diff --git a/.coveragerc b/.coveragerc
index 0912e2d3..41724c80 100644
--- a/.coveragerc
+++ b/.coveragerc
@@ -2,7 +2,6 @@
branch = True
[report]
-fail_under = 100
show_missing = True
omit =
google/cloud/recommendationengine/__init__.py
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index da616c91..e2b39f94 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/repo-automation-bots/owlbot-python:latest
- digest: sha256:c66ba3c8d7bc8566f47df841f98cd0097b28fff0b1864c86f5817f4c8c3e8600
+ digest: sha256:99d90d097e4a4710cc8658ee0b5b963f4426d0e424819787c3ac1405c9a26719
diff --git a/.kokoro/samples/python3.9/common.cfg b/.kokoro/samples/python3.9/common.cfg
new file mode 100644
index 00000000..367b880b
--- /dev/null
+++ b/.kokoro/samples/python3.9/common.cfg
@@ -0,0 +1,40 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+# Build logs will be here
+action {
+ define_artifacts {
+ regex: "**/*sponge_log.xml"
+ }
+}
+
+# Specify which tests to run
+env_vars: {
+ key: "RUN_TESTS_SESSION"
+ value: "py-3.9"
+}
+
+# Declare build specific Cloud project.
+env_vars: {
+ key: "BUILD_SPECIFIC_GCLOUD_PROJECT"
+ value: "python-docs-samples-tests-py39"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-recommendations-ai/.kokoro/test-samples.sh"
+}
+
+# Configure the docker image for kokoro-trampoline.
+env_vars: {
+ key: "TRAMPOLINE_IMAGE"
+ value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker"
+}
+
+# Download secrets for samples
+gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/python-docs-samples"
+
+# Download trampoline resources.
+gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
+
+# Use the trampoline script to run in docker.
+build_file: "python-recommendations-ai/.kokoro/trampoline.sh"
\ No newline at end of file
diff --git a/.kokoro/samples/python3.9/continuous.cfg b/.kokoro/samples/python3.9/continuous.cfg
new file mode 100644
index 00000000..a1c8d975
--- /dev/null
+++ b/.kokoro/samples/python3.9/continuous.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
\ No newline at end of file
diff --git a/.kokoro/samples/python3.9/periodic-head.cfg b/.kokoro/samples/python3.9/periodic-head.cfg
new file mode 100644
index 00000000..f9cfcd33
--- /dev/null
+++ b/.kokoro/samples/python3.9/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/samples/python3.9/periodic.cfg b/.kokoro/samples/python3.9/periodic.cfg
new file mode 100644
index 00000000..50fec964
--- /dev/null
+++ b/.kokoro/samples/python3.9/periodic.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "False"
+}
\ No newline at end of file
diff --git a/.kokoro/samples/python3.9/presubmit.cfg b/.kokoro/samples/python3.9/presubmit.cfg
new file mode 100644
index 00000000..a1c8d975
--- /dev/null
+++ b/.kokoro/samples/python3.9/presubmit.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4f00c7cf..62eb5a77 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,7 +16,7 @@
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v3.4.0
+ rev: v4.0.1
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1f68826e..b78718e7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,22 @@
# Changelog
+## [0.3.0](https://www.github.com/googleapis/python-recommendations-ai/compare/v0.2.2...v0.3.0) (2021-07-01)
+
+
+### Features
+
+* add always_use_jwt_access ([#60](https://www.github.com/googleapis/python-recommendations-ai/issues/60)) ([354fc1c](https://www.github.com/googleapis/python-recommendations-ai/commit/354fc1cef059a69ab2b1310858f546a66db6fe5a))
+
+
+### Bug Fixes
+
+* disable always_use_jwt_access ([#64](https://www.github.com/googleapis/python-recommendations-ai/issues/64)) ([3263c2e](https://www.github.com/googleapis/python-recommendations-ai/commit/3263c2ee0eb44e283de7356dbf9410d8620a8727))
+
+
+### Documentation
+
+* omit mention of Python 2.7 in 'CONTRIBUTING.rst' ([#1127](https://www.github.com/googleapis/python-recommendations-ai/issues/1127)) ([#55](https://www.github.com/googleapis/python-recommendations-ai/issues/55)) ([47faef8](https://www.github.com/googleapis/python-recommendations-ai/commit/47faef890d8356ce60da06925b92a50f23a34e20)), closes [#1126](https://www.github.com/googleapis/python-recommendations-ai/issues/1126)
+
### [0.2.2](https://www.github.com/googleapis/python-recommendations-ai/compare/v0.2.1...v0.2.2) (2021-06-16)
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index f4b63c51..4ba9b6de 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -68,15 +68,12 @@ Using ``nox``
We use `nox `__ to instrument our tests.
- To test your changes, run unit tests with ``nox``::
+ $ nox -s unit
- $ nox -s unit-2.7
- $ nox -s unit-3.8
- $ ...
+- To run a single unit test::
-- Args to pytest can be passed through the nox command separated by a `--`. For
- example, to run a single test::
+ $ nox -s unit-3.9 -- -k
- $ nox -s unit-3.8 -- -k
.. note::
@@ -143,8 +140,7 @@ Running System Tests
- To run system tests, you can execute::
# Run all system tests
- $ nox -s system-3.8
- $ nox -s system-2.7
+ $ nox -s system
# Run a single system test
$ nox -s system-3.8 -- -k
@@ -152,9 +148,8 @@ Running System Tests
.. note::
- System tests are only configured to run under Python 2.7 and
- Python 3.8. For expediency, we do not run them in older versions
- of Python 3.
+ System tests are only configured to run under Python 3.8.
+ For expediency, we do not run them in older versions of Python 3.
This alone will not run the tests. You'll need to change some local
auth settings and change some configuration in your project to
@@ -218,8 +213,8 @@ Supported versions can be found in our ``noxfile.py`` `config`_.
.. _config: https://github.com/googleapis/python-recommendations-ai/blob/master/noxfile.py
-We also explicitly decided to support Python 3 beginning with version
-3.6. Reasons for this include:
+We also explicitly decided to support Python 3 beginning with version 3.6.
+Reasons for this include:
- Encouraging use of newest versions of Python 3
- Taking the lead of `prominent`_ open-source `projects`_
diff --git a/docs/conf.py b/docs/conf.py
index 463c5670..dd621a00 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -80,9 +80,9 @@
master_doc = "index"
# General information about the project.
-project = u"google-cloud-recommendations-ai"
-copyright = u"2019, Google"
-author = u"Google APIs"
+project = "google-cloud-recommendations-ai"
+copyright = "2019, Google"
+author = "Google APIs"
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
@@ -281,7 +281,7 @@
(
master_doc,
"google-cloud-recommendations-ai.tex",
- u"google-cloud-recommendations-ai Documentation",
+ "google-cloud-recommendations-ai Documentation",
author,
"manual",
)
@@ -316,7 +316,7 @@
(
master_doc,
"google-cloud-recommendations-ai",
- u"google-cloud-recommendations-ai Documentation",
+ "google-cloud-recommendations-ai Documentation",
[author],
1,
)
@@ -335,7 +335,7 @@
(
master_doc,
"google-cloud-recommendations-ai",
- u"google-cloud-recommendations-ai Documentation",
+ "google-cloud-recommendations-ai Documentation",
author,
"google-cloud-recommendations-ai",
"google-cloud-recommendations-ai Library",
diff --git a/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/base.py b/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/base.py
index 102016eb..91bb327b 100644
--- a/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/base.py
+++ b/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/base.py
@@ -25,6 +25,7 @@
from google.api_core import retry as retries # type: ignore
from google.api_core import operations_v1 # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.recommendationengine_v1beta1.types import catalog
from google.cloud.recommendationengine_v1beta1.types import catalog_service
@@ -50,8 +51,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class CatalogServiceTransport(abc.ABC):
"""Abstract transport class for CatalogService."""
@@ -69,6 +68,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -92,6 +92,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -101,7 +103,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -120,13 +122,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -147,27 +156,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc.py b/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc.py
index e639fa7e..ba82c381 100644
--- a/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc.py
+++ b/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc.py
@@ -63,6 +63,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -103,6 +104,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -156,6 +159,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -211,14 +215,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc_asyncio.py b/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc_asyncio.py
index 6e4e0971..962f0afb 100644
--- a/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc_asyncio.py
+++ b/google/cloud/recommendationengine_v1beta1/services/catalog_service/transports/grpc_asyncio.py
@@ -84,14 +84,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -109,6 +109,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -150,6 +151,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -202,6 +205,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/base.py b/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/base.py
index 605f3dcb..d13921ca 100644
--- a/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/base.py
+++ b/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/base.py
@@ -24,6 +24,7 @@
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.recommendationengine_v1beta1.types import (
prediction_apikey_registry_service,
@@ -48,8 +49,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class PredictionApiKeyRegistryTransport(abc.ABC):
"""Abstract transport class for PredictionApiKeyRegistry."""
@@ -67,6 +66,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -90,6 +90,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -99,7 +101,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -118,13 +120,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -145,27 +154,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc.py b/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc.py
index 6e7033a1..40e30a79 100644
--- a/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc.py
+++ b/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc.py
@@ -65,6 +65,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -105,6 +106,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -157,6 +160,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -212,14 +216,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc_asyncio.py b/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc_asyncio.py
index 10286275..bb568d8d 100644
--- a/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc_asyncio.py
+++ b/google/cloud/recommendationengine_v1beta1/services/prediction_api_key_registry/transports/grpc_asyncio.py
@@ -86,14 +86,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -111,6 +111,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -152,6 +153,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -203,6 +206,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/base.py b/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/base.py
index c84024c9..1762da2a 100644
--- a/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/base.py
+++ b/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/base.py
@@ -24,6 +24,7 @@
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.recommendationengine_v1beta1.types import prediction_service
@@ -45,8 +46,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class PredictionServiceTransport(abc.ABC):
"""Abstract transport class for PredictionService."""
@@ -64,6 +63,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -87,6 +87,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -96,7 +98,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -115,13 +117,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -142,27 +151,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc.py b/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc.py
index 2c29280c..93ee9231 100644
--- a/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc.py
+++ b/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc.py
@@ -57,6 +57,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -97,6 +98,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -149,6 +152,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -204,14 +208,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc_asyncio.py b/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc_asyncio.py
index a87304b1..95797987 100644
--- a/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc_asyncio.py
+++ b/google/cloud/recommendationengine_v1beta1/services/prediction_service/transports/grpc_asyncio.py
@@ -78,14 +78,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -103,6 +103,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -144,6 +145,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -195,6 +198,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/base.py b/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/base.py
index 49e1a2d7..eea694c2 100644
--- a/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/base.py
+++ b/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/base.py
@@ -25,6 +25,7 @@
from google.api_core import retry as retries # type: ignore
from google.api_core import operations_v1 # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.api import httpbody_pb2 # type: ignore
from google.cloud.recommendationengine_v1beta1.types import import_
@@ -50,8 +51,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class UserEventServiceTransport(abc.ABC):
"""Abstract transport class for UserEventService."""
@@ -69,6 +68,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -92,6 +92,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -101,7 +103,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -120,13 +122,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -147,27 +156,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc.py b/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc.py
index 765a27f6..d4f94a9c 100644
--- a/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc.py
+++ b/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc.py
@@ -63,6 +63,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -103,6 +104,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -156,6 +159,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -211,14 +215,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc_asyncio.py b/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc_asyncio.py
index 0c7c5a06..720bd026 100644
--- a/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc_asyncio.py
+++ b/google/cloud/recommendationengine_v1beta1/services/user_event_service/transports/grpc_asyncio.py
@@ -84,14 +84,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -109,6 +109,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -150,6 +151,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -202,6 +205,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/setup.py b/setup.py
index d2e790b7..79370bd3 100644
--- a/setup.py
+++ b/setup.py
@@ -19,7 +19,7 @@
import os
import setuptools # type: ignore
-version = "0.2.2"
+version = "0.3.0"
package_root = os.path.abspath(os.path.dirname(__file__))
@@ -44,7 +44,7 @@
platforms="Posix; MacOS X; Windows",
include_package_data=True,
install_requires=(
- "google-api-core[grpc] >= 1.22.2, < 2.0.0dev",
+ "google-api-core[grpc] >= 1.26.0, <2.0.0dev",
"proto-plus >= 1.15.0",
"packaging >= 14.3",
),
diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt
index b664e31a..7de25725 100644
--- a/testing/constraints-3.6.txt
+++ b/testing/constraints-3.6.txt
@@ -5,6 +5,6 @@
# e.g., if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0dev",
# Then this file should have google-cloud-foo==1.14.0
-google-api-core==1.22.2
+google-api-core==1.26.0
proto-plus==1.15.0
packaging==14.3
diff --git a/tests/unit/gapic/recommendationengine_v1beta1/test_catalog_service.py b/tests/unit/gapic/recommendationengine_v1beta1/test_catalog_service.py
index 1180c79b..a247fd50 100644
--- a/tests/unit/gapic/recommendationengine_v1beta1/test_catalog_service.py
+++ b/tests/unit/gapic/recommendationengine_v1beta1/test_catalog_service.py
@@ -44,9 +44,6 @@
from google.cloud.recommendationengine_v1beta1.services.catalog_service import (
transports,
)
-from google.cloud.recommendationengine_v1beta1.services.catalog_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.recommendationengine_v1beta1.services.catalog_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -62,8 +59,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -74,16 +72,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -146,6 +134,36 @@ def test_catalog_service_client_from_service_account_info(client_class):
assert client.transport._host == "recommendationengine.googleapis.com:443"
+@pytest.mark.parametrize(
+ "client_class", [CatalogServiceClient, CatalogServiceAsyncClient,]
+)
+def test_catalog_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.CatalogServiceGrpcTransport, "grpc"),
+ (transports.CatalogServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_catalog_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize(
"client_class", [CatalogServiceClient, CatalogServiceAsyncClient,]
)
@@ -2319,7 +2337,6 @@ def test_catalog_service_transport_auth_adc_old_google_auth(transport_class):
(transports.CatalogServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_catalog_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -2348,79 +2365,6 @@ def test_catalog_service_transport_create_channel(transport_class, grpc_helpers)
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.CatalogServiceGrpcTransport, grpc_helpers),
- (transports.CatalogServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_catalog_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.CatalogServiceGrpcTransport, grpc_helpers),
- (transports.CatalogServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_catalog_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[
@@ -2443,7 +2387,7 @@ def test_catalog_service_grpc_transport_client_cert_source_for_mtls(transport_cl
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -2552,7 +2496,7 @@ def test_catalog_service_transport_channel_mtls_with_client_cert_source(
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -2599,7 +2543,7 @@ def test_catalog_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_api_key_registry.py b/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_api_key_registry.py
index 64648eab..52d55c78 100644
--- a/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_api_key_registry.py
+++ b/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_api_key_registry.py
@@ -43,9 +43,6 @@
from google.cloud.recommendationengine_v1beta1.services.prediction_api_key_registry import (
transports,
)
-from google.cloud.recommendationengine_v1beta1.services.prediction_api_key_registry.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.recommendationengine_v1beta1.services.prediction_api_key_registry.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -56,8 +53,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -68,16 +66,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -142,6 +130,39 @@ def test_prediction_api_key_registry_client_from_service_account_info(client_cla
assert client.transport._host == "recommendationengine.googleapis.com:443"
+@pytest.mark.parametrize(
+ "client_class",
+ [PredictionApiKeyRegistryClient, PredictionApiKeyRegistryAsyncClient,],
+)
+def test_prediction_api_key_registry_client_service_account_always_use_jwt(
+ client_class,
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.PredictionApiKeyRegistryGrpcTransport, "grpc"),
+ (transports.PredictionApiKeyRegistryGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_prediction_api_key_registry_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize(
"client_class",
[PredictionApiKeyRegistryClient, PredictionApiKeyRegistryAsyncClient,],
@@ -1708,7 +1729,6 @@ def test_prediction_api_key_registry_transport_auth_adc_old_google_auth(
(transports.PredictionApiKeyRegistryGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_prediction_api_key_registry_transport_create_channel(
transport_class, grpc_helpers
):
@@ -1739,79 +1759,6 @@ def test_prediction_api_key_registry_transport_create_channel(
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.PredictionApiKeyRegistryGrpcTransport, grpc_helpers),
- (transports.PredictionApiKeyRegistryGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_prediction_api_key_registry_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.PredictionApiKeyRegistryGrpcTransport, grpc_helpers),
- (transports.PredictionApiKeyRegistryGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_prediction_api_key_registry_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[
@@ -1836,7 +1783,7 @@ def test_prediction_api_key_registry_grpc_transport_client_cert_source_for_mtls(
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1945,7 +1892,7 @@ def test_prediction_api_key_registry_transport_channel_mtls_with_client_cert_sou
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1992,7 +1939,7 @@ def test_prediction_api_key_registry_transport_channel_mtls_with_adc(transport_c
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_service.py b/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_service.py
index 3279292a..8bd08dfa 100644
--- a/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_service.py
+++ b/tests/unit/gapic/recommendationengine_v1beta1/test_prediction_service.py
@@ -41,9 +41,6 @@
from google.cloud.recommendationengine_v1beta1.services.prediction_service import (
transports,
)
-from google.cloud.recommendationengine_v1beta1.services.prediction_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.recommendationengine_v1beta1.services.prediction_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -57,8 +54,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -69,16 +67,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -142,6 +130,36 @@ def test_prediction_service_client_from_service_account_info(client_class):
assert client.transport._host == "recommendationengine.googleapis.com:443"
+@pytest.mark.parametrize(
+ "client_class", [PredictionServiceClient, PredictionServiceAsyncClient,]
+)
+def test_prediction_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.PredictionServiceGrpcTransport, "grpc"),
+ (transports.PredictionServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_prediction_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize(
"client_class", [PredictionServiceClient, PredictionServiceAsyncClient,]
)
@@ -1118,7 +1136,6 @@ def test_prediction_service_transport_auth_adc_old_google_auth(transport_class):
(transports.PredictionServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_prediction_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -1147,79 +1164,6 @@ def test_prediction_service_transport_create_channel(transport_class, grpc_helpe
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.PredictionServiceGrpcTransport, grpc_helpers),
- (transports.PredictionServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_prediction_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.PredictionServiceGrpcTransport, grpc_helpers),
- (transports.PredictionServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_prediction_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[
@@ -1242,7 +1186,7 @@ def test_prediction_service_grpc_transport_client_cert_source_for_mtls(transport
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1351,7 +1295,7 @@ def test_prediction_service_transport_channel_mtls_with_client_cert_source(
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1398,7 +1342,7 @@ def test_prediction_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/recommendationengine_v1beta1/test_user_event_service.py b/tests/unit/gapic/recommendationengine_v1beta1/test_user_event_service.py
index 81dfb489..d69ec5cd 100644
--- a/tests/unit/gapic/recommendationengine_v1beta1/test_user_event_service.py
+++ b/tests/unit/gapic/recommendationengine_v1beta1/test_user_event_service.py
@@ -45,9 +45,6 @@
from google.cloud.recommendationengine_v1beta1.services.user_event_service import (
transports,
)
-from google.cloud.recommendationengine_v1beta1.services.user_event_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.recommendationengine_v1beta1.services.user_event_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -64,8 +61,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -76,16 +74,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -149,6 +137,36 @@ def test_user_event_service_client_from_service_account_info(client_class):
assert client.transport._host == "recommendationengine.googleapis.com:443"
+@pytest.mark.parametrize(
+ "client_class", [UserEventServiceClient, UserEventServiceAsyncClient,]
+)
+def test_user_event_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.UserEventServiceGrpcTransport, "grpc"),
+ (transports.UserEventServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_user_event_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize(
"client_class", [UserEventServiceClient, UserEventServiceAsyncClient,]
)
@@ -2072,7 +2090,6 @@ def test_user_event_service_transport_auth_adc_old_google_auth(transport_class):
(transports.UserEventServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_user_event_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -2101,79 +2118,6 @@ def test_user_event_service_transport_create_channel(transport_class, grpc_helpe
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.UserEventServiceGrpcTransport, grpc_helpers),
- (transports.UserEventServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_user_event_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.UserEventServiceGrpcTransport, grpc_helpers),
- (transports.UserEventServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_user_event_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "recommendationengine.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[
@@ -2196,7 +2140,7 @@ def test_user_event_service_grpc_transport_client_cert_source_for_mtls(transport
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -2305,7 +2249,7 @@ def test_user_event_service_transport_channel_mtls_with_client_cert_source(
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -2352,7 +2296,7 @@ def test_user_event_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[