Skip to content
Permalink
Browse files
fix(v1beta2): enable self signed jwt for grpc (#191)
* fix: Remove Owlbot  v1beta2 customization that passes default scopes as user scopes, so that the auth library does not use the self-signed JWT flow.

* run owlbot locally

* remove replacements for v1beta2 in owlbot.py

Co-authored-by: Nick Cain <nicholascain@google.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
  • Loading branch information
3 people committed Sep 1, 2021
1 parent fbc19bb commit 14e77652ec6d49fc8b60808f9322004899b04cf3
@@ -148,15 +148,7 @@ def _get_scopes_kwargs(
packaging.version.parse(_GOOGLE_AUTH_VERSION)
>= packaging.version.parse("1.25.0")
):
# Documentai uses a regional host (us-documentai.googleapis.com) as the default
# so self-signed JWT cannot be used.
# Intentionally pass default scopes as user scopes so the auth library
# does not use the self-signed JWT flow.
# https://github.com/googleapis/python-documentai/issues/174
scopes_kwargs = {
"scopes": scopes or cls.AUTH_SCOPES,
"default_scopes": cls.AUTH_SCOPES,
}
scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES}
else:
scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES}

@@ -30,34 +30,11 @@
for library in s.get_staging_dirs(default_version):
excludes = [
"README.rst",
"nox.py",
"docs/index.rst",
"setup.py",
"scripts/fixup_documentai_v*", # this library was always generated with the microgenerator
]

s.replace(library / "google/cloud/documentai_v1beta2/**/base.py",
"""scopes_kwargs = \{"scopes": scopes, "default_scopes": cls\.AUTH_SCOPES\}""",
"""# Documentai uses a regional host (us-documentai.googleapis.com) as the default
# so self-signed JWT cannot be used.
# Intentionally pass default scopes as user scopes so the auth library
# does not use the self-signed JWT flow.
# https://github.com/googleapis/python-documentai/issues/174
scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES, "default_scopes": cls.AUTH_SCOPES}""")

s.replace(library / "tests/**/documentai_v1beta2/*.py",
"""(@requires_google_auth_gte_1_25_0
def test_document_.*?_service_base_transport_with_credentials_file.*?)scopes=None,""",
"""\g<1>scopes=("https://www.googleapis.com/auth/cloud-platform",),""",
flags=re.MULTILINE | re.DOTALL,
)

s.replace(library / "tests/**/documentai_v1beta2/*.py",
"""(@requires_google_auth_gte_1_25_0
def test_document_.*?_service_auth_adc.*?)scopes=None,""",
"""\g<1>scopes=("https://www.googleapis.com/auth/cloud-platform",),""",
flags=re.MULTILINE | re.DOTALL,
)
s.move(library, excludes=excludes)

s.remove_staging_dirs()
@@ -1045,7 +1045,7 @@ def test_document_understanding_service_base_transport_with_credentials_file():
)
load_creds.assert_called_once_with(
"credentials.json",
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
quota_project_id="octopus",
)
@@ -1089,7 +1089,7 @@ def test_document_understanding_service_auth_adc():
adc.return_value = (ga_credentials.AnonymousCredentials(), None)
DocumentUnderstandingServiceClient()
adc.assert_called_once_with(
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
quota_project_id=None,
)

0 comments on commit 14e7765

Please sign in to comment.