Skip to content
This repository was archived by the owner on Sep 5, 2023. It is now read-only.

Commit 51304a3

Browse files
fix: enable self signed jwt for grpc (#9)
PiperOrigin-RevId: 386504689 Source-Link: googleapis/googleapis@762094a Source-Link: https://github.com/googleapis/googleapis-gen/commit/6bfc480e1a161d5de121c2bcc3745885d33b265a
1 parent 79391ae commit 51304a3

4 files changed

Lines changed: 44 additions & 32 deletions

File tree

google/cloud/iap_v1/services/identity_aware_proxy_admin_service/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -338,6 +338,10 @@ def __init__(
338338
client_cert_source_for_mtls=client_cert_source_func,
339339
quota_project_id=client_options.quota_project_id,
340340
client_info=client_info,
341+
always_use_jwt_access=(
342+
Transport == type(self).get_transport_class("grpc")
343+
or Transport == type(self).get_transport_class("grpc_asyncio")
344+
),
341345
)
342346

343347
def set_iam_policy(

google/cloud/iap_v1/services/identity_aware_proxy_o_auth_service/client.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -340,6 +340,10 @@ def __init__(
340340
client_cert_source_for_mtls=client_cert_source_func,
341341
quota_project_id=client_options.quota_project_id,
342342
client_info=client_info,
343+
always_use_jwt_access=(
344+
Transport == type(self).get_transport_class("grpc")
345+
or Transport == type(self).get_transport_class("grpc_asyncio")
346+
),
343347
)
344348

345349
def list_brands(

tests/unit/gapic/iap_v1/test_identity_aware_proxy_admin_service.py

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -137,29 +137,14 @@ def test_identity_aware_proxy_admin_service_client_from_service_account_info(
137137
assert client.transport._host == "iap.googleapis.com:443"
138138

139139

140-
@pytest.mark.parametrize(
141-
"client_class",
142-
[IdentityAwareProxyAdminServiceClient, IdentityAwareProxyAdminServiceAsyncClient,],
143-
)
144-
def test_identity_aware_proxy_admin_service_client_service_account_always_use_jwt(
145-
client_class,
146-
):
147-
with mock.patch.object(
148-
service_account.Credentials, "with_always_use_jwt_access", create=True
149-
) as use_jwt:
150-
creds = service_account.Credentials(None, None, None)
151-
client = client_class(credentials=creds)
152-
use_jwt.assert_not_called()
153-
154-
155140
@pytest.mark.parametrize(
156141
"transport_class,transport_name",
157142
[
158143
(transports.IdentityAwareProxyAdminServiceGrpcTransport, "grpc"),
159144
(transports.IdentityAwareProxyAdminServiceGrpcAsyncIOTransport, "grpc_asyncio"),
160145
],
161146
)
162-
def test_identity_aware_proxy_admin_service_client_service_account_always_use_jwt_true(
147+
def test_identity_aware_proxy_admin_service_client_service_account_always_use_jwt(
163148
transport_class, transport_name
164149
):
165150
with mock.patch.object(
@@ -169,6 +154,13 @@ def test_identity_aware_proxy_admin_service_client_service_account_always_use_jw
169154
transport = transport_class(credentials=creds, always_use_jwt_access=True)
170155
use_jwt.assert_called_once_with(True)
171156

157+
with mock.patch.object(
158+
service_account.Credentials, "with_always_use_jwt_access", create=True
159+
) as use_jwt:
160+
creds = service_account.Credentials(None, None, None)
161+
transport = transport_class(credentials=creds, always_use_jwt_access=False)
162+
use_jwt.assert_not_called()
163+
172164

173165
@pytest.mark.parametrize(
174166
"client_class",
@@ -260,6 +252,7 @@ def test_identity_aware_proxy_admin_service_client_client_options(
260252
client_cert_source_for_mtls=None,
261253
quota_project_id=None,
262254
client_info=transports.base.DEFAULT_CLIENT_INFO,
255+
always_use_jwt_access=True,
263256
)
264257

265258
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -276,6 +269,7 @@ def test_identity_aware_proxy_admin_service_client_client_options(
276269
client_cert_source_for_mtls=None,
277270
quota_project_id=None,
278271
client_info=transports.base.DEFAULT_CLIENT_INFO,
272+
always_use_jwt_access=True,
279273
)
280274

281275
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -292,6 +286,7 @@ def test_identity_aware_proxy_admin_service_client_client_options(
292286
client_cert_source_for_mtls=None,
293287
quota_project_id=None,
294288
client_info=transports.base.DEFAULT_CLIENT_INFO,
289+
always_use_jwt_access=True,
295290
)
296291

297292
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -320,6 +315,7 @@ def test_identity_aware_proxy_admin_service_client_client_options(
320315
client_cert_source_for_mtls=None,
321316
quota_project_id="octopus",
322317
client_info=transports.base.DEFAULT_CLIENT_INFO,
318+
always_use_jwt_access=True,
323319
)
324320

325321

@@ -396,6 +392,7 @@ def test_identity_aware_proxy_admin_service_client_mtls_env_auto(
396392
client_cert_source_for_mtls=expected_client_cert_source,
397393
quota_project_id=None,
398394
client_info=transports.base.DEFAULT_CLIENT_INFO,
395+
always_use_jwt_access=True,
399396
)
400397

401398
# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -429,6 +426,7 @@ def test_identity_aware_proxy_admin_service_client_mtls_env_auto(
429426
client_cert_source_for_mtls=expected_client_cert_source,
430427
quota_project_id=None,
431428
client_info=transports.base.DEFAULT_CLIENT_INFO,
429+
always_use_jwt_access=True,
432430
)
433431

434432
# Check the case client_cert_source and ADC client cert are not provided.
@@ -450,6 +448,7 @@ def test_identity_aware_proxy_admin_service_client_mtls_env_auto(
450448
client_cert_source_for_mtls=None,
451449
quota_project_id=None,
452450
client_info=transports.base.DEFAULT_CLIENT_INFO,
451+
always_use_jwt_access=True,
453452
)
454453

455454

@@ -484,6 +483,7 @@ def test_identity_aware_proxy_admin_service_client_client_options_scopes(
484483
client_cert_source_for_mtls=None,
485484
quota_project_id=None,
486485
client_info=transports.base.DEFAULT_CLIENT_INFO,
486+
always_use_jwt_access=True,
487487
)
488488

489489

@@ -518,6 +518,7 @@ def test_identity_aware_proxy_admin_service_client_client_options_credentials_fi
518518
client_cert_source_for_mtls=None,
519519
quota_project_id=None,
520520
client_info=transports.base.DEFAULT_CLIENT_INFO,
521+
always_use_jwt_access=True,
521522
)
522523

523524

@@ -537,6 +538,7 @@ def test_identity_aware_proxy_admin_service_client_client_options_from_dict():
537538
client_cert_source_for_mtls=None,
538539
quota_project_id=None,
539540
client_info=transports.base.DEFAULT_CLIENT_INFO,
541+
always_use_jwt_access=True,
540542
)
541543

542544

tests/unit/gapic/iap_v1/test_identity_aware_proxy_o_auth_service.py

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -132,29 +132,14 @@ def test_identity_aware_proxy_o_auth_service_client_from_service_account_info(
132132
assert client.transport._host == "iap.googleapis.com:443"
133133

134134

135-
@pytest.mark.parametrize(
136-
"client_class",
137-
[IdentityAwareProxyOAuthServiceClient, IdentityAwareProxyOAuthServiceAsyncClient,],
138-
)
139-
def test_identity_aware_proxy_o_auth_service_client_service_account_always_use_jwt(
140-
client_class,
141-
):
142-
with mock.patch.object(
143-
service_account.Credentials, "with_always_use_jwt_access", create=True
144-
) as use_jwt:
145-
creds = service_account.Credentials(None, None, None)
146-
client = client_class(credentials=creds)
147-
use_jwt.assert_not_called()
148-
149-
150135
@pytest.mark.parametrize(
151136
"transport_class,transport_name",
152137
[
153138
(transports.IdentityAwareProxyOAuthServiceGrpcTransport, "grpc"),
154139
(transports.IdentityAwareProxyOAuthServiceGrpcAsyncIOTransport, "grpc_asyncio"),
155140
],
156141
)
157-
def test_identity_aware_proxy_o_auth_service_client_service_account_always_use_jwt_true(
142+
def test_identity_aware_proxy_o_auth_service_client_service_account_always_use_jwt(
158143
transport_class, transport_name
159144
):
160145
with mock.patch.object(
@@ -164,6 +149,13 @@ def test_identity_aware_proxy_o_auth_service_client_service_account_always_use_j
164149
transport = transport_class(credentials=creds, always_use_jwt_access=True)
165150
use_jwt.assert_called_once_with(True)
166151

152+
with mock.patch.object(
153+
service_account.Credentials, "with_always_use_jwt_access", create=True
154+
) as use_jwt:
155+
creds = service_account.Credentials(None, None, None)
156+
transport = transport_class(credentials=creds, always_use_jwt_access=False)
157+
use_jwt.assert_not_called()
158+
167159

168160
@pytest.mark.parametrize(
169161
"client_class",
@@ -255,6 +247,7 @@ def test_identity_aware_proxy_o_auth_service_client_client_options(
255247
client_cert_source_for_mtls=None,
256248
quota_project_id=None,
257249
client_info=transports.base.DEFAULT_CLIENT_INFO,
250+
always_use_jwt_access=True,
258251
)
259252

260253
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -271,6 +264,7 @@ def test_identity_aware_proxy_o_auth_service_client_client_options(
271264
client_cert_source_for_mtls=None,
272265
quota_project_id=None,
273266
client_info=transports.base.DEFAULT_CLIENT_INFO,
267+
always_use_jwt_access=True,
274268
)
275269

276270
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -287,6 +281,7 @@ def test_identity_aware_proxy_o_auth_service_client_client_options(
287281
client_cert_source_for_mtls=None,
288282
quota_project_id=None,
289283
client_info=transports.base.DEFAULT_CLIENT_INFO,
284+
always_use_jwt_access=True,
290285
)
291286

292287
# Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -315,6 +310,7 @@ def test_identity_aware_proxy_o_auth_service_client_client_options(
315310
client_cert_source_for_mtls=None,
316311
quota_project_id="octopus",
317312
client_info=transports.base.DEFAULT_CLIENT_INFO,
313+
always_use_jwt_access=True,
318314
)
319315

320316

@@ -391,6 +387,7 @@ def test_identity_aware_proxy_o_auth_service_client_mtls_env_auto(
391387
client_cert_source_for_mtls=expected_client_cert_source,
392388
quota_project_id=None,
393389
client_info=transports.base.DEFAULT_CLIENT_INFO,
390+
always_use_jwt_access=True,
394391
)
395392

396393
# Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -424,6 +421,7 @@ def test_identity_aware_proxy_o_auth_service_client_mtls_env_auto(
424421
client_cert_source_for_mtls=expected_client_cert_source,
425422
quota_project_id=None,
426423
client_info=transports.base.DEFAULT_CLIENT_INFO,
424+
always_use_jwt_access=True,
427425
)
428426

429427
# Check the case client_cert_source and ADC client cert are not provided.
@@ -445,6 +443,7 @@ def test_identity_aware_proxy_o_auth_service_client_mtls_env_auto(
445443
client_cert_source_for_mtls=None,
446444
quota_project_id=None,
447445
client_info=transports.base.DEFAULT_CLIENT_INFO,
446+
always_use_jwt_access=True,
448447
)
449448

450449

@@ -479,6 +478,7 @@ def test_identity_aware_proxy_o_auth_service_client_client_options_scopes(
479478
client_cert_source_for_mtls=None,
480479
quota_project_id=None,
481480
client_info=transports.base.DEFAULT_CLIENT_INFO,
481+
always_use_jwt_access=True,
482482
)
483483

484484

@@ -513,6 +513,7 @@ def test_identity_aware_proxy_o_auth_service_client_client_options_credentials_f
513513
client_cert_source_for_mtls=None,
514514
quota_project_id=None,
515515
client_info=transports.base.DEFAULT_CLIENT_INFO,
516+
always_use_jwt_access=True,
516517
)
517518

518519

@@ -532,6 +533,7 @@ def test_identity_aware_proxy_o_auth_service_client_client_options_from_dict():
532533
client_cert_source_for_mtls=None,
533534
quota_project_id=None,
534535
client_info=transports.base.DEFAULT_CLIENT_INFO,
536+
always_use_jwt_access=True,
535537
)
536538

537539

0 commit comments

Comments
 (0)