diff --git a/.coveragerc b/.coveragerc
index 86c446a3..3425850c 100644
--- a/.coveragerc
+++ b/.coveragerc
@@ -2,7 +2,6 @@
branch = True
[report]
-fail_under = 100
show_missing = True
omit =
google/cloud/asset/__init__.py
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index da616c91..e2b39f94 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/repo-automation-bots/owlbot-python:latest
- digest: sha256:c66ba3c8d7bc8566f47df841f98cd0097b28fff0b1864c86f5817f4c8c3e8600
+ digest: sha256:99d90d097e4a4710cc8658ee0b5b963f4426d0e424819787c3ac1405c9a26719
diff --git a/.kokoro/samples/python3.9/common.cfg b/.kokoro/samples/python3.9/common.cfg
new file mode 100644
index 00000000..3b548005
--- /dev/null
+++ b/.kokoro/samples/python3.9/common.cfg
@@ -0,0 +1,40 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+# Build logs will be here
+action {
+ define_artifacts {
+ regex: "**/*sponge_log.xml"
+ }
+}
+
+# Specify which tests to run
+env_vars: {
+ key: "RUN_TESTS_SESSION"
+ value: "py-3.9"
+}
+
+# Declare build specific Cloud project.
+env_vars: {
+ key: "BUILD_SPECIFIC_GCLOUD_PROJECT"
+ value: "python-docs-samples-tests-py39"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-asset/.kokoro/test-samples.sh"
+}
+
+# Configure the docker image for kokoro-trampoline.
+env_vars: {
+ key: "TRAMPOLINE_IMAGE"
+ value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker"
+}
+
+# Download secrets for samples
+gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/python-docs-samples"
+
+# Download trampoline resources.
+gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
+
+# Use the trampoline script to run in docker.
+build_file: "python-asset/.kokoro/trampoline.sh"
\ No newline at end of file
diff --git a/.kokoro/samples/python3.9/continuous.cfg b/.kokoro/samples/python3.9/continuous.cfg
new file mode 100644
index 00000000..a1c8d975
--- /dev/null
+++ b/.kokoro/samples/python3.9/continuous.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
\ No newline at end of file
diff --git a/.kokoro/samples/python3.9/periodic-head.cfg b/.kokoro/samples/python3.9/periodic-head.cfg
new file mode 100644
index 00000000..f9cfcd33
--- /dev/null
+++ b/.kokoro/samples/python3.9/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-pubsub/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/samples/python3.9/periodic.cfg b/.kokoro/samples/python3.9/periodic.cfg
new file mode 100644
index 00000000..50fec964
--- /dev/null
+++ b/.kokoro/samples/python3.9/periodic.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "False"
+}
\ No newline at end of file
diff --git a/.kokoro/samples/python3.9/presubmit.cfg b/.kokoro/samples/python3.9/presubmit.cfg
new file mode 100644
index 00000000..a1c8d975
--- /dev/null
+++ b/.kokoro/samples/python3.9/presubmit.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4f00c7cf..62eb5a77 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,7 +16,7 @@
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v3.4.0
+ rev: v4.0.1
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f49de71..60dbdbfa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,27 @@
[1]: https://pypi.org/project/google-cloud-asset/#history
+## [3.2.0](https://www.github.com/googleapis/python-asset/compare/v3.1.0...v3.2.0) (2021-07-12)
+
+
+### Features
+
+* add always_use_jwt_access ([0a14f25](https://www.github.com/googleapis/python-asset/commit/0a14f25784a5d39b666709c2dc6521f014eea781))
+* add new searchable fields (memberTypes, roles, project, folders and organization) in SearchAllIamPolicies ([0a14f25](https://www.github.com/googleapis/python-asset/commit/0a14f25784a5d39b666709c2dc6521f014eea781))
+* new request fields (assetTypes and orderBy) in SearchAllIamPolicies ([0a14f25](https://www.github.com/googleapis/python-asset/commit/0a14f25784a5d39b666709c2dc6521f014eea781))
+* new response fields (assetType, folders and organization) in SearchAllIamPolicies ([0a14f25](https://www.github.com/googleapis/python-asset/commit/0a14f25784a5d39b666709c2dc6521f014eea781))
+
+
+### Bug Fixes
+
+* disable always_use_jwt_access ([0a14f25](https://www.github.com/googleapis/python-asset/commit/0a14f25784a5d39b666709c2dc6521f014eea781))
+* disable always_use_jwt_access ([#217](https://www.github.com/googleapis/python-asset/issues/217)) ([0a14f25](https://www.github.com/googleapis/python-asset/commit/0a14f25784a5d39b666709c2dc6521f014eea781))
+
+
+### Documentation
+
+* omit mention of Python 2.7 in 'CONTRIBUTING.rst' ([#1127](https://www.github.com/googleapis/python-asset/issues/1127)) ([#205](https://www.github.com/googleapis/python-asset/issues/205)) ([b9db51a](https://www.github.com/googleapis/python-asset/commit/b9db51a1e88615ab2da22da188d59987fcfca5d4)), closes [#1126](https://www.github.com/googleapis/python-asset/issues/1126)
+
## [3.1.0](https://www.github.com/googleapis/python-asset/compare/v3.0.0...v3.1.0) (2021-06-07)
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 76d88dce..f1fece12 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -68,15 +68,12 @@ Using ``nox``
We use `nox `__ to instrument our tests.
- To test your changes, run unit tests with ``nox``::
+ $ nox -s unit
- $ nox -s unit-2.7
- $ nox -s unit-3.8
- $ ...
+- To run a single unit test::
-- Args to pytest can be passed through the nox command separated by a `--`. For
- example, to run a single test::
+ $ nox -s unit-3.9 -- -k
- $ nox -s unit-3.8 -- -k
.. note::
@@ -143,8 +140,7 @@ Running System Tests
- To run system tests, you can execute::
# Run all system tests
- $ nox -s system-3.8
- $ nox -s system-2.7
+ $ nox -s system
# Run a single system test
$ nox -s system-3.8 -- -k
@@ -152,9 +148,8 @@ Running System Tests
.. note::
- System tests are only configured to run under Python 2.7 and
- Python 3.8. For expediency, we do not run them in older versions
- of Python 3.
+ System tests are only configured to run under Python 3.8.
+ For expediency, we do not run them in older versions of Python 3.
This alone will not run the tests. You'll need to change some local
auth settings and change some configuration in your project to
@@ -218,8 +213,8 @@ Supported versions can be found in our ``noxfile.py`` `config`_.
.. _config: https://github.com/googleapis/python-asset/blob/master/noxfile.py
-We also explicitly decided to support Python 3 beginning with version
-3.6. Reasons for this include:
+We also explicitly decided to support Python 3 beginning with version 3.6.
+Reasons for this include:
- Encouraging use of newest versions of Python 3
- Taking the lead of `prominent`_ open-source `projects`_
diff --git a/docs/conf.py b/docs/conf.py
index 0e3d12c9..2949bbce 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -80,9 +80,9 @@
master_doc = "index"
# General information about the project.
-project = u"google-cloud-asset"
-copyright = u"2019, Google"
-author = u"Google APIs"
+project = "google-cloud-asset"
+copyright = "2019, Google"
+author = "Google APIs"
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
@@ -281,7 +281,7 @@
(
master_doc,
"google-cloud-asset.tex",
- u"google-cloud-asset Documentation",
+ "google-cloud-asset Documentation",
author,
"manual",
)
@@ -313,13 +313,7 @@
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
- (
- master_doc,
- "google-cloud-asset",
- u"google-cloud-asset Documentation",
- [author],
- 1,
- )
+ (master_doc, "google-cloud-asset", "google-cloud-asset Documentation", [author], 1,)
]
# If true, show URL addresses after external links.
@@ -335,7 +329,7 @@
(
master_doc,
"google-cloud-asset",
- u"google-cloud-asset Documentation",
+ "google-cloud-asset Documentation",
author,
"google-cloud-asset",
"google-cloud-asset Library",
diff --git a/google/cloud/asset_v1/services/asset_service/async_client.py b/google/cloud/asset_v1/services/asset_service/async_client.py
index b4d9fcc2..b56b0f30 100644
--- a/google/cloud/asset_v1/services/asset_service/async_client.py
+++ b/google/cloud/asset_v1/services/asset_service/async_client.py
@@ -955,12 +955,11 @@ async def search_all_resources(
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- core_exceptions.DeadlineExceeded,
core_exceptions.ServiceUnavailable,
),
- deadline=15.0,
+ deadline=30.0,
),
- default_timeout=15.0,
+ default_timeout=30.0,
client_info=DEFAULT_CLIENT_INFO,
)
@@ -1067,6 +1066,10 @@ async def search_all_iam_policies(
find IAM policy bindings that are set on resources
"instance1" or "instance2" and also specify user
"amy".
+ - ``roles:roles/compute.admin`` to find IAM policy
+ bindings that specify the Compute Admin role.
+ - ``memberTypes:user`` to find IAM policy bindings that
+ contain the "user" member type.
This corresponds to the ``query`` field
on the ``request`` instance; if ``request`` is provided, this
@@ -1113,12 +1116,11 @@ async def search_all_iam_policies(
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- core_exceptions.DeadlineExceeded,
core_exceptions.ServiceUnavailable,
),
- deadline=15.0,
+ deadline=30.0,
),
- default_timeout=15.0,
+ default_timeout=30.0,
client_info=DEFAULT_CLIENT_INFO,
)
diff --git a/google/cloud/asset_v1/services/asset_service/client.py b/google/cloud/asset_v1/services/asset_service/client.py
index 54151fb8..b2b3245c 100644
--- a/google/cloud/asset_v1/services/asset_service/client.py
+++ b/google/cloud/asset_v1/services/asset_service/client.py
@@ -1194,6 +1194,10 @@ def search_all_iam_policies(
find IAM policy bindings that are set on resources
"instance1" or "instance2" and also specify user
"amy".
+ - ``roles:roles/compute.admin`` to find IAM policy
+ bindings that specify the Compute Admin role.
+ - ``memberTypes:user`` to find IAM policy bindings that
+ contain the "user" member type.
This corresponds to the ``query`` field
on the ``request`` instance; if ``request`` is provided, this
diff --git a/google/cloud/asset_v1/services/asset_service/transports/base.py b/google/cloud/asset_v1/services/asset_service/transports/base.py
index 42793ee5..e15d7266 100644
--- a/google/cloud/asset_v1/services/asset_service/transports/base.py
+++ b/google/cloud/asset_v1/services/asset_service/transports/base.py
@@ -25,6 +25,7 @@
from google.api_core import retry as retries # type: ignore
from google.api_core import operations_v1 # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.asset_v1.types import asset_service
from google.longrunning import operations_pb2 # type: ignore
@@ -46,8 +47,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class AssetServiceTransport(abc.ABC):
"""Abstract transport class for AssetService."""
@@ -65,6 +64,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -88,6 +88,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -97,7 +99,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -116,13 +118,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -143,27 +152,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
@@ -258,12 +246,11 @@ def _prep_wrapped_messages(self, client_info):
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- core_exceptions.DeadlineExceeded,
core_exceptions.ServiceUnavailable,
),
- deadline=15.0,
+ deadline=30.0,
),
- default_timeout=15.0,
+ default_timeout=30.0,
client_info=client_info,
),
self.search_all_iam_policies: gapic_v1.method.wrap_method(
@@ -273,12 +260,11 @@ def _prep_wrapped_messages(self, client_info):
maximum=60.0,
multiplier=1.3,
predicate=retries.if_exception_type(
- core_exceptions.DeadlineExceeded,
core_exceptions.ServiceUnavailable,
),
- deadline=15.0,
+ deadline=30.0,
),
- default_timeout=15.0,
+ default_timeout=30.0,
client_info=client_info,
),
self.analyze_iam_policy: gapic_v1.method.wrap_method(
diff --git a/google/cloud/asset_v1/services/asset_service/transports/grpc.py b/google/cloud/asset_v1/services/asset_service/transports/grpc.py
index 6ca9e36a..177e4a3a 100644
--- a/google/cloud/asset_v1/services/asset_service/transports/grpc.py
+++ b/google/cloud/asset_v1/services/asset_service/transports/grpc.py
@@ -60,6 +60,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -100,6 +101,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -153,6 +156,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -208,14 +212,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py b/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py
index 96f1af84..7df1ccb4 100644
--- a/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py
+++ b/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py
@@ -81,14 +81,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -106,6 +106,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -147,6 +148,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -199,6 +202,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/asset_v1/types/asset_service.py b/google/cloud/asset_v1/types/asset_service.py
index 9f6a1854..bb0dd094 100644
--- a/google/cloud/asset_v1/types/asset_service.py
+++ b/google/cloud/asset_v1/types/asset_service.py
@@ -879,6 +879,10 @@ class SearchAllIamPoliciesRequest(proto.Message):
- ``resource:(instance1 OR instance2) policy:amy`` to find
IAM policy bindings that are set on resources "instance1"
or "instance2" and also specify user "amy".
+ - ``roles:roles/compute.admin`` to find IAM policy bindings
+ that specify the Compute Admin role.
+ - ``memberTypes:user`` to find IAM policy bindings that
+ contain the "user" member type.
page_size (int):
Optional. The page size for search result pagination. Page
size is capped at 500 even if a larger value is given. If
@@ -892,12 +896,47 @@ class SearchAllIamPoliciesRequest(proto.Message):
be the value of ``next_page_token`` from the previous
response. The values of all other method parameters must be
identical to those in the previous call.
+ asset_types (Sequence[str]):
+ Optional. A list of asset types that the IAM policies are
+ attached to. If empty, it will search the IAM policies that
+ are attached to all the `searchable asset
+ types `__.
+
+ Regular expressions are also supported. For example:
+
+ - "compute.googleapis.com.*" snapshots IAM policies
+ attached to asset type starts with
+ "compute.googleapis.com".
+ - ".*Instance" snapshots IAM policies attached to asset
+ type ends with "Instance".
+ - ".*Instance.*" snapshots IAM policies attached to asset
+ type contains "Instance".
+
+ See `RE2 `__ for
+ all supported regular expression syntax. If the regular
+ expression does not match any supported asset type, an
+ INVALID_ARGUMENT error will be returned.
+ order_by (str):
+ Optional. A comma-separated list of fields specifying the
+ sorting order of the results. The default order is
+ ascending. Add " DESC" after the field name to indicate
+ descending order. Redundant space characters are ignored.
+ Example: "assetType DESC, resource". Only singular primitive
+ fields in the response are sortable:
+
+ - resource
+ - assetType
+ - project All the other fields such as repeated fields
+ (e.g., ``folders``) and non-primitive fields (e.g.,
+ ``policy``) are not supported.
"""
scope = proto.Field(proto.STRING, number=1,)
query = proto.Field(proto.STRING, number=2,)
page_size = proto.Field(proto.INT32, number=3,)
page_token = proto.Field(proto.STRING, number=4,)
+ asset_types = proto.RepeatedField(proto.STRING, number=5,)
+ order_by = proto.Field(proto.STRING, number=7,)
class SearchAllIamPoliciesResponse(proto.Message):
diff --git a/google/cloud/asset_v1/types/assets.py b/google/cloud/asset_v1/types/assets.py
index 893f9c33..5778741c 100644
--- a/google/cloud/asset_v1/types/assets.py
+++ b/google/cloud/asset_v1/types/assets.py
@@ -518,6 +518,13 @@ class IamPolicySearchResult(proto.Message):
- use a field query. Example:
``resource:organizations/123``
+ asset_type (str):
+ The type of the resource associated with this IAM policy.
+ Example: ``compute.googleapis.com/Disk``.
+
+ To search against the ``asset_type``:
+
+ - specify the ``asset_types`` field in your search request.
project (str):
The project that the associated GCP resource belongs to, in
the form of projects/{PROJECT_NUMBER}. If an IAM policy is
@@ -530,6 +537,28 @@ class IamPolicySearchResult(proto.Message):
- specify the ``scope`` field as this project in your
search request.
+ folders (Sequence[str]):
+ The folder(s) that the IAM policy belongs to, in the form of
+ folders/{FOLDER_NUMBER}. This field is available when the
+ IAM policy belongs to one or more folders.
+
+ To search against ``folders``:
+
+ - use a field query. Example: ``folders:(123 OR 456)``
+ - use a free text query. Example: ``123``
+ - specify the ``scope`` field as this folder in your search
+ request.
+ organization (str):
+ The organization that the IAM policy belongs to, in the form
+ of organizations/{ORGANIZATION_NUMBER}. This field is
+ available when the IAM policy belongs to an organization.
+
+ To search against ``organization``:
+
+ - use a field query. Example: ``organization:123``
+ - use a free text query. Example: ``123``
+ - specify the ``scope`` field as this organization in your
+ search request.
policy (google.iam.v1.policy_pb2.Policy):
The IAM policy directly set on the given resource. Note that
the original IAM policy can contain multiple bindings. This
@@ -588,7 +617,10 @@ class Permissions(proto.Message):
)
resource = proto.Field(proto.STRING, number=1,)
+ asset_type = proto.Field(proto.STRING, number=5,)
project = proto.Field(proto.STRING, number=2,)
+ folders = proto.RepeatedField(proto.STRING, number=6,)
+ organization = proto.Field(proto.STRING, number=7,)
policy = proto.Field(proto.MESSAGE, number=3, message=policy_pb2.Policy,)
explanation = proto.Field(proto.MESSAGE, number=4, message=Explanation,)
diff --git a/google/cloud/asset_v1p1beta1/services/asset_service/transports/base.py b/google/cloud/asset_v1p1beta1/services/asset_service/transports/base.py
index 8ee42a9b..eb764427 100644
--- a/google/cloud/asset_v1p1beta1/services/asset_service/transports/base.py
+++ b/google/cloud/asset_v1p1beta1/services/asset_service/transports/base.py
@@ -24,6 +24,7 @@
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.asset_v1p1beta1.types import asset_service
@@ -43,8 +44,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class AssetServiceTransport(abc.ABC):
"""Abstract transport class for AssetService."""
@@ -62,6 +61,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -85,6 +85,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -94,7 +96,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -113,13 +115,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -140,27 +149,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc.py b/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc.py
index 4b4b685f..5014c340 100644
--- a/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc.py
+++ b/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc.py
@@ -57,6 +57,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -97,6 +98,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -149,6 +152,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -204,14 +208,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc_asyncio.py b/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc_asyncio.py
index a93fad9a..9b3b4bb7 100644
--- a/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc_asyncio.py
+++ b/google/cloud/asset_v1p1beta1/services/asset_service/transports/grpc_asyncio.py
@@ -78,14 +78,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -103,6 +103,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -144,6 +145,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -195,6 +198,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/asset_v1p2beta1/services/asset_service/transports/base.py b/google/cloud/asset_v1p2beta1/services/asset_service/transports/base.py
index 5d867d28..59950757 100644
--- a/google/cloud/asset_v1p2beta1/services/asset_service/transports/base.py
+++ b/google/cloud/asset_v1p2beta1/services/asset_service/transports/base.py
@@ -24,6 +24,7 @@
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.asset_v1p2beta1.types import asset_service
from google.protobuf import empty_pb2 # type: ignore
@@ -44,8 +45,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class AssetServiceTransport(abc.ABC):
"""Abstract transport class for AssetService."""
@@ -63,6 +62,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -86,6 +86,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -95,7 +97,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -114,13 +116,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -141,27 +150,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc.py b/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc.py
index c6342408..1d41fd52 100644
--- a/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc.py
+++ b/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc.py
@@ -58,6 +58,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -98,6 +99,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -150,6 +153,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -205,14 +209,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc_asyncio.py b/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc_asyncio.py
index aaaa591f..aadf6a1a 100644
--- a/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc_asyncio.py
+++ b/google/cloud/asset_v1p2beta1/services/asset_service/transports/grpc_asyncio.py
@@ -79,14 +79,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -104,6 +104,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -145,6 +146,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -196,6 +199,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/asset_v1p4beta1/services/asset_service/transports/base.py b/google/cloud/asset_v1p4beta1/services/asset_service/transports/base.py
index 65d21b3f..01575ced 100644
--- a/google/cloud/asset_v1p4beta1/services/asset_service/transports/base.py
+++ b/google/cloud/asset_v1p4beta1/services/asset_service/transports/base.py
@@ -25,6 +25,7 @@
from google.api_core import retry as retries # type: ignore
from google.api_core import operations_v1 # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.asset_v1p4beta1.types import asset_service
from google.longrunning import operations_pb2 # type: ignore
@@ -45,8 +46,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class AssetServiceTransport(abc.ABC):
"""Abstract transport class for AssetService."""
@@ -64,6 +63,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -87,6 +87,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -96,7 +98,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -115,13 +117,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -142,27 +151,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc.py b/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc.py
index e958a387..1113b5d4 100644
--- a/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc.py
+++ b/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc.py
@@ -59,6 +59,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -99,6 +100,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -152,6 +155,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -207,14 +211,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc_asyncio.py b/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc_asyncio.py
index 7005c0f4..c51ccc94 100644
--- a/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc_asyncio.py
+++ b/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc_asyncio.py
@@ -80,14 +80,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -105,6 +105,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -146,6 +147,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -198,6 +201,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/asset_v1p5beta1/services/asset_service/transports/base.py b/google/cloud/asset_v1p5beta1/services/asset_service/transports/base.py
index 1c877d77..2b5302ca 100644
--- a/google/cloud/asset_v1p5beta1/services/asset_service/transports/base.py
+++ b/google/cloud/asset_v1p5beta1/services/asset_service/transports/base.py
@@ -24,6 +24,7 @@
from google.api_core import gapic_v1 # type: ignore
from google.api_core import retry as retries # type: ignore
from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
from google.cloud.asset_v1p5beta1.types import asset_service
@@ -43,8 +44,6 @@
except pkg_resources.DistributionNotFound: # pragma: NO COVER
_GOOGLE_AUTH_VERSION = None
-_API_CORE_VERSION = google.api_core.__version__
-
class AssetServiceTransport(abc.ABC):
"""Abstract transport class for AssetService."""
@@ -62,6 +61,7 @@ def __init__(
scopes: Optional[Sequence[str]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
**kwargs,
) -> None:
"""Instantiate the transport.
@@ -85,6 +85,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
"""
# Save the hostname. Default to port 443 (HTTPS) if none is specified.
if ":" not in host:
@@ -94,7 +96,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
@@ -113,13 +115,20 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
+ # If the credentials is service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
# Save the credentials.
self._credentials = credentials
- # TODO(busunkim): These two class methods are in the base transport
+ # TODO(busunkim): This method is in the base transport
# to avoid duplicating code across the transport classes. These functions
- # should be deleted once the minimum required versions of google-api-core
- # and google-auth are increased.
+ # should be deleted once the minimum required versions of google-auth is increased.
# TODO: Remove this function once google-auth >= 1.25.0 is required
@classmethod
@@ -140,27 +149,6 @@ def _get_scopes_kwargs(
return scopes_kwargs
- # TODO: Remove this function once google-api-core >= 1.26.0 is required
- @classmethod
- def _get_self_signed_jwt_kwargs(
- cls, host: str, scopes: Optional[Sequence[str]]
- ) -> Dict[str, Union[Optional[Sequence[str]], str]]:
- """Returns kwargs to pass to grpc_helpers.create_channel depending on the google-api-core version"""
-
- self_signed_jwt_kwargs: Dict[str, Union[Optional[Sequence[str]], str]] = {}
-
- if _API_CORE_VERSION and (
- packaging.version.parse(_API_CORE_VERSION)
- >= packaging.version.parse("1.26.0")
- ):
- self_signed_jwt_kwargs["default_scopes"] = cls.AUTH_SCOPES
- self_signed_jwt_kwargs["scopes"] = scopes
- self_signed_jwt_kwargs["default_host"] = cls.DEFAULT_HOST
- else:
- self_signed_jwt_kwargs["scopes"] = scopes or cls.AUTH_SCOPES
-
- return self_signed_jwt_kwargs
-
def _prep_wrapped_messages(self, client_info):
# Precompute the wrapped methods.
self._wrapped_methods = {
diff --git a/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc.py b/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc.py
index 409c71bd..b5ac0ae5 100644
--- a/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc.py
+++ b/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc.py
@@ -57,6 +57,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -97,6 +98,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -149,6 +152,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
@@ -204,14 +208,14 @@ def create_channel(
and ``credentials_file`` are passed.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
diff --git a/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc_asyncio.py b/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc_asyncio.py
index 41d9136c..3449feb6 100644
--- a/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc_asyncio.py
+++ b/google/cloud/asset_v1p5beta1/services/asset_service/transports/grpc_asyncio.py
@@ -78,14 +78,14 @@ def create_channel(
aio.Channel: A gRPC AsyncIO channel object.
"""
- self_signed_jwt_kwargs = cls._get_self_signed_jwt_kwargs(host, scopes)
-
return grpc_helpers_async.create_channel(
host,
credentials=credentials,
credentials_file=credentials_file,
quota_project_id=quota_project_id,
- **self_signed_jwt_kwargs,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
**kwargs,
)
@@ -103,6 +103,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -144,6 +145,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -195,6 +198,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/samples/snippets/quickstart_listassets.py b/samples/snippets/quickstart_listassets.py
index 9c5e191a..75180075 100644
--- a/samples/snippets/quickstart_listassets.py
+++ b/samples/snippets/quickstart_listassets.py
@@ -20,7 +20,7 @@
def list_assets(project_id, asset_types, page_size):
# [START asset_quickstart_list_assets]
- from google.cloud import asset_v1p5beta1
+ from google.cloud import asset_v1
# TODO project_id = 'Your Google Cloud Project ID'
# TODO asset_types = 'Your asset type list, e.g.,
@@ -29,10 +29,10 @@ def list_assets(project_id, asset_types, page_size):
# 1000 (both inclusively)'
project_resource = "projects/{}".format(project_id)
- content_type = asset_v1p5beta1.ContentType.RESOURCE
- client = asset_v1p5beta1.AssetServiceClient()
+ content_type = asset_v1.ContentType.RESOURCE
+ client = asset_v1.AssetServiceClient()
- # Call ListAssets v1p5beta1 to list assets.
+ # Call ListAssets v1 to list assets.
response = client.list_assets(
request={
"parent": project_resource,
diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt
index 76b08c7c..4f9b340b 100644
--- a/samples/snippets/requirements.txt
+++ b/samples/snippets/requirements.txt
@@ -1,5 +1,5 @@
-google-cloud-storage==1.38.0
-google-cloud-asset==2.2.0
+google-cloud-storage==1.40.0
+google-cloud-asset==3.1.0
google-cloud-resource-manager==0.30.3
-google-cloud-pubsub==2.5.0
+google-cloud-pubsub==2.6.1
google-cloud-bigquery==2.20.0
diff --git a/scripts/fixup_asset_v1_keywords.py b/scripts/fixup_asset_v1_keywords.py
index cfef8db5..4a9e79e9 100644
--- a/scripts/fixup_asset_v1_keywords.py
+++ b/scripts/fixup_asset_v1_keywords.py
@@ -48,7 +48,7 @@ class assetCallTransformer(cst.CSTTransformer):
'get_feed': ('name', ),
'list_assets': ('parent', 'read_time', 'asset_types', 'content_type', 'page_size', 'page_token', ),
'list_feeds': ('parent', ),
- 'search_all_iam_policies': ('scope', 'query', 'page_size', 'page_token', ),
+ 'search_all_iam_policies': ('scope', 'query', 'page_size', 'page_token', 'asset_types', 'order_by', ),
'search_all_resources': ('scope', 'query', 'asset_types', 'page_size', 'page_token', 'order_by', ),
'update_feed': ('feed', 'update_mask', ),
}
diff --git a/setup.py b/setup.py
index 533d03da..4aae4cc0 100644
--- a/setup.py
+++ b/setup.py
@@ -21,14 +21,14 @@
name = "google-cloud-asset"
description = "Cloud Asset API API client library"
-version = "3.1.0"
+version = "3.2.0"
# Should be one of:
# 'Development Status :: 3 - Alpha'
# 'Development Status :: 4 - Beta'
# 'Development Status :: 5 - Production/Stable'
release_status = "Development Status :: 5 - Production/Stable"
dependencies = [
- "google-api-core[grpc] >= 1.22.2, < 2.0.0dev",
+ "google-api-core[grpc] >= 1.26.0, < 2.0.0dev",
"grpc-google-iam-v1 >= 0.12.3, < 0.13dev",
"google-cloud-access-context-manager >= 0.1.2, < 0.2.0dev",
"google-cloud-org-policy>=0.1.2, <0.4.0",
diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt
index 1d8ebd1b..d2b9a053 100644
--- a/testing/constraints-3.6.txt
+++ b/testing/constraints-3.6.txt
@@ -5,7 +5,7 @@
#
# e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev",
# Then this file should have foo==1.14.0
-google-api-core==1.22.2
+google-api-core==1.26.0
grpc-google-iam-v1==0.12.3
google-cloud-access-context-manager==0.1.2
google-cloud-org-policy==0.1.2
diff --git a/tests/unit/gapic/asset_v1/test_asset_service.py b/tests/unit/gapic/asset_v1/test_asset_service.py
index d6140d64..25543608 100644
--- a/tests/unit/gapic/asset_v1/test_asset_service.py
+++ b/tests/unit/gapic/asset_v1/test_asset_service.py
@@ -38,9 +38,6 @@
from google.cloud.asset_v1.services.asset_service import AssetServiceClient
from google.cloud.asset_v1.services.asset_service import pagers
from google.cloud.asset_v1.services.asset_service import transports
-from google.cloud.asset_v1.services.asset_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.asset_v1.services.asset_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -55,8 +52,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -67,16 +65,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -134,6 +122,34 @@ def test_asset_service_client_from_service_account_info(client_class):
assert client.transport._host == "cloudasset.googleapis.com:443"
+@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
+def test_asset_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.AssetServiceGrpcTransport, "grpc"),
+ (transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_asset_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
def test_asset_service_client_from_service_account_file(client_class):
creds = ga_credentials.AnonymousCredentials()
@@ -3371,7 +3387,6 @@ def test_asset_service_transport_auth_adc_old_google_auth(transport_class):
(transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -3400,79 +3415,6 @@ def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport],
@@ -3492,7 +3434,7 @@ def test_asset_service_grpc_transport_client_cert_source_for_mtls(transport_clas
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -3596,7 +3538,7 @@ def test_asset_service_transport_channel_mtls_with_client_cert_source(transport_
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -3640,7 +3582,7 @@ def test_asset_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/asset_v1p1beta1/test_asset_service.py b/tests/unit/gapic/asset_v1p1beta1/test_asset_service.py
index 86324791..b77607ea 100644
--- a/tests/unit/gapic/asset_v1p1beta1/test_asset_service.py
+++ b/tests/unit/gapic/asset_v1p1beta1/test_asset_service.py
@@ -35,9 +35,6 @@
from google.cloud.asset_v1p1beta1.services.asset_service import AssetServiceClient
from google.cloud.asset_v1p1beta1.services.asset_service import pagers
from google.cloud.asset_v1p1beta1.services.asset_service import transports
-from google.cloud.asset_v1p1beta1.services.asset_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.asset_v1p1beta1.services.asset_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -47,8 +44,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -59,16 +57,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -126,6 +114,34 @@ def test_asset_service_client_from_service_account_info(client_class):
assert client.transport._host == "cloudasset.googleapis.com:443"
+@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
+def test_asset_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.AssetServiceGrpcTransport, "grpc"),
+ (transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_asset_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
def test_asset_service_client_from_service_account_file(client_class):
creds = ga_credentials.AnonymousCredentials()
@@ -1475,7 +1491,6 @@ def test_asset_service_transport_auth_adc_old_google_auth(transport_class):
(transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -1504,79 +1519,6 @@ def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport],
@@ -1596,7 +1538,7 @@ def test_asset_service_grpc_transport_client_cert_source_for_mtls(transport_clas
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1700,7 +1642,7 @@ def test_asset_service_transport_channel_mtls_with_client_cert_source(transport_
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1744,7 +1686,7 @@ def test_asset_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/asset_v1p2beta1/test_asset_service.py b/tests/unit/gapic/asset_v1p2beta1/test_asset_service.py
index 8369ff2f..5cac32a1 100644
--- a/tests/unit/gapic/asset_v1p2beta1/test_asset_service.py
+++ b/tests/unit/gapic/asset_v1p2beta1/test_asset_service.py
@@ -34,9 +34,6 @@
from google.cloud.asset_v1p2beta1.services.asset_service import AssetServiceAsyncClient
from google.cloud.asset_v1p2beta1.services.asset_service import AssetServiceClient
from google.cloud.asset_v1p2beta1.services.asset_service import transports
-from google.cloud.asset_v1p2beta1.services.asset_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.asset_v1p2beta1.services.asset_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -46,8 +43,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -58,16 +56,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -125,6 +113,34 @@ def test_asset_service_client_from_service_account_info(client_class):
assert client.transport._host == "cloudasset.googleapis.com:443"
+@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
+def test_asset_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.AssetServiceGrpcTransport, "grpc"),
+ (transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_asset_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
def test_asset_service_client_from_service_account_file(client_class):
creds = ga_credentials.AnonymousCredentials()
@@ -1697,7 +1713,6 @@ def test_asset_service_transport_auth_adc_old_google_auth(transport_class):
(transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -1726,79 +1741,6 @@ def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport],
@@ -1818,7 +1760,7 @@ def test_asset_service_grpc_transport_client_cert_source_for_mtls(transport_clas
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1922,7 +1864,7 @@ def test_asset_service_transport_channel_mtls_with_client_cert_source(transport_
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1966,7 +1908,7 @@ def test_asset_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/asset_v1p4beta1/test_asset_service.py b/tests/unit/gapic/asset_v1p4beta1/test_asset_service.py
index 6d21bcbc..2da5260c 100644
--- a/tests/unit/gapic/asset_v1p4beta1/test_asset_service.py
+++ b/tests/unit/gapic/asset_v1p4beta1/test_asset_service.py
@@ -37,9 +37,6 @@
from google.cloud.asset_v1p4beta1.services.asset_service import AssetServiceAsyncClient
from google.cloud.asset_v1p4beta1.services.asset_service import AssetServiceClient
from google.cloud.asset_v1p4beta1.services.asset_service import transports
-from google.cloud.asset_v1p4beta1.services.asset_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.asset_v1p4beta1.services.asset_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -51,8 +48,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -63,16 +61,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -130,6 +118,34 @@ def test_asset_service_client_from_service_account_info(client_class):
assert client.transport._host == "cloudasset.googleapis.com:443"
+@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
+def test_asset_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.AssetServiceGrpcTransport, "grpc"),
+ (transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_asset_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
def test_asset_service_client_from_service_account_file(client_class):
creds = ga_credentials.AnonymousCredentials()
@@ -993,7 +1009,6 @@ def test_asset_service_transport_auth_adc_old_google_auth(transport_class):
(transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -1022,79 +1037,6 @@ def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport],
@@ -1114,7 +1056,7 @@ def test_asset_service_grpc_transport_client_cert_source_for_mtls(transport_clas
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1218,7 +1160,7 @@ def test_asset_service_transport_channel_mtls_with_client_cert_source(transport_
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1262,7 +1204,7 @@ def test_asset_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/asset_v1p5beta1/test_asset_service.py b/tests/unit/gapic/asset_v1p5beta1/test_asset_service.py
index 55f017d4..5d9c1140 100644
--- a/tests/unit/gapic/asset_v1p5beta1/test_asset_service.py
+++ b/tests/unit/gapic/asset_v1p5beta1/test_asset_service.py
@@ -35,9 +35,6 @@
from google.cloud.asset_v1p5beta1.services.asset_service import AssetServiceClient
from google.cloud.asset_v1p5beta1.services.asset_service import pagers
from google.cloud.asset_v1p5beta1.services.asset_service import transports
-from google.cloud.asset_v1p5beta1.services.asset_service.transports.base import (
- _API_CORE_VERSION,
-)
from google.cloud.asset_v1p5beta1.services.asset_service.transports.base import (
_GOOGLE_AUTH_VERSION,
)
@@ -48,8 +45,9 @@
import google.auth
-# TODO(busunkim): Once google-api-core >= 1.26.0 is required:
-# - Delete all the api-core and auth "less than" test cases
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
@@ -60,16 +58,6 @@
reason="This test requires google-auth >= 1.25.0",
)
-requires_api_core_lt_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) >= packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core < 1.26.0",
-)
-
-requires_api_core_gte_1_26_0 = pytest.mark.skipif(
- packaging.version.parse(_API_CORE_VERSION) < packaging.version.parse("1.26.0"),
- reason="This test requires google-api-core >= 1.26.0",
-)
-
def client_cert_source_callback():
return b"cert bytes", b"key bytes"
@@ -127,6 +115,34 @@ def test_asset_service_client_from_service_account_info(client_class):
assert client.transport._host == "cloudasset.googleapis.com:443"
+@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
+def test_asset_service_client_service_account_always_use_jwt(client_class):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ client = client_class(credentials=creds)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.AssetServiceGrpcTransport, "grpc"),
+ (transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_asset_service_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+
@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient,])
def test_asset_service_client_from_service_account_file(client_class):
creds = ga_credentials.AnonymousCredentials()
@@ -935,7 +951,6 @@ def test_asset_service_transport_auth_adc_old_google_auth(transport_class):
(transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
],
)
-@requires_api_core_gte_1_26_0
def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
# If credentials and host are not provided, the transport class should use
# ADC credentials.
@@ -964,79 +979,6 @@ def test_asset_service_transport_create_channel(transport_class, grpc_helpers):
)
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_old_api_core(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
- transport_class(quota_project_id="octopus")
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
-@pytest.mark.parametrize(
- "transport_class,grpc_helpers",
- [
- (transports.AssetServiceGrpcTransport, grpc_helpers),
- (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async),
- ],
-)
-@requires_api_core_lt_1_26_0
-def test_asset_service_transport_create_channel_user_scopes(
- transport_class, grpc_helpers
-):
- # If credentials and host are not provided, the transport class should use
- # ADC credentials.
- with mock.patch.object(
- google.auth, "default", autospec=True
- ) as adc, mock.patch.object(
- grpc_helpers, "create_channel", autospec=True
- ) as create_channel:
- creds = ga_credentials.AnonymousCredentials()
- adc.return_value = (creds, None)
-
- transport_class(quota_project_id="octopus", scopes=["1", "2"])
-
- create_channel.assert_called_with(
- "cloudasset.googleapis.com:443",
- credentials=creds,
- credentials_file=None,
- quota_project_id="octopus",
- scopes=["1", "2"],
- ssl_credentials=None,
- options=[
- ("grpc.max_send_message_length", -1),
- ("grpc.max_receive_message_length", -1),
- ],
- )
-
-
@pytest.mark.parametrize(
"transport_class",
[transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport],
@@ -1056,7 +998,7 @@ def test_asset_service_grpc_transport_client_cert_source_for_mtls(transport_clas
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1160,7 +1102,7 @@ def test_asset_service_transport_channel_mtls_with_client_cert_source(transport_
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1204,7 +1146,7 @@ def test_asset_service_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[