fix: enable self signed jwt for grpc (#427)

PiperOrigin-RevId: 386504689 Source-Link: googleapis/googleapis@762094a Source-Link: googleapis/googleapis-gen@6bfc480

Author: gcf-owl-bot[bot]

google/cloud/spanner_admin_database_v1/services/database_admin/client.py

@@ -435,6 +435,10 @@ def __init__(
  client_cert_source_for_mtls=client_cert_source_func,
  quota_project_id=client_options.quota_project_id,
  client_info=client_info,
+ always_use_jwt_access=(
+ Transport == type(self).get_transport_class("grpc")
+ or Transport == type(self).get_transport_class("grpc_asyncio")
+ ),
  )
 
  def list_databases(

google/cloud/spanner_admin_instance_v1/services/instance_admin/client.py

@@ -381,6 +381,10 @@ def __init__(
  client_cert_source_for_mtls=client_cert_source_func,
  quota_project_id=client_options.quota_project_id,
  client_info=client_info,
+ always_use_jwt_access=(
+ Transport == type(self).get_transport_class("grpc")
+ or Transport == type(self).get_transport_class("grpc_asyncio")
+ ),
  )
 
  def list_instance_configs(

google/cloud/spanner_v1/services/spanner/client.py

@@ -368,6 +368,10 @@ def __init__(
  client_cert_source_for_mtls=client_cert_source_func,
  quota_project_id=client_options.quota_project_id,
  client_info=client_info,
+ always_use_jwt_access=(
+ Transport == type(self).get_transport_class("grpc")
+ or Transport == type(self).get_transport_class("grpc_asyncio")
+ ),
  )
 
  def create_session(

tests/unit/gapic/spanner_admin_database_v1/test_database_admin.py

@@ -138,26 +138,14 @@ def test_database_admin_client_from_service_account_info(client_class):
  assert client.transport._host == "spanner.googleapis.com:443"
 
 
-@pytest.mark.parametrize(
- "client_class", [DatabaseAdminClient, DatabaseAdminAsyncClient,]
-)
-def test_database_admin_client_service_account_always_use_jwt(client_class):
- with mock.patch.object(
- service_account.Credentials, "with_always_use_jwt_access", create=True
- ) as use_jwt:
- creds = service_account.Credentials(None, None, None)
- client = client_class(credentials=creds)
- use_jwt.assert_not_called()
-
-
 @pytest.mark.parametrize(
  "transport_class,transport_name",
  [
  (transports.DatabaseAdminGrpcTransport, "grpc"),
  (transports.DatabaseAdminGrpcAsyncIOTransport, "grpc_asyncio"),
  ],
 )
-def test_database_admin_client_service_account_always_use_jwt_true(
+def test_database_admin_client_service_account_always_use_jwt(
  transport_class, transport_name
 ):
  with mock.patch.object(
@@ -167,6 +155,13 @@ def test_database_admin_client_service_account_always_use_jwt_true(
  transport = transport_class(credentials=creds, always_use_jwt_access=True)
  use_jwt.assert_called_once_with(True)
 
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=False)
+ use_jwt.assert_not_called()
+
 
 @pytest.mark.parametrize(
  "client_class", [DatabaseAdminClient, DatabaseAdminAsyncClient,]
@@ -247,6 +242,7 @@ def test_database_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -263,6 +259,7 @@ def test_database_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -279,6 +276,7 @@ def test_database_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -307,6 +305,7 @@ def test_database_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id="octopus",
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -373,6 +372,7 @@ def test_database_admin_client_mtls_env_auto(
  client_cert_source_for_mtls=expected_client_cert_source,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -406,6 +406,7 @@ def test_database_admin_client_mtls_env_auto(
  client_cert_source_for_mtls=expected_client_cert_source,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case client_cert_source and ADC client cert are not provided.
@@ -427,6 +428,7 @@ def test_database_admin_client_mtls_env_auto(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -457,6 +459,7 @@ def test_database_admin_client_client_options_scopes(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -487,6 +490,7 @@ def test_database_admin_client_client_options_credentials_file(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -506,6 +510,7 @@ def test_database_admin_client_client_options_from_dict():
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 

tests/unit/gapic/spanner_admin_instance_v1/test_instance_admin.py

@@ -131,26 +131,14 @@ def test_instance_admin_client_from_service_account_info(client_class):
  assert client.transport._host == "spanner.googleapis.com:443"
 
 
-@pytest.mark.parametrize(
- "client_class", [InstanceAdminClient, InstanceAdminAsyncClient,]
-)
-def test_instance_admin_client_service_account_always_use_jwt(client_class):
- with mock.patch.object(
- service_account.Credentials, "with_always_use_jwt_access", create=True
- ) as use_jwt:
- creds = service_account.Credentials(None, None, None)
- client = client_class(credentials=creds)
- use_jwt.assert_not_called()
-
-
 @pytest.mark.parametrize(
  "transport_class,transport_name",
  [
  (transports.InstanceAdminGrpcTransport, "grpc"),
  (transports.InstanceAdminGrpcAsyncIOTransport, "grpc_asyncio"),
  ],
 )
-def test_instance_admin_client_service_account_always_use_jwt_true(
+def test_instance_admin_client_service_account_always_use_jwt(
  transport_class, transport_name
 ):
  with mock.patch.object(
@@ -160,6 +148,13 @@ def test_instance_admin_client_service_account_always_use_jwt_true(
  transport = transport_class(credentials=creds, always_use_jwt_access=True)
  use_jwt.assert_called_once_with(True)
 
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=False)
+ use_jwt.assert_not_called()
+
 
 @pytest.mark.parametrize(
  "client_class", [InstanceAdminClient, InstanceAdminAsyncClient,]
@@ -240,6 +235,7 @@ def test_instance_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -256,6 +252,7 @@ def test_instance_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -272,6 +269,7 @@ def test_instance_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -300,6 +298,7 @@ def test_instance_admin_client_client_options(
  client_cert_source_for_mtls=None,
  quota_project_id="octopus",
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -366,6 +365,7 @@ def test_instance_admin_client_mtls_env_auto(
  client_cert_source_for_mtls=expected_client_cert_source,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -399,6 +399,7 @@ def test_instance_admin_client_mtls_env_auto(
  client_cert_source_for_mtls=expected_client_cert_source,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case client_cert_source and ADC client cert are not provided.
@@ -420,6 +421,7 @@ def test_instance_admin_client_mtls_env_auto(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -450,6 +452,7 @@ def test_instance_admin_client_client_options_scopes(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -480,6 +483,7 @@ def test_instance_admin_client_client_options_credentials_file(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -499,6 +503,7 @@ def test_instance_admin_client_client_options_from_dict():
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 

tests/unit/gapic/spanner_v1/test_spanner.py

@@ -120,33 +120,28 @@ def test_spanner_client_from_service_account_info(client_class):
  assert client.transport._host == "spanner.googleapis.com:443"
 
 
-@pytest.mark.parametrize("client_class", [SpannerClient, SpannerAsyncClient,])
-def test_spanner_client_service_account_always_use_jwt(client_class):
- with mock.patch.object(
- service_account.Credentials, "with_always_use_jwt_access", create=True
- ) as use_jwt:
- creds = service_account.Credentials(None, None, None)
- client = client_class(credentials=creds)
- use_jwt.assert_not_called()
-
-
 @pytest.mark.parametrize(
  "transport_class,transport_name",
  [
  (transports.SpannerGrpcTransport, "grpc"),
  (transports.SpannerGrpcAsyncIOTransport, "grpc_asyncio"),
  ],
 )
-def test_spanner_client_service_account_always_use_jwt_true(
- transport_class, transport_name
-):
+def test_spanner_client_service_account_always_use_jwt(transport_class, transport_name):
  with mock.patch.object(
  service_account.Credentials, "with_always_use_jwt_access", create=True
  ) as use_jwt:
  creds = service_account.Credentials(None, None, None)
  transport = transport_class(credentials=creds, always_use_jwt_access=True)
  use_jwt.assert_called_once_with(True)
 
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=False)
+ use_jwt.assert_not_called()
+
 
 @pytest.mark.parametrize("client_class", [SpannerClient, SpannerAsyncClient,])
 def test_spanner_client_from_service_account_file(client_class):
@@ -215,6 +210,7 @@ def test_spanner_client_client_options(client_class, transport_class, transport_
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -231,6 +227,7 @@ def test_spanner_client_client_options(client_class, transport_class, transport_
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
@@ -247,6 +244,7 @@ def test_spanner_client_client_options(client_class, transport_class, transport_
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
@@ -275,6 +273,7 @@ def test_spanner_client_client_options(client_class, transport_class, transport_
  client_cert_source_for_mtls=None,
  quota_project_id="octopus",
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -337,6 +336,7 @@ def test_spanner_client_mtls_env_auto(
  client_cert_source_for_mtls=expected_client_cert_source,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case ADC client cert is provided. Whether client cert is used depends on
@@ -370,6 +370,7 @@ def test_spanner_client_mtls_env_auto(
  client_cert_source_for_mtls=expected_client_cert_source,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
  # Check the case client_cert_source and ADC client cert are not provided.
@@ -391,6 +392,7 @@ def test_spanner_client_mtls_env_auto(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -417,6 +419,7 @@ def test_spanner_client_client_options_scopes(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -443,6 +446,7 @@ def test_spanner_client_client_options_credentials_file(
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )
 
 
@@ -460,6 +464,7 @@ def test_spanner_client_client_options_from_dict():
  client_cert_source_for_mtls=None,
  quota_project_id=None,
  client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
  )