Skip to content
Permalink
Browse files
fix: disable always_use_jwt_access (#74)
  • Loading branch information
gcf-owl-bot[bot] committed Jun 30, 2021
1 parent 6364f17 commit 5cda9acc4f7b1aa83bc73700f9cef4f84cc2306a
Show file tree
Hide file tree
Showing 8 changed files with 62 additions and 14 deletions.
@@ -101,7 +101,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)

# Save the scopes.
self._scopes = scopes or self.AUTH_SCOPES
self._scopes = scopes

# If no credentials are provided, then determine the appropriate
# defaults.
@@ -62,6 +62,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -102,6 +103,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
always_use_jwt_access (Optional[bool]): Whether self signed JWT should
be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -155,7 +158,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
always_use_jwt_access=True,
always_use_jwt_access=always_use_jwt_access,
)

if not self._grpc_channel:
@@ -110,6 +110,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -151,6 +152,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
always_use_jwt_access (Optional[bool]): Whether self signed JWT should
be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -203,7 +206,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
always_use_jwt_access=True,
always_use_jwt_access=always_use_jwt_access,
)

if not self._grpc_channel:
@@ -101,7 +101,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)

# Save the scopes.
self._scopes = scopes or self.AUTH_SCOPES
self._scopes = scopes

# If no credentials are provided, then determine the appropriate
# defaults.
@@ -62,6 +62,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -102,6 +103,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
always_use_jwt_access (Optional[bool]): Whether self signed JWT should
be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -155,7 +158,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
always_use_jwt_access=True,
always_use_jwt_access=always_use_jwt_access,
)

if not self._grpc_channel:
@@ -110,6 +110,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -151,6 +152,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
always_use_jwt_access (Optional[bool]): Whether self signed JWT should
be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -203,7 +206,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
always_use_jwt_access=True,
always_use_jwt_access=always_use_jwt_access,
)

if not self._grpc_channel:
@@ -151,7 +151,25 @@ def test_certificate_authority_service_client_service_account_always_use_jwt(
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_called_with(True)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"transport_class,transport_name",
[
(transports.CertificateAuthorityServiceGrpcTransport, "grpc"),
(transports.CertificateAuthorityServiceGrpcAsyncIOTransport, "grpc_asyncio"),
],
)
def test_certificate_authority_service_client_service_account_always_use_jwt_true(
transport_class, transport_name
):
with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)


@pytest.mark.parametrize(
@@ -8378,7 +8396,7 @@ def test_certificate_authority_service_grpc_transport_client_cert_source_for_mtl
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -8487,7 +8505,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_client_cert_s
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -8534,7 +8552,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_adc(transport
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -151,7 +151,25 @@ def test_certificate_authority_service_client_service_account_always_use_jwt(
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_called_with(True)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"transport_class,transport_name",
[
(transports.CertificateAuthorityServiceGrpcTransport, "grpc"),
(transports.CertificateAuthorityServiceGrpcAsyncIOTransport, "grpc_asyncio"),
],
)
def test_certificate_authority_service_client_service_account_always_use_jwt_true(
transport_class, transport_name
):
with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)


@pytest.mark.parametrize(
@@ -6199,7 +6217,7 @@ def test_certificate_authority_service_grpc_transport_client_cert_source_for_mtl
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -6308,7 +6326,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_client_cert_s
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -6355,7 +6373,7 @@ def test_certificate_authority_service_transport_channel_mtls_with_adc(transport
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
scopes=("https://www.googleapis.com/auth/cloud-platform",),
scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[

0 comments on commit 5cda9ac

Please sign in to comment.