with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() @pytest.mark.parametrize("client_class", [ diff --git a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py index e9ade44365..f2d0f8fa39 100644 --- a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py +++ b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py @@ -119,7 +119,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) + credentials = credentials.with_always_use_jwt_access(False) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py index 8b7117bfdf..de210c0e02 100644 --- a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py +++ b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py @@ -169,7 +169,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py index 55f04e1ab9..1227f20b92 100644 --- a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py +++ b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py @@ -214,7 +214,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=True, + always_use_jwt_access=False, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py index 70fc02b2f6..15a7176759 100644 --- a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -110,7 +110,7 @@ def test_cloud_redis_client_service_account_always_use_jwt(client_class): with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: creds = service_account.Credentials(None, None, None) client = client_class(credentials=creds) - use_jwt.assert_called_with(True) + use_jwt.assert_not_called() @pytest.mark.parametrize("client_class", [ From c2cb642e36fd246c76d4f1164562f1cd42c9f958 Mon Sep 17 00:00:00 2001 From: Bu Sun Kim Date: Tue, 29 Jun 2021 14:56:03 +0000 Subject: [PATCH 2/3] fix: add always_use_jwt_access to grpc, grpc-asyncio transports --- .../%sub/services/%service/transports/base.py.j2 | 2 +- .../%sub/services/%service/transports/grpc.py.j2 | 5 ++++- .../%service/transports/grpc_asyncio.py.j2 | 5 ++++- .../gapic/%name_%version/%sub/test_%service.py.j2 | 15 +++++++++++++++ .../services/iam_credentials/transports/base.py | 2 +- .../services/iam_credentials/transports/grpc.py | 5 ++++- .../iam_credentials/transports/grpc_asyncio.py | 5 ++++- .../gapic/credentials_v1/test_iam_credentials.py | 11 +++++++++++ .../services/config_service_v2/transports/base.py | 2 +- .../services/config_service_v2/transports/grpc.py | 5 ++++- .../config_service_v2/transports/grpc_asyncio.py | 5 ++++- .../logging_service_v2/transports/base.py | 2 +- .../logging_service_v2/transports/grpc.py | 5 ++++- .../logging_service_v2/transports/grpc_asyncio.py | 5 ++++- .../metrics_service_v2/transports/base.py | 2 +- .../metrics_service_v2/transports/grpc.py | 5 ++++- .../metrics_service_v2/transports/grpc_asyncio.py | 5 ++++- .../gapic/logging_v2/test_config_service_v2.py | 11 +++++++++++ .../gapic/logging_v2/test_logging_service_v2.py | 11 +++++++++++ .../gapic/logging_v2/test_metrics_service_v2.py | 11 +++++++++++ .../services/cloud_redis/transports/base.py | 2 +- .../services/cloud_redis/transports/grpc.py | 5 ++++- .../cloud_redis/transports/grpc_asyncio.py | 5 ++++- .../tests/unit/gapic/redis_v1/test_cloud_redis.py | 11 +++++++++++ 24 files changed, 124 insertions(+), 18 deletions(-) diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 index b984ca2ab2..76d8fccbdd 100644 --- a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 +++ b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/base.py.j2 @@ -130,7 +130,7 @@ class {{ service.name }}Transport(abc.ABC): # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(False) + credentials = credentials.with_always_use_jwt_access(True) # Save the credentials. self._credentials = credentials diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 index 2a56a2b3bb..a534ed95d7 100644 --- a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 +++ b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc.py.j2 @@ -55,6 +55,7 @@ class {{ service.name }}GrpcTransport({{ service.name }}Transport): client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -95,6 +96,8 @@ class {{ service.name }}GrpcTransport({{ service.name }}Transport): API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -150,7 +153,7 @@ class {{ service.name }}GrpcTransport({{ service.name }}Transport): scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 index d6a3b3385e..15f290f3b8 100644 --- a/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 +++ b/gapic/templates/%namespace/%name_%version/%sub/services/%service/transports/grpc_asyncio.py.j2 @@ -100,6 +100,7 @@ class {{ service.grpc_asyncio_transport_name }}({{ service.name }}Transport): client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -141,6 +142,8 @@ class {{ service.grpc_asyncio_transport_name }}({{ service.name }}Transport): API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -195,7 +198,7 @@ class {{ service.grpc_asyncio_transport_name }}({{ service.name }}Transport): scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 index 6db0a3d5b1..4792b4976e 100644 --- a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 +++ b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 @@ -126,6 +126,21 @@ def test_{{ service.client_name|snake_case }}_service_account_always_use_jwt(cli use_jwt.assert_not_called() +@pytest.mark.parametrize("transport_class,transport_name", [ + {% if 'grpc' in opts.transport %} + (transports.{{ service.grpc_transport_name }}, "grpc"), + (transports.{{ service.grpc_asyncio_transport_name }}, "grpc_asyncio"), + {% elif 'rest' in opts.transport %} + (transports.{{ service.rest_transport_name }}, "rest"), + {% endif %} +]) +def test_{{ service.client_name|snake_case }}_service_account_always_use_jwt_true(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + @pytest.mark.parametrize("client_class", [ {{ service.client_name }}, {% if 'grpc' in opts.transport %} diff --git a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py index 135e4953de..4c45c7dda0 100644 --- a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py +++ b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/base.py @@ -117,7 +117,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(False) + credentials = credentials.with_always_use_jwt_access(True) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py index 00825b5f01..90204dac79 100644 --- a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py +++ b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc.py @@ -63,6 +63,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -103,6 +104,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -155,7 +158,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py index e55deb75d0..c27282cd39 100644 --- a/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py +++ b/tests/integration/goldens/credentials/google/iam/credentials_v1/services/iam_credentials/transports/grpc_asyncio.py @@ -108,6 +108,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -149,6 +150,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -200,7 +203,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py index 22e551683e..1603f0e7e6 100644 --- a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py +++ b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py @@ -108,6 +108,17 @@ def test_iam_credentials_client_service_account_always_use_jwt(client_class): use_jwt.assert_not_called() +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.IAMCredentialsGrpcTransport, "grpc"), + (transports.IAMCredentialsGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_iam_credentials_client_service_account_always_use_jwt_true(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + @pytest.mark.parametrize("client_class", [ IAMCredentialsClient, IAMCredentialsAsyncClient, diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py index ea9d63f690..1c5dae9241 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/base.py @@ -121,7 +121,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(False) + credentials = credentials.with_always_use_jwt_access(True) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py index 48114e68f8..5d8245df1c 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc.py @@ -55,6 +55,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -95,6 +96,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -147,7 +150,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py index 73bb836301..07343e8297 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/config_service_v2/transports/grpc_asyncio.py @@ -100,6 +100,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -141,6 +142,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -192,7 +195,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py index b941ba8158..4dd3a95225 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/base.py @@ -122,7 +122,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(False) + credentials = credentials.with_always_use_jwt_access(True) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py index 76381915b4..d527a00bba 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc.py @@ -55,6 +55,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -95,6 +96,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -147,7 +150,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py index 8889964516..7293506fcd 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/logging_service_v2/transports/grpc_asyncio.py @@ -100,6 +100,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -141,6 +142,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -192,7 +195,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py index 24f8a1b00a..dbd78ea6a7 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/base.py @@ -122,7 +122,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(False) + credentials = credentials.with_always_use_jwt_access(True) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py index 46057e5791..2f34d5651f 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc.py @@ -55,6 +55,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -95,6 +96,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -147,7 +150,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py index 76b5767c96..33692de4aa 100644 --- a/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py +++ b/tests/integration/goldens/logging/google/cloud/logging_v2/services/metrics_service_v2/transports/grpc_asyncio.py @@ -100,6 +100,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -141,6 +142,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -192,7 +195,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py index 5e9af1b8cd..0b47d5216e 100644 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -109,6 +109,17 @@ def test_config_service_v2_client_service_account_always_use_jwt(client_class): use_jwt.assert_not_called() +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.ConfigServiceV2GrpcTransport, "grpc"), + (transports.ConfigServiceV2GrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_config_service_v2_client_service_account_always_use_jwt_true(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + @pytest.mark.parametrize("client_class", [ ConfigServiceV2Client, ConfigServiceV2AsyncClient, diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py index 4bda9a669c..817eb6260f 100644 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -115,6 +115,17 @@ def test_logging_service_v2_client_service_account_always_use_jwt(client_class): use_jwt.assert_not_called() +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.LoggingServiceV2GrpcTransport, "grpc"), + (transports.LoggingServiceV2GrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_logging_service_v2_client_service_account_always_use_jwt_true(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + @pytest.mark.parametrize("client_class", [ LoggingServiceV2Client, LoggingServiceV2AsyncClient, diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index 19872e352a..eb61169d73 100644 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -113,6 +113,17 @@ def test_metrics_service_v2_client_service_account_always_use_jwt(client_class): use_jwt.assert_not_called() +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.MetricsServiceV2GrpcTransport, "grpc"), + (transports.MetricsServiceV2GrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_metrics_service_v2_client_service_account_always_use_jwt_true(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + @pytest.mark.parametrize("client_class", [ MetricsServiceV2Client, MetricsServiceV2AsyncClient, diff --git a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py index f2d0f8fa39..e9ade44365 100644 --- a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py +++ b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/base.py @@ -119,7 +119,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(False) + credentials = credentials.with_always_use_jwt_access(True) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py index de210c0e02..5801e47267 100644 --- a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py +++ b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc.py @@ -76,6 +76,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -116,6 +117,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -169,7 +172,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py index 1227f20b92..d4e7de81c8 100644 --- a/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py +++ b/tests/integration/goldens/redis/google/cloud/redis_v1/services/cloud_redis/transports/grpc_asyncio.py @@ -121,6 +121,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -162,6 +163,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -214,7 +217,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py index 15a7176759..d39ceb9cbf 100644 --- a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -113,6 +113,17 @@ def test_cloud_redis_client_service_account_always_use_jwt(client_class): use_jwt.assert_not_called() +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.CloudRedisGrpcTransport, "grpc"), + (transports.CloudRedisGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_cloud_redis_client_service_account_always_use_jwt_true(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + @pytest.mark.parametrize("client_class", [ CloudRedisClient, CloudRedisAsyncClient, From 0a69e077f090f3371aff2479705eac3a320b717f Mon Sep 17 00:00:00 2001 From: Bu Sun Kim Date: Tue, 29 Jun 2021 14:58:44 +0000 Subject: [PATCH 3/3] chore: update asset --- .../services/asset_service/transports/base.py | 2 +- .../services/asset_service/transports/grpc.py | 5 ++++- .../services/asset_service/transports/grpc_asyncio.py | 5 ++++- .../tests/unit/gapic/asset_v1/test_asset_service.py | 11 +++++++++++ 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py index aed5fb2b30..cd427b6a2a 100644 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/base.py @@ -120,7 +120,7 @@ def __init__( # If the credentials is service account credentials, then always try to use self signed JWT. if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(False) + credentials = credentials.with_always_use_jwt_access(True) # Save the credentials. self._credentials = credentials diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py index 4c99d602a5..d20c2b2418 100644 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py @@ -57,6 +57,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -97,6 +98,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -150,7 +153,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py index f58ad96614..0634b4f4cd 100644 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py @@ -102,6 +102,7 @@ def __init__(self, *, client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, ) -> None: """Instantiate the transport. @@ -143,6 +144,8 @@ def __init__(self, *, API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -195,7 +198,7 @@ def __init__(self, *, scopes=scopes, quota_project_id=quota_project_id, client_info=client_info, - always_use_jwt_access=False, + always_use_jwt_access=always_use_jwt_access, ) if not self._grpc_channel: diff --git a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py index 3d0e59a254..5d5e291df2 100644 --- a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py +++ b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py @@ -116,6 +116,17 @@ def test_asset_service_client_service_account_always_use_jwt(client_class): use_jwt.assert_not_called() +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.AssetServiceGrpcTransport, "grpc"), + (transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"), +]) +def test_asset_service_client_service_account_always_use_jwt_true(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + @pytest.mark.parametrize("client_class", [ AssetServiceClient, AssetServiceAsyncClient,