Skip to content
Permalink
Browse files
fix: enable self signed jwt for grpc (#91)
  • Loading branch information
gcf-owl-bot[bot] committed Jul 24, 2021
1 parent 9998235 commit 674dd8595b9165fec92097d5bb168357ac7ab1ee
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 32 deletions.
@@ -450,6 +450,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def create_certificate(
@@ -426,6 +426,10 @@ def __init__(
client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
always_use_jwt_access=(
Transport == type(self).get_transport_class("grpc")
or Transport == type(self).get_transport_class("grpc_asyncio")
),
)

def create_certificate(
@@ -139,29 +139,14 @@ def test_certificate_authority_service_client_from_service_account_info(client_c
assert client.transport._host == "privateca.googleapis.com:443"


@pytest.mark.parametrize(
"client_class",
[CertificateAuthorityServiceClient, CertificateAuthorityServiceAsyncClient,],
)
def test_certificate_authority_service_client_service_account_always_use_jwt(
client_class,
):
with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"transport_class,transport_name",
[
(transports.CertificateAuthorityServiceGrpcTransport, "grpc"),
(transports.CertificateAuthorityServiceGrpcAsyncIOTransport, "grpc_asyncio"),
],
)
def test_certificate_authority_service_client_service_account_always_use_jwt_true(
def test_certificate_authority_service_client_service_account_always_use_jwt(
transport_class, transport_name
):
with mock.patch.object(
@@ -171,6 +156,13 @@ def test_certificate_authority_service_client_service_account_always_use_jwt_tru
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)

with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=False)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"client_class",
@@ -260,6 +252,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -276,6 +269,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -292,6 +286,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -320,6 +315,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -396,6 +392,7 @@ def test_certificate_authority_service_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -429,6 +426,7 @@ def test_certificate_authority_service_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case client_cert_source and ADC client cert are not provided.
@@ -450,6 +448,7 @@ def test_certificate_authority_service_client_mtls_env_auto(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -484,6 +483,7 @@ def test_certificate_authority_service_client_client_options_scopes(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -518,6 +518,7 @@ def test_certificate_authority_service_client_client_options_credentials_file(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -537,6 +538,7 @@ def test_certificate_authority_service_client_client_options_from_dict():
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -139,29 +139,14 @@ def test_certificate_authority_service_client_from_service_account_info(client_c
assert client.transport._host == "privateca.googleapis.com:443"


@pytest.mark.parametrize(
"client_class",
[CertificateAuthorityServiceClient, CertificateAuthorityServiceAsyncClient,],
)
def test_certificate_authority_service_client_service_account_always_use_jwt(
client_class,
):
with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"transport_class,transport_name",
[
(transports.CertificateAuthorityServiceGrpcTransport, "grpc"),
(transports.CertificateAuthorityServiceGrpcAsyncIOTransport, "grpc_asyncio"),
],
)
def test_certificate_authority_service_client_service_account_always_use_jwt_true(
def test_certificate_authority_service_client_service_account_always_use_jwt(
transport_class, transport_name
):
with mock.patch.object(
@@ -171,6 +156,13 @@ def test_certificate_authority_service_client_service_account_always_use_jwt_tru
transport = transport_class(credentials=creds, always_use_jwt_access=True)
use_jwt.assert_called_once_with(True)

with mock.patch.object(
service_account.Credentials, "with_always_use_jwt_access", create=True
) as use_jwt:
creds = service_account.Credentials(None, None, None)
transport = transport_class(credentials=creds, always_use_jwt_access=False)
use_jwt.assert_not_called()


@pytest.mark.parametrize(
"client_class",
@@ -260,6 +252,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -276,6 +269,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -292,6 +286,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -320,6 +315,7 @@ def test_certificate_authority_service_client_client_options(
client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -396,6 +392,7 @@ def test_certificate_authority_service_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -429,6 +426,7 @@ def test_certificate_authority_service_client_mtls_env_auto(
client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)

# Check the case client_cert_source and ADC client cert are not provided.
@@ -450,6 +448,7 @@ def test_certificate_authority_service_client_mtls_env_auto(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -484,6 +483,7 @@ def test_certificate_authority_service_client_client_options_scopes(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -518,6 +518,7 @@ def test_certificate_authority_service_client_client_options_credentials_file(
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


@@ -537,6 +538,7 @@ def test_certificate_authority_service_client_client_options_from_dict():
client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
always_use_jwt_access=True,
)


0 comments on commit 674dd85

Please sign in to comment.