Skip to content
This repository was archived by the owner on Mar 15, 2025. It is now read-only.

Commit 26c70cd

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
fix: enable self signed jwt for grpc (#71)
PiperOrigin-RevId: 386504689 Source-Link: googleapis/googleapis@762094a Source-Link: googleapis/googleapis-gen@6bfc480
1 parent 4b863f0 commit 26c70cd

File tree

2 files changed

+22
-11
lines changed

2 files changed

+22
-11
lines changed

google/cloud/orgpolicy_v2/services/org_policy/client.py

+4
Original file line numberDiff line numberDiff line change
@@ -377,6 +377,10 @@ def __init__(
377377
client_cert_source_for_mtls=client_cert_source_func,
378378
quota_project_id=client_options.quota_project_id,
379379
client_info=client_info,
380+
always_use_jwt_access=(
381+
Transport == type(self).get_transport_class("grpc")
382+
or Transport == type(self).get_transport_class("grpc_asyncio")
383+
),
380384
)
381385

382386
def list_constraints(

tests/unit/gapic/orgpolicy_v2/test_org_policy.py

+18-11
Original file line numberDiff line numberDiff line change
@@ -114,24 +114,14 @@ def test_org_policy_client_from_service_account_info(client_class):
114114
assert client.transport._host == "orgpolicy.googleapis.com:443"
115115

116116

117-
@pytest.mark.parametrize("client_class", [OrgPolicyClient, OrgPolicyAsyncClient,])
118-
def test_org_policy_client_service_account_always_use_jwt(client_class):
119-
with mock.patch.object(
120-
service_account.Credentials, "with_always_use_jwt_access", create=True
121-
) as use_jwt:
122-
creds = service_account.Credentials(None, None, None)
123-
client = client_class(credentials=creds)
124-
use_jwt.assert_not_called()
125-
126-
127117
@pytest.mark.parametrize(
128118
"transport_class,transport_name",
129119
[
130120
(transports.OrgPolicyGrpcTransport, "grpc"),
131121
(transports.OrgPolicyGrpcAsyncIOTransport, "grpc_asyncio"),
132122
],
133123
)
134-
def test_org_policy_client_service_account_always_use_jwt_true(
124+
def test_org_policy_client_service_account_always_use_jwt(
135125
transport_class, transport_name
136126
):
137127
with mock.patch.object(
@@ -141,6 +131,13 @@ def test_org_policy_client_service_account_always_use_jwt_true(
141131
transport = transport_class(credentials=creds, always_use_jwt_access=True)
142132
use_jwt.assert_called_once_with(True)
143133

134+
with mock.patch.object(
135+
service_account.Credentials, "with_always_use_jwt_access", create=True
136+
) as use_jwt:
137+
creds = service_account.Credentials(None, None, None)
138+
transport = transport_class(credentials=creds, always_use_jwt_access=False)
139+
use_jwt.assert_not_called()
140+
144141

145142
@pytest.mark.parametrize("client_class", [OrgPolicyClient, OrgPolicyAsyncClient,])
146143
def test_org_policy_client_from_service_account_file(client_class):
@@ -217,6 +214,7 @@ def test_org_policy_client_client_options(
217214
client_cert_source_for_mtls=None,
218215
quota_project_id=None,
219216
client_info=transports.base.DEFAULT_CLIENT_INFO,
217+
always_use_jwt_access=True,
220218
)
221219

222220
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -233,6 +231,7 @@ def test_org_policy_client_client_options(
233231
client_cert_source_for_mtls=None,
234232
quota_project_id=None,
235233
client_info=transports.base.DEFAULT_CLIENT_INFO,
234+
always_use_jwt_access=True,
236235
)
237236

238237
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -249,6 +248,7 @@ def test_org_policy_client_client_options(
249248
client_cert_source_for_mtls=None,
250249
quota_project_id=None,
251250
client_info=transports.base.DEFAULT_CLIENT_INFO,
251+
always_use_jwt_access=True,
252252
)
253253

254254
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -277,6 +277,7 @@ def test_org_policy_client_client_options(
277277
client_cert_source_for_mtls=None,
278278
quota_project_id="octopus",
279279
client_info=transports.base.DEFAULT_CLIENT_INFO,
280+
always_use_jwt_access=True,
280281
)
281282

282283

@@ -341,6 +342,7 @@ def test_org_policy_client_mtls_env_auto(
341342
client_cert_source_for_mtls=expected_client_cert_source,
342343
quota_project_id=None,
343344
client_info=transports.base.DEFAULT_CLIENT_INFO,
345+
always_use_jwt_access=True,
344346
)
345347

346348
# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -374,6 +376,7 @@ def test_org_policy_client_mtls_env_auto(
374376
client_cert_source_for_mtls=expected_client_cert_source,
375377
quota_project_id=None,
376378
client_info=transports.base.DEFAULT_CLIENT_INFO,
379+
always_use_jwt_access=True,
377380
)
378381

379382
# Check the case client_cert_source and ADC client cert are not provided.
@@ -395,6 +398,7 @@ def test_org_policy_client_mtls_env_auto(
395398
client_cert_source_for_mtls=None,
396399
quota_project_id=None,
397400
client_info=transports.base.DEFAULT_CLIENT_INFO,
401+
always_use_jwt_access=True,
398402
)
399403

400404

@@ -425,6 +429,7 @@ def test_org_policy_client_client_options_scopes(
425429
client_cert_source_for_mtls=None,
426430
quota_project_id=None,
427431
client_info=transports.base.DEFAULT_CLIENT_INFO,
432+
always_use_jwt_access=True,
428433
)
429434

430435

@@ -455,6 +460,7 @@ def test_org_policy_client_client_options_credentials_file(
455460
client_cert_source_for_mtls=None,
456461
quota_project_id=None,
457462
client_info=transports.base.DEFAULT_CLIENT_INFO,
463+
always_use_jwt_access=True,
458464
)
459465

460466

@@ -472,6 +478,7 @@ def test_org_policy_client_client_options_from_dict():
472478
client_cert_source_for_mtls=None,
473479
quota_project_id=None,
474480
client_info=transports.base.DEFAULT_CLIENT_INFO,
481+
always_use_jwt_access=True,
475482
)
476483

477484

0 commit comments

Comments
 (0)