Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: disable universe-domain validation #2236

Merged
merged 7 commits into from
Oct 30, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -400,33 +400,6 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
if len(universe_domain.strip()) == 0:
raise ValueError("Universe Domain cannot be an empty string.")
return universe_domain

@staticmethod
def _compare_universes(client_universe: str,
credentials: ga_credentials.Credentials) -> bool:
"""Returns True iff the universe domains used by the client and credentials match.

Args:
client_universe (str): The universe domain configured via the client options.
credentials (ga_credentials.Credentials): The credentials being used in the client.

Returns:
bool: True iff client_universe matches the universe in credentials.

Raises:
ValueError: when client_universe does not match the universe in credentials.
"""

default_universe = {{ service.client_name }}._DEFAULT_UNIVERSE
credentials_universe = getattr(credentials, "universe_domain", default_universe)

if client_universe != credentials_universe:
raise ValueError("The configured universe domain "
f"({client_universe}) does not match the universe domain "
f"found in the credentials ({credentials_universe}). "
"If you haven't configured the universe domain explicitly, "
f"`{default_universe}` is the default.")
return True

def _validate_universe_domain(self):
"""Validates client's and credentials' universe domains are consistent.
Expand All @@ -437,9 +410,9 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
Raises:
ValueError: If the configured universe domain is not valid.
"""
self._is_universe_domain_valid = (self._is_universe_domain_valid or
{{ service.client_name }}._compare_universes(self.universe_domain, self.transport._credentials))
return self._is_universe_domain_valid

# NOTE (b/349488459): universe validation is disabled until further notice.
return True

@property
def api_endpoint(self):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -268,71 +268,6 @@ def test__get_universe_domain():
{{ service.client_name }}._get_universe_domain("", None)
assert str(excinfo.value) == "Universe Domain cannot be an empty string."

@pytest.mark.parametrize("client_class,transport_class,transport_name", [
{% if 'grpc' in opts.transport %}
({{ service.client_name }}, transports.{{ service.grpc_transport_name }}, "grpc"),
{% endif %}
{% if 'rest' in opts.transport %}
({{ service.client_name }}, transports.{{ service.rest_transport_name }}, "rest"),
{% endif %}
])
def test__validate_universe_domain(client_class, transport_class, transport_name):
client = client_class(
transport=transport_class(
credentials=ga_credentials.AnonymousCredentials()
)
)
assert client._validate_universe_domain() == True

# Test the case when universe is already validated.
assert client._validate_universe_domain() == True

if transport_name == "grpc":
# Test the case where credentials are provided by the
# `local_channel_credentials`. The default universes in both match.
channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials())
client = client_class(transport=transport_class(channel=channel))
assert client._validate_universe_domain() == True

# Test the case where credentials do not exist: e.g. a transport is provided
# with no credentials. Validation should still succeed because there is no
# mismatch with non-existent credentials.
channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials())
transport=transport_class(channel=channel)
transport._credentials = None
client = client_class(transport=transport)
assert client._validate_universe_domain() == True

# TODO: This is needed to cater for older versions of google-auth
# Make this test unconditional once the minimum supported version of
# google-auth becomes 2.23.0 or higher.
google_auth_major, google_auth_minor = [int(part) for part in google.auth.__version__.split(".")[0:2]]
if google_auth_major > 2 or (google_auth_major == 2 and google_auth_minor >= 23):
credentials = ga_credentials.AnonymousCredentials()
credentials._universe_domain = "foo.com"
# Test the case when there is a universe mismatch from the credentials.
client = client_class(
transport=transport_class(credentials=credentials)
)
with pytest.raises(ValueError) as excinfo:
client._validate_universe_domain()
assert str(excinfo.value) == "The configured universe domain (googleapis.com) does not match the universe domain found in the credentials (foo.com). If you haven't configured the universe domain explicitly, `googleapis.com` is the default."

# Test the case when there is a universe mismatch from the client.
#
# TODO: Make this test unconditional once the minimum supported version of
# google-api-core becomes 2.15.0 or higher.
api_core_major, api_core_minor = [int(part) for part in api_core_version.__version__.split(".")[0:2]]
if api_core_major > 2 or (api_core_major == 2 and api_core_minor >= 15):
client = client_class(client_options={"universe_domain": "bar.com"}, transport=transport_class(credentials=ga_credentials.AnonymousCredentials(),))
with pytest.raises(ValueError) as excinfo:
client._validate_universe_domain()
assert str(excinfo.value) == "The configured universe domain (bar.com) does not match the universe domain found in the credentials (googleapis.com). If you haven't configured the universe domain explicitly, `googleapis.com` is the default."

# Test that ValueError is raised if universe_domain is provided via client options and credentials is None
with pytest.raises(ValueError):
client._compare_universes("foo.bar", None)


@pytest.mark.parametrize("client_class,transport_name", [
{% if 'grpc' in opts.transport %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -460,33 +460,6 @@ def _get_universe_domain(client_universe_domain: Optional[str], universe_domain_
raise ValueError("Universe Domain cannot be an empty string.")
return universe_domain

@staticmethod
def _compare_universes(client_universe: str,
credentials: ga_credentials.Credentials) -> bool:
"""Returns True iff the universe domains used by the client and credentials match.

Args:
client_universe (str): The universe domain configured via the client options.
credentials (ga_credentials.Credentials): The credentials being used in the client.

Returns:
bool: True iff client_universe matches the universe in credentials.

Raises:
ValueError: when client_universe does not match the universe in credentials.
"""

default_universe = AssetServiceClient._DEFAULT_UNIVERSE
credentials_universe = getattr(credentials, "universe_domain", default_universe)

if client_universe != credentials_universe:
raise ValueError("The configured universe domain "
f"({client_universe}) does not match the universe domain "
f"found in the credentials ({credentials_universe}). "
"If you haven't configured the universe domain explicitly, "
f"`{default_universe}` is the default.")
return True

def _validate_universe_domain(self):
"""Validates client's and credentials' universe domains are consistent.

Expand All @@ -496,9 +469,9 @@ def _validate_universe_domain(self):
Raises:
ValueError: If the configured universe domain is not valid.
"""
self._is_universe_domain_valid = (self._is_universe_domain_valid or
AssetServiceClient._compare_universes(self.universe_domain, self.transport._credentials))
return self._is_universe_domain_valid

# NOTE (b/349488459): universe validation is disabled until further notice.
return True

@property
def api_endpoint(self):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -192,67 +192,6 @@ def test__get_universe_domain():
AssetServiceClient._get_universe_domain("", None)
assert str(excinfo.value) == "Universe Domain cannot be an empty string."

@pytest.mark.parametrize("client_class,transport_class,transport_name", [
(AssetServiceClient, transports.AssetServiceGrpcTransport, "grpc"),
(AssetServiceClient, transports.AssetServiceRestTransport, "rest"),
])
def test__validate_universe_domain(client_class, transport_class, transport_name):
client = client_class(
transport=transport_class(
credentials=ga_credentials.AnonymousCredentials()
)
)
assert client._validate_universe_domain() == True

# Test the case when universe is already validated.
assert client._validate_universe_domain() == True

if transport_name == "grpc":
# Test the case where credentials are provided by the
# `local_channel_credentials`. The default universes in both match.
channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials())
client = client_class(transport=transport_class(channel=channel))
assert client._validate_universe_domain() == True

# Test the case where credentials do not exist: e.g. a transport is provided
# with no credentials. Validation should still succeed because there is no
# mismatch with non-existent credentials.
channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials())
transport=transport_class(channel=channel)
transport._credentials = None
client = client_class(transport=transport)
assert client._validate_universe_domain() == True

# TODO: This is needed to cater for older versions of google-auth
# Make this test unconditional once the minimum supported version of
# google-auth becomes 2.23.0 or higher.
google_auth_major, google_auth_minor = [int(part) for part in google.auth.__version__.split(".")[0:2]]
if google_auth_major > 2 or (google_auth_major == 2 and google_auth_minor >= 23):
credentials = ga_credentials.AnonymousCredentials()
credentials._universe_domain = "foo.com"
# Test the case when there is a universe mismatch from the credentials.
client = client_class(
transport=transport_class(credentials=credentials)
)
with pytest.raises(ValueError) as excinfo:
client._validate_universe_domain()
assert str(excinfo.value) == "The configured universe domain (googleapis.com) does not match the universe domain found in the credentials (foo.com). If you haven't configured the universe domain explicitly, `googleapis.com` is the default."

# Test the case when there is a universe mismatch from the client.
#
# TODO: Make this test unconditional once the minimum supported version of
# google-api-core becomes 2.15.0 or higher.
api_core_major, api_core_minor = [int(part) for part in api_core_version.__version__.split(".")[0:2]]
if api_core_major > 2 or (api_core_major == 2 and api_core_minor >= 15):
client = client_class(client_options={"universe_domain": "bar.com"}, transport=transport_class(credentials=ga_credentials.AnonymousCredentials(),))
with pytest.raises(ValueError) as excinfo:
client._validate_universe_domain()
assert str(excinfo.value) == "The configured universe domain (bar.com) does not match the universe domain found in the credentials (googleapis.com). If you haven't configured the universe domain explicitly, `googleapis.com` is the default."

# Test that ValueError is raised if universe_domain is provided via client options and credentials is None
with pytest.raises(ValueError):
client._compare_universes("foo.bar", None)


@pytest.mark.parametrize("client_class,transport_name", [
(AssetServiceClient, "grpc"),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -397,33 +397,6 @@ def _get_universe_domain(client_universe_domain: Optional[str], universe_domain_
raise ValueError("Universe Domain cannot be an empty string.")
return universe_domain

@staticmethod
def _compare_universes(client_universe: str,
credentials: ga_credentials.Credentials) -> bool:
"""Returns True iff the universe domains used by the client and credentials match.

Args:
client_universe (str): The universe domain configured via the client options.
credentials (ga_credentials.Credentials): The credentials being used in the client.

Returns:
bool: True iff client_universe matches the universe in credentials.

Raises:
ValueError: when client_universe does not match the universe in credentials.
"""

default_universe = IAMCredentialsClient._DEFAULT_UNIVERSE
credentials_universe = getattr(credentials, "universe_domain", default_universe)

if client_universe != credentials_universe:
raise ValueError("The configured universe domain "
f"({client_universe}) does not match the universe domain "
f"found in the credentials ({credentials_universe}). "
"If you haven't configured the universe domain explicitly, "
f"`{default_universe}` is the default.")
return True

def _validate_universe_domain(self):
"""Validates client's and credentials' universe domains are consistent.

Expand All @@ -433,9 +406,9 @@ def _validate_universe_domain(self):
Raises:
ValueError: If the configured universe domain is not valid.
"""
self._is_universe_domain_valid = (self._is_universe_domain_valid or
IAMCredentialsClient._compare_universes(self.universe_domain, self.transport._credentials))
return self._is_universe_domain_valid

# NOTE (b/349488459): universe validation is disabled until further notice.
return True

@property
def api_endpoint(self):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -182,67 +182,6 @@ def test__get_universe_domain():
IAMCredentialsClient._get_universe_domain("", None)
assert str(excinfo.value) == "Universe Domain cannot be an empty string."

@pytest.mark.parametrize("client_class,transport_class,transport_name", [
(IAMCredentialsClient, transports.IAMCredentialsGrpcTransport, "grpc"),
(IAMCredentialsClient, transports.IAMCredentialsRestTransport, "rest"),
])
def test__validate_universe_domain(client_class, transport_class, transport_name):
client = client_class(
transport=transport_class(
credentials=ga_credentials.AnonymousCredentials()
)
)
assert client._validate_universe_domain() == True

# Test the case when universe is already validated.
assert client._validate_universe_domain() == True

if transport_name == "grpc":
# Test the case where credentials are provided by the
# `local_channel_credentials`. The default universes in both match.
channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials())
client = client_class(transport=transport_class(channel=channel))
assert client._validate_universe_domain() == True

# Test the case where credentials do not exist: e.g. a transport is provided
# with no credentials. Validation should still succeed because there is no
# mismatch with non-existent credentials.
channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials())
transport=transport_class(channel=channel)
transport._credentials = None
client = client_class(transport=transport)
assert client._validate_universe_domain() == True

# TODO: This is needed to cater for older versions of google-auth
# Make this test unconditional once the minimum supported version of
# google-auth becomes 2.23.0 or higher.
google_auth_major, google_auth_minor = [int(part) for part in google.auth.__version__.split(".")[0:2]]
if google_auth_major > 2 or (google_auth_major == 2 and google_auth_minor >= 23):
credentials = ga_credentials.AnonymousCredentials()
credentials._universe_domain = "foo.com"
# Test the case when there is a universe mismatch from the credentials.
client = client_class(
transport=transport_class(credentials=credentials)
)
with pytest.raises(ValueError) as excinfo:
client._validate_universe_domain()
assert str(excinfo.value) == "The configured universe domain (googleapis.com) does not match the universe domain found in the credentials (foo.com). If you haven't configured the universe domain explicitly, `googleapis.com` is the default."

# Test the case when there is a universe mismatch from the client.
#
# TODO: Make this test unconditional once the minimum supported version of
# google-api-core becomes 2.15.0 or higher.
api_core_major, api_core_minor = [int(part) for part in api_core_version.__version__.split(".")[0:2]]
if api_core_major > 2 or (api_core_major == 2 and api_core_minor >= 15):
client = client_class(client_options={"universe_domain": "bar.com"}, transport=transport_class(credentials=ga_credentials.AnonymousCredentials(),))
with pytest.raises(ValueError) as excinfo:
client._validate_universe_domain()
assert str(excinfo.value) == "The configured universe domain (bar.com) does not match the universe domain found in the credentials (googleapis.com). If you haven't configured the universe domain explicitly, `googleapis.com` is the default."

# Test that ValueError is raised if universe_domain is provided via client options and credentials is None
with pytest.raises(ValueError):
client._compare_universes("foo.bar", None)


@pytest.mark.parametrize("client_class,transport_name", [
(IAMCredentialsClient, "grpc"),
Expand Down
Loading