diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 0954585..e2b39f9 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
image: gcr.io/repo-automation-bots/owlbot-python:latest
- digest: sha256:df50e8d462f86d6bcb42f27ecad55bb12c404f1c65de9c6fe4c4d25120080bd6
+ digest: sha256:99d90d097e4a4710cc8658ee0b5b963f4426d0e424819787c3ac1405c9a26719
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f0e9514..052cdac 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
# Changelog
+### [1.1.1](https://www.github.com/googleapis/python-appengine-admin/compare/v1.1.0...v1.1.1) (2021-06-30)
+
+
+### Bug Fixes
+
+* disable always_use_jwt_access ([d8d2f5f](https://www.github.com/googleapis/python-appengine-admin/commit/d8d2f5f9e6c986387fd0d811e4be06a68a83aa8e))
+* disable always_use_jwt_access ([#44](https://www.github.com/googleapis/python-appengine-admin/issues/44)) ([d8d2f5f](https://www.github.com/googleapis/python-appengine-admin/commit/d8d2f5f9e6c986387fd0d811e4be06a68a83aa8e))
+
## [1.1.0](https://www.github.com/googleapis/python-appengine-admin/compare/v1.0.2...v1.1.0) (2021-06-23)
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index beb725f..c9afd32 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -68,14 +68,12 @@ Using ``nox``
We use `nox `__ to instrument our tests.
- To test your changes, run unit tests with ``nox``::
+ $ nox -s unit
- $ nox -s unit-3.8
- $ ...
+- To run a single unit test::
-- Args to pytest can be passed through the nox command separated by a `--`. For
- example, to run a single test::
+ $ nox -s unit-3.9 -- -k
- $ nox -s unit-3.8 -- -k
.. note::
@@ -142,7 +140,7 @@ Running System Tests
- To run system tests, you can execute::
# Run all system tests
- $ nox -s system-3.8
+ $ nox -s system
# Run a single system test
$ nox -s system-3.8 -- -k
@@ -215,8 +213,8 @@ Supported versions can be found in our ``noxfile.py`` `config`_.
.. _config: https://github.com/googleapis/python-appengine-admin/blob/master/noxfile.py
-We also explicitly decided to support Python 3 beginning with version
-3.6. Reasons for this include:
+We also explicitly decided to support Python 3 beginning with version 3.6.
+Reasons for this include:
- Encouraging use of newest versions of Python 3
- Taking the lead of `prominent`_ open-source `projects`_
diff --git a/google/cloud/appengine_admin_v1/services/applications/transports/base.py b/google/cloud/appengine_admin_v1/services/applications/transports/base.py
index 6222917..a0de499 100644
--- a/google/cloud/appengine_admin_v1/services/applications/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/applications/transports/base.py
@@ -105,7 +105,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/applications/transports/grpc.py b/google/cloud/appengine_admin_v1/services/applications/transports/grpc.py
index 5b3b1a7..bc81f85 100644
--- a/google/cloud/appengine_admin_v1/services/applications/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/applications/transports/grpc.py
@@ -60,6 +60,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -100,6 +101,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -153,7 +156,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/applications/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/applications/transports/grpc_asyncio.py
index 895b4c6..d9264e4 100644
--- a/google/cloud/appengine_admin_v1/services/applications/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/applications/transports/grpc_asyncio.py
@@ -106,6 +106,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -147,6 +148,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -199,7 +202,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/base.py b/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/base.py
index 4b9b44e..5a1d2f9 100644
--- a/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/base.py
@@ -104,7 +104,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc.py b/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc.py
index b1a4179..a7f20ab 100644
--- a/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc.py
@@ -61,6 +61,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -101,6 +102,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -153,7 +156,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc_asyncio.py
index 3930241..8ab6414 100644
--- a/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/authorized_certificates/transports/grpc_asyncio.py
@@ -107,6 +107,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -148,6 +149,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -199,7 +202,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/authorized_domains/transports/base.py b/google/cloud/appengine_admin_v1/services/authorized_domains/transports/base.py
index f16e0c1..cb57d63 100644
--- a/google/cloud/appengine_admin_v1/services/authorized_domains/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/authorized_domains/transports/base.py
@@ -102,7 +102,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc.py b/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc.py
index a225b77..82d51bb 100644
--- a/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc.py
@@ -59,6 +59,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -99,6 +100,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -151,7 +154,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc_asyncio.py
index dae78ed..1848cae 100644
--- a/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/authorized_domains/transports/grpc_asyncio.py
@@ -105,6 +105,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -146,6 +147,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -197,7 +200,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/domain_mappings/transports/base.py b/google/cloud/appengine_admin_v1/services/domain_mappings/transports/base.py
index 43f5bcc..7d971f7 100644
--- a/google/cloud/appengine_admin_v1/services/domain_mappings/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/domain_mappings/transports/base.py
@@ -105,7 +105,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc.py b/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc.py
index b964d47..e7ee590 100644
--- a/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc.py
@@ -60,6 +60,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -100,6 +101,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -153,7 +156,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc_asyncio.py
index 17de4f7..df14efb 100644
--- a/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/domain_mappings/transports/grpc_asyncio.py
@@ -106,6 +106,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -147,6 +148,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -199,7 +202,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/firewall/transports/base.py b/google/cloud/appengine_admin_v1/services/firewall/transports/base.py
index 82afe37..8f2f465 100644
--- a/google/cloud/appengine_admin_v1/services/firewall/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/firewall/transports/base.py
@@ -104,7 +104,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/firewall/transports/grpc.py b/google/cloud/appengine_admin_v1/services/firewall/transports/grpc.py
index b467cd2..a20b25c 100644
--- a/google/cloud/appengine_admin_v1/services/firewall/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/firewall/transports/grpc.py
@@ -69,6 +69,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -109,6 +110,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -161,7 +164,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/firewall/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/firewall/transports/grpc_asyncio.py
index f4ae62e..b250cfd 100644
--- a/google/cloud/appengine_admin_v1/services/firewall/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/firewall/transports/grpc_asyncio.py
@@ -115,6 +115,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -156,6 +157,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -207,7 +210,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/instances/transports/base.py b/google/cloud/appengine_admin_v1/services/instances/transports/base.py
index 39b64b2..ab81cf2 100644
--- a/google/cloud/appengine_admin_v1/services/instances/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/instances/transports/base.py
@@ -105,7 +105,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/instances/transports/grpc.py b/google/cloud/appengine_admin_v1/services/instances/transports/grpc.py
index 7e6cf85..905f187 100644
--- a/google/cloud/appengine_admin_v1/services/instances/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/instances/transports/grpc.py
@@ -60,6 +60,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -100,6 +101,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -153,7 +156,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/instances/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/instances/transports/grpc_asyncio.py
index d50023a..a8f7b05 100644
--- a/google/cloud/appengine_admin_v1/services/instances/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/instances/transports/grpc_asyncio.py
@@ -106,6 +106,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -147,6 +148,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -199,7 +202,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/services/transports/base.py b/google/cloud/appengine_admin_v1/services/services/transports/base.py
index 8be6524..4f5d40e 100644
--- a/google/cloud/appengine_admin_v1/services/services/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/services/transports/base.py
@@ -105,7 +105,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/services/transports/grpc.py b/google/cloud/appengine_admin_v1/services/services/transports/grpc.py
index 93257a0..4aed507 100644
--- a/google/cloud/appengine_admin_v1/services/services/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/services/transports/grpc.py
@@ -60,6 +60,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -100,6 +101,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -153,7 +156,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/services/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/services/transports/grpc_asyncio.py
index 0655b37..339511c 100644
--- a/google/cloud/appengine_admin_v1/services/services/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/services/transports/grpc_asyncio.py
@@ -106,6 +106,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -147,6 +148,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -199,7 +202,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/versions/transports/base.py b/google/cloud/appengine_admin_v1/services/versions/transports/base.py
index bf1f9bd..085cfd3 100644
--- a/google/cloud/appengine_admin_v1/services/versions/transports/base.py
+++ b/google/cloud/appengine_admin_v1/services/versions/transports/base.py
@@ -105,7 +105,7 @@ def __init__(
scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
# Save the scopes.
- self._scopes = scopes or self.AUTH_SCOPES
+ self._scopes = scopes
# If no credentials are provided, then determine the appropriate
# defaults.
diff --git a/google/cloud/appengine_admin_v1/services/versions/transports/grpc.py b/google/cloud/appengine_admin_v1/services/versions/transports/grpc.py
index d6a36ed..fc8ee54 100644
--- a/google/cloud/appengine_admin_v1/services/versions/transports/grpc.py
+++ b/google/cloud/appengine_admin_v1/services/versions/transports/grpc.py
@@ -60,6 +60,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id: Optional[str] = None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -100,6 +101,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -153,7 +156,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/google/cloud/appengine_admin_v1/services/versions/transports/grpc_asyncio.py b/google/cloud/appengine_admin_v1/services/versions/transports/grpc_asyncio.py
index 2d47cdd..b8fdefb 100644
--- a/google/cloud/appengine_admin_v1/services/versions/transports/grpc_asyncio.py
+++ b/google/cloud/appengine_admin_v1/services/versions/transports/grpc_asyncio.py
@@ -106,6 +106,7 @@ def __init__(
client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
quota_project_id=None,
client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
) -> None:
"""Instantiate the transport.
@@ -147,6 +148,8 @@ def __init__(
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
Raises:
google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -199,7 +202,7 @@ def __init__(
scopes=scopes,
quota_project_id=quota_project_id,
client_info=client_info,
- always_use_jwt_access=True,
+ always_use_jwt_access=always_use_jwt_access,
)
if not self._grpc_channel:
diff --git a/setup.py b/setup.py
index 81a8c3a..80ac999 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@
import setuptools # type: ignore
name = "google-cloud-appengine-admin"
-version = "1.1.0"
+version = "1.1.1"
description = "App Engine Admin API client library"
release_status = "Development Status :: 5 - Production/Stable"
url = "https://github.com/googleapis/python-appengine-admin"
diff --git a/tests/unit/gapic/appengine_admin_v1/test_applications.py b/tests/unit/gapic/appengine_admin_v1/test_applications.py
index 0d235c5..1cc3f9f 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_applications.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_applications.py
@@ -129,7 +129,25 @@ def test_applications_client_service_account_always_use_jwt(client_class):
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.ApplicationsGrpcTransport, "grpc"),
+ (transports.ApplicationsGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_applications_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize("client_class", [ApplicationsClient, ApplicationsAsyncClient,])
@@ -1318,11 +1336,7 @@ def test_applications_grpc_transport_client_cert_source_for_mtls(transport_class
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1426,11 +1440,7 @@ def test_applications_transport_channel_mtls_with_client_cert_source(transport_c
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1474,11 +1484,7 @@ def test_applications_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/appengine_admin_v1/test_authorized_certificates.py b/tests/unit/gapic/appengine_admin_v1/test_authorized_certificates.py
index f95f82f..567a1f3 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_authorized_certificates.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_authorized_certificates.py
@@ -135,7 +135,25 @@ def test_authorized_certificates_client_service_account_always_use_jwt(client_cl
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.AuthorizedCertificatesGrpcTransport, "grpc"),
+ (transports.AuthorizedCertificatesGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_authorized_certificates_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize(
@@ -1803,11 +1821,7 @@ def test_authorized_certificates_grpc_transport_client_cert_source_for_mtls(
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1916,11 +1930,7 @@ def test_authorized_certificates_transport_channel_mtls_with_client_cert_source(
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1967,11 +1977,7 @@ def test_authorized_certificates_transport_channel_mtls_with_adc(transport_class
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/appengine_admin_v1/test_authorized_domains.py b/tests/unit/gapic/appengine_admin_v1/test_authorized_domains.py
index 16932ba..037bfdd 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_authorized_domains.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_authorized_domains.py
@@ -133,7 +133,25 @@ def test_authorized_domains_client_service_account_always_use_jwt(client_class):
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.AuthorizedDomainsGrpcTransport, "grpc"),
+ (transports.AuthorizedDomainsGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_authorized_domains_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize(
@@ -1090,11 +1108,7 @@ def test_authorized_domains_grpc_transport_client_cert_source_for_mtls(transport
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1203,11 +1217,7 @@ def test_authorized_domains_transport_channel_mtls_with_client_cert_source(
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1254,11 +1264,7 @@ def test_authorized_domains_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/appengine_admin_v1/test_domain_mappings.py b/tests/unit/gapic/appengine_admin_v1/test_domain_mappings.py
index 63f7b1f..2f765dc 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_domain_mappings.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_domain_mappings.py
@@ -138,7 +138,25 @@ def test_domain_mappings_client_service_account_always_use_jwt(client_class):
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.DomainMappingsGrpcTransport, "grpc"),
+ (transports.DomainMappingsGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_domain_mappings_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize(
@@ -1690,11 +1708,7 @@ def test_domain_mappings_grpc_transport_client_cert_source_for_mtls(transport_cl
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1803,11 +1817,7 @@ def test_domain_mappings_transport_channel_mtls_with_client_cert_source(
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1854,11 +1864,7 @@ def test_domain_mappings_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/appengine_admin_v1/test_firewall.py b/tests/unit/gapic/appengine_admin_v1/test_firewall.py
index 3fc866f..100973b 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_firewall.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_firewall.py
@@ -120,7 +120,25 @@ def test_firewall_client_service_account_always_use_jwt(client_class):
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.FirewallGrpcTransport, "grpc"),
+ (transports.FirewallGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_firewall_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize("client_class", [FirewallClient, FirewallAsyncClient,])
@@ -1781,11 +1799,7 @@ def test_firewall_grpc_transport_client_cert_source_for_mtls(transport_class):
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1889,11 +1903,7 @@ def test_firewall_transport_channel_mtls_with_client_cert_source(transport_class
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1937,11 +1947,7 @@ def test_firewall_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/appengine_admin_v1/test_instances.py b/tests/unit/gapic/appengine_admin_v1/test_instances.py
index b2b3f96..5958553 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_instances.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_instances.py
@@ -125,7 +125,25 @@ def test_instances_client_service_account_always_use_jwt(client_class):
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.InstancesGrpcTransport, "grpc"),
+ (transports.InstancesGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_instances_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize("client_class", [InstancesClient, InstancesAsyncClient,])
@@ -1488,11 +1506,7 @@ def test_instances_grpc_transport_client_cert_source_for_mtls(transport_class):
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1596,11 +1610,7 @@ def test_instances_transport_channel_mtls_with_client_cert_source(transport_clas
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1644,11 +1654,7 @@ def test_instances_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/appengine_admin_v1/test_services.py b/tests/unit/gapic/appengine_admin_v1/test_services.py
index 84a14c0..855a9ba 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_services.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_services.py
@@ -126,7 +126,25 @@ def test_services_client_service_account_always_use_jwt(client_class):
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.ServicesGrpcTransport, "grpc"),
+ (transports.ServicesGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_services_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize("client_class", [ServicesClient, ServicesAsyncClient,])
@@ -1397,11 +1415,7 @@ def test_services_grpc_transport_client_cert_source_for_mtls(transport_class):
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1505,11 +1519,7 @@ def test_services_transport_channel_mtls_with_client_cert_source(transport_class
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1553,11 +1563,7 @@ def test_services_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
diff --git a/tests/unit/gapic/appengine_admin_v1/test_versions.py b/tests/unit/gapic/appengine_admin_v1/test_versions.py
index cbdcba5..00afb55 100644
--- a/tests/unit/gapic/appengine_admin_v1/test_versions.py
+++ b/tests/unit/gapic/appengine_admin_v1/test_versions.py
@@ -129,7 +129,25 @@ def test_versions_client_service_account_always_use_jwt(client_class):
) as use_jwt:
creds = service_account.Credentials(None, None, None)
client = client_class(credentials=creds)
- use_jwt.assert_called_with(True)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.VersionsGrpcTransport, "grpc"),
+ (transports.VersionsGrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_versions_client_service_account_always_use_jwt_true(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
@pytest.mark.parametrize("client_class", [VersionsClient, VersionsAsyncClient,])
@@ -1608,11 +1626,7 @@ def test_versions_grpc_transport_client_cert_source_for_mtls(transport_class):
"squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_channel_creds,
quota_project_id=None,
options=[
@@ -1716,11 +1730,7 @@ def test_versions_transport_channel_mtls_with_client_cert_source(transport_class
"mtls.squid.clam.whelk:443",
credentials=cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[
@@ -1764,11 +1774,7 @@ def test_versions_transport_channel_mtls_with_adc(transport_class):
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
credentials_file=None,
- scopes=(
- "https://www.googleapis.com/auth/appengine.admin",
- "https://www.googleapis.com/auth/cloud-platform",
- "https://www.googleapis.com/auth/cloud-platform.read-only",
- ),
+ scopes=None,
ssl_credentials=mock_ssl_cred,
quota_project_id=None,
options=[