fix: disable always_use_jwt_access (#47)

Committer: @busunkim96 PiperOrigin-RevId: 382142900 Source-Link: googleapis/googleapis@513440f Source-Link: https://github.com/googleapis/googleapis-gen/commit/7b1e2c31233f79a704ec21ca410bf661d6bc68d0

Author: gcf-owl-bot[bot]

google/cloud/metastore_v1/services/dataproc_metastore/transports/base.py

@@ -98,7 +98,7 @@ def __init__(
  scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
 
  # Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
 
  # If no credentials are provided, then determine the appropriate
  # defaults.

google/cloud/metastore_v1/services/dataproc_metastore/transports/grpc.py

@@ -81,6 +81,7 @@ def __init__(
  client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
  quota_project_id: Optional[str] = None,
  client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
  ) -> None:
  """Instantiate the transport.
 
@@ -121,6 +122,8 @@ def __init__(
  API requests. If ``None``, then default info will be used.
  Generally, you only need to set this if you're developing
  your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
 
  Raises:
  google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -174,7 +177,7 @@ def __init__(
  scopes=scopes,
  quota_project_id=quota_project_id,
  client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
  )
 
  if not self._grpc_channel:

google/cloud/metastore_v1/services/dataproc_metastore/transports/grpc_asyncio.py

@@ -127,6 +127,7 @@ def __init__(
  client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
  quota_project_id=None,
  client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
  ) -> None:
  """Instantiate the transport.
 
@@ -168,6 +169,8 @@ def __init__(
  API requests. If ``None``, then default info will be used.
  Generally, you only need to set this if you're developing
  your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
 
  Raises:
  google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -220,7 +223,7 @@ def __init__(
  scopes=scopes,
  quota_project_id=quota_project_id,
  client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
  )
 
  if not self._grpc_channel:

google/cloud/metastore_v1alpha/services/dataproc_metastore/transports/base.py

@@ -98,7 +98,7 @@ def __init__(
  scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
 
  # Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
 
  # If no credentials are provided, then determine the appropriate
  # defaults.

google/cloud/metastore_v1alpha/services/dataproc_metastore/transports/grpc.py

@@ -81,6 +81,7 @@ def __init__(
  client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
  quota_project_id: Optional[str] = None,
  client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
  ) -> None:
  """Instantiate the transport.
 
@@ -121,6 +122,8 @@ def __init__(
  API requests. If ``None``, then default info will be used.
  Generally, you only need to set this if you're developing
  your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
 
  Raises:
  google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -174,7 +177,7 @@ def __init__(
  scopes=scopes,
  quota_project_id=quota_project_id,
  client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
  )
 
  if not self._grpc_channel:

google/cloud/metastore_v1alpha/services/dataproc_metastore/transports/grpc_asyncio.py

@@ -127,6 +127,7 @@ def __init__(
  client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
  quota_project_id=None,
  client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
  ) -> None:
  """Instantiate the transport.
 
@@ -168,6 +169,8 @@ def __init__(
  API requests. If ``None``, then default info will be used.
  Generally, you only need to set this if you're developing
  your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
 
  Raises:
  google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -220,7 +223,7 @@ def __init__(
  scopes=scopes,
  quota_project_id=quota_project_id,
  client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
  )
 
  if not self._grpc_channel:

google/cloud/metastore_v1beta/services/dataproc_metastore/transports/base.py

@@ -100,7 +100,7 @@ def __init__(
  scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
 
  # Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
 
  # If no credentials are provided, then determine the appropriate
  # defaults.

google/cloud/metastore_v1beta/services/dataproc_metastore/transports/grpc.py

@@ -81,6 +81,7 @@ def __init__(
  client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
  quota_project_id: Optional[str] = None,
  client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
  ) -> None:
  """Instantiate the transport.
 
@@ -121,6 +122,8 @@ def __init__(
  API requests. If ``None``, then default info will be used.
  Generally, you only need to set this if you're developing
  your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
 
  Raises:
  google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -174,7 +177,7 @@ def __init__(
  scopes=scopes,
  quota_project_id=quota_project_id,
  client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
  )
 
  if not self._grpc_channel:

google/cloud/metastore_v1beta/services/dataproc_metastore/transports/grpc_asyncio.py

@@ -127,6 +127,7 @@ def __init__(
  client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
  quota_project_id=None,
  client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
  ) -> None:
  """Instantiate the transport.
 
@@ -168,6 +169,8 @@ def __init__(
  API requests. If ``None``, then default info will be used.
  Generally, you only need to set this if you're developing
  your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
 
  Raises:
  google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -220,7 +223,7 @@ def __init__(
  scopes=scopes,
  quota_project_id=quota_project_id,
  client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
  )
 
  if not self._grpc_channel:

tests/unit/gapic/metastore_v1/test_dataproc_metastore.py

@@ -140,7 +140,25 @@ def test_dataproc_metastore_client_service_account_always_use_jwt(client_class):
  ) as use_jwt:
  creds = service_account.Credentials(None, None, None)
  client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.DataprocMetastoreGrpcTransport, "grpc"),
+ (transports.DataprocMetastoreGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_dataproc_metastore_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
 
 
 @pytest.mark.parametrize(
@@ -3319,7 +3337,7 @@ def test_dataproc_metastore_grpc_transport_client_cert_source_for_mtls(transport
  "squid.clam.whelk:443",
  credentials=cred,
  credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
  ssl_credentials=mock_ssl_channel_creds,
  quota_project_id=None,
  options=[
@@ -3428,7 +3446,7 @@ def test_dataproc_metastore_transport_channel_mtls_with_client_cert_source(
  "mtls.squid.clam.whelk:443",
  credentials=cred,
  credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
  ssl_credentials=mock_ssl_cred,
  quota_project_id=None,
  options=[
@@ -3475,7 +3493,7 @@ def test_dataproc_metastore_transport_channel_mtls_with_adc(transport_class):
  "mtls.squid.clam.whelk:443",
  credentials=mock_cred,
  credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
  ssl_credentials=mock_ssl_cred,
  quota_project_id=None,
  options=[