diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
new file mode 100644
index 0000000..4ef4414
--- /dev/null
+++ b/.github/.OwlBot.lock.yaml
@@ -0,0 +1,3 @@
+docker:
+ image: gcr.io/repo-automation-bots/owlbot-python:latest
+ digest: sha256:c66ba3c8d7bc8566f47df841f98cd0097b28fff0b1864c86f5817f4c8c3e8600
\ No newline at end of file
diff --git a/.github/.OwlBot.yaml b/.github/.OwlBot.yaml
new file mode 100644
index 0000000..9fc546b
--- /dev/null
+++ b/.github/.OwlBot.yaml
@@ -0,0 +1,26 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+docker:
+ image: gcr.io/repo-automation-bots/owlbot-python:latest
+
+deep-remove-regex:
+ - /owl-bot-staging
+
+deep-copy-regex:
+ - source: /google/iam/credentials/(v.*)/.*-py/(.*)
+ dest: /owl-bot-staging/$1/$2
+
+begin-after-commit-hash: 130ce904e5d546c312943d10f48799590f9c0f66
+
diff --git a/.github/header-checker-lint.yml b/.github/header-checker-lint.yml
new file mode 100644
index 0000000..6fe78aa
--- /dev/null
+++ b/.github/header-checker-lint.yml
@@ -0,0 +1,15 @@
+{"allowedCopyrightHolders": ["Google LLC"],
+ "allowedLicenses": ["Apache-2.0", "MIT", "BSD-3"],
+ "ignoreFiles": ["**/requirements.txt", "**/requirements-test.txt", "**/__init__.py", "samples/**/constraints.txt", "samples/**/constraints-test.txt"],
+ "sourceFileExtensions": [
+ "ts",
+ "js",
+ "java",
+ "sh",
+ "Dockerfile",
+ "yaml",
+ "py",
+ "html",
+ "txt"
+ ]
+}
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index b9daa52..b4243ce 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,8 +50,10 @@ docs.metadata
# Virtual environment
env/
+
+# Test logs
coverage.xml
-sponge_log.xml
+*sponge_log.xml
# System test environment variables.
system_tests/local_test_setup
diff --git a/.kokoro/build.sh b/.kokoro/build.sh
index 078993e..2917e86 100755
--- a/.kokoro/build.sh
+++ b/.kokoro/build.sh
@@ -15,7 +15,11 @@
set -eo pipefail
-cd github/python-iam
+if [[ -z "${PROJECT_ROOT:-}" ]]; then
+ PROJECT_ROOT="github/python-iam"
+fi
+
+cd "${PROJECT_ROOT}"
# Disable buffering, so that the logs stream through.
export PYTHONUNBUFFERED=1
@@ -30,16 +34,26 @@ export GOOGLE_APPLICATION_CREDENTIALS=${KOKORO_GFILE_DIR}/service-account.json
export PROJECT_ID=$(cat "${KOKORO_GFILE_DIR}/project-id.json")
# Remove old nox
-python3.6 -m pip uninstall --yes --quiet nox-automation
+python3 -m pip uninstall --yes --quiet nox-automation
# Install nox
-python3.6 -m pip install --upgrade --quiet nox
-python3.6 -m nox --version
+python3 -m pip install --upgrade --quiet nox
+python3 -m nox --version
+
+# If this is a continuous build, send the test log to the FlakyBot.
+# See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot.
+if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"continuous"* ]]; then
+ cleanup() {
+ chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ }
+ trap cleanup EXIT HUP
+fi
# If NOX_SESSION is set, it only runs the specified session,
# otherwise run all the sessions.
if [[ -n "${NOX_SESSION:-}" ]]; then
- python3.6 -m nox -s "${NOX_SESSION:-}"
+ python3 -m nox -s ${NOX_SESSION:-}
else
- python3.6 -m nox
+ python3 -m nox
fi
diff --git a/.kokoro/docs/docs-presubmit.cfg b/.kokoro/docs/docs-presubmit.cfg
index 1118107..06816ca 100644
--- a/.kokoro/docs/docs-presubmit.cfg
+++ b/.kokoro/docs/docs-presubmit.cfg
@@ -15,3 +15,14 @@ env_vars: {
key: "TRAMPOLINE_IMAGE_UPLOAD"
value: "false"
}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-iam/.kokoro/build.sh"
+}
+
+# Only run this nox session.
+env_vars: {
+ key: "NOX_SESSION"
+ value: "docs docfx"
+}
diff --git a/.kokoro/release.sh b/.kokoro/release.sh
index 6247293..82bd0f2 100755
--- a/.kokoro/release.sh
+++ b/.kokoro/release.sh
@@ -26,7 +26,7 @@ python3 -m pip install --upgrade twine wheel setuptools
export PYTHONUNBUFFERED=1
# Move into the package, build the distribution and upload.
-TWINE_PASSWORD=$(cat "${KOKORO_KEYSTORE_DIR}/73713_google_cloud_pypi_password")
+TWINE_PASSWORD=$(cat "${KOKORO_GFILE_DIR}/secret_manager/google-cloud-pypi-token")
cd github/python-iam
python3 setup.py sdist bdist_wheel
-twine upload --username gcloudpypi --password "${TWINE_PASSWORD}" dist/*
+twine upload --username __token__ --password "${TWINE_PASSWORD}" dist/*
diff --git a/.kokoro/release/common.cfg b/.kokoro/release/common.cfg
index a6ecef9..b490d55 100644
--- a/.kokoro/release/common.cfg
+++ b/.kokoro/release/common.cfg
@@ -23,18 +23,8 @@ env_vars: {
value: "github/python-iam/.kokoro/release.sh"
}
-# Fetch PyPI password
-before_action {
- fetch_keystore {
- keystore_resource {
- keystore_config_id: 73713
- keyname: "google_cloud_pypi_password"
- }
- }
-}
-
# Tokens needed to report release status back to GitHub
env_vars: {
key: "SECRET_MANAGER_KEYS"
- value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
-}
\ No newline at end of file
+ value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem,google-cloud-pypi-token"
+}
diff --git a/.kokoro/samples/python3.6/periodic-head.cfg b/.kokoro/samples/python3.6/periodic-head.cfg
new file mode 100644
index 0000000..f9cfcd3
--- /dev/null
+++ b/.kokoro/samples/python3.6/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/samples/python3.7/periodic-head.cfg b/.kokoro/samples/python3.7/periodic-head.cfg
new file mode 100644
index 0000000..f9cfcd3
--- /dev/null
+++ b/.kokoro/samples/python3.7/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/samples/python3.8/periodic-head.cfg b/.kokoro/samples/python3.8/periodic-head.cfg
new file mode 100644
index 0000000..f9cfcd3
--- /dev/null
+++ b/.kokoro/samples/python3.8/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/test-samples-against-head.sh b/.kokoro/test-samples-against-head.sh
new file mode 100755
index 0000000..1f371d6
--- /dev/null
+++ b/.kokoro/test-samples-against-head.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# A customized test runner for samples.
+#
+# For periodic builds, you can specify this file for testing against head.
+
+# `-e` enables the script to automatically fail when a command fails
+# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero
+set -eo pipefail
+# Enables `**` to include files nested inside sub-folders
+shopt -s globstar
+
+cd github/python-iam
+
+exec .kokoro/test-samples-impl.sh
diff --git a/.kokoro/test-samples-impl.sh b/.kokoro/test-samples-impl.sh
new file mode 100755
index 0000000..cf5de74
--- /dev/null
+++ b/.kokoro/test-samples-impl.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# `-e` enables the script to automatically fail when a command fails
+# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero
+set -eo pipefail
+# Enables `**` to include files nested inside sub-folders
+shopt -s globstar
+
+# Exit early if samples directory doesn't exist
+if [ ! -d "./samples" ]; then
+ echo "No tests run. `./samples` not found"
+ exit 0
+fi
+
+# Disable buffering, so that the logs stream through.
+export PYTHONUNBUFFERED=1
+
+# Debug: show build environment
+env | grep KOKORO
+
+# Install nox
+python3.6 -m pip install --upgrade --quiet nox
+
+# Use secrets acessor service account to get secrets
+if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then
+ gcloud auth activate-service-account \
+ --key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \
+ --project="cloud-devrel-kokoro-resources"
+fi
+
+# This script will create 3 files:
+# - testing/test-env.sh
+# - testing/service-account.json
+# - testing/client-secrets.json
+./scripts/decrypt-secrets.sh
+
+source ./testing/test-env.sh
+export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json
+
+# For cloud-run session, we activate the service account for gcloud sdk.
+gcloud auth activate-service-account \
+ --key-file "${GOOGLE_APPLICATION_CREDENTIALS}"
+
+export GOOGLE_CLIENT_SECRETS=$(pwd)/testing/client-secrets.json
+
+echo -e "\n******************** TESTING PROJECTS ********************"
+
+# Switch to 'fail at end' to allow all tests to complete before exiting.
+set +e
+# Use RTN to return a non-zero value if the test fails.
+RTN=0
+ROOT=$(pwd)
+# Find all requirements.txt in the samples directory (may break on whitespace).
+for file in samples/**/requirements.txt; do
+ cd "$ROOT"
+ # Navigate to the project folder.
+ file=$(dirname "$file")
+ cd "$file"
+
+ echo "------------------------------------------------------------"
+ echo "- testing $file"
+ echo "------------------------------------------------------------"
+
+ # Use nox to execute the tests for the project.
+ python3.6 -m nox -s "$RUN_TESTS_SESSION"
+ EXIT=$?
+
+ # If this is a periodic build, send the test log to the FlakyBot.
+ # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot.
+ if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
+ chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ $KOKORO_GFILE_DIR/linux_amd64/flakybot
+ fi
+
+ if [[ $EXIT -ne 0 ]]; then
+ RTN=1
+ echo -e "\n Testing failed: Nox returned a non-zero exit code. \n"
+ else
+ echo -e "\n Testing completed.\n"
+ fi
+
+done
+cd "$ROOT"
+
+# Workaround for Kokoro permissions issue: delete secrets
+rm testing/{test-env.sh,client-secrets.json,service-account.json}
+
+exit "$RTN"
diff --git a/.kokoro/test-samples.sh b/.kokoro/test-samples.sh
index 77146e0..f9c337d 100755
--- a/.kokoro/test-samples.sh
+++ b/.kokoro/test-samples.sh
@@ -13,6 +13,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+# The default test runner for samples.
+#
+# For periodic builds, we rewinds the repo to the latest release, and
+# run test-samples-impl.sh.
# `-e` enables the script to automatically fail when a command fails
# `-o pipefail` sets the exit code to the rightmost comment to exit with a non-zero
@@ -24,87 +28,19 @@ cd github/python-iam
# Run periodic samples tests at latest release
if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
+ # preserving the test runner implementation.
+ cp .kokoro/test-samples-impl.sh "${TMPDIR}/test-samples-impl.sh"
+ echo "--- IMPORTANT IMPORTANT IMPORTANT ---"
+ echo "Now we rewind the repo back to the latest release..."
LATEST_RELEASE=$(git describe --abbrev=0 --tags)
git checkout $LATEST_RELEASE
-fi
-
-# Exit early if samples directory doesn't exist
-if [ ! -d "./samples" ]; then
- echo "No tests run. `./samples` not found"
- exit 0
-fi
-
-# Disable buffering, so that the logs stream through.
-export PYTHONUNBUFFERED=1
-
-# Debug: show build environment
-env | grep KOKORO
-
-# Install nox
-python3.6 -m pip install --upgrade --quiet nox
-
-# Use secrets acessor service account to get secrets
-if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then
- gcloud auth activate-service-account \
- --key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \
- --project="cloud-devrel-kokoro-resources"
-fi
-
-# This script will create 3 files:
-# - testing/test-env.sh
-# - testing/service-account.json
-# - testing/client-secrets.json
-./scripts/decrypt-secrets.sh
-
-source ./testing/test-env.sh
-export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json
-
-# For cloud-run session, we activate the service account for gcloud sdk.
-gcloud auth activate-service-account \
- --key-file "${GOOGLE_APPLICATION_CREDENTIALS}"
-
-export GOOGLE_CLIENT_SECRETS=$(pwd)/testing/client-secrets.json
-
-echo -e "\n******************** TESTING PROJECTS ********************"
-
-# Switch to 'fail at end' to allow all tests to complete before exiting.
-set +e
-# Use RTN to return a non-zero value if the test fails.
-RTN=0
-ROOT=$(pwd)
-# Find all requirements.txt in the samples directory (may break on whitespace).
-for file in samples/**/requirements.txt; do
- cd "$ROOT"
- # Navigate to the project folder.
- file=$(dirname "$file")
- cd "$file"
-
- echo "------------------------------------------------------------"
- echo "- testing $file"
- echo "------------------------------------------------------------"
-
- # Use nox to execute the tests for the project.
- python3.6 -m nox -s "$RUN_TESTS_SESSION"
- EXIT=$?
-
- # If this is a periodic build, send the test log to the Build Cop Bot.
- # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/buildcop.
- if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
- chmod +x $KOKORO_GFILE_DIR/linux_amd64/buildcop
- $KOKORO_GFILE_DIR/linux_amd64/buildcop
+ echo "The current head is: "
+ echo $(git rev-parse --verify HEAD)
+ echo "--- IMPORTANT IMPORTANT IMPORTANT ---"
+ # move back the test runner implementation if there's no file.
+ if [ ! -f .kokoro/test-samples-impl.sh ]; then
+ cp "${TMPDIR}/test-samples-impl.sh" .kokoro/test-samples-impl.sh
fi
+fi
- if [[ $EXIT -ne 0 ]]; then
- RTN=1
- echo -e "\n Testing failed: Nox returned a non-zero exit code. \n"
- else
- echo -e "\n Testing completed.\n"
- fi
-
-done
-cd "$ROOT"
-
-# Workaround for Kokoro permissions issue: delete secrets
-rm testing/{test-env.sh,client-secrets.json,service-account.json}
-
-exit "$RTN"
+exec .kokoro/test-samples-impl.sh
diff --git a/.kokoro/trampoline_v2.sh b/.kokoro/trampoline_v2.sh
index 719bcd5..4af6cdc 100755
--- a/.kokoro/trampoline_v2.sh
+++ b/.kokoro/trampoline_v2.sh
@@ -159,7 +159,7 @@ if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
"KOKORO_GITHUB_COMMIT"
"KOKORO_GITHUB_PULL_REQUEST_NUMBER"
"KOKORO_GITHUB_PULL_REQUEST_COMMIT"
- # For Build Cop Bot
+ # For FlakyBot
"KOKORO_GITHUB_COMMIT_URL"
"KOKORO_GITHUB_PULL_REQUEST_URL"
)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a9024b1..4f00c7c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
@@ -12,6 +26,6 @@ repos:
hooks:
- id: black
- repo: https://gitlab.com/pycqa/flake8
- rev: 3.8.4
+ rev: 3.9.2
hooks:
- id: flake8
diff --git a/.repo-metadata.json b/.repo-metadata.json
index bde46a7..34e12fc 100644
--- a/.repo-metadata.json
+++ b/.repo-metadata.json
@@ -6,6 +6,7 @@
"issue_tracker": "https://issuetracker.google.com/savedsearches/559761",
"release_level": "ga",
"language": "python",
+ "library_type": "GAPIC_AUTO",
"repo": "googleapis/python-iam",
"distribution_name": "google-cloud-iam",
"api_id": "iam.googleapis.com"
diff --git a/.trampolinerc b/.trampolinerc
index 995ee29..383b6ec 100644
--- a/.trampolinerc
+++ b/.trampolinerc
@@ -24,6 +24,7 @@ required_envvars+=(
pass_down_envvars+=(
"STAGING_BUCKET"
"V2_STAGING_BUCKET"
+ "NOX_SESSION"
)
# Prevent unintentional override on the default image.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0215596..4a38abc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,20 @@
[1]: https://pypi.org/project/google-cloud-iam/#history
+## [2.2.0](https://www.github.com/googleapis/python-iam/compare/v2.1.0...v2.2.0) (2021-05-28)
+
+
+### Features
+
+* support self-signed JWT flow for service accounts ([50ca9be](https://www.github.com/googleapis/python-iam/commit/50ca9becf959a2872e8a33b9afc00766dbfaa196))
+
+
+### Bug Fixes
+
+* add async client to %name_%version/init.py ([50ca9be](https://www.github.com/googleapis/python-iam/commit/50ca9becf959a2872e8a33b9afc00766dbfaa196))
+* require google-api-core>=1.22.2 ([#61](https://www.github.com/googleapis/python-iam/issues/61)) ([959b03d](https://www.github.com/googleapis/python-iam/commit/959b03d7c557881e586b29960d3aaaba75b3adbc))
+* use correct retry deadlines ([#63](https://www.github.com/googleapis/python-iam/issues/63)) ([1fbdece](https://www.github.com/googleapis/python-iam/commit/1fbdeceee5eba78233b913885be2cbffc3ca7904))
+
## [2.1.0](https://www.github.com/googleapis/python-iam/compare/v2.0.0...v2.1.0) (2021-01-25)
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 37b5e80..ef181ca 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -70,9 +70,14 @@ We use `nox `__ to instrument our tests.
- To test your changes, run unit tests with ``nox``::
$ nox -s unit-2.7
- $ nox -s unit-3.7
+ $ nox -s unit-3.8
$ ...
+- Args to pytest can be passed through the nox command separated by a `--`. For
+ example, to run a single test::
+
+ $ nox -s unit-3.8 -- -k
+
.. note::
The unit tests and system tests are described in the
@@ -93,8 +98,12 @@ On Debian/Ubuntu::
************
Coding Style
************
+- We use the automatic code formatter ``black``. You can run it using
+ the nox session ``blacken``. This will eliminate many lint errors. Run via::
+
+ $ nox -s blacken
-- PEP8 compliance, with exceptions defined in the linter configuration.
+- PEP8 compliance is required, with exceptions defined in the linter configuration.
If you have ``nox`` installed, you can test that you have not introduced
any non-compliant code via::
@@ -133,34 +142,25 @@ Running System Tests
- To run system tests, you can execute::
- $ nox -s system-3.7
+ # Run all system tests
+ $ nox -s system-3.8
$ nox -s system-2.7
+ # Run a single system test
+ $ nox -s system-3.8 -- -k
+
+
.. note::
System tests are only configured to run under Python 2.7 and
- Python 3.7. For expediency, we do not run them in older versions
+ Python 3.8. For expediency, we do not run them in older versions
of Python 3.
This alone will not run the tests. You'll need to change some local
auth settings and change some configuration in your project to
run all the tests.
-- System tests will be run against an actual project and
- so you'll need to provide some environment variables to facilitate
- authentication to your project:
-
- - ``GOOGLE_APPLICATION_CREDENTIALS``: The path to a JSON key file;
- Such a file can be downloaded directly from the developer's console by clicking
- "Generate new JSON key". See private key
- `docs `__
- for more details.
-
-- Once you have downloaded your json keys, set the environment variable
- ``GOOGLE_APPLICATION_CREDENTIALS`` to the absolute path of the json file::
-
- $ export GOOGLE_APPLICATION_CREDENTIALS="/Users//path/to/app_credentials.json"
-
+- System tests will be run against an actual project. You should use local credentials from gcloud when possible. See `Best practices for application authentication `__. Some tests require a service account. For those tests see `Authenticating as a service account `__.
*************
Test Coverage
diff --git a/LICENSE b/LICENSE
index a8ee855..d645695 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,7 @@
- Apache License
+
+ Apache License
Version 2.0, January 2004
- https://www.apache.org/licenses/
+ http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -192,7 +193,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- https://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/MANIFEST.in b/MANIFEST.in
index e9e29d1..e783f4c 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -16,10 +16,10 @@
# Generated by synthtool. DO NOT EDIT!
include README.rst LICENSE
-recursive-include google *.json *.proto
+recursive-include google *.json *.proto py.typed
recursive-include tests *
global-exclude *.py[co]
global-exclude __pycache__
# Exclude scripts for samples readmegen
-prune scripts/readme-gen
\ No newline at end of file
+prune scripts/readme-gen
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..8b58ae9
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+To report a security issue, please use [g.co/vulnz](https://g.co/vulnz).
+
+The Google Security Team will respond within 5 working days of your report on g.co/vulnz.
+
+We use g.co/vulnz for our intake, and do coordination and disclosure here using GitHub Security Advisory to privately discuss and fix the issue.
diff --git a/docs/_static/custom.css b/docs/_static/custom.css
index 0abaf22..b0a2954 100644
--- a/docs/_static/custom.css
+++ b/docs/_static/custom.css
@@ -1,4 +1,20 @@
div#python2-eol {
border-color: red;
border-width: medium;
-}
\ No newline at end of file
+}
+
+/* Ensure minimum width for 'Parameters' / 'Returns' column */
+dl.field-list > dt {
+ min-width: 100px
+}
+
+/* Insert space between methods for readability */
+dl.method {
+ padding-top: 10px;
+ padding-bottom: 10px
+}
+
+/* Insert empty space between classes */
+dl.class {
+ padding-bottom: 50px
+}
diff --git a/docs/conf.py b/docs/conf.py
index 589ae65..2350bb9 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -1,4 +1,17 @@
# -*- coding: utf-8 -*-
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
#
# google-cloud-iam documentation build configuration file
#
@@ -344,6 +357,7 @@
"google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None,),
"grpc": ("https://grpc.github.io/grpc/python/", None),
"proto-plus": ("https://proto-plus-python.readthedocs.io/en/latest/", None),
+ "protobuf": ("https://googleapis.dev/python/protobuf/latest/", None),
}
diff --git a/docs/multiprocessing.rst b/docs/multiprocessing.rst
index 1cb29d4..536d17b 100644
--- a/docs/multiprocessing.rst
+++ b/docs/multiprocessing.rst
@@ -1,7 +1,7 @@
.. note::
- Because this client uses :mod:`grpcio` library, it is safe to
+ Because this client uses :mod:`grpc` library, it is safe to
share instances across threads. In multiprocessing scenarios, the best
practice is to create client instances *after* the invocation of
- :func:`os.fork` by :class:`multiprocessing.Pool` or
+ :func:`os.fork` by :class:`multiprocessing.pool.Pool` or
:class:`multiprocessing.Process`.
diff --git a/google/cloud/iam_credentials/__init__.py b/google/cloud/iam_credentials/__init__.py
index b9e9538..a68b3ae 100644
--- a/google/cloud/iam_credentials/__init__.py
+++ b/google/cloud/iam_credentials/__init__.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,12 +14,13 @@
# limitations under the License.
#
-from google.cloud.iam_credentials_v1.services.iam_credentials.async_client import (
- IAMCredentialsAsyncClient,
-)
from google.cloud.iam_credentials_v1.services.iam_credentials.client import (
IAMCredentialsClient,
)
+from google.cloud.iam_credentials_v1.services.iam_credentials.async_client import (
+ IAMCredentialsAsyncClient,
+)
+
from google.cloud.iam_credentials_v1.types.common import GenerateAccessTokenRequest
from google.cloud.iam_credentials_v1.types.common import GenerateAccessTokenResponse
from google.cloud.iam_credentials_v1.types.common import GenerateIdTokenRequest
@@ -31,12 +31,12 @@
from google.cloud.iam_credentials_v1.types.common import SignJwtResponse
__all__ = (
+ "IAMCredentialsClient",
+ "IAMCredentialsAsyncClient",
"GenerateAccessTokenRequest",
"GenerateAccessTokenResponse",
"GenerateIdTokenRequest",
"GenerateIdTokenResponse",
- "IAMCredentialsAsyncClient",
- "IAMCredentialsClient",
"SignBlobRequest",
"SignBlobResponse",
"SignJwtRequest",
diff --git a/google/cloud/iam_credentials_v1/__init__.py b/google/cloud/iam_credentials_v1/__init__.py
index aaf7fed..cd37f9c 100644
--- a/google/cloud/iam_credentials_v1/__init__.py
+++ b/google/cloud/iam_credentials_v1/__init__.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,6 +15,8 @@
#
from .services.iam_credentials import IAMCredentialsClient
+from .services.iam_credentials import IAMCredentialsAsyncClient
+
from .types.common import GenerateAccessTokenRequest
from .types.common import GenerateAccessTokenResponse
from .types.common import GenerateIdTokenRequest
@@ -25,15 +26,15 @@
from .types.common import SignJwtRequest
from .types.common import SignJwtResponse
-
__all__ = (
+ "IAMCredentialsAsyncClient",
"GenerateAccessTokenRequest",
"GenerateAccessTokenResponse",
"GenerateIdTokenRequest",
"GenerateIdTokenResponse",
+ "IAMCredentialsClient",
"SignBlobRequest",
"SignBlobResponse",
"SignJwtRequest",
"SignJwtResponse",
- "IAMCredentialsClient",
)
diff --git a/google/cloud/iam_credentials_v1/gapic_metadata.json b/google/cloud/iam_credentials_v1/gapic_metadata.json
new file mode 100644
index 0000000..82b1d8a
--- /dev/null
+++ b/google/cloud/iam_credentials_v1/gapic_metadata.json
@@ -0,0 +1,63 @@
+ {
+ "comment": "This file maps proto services/RPCs to the corresponding library clients/methods",
+ "language": "python",
+ "libraryPackage": "google.iam.credentials_v1",
+ "protoPackage": "google.iam.credentials.v1",
+ "schema": "1.0",
+ "services": {
+ "IAMCredentials": {
+ "clients": {
+ "grpc": {
+ "libraryClient": "IAMCredentialsClient",
+ "rpcs": {
+ "GenerateAccessToken": {
+ "methods": [
+ "generate_access_token"
+ ]
+ },
+ "GenerateIdToken": {
+ "methods": [
+ "generate_id_token"
+ ]
+ },
+ "SignBlob": {
+ "methods": [
+ "sign_blob"
+ ]
+ },
+ "SignJwt": {
+ "methods": [
+ "sign_jwt"
+ ]
+ }
+ }
+ },
+ "grpc-async": {
+ "libraryClient": "IAMCredentialsAsyncClient",
+ "rpcs": {
+ "GenerateAccessToken": {
+ "methods": [
+ "generate_access_token"
+ ]
+ },
+ "GenerateIdToken": {
+ "methods": [
+ "generate_id_token"
+ ]
+ },
+ "SignBlob": {
+ "methods": [
+ "sign_blob"
+ ]
+ },
+ "SignJwt": {
+ "methods": [
+ "sign_jwt"
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/google/cloud/iam_credentials_v1/services/__init__.py b/google/cloud/iam_credentials_v1/services/__init__.py
index 42ffdf2..4de6597 100644
--- a/google/cloud/iam_credentials_v1/services/__init__.py
+++ b/google/cloud/iam_credentials_v1/services/__init__.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/__init__.py b/google/cloud/iam_credentials_v1/services/iam_credentials/__init__.py
index 7ac7578..3408a00 100644
--- a/google/cloud/iam_credentials_v1/services/iam_credentials/__init__.py
+++ b/google/cloud/iam_credentials_v1/services/iam_credentials/__init__.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
from .client import IAMCredentialsClient
from .async_client import IAMCredentialsAsyncClient
diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py b/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py
index 557b525..14d5cbd 100644
--- a/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py
+++ b/google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
from collections import OrderedDict
import functools
import re
@@ -22,16 +20,15 @@
import pkg_resources
import google.api_core.client_options as ClientOptions # type: ignore
-from google.api_core import exceptions # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
-from google.auth import credentials # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
from google.oauth2 import service_account # type: ignore
from google.cloud.iam_credentials_v1.types import common
-from google.protobuf import duration_pb2 as duration # type: ignore
-from google.protobuf import timestamp_pb2 as timestamp # type: ignore
-
+from google.protobuf import duration_pb2 # type: ignore
+from google.protobuf import timestamp_pb2 # type: ignore
from .transports.base import IAMCredentialsTransport, DEFAULT_CLIENT_INFO
from .transports.grpc_asyncio import IAMCredentialsGrpcAsyncIOTransport
from .client import IAMCredentialsClient
@@ -59,43 +56,67 @@ class IAMCredentialsAsyncClient:
parse_service_account_path = staticmethod(
IAMCredentialsClient.parse_service_account_path
)
-
common_billing_account_path = staticmethod(
IAMCredentialsClient.common_billing_account_path
)
parse_common_billing_account_path = staticmethod(
IAMCredentialsClient.parse_common_billing_account_path
)
-
common_folder_path = staticmethod(IAMCredentialsClient.common_folder_path)
parse_common_folder_path = staticmethod(
IAMCredentialsClient.parse_common_folder_path
)
-
common_organization_path = staticmethod(
IAMCredentialsClient.common_organization_path
)
parse_common_organization_path = staticmethod(
IAMCredentialsClient.parse_common_organization_path
)
-
common_project_path = staticmethod(IAMCredentialsClient.common_project_path)
parse_common_project_path = staticmethod(
IAMCredentialsClient.parse_common_project_path
)
-
common_location_path = staticmethod(IAMCredentialsClient.common_location_path)
parse_common_location_path = staticmethod(
IAMCredentialsClient.parse_common_location_path
)
- from_service_account_info = IAMCredentialsClient.from_service_account_info
- from_service_account_file = IAMCredentialsClient.from_service_account_file
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ IAMCredentialsAsyncClient: The constructed client.
+ """
+ return IAMCredentialsClient.from_service_account_info.__func__(IAMCredentialsAsyncClient, info, *args, **kwargs) # type: ignore
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ IAMCredentialsAsyncClient: The constructed client.
+ """
+ return IAMCredentialsClient.from_service_account_file.__func__(IAMCredentialsAsyncClient, filename, *args, **kwargs) # type: ignore
+
from_service_account_json = from_service_account_file
@property
def transport(self) -> IAMCredentialsTransport:
- """Return the transport used by the client instance.
+ """Returns the transport used by the client instance.
Returns:
IAMCredentialsTransport: The transport used by the client instance.
@@ -109,12 +130,12 @@ def transport(self) -> IAMCredentialsTransport:
def __init__(
self,
*,
- credentials: credentials.Credentials = None,
+ credentials: ga_credentials.Credentials = None,
transport: Union[str, IAMCredentialsTransport] = "grpc_asyncio",
client_options: ClientOptions = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
- """Instantiate the iam credentials client.
+ """Instantiates the iam credentials client.
Args:
credentials (Optional[google.auth.credentials.Credentials]): The
@@ -146,7 +167,6 @@ def __init__(
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
creation failed for any reason.
"""
-
self._client = IAMCredentialsClient(
credentials=credentials,
transport=transport,
@@ -161,7 +181,7 @@ async def generate_access_token(
name: str = None,
delegates: Sequence[str] = None,
scope: Sequence[str] = None,
- lifetime: duration.Duration = None,
+ lifetime: duration_pb2.Duration = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
@@ -223,7 +243,6 @@ async def generate_access_token(
This corresponds to the ``lifetime`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -248,12 +267,10 @@ async def generate_access_token(
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
if lifetime is not None:
request.lifetime = lifetime
-
if delegates:
request.delegates.extend(delegates)
if scope:
@@ -268,8 +285,10 @@ async def generate_access_token(
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -350,7 +369,6 @@ async def generate_id_token(
This corresponds to the ``include_email`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -375,14 +393,12 @@ async def generate_id_token(
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
if audience is not None:
request.audience = audience
if include_email is not None:
request.include_email = include_email
-
if delegates:
request.delegates.extend(delegates)
@@ -395,8 +411,10 @@ async def generate_id_token(
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -465,7 +483,6 @@ async def sign_blob(
This corresponds to the ``payload`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -490,12 +507,10 @@ async def sign_blob(
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
if payload is not None:
request.payload = payload
-
if delegates:
request.delegates.extend(delegates)
@@ -508,8 +523,10 @@ async def sign_blob(
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
@@ -581,7 +598,6 @@ async def sign_jwt(
This corresponds to the ``payload`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -606,12 +622,10 @@ async def sign_jwt(
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
if payload is not None:
request.payload = payload
-
if delegates:
request.delegates.extend(delegates)
@@ -624,8 +638,10 @@ async def sign_jwt(
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=DEFAULT_CLIENT_INFO,
diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/client.py b/google/cloud/iam_credentials_v1/services/iam_credentials/client.py
index 5614db4..ad4b498 100644
--- a/google/cloud/iam_credentials_v1/services/iam_credentials/client.py
+++ b/google/cloud/iam_credentials_v1/services/iam_credentials/client.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
from collections import OrderedDict
from distutils import util
import os
@@ -23,19 +21,18 @@
import pkg_resources
from google.api_core import client_options as client_options_lib # type: ignore
-from google.api_core import exceptions # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
-from google.auth import credentials # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
from google.auth.transport import mtls # type: ignore
from google.auth.transport.grpc import SslCredentials # type: ignore
from google.auth.exceptions import MutualTLSChannelError # type: ignore
from google.oauth2 import service_account # type: ignore
from google.cloud.iam_credentials_v1.types import common
-from google.protobuf import duration_pb2 as duration # type: ignore
-from google.protobuf import timestamp_pb2 as timestamp # type: ignore
-
+from google.protobuf import duration_pb2 # type: ignore
+from google.protobuf import timestamp_pb2 # type: ignore
from .transports.base import IAMCredentialsTransport, DEFAULT_CLIENT_INFO
from .transports.grpc import IAMCredentialsGrpcTransport
from .transports.grpc_asyncio import IAMCredentialsGrpcAsyncIOTransport
@@ -56,7 +53,7 @@ class IAMCredentialsClientMeta(type):
_transport_registry["grpc_asyncio"] = IAMCredentialsGrpcAsyncIOTransport
def get_transport_class(cls, label: str = None,) -> Type[IAMCredentialsTransport]:
- """Return an appropriate transport class.
+ """Returns an appropriate transport class.
Args:
label: The name of the desired transport. If none is
@@ -89,7 +86,8 @@ class IAMCredentialsClient(metaclass=IAMCredentialsClientMeta):
@staticmethod
def _get_default_mtls_endpoint(api_endpoint):
- """Convert api endpoint to mTLS endpoint.
+ """Converts api endpoint to mTLS endpoint.
+
Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
"*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
Args:
@@ -123,7 +121,8 @@ def _get_default_mtls_endpoint(api_endpoint):
@classmethod
def from_service_account_info(cls, info: dict, *args, **kwargs):
- """Creates an instance of this client using the provided credentials info.
+ """Creates an instance of this client using the provided credentials
+ info.
Args:
info (dict): The service account private key info.
@@ -140,7 +139,7 @@ def from_service_account_info(cls, info: dict, *args, **kwargs):
@classmethod
def from_service_account_file(cls, filename: str, *args, **kwargs):
"""Creates an instance of this client using the provided credentials
- file.
+ file.
Args:
filename (str): The path to the service account private key json
@@ -159,23 +158,24 @@ def from_service_account_file(cls, filename: str, *args, **kwargs):
@property
def transport(self) -> IAMCredentialsTransport:
- """Return the transport used by the client instance.
+ """Returns the transport used by the client instance.
Returns:
- IAMCredentialsTransport: The transport used by the client instance.
+ IAMCredentialsTransport: The transport used by the client
+ instance.
"""
return self._transport
@staticmethod
def service_account_path(project: str, service_account: str,) -> str:
- """Return a fully-qualified service_account string."""
+ """Returns a fully-qualified service_account string."""
return "projects/{project}/serviceAccounts/{service_account}".format(
project=project, service_account=service_account,
)
@staticmethod
def parse_service_account_path(path: str) -> Dict[str, str]:
- """Parse a service_account path into its component segments."""
+ """Parses a service_account path into its component segments."""
m = re.match(
r"^projects/(?P.+?)/serviceAccounts/(?P.+?)$",
path,
@@ -184,7 +184,7 @@ def parse_service_account_path(path: str) -> Dict[str, str]:
@staticmethod
def common_billing_account_path(billing_account: str,) -> str:
- """Return a fully-qualified billing_account string."""
+ """Returns a fully-qualified billing_account string."""
return "billingAccounts/{billing_account}".format(
billing_account=billing_account,
)
@@ -197,7 +197,7 @@ def parse_common_billing_account_path(path: str) -> Dict[str, str]:
@staticmethod
def common_folder_path(folder: str,) -> str:
- """Return a fully-qualified folder string."""
+ """Returns a fully-qualified folder string."""
return "folders/{folder}".format(folder=folder,)
@staticmethod
@@ -208,7 +208,7 @@ def parse_common_folder_path(path: str) -> Dict[str, str]:
@staticmethod
def common_organization_path(organization: str,) -> str:
- """Return a fully-qualified organization string."""
+ """Returns a fully-qualified organization string."""
return "organizations/{organization}".format(organization=organization,)
@staticmethod
@@ -219,7 +219,7 @@ def parse_common_organization_path(path: str) -> Dict[str, str]:
@staticmethod
def common_project_path(project: str,) -> str:
- """Return a fully-qualified project string."""
+ """Returns a fully-qualified project string."""
return "projects/{project}".format(project=project,)
@staticmethod
@@ -230,7 +230,7 @@ def parse_common_project_path(path: str) -> Dict[str, str]:
@staticmethod
def common_location_path(project: str, location: str,) -> str:
- """Return a fully-qualified location string."""
+ """Returns a fully-qualified location string."""
return "projects/{project}/locations/{location}".format(
project=project, location=location,
)
@@ -244,12 +244,12 @@ def parse_common_location_path(path: str) -> Dict[str, str]:
def __init__(
self,
*,
- credentials: Optional[credentials.Credentials] = None,
+ credentials: Optional[ga_credentials.Credentials] = None,
transport: Union[str, IAMCredentialsTransport, None] = None,
client_options: Optional[client_options_lib.ClientOptions] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
- """Instantiate the iam credentials client.
+ """Instantiates the iam credentials client.
Args:
credentials (Optional[google.auth.credentials.Credentials]): The
@@ -296,21 +296,18 @@ def __init__(
util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))
)
- ssl_credentials = None
+ client_cert_source_func = None
is_mtls = False
if use_client_cert:
if client_options.client_cert_source:
- import grpc # type: ignore
-
- cert, key = client_options.client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
is_mtls = True
+ client_cert_source_func = client_options.client_cert_source
else:
- creds = SslCredentials()
- is_mtls = creds.is_mtls
- ssl_credentials = creds.ssl_credentials if is_mtls else None
+ is_mtls = mtls.has_default_client_cert_source()
+ if is_mtls:
+ client_cert_source_func = mtls.default_client_cert_source()
+ else:
+ client_cert_source_func = None
# Figure out which api endpoint to use.
if client_options.api_endpoint is not None:
@@ -322,12 +319,14 @@ def __init__(
elif use_mtls_env == "always":
api_endpoint = self.DEFAULT_MTLS_ENDPOINT
elif use_mtls_env == "auto":
- api_endpoint = (
- self.DEFAULT_MTLS_ENDPOINT if is_mtls else self.DEFAULT_ENDPOINT
- )
+ if is_mtls:
+ api_endpoint = self.DEFAULT_MTLS_ENDPOINT
+ else:
+ api_endpoint = self.DEFAULT_ENDPOINT
else:
raise MutualTLSChannelError(
- "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted values: never, auto, always"
+ "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted "
+ "values: never, auto, always"
)
# Save or instantiate the transport.
@@ -342,8 +341,8 @@ def __init__(
)
if client_options.scopes:
raise ValueError(
- "When providing a transport instance, "
- "provide its scopes directly."
+ "When providing a transport instance, provide its scopes "
+ "directly."
)
self._transport = transport
else:
@@ -353,7 +352,7 @@ def __init__(
credentials_file=client_options.credentials_file,
host=api_endpoint,
scopes=client_options.scopes,
- ssl_channel_credentials=ssl_credentials,
+ client_cert_source_for_mtls=client_cert_source_func,
quota_project_id=client_options.quota_project_id,
client_info=client_info,
)
@@ -365,7 +364,7 @@ def generate_access_token(
name: str = None,
delegates: Sequence[str] = None,
scope: Sequence[str] = None,
- lifetime: duration.Duration = None,
+ lifetime: duration_pb2.Duration = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
@@ -427,7 +426,6 @@ def generate_access_token(
This corresponds to the ``lifetime`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -454,20 +452,17 @@ def generate_access_token(
# there are no flattened fields.
if not isinstance(request, common.GenerateAccessTokenRequest):
request = common.GenerateAccessTokenRequest(request)
-
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
+ if delegates is not None:
+ request.delegates = delegates
+ if scope is not None:
+ request.scope = scope
if lifetime is not None:
request.lifetime = lifetime
- if delegates:
- request.delegates.extend(delegates)
- if scope:
- request.scope.extend(scope)
-
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
rpc = self._transport._wrapped_methods[self._transport.generate_access_token]
@@ -547,7 +542,6 @@ def generate_id_token(
This corresponds to the ``include_email`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -574,20 +568,17 @@ def generate_id_token(
# there are no flattened fields.
if not isinstance(request, common.GenerateIdTokenRequest):
request = common.GenerateIdTokenRequest(request)
-
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
+ if delegates is not None:
+ request.delegates = delegates
if audience is not None:
request.audience = audience
if include_email is not None:
request.include_email = include_email
- if delegates:
- request.delegates.extend(delegates)
-
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
rpc = self._transport._wrapped_methods[self._transport.generate_id_token]
@@ -655,7 +646,6 @@ def sign_blob(
This corresponds to the ``payload`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -682,18 +672,15 @@ def sign_blob(
# there are no flattened fields.
if not isinstance(request, common.SignBlobRequest):
request = common.SignBlobRequest(request)
-
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
+ if delegates is not None:
+ request.delegates = delegates
if payload is not None:
request.payload = payload
- if delegates:
- request.delegates.extend(delegates)
-
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
rpc = self._transport._wrapped_methods[self._transport.sign_blob]
@@ -764,7 +751,6 @@ def sign_jwt(
This corresponds to the ``payload`` field
on the ``request`` instance; if ``request`` is provided, this
should not be set.
-
retry (google.api_core.retry.Retry): Designation of what errors, if any,
should be retried.
timeout (float): The timeout for this request.
@@ -791,18 +777,15 @@ def sign_jwt(
# there are no flattened fields.
if not isinstance(request, common.SignJwtRequest):
request = common.SignJwtRequest(request)
-
# If we have keyword arguments corresponding to fields on the
# request, apply these.
-
if name is not None:
request.name = name
+ if delegates is not None:
+ request.delegates = delegates
if payload is not None:
request.payload = payload
- if delegates:
- request.delegates.extend(delegates)
-
# Wrap the RPC method; this adds retry and timeout information,
# and friendly error handling.
rpc = self._transport._wrapped_methods[self._transport.sign_jwt]
diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/__init__.py b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/__init__.py
index 10aacfc..31e19cf 100644
--- a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/__init__.py
+++ b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/__init__.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
from collections import OrderedDict
from typing import Dict, Type
diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py
index 9e5186e..7eeca28 100644
--- a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py
+++ b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,20 +13,20 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
import abc
-import typing
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Union
+import packaging.version
import pkg_resources
-from google import auth # type: ignore
-from google.api_core import exceptions # type: ignore
+import google.auth # type: ignore
+import google.api_core # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
-from google.auth import credentials # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
from google.cloud.iam_credentials_v1.types import common
-
try:
DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
gapic_version=pkg_resources.get_distribution("google-cloud-iam",).version,
@@ -35,27 +34,41 @@
except pkg_resources.DistributionNotFound:
DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+try:
+ # google.auth.__version__ was added in 1.26.0
+ _GOOGLE_AUTH_VERSION = google.auth.__version__
+except AttributeError:
+ try: # try pkg_resources if it is available
+ _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version
+ except pkg_resources.DistributionNotFound: # pragma: NO COVER
+ _GOOGLE_AUTH_VERSION = None
+
+_API_CORE_VERSION = google.api_core.__version__
+
class IAMCredentialsTransport(abc.ABC):
"""Abstract transport class for IAMCredentials."""
AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",)
+ DEFAULT_HOST: str = "iamcredentials.googleapis.com"
+
def __init__(
self,
*,
- host: str = "iamcredentials.googleapis.com",
- credentials: credentials.Credentials = None,
- credentials_file: typing.Optional[str] = None,
- scopes: typing.Optional[typing.Sequence[str]] = AUTH_SCOPES,
- quota_project_id: typing.Optional[str] = None,
+ host: str = DEFAULT_HOST,
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
**kwargs,
) -> None:
"""Instantiate the transport.
Args:
- host (Optional[str]): The hostname to connect to.
+ host (Optional[str]):
+ The hostname to connect to.
credentials (Optional[google.auth.credentials.Credentials]): The
authorization credentials to attach to requests. These
credentials identify the application to the service; if none
@@ -64,13 +77,13 @@ def __init__(
credentials_file (Optional[str]): A file with credentials that can
be loaded with :func:`google.auth.load_credentials_from_file`.
This argument is mutually exclusive with credentials.
- scope (Optional[Sequence[str]]): A list of scopes.
+ scopes (Optional[Sequence[str]]): A list of scopes.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
@@ -78,28 +91,75 @@ def __init__(
host += ":443"
self._host = host
+ scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
+
+ # Save the scopes.
+ self._scopes = scopes or self.AUTH_SCOPES
+
# If no credentials are provided, then determine the appropriate
# defaults.
if credentials and credentials_file:
- raise exceptions.DuplicateCredentialArgs(
+ raise core_exceptions.DuplicateCredentialArgs(
"'credentials_file' and 'credentials' are mutually exclusive"
)
if credentials_file is not None:
- credentials, _ = auth.load_credentials_from_file(
- credentials_file, scopes=scopes, quota_project_id=quota_project_id
+ credentials, _ = google.auth.load_credentials_from_file(
+ credentials_file, **scopes_kwargs, quota_project_id=quota_project_id
)
elif credentials is None:
- credentials, _ = auth.default(
- scopes=scopes, quota_project_id=quota_project_id
+ credentials, _ = google.auth.default(
+ **scopes_kwargs, quota_project_id=quota_project_id
)
# Save the credentials.
self._credentials = credentials
- # Lifted into its own function so it can be stubbed out during tests.
- self._prep_wrapped_messages(client_info)
+ # TODO(busunkim): These two class methods are in the base transport
+ # to avoid duplicating code across the transport classes. These functions
+ # should be deleted once the minimum required versions of google-api-core
+ # and google-auth are increased.
+
+ # TODO: Remove this function once google-auth >= 1.25.0 is required
+ @classmethod
+ def _get_scopes_kwargs(
+ cls, host: str, scopes: Optional[Sequence[str]]
+ ) -> Dict[str, Optional[Sequence[str]]]:
+ """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version"""
+
+ scopes_kwargs = {}
+
+ if _GOOGLE_AUTH_VERSION and (
+ packaging.version.parse(_GOOGLE_AUTH_VERSION)
+ >= packaging.version.parse("1.25.0")
+ ):
+ scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES}
+ else:
+ scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES}
+
+ return scopes_kwargs
+
+ # TODO: Remove this function once google-api-core >= 1.26.0 is required
+ @classmethod
+ def _get_self_signed_jwt_kwargs(
+ cls, host: str, scopes: Optional[Sequence[str]]
+ ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
+ """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
+
+ self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
+
+ if _API_CORE_VERSION and (
+ packaging.version.parse(_API_CORE_VERSION)
+ >= packaging.version.parse("1.26.0")
+ ):
+ self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
+ self_signed_jwt_kwargs["scopes"] = scopes
+ self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
+ else:
+ self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
+
+ return self_signed_jwt_kwargs
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
@@ -111,8 +171,10 @@ def _prep_wrapped_messages(self, client_info):
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -124,8 +186,10 @@ def _prep_wrapped_messages(self, client_info):
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -137,8 +201,10 @@ def _prep_wrapped_messages(self, client_info):
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -150,8 +216,10 @@ def _prep_wrapped_messages(self, client_info):
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- exceptions.DeadlineExceeded, exceptions.ServiceUnavailable,
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
),
+ deadline=60.0,
),
default_timeout=60.0,
client_info=client_info,
@@ -161,11 +229,11 @@ def _prep_wrapped_messages(self, client_info):
@property
def generate_access_token(
self,
- ) -> typing.Callable[
+ ) -> Callable[
[common.GenerateAccessTokenRequest],
- typing.Union[
+ Union[
common.GenerateAccessTokenResponse,
- typing.Awaitable[common.GenerateAccessTokenResponse],
+ Awaitable[common.GenerateAccessTokenResponse],
],
]:
raise NotImplementedError()
@@ -173,11 +241,10 @@ def generate_access_token(
@property
def generate_id_token(
self,
- ) -> typing.Callable[
+ ) -> Callable[
[common.GenerateIdTokenRequest],
- typing.Union[
- common.GenerateIdTokenResponse,
- typing.Awaitable[common.GenerateIdTokenResponse],
+ Union[
+ common.GenerateIdTokenResponse, Awaitable[common.GenerateIdTokenResponse]
],
]:
raise NotImplementedError()
@@ -185,20 +252,18 @@ def generate_id_token(
@property
def sign_blob(
self,
- ) -> typing.Callable[
+ ) -> Callable[
[common.SignBlobRequest],
- typing.Union[
- common.SignBlobResponse, typing.Awaitable[common.SignBlobResponse]
- ],
+ Union[common.SignBlobResponse, Awaitable[common.SignBlobResponse]],
]:
raise NotImplementedError()
@property
def sign_jwt(
self,
- ) -> typing.Callable[
+ ) -> Callable[
[common.SignJwtRequest],
- typing.Union[common.SignJwtResponse, typing.Awaitable[common.SignJwtResponse]],
+ Union[common.SignJwtResponse, Awaitable[common.SignJwtResponse]],
]:
raise NotImplementedError()
diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py
index 8f74d2e..6510b14 100644
--- a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py
+++ b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,20 +13,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
import warnings
-from typing import Callable, Dict, Optional, Sequence, Tuple
+from typing import Callable, Dict, Optional, Sequence, Tuple, Union
from google.api_core import grpc_helpers # type: ignore
from google.api_core import gapic_v1 # type: ignore
-from google import auth # type: ignore
-from google.auth import credentials # type: ignore
+import google.auth # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
from google.auth.transport.grpc import SslCredentials # type: ignore
import grpc # type: ignore
from google.cloud.iam_credentials_v1.types import common
-
from .base import IAMCredentialsTransport, DEFAULT_CLIENT_INFO
@@ -59,20 +56,22 @@ def __init__(
self,
*,
host: str = "iamcredentials.googleapis.com",
- credentials: credentials.Credentials = None,
+ credentials: ga_credentials.Credentials = None,
credentials_file: str = None,
scopes: Sequence[str] = None,
channel: grpc.Channel = None,
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
"""Instantiate the transport.
Args:
- host (Optional[str]): The hostname to connect to.
+ host (Optional[str]):
+ The hostname to connect to.
credentials (Optional[google.auth.credentials.Credentials]): The
authorization credentials to attach to requests. These
credentials identify the application to the service; if none
@@ -96,6 +95,10 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
client_info (google.api_core.gapic_v1.client_info.ClientInfo):
@@ -110,72 +113,60 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
-
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -183,23 +174,14 @@ def __init__(
],
)
- self._stubs = {} # type: Dict[str, Callable]
-
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@classmethod
def create_channel(
cls,
host: str = "iamcredentials.googleapis.com",
- credentials: credentials.Credentials = None,
+ credentials: ga_credentials.Credentials = None,
credentials_file: str = None,
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
@@ -207,7 +189,7 @@ def create_channel(
) -> grpc.Channel:
"""Create and return a gRPC channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
@@ -230,13 +212,15 @@ def create_channel(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
- scopes = scopes or cls.AUTH_SCOPES
+
+ self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
+
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
- scopes=scopes,
quota_project_id=quota_project_id,
+ **self_signed_jwt_kwargs,
**kwargs,
)
diff --git a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py
index 9cedf8a..aceaf50 100644
--- a/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py
+++ b/google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,21 +13,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
import warnings
-from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
from google.api_core import gapic_v1 # type: ignore
from google.api_core import grpc_helpers_async # type: ignore
-from google import auth # type: ignore
-from google.auth import credentials # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
from google.auth.transport.grpc import SslCredentials # type: ignore
+import packaging.version
import grpc # type: ignore
from grpc.experimental import aio # type: ignore
from google.cloud.iam_credentials_v1.types import common
-
from .base import IAMCredentialsTransport, DEFAULT_CLIENT_INFO
from .grpc import IAMCredentialsGrpcTransport
@@ -62,7 +59,7 @@ class IAMCredentialsGrpcAsyncIOTransport(IAMCredentialsTransport):
def create_channel(
cls,
host: str = "iamcredentials.googleapis.com",
- credentials: credentials.Credentials = None,
+ credentials: ga_credentials.Credentials = None,
credentials_file: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
@@ -70,7 +67,7 @@ def create_channel(
) -> aio.Channel:
"""Create and return a gRPC AsyncIO channel object.
Args:
- address (Optional[str]): The host for the channel to use.
+ host (Optional[str]): The host for the channel to use.
credentials (Optional[~.Credentials]): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If
@@ -89,13 +86,15 @@ def create_channel(
Returns:
aio.Channel: A gRPC AsyncIO channel object.
"""
- scopes = scopes or cls.AUTH_SCOPES
+
+ self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
+
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
- scopes=scopes,
quota_project_id=quota_project_id,
+ **self_signed_jwt_kwargs,
**kwargs,
)
@@ -103,20 +102,22 @@ def __init__(
self,
*,
host: str = "iamcredentials.googleapis.com",
- credentials: credentials.Credentials = None,
+ credentials: ga_credentials.Credentials = None,
credentials_file: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
channel: aio.Channel = None,
api_mtls_endpoint: str = None,
client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
) -> None:
"""Instantiate the transport.
Args:
- host (Optional[str]): The hostname to connect to.
+ host (Optional[str]):
+ The hostname to connect to.
credentials (Optional[google.auth.credentials.Credentials]): The
authorization credentials to attach to requests. These
credentials identify the application to the service; if none
@@ -141,12 +142,16 @@ def __init__(
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
for grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
- client_info (google.api_core.gapic_v1.client_info.ClientInfo):
- The client info used to send a user-agent string along with
- API requests. If ``None``, then default info will be used.
- Generally, you only need to set this if you're developing
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
your own client library.
Raises:
@@ -155,72 +160,59 @@ def __init__(
google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
and ``credentials_file`` are passed.
"""
+ self._grpc_channel = None
self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
if channel:
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
+ # Ignore credentials if a channel was passed.
credentials = False
-
# If a channel was explicitly provided, set it.
self._grpc_channel = channel
self._ssl_channel_credentials = None
- elif api_mtls_endpoint:
- warnings.warn(
- "api_mtls_endpoint and client_cert_source are deprecated",
- DeprecationWarning,
- )
-
- host = (
- api_mtls_endpoint
- if ":" in api_mtls_endpoint
- else api_mtls_endpoint + ":443"
- )
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
-
- # Create SSL credentials with client_cert_source or application
- # default SSL credentials.
- if client_cert_source:
- cert, key = client_cert_source()
- ssl_credentials = grpc.ssl_channel_credentials(
- certificate_chain=cert, private_key=key
- )
else:
- ssl_credentials = SslCredentials().ssl_credentials
-
- # create a new channel. The provided one is ignored.
- self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
- credentials_file=credentials_file,
- ssl_credentials=ssl_credentials,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
- self._ssl_channel_credentials = ssl_credentials
- else:
- host = host if ":" in host else host + ":443"
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
- if credentials is None:
- credentials, _ = auth.default(
- scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id
- )
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ )
- # create a new channel. The provided one is ignored.
+ if not self._grpc_channel:
self._grpc_channel = type(self).create_channel(
- host,
- credentials=credentials,
+ self._host,
+ credentials=self._credentials,
credentials_file=credentials_file,
- ssl_credentials=ssl_channel_credentials,
- scopes=scopes or self.AUTH_SCOPES,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
quota_project_id=quota_project_id,
options=[
("grpc.max_send_message_length", -1),
@@ -228,17 +220,8 @@ def __init__(
],
)
- # Run the base constructor.
- super().__init__(
- host=host,
- credentials=credentials,
- credentials_file=credentials_file,
- scopes=scopes or self.AUTH_SCOPES,
- quota_project_id=quota_project_id,
- client_info=client_info,
- )
-
- self._stubs = {}
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
@property
def grpc_channel(self) -> aio.Channel:
diff --git a/google/cloud/iam_credentials_v1/types/__init__.py b/google/cloud/iam_credentials_v1/types/__init__.py
index 936ab81..5562856 100644
--- a/google/cloud/iam_credentials_v1/types/__init__.py
+++ b/google/cloud/iam_credentials_v1/types/__init__.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,25 +13,24 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
from .common import (
GenerateAccessTokenRequest,
GenerateAccessTokenResponse,
+ GenerateIdTokenRequest,
+ GenerateIdTokenResponse,
SignBlobRequest,
SignBlobResponse,
SignJwtRequest,
SignJwtResponse,
- GenerateIdTokenRequest,
- GenerateIdTokenResponse,
)
__all__ = (
"GenerateAccessTokenRequest",
"GenerateAccessTokenResponse",
+ "GenerateIdTokenRequest",
+ "GenerateIdTokenResponse",
"SignBlobRequest",
"SignBlobResponse",
"SignJwtRequest",
"SignJwtResponse",
- "GenerateIdTokenRequest",
- "GenerateIdTokenResponse",
)
diff --git a/google/cloud/iam_credentials_v1/types/common.py b/google/cloud/iam_credentials_v1/types/common.py
index eb8fa59..5124bbc 100644
--- a/google/cloud/iam_credentials_v1/types/common.py
+++ b/google/cloud/iam_credentials_v1/types/common.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,12 +13,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
import proto # type: ignore
-
-from google.protobuf import duration_pb2 as duration # type: ignore
-from google.protobuf import timestamp_pb2 as timestamp # type: ignore
+from google.protobuf import duration_pb2 # type: ignore
+from google.protobuf import timestamp_pb2 # type: ignore
__protobuf__ = proto.module(
@@ -39,7 +36,6 @@
class GenerateAccessTokenRequest(proto.Message):
r"""
-
Attributes:
name (str):
Required. The resource name of the service account for which
@@ -75,18 +71,14 @@ class GenerateAccessTokenRequest(proto.Message):
to a default value of one hour.
"""
- name = proto.Field(proto.STRING, number=1)
-
- delegates = proto.RepeatedField(proto.STRING, number=2)
-
- scope = proto.RepeatedField(proto.STRING, number=4)
-
- lifetime = proto.Field(proto.MESSAGE, number=7, message=duration.Duration,)
+ name = proto.Field(proto.STRING, number=1,)
+ delegates = proto.RepeatedField(proto.STRING, number=2,)
+ scope = proto.RepeatedField(proto.STRING, number=4,)
+ lifetime = proto.Field(proto.MESSAGE, number=7, message=duration_pb2.Duration,)
class GenerateAccessTokenResponse(proto.Message):
r"""
-
Attributes:
access_token (str):
The OAuth 2.0 access token.
@@ -95,14 +87,12 @@ class GenerateAccessTokenResponse(proto.Message):
The expiration time is always set.
"""
- access_token = proto.Field(proto.STRING, number=1)
-
- expire_time = proto.Field(proto.MESSAGE, number=3, message=timestamp.Timestamp,)
+ access_token = proto.Field(proto.STRING, number=1,)
+ expire_time = proto.Field(proto.MESSAGE, number=3, message=timestamp_pb2.Timestamp,)
class SignBlobRequest(proto.Message):
r"""
-
Attributes:
name (str):
Required. The resource name of the service account for which
@@ -128,16 +118,13 @@ class SignBlobRequest(proto.Message):
Required. The bytes to sign.
"""
- name = proto.Field(proto.STRING, number=1)
-
- delegates = proto.RepeatedField(proto.STRING, number=3)
-
- payload = proto.Field(proto.BYTES, number=5)
+ name = proto.Field(proto.STRING, number=1,)
+ delegates = proto.RepeatedField(proto.STRING, number=3,)
+ payload = proto.Field(proto.BYTES, number=5,)
class SignBlobResponse(proto.Message):
r"""
-
Attributes:
key_id (str):
The ID of the key used to sign the blob.
@@ -145,14 +132,12 @@ class SignBlobResponse(proto.Message):
The signed blob.
"""
- key_id = proto.Field(proto.STRING, number=1)
-
- signed_blob = proto.Field(proto.BYTES, number=4)
+ key_id = proto.Field(proto.STRING, number=1,)
+ signed_blob = proto.Field(proto.BYTES, number=4,)
class SignJwtRequest(proto.Message):
r"""
-
Attributes:
name (str):
Required. The resource name of the service account for which
@@ -179,16 +164,13 @@ class SignJwtRequest(proto.Message):
object that contains a JWT Claims Set.
"""
- name = proto.Field(proto.STRING, number=1)
-
- delegates = proto.RepeatedField(proto.STRING, number=3)
-
- payload = proto.Field(proto.STRING, number=5)
+ name = proto.Field(proto.STRING, number=1,)
+ delegates = proto.RepeatedField(proto.STRING, number=3,)
+ payload = proto.Field(proto.STRING, number=5,)
class SignJwtResponse(proto.Message):
r"""
-
Attributes:
key_id (str):
The ID of the key used to sign the JWT.
@@ -196,14 +178,12 @@ class SignJwtResponse(proto.Message):
The signed JWT.
"""
- key_id = proto.Field(proto.STRING, number=1)
-
- signed_jwt = proto.Field(proto.STRING, number=2)
+ key_id = proto.Field(proto.STRING, number=1,)
+ signed_jwt = proto.Field(proto.STRING, number=2,)
class GenerateIdTokenRequest(proto.Message):
r"""
-
Attributes:
name (str):
Required. The resource name of the service account for which
@@ -235,24 +215,20 @@ class GenerateIdTokenRequest(proto.Message):
``email_verified`` claims.
"""
- name = proto.Field(proto.STRING, number=1)
-
- delegates = proto.RepeatedField(proto.STRING, number=2)
-
- audience = proto.Field(proto.STRING, number=3)
-
- include_email = proto.Field(proto.BOOL, number=4)
+ name = proto.Field(proto.STRING, number=1,)
+ delegates = proto.RepeatedField(proto.STRING, number=2,)
+ audience = proto.Field(proto.STRING, number=3,)
+ include_email = proto.Field(proto.BOOL, number=4,)
class GenerateIdTokenResponse(proto.Message):
r"""
-
Attributes:
token (str):
The OpenId Connect ID token.
"""
- token = proto.Field(proto.STRING, number=1)
+ token = proto.Field(proto.STRING, number=1,)
__all__ = tuple(sorted(__protobuf__.manifest))
diff --git a/google/cloud/iam_credentials_v1/types/iamcredentials.py b/google/cloud/iam_credentials_v1/types/iamcredentials.py
index 64cd49a..37adbe2 100644
--- a/google/cloud/iam_credentials_v1/types/iamcredentials.py
+++ b/google/cloud/iam_credentials_v1/types/iamcredentials.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/noxfile.py b/noxfile.py
index a4884a0..94ee6a8 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -18,6 +18,7 @@
from __future__ import absolute_import
import os
+import pathlib
import shutil
import nox
@@ -30,6 +31,22 @@
SYSTEM_TEST_PYTHON_VERSIONS = ["3.8"]
UNIT_TEST_PYTHON_VERSIONS = ["3.6", "3.7", "3.8", "3.9"]
+CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute()
+
+# 'docfx' is excluded since it only needs to run in 'docs-presubmit'
+nox.options.sessions = [
+ "unit",
+ "system",
+ "cover",
+ "lint",
+ "lint_setup_py",
+ "blacken",
+ "docs",
+]
+
+# Error if a python version is missing
+nox.options.error_on_missing_interpreters = True
+
@nox.session(python=DEFAULT_PYTHON_VERSION)
def lint(session):
@@ -45,16 +62,9 @@ def lint(session):
session.run("flake8", "google", "tests")
-@nox.session(python="3.6")
+@nox.session(python=DEFAULT_PYTHON_VERSION)
def blacken(session):
- """Run black.
-
- Format code to uniform standard.
-
- This currently uses Python 3.6 due to the automated Kokoro run of synthtool.
- That run uses an image that doesn't have 3.6 installed. Before updating this
- check the state of the `gcp_ubuntu_config` we use for that Kokoro run.
- """
+ """Run black. Format code to uniform standard."""
session.install(BLACK_VERSION)
session.run(
"black", *BLACK_PATHS,
@@ -70,17 +80,21 @@ def lint_setup_py(session):
def default(session):
# Install all test dependencies, then install this package in-place.
- session.install("asyncmock", "pytest-asyncio")
- session.install(
- "mock", "pytest", "pytest-cov",
+ constraints_path = str(
+ CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt"
)
- session.install("-e", ".")
+ session.install("asyncmock", "pytest-asyncio", "-c", constraints_path)
+
+ session.install("mock", "pytest", "pytest-cov", "-c", constraints_path)
+
+ session.install("-e", ".", "-c", constraints_path)
# Run py.test against the unit tests.
session.run(
"py.test",
"--quiet",
+ f"--junitxml=unit_{session.python}_sponge_log.xml",
"--cov=google/cloud",
"--cov=tests/unit",
"--cov-append",
@@ -101,15 +115,18 @@ def unit(session):
@nox.session(python=SYSTEM_TEST_PYTHON_VERSIONS)
def system(session):
"""Run the system test suite."""
+ constraints_path = str(
+ CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt"
+ )
system_test_path = os.path.join("tests", "system.py")
system_test_folder_path = os.path.join("tests", "system")
# Check the value of `RUN_SYSTEM_TESTS` env var. It defaults to true.
if os.environ.get("RUN_SYSTEM_TESTS", "true") == "false":
session.skip("RUN_SYSTEM_TESTS is set to false, skipping")
- # Sanity check: Only run tests if the environment variable is set.
- if not os.environ.get("GOOGLE_APPLICATION_CREDENTIALS", ""):
- session.skip("Credentials must be set via environment variable")
+ # Install pyopenssl for mTLS testing.
+ if os.environ.get("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") == "true":
+ session.install("pyopenssl")
system_test_exists = os.path.exists(system_test_path)
system_test_folder_exists = os.path.exists(system_test_folder_path)
@@ -122,16 +139,26 @@ def system(session):
# Install all test dependencies, then install this package into the
# virtualenv's dist-packages.
- session.install(
- "mock", "pytest", "google-cloud-testutils",
- )
- session.install("-e", ".")
+ session.install("mock", "pytest", "google-cloud-testutils", "-c", constraints_path)
+ session.install("-e", ".", "-c", constraints_path)
# Run py.test against the system tests.
if system_test_exists:
- session.run("py.test", "--quiet", system_test_path, *session.posargs)
+ session.run(
+ "py.test",
+ "--quiet",
+ f"--junitxml=system_{session.python}_sponge_log.xml",
+ system_test_path,
+ *session.posargs,
+ )
if system_test_folder_exists:
- session.run("py.test", "--quiet", system_test_folder_path, *session.posargs)
+ session.run(
+ "py.test",
+ "--quiet",
+ f"--junitxml=system_{session.python}_sponge_log.xml",
+ system_test_folder_path,
+ *session.posargs,
+ )
@nox.session(python=DEFAULT_PYTHON_VERSION)
@@ -152,7 +179,7 @@ def docs(session):
"""Build the docs for this library."""
session.install("-e", ".")
- session.install("sphinx<3.0.0", "alabaster", "recommonmark")
+ session.install("sphinx==4.0.1", "alabaster", "recommonmark")
shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True)
session.run(
@@ -174,9 +201,9 @@ def docfx(session):
"""Build the docfx yaml files for this library."""
session.install("-e", ".")
- # sphinx-docfx-yaml supports up to sphinx version 1.5.5.
- # https://github.com/docascode/sphinx-docfx-yaml/issues/97
- session.install("sphinx==1.5.5", "alabaster", "recommonmark", "sphinx-docfx-yaml")
+ session.install(
+ "sphinx==4.0.1", "alabaster", "recommonmark", "gcp-sphinx-docfx-yaml"
+ )
shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True)
session.run(
diff --git a/owlbot.py b/owlbot.py
new file mode 100644
index 0000000..283c069
--- /dev/null
+++ b/owlbot.py
@@ -0,0 +1,80 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""This script is used to synthesize generated parts of this library."""
+
+import synthtool as s
+from synthtool import gcp
+
+common = gcp.CommonTemplates()
+
+default_version = "v1"
+
+for library in s.get_staging_dirs(default_version):
+ if library.name =="v1":
+ # Fix namespace
+ s.replace(
+ library / "google/iam/**/*.py",
+ "google.iam.credentials_v1",
+ "google.cloud.iam_credentials_v1",
+ )
+ s.replace(
+ library / "tests/unit/gapic/**/*.py",
+ "google.iam.credentials_v1",
+ "google.cloud.iam_credentials_v1",
+ )
+ s.replace(
+ library / "docs/**/*.rst",
+ "google.iam.credentials_v1",
+ "google.cloud.iam_credentials_v1",
+ )
+
+ # Rename package to `google-cloud-iam`
+ s.replace(
+ [library / "**/*.rst", library / "*/**/*.py", library / "**/*.md"],
+ "google-iam-credentials",
+ "google-cloud-iam"
+ )
+
+ # Comment out broken assertion in unit test
+ # https://github.com/googleapis/gapic-generator-python/issues/897
+ s.replace(
+ library / "tests/**/*.py",
+ "assert args\[0\]\.lifetime == duration_pb2\.Duration\(seconds=751\)",
+ "# assert args[0].lifetime == duration_pb2.Duration(seconds=751)"
+ )
+
+ s.move(library / "google/iam/credentials/", "google/cloud/iam_credentials")
+ s.move(library / "google/iam/credentials_v1", "google/cloud/iam_credentials_v1")
+ s.move(library / "tests")
+ s.move(library / "scripts")
+ s.move(library / "docs", excludes=["index.rst"])
+ s.move(library / "google/cloud/iam_credentials_v1/proto")
+
+s.remove_staging_dirs()
+
+# ----------------------------------------------------------------------------
+# Add templated files
+# ----------------------------------------------------------------------------
+templated_files = common.py_library(
+ samples=False, # set to True only if there are samples
+ microgenerator=True,
+ cov_level=99,
+)
+s.move(templated_files, excludes=[".coveragerc"]) # microgenerator has a good .coveragerc file
+
+# TODO(busunkim): Use latest sphinx after microgenerator transition
+s.replace("noxfile.py", """['"]sphinx['"]""", '"sphinx<3.0.0"')
+
+s.shell.run(["nox", "-s", "blacken"], hide_output=False)
diff --git a/renovate.json b/renovate.json
index 4fa9493..c048955 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,5 +1,9 @@
{
"extends": [
"config:base", ":preserveSemverRanges"
- ]
+ ],
+ "ignorePaths": [".pre-commit-config.yaml"],
+ "pip_requirements": {
+ "fileMatch": ["requirements-test.txt", "samples/[\\S/]*constraints.txt", "samples/[\\S/]*constraints-test.txt"]
+ }
}
diff --git a/scripts/fixup_credentials_v1_keywords.py b/scripts/fixup_credentials_v1_keywords.py
index 128e8d3..f9e0141 100644
--- a/scripts/fixup_credentials_v1_keywords.py
+++ b/scripts/fixup_credentials_v1_keywords.py
@@ -1,6 +1,5 @@
#! /usr/bin/env python3
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,19 +14,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
import argparse
import os
+import libcst as cst
import pathlib
import sys
from typing import (Any, Callable, Dict, List, Sequence, Tuple)
-try:
- import libcst as cst
-except ImportError:
- print("*** Could not import libcst! Did you install the google-cloud-iam package with the `[fixup]` extra?")
- raise
-
def partition(
predicate: Callable[[Any], bool],
@@ -46,11 +39,10 @@ def partition(
class credentialsCallTransformer(cst.CSTTransformer):
CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata')
METHOD_TO_PARAMS: Dict[str, Tuple[str]] = {
- 'generate_access_token': ('name', 'scope', 'delegates', 'lifetime', ),
- 'generate_id_token': ('name', 'audience', 'delegates', 'include_email', ),
- 'sign_blob': ('name', 'payload', 'delegates', ),
- 'sign_jwt': ('name', 'payload', 'delegates', ),
-
+ 'generate_access_token': ('name', 'scope', 'delegates', 'lifetime', ),
+ 'generate_id_token': ('name', 'audience', 'delegates', 'include_email', ),
+ 'sign_blob': ('name', 'payload', 'delegates', ),
+ 'sign_jwt': ('name', 'payload', 'delegates', ),
}
def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode:
@@ -81,7 +73,7 @@ def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode:
value=cst.Dict([
cst.DictElement(
cst.SimpleString("'{}'".format(name)),
- cst.Element(value=arg.value)
+cst.Element(value=arg.value)
)
# Note: the args + kwargs looks silly, but keep in mind that
# the control parameters had to be stripped out, and that
diff --git a/setup.py b/setup.py
index b37923d..ff25091 100644
--- a/setup.py
+++ b/setup.py
@@ -21,15 +21,16 @@
name = "google-cloud-iam"
description = "IAM Service Account Credentials API client library"
-version = "2.1.0"
+version = "2.2.0"
# Should be one of:
# 'Development Status :: 3 - Alpha'
# 'Development Status :: 4 - Beta'
# 'Development Status :: 5 - Production/Stable'
release_status = "Development Status :: 5 - Production/Stable"
dependencies = [
- "google-api-core[grpc] >= 1.22.0, < 2.0.0dev",
+ "google-api-core[grpc] >= 1.22.2, < 2.0.0dev",
"proto-plus >= 0.4.0",
+ "packaging >= 14.3",
]
package_root = os.path.abspath(os.path.dirname(__file__))
diff --git a/synth.metadata b/synth.metadata
deleted file mode 100644
index d684b50..0000000
--- a/synth.metadata
+++ /dev/null
@@ -1,128 +0,0 @@
-{
- "sources": [
- {
- "git": {
- "name": ".",
- "remote": "https://github.com/googleapis/python-iam.git",
- "sha": "197a016688157a2b5350c612694a87b682009c8a"
- }
- },
- {
- "git": {
- "name": "googleapis",
- "remote": "https://github.com/googleapis/googleapis.git",
- "sha": "520682435235d9c503983a360a2090025aa47cd1",
- "internalRef": "350246057"
- }
- },
- {
- "git": {
- "name": "synthtool",
- "remote": "https://github.com/googleapis/synthtool.git",
- "sha": "373861061648b5fe5e0ac4f8a38b32d639ee93e4"
- }
- }
- ],
- "destinations": [
- {
- "client": {
- "source": "googleapis",
- "apiName": "iam_credentials",
- "apiVersion": "v1",
- "language": "python",
- "generator": "bazel"
- }
- }
- ],
- "generatedFiles": [
- ".flake8",
- ".github/CONTRIBUTING.md",
- ".github/ISSUE_TEMPLATE/bug_report.md",
- ".github/ISSUE_TEMPLATE/feature_request.md",
- ".github/ISSUE_TEMPLATE/support_request.md",
- ".github/PULL_REQUEST_TEMPLATE.md",
- ".github/release-please.yml",
- ".github/snippet-bot.yml",
- ".gitignore",
- ".kokoro/build.sh",
- ".kokoro/continuous/common.cfg",
- ".kokoro/continuous/continuous.cfg",
- ".kokoro/docker/docs/Dockerfile",
- ".kokoro/docker/docs/fetch_gpg_keys.sh",
- ".kokoro/docs/common.cfg",
- ".kokoro/docs/docs-presubmit.cfg",
- ".kokoro/docs/docs.cfg",
- ".kokoro/populate-secrets.sh",
- ".kokoro/presubmit/common.cfg",
- ".kokoro/presubmit/presubmit.cfg",
- ".kokoro/publish-docs.sh",
- ".kokoro/release.sh",
- ".kokoro/release/common.cfg",
- ".kokoro/release/release.cfg",
- ".kokoro/samples/lint/common.cfg",
- ".kokoro/samples/lint/continuous.cfg",
- ".kokoro/samples/lint/periodic.cfg",
- ".kokoro/samples/lint/presubmit.cfg",
- ".kokoro/samples/python3.6/common.cfg",
- ".kokoro/samples/python3.6/continuous.cfg",
- ".kokoro/samples/python3.6/periodic.cfg",
- ".kokoro/samples/python3.6/presubmit.cfg",
- ".kokoro/samples/python3.7/common.cfg",
- ".kokoro/samples/python3.7/continuous.cfg",
- ".kokoro/samples/python3.7/periodic.cfg",
- ".kokoro/samples/python3.7/presubmit.cfg",
- ".kokoro/samples/python3.8/common.cfg",
- ".kokoro/samples/python3.8/continuous.cfg",
- ".kokoro/samples/python3.8/periodic.cfg",
- ".kokoro/samples/python3.8/presubmit.cfg",
- ".kokoro/test-samples.sh",
- ".kokoro/trampoline.sh",
- ".kokoro/trampoline_v2.sh",
- ".pre-commit-config.yaml",
- ".trampolinerc",
- "CODE_OF_CONDUCT.md",
- "CONTRIBUTING.rst",
- "LICENSE",
- "MANIFEST.in",
- "docs/_static/custom.css",
- "docs/_templates/layout.html",
- "docs/conf.py",
- "docs/credentials_v1/iam_credentials.rst",
- "docs/credentials_v1/services.rst",
- "docs/credentials_v1/types.rst",
- "docs/multiprocessing.rst",
- "google/cloud/iam_credentials/__init__.py",
- "google/cloud/iam_credentials/py.typed",
- "google/cloud/iam_credentials_v1/__init__.py",
- "google/cloud/iam_credentials_v1/proto/common.proto",
- "google/cloud/iam_credentials_v1/proto/iamcredentials.proto",
- "google/cloud/iam_credentials_v1/py.typed",
- "google/cloud/iam_credentials_v1/services/__init__.py",
- "google/cloud/iam_credentials_v1/services/iam_credentials/__init__.py",
- "google/cloud/iam_credentials_v1/services/iam_credentials/async_client.py",
- "google/cloud/iam_credentials_v1/services/iam_credentials/client.py",
- "google/cloud/iam_credentials_v1/services/iam_credentials/transports/__init__.py",
- "google/cloud/iam_credentials_v1/services/iam_credentials/transports/base.py",
- "google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc.py",
- "google/cloud/iam_credentials_v1/services/iam_credentials/transports/grpc_asyncio.py",
- "google/cloud/iam_credentials_v1/types/__init__.py",
- "google/cloud/iam_credentials_v1/types/common.py",
- "google/cloud/iam_credentials_v1/types/iamcredentials.py",
- "noxfile.py",
- "renovate.json",
- "samples/AUTHORING_GUIDE.md",
- "samples/CONTRIBUTING.md",
- "scripts/decrypt-secrets.sh",
- "scripts/fixup_credentials_v1_keywords.py",
- "scripts/readme-gen/readme_gen.py",
- "scripts/readme-gen/templates/README.tmpl.rst",
- "scripts/readme-gen/templates/auth.tmpl.rst",
- "scripts/readme-gen/templates/auth_api_key.tmpl.rst",
- "scripts/readme-gen/templates/install_deps.tmpl.rst",
- "scripts/readme-gen/templates/install_portaudio.tmpl.rst",
- "setup.cfg",
- "testing/.gitignore",
- "tests/unit/gapic/credentials_v1/__init__.py",
- "tests/unit/gapic/credentials_v1/test_iam_credentials.py"
- ]
-}
\ No newline at end of file
diff --git a/synth.py b/synth.py
deleted file mode 100644
index 9322c45..0000000
--- a/synth.py
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 2018 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""This script is used to synthesize generated parts of this library."""
-
-import synthtool as s
-from synthtool import gcp
-
-gapic = gcp.GAPICBazel()
-common = gcp.CommonTemplates()
-
-# ----------------------------------------------------------------------------
-# Generate automl GAPIC layer
-# ----------------------------------------------------------------------------
-library = gapic.py_library(
- service="iam_credentials",
- version="v1",
- bazel_target="//google/iam/credentials/v1:iam-credentials-v1-py",
- include_protos=True,
-)
-
-s.move(library / "google/cloud/iam_credentials_v1/proto")
-s.move(library / "google/iam/credentials/", "google/cloud/iam_credentials")
-s.move(library / "google/iam/credentials_v1", "google/cloud/iam_credentials_v1")
-s.move(library / "tests")
-s.move(library / "scripts")
-s.move(library / "docs", excludes=[library / "docs/index.rst"])
-
-# Fix namespace
-s.replace(
- "google/cloud/**/*.py",
- "google.iam.credentials_v1",
- "google.cloud.iam_credentials_v1",
-)
-s.replace(
- "tests/unit/gapic/**/*.py",
- "google.iam.credentials_v1",
- "google.cloud.iam_credentials_v1",
-)
-s.replace(
- "docs/**/*.rst",
- "google.iam.credentials_v1",
- "google.cloud.iam_credentials_v1",
-)
-
-# Rename package to `google-cloud-build`
-s.replace(
- ["**/*.rst", "*/**/*.py", "**/*.md"],
- "google-iam-credentials",
- "google-cloud-iam"
-)
-
-# ----------------------------------------------------------------------------
-# Add templated files
-# ----------------------------------------------------------------------------
-templated_files = common.py_library(
- samples=False, # set to True only if there are samples
- microgenerator=True,
- cov_level=99,
-)
-s.move(templated_files, excludes=[".coveragerc"]) # microgenerator has a good .coveragerc file
-
-s.replace(
- "noxfile.py",
- "google.cloud.iam",
- "google.cloud.iam_credentials_v1",
-)
-
-# TODO(busunkim): Use latest sphinx after microgenerator transition
-s.replace("noxfile.py", """['"]sphinx['"]""", '"sphinx<3.0.0"')
-
-s.shell.run(["nox", "-s", "blacken"], hide_output=False)
diff --git a/testing/constraints-3.10.txt b/testing/constraints-3.10.txt
new file mode 100644
index 0000000..e69de29
diff --git a/testing/constraints-3.11.txt b/testing/constraints-3.11.txt
new file mode 100644
index 0000000..e69de29
diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt
new file mode 100644
index 0000000..61870e6
--- /dev/null
+++ b/testing/constraints-3.6.txt
@@ -0,0 +1,11 @@
+# This constraints file is used to check that lower bounds
+# are correct in setup.py
+# List *all* library dependencies and extras in this file.
+# Pin the version to the lower bound.
+#
+# e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev",
+# Then this file should have foo==1.14.0
+google-api-core==1.22.2
+proto-plus==0.4.0
+packaging==14.3
+google-auth==1.24.0 # TODO: remove when google-api-core>=1.25.0 is required transitively through google-api-core
diff --git a/testing/constraints-3.7.txt b/testing/constraints-3.7.txt
new file mode 100644
index 0000000..e69de29
diff --git a/testing/constraints-3.8.txt b/testing/constraints-3.8.txt
new file mode 100644
index 0000000..e69de29
diff --git a/testing/constraints-3.9.txt b/testing/constraints-3.9.txt
new file mode 100644
index 0000000..e69de29
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 0000000..4de6597
--- /dev/null
+++ b/tests/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/__init__.py b/tests/unit/__init__.py
new file mode 100644
index 0000000..4de6597
--- /dev/null
+++ b/tests/unit/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/gapic/__init__.py b/tests/unit/gapic/__init__.py
new file mode 100644
index 0000000..4de6597
--- /dev/null
+++ b/tests/unit/gapic/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/gapic/credentials_v1/__init__.py b/tests/unit/gapic/credentials_v1/__init__.py
index 8b13789..4de6597 100644
--- a/tests/unit/gapic/credentials_v1/__init__.py
+++ b/tests/unit/gapic/credentials_v1/__init__.py
@@ -1 +1,15 @@
-
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/gapic/credentials_v1/test_iam_credentials.py b/tests/unit/gapic/credentials_v1/test_iam_credentials.py
index ede64da..de36a81 100644
--- a/tests/unit/gapic/credentials_v1/test_iam_credentials.py
+++ b/tests/unit/gapic/credentials_v1/test_iam_credentials.py
@@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
-
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,9 +13,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-
import os
import mock
+import packaging.version
import grpc
from grpc.experimental import aio
@@ -24,13 +23,13 @@
import pytest
from proto.marshal.rules.dates import DurationRule, TimestampRule
-from google import auth
+
from google.api_core import client_options
-from google.api_core import exceptions
+from google.api_core import exceptions as core_exceptions
from google.api_core import gapic_v1
from google.api_core import grpc_helpers
from google.api_core import grpc_helpers_async
-from google.auth import credentials
+from google.auth import credentials as ga_credentials
from google.auth.exceptions import MutualTLSChannelError
from google.cloud.iam_credentials_v1.services.iam_credentials import (
IAMCredentialsAsyncClient,
@@ -39,10 +38,40 @@
IAMCredentialsClient,
)
from google.cloud.iam_credentials_v1.services.iam_credentials import transports
+from google.cloud.iam_credentials_v1.services.iam_credentials.transports.base import (
+ _API_CORE_VERSION,
+)
+from google.cloud.iam_credentials_v1.services.iam_credentials.transports.base import (
+ _GOOGLE_AUTH_VERSION,
+)
from google.cloud.iam_credentials_v1.types import common
from google.oauth2 import service_account
-from google.protobuf import duration_pb2 as duration # type: ignore
-from google.protobuf import timestamp_pb2 as timestamp # type: ignore
+from google.protobuf import duration_pb2 # type: ignore
+from google.protobuf import timestamp_pb2 # type: ignore
+import google.auth
+
+
+# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
+# - Delete all the api-core and auth "less than" test cases
+# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
+requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth < 1.25.0",
+)
+requires_google_auth_gte_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth >= 1.25.0",
+)
+
+requires_api_core_lt_1_26_0 = pytest.mark.skipif(
+ packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
+ reason="This test requires google-api-core < 1.26.0",
+)
+
+requires_api_core_gte_1_26_0 = pytest.mark.skipif(
+ packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
+ reason="This test requires google-api-core >= 1.26.0",
+)
def client_cert_source_callback():
@@ -89,15 +118,19 @@ def test__get_default_mtls_endpoint():
)
-def test_iam_credentials_client_from_service_account_info():
- creds = credentials.AnonymousCredentials()
+@pytest.mark.parametrize(
+ "client_class", [IAMCredentialsClient, IAMCredentialsAsyncClient,]
+)
+def test_iam_credentials_client_from_service_account_info(client_class):
+ creds = ga_credentials.AnonymousCredentials()
with mock.patch.object(
service_account.Credentials, "from_service_account_info"
) as factory:
factory.return_value = creds
info = {"valid": True}
- client = IAMCredentialsClient.from_service_account_info(info)
+ client = client_class.from_service_account_info(info)
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
assert client.transport._host == "iamcredentials.googleapis.com:443"
@@ -106,16 +139,18 @@ def test_iam_credentials_client_from_service_account_info():
"client_class", [IAMCredentialsClient, IAMCredentialsAsyncClient,]
)
def test_iam_credentials_client_from_service_account_file(client_class):
- creds = credentials.AnonymousCredentials()
+ creds = ga_credentials.AnonymousCredentials()
with mock.patch.object(
service_account.Credentials, "from_service_account_file"
) as factory:
factory.return_value = creds
client = client_class.from_service_account_file("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
client = client_class.from_service_account_json("dummy/file/path.json")
assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
assert client.transport._host == "iamcredentials.googleapis.com:443"
@@ -157,7 +192,7 @@ def test_iam_credentials_client_client_options(
):
# Check that if channel is provided we won't create a new one.
with mock.patch.object(IAMCredentialsClient, "get_transport_class") as gtc:
- transport = transport_class(credentials=credentials.AnonymousCredentials())
+ transport = transport_class(credentials=ga_credentials.AnonymousCredentials())
client = client_class(transport=transport)
gtc.assert_not_called()
@@ -176,7 +211,7 @@ def test_iam_credentials_client_client_options(
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -192,7 +227,7 @@ def test_iam_credentials_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -208,7 +243,7 @@ def test_iam_credentials_client_client_options(
credentials_file=None,
host=client.DEFAULT_MTLS_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -236,7 +271,7 @@ def test_iam_credentials_client_client_options(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id="octopus",
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -287,29 +322,25 @@ def test_iam_credentials_client_mtls_env_auto(
client_cert_source=client_cert_source_callback
)
with mock.patch.object(transport_class, "__init__") as patched:
- ssl_channel_creds = mock.Mock()
- with mock.patch(
- "grpc.ssl_channel_credentials", return_value=ssl_channel_creds
- ):
- patched.return_value = None
- client = client_class(client_options=options)
+ patched.return_value = None
+ client = client_class(client_options=options)
- if use_client_cert_env == "false":
- expected_ssl_channel_creds = None
- expected_host = client.DEFAULT_ENDPOINT
- else:
- expected_ssl_channel_creds = ssl_channel_creds
- expected_host = client.DEFAULT_MTLS_ENDPOINT
+ if use_client_cert_env == "false":
+ expected_client_cert_source = None
+ expected_host = client.DEFAULT_ENDPOINT
+ else:
+ expected_client_cert_source = client_cert_source_callback
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
# Check the case ADC client cert is provided. Whether client cert is used depends on
# GOOGLE_API_USE_CLIENT_CERTIFICATE value.
@@ -318,66 +349,53 @@ def test_iam_credentials_client_mtls_env_auto(
):
with mock.patch.object(transport_class, "__init__") as patched:
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=True,
):
with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.ssl_credentials",
- new_callable=mock.PropertyMock,
- ) as ssl_credentials_mock:
- if use_client_cert_env == "false":
- is_mtls_mock.return_value = False
- ssl_credentials_mock.return_value = None
- expected_host = client.DEFAULT_ENDPOINT
- expected_ssl_channel_creds = None
- else:
- is_mtls_mock.return_value = True
- ssl_credentials_mock.return_value = mock.Mock()
- expected_host = client.DEFAULT_MTLS_ENDPOINT
- expected_ssl_channel_creds = (
- ssl_credentials_mock.return_value
- )
-
- patched.return_value = None
- client = client_class()
- patched.assert_called_once_with(
- credentials=None,
- credentials_file=None,
- host=expected_host,
- scopes=None,
- ssl_channel_credentials=expected_ssl_channel_creds,
- quota_project_id=None,
- client_info=transports.base.DEFAULT_CLIENT_INFO,
- )
+ "google.auth.transport.mtls.default_client_cert_source",
+ return_value=client_cert_source_callback,
+ ):
+ if use_client_cert_env == "false":
+ expected_host = client.DEFAULT_ENDPOINT
+ expected_client_cert_source = None
+ else:
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+ expected_client_cert_source = client_cert_source_callback
- # Check the case client_cert_source and ADC client cert are not provided.
- with mock.patch.dict(
- os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
- ):
- with mock.patch.object(transport_class, "__init__") as patched:
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.__init__", return_value=None
- ):
- with mock.patch(
- "google.auth.transport.grpc.SslCredentials.is_mtls",
- new_callable=mock.PropertyMock,
- ) as is_mtls_mock:
- is_mtls_mock.return_value = False
patched.return_value = None
client = client_class()
patched.assert_called_once_with(
credentials=None,
credentials_file=None,
- host=client.DEFAULT_ENDPOINT,
+ host=expected_host,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
+ # Check the case client_cert_source and ADC client cert are not provided.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=False,
+ ):
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ )
+
@pytest.mark.parametrize(
"client_class,transport_class,transport_name",
@@ -403,7 +421,7 @@ def test_iam_credentials_client_client_options_scopes(
credentials_file=None,
host=client.DEFAULT_ENDPOINT,
scopes=["1", "2"],
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -433,7 +451,7 @@ def test_iam_credentials_client_client_options_credentials_file(
credentials_file="credentials.json",
host=client.DEFAULT_ENDPOINT,
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -452,7 +470,7 @@ def test_iam_credentials_client_client_options_from_dict():
credentials_file=None,
host="squid.clam.whelk",
scopes=None,
- ssl_channel_credentials=None,
+ client_cert_source_for_mtls=None,
quota_project_id=None,
client_info=transports.base.DEFAULT_CLIENT_INFO,
)
@@ -462,7 +480,7 @@ def test_generate_access_token(
transport: str = "grpc", request_type=common.GenerateAccessTokenRequest
):
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -477,19 +495,15 @@ def test_generate_access_token(
call.return_value = common.GenerateAccessTokenResponse(
access_token="access_token_value",
)
-
response = client.generate_access_token(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.GenerateAccessTokenRequest()
# Establish that the response is the type that we expect.
-
assert isinstance(response, common.GenerateAccessTokenResponse)
-
assert response.access_token == "access_token_value"
@@ -497,12 +511,29 @@ def test_generate_access_token_from_dict():
test_generate_access_token(request_type=dict)
+def test_generate_access_token_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = IAMCredentialsClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.generate_access_token), "__call__"
+ ) as call:
+ client.generate_access_token()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == common.GenerateAccessTokenRequest()
+
+
@pytest.mark.asyncio
async def test_generate_access_token_async(
transport: str = "grpc_asyncio", request_type=common.GenerateAccessTokenRequest
):
client = IAMCredentialsAsyncClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -517,18 +548,15 @@ async def test_generate_access_token_async(
call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
common.GenerateAccessTokenResponse(access_token="access_token_value",)
)
-
response = await client.generate_access_token(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.GenerateAccessTokenRequest()
# Establish that the response is the type that we expect.
assert isinstance(response, common.GenerateAccessTokenResponse)
-
assert response.access_token == "access_token_value"
@@ -538,11 +566,12 @@ async def test_generate_access_token_async_from_dict():
def test_generate_access_token_field_headers():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.GenerateAccessTokenRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
@@ -550,7 +579,6 @@ def test_generate_access_token_field_headers():
type(client.transport.generate_access_token), "__call__"
) as call:
call.return_value = common.GenerateAccessTokenResponse()
-
client.generate_access_token(request)
# Establish that the underlying gRPC stub method was called.
@@ -565,11 +593,14 @@ def test_generate_access_token_field_headers():
@pytest.mark.asyncio
async def test_generate_access_token_field_headers_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.GenerateAccessTokenRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
@@ -579,7 +610,6 @@ async def test_generate_access_token_field_headers_async():
call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
common.GenerateAccessTokenResponse()
)
-
await client.generate_access_token(request)
# Establish that the underlying gRPC stub method was called.
@@ -593,7 +623,7 @@ async def test_generate_access_token_field_headers_async():
def test_generate_access_token_flattened():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(
@@ -601,34 +631,27 @@ def test_generate_access_token_flattened():
) as call:
# Designate an appropriate return value for the call.
call.return_value = common.GenerateAccessTokenResponse()
-
# Call the method with a truthy value for each flattened field,
# using the keyword arguments to the method.
client.generate_access_token(
name="name_value",
delegates=["delegates_value"],
scope=["scope_value"],
- lifetime=duration.Duration(seconds=751),
+ lifetime=duration_pb2.Duration(seconds=751),
)
# Establish that the underlying call was made with the expected
# request object values.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].scope == ["scope_value"]
-
- assert DurationRule().to_proto(args[0].lifetime) == duration.Duration(
- seconds=751
- )
+ # assert args[0].lifetime == duration_pb2.Duration(seconds=751)
def test_generate_access_token_flattened_error():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -638,13 +661,15 @@ def test_generate_access_token_flattened_error():
name="name_value",
delegates=["delegates_value"],
scope=["scope_value"],
- lifetime=duration.Duration(seconds=751),
+ lifetime=duration_pb2.Duration(seconds=751),
)
@pytest.mark.asyncio
async def test_generate_access_token_flattened_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(
@@ -662,28 +687,24 @@ async def test_generate_access_token_flattened_async():
name="name_value",
delegates=["delegates_value"],
scope=["scope_value"],
- lifetime=duration.Duration(seconds=751),
+ lifetime=duration_pb2.Duration(seconds=751),
)
# Establish that the underlying call was made with the expected
# request object values.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].scope == ["scope_value"]
-
- assert DurationRule().to_proto(args[0].lifetime) == duration.Duration(
- seconds=751
- )
+ # assert args[0].lifetime == duration_pb2.Duration(seconds=751)
@pytest.mark.asyncio
async def test_generate_access_token_flattened_error_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -693,7 +714,7 @@ async def test_generate_access_token_flattened_error_async():
name="name_value",
delegates=["delegates_value"],
scope=["scope_value"],
- lifetime=duration.Duration(seconds=751),
+ lifetime=duration_pb2.Duration(seconds=751),
)
@@ -701,7 +722,7 @@ def test_generate_id_token(
transport: str = "grpc", request_type=common.GenerateIdTokenRequest
):
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -714,19 +735,15 @@ def test_generate_id_token(
) as call:
# Designate an appropriate return value for the call.
call.return_value = common.GenerateIdTokenResponse(token="token_value",)
-
response = client.generate_id_token(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.GenerateIdTokenRequest()
# Establish that the response is the type that we expect.
-
assert isinstance(response, common.GenerateIdTokenResponse)
-
assert response.token == "token_value"
@@ -734,12 +751,29 @@ def test_generate_id_token_from_dict():
test_generate_id_token(request_type=dict)
+def test_generate_id_token_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = IAMCredentialsClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.generate_id_token), "__call__"
+ ) as call:
+ client.generate_id_token()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == common.GenerateIdTokenRequest()
+
+
@pytest.mark.asyncio
async def test_generate_id_token_async(
transport: str = "grpc_asyncio", request_type=common.GenerateIdTokenRequest
):
client = IAMCredentialsAsyncClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -754,18 +788,15 @@ async def test_generate_id_token_async(
call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
common.GenerateIdTokenResponse(token="token_value",)
)
-
response = await client.generate_id_token(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.GenerateIdTokenRequest()
# Establish that the response is the type that we expect.
assert isinstance(response, common.GenerateIdTokenResponse)
-
assert response.token == "token_value"
@@ -775,11 +806,12 @@ async def test_generate_id_token_async_from_dict():
def test_generate_id_token_field_headers():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.GenerateIdTokenRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
@@ -787,7 +819,6 @@ def test_generate_id_token_field_headers():
type(client.transport.generate_id_token), "__call__"
) as call:
call.return_value = common.GenerateIdTokenResponse()
-
client.generate_id_token(request)
# Establish that the underlying gRPC stub method was called.
@@ -802,11 +833,14 @@ def test_generate_id_token_field_headers():
@pytest.mark.asyncio
async def test_generate_id_token_field_headers_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.GenerateIdTokenRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
@@ -816,7 +850,6 @@ async def test_generate_id_token_field_headers_async():
call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
common.GenerateIdTokenResponse()
)
-
await client.generate_id_token(request)
# Establish that the underlying gRPC stub method was called.
@@ -830,7 +863,7 @@ async def test_generate_id_token_field_headers_async():
def test_generate_id_token_flattened():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(
@@ -838,7 +871,6 @@ def test_generate_id_token_flattened():
) as call:
# Designate an appropriate return value for the call.
call.return_value = common.GenerateIdTokenResponse()
-
# Call the method with a truthy value for each flattened field,
# using the keyword arguments to the method.
client.generate_id_token(
@@ -852,18 +884,14 @@ def test_generate_id_token_flattened():
# request object values.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].audience == "audience_value"
-
assert args[0].include_email == True
def test_generate_id_token_flattened_error():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -879,7 +907,9 @@ def test_generate_id_token_flattened_error():
@pytest.mark.asyncio
async def test_generate_id_token_flattened_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(
@@ -904,19 +934,17 @@ async def test_generate_id_token_flattened_async():
# request object values.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].audience == "audience_value"
-
assert args[0].include_email == True
@pytest.mark.asyncio
async def test_generate_id_token_flattened_error_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -932,7 +960,7 @@ async def test_generate_id_token_flattened_error_async():
def test_sign_blob(transport: str = "grpc", request_type=common.SignBlobRequest):
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -945,21 +973,16 @@ def test_sign_blob(transport: str = "grpc", request_type=common.SignBlobRequest)
call.return_value = common.SignBlobResponse(
key_id="key_id_value", signed_blob=b"signed_blob_blob",
)
-
response = client.sign_blob(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.SignBlobRequest()
# Establish that the response is the type that we expect.
-
assert isinstance(response, common.SignBlobResponse)
-
assert response.key_id == "key_id_value"
-
assert response.signed_blob == b"signed_blob_blob"
@@ -967,12 +990,27 @@ def test_sign_blob_from_dict():
test_sign_blob(request_type=dict)
+def test_sign_blob_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = IAMCredentialsClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.sign_blob), "__call__") as call:
+ client.sign_blob()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == common.SignBlobRequest()
+
+
@pytest.mark.asyncio
async def test_sign_blob_async(
transport: str = "grpc_asyncio", request_type=common.SignBlobRequest
):
client = IAMCredentialsAsyncClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -987,20 +1025,16 @@ async def test_sign_blob_async(
key_id="key_id_value", signed_blob=b"signed_blob_blob",
)
)
-
response = await client.sign_blob(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.SignBlobRequest()
# Establish that the response is the type that we expect.
assert isinstance(response, common.SignBlobResponse)
-
assert response.key_id == "key_id_value"
-
assert response.signed_blob == b"signed_blob_blob"
@@ -1010,17 +1044,17 @@ async def test_sign_blob_async_from_dict():
def test_sign_blob_field_headers():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.SignBlobRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(type(client.transport.sign_blob), "__call__") as call:
call.return_value = common.SignBlobResponse()
-
client.sign_blob(request)
# Establish that the underlying gRPC stub method was called.
@@ -1035,11 +1069,14 @@ def test_sign_blob_field_headers():
@pytest.mark.asyncio
async def test_sign_blob_field_headers_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.SignBlobRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
@@ -1047,7 +1084,6 @@ async def test_sign_blob_field_headers_async():
call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
common.SignBlobResponse()
)
-
await client.sign_blob(request)
# Establish that the underlying gRPC stub method was called.
@@ -1061,13 +1097,12 @@ async def test_sign_blob_field_headers_async():
def test_sign_blob_flattened():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(type(client.transport.sign_blob), "__call__") as call:
# Designate an appropriate return value for the call.
call.return_value = common.SignBlobResponse()
-
# Call the method with a truthy value for each flattened field,
# using the keyword arguments to the method.
client.sign_blob(
@@ -1078,16 +1113,13 @@ def test_sign_blob_flattened():
# request object values.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].payload == b"payload_blob"
def test_sign_blob_flattened_error():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -1102,7 +1134,9 @@ def test_sign_blob_flattened_error():
@pytest.mark.asyncio
async def test_sign_blob_flattened_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(type(client.transport.sign_blob), "__call__") as call:
@@ -1122,17 +1156,16 @@ async def test_sign_blob_flattened_async():
# request object values.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].payload == b"payload_blob"
@pytest.mark.asyncio
async def test_sign_blob_flattened_error_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -1147,7 +1180,7 @@ async def test_sign_blob_flattened_error_async():
def test_sign_jwt(transport: str = "grpc", request_type=common.SignJwtRequest):
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -1160,21 +1193,16 @@ def test_sign_jwt(transport: str = "grpc", request_type=common.SignJwtRequest):
call.return_value = common.SignJwtResponse(
key_id="key_id_value", signed_jwt="signed_jwt_value",
)
-
response = client.sign_jwt(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.SignJwtRequest()
# Establish that the response is the type that we expect.
-
assert isinstance(response, common.SignJwtResponse)
-
assert response.key_id == "key_id_value"
-
assert response.signed_jwt == "signed_jwt_value"
@@ -1182,12 +1210,27 @@ def test_sign_jwt_from_dict():
test_sign_jwt(request_type=dict)
+def test_sign_jwt_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = IAMCredentialsClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call:
+ client.sign_jwt()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == common.SignJwtRequest()
+
+
@pytest.mark.asyncio
async def test_sign_jwt_async(
transport: str = "grpc_asyncio", request_type=common.SignJwtRequest
):
client = IAMCredentialsAsyncClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# Everything is optional in proto3 as far as the runtime is concerned,
@@ -1202,20 +1245,16 @@ async def test_sign_jwt_async(
key_id="key_id_value", signed_jwt="signed_jwt_value",
)
)
-
response = await client.sign_jwt(request)
# Establish that the underlying gRPC stub method was called.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0] == common.SignJwtRequest()
# Establish that the response is the type that we expect.
assert isinstance(response, common.SignJwtResponse)
-
assert response.key_id == "key_id_value"
-
assert response.signed_jwt == "signed_jwt_value"
@@ -1225,17 +1264,17 @@ async def test_sign_jwt_async_from_dict():
def test_sign_jwt_field_headers():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.SignJwtRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call:
call.return_value = common.SignJwtResponse()
-
client.sign_jwt(request)
# Establish that the underlying gRPC stub method was called.
@@ -1250,11 +1289,14 @@ def test_sign_jwt_field_headers():
@pytest.mark.asyncio
async def test_sign_jwt_field_headers_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Any value that is part of the HTTP/1.1 URI should be sent as
# a field header. Set these to a non-empty value.
request = common.SignJwtRequest()
+
request.name = "name/value"
# Mock the actual call within the gRPC stub, and fake the request.
@@ -1262,7 +1304,6 @@ async def test_sign_jwt_field_headers_async():
call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
common.SignJwtResponse()
)
-
await client.sign_jwt(request)
# Establish that the underlying gRPC stub method was called.
@@ -1276,13 +1317,12 @@ async def test_sign_jwt_field_headers_async():
def test_sign_jwt_flattened():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call:
# Designate an appropriate return value for the call.
call.return_value = common.SignJwtResponse()
-
# Call the method with a truthy value for each flattened field,
# using the keyword arguments to the method.
client.sign_jwt(
@@ -1293,16 +1333,13 @@ def test_sign_jwt_flattened():
# request object values.
assert len(call.mock_calls) == 1
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].payload == "payload_value"
def test_sign_jwt_flattened_error():
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -1317,7 +1354,9 @@ def test_sign_jwt_flattened_error():
@pytest.mark.asyncio
async def test_sign_jwt_flattened_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(type(client.transport.sign_jwt), "__call__") as call:
@@ -1337,17 +1376,16 @@ async def test_sign_jwt_flattened_async():
# request object values.
assert len(call.mock_calls)
_, args, _ = call.mock_calls[0]
-
assert args[0].name == "name_value"
-
assert args[0].delegates == ["delegates_value"]
-
assert args[0].payload == "payload_value"
@pytest.mark.asyncio
async def test_sign_jwt_flattened_error_async():
- client = IAMCredentialsAsyncClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsAsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
# Attempting to call a method with both a request object and flattened
# fields is an error.
@@ -1363,16 +1401,16 @@ async def test_sign_jwt_flattened_error_async():
def test_credentials_transport_error():
# It is an error to provide credentials and a transport instance.
transport = transports.IAMCredentialsGrpcTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
)
with pytest.raises(ValueError):
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(), transport=transport,
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
)
# It is an error to provide a credentials file and a transport instance.
transport = transports.IAMCredentialsGrpcTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
)
with pytest.raises(ValueError):
client = IAMCredentialsClient(
@@ -1382,7 +1420,7 @@ def test_credentials_transport_error():
# It is an error to provide scopes and a transport instance.
transport = transports.IAMCredentialsGrpcTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
)
with pytest.raises(ValueError):
client = IAMCredentialsClient(
@@ -1393,7 +1431,7 @@ def test_credentials_transport_error():
def test_transport_instance():
# A client may be instantiated with a custom transport instance.
transport = transports.IAMCredentialsGrpcTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
)
client = IAMCredentialsClient(transport=transport)
assert client.transport is transport
@@ -1402,13 +1440,13 @@ def test_transport_instance():
def test_transport_get_channel():
# A client may be instantiated with a custom transport instance.
transport = transports.IAMCredentialsGrpcTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
)
channel = transport.grpc_channel
assert channel
transport = transports.IAMCredentialsGrpcAsyncIOTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
)
channel = transport.grpc_channel
assert channel
@@ -1423,23 +1461,23 @@ def test_transport_get_channel():
)
def test_transport_adc(transport_class):
# Test default credentials are used if not provided.
- with mock.patch.object(auth, "default") as adc:
- adc.return_value = (credentials.AnonymousCredentials(), None)
+ with mock.patch.object(google.auth, "default") as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
transport_class()
adc.assert_called_once()
def test_transport_grpc_default():
# A client should use the gRPC transport by default.
- client = IAMCredentialsClient(credentials=credentials.AnonymousCredentials(),)
+ client = IAMCredentialsClient(credentials=ga_credentials.AnonymousCredentials(),)
assert isinstance(client.transport, transports.IAMCredentialsGrpcTransport,)
def test_iam_credentials_base_transport_error():
# Passing both a credentials object and credentials_file should raise an error
- with pytest.raises(exceptions.DuplicateCredentialArgs):
+ with pytest.raises(core_exceptions.DuplicateCredentialArgs):
transport = transports.IAMCredentialsTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
credentials_file="credentials.json",
)
@@ -1451,7 +1489,7 @@ def test_iam_credentials_base_transport():
) as Transport:
Transport.return_value = None
transport = transports.IAMCredentialsTransport(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
)
# Every method on the transport should just blindly
@@ -1467,15 +1505,37 @@ def test_iam_credentials_base_transport():
getattr(transport, method)(request=object())
+@requires_google_auth_gte_1_25_0
def test_iam_credentials_base_transport_with_credentials_file():
# Instantiate the base transport with a credentials file
with mock.patch.object(
- auth, "load_credentials_from_file"
+ google.auth, "load_credentials_from_file", autospec=True
) as load_creds, mock.patch(
"google.cloud.iam_credentials_v1.services.iam_credentials.transports.IAMCredentialsTransport._prep_wrapped_messages"
) as Transport:
Transport.return_value = None
- load_creds.return_value = (credentials.AnonymousCredentials(), None)
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.IAMCredentialsTransport(
+ credentials_file="credentials.json", quota_project_id="octopus",
+ )
+ load_creds.assert_called_once_with(
+ "credentials.json",
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_iam_credentials_base_transport_with_credentials_file_old_google_auth():
+ # Instantiate the base transport with a credentials file
+ with mock.patch.object(
+ google.auth, "load_credentials_from_file", autospec=True
+ ) as load_creds, mock.patch(
+ "google.cloud.iam_credentials_v1.services.iam_credentials.transports.IAMCredentialsTransport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
transport = transports.IAMCredentialsTransport(
credentials_file="credentials.json", quota_project_id="octopus",
)
@@ -1488,19 +1548,33 @@ def test_iam_credentials_base_transport_with_credentials_file():
def test_iam_credentials_base_transport_with_adc():
# Test the default credentials are used if credentials and credentials_file are None.
- with mock.patch.object(auth, "default") as adc, mock.patch(
+ with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch(
"google.cloud.iam_credentials_v1.services.iam_credentials.transports.IAMCredentialsTransport._prep_wrapped_messages"
) as Transport:
Transport.return_value = None
- adc.return_value = (credentials.AnonymousCredentials(), None)
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
transport = transports.IAMCredentialsTransport()
adc.assert_called_once()
+@requires_google_auth_gte_1_25_0
def test_iam_credentials_auth_adc():
# If no credentials are provided, we should use ADC credentials.
- with mock.patch.object(auth, "default") as adc:
- adc.return_value = (credentials.AnonymousCredentials(), None)
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ IAMCredentialsClient()
+ adc.assert_called_once_with(
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id=None,
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_iam_credentials_auth_adc_old_google_auth():
+ # If no credentials are provided, we should use ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
IAMCredentialsClient()
adc.assert_called_once_with(
scopes=("https://www.googleapis.com/auth/cloud-platform",),
@@ -1508,23 +1582,204 @@ def test_iam_credentials_auth_adc():
)
-def test_iam_credentials_transport_auth_adc():
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.IAMCredentialsGrpcTransport,
+ transports.IAMCredentialsGrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_gte_1_25_0
+def test_iam_credentials_transport_auth_adc(transport_class):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
- with mock.patch.object(auth, "default") as adc:
- adc.return_value = (credentials.AnonymousCredentials(), None)
- transports.IAMCredentialsGrpcTransport(
- host="squid.clam.whelk", quota_project_id="octopus"
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+ adc.assert_called_once_with(
+ scopes=["1", "2"],
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
)
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.IAMCredentialsGrpcTransport,
+ transports.IAMCredentialsGrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_lt_1_25_0
+def test_iam_credentials_transport_auth_adc_old_google_auth(transport_class):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus")
adc.assert_called_once_with(
scopes=("https://www.googleapis.com/auth/cloud-platform",),
quota_project_id="octopus",
)
+@pytest.mark.parametrize(
+ "transport_class,grpc_helpers",
+ [
+ (transports.IAMCredentialsGrpcTransport, grpc_helpers),
+ (transports.IAMCredentialsGrpcAsyncIOTransport, grpc_helpers_async),
+ ],
+)
+@requires_api_core_gte_1_26_0
+def test_iam_credentials_transport_create_channel(transport_class, grpc_helpers):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(
+ google.auth, "default", autospec=True
+ ) as adc, mock.patch.object(
+ grpc_helpers, "create_channel", autospec=True
+ ) as create_channel:
+ creds = ga_credentials.AnonymousCredentials()
+ adc.return_value = (creds, None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+
+ create_channel.assert_called_with(
+ "iamcredentials.googleapis.com:443",
+ credentials=creds,
+ credentials_file=None,
+ quota_project_id="octopus",
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=["1", "2"],
+ default_host="iamcredentials.googleapis.com",
+ ssl_credentials=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class,grpc_helpers",
+ [
+ (transports.IAMCredentialsGrpcTransport, grpc_helpers),
+ (transports.IAMCredentialsGrpcAsyncIOTransport, grpc_helpers_async),
+ ],
+)
+@requires_api_core_lt_1_26_0
+def test_iam_credentials_transport_create_channel_old_api_core(
+ transport_class, grpc_helpers
+):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(
+ google.auth, "default", autospec=True
+ ) as adc, mock.patch.object(
+ grpc_helpers, "create_channel", autospec=True
+ ) as create_channel:
+ creds = ga_credentials.AnonymousCredentials()
+ adc.return_value = (creds, None)
+ transport_class(quota_project_id="octopus")
+
+ create_channel.assert_called_with(
+ "iamcredentials.googleapis.com:443",
+ credentials=creds,
+ credentials_file=None,
+ quota_project_id="octopus",
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ ssl_credentials=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class,grpc_helpers",
+ [
+ (transports.IAMCredentialsGrpcTransport, grpc_helpers),
+ (transports.IAMCredentialsGrpcAsyncIOTransport, grpc_helpers_async),
+ ],
+)
+@requires_api_core_lt_1_26_0
+def test_iam_credentials_transport_create_channel_user_scopes(
+ transport_class, grpc_helpers
+):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(
+ google.auth, "default", autospec=True
+ ) as adc, mock.patch.object(
+ grpc_helpers, "create_channel", autospec=True
+ ) as create_channel:
+ creds = ga_credentials.AnonymousCredentials()
+ adc.return_value = (creds, None)
+
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+
+ create_channel.assert_called_with(
+ "iamcredentials.googleapis.com:443",
+ credentials=creds,
+ credentials_file=None,
+ quota_project_id="octopus",
+ scopes=["1", "2"],
+ ssl_credentials=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.IAMCredentialsGrpcTransport,
+ transports.IAMCredentialsGrpcAsyncIOTransport,
+ ],
+)
+def test_iam_credentials_grpc_transport_client_cert_source_for_mtls(transport_class):
+ cred = ga_credentials.AnonymousCredentials()
+
+ # Check ssl_channel_credentials is used if provided.
+ with mock.patch.object(transport_class, "create_channel") as mock_create_channel:
+ mock_ssl_channel_creds = mock.Mock()
+ transport_class(
+ host="squid.clam.whelk",
+ credentials=cred,
+ ssl_channel_credentials=mock_ssl_channel_creds,
+ )
+ mock_create_channel.assert_called_once_with(
+ "squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ ssl_credentials=mock_ssl_channel_creds,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls
+ # is used.
+ with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()):
+ with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred:
+ transport_class(
+ credentials=cred,
+ client_cert_source_for_mtls=client_cert_source_callback,
+ )
+ expected_cert, expected_key = client_cert_source_callback()
+ mock_ssl_cred.assert_called_once_with(
+ certificate_chain=expected_cert, private_key=expected_key
+ )
+
+
def test_iam_credentials_host_no_port():
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
client_options=client_options.ClientOptions(
api_endpoint="iamcredentials.googleapis.com"
),
@@ -1534,7 +1789,7 @@ def test_iam_credentials_host_no_port():
def test_iam_credentials_host_with_port():
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(),
+ credentials=ga_credentials.AnonymousCredentials(),
client_options=client_options.ClientOptions(
api_endpoint="iamcredentials.googleapis.com:8000"
),
@@ -1566,6 +1821,8 @@ def test_iam_credentials_grpc_asyncio_transport_channel():
assert transport._ssl_channel_credentials == None
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -1588,9 +1845,9 @@ def test_iam_credentials_transport_channel_mtls_with_client_cert_source(
mock_grpc_channel = mock.Mock()
grpc_create_channel.return_value = mock_grpc_channel
- cred = credentials.AnonymousCredentials()
+ cred = ga_credentials.AnonymousCredentials()
with pytest.warns(DeprecationWarning):
- with mock.patch.object(auth, "default") as adc:
+ with mock.patch.object(google.auth, "default") as adc:
adc.return_value = (cred, None)
transport = transport_class(
host="squid.clam.whelk",
@@ -1618,6 +1875,8 @@ def test_iam_credentials_transport_channel_mtls_with_client_cert_source(
assert transport._ssl_channel_credentials == mock_ssl_cred
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
@pytest.mark.parametrize(
"transport_class",
[
@@ -1665,7 +1924,6 @@ def test_iam_credentials_transport_channel_mtls_with_adc(transport_class):
def test_service_account_path():
project = "squid"
service_account = "clam"
-
expected = "projects/{project}/serviceAccounts/{service_account}".format(
project=project, service_account=service_account,
)
@@ -1687,7 +1945,6 @@ def test_parse_service_account_path():
def test_common_billing_account_path():
billing_account = "oyster"
-
expected = "billingAccounts/{billing_account}".format(
billing_account=billing_account,
)
@@ -1708,7 +1965,6 @@ def test_parse_common_billing_account_path():
def test_common_folder_path():
folder = "cuttlefish"
-
expected = "folders/{folder}".format(folder=folder,)
actual = IAMCredentialsClient.common_folder_path(folder)
assert expected == actual
@@ -1727,7 +1983,6 @@ def test_parse_common_folder_path():
def test_common_organization_path():
organization = "winkle"
-
expected = "organizations/{organization}".format(organization=organization,)
actual = IAMCredentialsClient.common_organization_path(organization)
assert expected == actual
@@ -1746,7 +2001,6 @@ def test_parse_common_organization_path():
def test_common_project_path():
project = "scallop"
-
expected = "projects/{project}".format(project=project,)
actual = IAMCredentialsClient.common_project_path(project)
assert expected == actual
@@ -1766,7 +2020,6 @@ def test_parse_common_project_path():
def test_common_location_path():
project = "squid"
location = "clam"
-
expected = "projects/{project}/locations/{location}".format(
project=project, location=location,
)
@@ -1793,7 +2046,7 @@ def test_client_withDEFAULT_CLIENT_INFO():
transports.IAMCredentialsTransport, "_prep_wrapped_messages"
) as prep:
client = IAMCredentialsClient(
- credentials=credentials.AnonymousCredentials(), client_info=client_info,
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
)
prep.assert_called_once_with(client_info)
@@ -1802,6 +2055,6 @@ def test_client_withDEFAULT_CLIENT_INFO():
) as prep:
transport_class = IAMCredentialsClient.get_transport_class()
transport = transport_class(
- credentials=credentials.AnonymousCredentials(), client_info=client_info,
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
)
prep.assert_called_once_with(client_info)