Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: enable self signed jwt for grpc #958

Merged
merged 1 commit into from
Jul 22, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,12 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
{% if "grpc" in opts.transport %}
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
{% endif %}
)


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -113,19 +113,6 @@ def test_{{ service.client_name|snake_case }}_from_service_account_info(client_c
{% endif %}


@pytest.mark.parametrize("client_class", [
{{ service.client_name }},
{% if 'grpc' in opts.transport %}
{{ service.async_client_name }},
{% endif %}
])
def test_{{ service.client_name|snake_case }}_service_account_always_use_jwt(client_class):
with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_not_called()


@pytest.mark.parametrize("transport_class,transport_name", [
{% if 'grpc' in opts.transport %}
(transports.{{ service.grpc_transport_name }}, "grpc"),
Expand All @@ -134,12 +121,17 @@ def test_{{ service.client_name|snake_case }}_service_account_always_use_jwt(cli
(transports.{{ service.rest_transport_name }}, "rest"),
{% endif %}
])
def test_{{ service.client_name|snake_case }}_service_account_always_use_jwt_true(transport_class, transport_name):
def test_{{ service.client_name|snake_case }}_service_account_always_use_jwt(transport_class, transport_name):
with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)

with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=False)
use_jwt.assert_not_called()


@pytest.mark.parametrize("client_class", [
{{ service.client_name }},
Expand Down Expand Up @@ -216,6 +208,9 @@ def test_{{ service.client_name|snake_case }}_client_options(client_class, trans
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -232,6 +227,9 @@ def test_{{ service.client_name|snake_case }}_client_options(client_class, trans
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -248,6 +246,9 @@ def test_{{ service.client_name|snake_case }}_client_options(client_class, trans
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
Expand All @@ -274,6 +275,9 @@ def test_{{ service.client_name|snake_case }}_client_options(client_class, trans
client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)

@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [
Expand Down Expand Up @@ -319,6 +323,9 @@ def test_{{ service.client_name|snake_case }}_mtls_env_auto(client_class, transp
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)

# Check the case ADC client cert is provided. Whether client cert is used depends on
Expand All @@ -344,6 +351,9 @@ def test_{{ service.client_name|snake_case }}_mtls_env_auto(client_class, transp
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)

# Check the case client_cert_source and ADC client cert are not provided.
Expand All @@ -360,6 +370,9 @@ def test_{{ service.client_name|snake_case }}_mtls_env_auto(client_class, transp
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)


Expand Down Expand Up @@ -387,6 +400,9 @@ def test_{{ service.client_name|snake_case }}_client_options_scopes(client_class
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)

@pytest.mark.parametrize("client_class,transport_class,transport_name", [
Expand All @@ -413,6 +429,9 @@ def test_{{ service.client_name|snake_case }}_client_options_credentials_file(cl
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
{% if 'grpc' in opts.transport %}
always_use_jwt_access=True,
{% endif %}
)
{% if 'grpc' in opts.transport %}

Expand All @@ -431,6 +450,7 @@ def test_{{ service.client_name|snake_case }}_client_options_from_dict():
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)
{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,10 @@ def __init__(self, *,
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def export_assets(self,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,27 +105,21 @@ def test_asset_service_client_from_service_account_info(client_class):
assert client.transport._host == 'cloudasset.googleapis.com:443'


@pytest.mark.parametrize("client_class", [
AssetServiceClient,
AssetServiceAsyncClient,
])
def test_asset_service_client_service_account_always_use_jwt(client_class):
with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_not_called()


@pytest.mark.parametrize("transport_class,transport_name", [
(transports.AssetServiceGrpcTransport, "grpc"),
(transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"),
])
def test_asset_service_client_service_account_always_use_jwt_true(transport_class, transport_name):
def test_asset_service_client_service_account_always_use_jwt(transport_class, transport_name):
with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)

with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=False)
use_jwt.assert_not_called()


@pytest.mark.parametrize("client_class", [
AssetServiceClient,
Expand Down Expand Up @@ -190,6 +184,7 @@ def test_asset_service_client_client_options(client_class, transport_class, tran
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -206,6 +201,7 @@ def test_asset_service_client_client_options(client_class, transport_class, tran
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -222,6 +218,7 @@ def test_asset_service_client_client_options(client_class, transport_class, tran
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
Expand All @@ -248,6 +245,7 @@ def test_asset_service_client_client_options(client_class, transport_class, tran
client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [
Expand Down Expand Up @@ -286,6 +284,7 @@ def test_asset_service_client_mtls_env_auto(client_class, transport_class, trans
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case ADC client cert is provided. Whether client cert is used depends on
Expand All @@ -311,6 +310,7 @@ def test_asset_service_client_mtls_env_auto(client_class, transport_class, trans
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case client_cert_source and ADC client cert are not provided.
Expand All @@ -327,6 +327,7 @@ def test_asset_service_client_mtls_env_auto(client_class, transport_class, trans
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand All @@ -350,6 +351,7 @@ def test_asset_service_client_client_options_scopes(client_class, transport_clas
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

@pytest.mark.parametrize("client_class,transport_class,transport_name", [
Expand All @@ -372,6 +374,7 @@ def test_asset_service_client_client_options_credentials_file(client_class, tran
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand All @@ -389,6 +392,7 @@ def test_asset_service_client_client_options_from_dict():
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,10 @@ def __init__(self, *,
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def generate_access_token(self,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,27 +97,21 @@ def test_iam_credentials_client_from_service_account_info(client_class):
assert client.transport._host == 'iamcredentials.googleapis.com:443'


@pytest.mark.parametrize("client_class", [
IAMCredentialsClient,
IAMCredentialsAsyncClient,
])
def test_iam_credentials_client_service_account_always_use_jwt(client_class):
with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_not_called()


@pytest.mark.parametrize("transport_class,transport_name", [
(transports.IAMCredentialsGrpcTransport, "grpc"),
(transports.IAMCredentialsGrpcAsyncIOTransport, "grpc_asyncio"),
])
def test_iam_credentials_client_service_account_always_use_jwt_true(transport_class, transport_name):
def test_iam_credentials_client_service_account_always_use_jwt(transport_class, transport_name):
with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)

with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=False)
use_jwt.assert_not_called()


@pytest.mark.parametrize("client_class", [
IAMCredentialsClient,
Expand Down Expand Up @@ -182,6 +176,7 @@ def test_iam_credentials_client_client_options(client_class, transport_class, tr
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -198,6 +193,7 @@ def test_iam_credentials_client_client_options(client_class, transport_class, tr
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
Expand All @@ -214,6 +210,7 @@ def test_iam_credentials_client_client_options(client_class, transport_class, tr
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
Expand All @@ -240,6 +237,7 @@ def test_iam_credentials_client_client_options(client_class, transport_class, tr
client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [
Expand Down Expand Up @@ -278,6 +276,7 @@ def test_iam_credentials_client_mtls_env_auto(client_class, transport_class, tra
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case ADC client cert is provided. Whether client cert is used depends on
Expand All @@ -303,6 +302,7 @@ def test_iam_credentials_client_mtls_env_auto(client_class, transport_class, tra
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case client_cert_source and ADC client cert are not provided.
Expand All @@ -319,6 +319,7 @@ def test_iam_credentials_client_mtls_env_auto(client_class, transport_class, tra
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand All @@ -342,6 +343,7 @@ def test_iam_credentials_client_client_options_scopes(client_class, transport_cl
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

@pytest.mark.parametrize("client_class,transport_class,transport_name", [
Expand All @@ -364,6 +366,7 @@ def test_iam_credentials_client_client_options_credentials_file(client_class, tr
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand All @@ -381,6 +384,7 @@ def test_iam_credentials_client_client_options_from_dict():
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


Expand Down
Loading