Skip to content
This repository was archived by the owner on Dec 31, 2023. It is now read-only.

Commit 89f7931

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
fix: enable self signed jwt for grpc (#139)
PiperOrigin-RevId: 386504689 Source-Link: googleapis/googleapis@762094a Source-Link: https://github.com/googleapis/googleapis-gen/commit/6bfc480e1a161d5de121c2bcc3745885d33b265a
1 parent 9acfcaa commit 89f7931

File tree

2 files changed

+22
-11
lines changed

2 files changed

+22
-11
lines changed

google/cloud/devtools/cloudbuild_v1/services/cloud_build/client.py

+4
Original file line numberDiff line numberDiff line change
@@ -469,6 +469,10 @@ def __init__(
469469
client_cert_source_for_mtls=client_cert_source_func,
470470
quota_project_id=client_options.quota_project_id,
471471
client_info=client_info,
472+
always_use_jwt_access=(
473+
Transport == type(self).get_transport_class("grpc")
474+
or Transport == type(self).get_transport_class("grpc_asyncio")
475+
),
472476
)
473477

474478
def create_build(

tests/unit/gapic/cloudbuild_v1/test_cloud_build.py

+18-11
Original file line numberDiff line numberDiff line change
@@ -124,24 +124,14 @@ def test_cloud_build_client_from_service_account_info(client_class):
124124
assert client.transport._host == "cloudbuild.googleapis.com:443"
125125

126126

127-
@pytest.mark.parametrize("client_class", [CloudBuildClient, CloudBuildAsyncClient,])
128-
def test_cloud_build_client_service_account_always_use_jwt(client_class):
129-
with mock.patch.object(
130-
service_account.Credentials, "with_always_use_jwt_access", create=True
131-
) as use_jwt:
132-
creds = service_account.Credentials(None, None, None)
133-
client = client_class(credentials=creds)
134-
use_jwt.assert_not_called()
135-
136-
137127
@pytest.mark.parametrize(
138128
"transport_class,transport_name",
139129
[
140130
(transports.CloudBuildGrpcTransport, "grpc"),
141131
(transports.CloudBuildGrpcAsyncIOTransport, "grpc_asyncio"),
142132
],
143133
)
144-
def test_cloud_build_client_service_account_always_use_jwt_true(
134+
def test_cloud_build_client_service_account_always_use_jwt(
145135
transport_class, transport_name
146136
):
147137
with mock.patch.object(
@@ -151,6 +141,13 @@ def test_cloud_build_client_service_account_always_use_jwt_true(
151141
transport = transport_class(credentials=creds, always_use_jwt_access=True)
152142
use_jwt.assert_called_once_with(True)
153143

144+
with mock.patch.object(
145+
service_account.Credentials, "with_always_use_jwt_access", create=True
146+
) as use_jwt:
147+
creds = service_account.Credentials(None, None, None)
148+
transport = transport_class(credentials=creds, always_use_jwt_access=False)
149+
use_jwt.assert_not_called()
150+
154151

155152
@pytest.mark.parametrize("client_class", [CloudBuildClient, CloudBuildAsyncClient,])
156153
def test_cloud_build_client_from_service_account_file(client_class):
@@ -227,6 +224,7 @@ def test_cloud_build_client_client_options(
227224
client_cert_source_for_mtls=None,
228225
quota_project_id=None,
229226
client_info=transports.base.DEFAULT_CLIENT_INFO,
227+
always_use_jwt_access=True,
230228
)
231229

232230
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -243,6 +241,7 @@ def test_cloud_build_client_client_options(
243241
client_cert_source_for_mtls=None,
244242
quota_project_id=None,
245243
client_info=transports.base.DEFAULT_CLIENT_INFO,
244+
always_use_jwt_access=True,
246245
)
247246

248247
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -259,6 +258,7 @@ def test_cloud_build_client_client_options(
259258
client_cert_source_for_mtls=None,
260259
quota_project_id=None,
261260
client_info=transports.base.DEFAULT_CLIENT_INFO,
261+
always_use_jwt_access=True,
262262
)
263263

264264
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -287,6 +287,7 @@ def test_cloud_build_client_client_options(
287287
client_cert_source_for_mtls=None,
288288
quota_project_id="octopus",
289289
client_info=transports.base.DEFAULT_CLIENT_INFO,
290+
always_use_jwt_access=True,
290291
)
291292

292293

@@ -351,6 +352,7 @@ def test_cloud_build_client_mtls_env_auto(
351352
client_cert_source_for_mtls=expected_client_cert_source,
352353
quota_project_id=None,
353354
client_info=transports.base.DEFAULT_CLIENT_INFO,
355+
always_use_jwt_access=True,
354356
)
355357

356358
# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -384,6 +386,7 @@ def test_cloud_build_client_mtls_env_auto(
384386
client_cert_source_for_mtls=expected_client_cert_source,
385387
quota_project_id=None,
386388
client_info=transports.base.DEFAULT_CLIENT_INFO,
389+
always_use_jwt_access=True,
387390
)
388391

389392
# Check the case client_cert_source and ADC client cert are not provided.
@@ -405,6 +408,7 @@ def test_cloud_build_client_mtls_env_auto(
405408
client_cert_source_for_mtls=None,
406409
quota_project_id=None,
407410
client_info=transports.base.DEFAULT_CLIENT_INFO,
411+
always_use_jwt_access=True,
408412
)
409413

410414

@@ -435,6 +439,7 @@ def test_cloud_build_client_client_options_scopes(
435439
client_cert_source_for_mtls=None,
436440
quota_project_id=None,
437441
client_info=transports.base.DEFAULT_CLIENT_INFO,
442+
always_use_jwt_access=True,
438443
)
439444

440445

@@ -465,6 +470,7 @@ def test_cloud_build_client_client_options_credentials_file(
465470
client_cert_source_for_mtls=None,
466471
quota_project_id=None,
467472
client_info=transports.base.DEFAULT_CLIENT_INFO,
473+
always_use_jwt_access=True,
468474
)
469475

470476

@@ -482,6 +488,7 @@ def test_cloud_build_client_client_options_from_dict():
482488
client_cert_source_for_mtls=None,
483489
quota_project_id=None,
484490
client_info=transports.base.DEFAULT_CLIENT_INFO,
491+
always_use_jwt_access=True,
485492
)
486493

487494

0 commit comments

Comments
 (0)