diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 9ee60f7..2567653 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,3 +1,3 @@
docker:
- image: gcr.io/repo-automation-bots/owlbot-python:latest
- digest: sha256:aea14a583128771ae8aefa364e1652f3c56070168ef31beb203534222d842b8b
+ image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest
+ digest: sha256:87eee22d276554e4e52863ec9b1cb6a7245815dfae20439712bf644348215a5a
diff --git a/.github/.OwlBot.yaml b/.github/.OwlBot.yaml
index 0f1546c..0973a6e 100644
--- a/.github/.OwlBot.yaml
+++ b/.github/.OwlBot.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
docker:
- image: gcr.io/repo-automation-bots/owlbot-python:latest
+ image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest
deep-remove-regex:
- /owl-bot-staging
diff --git a/.kokoro/build.sh b/.kokoro/build.sh
index cd54992..aa7486c 100755
--- a/.kokoro/build.sh
+++ b/.kokoro/build.sh
@@ -41,7 +41,7 @@ python3 -m pip install --upgrade --quiet nox
python3 -m nox --version
# If this is a continuous build, send the test log to the FlakyBot.
-# See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot.
+# See https://github.com/googleapis/repo-automation-bots/tree/main/packages/flakybot.
if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"continuous"* ]]; then
cleanup() {
chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot
diff --git a/.kokoro/test-samples-impl.sh b/.kokoro/test-samples-impl.sh
index 311a8d5..8a324c9 100755
--- a/.kokoro/test-samples-impl.sh
+++ b/.kokoro/test-samples-impl.sh
@@ -80,7 +80,7 @@ for file in samples/**/requirements.txt; do
EXIT=$?
# If this is a periodic build, send the test log to the FlakyBot.
- # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot.
+ # See https://github.com/googleapis/repo-automation-bots/tree/main/packages/flakybot.
if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot
$KOKORO_GFILE_DIR/linux_amd64/flakybot
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 240169b..09c798f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,24 @@
# Changelog
+## [0.4.0](https://www.github.com/googleapis/python-binary-authorization/compare/v0.3.1...v0.4.0) (2021-09-24)
+
+
+### Features
+
+* add binaryauthorization v1 ([#74](https://www.github.com/googleapis/python-binary-authorization/issues/74)) ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d))
+* set binaryauthorization_v1 as the default version ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d))
+
+
+### Bug Fixes
+
+* add 'dict' annotation type to 'request' ([7045df0](https://www.github.com/googleapis/python-binary-authorization/commit/7045df0313b0c6f05662745e90c28626d292d64e))
+* require grafeas>=1.1.2, proto-plus>=1.15.0 ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d))
+
+
+### Documentation
+
+* fix broken links in README ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d))
+
### [0.3.1](https://www.github.com/googleapis/python-binary-authorization/compare/v0.3.0...v0.3.1) (2021-07-26)
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index bb5072f..33e1d4c 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -50,9 +50,9 @@ You'll have to create a development environment using a Git checkout:
# Configure remotes such that you can pull changes from the googleapis/python-binary-authorization
# repository into your local repository.
$ git remote add upstream git@github.com:googleapis/python-binary-authorization.git
- # fetch and merge changes from upstream into master
+ # fetch and merge changes from upstream into main
$ git fetch upstream
- $ git merge upstream/master
+ $ git merge upstream/main
Now your local repo is set up such that you will push changes to your GitHub
repo, from which you can submit a pull request.
@@ -110,12 +110,12 @@ Coding Style
variables::
export GOOGLE_CLOUD_TESTING_REMOTE="upstream"
- export GOOGLE_CLOUD_TESTING_BRANCH="master"
+ export GOOGLE_CLOUD_TESTING_BRANCH="main"
By doing this, you are specifying the location of the most up-to-date
- version of ``python-binary-authorization``. The the suggested remote name ``upstream``
- should point to the official ``googleapis`` checkout and the
- the branch should be the main branch on that remote (``master``).
+ version of ``python-binary-authorization``. The
+ remote name ``upstream`` should point to the official ``googleapis``
+ checkout and the branch should be the default branch on that remote (``main``).
- This repository contains configuration for the
`pre-commit `__ tool, which automates checking
@@ -209,7 +209,7 @@ The `description on PyPI`_ for the project comes directly from the
``README``. Due to the reStructuredText (``rst``) parser used by
PyPI, relative links which will work on GitHub (e.g. ``CONTRIBUTING.rst``
instead of
-``https://github.com/googleapis/python-binary-authorization/blob/master/CONTRIBUTING.rst``)
+``https://github.com/googleapis/python-binary-authorization/blob/main/CONTRIBUTING.rst``)
may cause problems creating links or rendering the description.
.. _description on PyPI: https://pypi.org/project/google-cloud-binary-authorization
@@ -234,7 +234,7 @@ We support:
Supported versions can be found in our ``noxfile.py`` `config`_.
-.. _config: https://github.com/googleapis/python-binary-authorization/blob/master/noxfile.py
+.. _config: https://github.com/googleapis/python-binary-authorization/blob/main/noxfile.py
We also explicitly decided to support Python 3 beginning with version 3.6.
diff --git a/README.rst b/README.rst
index 0535ee8..36eb445 100644
--- a/README.rst
+++ b/README.rst
@@ -10,15 +10,15 @@ policy control for images deployed to Kubernetes Engine clusters.
- `Product Documentation`_
.. |beta| image:: https://img.shields.io/badge/support-beta-orange.svg
- :target: https://github.com/googleapis/google-cloud-python/blob/master/README.rst#beta-support
+ :target: https://github.com/googleapis/google-cloud-python/blob/main/README.rst#beta-support
.. |pypi| image:: https://img.shields.io/pypi/v/google-cloud-binary-authorization.svg
:target: https://pypi.org/project/google-cloud-binary-authorization/
.. |versions| image:: https://img.shields.io/pypi/pyversions/google-cloud-binary-authorization.svg
:target: https://pypi.org/project/google-cloud-binary-authorization/
-.. _Binary Authorization API: https://cloud.google.com/binaryauthorization
-.. _Client Library Documentation: https://googleapis.github.io/google-cloud-python/latest/binaryauthorization/usage.html
-.. _Product Documentation: https://cloud.google.com/binaryauthorization
+.. _Binary Authorization API: https://cloud.google.com/binary-authorization
+.. _Client Library Documentation: https://googleapis.dev/python/binaryauthorization/latest
+.. _Product Documentation: https://cloud.google.com/binary-authorization
Quick Start
-----------
@@ -32,7 +32,7 @@ In order to use this library, you first need to go through the following steps:
.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project
.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project
-.. _Enable the Binary Authorization API.: https://cloud.google.com/binaryauthorization
+.. _Enable the Binary Authorization API.: https://cloud.google.com/binary-authorization
.. _Setup Authentication.: https://googleapis.github.io/google-cloud-python/latest/core/auth.html
Installation
@@ -80,5 +80,5 @@ Next Steps
- View this `README`_ to see the full list of Cloud
APIs that we cover.
-.. _Binary Authorization API Product documentation: https://cloud.google.com/binaryauthorization
-.. _README: https://github.com/googleapis/google-cloud-python/blob/master/README.rst
\ No newline at end of file
+.. _Binary Authorization API Product documentation: https://cloud.google.com/binary-authorization
+.. _README: https://github.com/googleapis/google-cloud-python/blob/main/README.rst
diff --git a/docs/binaryauthorization_v1/binauthz_management_service_v1.rst b/docs/binaryauthorization_v1/binauthz_management_service_v1.rst
new file mode 100644
index 0000000..1d11618
--- /dev/null
+++ b/docs/binaryauthorization_v1/binauthz_management_service_v1.rst
@@ -0,0 +1,10 @@
+BinauthzManagementServiceV1
+---------------------------------------------
+
+.. automodule:: google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1
+ :members:
+ :inherited-members:
+
+.. automodule:: google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers
+ :members:
+ :inherited-members:
diff --git a/docs/binaryauthorization_v1/services.rst b/docs/binaryauthorization_v1/services.rst
new file mode 100644
index 0000000..d8423c9
--- /dev/null
+++ b/docs/binaryauthorization_v1/services.rst
@@ -0,0 +1,8 @@
+Services for Google Cloud Binaryauthorization v1 API
+====================================================
+.. toctree::
+ :maxdepth: 2
+
+ binauthz_management_service_v1
+ system_policy_v1
+ validation_helper_v1
diff --git a/docs/binaryauthorization_v1/system_policy_v1.rst b/docs/binaryauthorization_v1/system_policy_v1.rst
new file mode 100644
index 0000000..da7e2d4
--- /dev/null
+++ b/docs/binaryauthorization_v1/system_policy_v1.rst
@@ -0,0 +1,6 @@
+SystemPolicyV1
+--------------------------------
+
+.. automodule:: google.cloud.binaryauthorization_v1.services.system_policy_v1
+ :members:
+ :inherited-members:
diff --git a/docs/binaryauthorization_v1/types.rst b/docs/binaryauthorization_v1/types.rst
new file mode 100644
index 0000000..f693b22
--- /dev/null
+++ b/docs/binaryauthorization_v1/types.rst
@@ -0,0 +1,7 @@
+Types for Google Cloud Binaryauthorization v1 API
+=================================================
+
+.. automodule:: google.cloud.binaryauthorization_v1.types
+ :members:
+ :undoc-members:
+ :show-inheritance:
diff --git a/docs/binaryauthorization_v1/validation_helper_v1.rst b/docs/binaryauthorization_v1/validation_helper_v1.rst
new file mode 100644
index 0000000..5d92ddc
--- /dev/null
+++ b/docs/binaryauthorization_v1/validation_helper_v1.rst
@@ -0,0 +1,6 @@
+ValidationHelperV1
+------------------------------------
+
+.. automodule:: google.cloud.binaryauthorization_v1.services.validation_helper_v1
+ :members:
+ :inherited-members:
diff --git a/docs/conf.py b/docs/conf.py
index b09ecee..3e51f11 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -76,8 +76,8 @@
# The encoding of source files.
# source_encoding = 'utf-8-sig'
-# The master toctree document.
-master_doc = "index"
+# The root toctree document.
+root_doc = "index"
# General information about the project.
project = "google-cloud-binary-authorization"
@@ -110,6 +110,7 @@
# directories to ignore when looking for source files.
exclude_patterns = [
"_build",
+ "**/.nox/**/*",
"samples/AUTHORING_GUIDE.md",
"samples/CONTRIBUTING.md",
"samples/snippets/README.rst",
@@ -279,7 +280,7 @@
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(
- master_doc,
+ root_doc,
"google-cloud-binary-authorization.tex",
"google-cloud-binary-authorization Documentation",
author,
@@ -314,7 +315,7 @@
# (source start file, name, description, authors, manual section).
man_pages = [
(
- master_doc,
+ root_doc,
"google-cloud-binary-authorization",
"google-cloud-binary-authorization Documentation",
[author],
@@ -333,7 +334,7 @@
# dir menu entry, description, category)
texinfo_documents = [
(
- master_doc,
+ root_doc,
"google-cloud-binary-authorization",
"google-cloud-binary-authorization Documentation",
author,
diff --git a/docs/index.rst b/docs/index.rst
index 9c3e955..d55ac54 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -2,6 +2,16 @@
.. include:: multiprocessing.rst
+This package includes clients for multiple versions of Binary Authorization.
+By default, you will get version ``v1``.
+
+API Reference
+-------------
+.. toctree::
+ :maxdepth: 2
+
+ binaryauthorization_v1/services
+ binaryauthorization_v1/types
API Reference
-------------
diff --git a/google/cloud/binaryauthorization/__init__.py b/google/cloud/binaryauthorization/__init__.py
index f054e4b..b480307 100644
--- a/google/cloud/binaryauthorization/__init__.py
+++ b/google/cloud/binaryauthorization/__init__.py
@@ -14,53 +14,73 @@
# limitations under the License.
#
-from google.cloud.binaryauthorization_v1beta1.services.binauthz_management_service_v1_beta1.client import (
- BinauthzManagementServiceV1Beta1Client,
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.client import (
+ BinauthzManagementServiceV1Client,
)
-from google.cloud.binaryauthorization_v1beta1.services.binauthz_management_service_v1_beta1.async_client import (
- BinauthzManagementServiceV1Beta1AsyncClient,
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.async_client import (
+ BinauthzManagementServiceV1AsyncClient,
)
-
-from google.cloud.binaryauthorization_v1beta1.types.continuous_validation_logging import (
- ContinuousValidationEvent,
+from google.cloud.binaryauthorization_v1.services.system_policy_v1.client import (
+ SystemPolicyV1Client,
+)
+from google.cloud.binaryauthorization_v1.services.system_policy_v1.async_client import (
+ SystemPolicyV1AsyncClient,
+)
+from google.cloud.binaryauthorization_v1.services.validation_helper_v1.client import (
+ ValidationHelperV1Client,
)
-from google.cloud.binaryauthorization_v1beta1.types.resources import AdmissionRule
-from google.cloud.binaryauthorization_v1beta1.types.resources import (
+from google.cloud.binaryauthorization_v1.services.validation_helper_v1.async_client import (
+ ValidationHelperV1AsyncClient,
+)
+
+from google.cloud.binaryauthorization_v1.types.resources import AdmissionRule
+from google.cloud.binaryauthorization_v1.types.resources import (
AdmissionWhitelistPattern,
)
-from google.cloud.binaryauthorization_v1beta1.types.resources import Attestor
-from google.cloud.binaryauthorization_v1beta1.types.resources import AttestorPublicKey
-from google.cloud.binaryauthorization_v1beta1.types.resources import PkixPublicKey
-from google.cloud.binaryauthorization_v1beta1.types.resources import Policy
-from google.cloud.binaryauthorization_v1beta1.types.resources import (
- UserOwnedDrydockNote,
+from google.cloud.binaryauthorization_v1.types.resources import Attestor
+from google.cloud.binaryauthorization_v1.types.resources import AttestorPublicKey
+from google.cloud.binaryauthorization_v1.types.resources import PkixPublicKey
+from google.cloud.binaryauthorization_v1.types.resources import Policy
+from google.cloud.binaryauthorization_v1.types.resources import UserOwnedGrafeasNote
+from google.cloud.binaryauthorization_v1.types.service import CreateAttestorRequest
+from google.cloud.binaryauthorization_v1.types.service import DeleteAttestorRequest
+from google.cloud.binaryauthorization_v1.types.service import GetAttestorRequest
+from google.cloud.binaryauthorization_v1.types.service import GetPolicyRequest
+from google.cloud.binaryauthorization_v1.types.service import GetSystemPolicyRequest
+from google.cloud.binaryauthorization_v1.types.service import ListAttestorsRequest
+from google.cloud.binaryauthorization_v1.types.service import ListAttestorsResponse
+from google.cloud.binaryauthorization_v1.types.service import UpdateAttestorRequest
+from google.cloud.binaryauthorization_v1.types.service import UpdatePolicyRequest
+from google.cloud.binaryauthorization_v1.types.service import (
+ ValidateAttestationOccurrenceRequest,
+)
+from google.cloud.binaryauthorization_v1.types.service import (
+ ValidateAttestationOccurrenceResponse,
)
-from google.cloud.binaryauthorization_v1beta1.types.service import CreateAttestorRequest
-from google.cloud.binaryauthorization_v1beta1.types.service import DeleteAttestorRequest
-from google.cloud.binaryauthorization_v1beta1.types.service import GetAttestorRequest
-from google.cloud.binaryauthorization_v1beta1.types.service import GetPolicyRequest
-from google.cloud.binaryauthorization_v1beta1.types.service import ListAttestorsRequest
-from google.cloud.binaryauthorization_v1beta1.types.service import ListAttestorsResponse
-from google.cloud.binaryauthorization_v1beta1.types.service import UpdateAttestorRequest
-from google.cloud.binaryauthorization_v1beta1.types.service import UpdatePolicyRequest
__all__ = (
- "BinauthzManagementServiceV1Beta1Client",
- "BinauthzManagementServiceV1Beta1AsyncClient",
- "ContinuousValidationEvent",
+ "BinauthzManagementServiceV1Client",
+ "BinauthzManagementServiceV1AsyncClient",
+ "SystemPolicyV1Client",
+ "SystemPolicyV1AsyncClient",
+ "ValidationHelperV1Client",
+ "ValidationHelperV1AsyncClient",
"AdmissionRule",
"AdmissionWhitelistPattern",
"Attestor",
"AttestorPublicKey",
"PkixPublicKey",
"Policy",
- "UserOwnedDrydockNote",
+ "UserOwnedGrafeasNote",
"CreateAttestorRequest",
"DeleteAttestorRequest",
"GetAttestorRequest",
"GetPolicyRequest",
+ "GetSystemPolicyRequest",
"ListAttestorsRequest",
"ListAttestorsResponse",
"UpdateAttestorRequest",
"UpdatePolicyRequest",
+ "ValidateAttestationOccurrenceRequest",
+ "ValidateAttestationOccurrenceResponse",
)
diff --git a/google/cloud/binaryauthorization_v1/__init__.py b/google/cloud/binaryauthorization_v1/__init__.py
new file mode 100644
index 0000000..c26f179
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/__init__.py
@@ -0,0 +1,70 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+from .services.binauthz_management_service_v1 import BinauthzManagementServiceV1Client
+from .services.binauthz_management_service_v1 import (
+ BinauthzManagementServiceV1AsyncClient,
+)
+from .services.system_policy_v1 import SystemPolicyV1Client
+from .services.system_policy_v1 import SystemPolicyV1AsyncClient
+from .services.validation_helper_v1 import ValidationHelperV1Client
+from .services.validation_helper_v1 import ValidationHelperV1AsyncClient
+
+from .types.resources import AdmissionRule
+from .types.resources import AdmissionWhitelistPattern
+from .types.resources import Attestor
+from .types.resources import AttestorPublicKey
+from .types.resources import PkixPublicKey
+from .types.resources import Policy
+from .types.resources import UserOwnedGrafeasNote
+from .types.service import CreateAttestorRequest
+from .types.service import DeleteAttestorRequest
+from .types.service import GetAttestorRequest
+from .types.service import GetPolicyRequest
+from .types.service import GetSystemPolicyRequest
+from .types.service import ListAttestorsRequest
+from .types.service import ListAttestorsResponse
+from .types.service import UpdateAttestorRequest
+from .types.service import UpdatePolicyRequest
+from .types.service import ValidateAttestationOccurrenceRequest
+from .types.service import ValidateAttestationOccurrenceResponse
+
+__all__ = (
+ "BinauthzManagementServiceV1AsyncClient",
+ "SystemPolicyV1AsyncClient",
+ "ValidationHelperV1AsyncClient",
+ "AdmissionRule",
+ "AdmissionWhitelistPattern",
+ "Attestor",
+ "AttestorPublicKey",
+ "BinauthzManagementServiceV1Client",
+ "CreateAttestorRequest",
+ "DeleteAttestorRequest",
+ "GetAttestorRequest",
+ "GetPolicyRequest",
+ "GetSystemPolicyRequest",
+ "ListAttestorsRequest",
+ "ListAttestorsResponse",
+ "PkixPublicKey",
+ "Policy",
+ "SystemPolicyV1Client",
+ "UpdateAttestorRequest",
+ "UpdatePolicyRequest",
+ "UserOwnedGrafeasNote",
+ "ValidateAttestationOccurrenceRequest",
+ "ValidateAttestationOccurrenceResponse",
+ "ValidationHelperV1Client",
+)
diff --git a/google/cloud/binaryauthorization_v1/gapic_metadata.json b/google/cloud/binaryauthorization_v1/gapic_metadata.json
new file mode 100644
index 0000000..1d349e7
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/gapic_metadata.json
@@ -0,0 +1,141 @@
+ {
+ "comment": "This file maps proto services/RPCs to the corresponding library clients/methods",
+ "language": "python",
+ "libraryPackage": "google.cloud.binaryauthorization_v1",
+ "protoPackage": "google.cloud.binaryauthorization.v1",
+ "schema": "1.0",
+ "services": {
+ "BinauthzManagementServiceV1": {
+ "clients": {
+ "grpc": {
+ "libraryClient": "BinauthzManagementServiceV1Client",
+ "rpcs": {
+ "CreateAttestor": {
+ "methods": [
+ "create_attestor"
+ ]
+ },
+ "DeleteAttestor": {
+ "methods": [
+ "delete_attestor"
+ ]
+ },
+ "GetAttestor": {
+ "methods": [
+ "get_attestor"
+ ]
+ },
+ "GetPolicy": {
+ "methods": [
+ "get_policy"
+ ]
+ },
+ "ListAttestors": {
+ "methods": [
+ "list_attestors"
+ ]
+ },
+ "UpdateAttestor": {
+ "methods": [
+ "update_attestor"
+ ]
+ },
+ "UpdatePolicy": {
+ "methods": [
+ "update_policy"
+ ]
+ }
+ }
+ },
+ "grpc-async": {
+ "libraryClient": "BinauthzManagementServiceV1AsyncClient",
+ "rpcs": {
+ "CreateAttestor": {
+ "methods": [
+ "create_attestor"
+ ]
+ },
+ "DeleteAttestor": {
+ "methods": [
+ "delete_attestor"
+ ]
+ },
+ "GetAttestor": {
+ "methods": [
+ "get_attestor"
+ ]
+ },
+ "GetPolicy": {
+ "methods": [
+ "get_policy"
+ ]
+ },
+ "ListAttestors": {
+ "methods": [
+ "list_attestors"
+ ]
+ },
+ "UpdateAttestor": {
+ "methods": [
+ "update_attestor"
+ ]
+ },
+ "UpdatePolicy": {
+ "methods": [
+ "update_policy"
+ ]
+ }
+ }
+ }
+ }
+ },
+ "SystemPolicyV1": {
+ "clients": {
+ "grpc": {
+ "libraryClient": "SystemPolicyV1Client",
+ "rpcs": {
+ "GetSystemPolicy": {
+ "methods": [
+ "get_system_policy"
+ ]
+ }
+ }
+ },
+ "grpc-async": {
+ "libraryClient": "SystemPolicyV1AsyncClient",
+ "rpcs": {
+ "GetSystemPolicy": {
+ "methods": [
+ "get_system_policy"
+ ]
+ }
+ }
+ }
+ }
+ },
+ "ValidationHelperV1": {
+ "clients": {
+ "grpc": {
+ "libraryClient": "ValidationHelperV1Client",
+ "rpcs": {
+ "ValidateAttestationOccurrence": {
+ "methods": [
+ "validate_attestation_occurrence"
+ ]
+ }
+ }
+ },
+ "grpc-async": {
+ "libraryClient": "ValidationHelperV1AsyncClient",
+ "rpcs": {
+ "ValidateAttestationOccurrence": {
+ "methods": [
+ "validate_attestation_occurrence"
+ ]
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/google/cloud/binaryauthorization_v1/py.typed b/google/cloud/binaryauthorization_v1/py.typed
new file mode 100644
index 0000000..5afd9ec
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/py.typed
@@ -0,0 +1,2 @@
+# Marker file for PEP 561.
+# The google-cloud-binaryauthorization package uses inline types.
diff --git a/google/cloud/binaryauthorization_v1/services/__init__.py b/google/cloud/binaryauthorization_v1/services/__init__.py
new file mode 100644
index 0000000..4de6597
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/__init__.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/__init__.py
new file mode 100644
index 0000000..0cb1382
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/__init__.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from .client import BinauthzManagementServiceV1Client
+from .async_client import BinauthzManagementServiceV1AsyncClient
+
+__all__ = (
+ "BinauthzManagementServiceV1Client",
+ "BinauthzManagementServiceV1AsyncClient",
+)
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/async_client.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/async_client.py
new file mode 100644
index 0000000..bbc4840
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/async_client.py
@@ -0,0 +1,840 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+import functools
+import re
+from typing import Dict, Sequence, Tuple, Type, Union
+import pkg_resources
+
+import google.api_core.client_options as ClientOptions # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import (
+ pagers,
+)
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.protobuf import timestamp_pb2 # type: ignore
+from .transports.base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO
+from .transports.grpc_asyncio import BinauthzManagementServiceV1GrpcAsyncIOTransport
+from .client import BinauthzManagementServiceV1Client
+
+
+class BinauthzManagementServiceV1AsyncClient:
+ """Google Cloud Management Service for Binary Authorization admission
+ policies and attestation authorities.
+
+ This API implements a REST model with the following objects:
+
+ - [Policy][google.cloud.binaryauthorization.v1.Policy]
+ - [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+ """
+
+ _client: BinauthzManagementServiceV1Client
+
+ DEFAULT_ENDPOINT = BinauthzManagementServiceV1Client.DEFAULT_ENDPOINT
+ DEFAULT_MTLS_ENDPOINT = BinauthzManagementServiceV1Client.DEFAULT_MTLS_ENDPOINT
+
+ attestor_path = staticmethod(BinauthzManagementServiceV1Client.attestor_path)
+ parse_attestor_path = staticmethod(
+ BinauthzManagementServiceV1Client.parse_attestor_path
+ )
+ policy_path = staticmethod(BinauthzManagementServiceV1Client.policy_path)
+ parse_policy_path = staticmethod(
+ BinauthzManagementServiceV1Client.parse_policy_path
+ )
+ common_billing_account_path = staticmethod(
+ BinauthzManagementServiceV1Client.common_billing_account_path
+ )
+ parse_common_billing_account_path = staticmethod(
+ BinauthzManagementServiceV1Client.parse_common_billing_account_path
+ )
+ common_folder_path = staticmethod(
+ BinauthzManagementServiceV1Client.common_folder_path
+ )
+ parse_common_folder_path = staticmethod(
+ BinauthzManagementServiceV1Client.parse_common_folder_path
+ )
+ common_organization_path = staticmethod(
+ BinauthzManagementServiceV1Client.common_organization_path
+ )
+ parse_common_organization_path = staticmethod(
+ BinauthzManagementServiceV1Client.parse_common_organization_path
+ )
+ common_project_path = staticmethod(
+ BinauthzManagementServiceV1Client.common_project_path
+ )
+ parse_common_project_path = staticmethod(
+ BinauthzManagementServiceV1Client.parse_common_project_path
+ )
+ common_location_path = staticmethod(
+ BinauthzManagementServiceV1Client.common_location_path
+ )
+ parse_common_location_path = staticmethod(
+ BinauthzManagementServiceV1Client.parse_common_location_path
+ )
+
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ BinauthzManagementServiceV1AsyncClient: The constructed client.
+ """
+ return BinauthzManagementServiceV1Client.from_service_account_info.__func__(BinauthzManagementServiceV1AsyncClient, info, *args, **kwargs) # type: ignore
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ BinauthzManagementServiceV1AsyncClient: The constructed client.
+ """
+ return BinauthzManagementServiceV1Client.from_service_account_file.__func__(BinauthzManagementServiceV1AsyncClient, filename, *args, **kwargs) # type: ignore
+
+ from_service_account_json = from_service_account_file
+
+ @property
+ def transport(self) -> BinauthzManagementServiceV1Transport:
+ """Returns the transport used by the client instance.
+
+ Returns:
+ BinauthzManagementServiceV1Transport: The transport used by the client instance.
+ """
+ return self._client.transport
+
+ get_transport_class = functools.partial(
+ type(BinauthzManagementServiceV1Client).get_transport_class,
+ type(BinauthzManagementServiceV1Client),
+ )
+
+ def __init__(
+ self,
+ *,
+ credentials: ga_credentials.Credentials = None,
+ transport: Union[str, BinauthzManagementServiceV1Transport] = "grpc_asyncio",
+ client_options: ClientOptions = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ ) -> None:
+ """Instantiates the binauthz management service v1 client.
+
+ Args:
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ transport (Union[str, ~.BinauthzManagementServiceV1Transport]): The
+ transport to use. If set to None, a transport is chosen
+ automatically.
+ client_options (ClientOptions): Custom options for the client. It
+ won't take effect if a ``transport`` instance is provided.
+ (1) The ``api_endpoint`` property can be used to override the
+ default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
+ environment variable can also be used to override the endpoint:
+ "always" (always use the default mTLS endpoint), "never" (always
+ use the default regular endpoint) and "auto" (auto switch to the
+ default mTLS endpoint if client certificate is present, this is
+ the default value). However, the ``api_endpoint`` property takes
+ precedence if provided.
+ (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
+ is "true", then the ``client_cert_source`` property can be used
+ to provide client certificate for mutual TLS transport. If
+ not provided, the default SSL client certificate will be used if
+ present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
+ set, no client certificate will be used.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
+ """
+ self._client = BinauthzManagementServiceV1Client(
+ credentials=credentials,
+ transport=transport,
+ client_options=client_options,
+ client_info=client_info,
+ )
+
+ async def get_policy(
+ self,
+ request: service.GetPolicyRequest = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Policy:
+ r"""A [policy][google.cloud.binaryauthorization.v1.Policy] specifies
+ the [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ that must attest to a container image, before the project is
+ allowed to deploy that image. There is at most one policy per
+ project. All image admission requests are permitted if a project
+ has no policy.
+
+ Gets the [policy][google.cloud.binaryauthorization.v1.Policy]
+ for this project. Returns a default
+ [policy][google.cloud.binaryauthorization.v1.Policy] if the
+ project does not have one.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.GetPolicyRequest`):
+ The request object. Request message for
+ [BinauthzManagementService.GetPolicy][].
+ name (:class:`str`):
+ Required. The resource name of the
+ [policy][google.cloud.binaryauthorization.v1.Policy] to
+ retrieve, in the format ``projects/*/policy``.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Policy:
+ A [policy][google.cloud.binaryauthorization.v1.Policy]
+ for container image binary authorization.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.GetPolicyRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.get_policy,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ async def update_policy(
+ self,
+ request: service.UpdatePolicyRequest = None,
+ *,
+ policy: resources.Policy = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Policy:
+ r"""Creates or updates a project's
+ [policy][google.cloud.binaryauthorization.v1.Policy], and
+ returns a copy of the new
+ [policy][google.cloud.binaryauthorization.v1.Policy]. A policy
+ is always updated as a whole, to avoid race conditions with
+ concurrent policy enforcement (or management!) requests. Returns
+ NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
+ request is malformed.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest`):
+ The request object. Request message for
+ [BinauthzManagementService.UpdatePolicy][].
+ policy (:class:`google.cloud.binaryauthorization_v1.types.Policy`):
+ Required. A new or updated
+ [policy][google.cloud.binaryauthorization.v1.Policy]
+ value. The service will overwrite the [policy
+ name][google.cloud.binaryauthorization.v1.Policy.name]
+ field with the resource name in the request URL, in the
+ format ``projects/*/policy``.
+
+ This corresponds to the ``policy`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Policy:
+ A [policy][google.cloud.binaryauthorization.v1.Policy]
+ for container image binary authorization.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([policy])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.UpdatePolicyRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if policy is not None:
+ request.policy = policy
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.update_policy,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata(
+ (("policy.name", request.policy.name),)
+ ),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ async def create_attestor(
+ self,
+ request: service.CreateAttestorRequest = None,
+ *,
+ parent: str = None,
+ attestor_id: str = None,
+ attestor: resources.Attestor = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Attestor:
+ r"""Creates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor], and
+ returns a copy of the new
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the project does not exist,
+ INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if
+ the [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ already exists.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.CreateAttestorRequest`):
+ The request object. Request message for
+ [BinauthzManagementService.CreateAttestor][].
+ parent (:class:`str`):
+ Required. The parent of this
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+
+ This corresponds to the ``parent`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ attestor_id (:class:`str`):
+ Required. The
+ [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ ID.
+
+ This corresponds to the ``attestor_id`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ attestor (:class:`google.cloud.binaryauthorization_v1.types.Attestor`):
+ Required. The initial
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ value. The service will overwrite the [attestor
+ name][google.cloud.binaryauthorization.v1.Attestor.name]
+ field with the resource name, in the format
+ ``projects/*/attestors/*``.
+
+ This corresponds to the ``attestor`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Attestor:
+ An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+ artifacts. An existing attestor cannot be modified
+ except where indicated.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([parent, attestor_id, attestor])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.CreateAttestorRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if parent is not None:
+ request.parent = parent
+ if attestor_id is not None:
+ request.attestor_id = attestor_id
+ if attestor is not None:
+ request.attestor = attestor
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.create_attestor,
+ default_timeout=600.0,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ async def get_attestor(
+ self,
+ request: service.GetAttestorRequest = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Attestor:
+ r"""Gets an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.GetAttestorRequest`):
+ The request object. Request message for
+ [BinauthzManagementService.GetAttestor][].
+ name (:class:`str`):
+ Required. The name of the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ to retrieve, in the format ``projects/*/attestors/*``.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Attestor:
+ An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+ artifacts. An existing attestor cannot be modified
+ except where indicated.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.GetAttestorRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.get_attestor,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ async def update_attestor(
+ self,
+ request: service.UpdateAttestorRequest = None,
+ *,
+ attestor: resources.Attestor = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Attestor:
+ r"""Updates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest`):
+ The request object. Request message for
+ [BinauthzManagementService.UpdateAttestor][].
+ attestor (:class:`google.cloud.binaryauthorization_v1.types.Attestor`):
+ Required. The updated
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ value. The service will overwrite the [attestor
+ name][google.cloud.binaryauthorization.v1.Attestor.name]
+ field with the resource name in the request URL, in the
+ format ``projects/*/attestors/*``.
+
+ This corresponds to the ``attestor`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Attestor:
+ An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+ artifacts. An existing attestor cannot be modified
+ except where indicated.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([attestor])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.UpdateAttestorRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if attestor is not None:
+ request.attestor = attestor
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.update_attestor,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata(
+ (("attestor.name", request.attestor.name),)
+ ),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ async def list_attestors(
+ self,
+ request: service.ListAttestorsRequest = None,
+ *,
+ parent: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> pagers.ListAttestorsAsyncPager:
+ r"""Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+ Returns INVALID_ARGUMENT if the project does not exist.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.ListAttestorsRequest`):
+ The request object. Request message for
+ [BinauthzManagementService.ListAttestors][].
+ parent (:class:`str`):
+ Required. The resource name of the project associated
+ with the
+ [attestors][google.cloud.binaryauthorization.v1.Attestor],
+ in the format ``projects/*``.
+
+ This corresponds to the ``parent`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsAsyncPager:
+ Response message for
+ [BinauthzManagementService.ListAttestors][].
+
+ Iterating over this object will yield results and
+ resolve additional pages automatically.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([parent])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.ListAttestorsRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if parent is not None:
+ request.parent = parent
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.list_attestors,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # This method is paged; wrap the response in a pager, which provides
+ # an `__aiter__` convenience method.
+ response = pagers.ListAttestorsAsyncPager(
+ method=rpc, request=request, response=response, metadata=metadata,
+ )
+
+ # Done; return the response.
+ return response
+
+ async def delete_attestor(
+ self,
+ request: service.DeleteAttestorRequest = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> None:
+ r"""Deletes an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest`):
+ The request object. Request message for
+ [BinauthzManagementService.DeleteAttestor][].
+ name (:class:`str`):
+ Required. The name of the
+ [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ to delete, in the format ``projects/*/attestors/*``.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.DeleteAttestorRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.delete_attestor,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ await rpc(
+ request, retry=retry, timeout=timeout, metadata=metadata,
+ )
+
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+
+__all__ = ("BinauthzManagementServiceV1AsyncClient",)
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py
new file mode 100644
index 0000000..0530a02
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py
@@ -0,0 +1,970 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+from distutils import util
+import os
+import re
+from typing import Dict, Optional, Sequence, Tuple, Type, Union
+import pkg_resources
+
+from google.api_core import client_options as client_options_lib # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport import mtls # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+from google.auth.exceptions import MutualTLSChannelError # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import (
+ pagers,
+)
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.protobuf import timestamp_pb2 # type: ignore
+from .transports.base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO
+from .transports.grpc import BinauthzManagementServiceV1GrpcTransport
+from .transports.grpc_asyncio import BinauthzManagementServiceV1GrpcAsyncIOTransport
+
+
+class BinauthzManagementServiceV1ClientMeta(type):
+ """Metaclass for the BinauthzManagementServiceV1 client.
+
+ This provides class-level methods for building and retrieving
+ support objects (e.g. transport) without polluting the client instance
+ objects.
+ """
+
+ _transport_registry = (
+ OrderedDict()
+ ) # type: Dict[str, Type[BinauthzManagementServiceV1Transport]]
+ _transport_registry["grpc"] = BinauthzManagementServiceV1GrpcTransport
+ _transport_registry[
+ "grpc_asyncio"
+ ] = BinauthzManagementServiceV1GrpcAsyncIOTransport
+
+ def get_transport_class(
+ cls, label: str = None,
+ ) -> Type[BinauthzManagementServiceV1Transport]:
+ """Returns an appropriate transport class.
+
+ Args:
+ label: The name of the desired transport. If none is
+ provided, then the first transport in the registry is used.
+
+ Returns:
+ The transport class to use.
+ """
+ # If a specific transport is requested, return that one.
+ if label:
+ return cls._transport_registry[label]
+
+ # No transport is requested; return the default (that is, the first one
+ # in the dictionary).
+ return next(iter(cls._transport_registry.values()))
+
+
+class BinauthzManagementServiceV1Client(
+ metaclass=BinauthzManagementServiceV1ClientMeta
+):
+ """Google Cloud Management Service for Binary Authorization admission
+ policies and attestation authorities.
+
+ This API implements a REST model with the following objects:
+
+ - [Policy][google.cloud.binaryauthorization.v1.Policy]
+ - [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+ """
+
+ @staticmethod
+ def _get_default_mtls_endpoint(api_endpoint):
+ """Converts api endpoint to mTLS endpoint.
+
+ Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
+ "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
+ Args:
+ api_endpoint (Optional[str]): the api endpoint to convert.
+ Returns:
+ str: converted mTLS api endpoint.
+ """
+ if not api_endpoint:
+ return api_endpoint
+
+ mtls_endpoint_re = re.compile(
+ r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?"
+ )
+
+ m = mtls_endpoint_re.match(api_endpoint)
+ name, mtls, sandbox, googledomain = m.groups()
+ if mtls or not googledomain:
+ return api_endpoint
+
+ if sandbox:
+ return api_endpoint.replace(
+ "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
+ )
+
+ return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
+
+ DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
+ DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
+ DEFAULT_ENDPOINT
+ )
+
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ BinauthzManagementServiceV1Client: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_info(info)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ BinauthzManagementServiceV1Client: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_file(filename)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
+ from_service_account_json = from_service_account_file
+
+ @property
+ def transport(self) -> BinauthzManagementServiceV1Transport:
+ """Returns the transport used by the client instance.
+
+ Returns:
+ BinauthzManagementServiceV1Transport: The transport used by the client
+ instance.
+ """
+ return self._transport
+
+ @staticmethod
+ def attestor_path(project: str, attestor: str,) -> str:
+ """Returns a fully-qualified attestor string."""
+ return "projects/{project}/attestors/{attestor}".format(
+ project=project, attestor=attestor,
+ )
+
+ @staticmethod
+ def parse_attestor_path(path: str) -> Dict[str, str]:
+ """Parses a attestor path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)/attestors/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def policy_path(project: str,) -> str:
+ """Returns a fully-qualified policy string."""
+ return "projects/{project}/policy".format(project=project,)
+
+ @staticmethod
+ def parse_policy_path(path: str) -> Dict[str, str]:
+ """Parses a policy path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)/policy$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_billing_account_path(billing_account: str,) -> str:
+ """Returns a fully-qualified billing_account string."""
+ return "billingAccounts/{billing_account}".format(
+ billing_account=billing_account,
+ )
+
+ @staticmethod
+ def parse_common_billing_account_path(path: str) -> Dict[str, str]:
+ """Parse a billing_account path into its component segments."""
+ m = re.match(r"^billingAccounts/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_folder_path(folder: str,) -> str:
+ """Returns a fully-qualified folder string."""
+ return "folders/{folder}".format(folder=folder,)
+
+ @staticmethod
+ def parse_common_folder_path(path: str) -> Dict[str, str]:
+ """Parse a folder path into its component segments."""
+ m = re.match(r"^folders/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_organization_path(organization: str,) -> str:
+ """Returns a fully-qualified organization string."""
+ return "organizations/{organization}".format(organization=organization,)
+
+ @staticmethod
+ def parse_common_organization_path(path: str) -> Dict[str, str]:
+ """Parse a organization path into its component segments."""
+ m = re.match(r"^organizations/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_project_path(project: str,) -> str:
+ """Returns a fully-qualified project string."""
+ return "projects/{project}".format(project=project,)
+
+ @staticmethod
+ def parse_common_project_path(path: str) -> Dict[str, str]:
+ """Parse a project path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_location_path(project: str, location: str,) -> str:
+ """Returns a fully-qualified location string."""
+ return "projects/{project}/locations/{location}".format(
+ project=project, location=location,
+ )
+
+ @staticmethod
+ def parse_common_location_path(path: str) -> Dict[str, str]:
+ """Parse a location path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ def __init__(
+ self,
+ *,
+ credentials: Optional[ga_credentials.Credentials] = None,
+ transport: Union[str, BinauthzManagementServiceV1Transport, None] = None,
+ client_options: Optional[client_options_lib.ClientOptions] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ ) -> None:
+ """Instantiates the binauthz management service v1 client.
+
+ Args:
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ transport (Union[str, BinauthzManagementServiceV1Transport]): The
+ transport to use. If set to None, a transport is chosen
+ automatically.
+ client_options (google.api_core.client_options.ClientOptions): Custom options for the
+ client. It won't take effect if a ``transport`` instance is provided.
+ (1) The ``api_endpoint`` property can be used to override the
+ default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
+ environment variable can also be used to override the endpoint:
+ "always" (always use the default mTLS endpoint), "never" (always
+ use the default regular endpoint) and "auto" (auto switch to the
+ default mTLS endpoint if client certificate is present, this is
+ the default value). However, the ``api_endpoint`` property takes
+ precedence if provided.
+ (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
+ is "true", then the ``client_cert_source`` property can be used
+ to provide client certificate for mutual TLS transport. If
+ not provided, the default SSL client certificate will be used if
+ present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
+ set, no client certificate will be used.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+
+ Raises:
+ google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
+ creation failed for any reason.
+ """
+ if isinstance(client_options, dict):
+ client_options = client_options_lib.from_dict(client_options)
+ if client_options is None:
+ client_options = client_options_lib.ClientOptions()
+
+ # Create SSL credentials for mutual TLS if needed.
+ use_client_cert = bool(
+ util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))
+ )
+
+ client_cert_source_func = None
+ is_mtls = False
+ if use_client_cert:
+ if client_options.client_cert_source:
+ is_mtls = True
+ client_cert_source_func = client_options.client_cert_source
+ else:
+ is_mtls = mtls.has_default_client_cert_source()
+ if is_mtls:
+ client_cert_source_func = mtls.default_client_cert_source()
+ else:
+ client_cert_source_func = None
+
+ # Figure out which api endpoint to use.
+ if client_options.api_endpoint is not None:
+ api_endpoint = client_options.api_endpoint
+ else:
+ use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
+ if use_mtls_env == "never":
+ api_endpoint = self.DEFAULT_ENDPOINT
+ elif use_mtls_env == "always":
+ api_endpoint = self.DEFAULT_MTLS_ENDPOINT
+ elif use_mtls_env == "auto":
+ if is_mtls:
+ api_endpoint = self.DEFAULT_MTLS_ENDPOINT
+ else:
+ api_endpoint = self.DEFAULT_ENDPOINT
+ else:
+ raise MutualTLSChannelError(
+ "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted "
+ "values: never, auto, always"
+ )
+
+ # Save or instantiate the transport.
+ # Ordinarily, we provide the transport, but allowing a custom transport
+ # instance provides an extensibility point for unusual situations.
+ if isinstance(transport, BinauthzManagementServiceV1Transport):
+ # transport is a BinauthzManagementServiceV1Transport instance.
+ if credentials or client_options.credentials_file:
+ raise ValueError(
+ "When providing a transport instance, "
+ "provide its credentials directly."
+ )
+ if client_options.scopes:
+ raise ValueError(
+ "When providing a transport instance, provide its scopes "
+ "directly."
+ )
+ self._transport = transport
+ else:
+ Transport = type(self).get_transport_class(transport)
+ self._transport = Transport(
+ credentials=credentials,
+ credentials_file=client_options.credentials_file,
+ host=api_endpoint,
+ scopes=client_options.scopes,
+ client_cert_source_for_mtls=client_cert_source_func,
+ quota_project_id=client_options.quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=(
+ Transport == type(self).get_transport_class("grpc")
+ or Transport == type(self).get_transport_class("grpc_asyncio")
+ ),
+ )
+
+ def get_policy(
+ self,
+ request: Union[service.GetPolicyRequest, dict] = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Policy:
+ r"""A [policy][google.cloud.binaryauthorization.v1.Policy] specifies
+ the [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ that must attest to a container image, before the project is
+ allowed to deploy that image. There is at most one policy per
+ project. All image admission requests are permitted if a project
+ has no policy.
+
+ Gets the [policy][google.cloud.binaryauthorization.v1.Policy]
+ for this project. Returns a default
+ [policy][google.cloud.binaryauthorization.v1.Policy] if the
+ project does not have one.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.GetPolicyRequest, dict]):
+ The request object. Request message for
+ [BinauthzManagementService.GetPolicy][].
+ name (str):
+ Required. The resource name of the
+ [policy][google.cloud.binaryauthorization.v1.Policy] to
+ retrieve, in the format ``projects/*/policy``.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Policy:
+ A [policy][google.cloud.binaryauthorization.v1.Policy]
+ for container image binary authorization.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.GetPolicyRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.GetPolicyRequest):
+ request = service.GetPolicyRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.get_policy]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ def update_policy(
+ self,
+ request: Union[service.UpdatePolicyRequest, dict] = None,
+ *,
+ policy: resources.Policy = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Policy:
+ r"""Creates or updates a project's
+ [policy][google.cloud.binaryauthorization.v1.Policy], and
+ returns a copy of the new
+ [policy][google.cloud.binaryauthorization.v1.Policy]. A policy
+ is always updated as a whole, to avoid race conditions with
+ concurrent policy enforcement (or management!) requests. Returns
+ NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
+ request is malformed.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest, dict]):
+ The request object. Request message for
+ [BinauthzManagementService.UpdatePolicy][].
+ policy (google.cloud.binaryauthorization_v1.types.Policy):
+ Required. A new or updated
+ [policy][google.cloud.binaryauthorization.v1.Policy]
+ value. The service will overwrite the [policy
+ name][google.cloud.binaryauthorization.v1.Policy.name]
+ field with the resource name in the request URL, in the
+ format ``projects/*/policy``.
+
+ This corresponds to the ``policy`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Policy:
+ A [policy][google.cloud.binaryauthorization.v1.Policy]
+ for container image binary authorization.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([policy])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.UpdatePolicyRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.UpdatePolicyRequest):
+ request = service.UpdatePolicyRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if policy is not None:
+ request.policy = policy
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.update_policy]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata(
+ (("policy.name", request.policy.name),)
+ ),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ def create_attestor(
+ self,
+ request: Union[service.CreateAttestorRequest, dict] = None,
+ *,
+ parent: str = None,
+ attestor_id: str = None,
+ attestor: resources.Attestor = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Attestor:
+ r"""Creates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor], and
+ returns a copy of the new
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the project does not exist,
+ INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if
+ the [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ already exists.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.CreateAttestorRequest, dict]):
+ The request object. Request message for
+ [BinauthzManagementService.CreateAttestor][].
+ parent (str):
+ Required. The parent of this
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+
+ This corresponds to the ``parent`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ attestor_id (str):
+ Required. The
+ [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ ID.
+
+ This corresponds to the ``attestor_id`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ attestor (google.cloud.binaryauthorization_v1.types.Attestor):
+ Required. The initial
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ value. The service will overwrite the [attestor
+ name][google.cloud.binaryauthorization.v1.Attestor.name]
+ field with the resource name, in the format
+ ``projects/*/attestors/*``.
+
+ This corresponds to the ``attestor`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Attestor:
+ An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+ artifacts. An existing attestor cannot be modified
+ except where indicated.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([parent, attestor_id, attestor])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.CreateAttestorRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.CreateAttestorRequest):
+ request = service.CreateAttestorRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if parent is not None:
+ request.parent = parent
+ if attestor_id is not None:
+ request.attestor_id = attestor_id
+ if attestor is not None:
+ request.attestor = attestor
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.create_attestor]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ def get_attestor(
+ self,
+ request: Union[service.GetAttestorRequest, dict] = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Attestor:
+ r"""Gets an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.GetAttestorRequest, dict]):
+ The request object. Request message for
+ [BinauthzManagementService.GetAttestor][].
+ name (str):
+ Required. The name of the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ to retrieve, in the format ``projects/*/attestors/*``.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Attestor:
+ An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+ artifacts. An existing attestor cannot be modified
+ except where indicated.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.GetAttestorRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.GetAttestorRequest):
+ request = service.GetAttestorRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.get_attestor]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ def update_attestor(
+ self,
+ request: Union[service.UpdateAttestorRequest, dict] = None,
+ *,
+ attestor: resources.Attestor = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Attestor:
+ r"""Updates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest, dict]):
+ The request object. Request message for
+ [BinauthzManagementService.UpdateAttestor][].
+ attestor (google.cloud.binaryauthorization_v1.types.Attestor):
+ Required. The updated
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ value. The service will overwrite the [attestor
+ name][google.cloud.binaryauthorization.v1.Attestor.name]
+ field with the resource name in the request URL, in the
+ format ``projects/*/attestors/*``.
+
+ This corresponds to the ``attestor`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Attestor:
+ An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+ artifacts. An existing attestor cannot be modified
+ except where indicated.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([attestor])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.UpdateAttestorRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.UpdateAttestorRequest):
+ request = service.UpdateAttestorRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if attestor is not None:
+ request.attestor = attestor
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.update_attestor]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata(
+ (("attestor.name", request.attestor.name),)
+ ),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+ def list_attestors(
+ self,
+ request: Union[service.ListAttestorsRequest, dict] = None,
+ *,
+ parent: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> pagers.ListAttestorsPager:
+ r"""Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+ Returns INVALID_ARGUMENT if the project does not exist.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.ListAttestorsRequest, dict]):
+ The request object. Request message for
+ [BinauthzManagementService.ListAttestors][].
+ parent (str):
+ Required. The resource name of the project associated
+ with the
+ [attestors][google.cloud.binaryauthorization.v1.Attestor],
+ in the format ``projects/*``.
+
+ This corresponds to the ``parent`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsPager:
+ Response message for
+ [BinauthzManagementService.ListAttestors][].
+
+ Iterating over this object will yield results and
+ resolve additional pages automatically.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([parent])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.ListAttestorsRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.ListAttestorsRequest):
+ request = service.ListAttestorsRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if parent is not None:
+ request.parent = parent
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.list_attestors]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # This method is paged; wrap the response in a pager, which provides
+ # an `__iter__` convenience method.
+ response = pagers.ListAttestorsPager(
+ method=rpc, request=request, response=response, metadata=metadata,
+ )
+
+ # Done; return the response.
+ return response
+
+ def delete_attestor(
+ self,
+ request: Union[service.DeleteAttestorRequest, dict] = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> None:
+ r"""Deletes an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest, dict]):
+ The request object. Request message for
+ [BinauthzManagementService.DeleteAttestor][].
+ name (str):
+ Required. The name of the
+ [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ to delete, in the format ``projects/*/attestors/*``.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.DeleteAttestorRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.DeleteAttestorRequest):
+ request = service.DeleteAttestorRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.delete_attestor]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ rpc(
+ request, retry=retry, timeout=timeout, metadata=metadata,
+ )
+
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+
+__all__ = ("BinauthzManagementServiceV1Client",)
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/pagers.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/pagers.py
new file mode 100644
index 0000000..30d2338
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/pagers.py
@@ -0,0 +1,156 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from typing import (
+ Any,
+ AsyncIterable,
+ Awaitable,
+ Callable,
+ Iterable,
+ Sequence,
+ Tuple,
+ Optional,
+)
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+
+
+class ListAttestorsPager:
+ """A pager for iterating through ``list_attestors`` requests.
+
+ This class thinly wraps an initial
+ :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse` object, and
+ provides an ``__iter__`` method to iterate through its
+ ``attestors`` field.
+
+ If there are more pages, the ``__iter__`` method will make additional
+ ``ListAttestors`` requests and continue to iterate
+ through the ``attestors`` field on the
+ corresponding responses.
+
+ All the usual :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse`
+ attributes are available on the pager. If multiple requests are made, only
+ the most recent response is retained, and thus used for attribute lookup.
+ """
+
+ def __init__(
+ self,
+ method: Callable[..., service.ListAttestorsResponse],
+ request: service.ListAttestorsRequest,
+ response: service.ListAttestorsResponse,
+ *,
+ metadata: Sequence[Tuple[str, str]] = ()
+ ):
+ """Instantiate the pager.
+
+ Args:
+ method (Callable): The method that was originally called, and
+ which instantiated this pager.
+ request (google.cloud.binaryauthorization_v1.types.ListAttestorsRequest):
+ The initial request object.
+ response (google.cloud.binaryauthorization_v1.types.ListAttestorsResponse):
+ The initial response object.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+ """
+ self._method = method
+ self._request = service.ListAttestorsRequest(request)
+ self._response = response
+ self._metadata = metadata
+
+ def __getattr__(self, name: str) -> Any:
+ return getattr(self._response, name)
+
+ @property
+ def pages(self) -> Iterable[service.ListAttestorsResponse]:
+ yield self._response
+ while self._response.next_page_token:
+ self._request.page_token = self._response.next_page_token
+ self._response = self._method(self._request, metadata=self._metadata)
+ yield self._response
+
+ def __iter__(self) -> Iterable[resources.Attestor]:
+ for page in self.pages:
+ yield from page.attestors
+
+ def __repr__(self) -> str:
+ return "{0}<{1!r}>".format(self.__class__.__name__, self._response)
+
+
+class ListAttestorsAsyncPager:
+ """A pager for iterating through ``list_attestors`` requests.
+
+ This class thinly wraps an initial
+ :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse` object, and
+ provides an ``__aiter__`` method to iterate through its
+ ``attestors`` field.
+
+ If there are more pages, the ``__aiter__`` method will make additional
+ ``ListAttestors`` requests and continue to iterate
+ through the ``attestors`` field on the
+ corresponding responses.
+
+ All the usual :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse`
+ attributes are available on the pager. If multiple requests are made, only
+ the most recent response is retained, and thus used for attribute lookup.
+ """
+
+ def __init__(
+ self,
+ method: Callable[..., Awaitable[service.ListAttestorsResponse]],
+ request: service.ListAttestorsRequest,
+ response: service.ListAttestorsResponse,
+ *,
+ metadata: Sequence[Tuple[str, str]] = ()
+ ):
+ """Instantiates the pager.
+
+ Args:
+ method (Callable): The method that was originally called, and
+ which instantiated this pager.
+ request (google.cloud.binaryauthorization_v1.types.ListAttestorsRequest):
+ The initial request object.
+ response (google.cloud.binaryauthorization_v1.types.ListAttestorsResponse):
+ The initial response object.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+ """
+ self._method = method
+ self._request = service.ListAttestorsRequest(request)
+ self._response = response
+ self._metadata = metadata
+
+ def __getattr__(self, name: str) -> Any:
+ return getattr(self._response, name)
+
+ @property
+ async def pages(self) -> AsyncIterable[service.ListAttestorsResponse]:
+ yield self._response
+ while self._response.next_page_token:
+ self._request.page_token = self._response.next_page_token
+ self._response = await self._method(self._request, metadata=self._metadata)
+ yield self._response
+
+ def __aiter__(self) -> AsyncIterable[resources.Attestor]:
+ async def async_generator():
+ async for page in self.pages:
+ for response in page.attestors:
+ yield response
+
+ return async_generator()
+
+ def __repr__(self) -> str:
+ return "{0}<{1!r}>".format(self.__class__.__name__, self._response)
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/__init__.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/__init__.py
new file mode 100644
index 0000000..444c09e
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/__init__.py
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+from typing import Dict, Type
+
+from .base import BinauthzManagementServiceV1Transport
+from .grpc import BinauthzManagementServiceV1GrpcTransport
+from .grpc_asyncio import BinauthzManagementServiceV1GrpcAsyncIOTransport
+
+
+# Compile a registry of transports.
+_transport_registry = (
+ OrderedDict()
+) # type: Dict[str, Type[BinauthzManagementServiceV1Transport]]
+_transport_registry["grpc"] = BinauthzManagementServiceV1GrpcTransport
+_transport_registry["grpc_asyncio"] = BinauthzManagementServiceV1GrpcAsyncIOTransport
+
+__all__ = (
+ "BinauthzManagementServiceV1Transport",
+ "BinauthzManagementServiceV1GrpcTransport",
+ "BinauthzManagementServiceV1GrpcAsyncIOTransport",
+)
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py
new file mode 100644
index 0000000..18b3d96
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py
@@ -0,0 +1,317 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import abc
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Union
+import packaging.version
+import pkg_resources
+
+import google.auth # type: ignore
+import google.api_core # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.protobuf import empty_pb2 # type: ignore
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+try:
+ # google.auth.__version__ was added in 1.26.0
+ _GOOGLE_AUTH_VERSION = google.auth.__version__
+except AttributeError:
+ try: # try pkg_resources if it is available
+ _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version
+ except pkg_resources.DistributionNotFound: # pragma: NO COVER
+ _GOOGLE_AUTH_VERSION = None
+
+
+class BinauthzManagementServiceV1Transport(abc.ABC):
+ """Abstract transport class for BinauthzManagementServiceV1."""
+
+ AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",)
+
+ DEFAULT_HOST: str = "binaryauthorization.googleapis.com"
+
+ def __init__(
+ self,
+ *,
+ host: str = DEFAULT_HOST,
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ **kwargs,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is mutually exclusive with credentials.
+ scopes (Optional[Sequence[str]]): A list of scopes.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+ """
+ # Save the hostname. Default to port 443 (HTTPS) if none is specified.
+ if ":" not in host:
+ host += ":443"
+ self._host = host
+
+ scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
+
+ # Save the scopes.
+ self._scopes = scopes
+
+ # If no credentials are provided, then determine the appropriate
+ # defaults.
+ if credentials and credentials_file:
+ raise core_exceptions.DuplicateCredentialArgs(
+ "'credentials_file' and 'credentials' are mutually exclusive"
+ )
+
+ if credentials_file is not None:
+ credentials, _ = google.auth.load_credentials_from_file(
+ credentials_file, **scopes_kwargs, quota_project_id=quota_project_id
+ )
+
+ elif credentials is None:
+ credentials, _ = google.auth.default(
+ **scopes_kwargs, quota_project_id=quota_project_id
+ )
+
+ # If the credentials are service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
+ # Save the credentials.
+ self._credentials = credentials
+
+ # TODO(busunkim): This method is in the base transport
+ # to avoid duplicating code across the transport classes. These functions
+ # should be deleted once the minimum required versions of google-auth is increased.
+
+ # TODO: Remove this function once google-auth >= 1.25.0 is required
+ @classmethod
+ def _get_scopes_kwargs(
+ cls, host: str, scopes: Optional[Sequence[str]]
+ ) -> Dict[str, Optional[Sequence[str]]]:
+ """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version"""
+
+ scopes_kwargs = {}
+
+ if _GOOGLE_AUTH_VERSION and (
+ packaging.version.parse(_GOOGLE_AUTH_VERSION)
+ >= packaging.version.parse("1.25.0")
+ ):
+ scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES}
+ else:
+ scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES}
+
+ return scopes_kwargs
+
+ def _prep_wrapped_messages(self, client_info):
+ # Precompute the wrapped methods.
+ self._wrapped_methods = {
+ self.get_policy: gapic_v1.method.wrap_method(
+ self.get_policy,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=client_info,
+ ),
+ self.update_policy: gapic_v1.method.wrap_method(
+ self.update_policy,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=client_info,
+ ),
+ self.create_attestor: gapic_v1.method.wrap_method(
+ self.create_attestor, default_timeout=600.0, client_info=client_info,
+ ),
+ self.get_attestor: gapic_v1.method.wrap_method(
+ self.get_attestor,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=client_info,
+ ),
+ self.update_attestor: gapic_v1.method.wrap_method(
+ self.update_attestor,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=client_info,
+ ),
+ self.list_attestors: gapic_v1.method.wrap_method(
+ self.list_attestors,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=client_info,
+ ),
+ self.delete_attestor: gapic_v1.method.wrap_method(
+ self.delete_attestor,
+ default_retry=retries.Retry(
+ initial=0.1,
+ maximum=60.0,
+ multiplier=1.3,
+ predicate=retries.if_exception_type(
+ core_exceptions.DeadlineExceeded,
+ core_exceptions.ServiceUnavailable,
+ ),
+ deadline=600.0,
+ ),
+ default_timeout=600.0,
+ client_info=client_info,
+ ),
+ }
+
+ @property
+ def get_policy(
+ self,
+ ) -> Callable[
+ [service.GetPolicyRequest], Union[resources.Policy, Awaitable[resources.Policy]]
+ ]:
+ raise NotImplementedError()
+
+ @property
+ def update_policy(
+ self,
+ ) -> Callable[
+ [service.UpdatePolicyRequest],
+ Union[resources.Policy, Awaitable[resources.Policy]],
+ ]:
+ raise NotImplementedError()
+
+ @property
+ def create_attestor(
+ self,
+ ) -> Callable[
+ [service.CreateAttestorRequest],
+ Union[resources.Attestor, Awaitable[resources.Attestor]],
+ ]:
+ raise NotImplementedError()
+
+ @property
+ def get_attestor(
+ self,
+ ) -> Callable[
+ [service.GetAttestorRequest],
+ Union[resources.Attestor, Awaitable[resources.Attestor]],
+ ]:
+ raise NotImplementedError()
+
+ @property
+ def update_attestor(
+ self,
+ ) -> Callable[
+ [service.UpdateAttestorRequest],
+ Union[resources.Attestor, Awaitable[resources.Attestor]],
+ ]:
+ raise NotImplementedError()
+
+ @property
+ def list_attestors(
+ self,
+ ) -> Callable[
+ [service.ListAttestorsRequest],
+ Union[service.ListAttestorsResponse, Awaitable[service.ListAttestorsResponse]],
+ ]:
+ raise NotImplementedError()
+
+ @property
+ def delete_attestor(
+ self,
+ ) -> Callable[
+ [service.DeleteAttestorRequest],
+ Union[empty_pb2.Empty, Awaitable[empty_pb2.Empty]],
+ ]:
+ raise NotImplementedError()
+
+
+__all__ = ("BinauthzManagementServiceV1Transport",)
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py
new file mode 100644
index 0000000..27ec06e
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py
@@ -0,0 +1,454 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import warnings
+from typing import Callable, Dict, Optional, Sequence, Tuple, Union
+
+from google.api_core import grpc_helpers # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+import google.auth # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+
+import grpc # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.protobuf import empty_pb2 # type: ignore
+from .base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO
+
+
+class BinauthzManagementServiceV1GrpcTransport(BinauthzManagementServiceV1Transport):
+ """gRPC backend transport for BinauthzManagementServiceV1.
+
+ Google Cloud Management Service for Binary Authorization admission
+ policies and attestation authorities.
+
+ This API implements a REST model with the following objects:
+
+ - [Policy][google.cloud.binaryauthorization.v1.Policy]
+ - [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+
+ This class defines the same methods as the primary client, so the
+ primary client can load the underlying transport implementation
+ and call it.
+
+ It sends protocol buffers over the wire using gRPC (which is built on
+ top of HTTP/2); the ``grpcio`` package must be installed.
+ """
+
+ _stubs: Dict[str, Callable]
+
+ def __init__(
+ self,
+ *,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: str = None,
+ scopes: Sequence[str] = None,
+ channel: grpc.Channel = None,
+ api_mtls_endpoint: str = None,
+ client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
+ ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
+ quota_project_id: Optional[str] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ This argument is ignored if ``channel`` is provided.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional(Sequence[str])): A list of scopes. This argument is
+ ignored if ``channel`` is provided.
+ channel (Optional[grpc.Channel]): A ``Channel`` instance through
+ which to make calls.
+ api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
+ If provided, it overrides the ``host`` argument and tries to create
+ a mutual TLS channel with client SSL credentials from
+ ``client_cert_source`` or application default SSL credentials.
+ client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ Deprecated. A callback to provide client SSL certificate bytes and
+ private key bytes, both in PEM format. It is ignored if
+ ``api_mtls_endpoint`` is None.
+ ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
+ for the grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure a mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+
+ Raises:
+ google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
+ creation failed for any reason.
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+ self._grpc_channel = None
+ self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
+
+ if channel:
+ # Ignore credentials if a channel was passed.
+ credentials = False
+ # If a channel was explicitly provided, set it.
+ self._grpc_channel = channel
+ self._ssl_channel_credentials = None
+
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
+
+ else:
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
+ )
+
+ if not self._grpc_channel:
+ self._grpc_channel = type(self).create_channel(
+ self._host,
+ credentials=self._credentials,
+ credentials_file=credentials_file,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
+ quota_project_id=quota_project_id,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
+
+ @classmethod
+ def create_channel(
+ cls,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: str = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ **kwargs,
+ ) -> grpc.Channel:
+ """Create and return a gRPC channel object.
+ Args:
+ host (Optional[str]): The host for the channel to use.
+ credentials (Optional[~.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify this application to the service. If
+ none are specified, the client will attempt to ascertain
+ the credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is mutually exclusive with credentials.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ kwargs (Optional[dict]): Keyword arguments, which are passed to the
+ channel creation.
+ Returns:
+ grpc.Channel: A gRPC channel object.
+
+ Raises:
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+
+ return grpc_helpers.create_channel(
+ host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ quota_project_id=quota_project_id,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
+ **kwargs,
+ )
+
+ @property
+ def grpc_channel(self) -> grpc.Channel:
+ """Return the channel designed to connect to this service.
+ """
+ return self._grpc_channel
+
+ @property
+ def get_policy(self) -> Callable[[service.GetPolicyRequest], resources.Policy]:
+ r"""Return a callable for the get policy method over gRPC.
+
+ A [policy][google.cloud.binaryauthorization.v1.Policy] specifies
+ the [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ that must attest to a container image, before the project is
+ allowed to deploy that image. There is at most one policy per
+ project. All image admission requests are permitted if a project
+ has no policy.
+
+ Gets the [policy][google.cloud.binaryauthorization.v1.Policy]
+ for this project. Returns a default
+ [policy][google.cloud.binaryauthorization.v1.Policy] if the
+ project does not have one.
+
+ Returns:
+ Callable[[~.GetPolicyRequest],
+ ~.Policy]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "get_policy" not in self._stubs:
+ self._stubs["get_policy"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetPolicy",
+ request_serializer=service.GetPolicyRequest.serialize,
+ response_deserializer=resources.Policy.deserialize,
+ )
+ return self._stubs["get_policy"]
+
+ @property
+ def update_policy(
+ self,
+ ) -> Callable[[service.UpdatePolicyRequest], resources.Policy]:
+ r"""Return a callable for the update policy method over gRPC.
+
+ Creates or updates a project's
+ [policy][google.cloud.binaryauthorization.v1.Policy], and
+ returns a copy of the new
+ [policy][google.cloud.binaryauthorization.v1.Policy]. A policy
+ is always updated as a whole, to avoid race conditions with
+ concurrent policy enforcement (or management!) requests. Returns
+ NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
+ request is malformed.
+
+ Returns:
+ Callable[[~.UpdatePolicyRequest],
+ ~.Policy]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "update_policy" not in self._stubs:
+ self._stubs["update_policy"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdatePolicy",
+ request_serializer=service.UpdatePolicyRequest.serialize,
+ response_deserializer=resources.Policy.deserialize,
+ )
+ return self._stubs["update_policy"]
+
+ @property
+ def create_attestor(
+ self,
+ ) -> Callable[[service.CreateAttestorRequest], resources.Attestor]:
+ r"""Return a callable for the create attestor method over gRPC.
+
+ Creates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor], and
+ returns a copy of the new
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the project does not exist,
+ INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if
+ the [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ already exists.
+
+ Returns:
+ Callable[[~.CreateAttestorRequest],
+ ~.Attestor]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "create_attestor" not in self._stubs:
+ self._stubs["create_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/CreateAttestor",
+ request_serializer=service.CreateAttestorRequest.serialize,
+ response_deserializer=resources.Attestor.deserialize,
+ )
+ return self._stubs["create_attestor"]
+
+ @property
+ def get_attestor(
+ self,
+ ) -> Callable[[service.GetAttestorRequest], resources.Attestor]:
+ r"""Return a callable for the get attestor method over gRPC.
+
+ Gets an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Returns:
+ Callable[[~.GetAttestorRequest],
+ ~.Attestor]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "get_attestor" not in self._stubs:
+ self._stubs["get_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetAttestor",
+ request_serializer=service.GetAttestorRequest.serialize,
+ response_deserializer=resources.Attestor.deserialize,
+ )
+ return self._stubs["get_attestor"]
+
+ @property
+ def update_attestor(
+ self,
+ ) -> Callable[[service.UpdateAttestorRequest], resources.Attestor]:
+ r"""Return a callable for the update attestor method over gRPC.
+
+ Updates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Returns:
+ Callable[[~.UpdateAttestorRequest],
+ ~.Attestor]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "update_attestor" not in self._stubs:
+ self._stubs["update_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdateAttestor",
+ request_serializer=service.UpdateAttestorRequest.serialize,
+ response_deserializer=resources.Attestor.deserialize,
+ )
+ return self._stubs["update_attestor"]
+
+ @property
+ def list_attestors(
+ self,
+ ) -> Callable[[service.ListAttestorsRequest], service.ListAttestorsResponse]:
+ r"""Return a callable for the list attestors method over gRPC.
+
+ Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+ Returns INVALID_ARGUMENT if the project does not exist.
+
+ Returns:
+ Callable[[~.ListAttestorsRequest],
+ ~.ListAttestorsResponse]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "list_attestors" not in self._stubs:
+ self._stubs["list_attestors"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/ListAttestors",
+ request_serializer=service.ListAttestorsRequest.serialize,
+ response_deserializer=service.ListAttestorsResponse.deserialize,
+ )
+ return self._stubs["list_attestors"]
+
+ @property
+ def delete_attestor(
+ self,
+ ) -> Callable[[service.DeleteAttestorRequest], empty_pb2.Empty]:
+ r"""Return a callable for the delete attestor method over gRPC.
+
+ Deletes an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Returns:
+ Callable[[~.DeleteAttestorRequest],
+ ~.Empty]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "delete_attestor" not in self._stubs:
+ self._stubs["delete_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/DeleteAttestor",
+ request_serializer=service.DeleteAttestorRequest.serialize,
+ response_deserializer=empty_pb2.Empty.FromString,
+ )
+ return self._stubs["delete_attestor"]
+
+
+__all__ = ("BinauthzManagementServiceV1GrpcTransport",)
diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py
new file mode 100644
index 0000000..bb5c5b6
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py
@@ -0,0 +1,463 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import warnings
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
+
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import grpc_helpers_async # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+import packaging.version
+
+import grpc # type: ignore
+from grpc.experimental import aio # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.protobuf import empty_pb2 # type: ignore
+from .base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO
+from .grpc import BinauthzManagementServiceV1GrpcTransport
+
+
+class BinauthzManagementServiceV1GrpcAsyncIOTransport(
+ BinauthzManagementServiceV1Transport
+):
+ """gRPC AsyncIO backend transport for BinauthzManagementServiceV1.
+
+ Google Cloud Management Service for Binary Authorization admission
+ policies and attestation authorities.
+
+ This API implements a REST model with the following objects:
+
+ - [Policy][google.cloud.binaryauthorization.v1.Policy]
+ - [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+
+ This class defines the same methods as the primary client, so the
+ primary client can load the underlying transport implementation
+ and call it.
+
+ It sends protocol buffers over the wire using gRPC (which is built on
+ top of HTTP/2); the ``grpcio`` package must be installed.
+ """
+
+ _grpc_channel: aio.Channel
+ _stubs: Dict[str, Callable] = {}
+
+ @classmethod
+ def create_channel(
+ cls,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ **kwargs,
+ ) -> aio.Channel:
+ """Create and return a gRPC AsyncIO channel object.
+ Args:
+ host (Optional[str]): The host for the channel to use.
+ credentials (Optional[~.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify this application to the service. If
+ none are specified, the client will attempt to ascertain
+ the credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ kwargs (Optional[dict]): Keyword arguments, which are passed to the
+ channel creation.
+ Returns:
+ aio.Channel: A gRPC AsyncIO channel object.
+ """
+
+ return grpc_helpers_async.create_channel(
+ host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ quota_project_id=quota_project_id,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
+ **kwargs,
+ )
+
+ def __init__(
+ self,
+ *,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ channel: aio.Channel = None,
+ api_mtls_endpoint: str = None,
+ client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
+ ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
+ quota_project_id=None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ This argument is ignored if ``channel`` is provided.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ channel (Optional[aio.Channel]): A ``Channel`` instance through
+ which to make calls.
+ api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
+ If provided, it overrides the ``host`` argument and tries to create
+ a mutual TLS channel with client SSL credentials from
+ ``client_cert_source`` or application default SSL credentials.
+ client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ Deprecated. A callback to provide client SSL certificate bytes and
+ private key bytes, both in PEM format. It is ignored if
+ ``api_mtls_endpoint`` is None.
+ ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
+ for the grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure a mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+ self._grpc_channel = None
+ self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
+
+ if channel:
+ # Ignore credentials if a channel was passed.
+ credentials = False
+ # If a channel was explicitly provided, set it.
+ self._grpc_channel = channel
+ self._ssl_channel_credentials = None
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
+
+ else:
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
+ )
+
+ if not self._grpc_channel:
+ self._grpc_channel = type(self).create_channel(
+ self._host,
+ credentials=self._credentials,
+ credentials_file=credentials_file,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
+ quota_project_id=quota_project_id,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
+
+ @property
+ def grpc_channel(self) -> aio.Channel:
+ """Create the channel designed to connect to this service.
+
+ This property caches on the instance; repeated calls return
+ the same channel.
+ """
+ # Return the channel from cache.
+ return self._grpc_channel
+
+ @property
+ def get_policy(
+ self,
+ ) -> Callable[[service.GetPolicyRequest], Awaitable[resources.Policy]]:
+ r"""Return a callable for the get policy method over gRPC.
+
+ A [policy][google.cloud.binaryauthorization.v1.Policy] specifies
+ the [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ that must attest to a container image, before the project is
+ allowed to deploy that image. There is at most one policy per
+ project. All image admission requests are permitted if a project
+ has no policy.
+
+ Gets the [policy][google.cloud.binaryauthorization.v1.Policy]
+ for this project. Returns a default
+ [policy][google.cloud.binaryauthorization.v1.Policy] if the
+ project does not have one.
+
+ Returns:
+ Callable[[~.GetPolicyRequest],
+ Awaitable[~.Policy]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "get_policy" not in self._stubs:
+ self._stubs["get_policy"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetPolicy",
+ request_serializer=service.GetPolicyRequest.serialize,
+ response_deserializer=resources.Policy.deserialize,
+ )
+ return self._stubs["get_policy"]
+
+ @property
+ def update_policy(
+ self,
+ ) -> Callable[[service.UpdatePolicyRequest], Awaitable[resources.Policy]]:
+ r"""Return a callable for the update policy method over gRPC.
+
+ Creates or updates a project's
+ [policy][google.cloud.binaryauthorization.v1.Policy], and
+ returns a copy of the new
+ [policy][google.cloud.binaryauthorization.v1.Policy]. A policy
+ is always updated as a whole, to avoid race conditions with
+ concurrent policy enforcement (or management!) requests. Returns
+ NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
+ request is malformed.
+
+ Returns:
+ Callable[[~.UpdatePolicyRequest],
+ Awaitable[~.Policy]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "update_policy" not in self._stubs:
+ self._stubs["update_policy"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdatePolicy",
+ request_serializer=service.UpdatePolicyRequest.serialize,
+ response_deserializer=resources.Policy.deserialize,
+ )
+ return self._stubs["update_policy"]
+
+ @property
+ def create_attestor(
+ self,
+ ) -> Callable[[service.CreateAttestorRequest], Awaitable[resources.Attestor]]:
+ r"""Return a callable for the create attestor method over gRPC.
+
+ Creates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor], and
+ returns a copy of the new
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the project does not exist,
+ INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if
+ the [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ already exists.
+
+ Returns:
+ Callable[[~.CreateAttestorRequest],
+ Awaitable[~.Attestor]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "create_attestor" not in self._stubs:
+ self._stubs["create_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/CreateAttestor",
+ request_serializer=service.CreateAttestorRequest.serialize,
+ response_deserializer=resources.Attestor.deserialize,
+ )
+ return self._stubs["create_attestor"]
+
+ @property
+ def get_attestor(
+ self,
+ ) -> Callable[[service.GetAttestorRequest], Awaitable[resources.Attestor]]:
+ r"""Return a callable for the get attestor method over gRPC.
+
+ Gets an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Returns:
+ Callable[[~.GetAttestorRequest],
+ Awaitable[~.Attestor]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "get_attestor" not in self._stubs:
+ self._stubs["get_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetAttestor",
+ request_serializer=service.GetAttestorRequest.serialize,
+ response_deserializer=resources.Attestor.deserialize,
+ )
+ return self._stubs["get_attestor"]
+
+ @property
+ def update_attestor(
+ self,
+ ) -> Callable[[service.UpdateAttestorRequest], Awaitable[resources.Attestor]]:
+ r"""Return a callable for the update attestor method over gRPC.
+
+ Updates an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Returns:
+ Callable[[~.UpdateAttestorRequest],
+ Awaitable[~.Attestor]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "update_attestor" not in self._stubs:
+ self._stubs["update_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdateAttestor",
+ request_serializer=service.UpdateAttestorRequest.serialize,
+ response_deserializer=resources.Attestor.deserialize,
+ )
+ return self._stubs["update_attestor"]
+
+ @property
+ def list_attestors(
+ self,
+ ) -> Callable[
+ [service.ListAttestorsRequest], Awaitable[service.ListAttestorsResponse]
+ ]:
+ r"""Return a callable for the list attestors method over gRPC.
+
+ Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+ Returns INVALID_ARGUMENT if the project does not exist.
+
+ Returns:
+ Callable[[~.ListAttestorsRequest],
+ Awaitable[~.ListAttestorsResponse]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "list_attestors" not in self._stubs:
+ self._stubs["list_attestors"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/ListAttestors",
+ request_serializer=service.ListAttestorsRequest.serialize,
+ response_deserializer=service.ListAttestorsResponse.deserialize,
+ )
+ return self._stubs["list_attestors"]
+
+ @property
+ def delete_attestor(
+ self,
+ ) -> Callable[[service.DeleteAttestorRequest], Awaitable[empty_pb2.Empty]]:
+ r"""Return a callable for the delete attestor method over gRPC.
+
+ Deletes an
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ Returns NOT_FOUND if the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] does
+ not exist.
+
+ Returns:
+ Callable[[~.DeleteAttestorRequest],
+ Awaitable[~.Empty]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "delete_attestor" not in self._stubs:
+ self._stubs["delete_attestor"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/DeleteAttestor",
+ request_serializer=service.DeleteAttestorRequest.serialize,
+ response_deserializer=empty_pb2.Empty.FromString,
+ )
+ return self._stubs["delete_attestor"]
+
+
+__all__ = ("BinauthzManagementServiceV1GrpcAsyncIOTransport",)
diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/__init__.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/__init__.py
new file mode 100644
index 0000000..0d527b7
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/__init__.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from .client import SystemPolicyV1Client
+from .async_client import SystemPolicyV1AsyncClient
+
+__all__ = (
+ "SystemPolicyV1Client",
+ "SystemPolicyV1AsyncClient",
+)
diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/async_client.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/async_client.py
new file mode 100644
index 0000000..75c81fc
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/async_client.py
@@ -0,0 +1,249 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+import functools
+import re
+from typing import Dict, Sequence, Tuple, Type, Union
+import pkg_resources
+
+import google.api_core.client_options as ClientOptions # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.protobuf import timestamp_pb2 # type: ignore
+from .transports.base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO
+from .transports.grpc_asyncio import SystemPolicyV1GrpcAsyncIOTransport
+from .client import SystemPolicyV1Client
+
+
+class SystemPolicyV1AsyncClient:
+ """API for working with the system policy."""
+
+ _client: SystemPolicyV1Client
+
+ DEFAULT_ENDPOINT = SystemPolicyV1Client.DEFAULT_ENDPOINT
+ DEFAULT_MTLS_ENDPOINT = SystemPolicyV1Client.DEFAULT_MTLS_ENDPOINT
+
+ policy_path = staticmethod(SystemPolicyV1Client.policy_path)
+ parse_policy_path = staticmethod(SystemPolicyV1Client.parse_policy_path)
+ common_billing_account_path = staticmethod(
+ SystemPolicyV1Client.common_billing_account_path
+ )
+ parse_common_billing_account_path = staticmethod(
+ SystemPolicyV1Client.parse_common_billing_account_path
+ )
+ common_folder_path = staticmethod(SystemPolicyV1Client.common_folder_path)
+ parse_common_folder_path = staticmethod(
+ SystemPolicyV1Client.parse_common_folder_path
+ )
+ common_organization_path = staticmethod(
+ SystemPolicyV1Client.common_organization_path
+ )
+ parse_common_organization_path = staticmethod(
+ SystemPolicyV1Client.parse_common_organization_path
+ )
+ common_project_path = staticmethod(SystemPolicyV1Client.common_project_path)
+ parse_common_project_path = staticmethod(
+ SystemPolicyV1Client.parse_common_project_path
+ )
+ common_location_path = staticmethod(SystemPolicyV1Client.common_location_path)
+ parse_common_location_path = staticmethod(
+ SystemPolicyV1Client.parse_common_location_path
+ )
+
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SystemPolicyV1AsyncClient: The constructed client.
+ """
+ return SystemPolicyV1Client.from_service_account_info.__func__(SystemPolicyV1AsyncClient, info, *args, **kwargs) # type: ignore
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SystemPolicyV1AsyncClient: The constructed client.
+ """
+ return SystemPolicyV1Client.from_service_account_file.__func__(SystemPolicyV1AsyncClient, filename, *args, **kwargs) # type: ignore
+
+ from_service_account_json = from_service_account_file
+
+ @property
+ def transport(self) -> SystemPolicyV1Transport:
+ """Returns the transport used by the client instance.
+
+ Returns:
+ SystemPolicyV1Transport: The transport used by the client instance.
+ """
+ return self._client.transport
+
+ get_transport_class = functools.partial(
+ type(SystemPolicyV1Client).get_transport_class, type(SystemPolicyV1Client)
+ )
+
+ def __init__(
+ self,
+ *,
+ credentials: ga_credentials.Credentials = None,
+ transport: Union[str, SystemPolicyV1Transport] = "grpc_asyncio",
+ client_options: ClientOptions = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ ) -> None:
+ """Instantiates the system policy v1 client.
+
+ Args:
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ transport (Union[str, ~.SystemPolicyV1Transport]): The
+ transport to use. If set to None, a transport is chosen
+ automatically.
+ client_options (ClientOptions): Custom options for the client. It
+ won't take effect if a ``transport`` instance is provided.
+ (1) The ``api_endpoint`` property can be used to override the
+ default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
+ environment variable can also be used to override the endpoint:
+ "always" (always use the default mTLS endpoint), "never" (always
+ use the default regular endpoint) and "auto" (auto switch to the
+ default mTLS endpoint if client certificate is present, this is
+ the default value). However, the ``api_endpoint`` property takes
+ precedence if provided.
+ (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
+ is "true", then the ``client_cert_source`` property can be used
+ to provide client certificate for mutual TLS transport. If
+ not provided, the default SSL client certificate will be used if
+ present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
+ set, no client certificate will be used.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
+ """
+ self._client = SystemPolicyV1Client(
+ credentials=credentials,
+ transport=transport,
+ client_options=client_options,
+ client_info=client_info,
+ )
+
+ async def get_system_policy(
+ self,
+ request: service.GetSystemPolicyRequest = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Policy:
+ r"""Gets the current system policy in the specified
+ location.
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.GetSystemPolicyRequest`):
+ The request object. Request to read the current system
+ policy.
+ name (:class:`str`):
+ Required. The resource name, in the format
+ ``locations/*/policy``. Note that the system policy is
+ not associated with a project.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Policy:
+ A [policy][google.cloud.binaryauthorization.v1.Policy]
+ for container image binary authorization.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ request = service.GetSystemPolicyRequest(request)
+
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.get_system_policy,
+ default_timeout=None,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+
+__all__ = ("SystemPolicyV1AsyncClient",)
diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py
new file mode 100644
index 0000000..49d6573
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py
@@ -0,0 +1,433 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+from distutils import util
+import os
+import re
+from typing import Dict, Optional, Sequence, Tuple, Type, Union
+import pkg_resources
+
+from google.api_core import client_options as client_options_lib # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport import mtls # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+from google.auth.exceptions import MutualTLSChannelError # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.protobuf import timestamp_pb2 # type: ignore
+from .transports.base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO
+from .transports.grpc import SystemPolicyV1GrpcTransport
+from .transports.grpc_asyncio import SystemPolicyV1GrpcAsyncIOTransport
+
+
+class SystemPolicyV1ClientMeta(type):
+ """Metaclass for the SystemPolicyV1 client.
+
+ This provides class-level methods for building and retrieving
+ support objects (e.g. transport) without polluting the client instance
+ objects.
+ """
+
+ _transport_registry = (
+ OrderedDict()
+ ) # type: Dict[str, Type[SystemPolicyV1Transport]]
+ _transport_registry["grpc"] = SystemPolicyV1GrpcTransport
+ _transport_registry["grpc_asyncio"] = SystemPolicyV1GrpcAsyncIOTransport
+
+ def get_transport_class(cls, label: str = None,) -> Type[SystemPolicyV1Transport]:
+ """Returns an appropriate transport class.
+
+ Args:
+ label: The name of the desired transport. If none is
+ provided, then the first transport in the registry is used.
+
+ Returns:
+ The transport class to use.
+ """
+ # If a specific transport is requested, return that one.
+ if label:
+ return cls._transport_registry[label]
+
+ # No transport is requested; return the default (that is, the first one
+ # in the dictionary).
+ return next(iter(cls._transport_registry.values()))
+
+
+class SystemPolicyV1Client(metaclass=SystemPolicyV1ClientMeta):
+ """API for working with the system policy."""
+
+ @staticmethod
+ def _get_default_mtls_endpoint(api_endpoint):
+ """Converts api endpoint to mTLS endpoint.
+
+ Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
+ "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
+ Args:
+ api_endpoint (Optional[str]): the api endpoint to convert.
+ Returns:
+ str: converted mTLS api endpoint.
+ """
+ if not api_endpoint:
+ return api_endpoint
+
+ mtls_endpoint_re = re.compile(
+ r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?"
+ )
+
+ m = mtls_endpoint_re.match(api_endpoint)
+ name, mtls, sandbox, googledomain = m.groups()
+ if mtls or not googledomain:
+ return api_endpoint
+
+ if sandbox:
+ return api_endpoint.replace(
+ "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
+ )
+
+ return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
+
+ DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
+ DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
+ DEFAULT_ENDPOINT
+ )
+
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SystemPolicyV1Client: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_info(info)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ SystemPolicyV1Client: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_file(filename)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
+ from_service_account_json = from_service_account_file
+
+ @property
+ def transport(self) -> SystemPolicyV1Transport:
+ """Returns the transport used by the client instance.
+
+ Returns:
+ SystemPolicyV1Transport: The transport used by the client
+ instance.
+ """
+ return self._transport
+
+ @staticmethod
+ def policy_path(project: str,) -> str:
+ """Returns a fully-qualified policy string."""
+ return "projects/{project}/policy".format(project=project,)
+
+ @staticmethod
+ def parse_policy_path(path: str) -> Dict[str, str]:
+ """Parses a policy path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)/policy$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_billing_account_path(billing_account: str,) -> str:
+ """Returns a fully-qualified billing_account string."""
+ return "billingAccounts/{billing_account}".format(
+ billing_account=billing_account,
+ )
+
+ @staticmethod
+ def parse_common_billing_account_path(path: str) -> Dict[str, str]:
+ """Parse a billing_account path into its component segments."""
+ m = re.match(r"^billingAccounts/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_folder_path(folder: str,) -> str:
+ """Returns a fully-qualified folder string."""
+ return "folders/{folder}".format(folder=folder,)
+
+ @staticmethod
+ def parse_common_folder_path(path: str) -> Dict[str, str]:
+ """Parse a folder path into its component segments."""
+ m = re.match(r"^folders/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_organization_path(organization: str,) -> str:
+ """Returns a fully-qualified organization string."""
+ return "organizations/{organization}".format(organization=organization,)
+
+ @staticmethod
+ def parse_common_organization_path(path: str) -> Dict[str, str]:
+ """Parse a organization path into its component segments."""
+ m = re.match(r"^organizations/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_project_path(project: str,) -> str:
+ """Returns a fully-qualified project string."""
+ return "projects/{project}".format(project=project,)
+
+ @staticmethod
+ def parse_common_project_path(path: str) -> Dict[str, str]:
+ """Parse a project path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_location_path(project: str, location: str,) -> str:
+ """Returns a fully-qualified location string."""
+ return "projects/{project}/locations/{location}".format(
+ project=project, location=location,
+ )
+
+ @staticmethod
+ def parse_common_location_path(path: str) -> Dict[str, str]:
+ """Parse a location path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ def __init__(
+ self,
+ *,
+ credentials: Optional[ga_credentials.Credentials] = None,
+ transport: Union[str, SystemPolicyV1Transport, None] = None,
+ client_options: Optional[client_options_lib.ClientOptions] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ ) -> None:
+ """Instantiates the system policy v1 client.
+
+ Args:
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ transport (Union[str, SystemPolicyV1Transport]): The
+ transport to use. If set to None, a transport is chosen
+ automatically.
+ client_options (google.api_core.client_options.ClientOptions): Custom options for the
+ client. It won't take effect if a ``transport`` instance is provided.
+ (1) The ``api_endpoint`` property can be used to override the
+ default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
+ environment variable can also be used to override the endpoint:
+ "always" (always use the default mTLS endpoint), "never" (always
+ use the default regular endpoint) and "auto" (auto switch to the
+ default mTLS endpoint if client certificate is present, this is
+ the default value). However, the ``api_endpoint`` property takes
+ precedence if provided.
+ (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
+ is "true", then the ``client_cert_source`` property can be used
+ to provide client certificate for mutual TLS transport. If
+ not provided, the default SSL client certificate will be used if
+ present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
+ set, no client certificate will be used.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+
+ Raises:
+ google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
+ creation failed for any reason.
+ """
+ if isinstance(client_options, dict):
+ client_options = client_options_lib.from_dict(client_options)
+ if client_options is None:
+ client_options = client_options_lib.ClientOptions()
+
+ # Create SSL credentials for mutual TLS if needed.
+ use_client_cert = bool(
+ util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))
+ )
+
+ client_cert_source_func = None
+ is_mtls = False
+ if use_client_cert:
+ if client_options.client_cert_source:
+ is_mtls = True
+ client_cert_source_func = client_options.client_cert_source
+ else:
+ is_mtls = mtls.has_default_client_cert_source()
+ if is_mtls:
+ client_cert_source_func = mtls.default_client_cert_source()
+ else:
+ client_cert_source_func = None
+
+ # Figure out which api endpoint to use.
+ if client_options.api_endpoint is not None:
+ api_endpoint = client_options.api_endpoint
+ else:
+ use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
+ if use_mtls_env == "never":
+ api_endpoint = self.DEFAULT_ENDPOINT
+ elif use_mtls_env == "always":
+ api_endpoint = self.DEFAULT_MTLS_ENDPOINT
+ elif use_mtls_env == "auto":
+ if is_mtls:
+ api_endpoint = self.DEFAULT_MTLS_ENDPOINT
+ else:
+ api_endpoint = self.DEFAULT_ENDPOINT
+ else:
+ raise MutualTLSChannelError(
+ "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted "
+ "values: never, auto, always"
+ )
+
+ # Save or instantiate the transport.
+ # Ordinarily, we provide the transport, but allowing a custom transport
+ # instance provides an extensibility point for unusual situations.
+ if isinstance(transport, SystemPolicyV1Transport):
+ # transport is a SystemPolicyV1Transport instance.
+ if credentials or client_options.credentials_file:
+ raise ValueError(
+ "When providing a transport instance, "
+ "provide its credentials directly."
+ )
+ if client_options.scopes:
+ raise ValueError(
+ "When providing a transport instance, provide its scopes "
+ "directly."
+ )
+ self._transport = transport
+ else:
+ Transport = type(self).get_transport_class(transport)
+ self._transport = Transport(
+ credentials=credentials,
+ credentials_file=client_options.credentials_file,
+ host=api_endpoint,
+ scopes=client_options.scopes,
+ client_cert_source_for_mtls=client_cert_source_func,
+ quota_project_id=client_options.quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=(
+ Transport == type(self).get_transport_class("grpc")
+ or Transport == type(self).get_transport_class("grpc_asyncio")
+ ),
+ )
+
+ def get_system_policy(
+ self,
+ request: Union[service.GetSystemPolicyRequest, dict] = None,
+ *,
+ name: str = None,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> resources.Policy:
+ r"""Gets the current system policy in the specified
+ location.
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.GetSystemPolicyRequest, dict]):
+ The request object. Request to read the current system
+ policy.
+ name (str):
+ Required. The resource name, in the format
+ ``locations/*/policy``. Note that the system policy is
+ not associated with a project.
+
+ This corresponds to the ``name`` field
+ on the ``request`` instance; if ``request`` is provided, this
+ should not be set.
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.Policy:
+ A [policy][google.cloud.binaryauthorization.v1.Policy]
+ for container image binary authorization.
+
+ """
+ # Create or coerce a protobuf request object.
+ # Sanity check: If we got a request object, we should *not* have
+ # gotten any keyword arguments that map to the request.
+ has_flattened_params = any([name])
+ if request is not None and has_flattened_params:
+ raise ValueError(
+ "If the `request` argument is set, then none of "
+ "the individual field arguments should be set."
+ )
+
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.GetSystemPolicyRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.GetSystemPolicyRequest):
+ request = service.GetSystemPolicyRequest(request)
+ # If we have keyword arguments corresponding to fields on the
+ # request, apply these.
+ if name is not None:
+ request.name = name
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[self._transport.get_system_policy]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+
+__all__ = ("SystemPolicyV1Client",)
diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/__init__.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/__init__.py
new file mode 100644
index 0000000..bc3c745
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/__init__.py
@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+from typing import Dict, Type
+
+from .base import SystemPolicyV1Transport
+from .grpc import SystemPolicyV1GrpcTransport
+from .grpc_asyncio import SystemPolicyV1GrpcAsyncIOTransport
+
+
+# Compile a registry of transports.
+_transport_registry = OrderedDict() # type: Dict[str, Type[SystemPolicyV1Transport]]
+_transport_registry["grpc"] = SystemPolicyV1GrpcTransport
+_transport_registry["grpc_asyncio"] = SystemPolicyV1GrpcAsyncIOTransport
+
+__all__ = (
+ "SystemPolicyV1Transport",
+ "SystemPolicyV1GrpcTransport",
+ "SystemPolicyV1GrpcAsyncIOTransport",
+)
diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py
new file mode 100644
index 0000000..78d44f8
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py
@@ -0,0 +1,173 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import abc
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Union
+import packaging.version
+import pkg_resources
+
+import google.auth # type: ignore
+import google.api_core # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+try:
+ # google.auth.__version__ was added in 1.26.0
+ _GOOGLE_AUTH_VERSION = google.auth.__version__
+except AttributeError:
+ try: # try pkg_resources if it is available
+ _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version
+ except pkg_resources.DistributionNotFound: # pragma: NO COVER
+ _GOOGLE_AUTH_VERSION = None
+
+
+class SystemPolicyV1Transport(abc.ABC):
+ """Abstract transport class for SystemPolicyV1."""
+
+ AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",)
+
+ DEFAULT_HOST: str = "binaryauthorization.googleapis.com"
+
+ def __init__(
+ self,
+ *,
+ host: str = DEFAULT_HOST,
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ **kwargs,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is mutually exclusive with credentials.
+ scopes (Optional[Sequence[str]]): A list of scopes.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+ """
+ # Save the hostname. Default to port 443 (HTTPS) if none is specified.
+ if ":" not in host:
+ host += ":443"
+ self._host = host
+
+ scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
+
+ # Save the scopes.
+ self._scopes = scopes
+
+ # If no credentials are provided, then determine the appropriate
+ # defaults.
+ if credentials and credentials_file:
+ raise core_exceptions.DuplicateCredentialArgs(
+ "'credentials_file' and 'credentials' are mutually exclusive"
+ )
+
+ if credentials_file is not None:
+ credentials, _ = google.auth.load_credentials_from_file(
+ credentials_file, **scopes_kwargs, quota_project_id=quota_project_id
+ )
+
+ elif credentials is None:
+ credentials, _ = google.auth.default(
+ **scopes_kwargs, quota_project_id=quota_project_id
+ )
+
+ # If the credentials are service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
+ # Save the credentials.
+ self._credentials = credentials
+
+ # TODO(busunkim): This method is in the base transport
+ # to avoid duplicating code across the transport classes. These functions
+ # should be deleted once the minimum required versions of google-auth is increased.
+
+ # TODO: Remove this function once google-auth >= 1.25.0 is required
+ @classmethod
+ def _get_scopes_kwargs(
+ cls, host: str, scopes: Optional[Sequence[str]]
+ ) -> Dict[str, Optional[Sequence[str]]]:
+ """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version"""
+
+ scopes_kwargs = {}
+
+ if _GOOGLE_AUTH_VERSION and (
+ packaging.version.parse(_GOOGLE_AUTH_VERSION)
+ >= packaging.version.parse("1.25.0")
+ ):
+ scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES}
+ else:
+ scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES}
+
+ return scopes_kwargs
+
+ def _prep_wrapped_messages(self, client_info):
+ # Precompute the wrapped methods.
+ self._wrapped_methods = {
+ self.get_system_policy: gapic_v1.method.wrap_method(
+ self.get_system_policy, default_timeout=None, client_info=client_info,
+ ),
+ }
+
+ @property
+ def get_system_policy(
+ self,
+ ) -> Callable[
+ [service.GetSystemPolicyRequest],
+ Union[resources.Policy, Awaitable[resources.Policy]],
+ ]:
+ raise NotImplementedError()
+
+
+__all__ = ("SystemPolicyV1Transport",)
diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py
new file mode 100644
index 0000000..fa5d87e
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py
@@ -0,0 +1,257 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import warnings
+from typing import Callable, Dict, Optional, Sequence, Tuple, Union
+
+from google.api_core import grpc_helpers # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+import google.auth # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+
+import grpc # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from .base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO
+
+
+class SystemPolicyV1GrpcTransport(SystemPolicyV1Transport):
+ """gRPC backend transport for SystemPolicyV1.
+
+ API for working with the system policy.
+
+ This class defines the same methods as the primary client, so the
+ primary client can load the underlying transport implementation
+ and call it.
+
+ It sends protocol buffers over the wire using gRPC (which is built on
+ top of HTTP/2); the ``grpcio`` package must be installed.
+ """
+
+ _stubs: Dict[str, Callable]
+
+ def __init__(
+ self,
+ *,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: str = None,
+ scopes: Sequence[str] = None,
+ channel: grpc.Channel = None,
+ api_mtls_endpoint: str = None,
+ client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
+ ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
+ quota_project_id: Optional[str] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ This argument is ignored if ``channel`` is provided.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional(Sequence[str])): A list of scopes. This argument is
+ ignored if ``channel`` is provided.
+ channel (Optional[grpc.Channel]): A ``Channel`` instance through
+ which to make calls.
+ api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
+ If provided, it overrides the ``host`` argument and tries to create
+ a mutual TLS channel with client SSL credentials from
+ ``client_cert_source`` or application default SSL credentials.
+ client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ Deprecated. A callback to provide client SSL certificate bytes and
+ private key bytes, both in PEM format. It is ignored if
+ ``api_mtls_endpoint`` is None.
+ ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
+ for the grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure a mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+
+ Raises:
+ google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
+ creation failed for any reason.
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+ self._grpc_channel = None
+ self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
+
+ if channel:
+ # Ignore credentials if a channel was passed.
+ credentials = False
+ # If a channel was explicitly provided, set it.
+ self._grpc_channel = channel
+ self._ssl_channel_credentials = None
+
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
+
+ else:
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
+ )
+
+ if not self._grpc_channel:
+ self._grpc_channel = type(self).create_channel(
+ self._host,
+ credentials=self._credentials,
+ credentials_file=credentials_file,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
+ quota_project_id=quota_project_id,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
+
+ @classmethod
+ def create_channel(
+ cls,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: str = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ **kwargs,
+ ) -> grpc.Channel:
+ """Create and return a gRPC channel object.
+ Args:
+ host (Optional[str]): The host for the channel to use.
+ credentials (Optional[~.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify this application to the service. If
+ none are specified, the client will attempt to ascertain
+ the credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is mutually exclusive with credentials.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ kwargs (Optional[dict]): Keyword arguments, which are passed to the
+ channel creation.
+ Returns:
+ grpc.Channel: A gRPC channel object.
+
+ Raises:
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+
+ return grpc_helpers.create_channel(
+ host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ quota_project_id=quota_project_id,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
+ **kwargs,
+ )
+
+ @property
+ def grpc_channel(self) -> grpc.Channel:
+ """Return the channel designed to connect to this service.
+ """
+ return self._grpc_channel
+
+ @property
+ def get_system_policy(
+ self,
+ ) -> Callable[[service.GetSystemPolicyRequest], resources.Policy]:
+ r"""Return a callable for the get system policy method over gRPC.
+
+ Gets the current system policy in the specified
+ location.
+
+ Returns:
+ Callable[[~.GetSystemPolicyRequest],
+ ~.Policy]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "get_system_policy" not in self._stubs:
+ self._stubs["get_system_policy"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.SystemPolicyV1/GetSystemPolicy",
+ request_serializer=service.GetSystemPolicyRequest.serialize,
+ response_deserializer=resources.Policy.deserialize,
+ )
+ return self._stubs["get_system_policy"]
+
+
+__all__ = ("SystemPolicyV1GrpcTransport",)
diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py
new file mode 100644
index 0000000..92c7b06
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py
@@ -0,0 +1,260 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import warnings
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
+
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import grpc_helpers_async # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+import packaging.version
+
+import grpc # type: ignore
+from grpc.experimental import aio # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from .base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO
+from .grpc import SystemPolicyV1GrpcTransport
+
+
+class SystemPolicyV1GrpcAsyncIOTransport(SystemPolicyV1Transport):
+ """gRPC AsyncIO backend transport for SystemPolicyV1.
+
+ API for working with the system policy.
+
+ This class defines the same methods as the primary client, so the
+ primary client can load the underlying transport implementation
+ and call it.
+
+ It sends protocol buffers over the wire using gRPC (which is built on
+ top of HTTP/2); the ``grpcio`` package must be installed.
+ """
+
+ _grpc_channel: aio.Channel
+ _stubs: Dict[str, Callable] = {}
+
+ @classmethod
+ def create_channel(
+ cls,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ **kwargs,
+ ) -> aio.Channel:
+ """Create and return a gRPC AsyncIO channel object.
+ Args:
+ host (Optional[str]): The host for the channel to use.
+ credentials (Optional[~.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify this application to the service. If
+ none are specified, the client will attempt to ascertain
+ the credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ kwargs (Optional[dict]): Keyword arguments, which are passed to the
+ channel creation.
+ Returns:
+ aio.Channel: A gRPC AsyncIO channel object.
+ """
+
+ return grpc_helpers_async.create_channel(
+ host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ quota_project_id=quota_project_id,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
+ **kwargs,
+ )
+
+ def __init__(
+ self,
+ *,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ channel: aio.Channel = None,
+ api_mtls_endpoint: str = None,
+ client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
+ ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
+ quota_project_id=None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ This argument is ignored if ``channel`` is provided.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ channel (Optional[aio.Channel]): A ``Channel`` instance through
+ which to make calls.
+ api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
+ If provided, it overrides the ``host`` argument and tries to create
+ a mutual TLS channel with client SSL credentials from
+ ``client_cert_source`` or application default SSL credentials.
+ client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ Deprecated. A callback to provide client SSL certificate bytes and
+ private key bytes, both in PEM format. It is ignored if
+ ``api_mtls_endpoint`` is None.
+ ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
+ for the grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure a mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+ self._grpc_channel = None
+ self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
+
+ if channel:
+ # Ignore credentials if a channel was passed.
+ credentials = False
+ # If a channel was explicitly provided, set it.
+ self._grpc_channel = channel
+ self._ssl_channel_credentials = None
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
+
+ else:
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
+ )
+
+ if not self._grpc_channel:
+ self._grpc_channel = type(self).create_channel(
+ self._host,
+ credentials=self._credentials,
+ credentials_file=credentials_file,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
+ quota_project_id=quota_project_id,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
+
+ @property
+ def grpc_channel(self) -> aio.Channel:
+ """Create the channel designed to connect to this service.
+
+ This property caches on the instance; repeated calls return
+ the same channel.
+ """
+ # Return the channel from cache.
+ return self._grpc_channel
+
+ @property
+ def get_system_policy(
+ self,
+ ) -> Callable[[service.GetSystemPolicyRequest], Awaitable[resources.Policy]]:
+ r"""Return a callable for the get system policy method over gRPC.
+
+ Gets the current system policy in the specified
+ location.
+
+ Returns:
+ Callable[[~.GetSystemPolicyRequest],
+ Awaitable[~.Policy]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "get_system_policy" not in self._stubs:
+ self._stubs["get_system_policy"] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.SystemPolicyV1/GetSystemPolicy",
+ request_serializer=service.GetSystemPolicyRequest.serialize,
+ response_deserializer=resources.Policy.deserialize,
+ )
+ return self._stubs["get_system_policy"]
+
+
+__all__ = ("SystemPolicyV1GrpcAsyncIOTransport",)
diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/__init__.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/__init__.py
new file mode 100644
index 0000000..0f6d61a
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/__init__.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from .client import ValidationHelperV1Client
+from .async_client import ValidationHelperV1AsyncClient
+
+__all__ = (
+ "ValidationHelperV1Client",
+ "ValidationHelperV1AsyncClient",
+)
diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/async_client.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/async_client.py
new file mode 100644
index 0000000..5c55468
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/async_client.py
@@ -0,0 +1,223 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+import functools
+import re
+from typing import Dict, Sequence, Tuple, Type, Union
+import pkg_resources
+
+import google.api_core.client_options as ClientOptions # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import service
+from .transports.base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO
+from .transports.grpc_asyncio import ValidationHelperV1GrpcAsyncIOTransport
+from .client import ValidationHelperV1Client
+
+
+class ValidationHelperV1AsyncClient:
+ """BinAuthz Attestor verification"""
+
+ _client: ValidationHelperV1Client
+
+ DEFAULT_ENDPOINT = ValidationHelperV1Client.DEFAULT_ENDPOINT
+ DEFAULT_MTLS_ENDPOINT = ValidationHelperV1Client.DEFAULT_MTLS_ENDPOINT
+
+ common_billing_account_path = staticmethod(
+ ValidationHelperV1Client.common_billing_account_path
+ )
+ parse_common_billing_account_path = staticmethod(
+ ValidationHelperV1Client.parse_common_billing_account_path
+ )
+ common_folder_path = staticmethod(ValidationHelperV1Client.common_folder_path)
+ parse_common_folder_path = staticmethod(
+ ValidationHelperV1Client.parse_common_folder_path
+ )
+ common_organization_path = staticmethod(
+ ValidationHelperV1Client.common_organization_path
+ )
+ parse_common_organization_path = staticmethod(
+ ValidationHelperV1Client.parse_common_organization_path
+ )
+ common_project_path = staticmethod(ValidationHelperV1Client.common_project_path)
+ parse_common_project_path = staticmethod(
+ ValidationHelperV1Client.parse_common_project_path
+ )
+ common_location_path = staticmethod(ValidationHelperV1Client.common_location_path)
+ parse_common_location_path = staticmethod(
+ ValidationHelperV1Client.parse_common_location_path
+ )
+
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ ValidationHelperV1AsyncClient: The constructed client.
+ """
+ return ValidationHelperV1Client.from_service_account_info.__func__(ValidationHelperV1AsyncClient, info, *args, **kwargs) # type: ignore
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ ValidationHelperV1AsyncClient: The constructed client.
+ """
+ return ValidationHelperV1Client.from_service_account_file.__func__(ValidationHelperV1AsyncClient, filename, *args, **kwargs) # type: ignore
+
+ from_service_account_json = from_service_account_file
+
+ @property
+ def transport(self) -> ValidationHelperV1Transport:
+ """Returns the transport used by the client instance.
+
+ Returns:
+ ValidationHelperV1Transport: The transport used by the client instance.
+ """
+ return self._client.transport
+
+ get_transport_class = functools.partial(
+ type(ValidationHelperV1Client).get_transport_class,
+ type(ValidationHelperV1Client),
+ )
+
+ def __init__(
+ self,
+ *,
+ credentials: ga_credentials.Credentials = None,
+ transport: Union[str, ValidationHelperV1Transport] = "grpc_asyncio",
+ client_options: ClientOptions = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ ) -> None:
+ """Instantiates the validation helper v1 client.
+
+ Args:
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ transport (Union[str, ~.ValidationHelperV1Transport]): The
+ transport to use. If set to None, a transport is chosen
+ automatically.
+ client_options (ClientOptions): Custom options for the client. It
+ won't take effect if a ``transport`` instance is provided.
+ (1) The ``api_endpoint`` property can be used to override the
+ default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
+ environment variable can also be used to override the endpoint:
+ "always" (always use the default mTLS endpoint), "never" (always
+ use the default regular endpoint) and "auto" (auto switch to the
+ default mTLS endpoint if client certificate is present, this is
+ the default value). However, the ``api_endpoint`` property takes
+ precedence if provided.
+ (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
+ is "true", then the ``client_cert_source`` property can be used
+ to provide client certificate for mutual TLS transport. If
+ not provided, the default SSL client certificate will be used if
+ present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
+ set, no client certificate will be used.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
+ """
+ self._client = ValidationHelperV1Client(
+ credentials=credentials,
+ transport=transport,
+ client_options=client_options,
+ client_info=client_info,
+ )
+
+ async def validate_attestation_occurrence(
+ self,
+ request: service.ValidateAttestationOccurrenceRequest = None,
+ *,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> service.ValidateAttestationOccurrenceResponse:
+ r"""Returns whether the given Attestation for the given
+ image URI was signed by the given Attestor
+
+ Args:
+ request (:class:`google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceRequest`):
+ The request object. Request message for
+ [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceResponse:
+ Response message for
+ [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+
+ """
+ # Create or coerce a protobuf request object.
+ request = service.ValidateAttestationOccurrenceRequest(request)
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = gapic_v1.method_async.wrap_method(
+ self._client._transport.validate_attestation_occurrence,
+ default_timeout=None,
+ client_info=DEFAULT_CLIENT_INFO,
+ )
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("attestor", request.attestor),)),
+ )
+
+ # Send the request.
+ response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+
+__all__ = ("ValidationHelperV1AsyncClient",)
diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py
new file mode 100644
index 0000000..8bdd2ae
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py
@@ -0,0 +1,402 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+from distutils import util
+import os
+import re
+from typing import Dict, Optional, Sequence, Tuple, Type, Union
+import pkg_resources
+
+from google.api_core import client_options as client_options_lib # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport import mtls # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+from google.auth.exceptions import MutualTLSChannelError # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import service
+from .transports.base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO
+from .transports.grpc import ValidationHelperV1GrpcTransport
+from .transports.grpc_asyncio import ValidationHelperV1GrpcAsyncIOTransport
+
+
+class ValidationHelperV1ClientMeta(type):
+ """Metaclass for the ValidationHelperV1 client.
+
+ This provides class-level methods for building and retrieving
+ support objects (e.g. transport) without polluting the client instance
+ objects.
+ """
+
+ _transport_registry = (
+ OrderedDict()
+ ) # type: Dict[str, Type[ValidationHelperV1Transport]]
+ _transport_registry["grpc"] = ValidationHelperV1GrpcTransport
+ _transport_registry["grpc_asyncio"] = ValidationHelperV1GrpcAsyncIOTransport
+
+ def get_transport_class(
+ cls, label: str = None,
+ ) -> Type[ValidationHelperV1Transport]:
+ """Returns an appropriate transport class.
+
+ Args:
+ label: The name of the desired transport. If none is
+ provided, then the first transport in the registry is used.
+
+ Returns:
+ The transport class to use.
+ """
+ # If a specific transport is requested, return that one.
+ if label:
+ return cls._transport_registry[label]
+
+ # No transport is requested; return the default (that is, the first one
+ # in the dictionary).
+ return next(iter(cls._transport_registry.values()))
+
+
+class ValidationHelperV1Client(metaclass=ValidationHelperV1ClientMeta):
+ """BinAuthz Attestor verification"""
+
+ @staticmethod
+ def _get_default_mtls_endpoint(api_endpoint):
+ """Converts api endpoint to mTLS endpoint.
+
+ Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
+ "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
+ Args:
+ api_endpoint (Optional[str]): the api endpoint to convert.
+ Returns:
+ str: converted mTLS api endpoint.
+ """
+ if not api_endpoint:
+ return api_endpoint
+
+ mtls_endpoint_re = re.compile(
+ r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?"
+ )
+
+ m = mtls_endpoint_re.match(api_endpoint)
+ name, mtls, sandbox, googledomain = m.groups()
+ if mtls or not googledomain:
+ return api_endpoint
+
+ if sandbox:
+ return api_endpoint.replace(
+ "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
+ )
+
+ return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
+
+ DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
+ DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
+ DEFAULT_ENDPOINT
+ )
+
+ @classmethod
+ def from_service_account_info(cls, info: dict, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ info.
+
+ Args:
+ info (dict): The service account private key info.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ ValidationHelperV1Client: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_info(info)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
+ @classmethod
+ def from_service_account_file(cls, filename: str, *args, **kwargs):
+ """Creates an instance of this client using the provided credentials
+ file.
+
+ Args:
+ filename (str): The path to the service account private key json
+ file.
+ args: Additional arguments to pass to the constructor.
+ kwargs: Additional arguments to pass to the constructor.
+
+ Returns:
+ ValidationHelperV1Client: The constructed client.
+ """
+ credentials = service_account.Credentials.from_service_account_file(filename)
+ kwargs["credentials"] = credentials
+ return cls(*args, **kwargs)
+
+ from_service_account_json = from_service_account_file
+
+ @property
+ def transport(self) -> ValidationHelperV1Transport:
+ """Returns the transport used by the client instance.
+
+ Returns:
+ ValidationHelperV1Transport: The transport used by the client
+ instance.
+ """
+ return self._transport
+
+ @staticmethod
+ def common_billing_account_path(billing_account: str,) -> str:
+ """Returns a fully-qualified billing_account string."""
+ return "billingAccounts/{billing_account}".format(
+ billing_account=billing_account,
+ )
+
+ @staticmethod
+ def parse_common_billing_account_path(path: str) -> Dict[str, str]:
+ """Parse a billing_account path into its component segments."""
+ m = re.match(r"^billingAccounts/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_folder_path(folder: str,) -> str:
+ """Returns a fully-qualified folder string."""
+ return "folders/{folder}".format(folder=folder,)
+
+ @staticmethod
+ def parse_common_folder_path(path: str) -> Dict[str, str]:
+ """Parse a folder path into its component segments."""
+ m = re.match(r"^folders/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_organization_path(organization: str,) -> str:
+ """Returns a fully-qualified organization string."""
+ return "organizations/{organization}".format(organization=organization,)
+
+ @staticmethod
+ def parse_common_organization_path(path: str) -> Dict[str, str]:
+ """Parse a organization path into its component segments."""
+ m = re.match(r"^organizations/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_project_path(project: str,) -> str:
+ """Returns a fully-qualified project string."""
+ return "projects/{project}".format(project=project,)
+
+ @staticmethod
+ def parse_common_project_path(path: str) -> Dict[str, str]:
+ """Parse a project path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ @staticmethod
+ def common_location_path(project: str, location: str,) -> str:
+ """Returns a fully-qualified location string."""
+ return "projects/{project}/locations/{location}".format(
+ project=project, location=location,
+ )
+
+ @staticmethod
+ def parse_common_location_path(path: str) -> Dict[str, str]:
+ """Parse a location path into its component segments."""
+ m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path)
+ return m.groupdict() if m else {}
+
+ def __init__(
+ self,
+ *,
+ credentials: Optional[ga_credentials.Credentials] = None,
+ transport: Union[str, ValidationHelperV1Transport, None] = None,
+ client_options: Optional[client_options_lib.ClientOptions] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ ) -> None:
+ """Instantiates the validation helper v1 client.
+
+ Args:
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ transport (Union[str, ValidationHelperV1Transport]): The
+ transport to use. If set to None, a transport is chosen
+ automatically.
+ client_options (google.api_core.client_options.ClientOptions): Custom options for the
+ client. It won't take effect if a ``transport`` instance is provided.
+ (1) The ``api_endpoint`` property can be used to override the
+ default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
+ environment variable can also be used to override the endpoint:
+ "always" (always use the default mTLS endpoint), "never" (always
+ use the default regular endpoint) and "auto" (auto switch to the
+ default mTLS endpoint if client certificate is present, this is
+ the default value). However, the ``api_endpoint`` property takes
+ precedence if provided.
+ (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
+ is "true", then the ``client_cert_source`` property can be used
+ to provide client certificate for mutual TLS transport. If
+ not provided, the default SSL client certificate will be used if
+ present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
+ set, no client certificate will be used.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+
+ Raises:
+ google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
+ creation failed for any reason.
+ """
+ if isinstance(client_options, dict):
+ client_options = client_options_lib.from_dict(client_options)
+ if client_options is None:
+ client_options = client_options_lib.ClientOptions()
+
+ # Create SSL credentials for mutual TLS if needed.
+ use_client_cert = bool(
+ util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"))
+ )
+
+ client_cert_source_func = None
+ is_mtls = False
+ if use_client_cert:
+ if client_options.client_cert_source:
+ is_mtls = True
+ client_cert_source_func = client_options.client_cert_source
+ else:
+ is_mtls = mtls.has_default_client_cert_source()
+ if is_mtls:
+ client_cert_source_func = mtls.default_client_cert_source()
+ else:
+ client_cert_source_func = None
+
+ # Figure out which api endpoint to use.
+ if client_options.api_endpoint is not None:
+ api_endpoint = client_options.api_endpoint
+ else:
+ use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
+ if use_mtls_env == "never":
+ api_endpoint = self.DEFAULT_ENDPOINT
+ elif use_mtls_env == "always":
+ api_endpoint = self.DEFAULT_MTLS_ENDPOINT
+ elif use_mtls_env == "auto":
+ if is_mtls:
+ api_endpoint = self.DEFAULT_MTLS_ENDPOINT
+ else:
+ api_endpoint = self.DEFAULT_ENDPOINT
+ else:
+ raise MutualTLSChannelError(
+ "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted "
+ "values: never, auto, always"
+ )
+
+ # Save or instantiate the transport.
+ # Ordinarily, we provide the transport, but allowing a custom transport
+ # instance provides an extensibility point for unusual situations.
+ if isinstance(transport, ValidationHelperV1Transport):
+ # transport is a ValidationHelperV1Transport instance.
+ if credentials or client_options.credentials_file:
+ raise ValueError(
+ "When providing a transport instance, "
+ "provide its credentials directly."
+ )
+ if client_options.scopes:
+ raise ValueError(
+ "When providing a transport instance, provide its scopes "
+ "directly."
+ )
+ self._transport = transport
+ else:
+ Transport = type(self).get_transport_class(transport)
+ self._transport = Transport(
+ credentials=credentials,
+ credentials_file=client_options.credentials_file,
+ host=api_endpoint,
+ scopes=client_options.scopes,
+ client_cert_source_for_mtls=client_cert_source_func,
+ quota_project_id=client_options.quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=(
+ Transport == type(self).get_transport_class("grpc")
+ or Transport == type(self).get_transport_class("grpc_asyncio")
+ ),
+ )
+
+ def validate_attestation_occurrence(
+ self,
+ request: Union[service.ValidateAttestationOccurrenceRequest, dict] = None,
+ *,
+ retry: retries.Retry = gapic_v1.method.DEFAULT,
+ timeout: float = None,
+ metadata: Sequence[Tuple[str, str]] = (),
+ ) -> service.ValidateAttestationOccurrenceResponse:
+ r"""Returns whether the given Attestation for the given
+ image URI was signed by the given Attestor
+
+ Args:
+ request (Union[google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceRequest, dict]):
+ The request object. Request message for
+ [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+ retry (google.api_core.retry.Retry): Designation of what errors, if any,
+ should be retried.
+ timeout (float): The timeout for this request.
+ metadata (Sequence[Tuple[str, str]]): Strings which should be
+ sent along with the request as metadata.
+
+ Returns:
+ google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceResponse:
+ Response message for
+ [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+
+ """
+ # Create or coerce a protobuf request object.
+ # Minor optimization to avoid making a copy if the user passes
+ # in a service.ValidateAttestationOccurrenceRequest.
+ # There's no risk of modifying the input as we've already verified
+ # there are no flattened fields.
+ if not isinstance(request, service.ValidateAttestationOccurrenceRequest):
+ request = service.ValidateAttestationOccurrenceRequest(request)
+
+ # Wrap the RPC method; this adds retry and timeout information,
+ # and friendly error handling.
+ rpc = self._transport._wrapped_methods[
+ self._transport.validate_attestation_occurrence
+ ]
+
+ # Certain fields should be provided within the metadata header;
+ # add these here.
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("attestor", request.attestor),)),
+ )
+
+ # Send the request.
+ response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
+
+ # Done; return the response.
+ return response
+
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+
+__all__ = ("ValidationHelperV1Client",)
diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/__init__.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/__init__.py
new file mode 100644
index 0000000..a280567
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/__init__.py
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from collections import OrderedDict
+from typing import Dict, Type
+
+from .base import ValidationHelperV1Transport
+from .grpc import ValidationHelperV1GrpcTransport
+from .grpc_asyncio import ValidationHelperV1GrpcAsyncIOTransport
+
+
+# Compile a registry of transports.
+_transport_registry = (
+ OrderedDict()
+) # type: Dict[str, Type[ValidationHelperV1Transport]]
+_transport_registry["grpc"] = ValidationHelperV1GrpcTransport
+_transport_registry["grpc_asyncio"] = ValidationHelperV1GrpcAsyncIOTransport
+
+__all__ = (
+ "ValidationHelperV1Transport",
+ "ValidationHelperV1GrpcTransport",
+ "ValidationHelperV1GrpcAsyncIOTransport",
+)
diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py
new file mode 100644
index 0000000..8460bfc
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py
@@ -0,0 +1,177 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import abc
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Union
+import packaging.version
+import pkg_resources
+
+import google.auth # type: ignore
+import google.api_core # type: ignore
+from google.api_core import exceptions as core_exceptions # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import retry as retries # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.oauth2 import service_account # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import service
+
+try:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
+ gapic_version=pkg_resources.get_distribution(
+ "google-cloud-binary-authorization",
+ ).version,
+ )
+except pkg_resources.DistributionNotFound:
+ DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo()
+
+try:
+ # google.auth.__version__ was added in 1.26.0
+ _GOOGLE_AUTH_VERSION = google.auth.__version__
+except AttributeError:
+ try: # try pkg_resources if it is available
+ _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version
+ except pkg_resources.DistributionNotFound: # pragma: NO COVER
+ _GOOGLE_AUTH_VERSION = None
+
+
+class ValidationHelperV1Transport(abc.ABC):
+ """Abstract transport class for ValidationHelperV1."""
+
+ AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",)
+
+ DEFAULT_HOST: str = "binaryauthorization.googleapis.com"
+
+ def __init__(
+ self,
+ *,
+ host: str = DEFAULT_HOST,
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ **kwargs,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is mutually exclusive with credentials.
+ scopes (Optional[Sequence[str]]): A list of scopes.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+ """
+ # Save the hostname. Default to port 443 (HTTPS) if none is specified.
+ if ":" not in host:
+ host += ":443"
+ self._host = host
+
+ scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
+
+ # Save the scopes.
+ self._scopes = scopes
+
+ # If no credentials are provided, then determine the appropriate
+ # defaults.
+ if credentials and credentials_file:
+ raise core_exceptions.DuplicateCredentialArgs(
+ "'credentials_file' and 'credentials' are mutually exclusive"
+ )
+
+ if credentials_file is not None:
+ credentials, _ = google.auth.load_credentials_from_file(
+ credentials_file, **scopes_kwargs, quota_project_id=quota_project_id
+ )
+
+ elif credentials is None:
+ credentials, _ = google.auth.default(
+ **scopes_kwargs, quota_project_id=quota_project_id
+ )
+
+ # If the credentials are service account credentials, then always try to use self signed JWT.
+ if (
+ always_use_jwt_access
+ and isinstance(credentials, service_account.Credentials)
+ and hasattr(service_account.Credentials, "with_always_use_jwt_access")
+ ):
+ credentials = credentials.with_always_use_jwt_access(True)
+
+ # Save the credentials.
+ self._credentials = credentials
+
+ # TODO(busunkim): This method is in the base transport
+ # to avoid duplicating code across the transport classes. These functions
+ # should be deleted once the minimum required versions of google-auth is increased.
+
+ # TODO: Remove this function once google-auth >= 1.25.0 is required
+ @classmethod
+ def _get_scopes_kwargs(
+ cls, host: str, scopes: Optional[Sequence[str]]
+ ) -> Dict[str, Optional[Sequence[str]]]:
+ """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version"""
+
+ scopes_kwargs = {}
+
+ if _GOOGLE_AUTH_VERSION and (
+ packaging.version.parse(_GOOGLE_AUTH_VERSION)
+ >= packaging.version.parse("1.25.0")
+ ):
+ scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES}
+ else:
+ scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES}
+
+ return scopes_kwargs
+
+ def _prep_wrapped_messages(self, client_info):
+ # Precompute the wrapped methods.
+ self._wrapped_methods = {
+ self.validate_attestation_occurrence: gapic_v1.method.wrap_method(
+ self.validate_attestation_occurrence,
+ default_timeout=None,
+ client_info=client_info,
+ ),
+ }
+
+ @property
+ def validate_attestation_occurrence(
+ self,
+ ) -> Callable[
+ [service.ValidateAttestationOccurrenceRequest],
+ Union[
+ service.ValidateAttestationOccurrenceResponse,
+ Awaitable[service.ValidateAttestationOccurrenceResponse],
+ ],
+ ]:
+ raise NotImplementedError()
+
+
+__all__ = ("ValidationHelperV1Transport",)
diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py
new file mode 100644
index 0000000..4aec7f7
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py
@@ -0,0 +1,262 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import warnings
+from typing import Callable, Dict, Optional, Sequence, Tuple, Union
+
+from google.api_core import grpc_helpers # type: ignore
+from google.api_core import gapic_v1 # type: ignore
+import google.auth # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+
+import grpc # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import service
+from .base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO
+
+
+class ValidationHelperV1GrpcTransport(ValidationHelperV1Transport):
+ """gRPC backend transport for ValidationHelperV1.
+
+ BinAuthz Attestor verification
+
+ This class defines the same methods as the primary client, so the
+ primary client can load the underlying transport implementation
+ and call it.
+
+ It sends protocol buffers over the wire using gRPC (which is built on
+ top of HTTP/2); the ``grpcio`` package must be installed.
+ """
+
+ _stubs: Dict[str, Callable]
+
+ def __init__(
+ self,
+ *,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: str = None,
+ scopes: Sequence[str] = None,
+ channel: grpc.Channel = None,
+ api_mtls_endpoint: str = None,
+ client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
+ ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
+ quota_project_id: Optional[str] = None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ This argument is ignored if ``channel`` is provided.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional(Sequence[str])): A list of scopes. This argument is
+ ignored if ``channel`` is provided.
+ channel (Optional[grpc.Channel]): A ``Channel`` instance through
+ which to make calls.
+ api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
+ If provided, it overrides the ``host`` argument and tries to create
+ a mutual TLS channel with client SSL credentials from
+ ``client_cert_source`` or application default SSL credentials.
+ client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ Deprecated. A callback to provide client SSL certificate bytes and
+ private key bytes, both in PEM format. It is ignored if
+ ``api_mtls_endpoint`` is None.
+ ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
+ for the grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure a mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+
+ Raises:
+ google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
+ creation failed for any reason.
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+ self._grpc_channel = None
+ self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
+
+ if channel:
+ # Ignore credentials if a channel was passed.
+ credentials = False
+ # If a channel was explicitly provided, set it.
+ self._grpc_channel = channel
+ self._ssl_channel_credentials = None
+
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
+
+ else:
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
+ )
+
+ if not self._grpc_channel:
+ self._grpc_channel = type(self).create_channel(
+ self._host,
+ credentials=self._credentials,
+ credentials_file=credentials_file,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
+ quota_project_id=quota_project_id,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
+
+ @classmethod
+ def create_channel(
+ cls,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: str = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ **kwargs,
+ ) -> grpc.Channel:
+ """Create and return a gRPC channel object.
+ Args:
+ host (Optional[str]): The host for the channel to use.
+ credentials (Optional[~.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify this application to the service. If
+ none are specified, the client will attempt to ascertain
+ the credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is mutually exclusive with credentials.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ kwargs (Optional[dict]): Keyword arguments, which are passed to the
+ channel creation.
+ Returns:
+ grpc.Channel: A gRPC channel object.
+
+ Raises:
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+
+ return grpc_helpers.create_channel(
+ host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ quota_project_id=quota_project_id,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
+ **kwargs,
+ )
+
+ @property
+ def grpc_channel(self) -> grpc.Channel:
+ """Return the channel designed to connect to this service.
+ """
+ return self._grpc_channel
+
+ @property
+ def validate_attestation_occurrence(
+ self,
+ ) -> Callable[
+ [service.ValidateAttestationOccurrenceRequest],
+ service.ValidateAttestationOccurrenceResponse,
+ ]:
+ r"""Return a callable for the validate attestation
+ occurrence method over gRPC.
+
+ Returns whether the given Attestation for the given
+ image URI was signed by the given Attestor
+
+ Returns:
+ Callable[[~.ValidateAttestationOccurrenceRequest],
+ ~.ValidateAttestationOccurrenceResponse]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "validate_attestation_occurrence" not in self._stubs:
+ self._stubs[
+ "validate_attestation_occurrence"
+ ] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.ValidationHelperV1/ValidateAttestationOccurrence",
+ request_serializer=service.ValidateAttestationOccurrenceRequest.serialize,
+ response_deserializer=service.ValidateAttestationOccurrenceResponse.deserialize,
+ )
+ return self._stubs["validate_attestation_occurrence"]
+
+
+__all__ = ("ValidationHelperV1GrpcTransport",)
diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py
new file mode 100644
index 0000000..8d5ea0d
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py
@@ -0,0 +1,265 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import warnings
+from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
+
+from google.api_core import gapic_v1 # type: ignore
+from google.api_core import grpc_helpers_async # type: ignore
+from google.auth import credentials as ga_credentials # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+import packaging.version
+
+import grpc # type: ignore
+from grpc.experimental import aio # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import service
+from .base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO
+from .grpc import ValidationHelperV1GrpcTransport
+
+
+class ValidationHelperV1GrpcAsyncIOTransport(ValidationHelperV1Transport):
+ """gRPC AsyncIO backend transport for ValidationHelperV1.
+
+ BinAuthz Attestor verification
+
+ This class defines the same methods as the primary client, so the
+ primary client can load the underlying transport implementation
+ and call it.
+
+ It sends protocol buffers over the wire using gRPC (which is built on
+ top of HTTP/2); the ``grpcio`` package must be installed.
+ """
+
+ _grpc_channel: aio.Channel
+ _stubs: Dict[str, Callable] = {}
+
+ @classmethod
+ def create_channel(
+ cls,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ quota_project_id: Optional[str] = None,
+ **kwargs,
+ ) -> aio.Channel:
+ """Create and return a gRPC AsyncIO channel object.
+ Args:
+ host (Optional[str]): The host for the channel to use.
+ credentials (Optional[~.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify this application to the service. If
+ none are specified, the client will attempt to ascertain
+ the credentials from the environment.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ kwargs (Optional[dict]): Keyword arguments, which are passed to the
+ channel creation.
+ Returns:
+ aio.Channel: A gRPC AsyncIO channel object.
+ """
+
+ return grpc_helpers_async.create_channel(
+ host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ quota_project_id=quota_project_id,
+ default_scopes=cls.AUTH_SCOPES,
+ scopes=scopes,
+ default_host=cls.DEFAULT_HOST,
+ **kwargs,
+ )
+
+ def __init__(
+ self,
+ *,
+ host: str = "binaryauthorization.googleapis.com",
+ credentials: ga_credentials.Credentials = None,
+ credentials_file: Optional[str] = None,
+ scopes: Optional[Sequence[str]] = None,
+ channel: aio.Channel = None,
+ api_mtls_endpoint: str = None,
+ client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
+ ssl_channel_credentials: grpc.ChannelCredentials = None,
+ client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
+ quota_project_id=None,
+ client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+ always_use_jwt_access: Optional[bool] = False,
+ ) -> None:
+ """Instantiate the transport.
+
+ Args:
+ host (Optional[str]):
+ The hostname to connect to.
+ credentials (Optional[google.auth.credentials.Credentials]): The
+ authorization credentials to attach to requests. These
+ credentials identify the application to the service; if none
+ are specified, the client will attempt to ascertain the
+ credentials from the environment.
+ This argument is ignored if ``channel`` is provided.
+ credentials_file (Optional[str]): A file with credentials that can
+ be loaded with :func:`google.auth.load_credentials_from_file`.
+ This argument is ignored if ``channel`` is provided.
+ scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
+ service. These are only used when credentials are not specified and
+ are passed to :func:`google.auth.default`.
+ channel (Optional[aio.Channel]): A ``Channel`` instance through
+ which to make calls.
+ api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
+ If provided, it overrides the ``host`` argument and tries to create
+ a mutual TLS channel with client SSL credentials from
+ ``client_cert_source`` or application default SSL credentials.
+ client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ Deprecated. A callback to provide client SSL certificate bytes and
+ private key bytes, both in PEM format. It is ignored if
+ ``api_mtls_endpoint`` is None.
+ ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
+ for the grpc channel. It is ignored if ``channel`` is provided.
+ client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
+ A callback to provide client certificate bytes and private key bytes,
+ both in PEM format. It is used to configure a mutual TLS channel. It is
+ ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
+ quota_project_id (Optional[str]): An optional project to use for billing
+ and quota.
+ client_info (google.api_core.gapic_v1.client_info.ClientInfo):
+ The client info used to send a user-agent string along with
+ API requests. If ``None``, then default info will be used.
+ Generally, you only need to set this if you're developing
+ your own client library.
+ always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+ be used for service account credentials.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
+ google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
+ and ``credentials_file`` are passed.
+ """
+ self._grpc_channel = None
+ self._ssl_channel_credentials = ssl_channel_credentials
+ self._stubs: Dict[str, Callable] = {}
+
+ if api_mtls_endpoint:
+ warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
+ if client_cert_source:
+ warnings.warn("client_cert_source is deprecated", DeprecationWarning)
+
+ if channel:
+ # Ignore credentials if a channel was passed.
+ credentials = False
+ # If a channel was explicitly provided, set it.
+ self._grpc_channel = channel
+ self._ssl_channel_credentials = None
+ else:
+ if api_mtls_endpoint:
+ host = api_mtls_endpoint
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ self._ssl_channel_credentials = SslCredentials().ssl_credentials
+
+ else:
+ if client_cert_source_for_mtls and not ssl_channel_credentials:
+ cert, key = client_cert_source_for_mtls()
+ self._ssl_channel_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+
+ # The base transport sets the host, credentials and scopes
+ super().__init__(
+ host=host,
+ credentials=credentials,
+ credentials_file=credentials_file,
+ scopes=scopes,
+ quota_project_id=quota_project_id,
+ client_info=client_info,
+ always_use_jwt_access=always_use_jwt_access,
+ )
+
+ if not self._grpc_channel:
+ self._grpc_channel = type(self).create_channel(
+ self._host,
+ credentials=self._credentials,
+ credentials_file=credentials_file,
+ scopes=self._scopes,
+ ssl_credentials=self._ssl_channel_credentials,
+ quota_project_id=quota_project_id,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Wrap messages. This must be done after self._grpc_channel exists
+ self._prep_wrapped_messages(client_info)
+
+ @property
+ def grpc_channel(self) -> aio.Channel:
+ """Create the channel designed to connect to this service.
+
+ This property caches on the instance; repeated calls return
+ the same channel.
+ """
+ # Return the channel from cache.
+ return self._grpc_channel
+
+ @property
+ def validate_attestation_occurrence(
+ self,
+ ) -> Callable[
+ [service.ValidateAttestationOccurrenceRequest],
+ Awaitable[service.ValidateAttestationOccurrenceResponse],
+ ]:
+ r"""Return a callable for the validate attestation
+ occurrence method over gRPC.
+
+ Returns whether the given Attestation for the given
+ image URI was signed by the given Attestor
+
+ Returns:
+ Callable[[~.ValidateAttestationOccurrenceRequest],
+ Awaitable[~.ValidateAttestationOccurrenceResponse]]:
+ A function that, when called, will call the underlying RPC
+ on the server.
+ """
+ # Generate a "stub function" on-the-fly which will actually make
+ # the request.
+ # gRPC handles serialization and deserialization, so we just need
+ # to pass in the functions for each.
+ if "validate_attestation_occurrence" not in self._stubs:
+ self._stubs[
+ "validate_attestation_occurrence"
+ ] = self.grpc_channel.unary_unary(
+ "/google.cloud.binaryauthorization.v1.ValidationHelperV1/ValidateAttestationOccurrence",
+ request_serializer=service.ValidateAttestationOccurrenceRequest.serialize,
+ response_deserializer=service.ValidateAttestationOccurrenceResponse.deserialize,
+ )
+ return self._stubs["validate_attestation_occurrence"]
+
+
+__all__ = ("ValidationHelperV1GrpcAsyncIOTransport",)
diff --git a/google/cloud/binaryauthorization_v1/types/__init__.py b/google/cloud/binaryauthorization_v1/types/__init__.py
new file mode 100644
index 0000000..c682ebc
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/types/__init__.py
@@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+from .resources import (
+ AdmissionRule,
+ AdmissionWhitelistPattern,
+ Attestor,
+ AttestorPublicKey,
+ PkixPublicKey,
+ Policy,
+ UserOwnedGrafeasNote,
+)
+from .service import (
+ CreateAttestorRequest,
+ DeleteAttestorRequest,
+ GetAttestorRequest,
+ GetPolicyRequest,
+ GetSystemPolicyRequest,
+ ListAttestorsRequest,
+ ListAttestorsResponse,
+ UpdateAttestorRequest,
+ UpdatePolicyRequest,
+ ValidateAttestationOccurrenceRequest,
+ ValidateAttestationOccurrenceResponse,
+)
+
+__all__ = (
+ "AdmissionRule",
+ "AdmissionWhitelistPattern",
+ "Attestor",
+ "AttestorPublicKey",
+ "PkixPublicKey",
+ "Policy",
+ "UserOwnedGrafeasNote",
+ "CreateAttestorRequest",
+ "DeleteAttestorRequest",
+ "GetAttestorRequest",
+ "GetPolicyRequest",
+ "GetSystemPolicyRequest",
+ "ListAttestorsRequest",
+ "ListAttestorsResponse",
+ "UpdateAttestorRequest",
+ "UpdatePolicyRequest",
+ "ValidateAttestationOccurrenceRequest",
+ "ValidateAttestationOccurrenceResponse",
+)
diff --git a/google/cloud/binaryauthorization_v1/types/resources.py b/google/cloud/binaryauthorization_v1/types/resources.py
new file mode 100644
index 0000000..ff2f328
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/types/resources.py
@@ -0,0 +1,367 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import proto # type: ignore
+
+from google.protobuf import timestamp_pb2 # type: ignore
+
+
+__protobuf__ = proto.module(
+ package="google.cloud.binaryauthorization.v1",
+ manifest={
+ "Policy",
+ "AdmissionWhitelistPattern",
+ "AdmissionRule",
+ "Attestor",
+ "UserOwnedGrafeasNote",
+ "PkixPublicKey",
+ "AttestorPublicKey",
+ },
+)
+
+
+class Policy(proto.Message):
+ r"""A [policy][google.cloud.binaryauthorization.v1.Policy] for container
+ image binary authorization.
+
+ Attributes:
+ name (str):
+ Output only. The resource name, in the format
+ ``projects/*/policy``. There is at most one policy per
+ project.
+ description (str):
+ Optional. A descriptive comment.
+ global_policy_evaluation_mode (google.cloud.binaryauthorization_v1.types.Policy.GlobalPolicyEvaluationMode):
+ Optional. Controls the evaluation of a
+ Google-maintained global admission policy for
+ common system-level images. Images not covered
+ by the global policy will be subject to the
+ project admission policy. This setting has no
+ effect when specified inside a global admission
+ policy.
+ admission_whitelist_patterns (Sequence[google.cloud.binaryauthorization_v1.types.AdmissionWhitelistPattern]):
+ Optional. Admission policy allowlisting. A
+ matching admission request will always be
+ permitted. This feature is typically used to
+ exclude Google or third-party infrastructure
+ images from Binary Authorization policies.
+ cluster_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.ClusterAdmissionRulesEntry]):
+ Optional. Per-cluster admission rules. Cluster spec format:
+ ``location.clusterId``. There can be at most one admission
+ rule per cluster spec. A ``location`` is either a compute
+ zone (e.g. us-central1-a) or a region (e.g. us-central1).
+ For ``clusterId`` syntax restrictions see
+ https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+ kubernetes_namespace_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.KubernetesNamespaceAdmissionRulesEntry]):
+ Optional. Per-kubernetes-namespace admission rules. K8s
+ namespace spec format: [a-z.-]+, e.g. 'some-namespace'
+ kubernetes_service_account_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.KubernetesServiceAccountAdmissionRulesEntry]):
+ Optional. Per-kubernetes-service-account admission rules.
+ Service account spec format: ``namespace:serviceaccount``.
+ e.g. 'test-ns:default'
+ istio_service_identity_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.IstioServiceIdentityAdmissionRulesEntry]):
+ Optional. Per-istio-service-identity
+ admission rules. Istio service identity spec
+ format:
+ spiffe:///ns//sa/
+ or /ns//sa/
+ e.g. spiffe://example.com/ns/test-ns/sa/default
+ default_admission_rule (google.cloud.binaryauthorization_v1.types.AdmissionRule):
+ Required. Default admission rule for a
+ cluster without a per-cluster, per- kubernetes-
+ service-account, or per-istio-service-identity
+ admission rule.
+ update_time (google.protobuf.timestamp_pb2.Timestamp):
+ Output only. Time when the policy was last
+ updated.
+ """
+
+ class GlobalPolicyEvaluationMode(proto.Enum):
+ r""""""
+ GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0
+ ENABLE = 1
+ DISABLE = 2
+
+ name = proto.Field(proto.STRING, number=1,)
+ description = proto.Field(proto.STRING, number=6,)
+ global_policy_evaluation_mode = proto.Field(
+ proto.ENUM, number=7, enum=GlobalPolicyEvaluationMode,
+ )
+ admission_whitelist_patterns = proto.RepeatedField(
+ proto.MESSAGE, number=2, message="AdmissionWhitelistPattern",
+ )
+ cluster_admission_rules = proto.MapField(
+ proto.STRING, proto.MESSAGE, number=3, message="AdmissionRule",
+ )
+ kubernetes_namespace_admission_rules = proto.MapField(
+ proto.STRING, proto.MESSAGE, number=10, message="AdmissionRule",
+ )
+ kubernetes_service_account_admission_rules = proto.MapField(
+ proto.STRING, proto.MESSAGE, number=8, message="AdmissionRule",
+ )
+ istio_service_identity_admission_rules = proto.MapField(
+ proto.STRING, proto.MESSAGE, number=9, message="AdmissionRule",
+ )
+ default_admission_rule = proto.Field(
+ proto.MESSAGE, number=4, message="AdmissionRule",
+ )
+ update_time = proto.Field(proto.MESSAGE, number=5, message=timestamp_pb2.Timestamp,)
+
+
+class AdmissionWhitelistPattern(proto.Message):
+ r"""An [admission allowlist
+ pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
+ exempts images from checks by [admission
+ rules][google.cloud.binaryauthorization.v1.AdmissionRule].
+
+ Attributes:
+ name_pattern (str):
+ An image name pattern to allowlist, in the form
+ ``registry/path/to/image``. This supports a trailing ``*``
+ wildcard, but this is allowed only in text after the
+ ``registry/`` part. This also supports a trailing ``**``
+ wildcard which matches subdirectories of a given entry.
+ """
+
+ name_pattern = proto.Field(proto.STRING, number=1,)
+
+
+class AdmissionRule(proto.Message):
+ r"""An [admission
+ rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies
+ either that all container images used in a pod creation request must
+ be attested to by one or more
+ [attestors][google.cloud.binaryauthorization.v1.Attestor], that all
+ pod creations will be allowed, or that all pod creations will be
+ denied.
+
+ Images matching an [admission allowlist
+ pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
+ are exempted from admission rules and will never block a pod
+ creation.
+
+ Attributes:
+ evaluation_mode (google.cloud.binaryauthorization_v1.types.AdmissionRule.EvaluationMode):
+ Required. How this admission rule will be
+ evaluated.
+ require_attestations_by (Sequence[str]):
+ Optional. The resource names of the attestors that must
+ attest to a container image, in the format
+ ``projects/*/attestors/*``. Each attestor must exist before
+ a policy can reference it. To add an attestor to a policy
+ the principal issuing the policy change request must be able
+ to read the attestor resource.
+
+ Note: this field must be non-empty when the evaluation_mode
+ field specifies REQUIRE_ATTESTATION, otherwise it must be
+ empty.
+ enforcement_mode (google.cloud.binaryauthorization_v1.types.AdmissionRule.EnforcementMode):
+ Required. The action when a pod creation is
+ denied by the admission rule.
+ """
+
+ class EvaluationMode(proto.Enum):
+ r""""""
+ EVALUATION_MODE_UNSPECIFIED = 0
+ ALWAYS_ALLOW = 1
+ REQUIRE_ATTESTATION = 2
+ ALWAYS_DENY = 3
+
+ class EnforcementMode(proto.Enum):
+ r"""Defines the possible actions when a pod creation is denied by
+ an admission rule.
+ """
+ ENFORCEMENT_MODE_UNSPECIFIED = 0
+ ENFORCED_BLOCK_AND_AUDIT_LOG = 1
+ DRYRUN_AUDIT_LOG_ONLY = 2
+
+ evaluation_mode = proto.Field(proto.ENUM, number=1, enum=EvaluationMode,)
+ require_attestations_by = proto.RepeatedField(proto.STRING, number=2,)
+ enforcement_mode = proto.Field(proto.ENUM, number=3, enum=EnforcementMode,)
+
+
+class Attestor(proto.Message):
+ r"""An [attestor][google.cloud.binaryauthorization.v1.Attestor] that
+ attests to container image artifacts. An existing attestor cannot be
+ modified except where indicated.
+
+ Attributes:
+ name (str):
+ Required. The resource name, in the format:
+ ``projects/*/attestors/*``. This field may not be updated.
+ description (str):
+ Optional. A descriptive comment. This field
+ may be updated. The field may be displayed in
+ chooser dialogs.
+ user_owned_grafeas_note (google.cloud.binaryauthorization_v1.types.UserOwnedGrafeasNote):
+ This specifies how an attestation will be
+ read, and how it will be used during policy
+ enforcement.
+ update_time (google.protobuf.timestamp_pb2.Timestamp):
+ Output only. Time when the attestor was last
+ updated.
+ """
+
+ name = proto.Field(proto.STRING, number=1,)
+ description = proto.Field(proto.STRING, number=6,)
+ user_owned_grafeas_note = proto.Field(
+ proto.MESSAGE, number=3, oneof="attestor_type", message="UserOwnedGrafeasNote",
+ )
+ update_time = proto.Field(proto.MESSAGE, number=4, message=timestamp_pb2.Timestamp,)
+
+
+class UserOwnedGrafeasNote(proto.Message):
+ r"""An [user owned Grafeas
+ note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote]
+ references a Grafeas Attestation.Authority Note created by the user.
+
+ Attributes:
+ note_reference (str):
+ Required. The Grafeas resource name of a
+ Attestation.Authority Note, created by the user, in the
+ format: ``projects/*/notes/*``. This field may not be
+ updated.
+
+ An attestation by this attestor is stored as a Grafeas
+ Attestation.Authority Occurrence that names a container
+ image and that links to this Note. Grafeas is an external
+ dependency.
+ public_keys (Sequence[google.cloud.binaryauthorization_v1.types.AttestorPublicKey]):
+ Optional. Public keys that verify
+ attestations signed by this attestor. This
+ field may be updated.
+ If this field is non-empty, one of the specified
+ public keys must verify that an attestation was
+ signed by this attestor for the image specified
+ in the admission request.
+
+ If this field is empty, this attestor always
+ returns that no valid attestations exist.
+ delegation_service_account_email (str):
+ Output only. This field will contain the service account
+ email address that this Attestor will use as the principal
+ when querying Container Analysis. Attestor administrators
+ must grant this service account the IAM role needed to read
+ attestations from the [note_reference][Note] in Container
+ Analysis (``containeranalysis.notes.occurrences.viewer``).
+
+ This email address is fixed for the lifetime of the
+ Attestor, but callers should not make any other assumptions
+ about the service account email; future versions may use an
+ email based on a different naming pattern.
+ """
+
+ note_reference = proto.Field(proto.STRING, number=1,)
+ public_keys = proto.RepeatedField(
+ proto.MESSAGE, number=2, message="AttestorPublicKey",
+ )
+ delegation_service_account_email = proto.Field(proto.STRING, number=3,)
+
+
+class PkixPublicKey(proto.Message):
+ r"""A public key in the PkixPublicKey format (see
+ https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for
+ details). Public keys of this type are typically textually
+ encoded using the PEM format.
+
+ Attributes:
+ public_key_pem (str):
+ A PEM-encoded public key, as described in
+ https://tools.ietf.org/html/rfc7468#section-13
+ signature_algorithm (google.cloud.binaryauthorization_v1.types.PkixPublicKey.SignatureAlgorithm):
+ The signature algorithm used to verify a message against a
+ signature using this key. These signature algorithm must
+ match the structure and any object identifiers encoded in
+ ``public_key_pem`` (i.e. this algorithm must match that of
+ the public key).
+ """
+
+ class SignatureAlgorithm(proto.Enum):
+ r"""Represents a signature algorithm and other information
+ necessary to verify signatures with a given public key. This is
+ based primarily on the public key types supported by Tink's
+ PemKeyType, which is in turn based on KMS's supported signing
+ algorithms. See https://cloud.google.com/kms/docs/algorithms. In
+ the future, BinAuthz might support additional public key types
+ independently of Tink and/or KMS.
+ """
+ _pb_options = {"allow_alias": True}
+ SIGNATURE_ALGORITHM_UNSPECIFIED = 0
+ RSA_PSS_2048_SHA256 = 1
+ RSA_PSS_3072_SHA256 = 2
+ RSA_PSS_4096_SHA256 = 3
+ RSA_PSS_4096_SHA512 = 4
+ RSA_SIGN_PKCS1_2048_SHA256 = 5
+ RSA_SIGN_PKCS1_3072_SHA256 = 6
+ RSA_SIGN_PKCS1_4096_SHA256 = 7
+ RSA_SIGN_PKCS1_4096_SHA512 = 8
+ ECDSA_P256_SHA256 = 9
+ EC_SIGN_P256_SHA256 = 9
+ ECDSA_P384_SHA384 = 10
+ EC_SIGN_P384_SHA384 = 10
+ ECDSA_P521_SHA512 = 11
+ EC_SIGN_P521_SHA512 = 11
+
+ public_key_pem = proto.Field(proto.STRING, number=1,)
+ signature_algorithm = proto.Field(proto.ENUM, number=2, enum=SignatureAlgorithm,)
+
+
+class AttestorPublicKey(proto.Message):
+ r"""An [attestor public
+ key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that
+ will be used to verify attestations signed by this attestor.
+
+ Attributes:
+ comment (str):
+ Optional. A descriptive comment. This field
+ may be updated.
+ id (str):
+ The ID of this public key. Signatures verified by BinAuthz
+ must include the ID of the public key that can be used to
+ verify them, and that ID must match the contents of this
+ field exactly. Additional restrictions on this field can be
+ imposed based on which public key type is encapsulated. See
+ the documentation on ``public_key`` cases below for details.
+ ascii_armored_pgp_public_key (str):
+ ASCII-armored representation of a PGP public key, as the
+ entire output by the command
+ ``gpg --export --armor foo@example.com`` (either LF or CRLF
+ line endings). When using this field, ``id`` should be left
+ blank. The BinAuthz API handlers will calculate the ID and
+ fill it in automatically. BinAuthz computes this ID as the
+ OpenPGP RFC4880 V4 fingerprint, represented as upper-case
+ hex. If ``id`` is provided by the caller, it will be
+ overwritten by the API-calculated ID.
+ pkix_public_key (google.cloud.binaryauthorization_v1.types.PkixPublicKey):
+ A raw PKIX SubjectPublicKeyInfo format public key.
+
+ NOTE: ``id`` may be explicitly provided by the caller when
+ using this type of public key, but it MUST be a valid
+ RFC3986 URI. If ``id`` is left blank, a default one will be
+ computed based on the digest of the DER encoding of the
+ public key.
+ """
+
+ comment = proto.Field(proto.STRING, number=1,)
+ id = proto.Field(proto.STRING, number=2,)
+ ascii_armored_pgp_public_key = proto.Field(
+ proto.STRING, number=3, oneof="public_key",
+ )
+ pkix_public_key = proto.Field(
+ proto.MESSAGE, number=5, oneof="public_key", message="PkixPublicKey",
+ )
+
+
+__all__ = tuple(sorted(__protobuf__.manifest))
diff --git a/google/cloud/binaryauthorization_v1/types/service.py b/google/cloud/binaryauthorization_v1/types/service.py
new file mode 100644
index 0000000..862610b
--- /dev/null
+++ b/google/cloud/binaryauthorization_v1/types/service.py
@@ -0,0 +1,247 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import proto # type: ignore
+
+from google.cloud.binaryauthorization_v1.types import resources
+from grafeas.grafeas_v1.types import attestation # type: ignore
+
+
+__protobuf__ = proto.module(
+ package="google.cloud.binaryauthorization.v1",
+ manifest={
+ "GetPolicyRequest",
+ "UpdatePolicyRequest",
+ "CreateAttestorRequest",
+ "GetAttestorRequest",
+ "UpdateAttestorRequest",
+ "ListAttestorsRequest",
+ "ListAttestorsResponse",
+ "DeleteAttestorRequest",
+ "GetSystemPolicyRequest",
+ "ValidateAttestationOccurrenceRequest",
+ "ValidateAttestationOccurrenceResponse",
+ },
+)
+
+
+class GetPolicyRequest(proto.Message):
+ r"""Request message for [BinauthzManagementService.GetPolicy][].
+ Attributes:
+ name (str):
+ Required. The resource name of the
+ [policy][google.cloud.binaryauthorization.v1.Policy] to
+ retrieve, in the format ``projects/*/policy``.
+ """
+
+ name = proto.Field(proto.STRING, number=1,)
+
+
+class UpdatePolicyRequest(proto.Message):
+ r"""Request message for [BinauthzManagementService.UpdatePolicy][].
+ Attributes:
+ policy (google.cloud.binaryauthorization_v1.types.Policy):
+ Required. A new or updated
+ [policy][google.cloud.binaryauthorization.v1.Policy] value.
+ The service will overwrite the [policy
+ name][google.cloud.binaryauthorization.v1.Policy.name] field
+ with the resource name in the request URL, in the format
+ ``projects/*/policy``.
+ """
+
+ policy = proto.Field(proto.MESSAGE, number=1, message=resources.Policy,)
+
+
+class CreateAttestorRequest(proto.Message):
+ r"""Request message for [BinauthzManagementService.CreateAttestor][].
+ Attributes:
+ parent (str):
+ Required. The parent of this
+ [attestor][google.cloud.binaryauthorization.v1.Attestor].
+ attestor_id (str):
+ Required. The
+ [attestors][google.cloud.binaryauthorization.v1.Attestor]
+ ID.
+ attestor (google.cloud.binaryauthorization_v1.types.Attestor):
+ Required. The initial
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ value. The service will overwrite the [attestor
+ name][google.cloud.binaryauthorization.v1.Attestor.name]
+ field with the resource name, in the format
+ ``projects/*/attestors/*``.
+ """
+
+ parent = proto.Field(proto.STRING, number=1,)
+ attestor_id = proto.Field(proto.STRING, number=2,)
+ attestor = proto.Field(proto.MESSAGE, number=3, message=resources.Attestor,)
+
+
+class GetAttestorRequest(proto.Message):
+ r"""Request message for [BinauthzManagementService.GetAttestor][].
+ Attributes:
+ name (str):
+ Required. The name of the
+ [attestor][google.cloud.binaryauthorization.v1.Attestor] to
+ retrieve, in the format ``projects/*/attestors/*``.
+ """
+
+ name = proto.Field(proto.STRING, number=1,)
+
+
+class UpdateAttestorRequest(proto.Message):
+ r"""Request message for [BinauthzManagementService.UpdateAttestor][].
+ Attributes:
+ attestor (google.cloud.binaryauthorization_v1.types.Attestor):
+ Required. The updated
+ [attestor][google.cloud.binaryauthorization.v1.Attestor]
+ value. The service will overwrite the [attestor
+ name][google.cloud.binaryauthorization.v1.Attestor.name]
+ field with the resource name in the request URL, in the
+ format ``projects/*/attestors/*``.
+ """
+
+ attestor = proto.Field(proto.MESSAGE, number=1, message=resources.Attestor,)
+
+
+class ListAttestorsRequest(proto.Message):
+ r"""Request message for [BinauthzManagementService.ListAttestors][].
+ Attributes:
+ parent (str):
+ Required. The resource name of the project associated with
+ the
+ [attestors][google.cloud.binaryauthorization.v1.Attestor],
+ in the format ``projects/*``.
+ page_size (int):
+ Requested page size. The server may return
+ fewer results than requested. If unspecified,
+ the server will pick an appropriate default.
+ page_token (str):
+ A token identifying a page of results the server should
+ return. Typically, this is the value of
+ [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token]
+ returned from the previous call to the ``ListAttestors``
+ method.
+ """
+
+ parent = proto.Field(proto.STRING, number=1,)
+ page_size = proto.Field(proto.INT32, number=2,)
+ page_token = proto.Field(proto.STRING, number=3,)
+
+
+class ListAttestorsResponse(proto.Message):
+ r"""Response message for [BinauthzManagementService.ListAttestors][].
+ Attributes:
+ attestors (Sequence[google.cloud.binaryauthorization_v1.types.Attestor]):
+ The list of
+ [attestors][google.cloud.binaryauthorization.v1.Attestor].
+ next_page_token (str):
+ A token to retrieve the next page of results. Pass this
+ value in the
+ [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token]
+ field in the subsequent call to the ``ListAttestors`` method
+ to retrieve the next page of results.
+ """
+
+ @property
+ def raw_page(self):
+ return self
+
+ attestors = proto.RepeatedField(
+ proto.MESSAGE, number=1, message=resources.Attestor,
+ )
+ next_page_token = proto.Field(proto.STRING, number=2,)
+
+
+class DeleteAttestorRequest(proto.Message):
+ r"""Request message for [BinauthzManagementService.DeleteAttestor][].
+ Attributes:
+ name (str):
+ Required. The name of the
+ [attestors][google.cloud.binaryauthorization.v1.Attestor] to
+ delete, in the format ``projects/*/attestors/*``.
+ """
+
+ name = proto.Field(proto.STRING, number=1,)
+
+
+class GetSystemPolicyRequest(proto.Message):
+ r"""Request to read the current system policy.
+ Attributes:
+ name (str):
+ Required. The resource name, in the format
+ ``locations/*/policy``. Note that the system policy is not
+ associated with a project.
+ """
+
+ name = proto.Field(proto.STRING, number=1,)
+
+
+class ValidateAttestationOccurrenceRequest(proto.Message):
+ r"""Request message for
+ [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+
+ Attributes:
+ attestor (str):
+ Required. The resource name of the
+ [Attestor][google.cloud.binaryauthorization.v1.Attestor] of
+ the [occurrence][grafeas.v1.Occurrence], in the format
+ ``projects/*/attestors/*``.
+ attestation (grafeas.grafeas_v1.types.attestation.AttestationOccurrence):
+ Required. An
+ [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+ be checked that it can be verified by the Attestor. It does
+ not have to be an existing entity in Container Analysis. It
+ must otherwise be a valid AttestationOccurrence.
+ occurrence_note (str):
+ Required. The resource name of the [Note][grafeas.v1.Note]
+ to which the containing [Occurrence][grafeas.v1.Occurrence]
+ is associated.
+ occurrence_resource_uri (str):
+ Required. The URI of the artifact (e.g. container image)
+ that is the subject of the containing
+ [Occurrence][grafeas.v1.Occurrence].
+ """
+
+ attestor = proto.Field(proto.STRING, number=1,)
+ attestation = proto.Field(
+ proto.MESSAGE, number=2, message=attestation.AttestationOccurrence,
+ )
+ occurrence_note = proto.Field(proto.STRING, number=3,)
+ occurrence_resource_uri = proto.Field(proto.STRING, number=4,)
+
+
+class ValidateAttestationOccurrenceResponse(proto.Message):
+ r"""Response message for
+ [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+
+ Attributes:
+ result (google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceResponse.Result):
+ The result of the Attestation validation.
+ denial_reason (str):
+ The reason for denial if the Attestation
+ couldn't be validated.
+ """
+
+ class Result(proto.Enum):
+ r"""The enum returned in the "result" field."""
+ RESULT_UNSPECIFIED = 0
+ VERIFIED = 1
+ ATTESTATION_NOT_VERIFIABLE = 2
+
+ result = proto.Field(proto.ENUM, number=1, enum=Result,)
+ denial_reason = proto.Field(proto.STRING, number=2,)
+
+
+__all__ = tuple(sorted(__protobuf__.manifest))
diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py
index 771a38b..610f619 100644
--- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py
+++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py
@@ -17,7 +17,7 @@
from distutils import util
import os
import re
-from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union
+from typing import Dict, Optional, Sequence, Tuple, Type, Union
import pkg_resources
from google.api_core import client_options as client_options_lib # type: ignore
@@ -382,7 +382,7 @@ def __init__(
def get_policy(
self,
- request: service.GetPolicyRequest = None,
+ request: Union[service.GetPolicyRequest, dict] = None,
*,
name: str = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
@@ -404,7 +404,7 @@ def get_policy(
project does not have one.
Args:
- request (google.cloud.binaryauthorization_v1beta1.types.GetPolicyRequest):
+ request (Union[google.cloud.binaryauthorization_v1beta1.types.GetPolicyRequest, dict]):
The request object. Request message for
[BinauthzManagementService.GetPolicy][].
name (str):
@@ -466,7 +466,7 @@ def get_policy(
def update_policy(
self,
- request: service.UpdatePolicyRequest = None,
+ request: Union[service.UpdatePolicyRequest, dict] = None,
*,
policy: resources.Policy = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
@@ -483,7 +483,7 @@ def update_policy(
INVALID_ARGUMENT if the request is malformed.
Args:
- request (google.cloud.binaryauthorization_v1beta1.types.UpdatePolicyRequest):
+ request (Union[google.cloud.binaryauthorization_v1beta1.types.UpdatePolicyRequest, dict]):
The request object. Request message for
[BinauthzManagementService.UpdatePolicy][].
policy (google.cloud.binaryauthorization_v1beta1.types.Policy):
@@ -550,7 +550,7 @@ def update_policy(
def create_attestor(
self,
- request: service.CreateAttestorRequest = None,
+ request: Union[service.CreateAttestorRequest, dict] = None,
*,
parent: str = None,
attestor_id: str = None,
@@ -570,7 +570,7 @@ def create_attestor(
already exists.
Args:
- request (google.cloud.binaryauthorization_v1beta1.types.CreateAttestorRequest):
+ request (Union[google.cloud.binaryauthorization_v1beta1.types.CreateAttestorRequest, dict]):
The request object. Request message for
[BinauthzManagementService.CreateAttestor][].
parent (str):
@@ -655,7 +655,7 @@ def create_attestor(
def get_attestor(
self,
- request: service.GetAttestorRequest = None,
+ request: Union[service.GetAttestorRequest, dict] = None,
*,
name: str = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
@@ -669,7 +669,7 @@ def get_attestor(
does not exist.
Args:
- request (google.cloud.binaryauthorization_v1beta1.types.GetAttestorRequest):
+ request (Union[google.cloud.binaryauthorization_v1beta1.types.GetAttestorRequest, dict]):
The request object. Request message for
[BinauthzManagementService.GetAttestor][].
name (str):
@@ -732,7 +732,7 @@ def get_attestor(
def update_attestor(
self,
- request: service.UpdateAttestorRequest = None,
+ request: Union[service.UpdateAttestorRequest, dict] = None,
*,
attestor: resources.Attestor = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
@@ -746,7 +746,7 @@ def update_attestor(
does not exist.
Args:
- request (google.cloud.binaryauthorization_v1beta1.types.UpdateAttestorRequest):
+ request (Union[google.cloud.binaryauthorization_v1beta1.types.UpdateAttestorRequest, dict]):
The request object. Request message for
[BinauthzManagementService.UpdateAttestor][].
attestor (google.cloud.binaryauthorization_v1beta1.types.Attestor):
@@ -814,7 +814,7 @@ def update_attestor(
def list_attestors(
self,
- request: service.ListAttestorsRequest = None,
+ request: Union[service.ListAttestorsRequest, dict] = None,
*,
parent: str = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
@@ -826,7 +826,7 @@ def list_attestors(
Returns INVALID_ARGUMENT if the project does not exist.
Args:
- request (google.cloud.binaryauthorization_v1beta1.types.ListAttestorsRequest):
+ request (Union[google.cloud.binaryauthorization_v1beta1.types.ListAttestorsRequest, dict]):
The request object. Request message for
[BinauthzManagementService.ListAttestors][].
parent (str):
@@ -898,7 +898,7 @@ def list_attestors(
def delete_attestor(
self,
- request: service.DeleteAttestorRequest = None,
+ request: Union[service.DeleteAttestorRequest, dict] = None,
*,
name: str = None,
retry: retries.Retry = gapic_v1.method.DEFAULT,
@@ -912,7 +912,7 @@ def delete_attestor(
does not exist.
Args:
- request (google.cloud.binaryauthorization_v1beta1.types.DeleteAttestorRequest):
+ request (Union[google.cloud.binaryauthorization_v1beta1.types.DeleteAttestorRequest, dict]):
The request object. Request message for
[BinauthzManagementService.DeleteAttestor][].
name (str):
diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py
index bfca7f3..6e334f8 100644
--- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py
+++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py
@@ -119,7 +119,7 @@ def __init__(
**scopes_kwargs, quota_project_id=quota_project_id
)
- # If the credentials is service account credentials, then always try to use self signed JWT.
+ # If the credentials are service account credentials, then always try to use self signed JWT.
if (
always_use_jwt_access
and isinstance(credentials, service_account.Credentials)
diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py
index 537745f..6bb8997 100644
--- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py
+++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py
@@ -90,16 +90,16 @@ def __init__(
api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
If provided, it overrides the ``host`` argument and tries to create
a mutual TLS channel with client SSL credentials from
- ``client_cert_source`` or applicatin default SSL credentials.
+ ``client_cert_source`` or application default SSL credentials.
client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
Deprecated. A callback to provide client SSL certificate bytes and
private key bytes, both in PEM format. It is ignored if
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
- for grpc channel. It is ignored if ``channel`` is provided.
+ for the grpc channel. It is ignored if ``channel`` is provided.
client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
A callback to provide client certificate bytes and private key bytes,
- both in PEM format. It is used to configure mutual TLS channel. It is
+ both in PEM format. It is used to configure a mutual TLS channel. It is
ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py
index 2cf689c..411ed69 100644
--- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py
+++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py
@@ -137,16 +137,16 @@ def __init__(
api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
If provided, it overrides the ``host`` argument and tries to create
a mutual TLS channel with client SSL credentials from
- ``client_cert_source`` or applicatin default SSL credentials.
+ ``client_cert_source`` or application default SSL credentials.
client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
Deprecated. A callback to provide client SSL certificate bytes and
private key bytes, both in PEM format. It is ignored if
``api_mtls_endpoint`` is None.
ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
- for grpc channel. It is ignored if ``channel`` is provided.
+ for the grpc channel. It is ignored if ``channel`` is provided.
client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
A callback to provide client certificate bytes and private key bytes,
- both in PEM format. It is used to configure mutual TLS channel. It is
+ both in PEM format. It is used to configure a mutual TLS channel. It is
ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
quota_project_id (Optional[str]): An optional project to use for billing
and quota.
diff --git a/noxfile.py b/noxfile.py
index 03aa2f5..2bf3ffd 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -84,9 +84,15 @@ def default(session):
constraints_path = str(
CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt"
)
- session.install("asyncmock", "pytest-asyncio", "-c", constraints_path)
-
- session.install("mock", "pytest", "pytest-cov", "-c", constraints_path)
+ session.install(
+ "mock",
+ "asyncmock",
+ "pytest",
+ "pytest-cov",
+ "pytest-asyncio",
+ "-c",
+ constraints_path,
+ )
session.install("-e", ".", "-c", constraints_path)
diff --git a/owlbot.py b/owlbot.py
index a1f9473..d5031f7 100644
--- a/owlbot.py
+++ b/owlbot.py
@@ -14,15 +14,13 @@
"""This script is used to synthesize generated parts of this library."""
-import os
-
import synthtool as s
import synthtool.gcp as gcp
from synthtool.languages import python
common = gcp.CommonTemplates()
-default_version = "v1beta1"
+default_version = "v1"
for library in s.get_staging_dirs(default_version):
# Rename package to 'google-cloud-binary-authorization'
@@ -31,6 +29,39 @@
"google-cloud-binaryauthorization",
"google-cloud-binary-authorization",
)
+
+ if library.name == "v1":
+ # Fix import of grafeas
+ s.replace(
+ [library / "google/**/*.py", library / "tests/**/*.py"],
+ "from grafeas.v1",
+ "from grafeas.grafeas_v1",
+ )
+
+ s.replace(
+ [library / "google/**/*.py", library / "tests/**/*.py"],
+ "from grafeas.grafeas_v1 import attestation_pb2",
+ "from grafeas.grafeas_v1.types import attestation",
+ )
+
+ s.replace(
+ [library / "google/**/*.py", library / "tests/**/*.py"],
+ "from grafeas.grafeas_v1 import common_pb2",
+ "from grafeas.grafeas_v1.types import common",
+ )
+
+ s.replace(
+ [library / "google/**/*.py", library / "tests/**/*.py"],
+ "message=attestation_pb2",
+ "message=attestation",
+ )
+
+ s.replace(
+ [library / "google/**/*.py", library / "tests/**/*.py"],
+ "grafeas.v1.attestation_pb2.AttestationOccurrence",
+ "grafeas.grafeas_v1.types.attestation.AttestationOccurrence",
+ )
+
s.move(library, excludes=["setup.py", "README.rst", "docs/index.rst"])
s.remove_staging_dirs()
@@ -40,9 +71,10 @@
# ----------------------------------------------------------------------------
templated_files = common.py_library(cov_level=98, microgenerator=True)
+python.py_samples(skip_readmes=True)
s.move(
templated_files,
- excludes=[".coveragerc"], # the microgenerator has a goodcoveragerc file
+ excludes=[".coveragerc"], # the microgenerator has a good coveragerc file
)
s.shell.run(["nox", "-s", "blacken"], hide_output=False)
diff --git a/renovate.json b/renovate.json
index c048955..c21036d 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,6 +1,9 @@
{
"extends": [
- "config:base", ":preserveSemverRanges"
+ "config:base",
+ "group:all",
+ ":preserveSemverRanges",
+ ":disableDependencyDashboard"
],
"ignorePaths": [".pre-commit-config.yaml"],
"pip_requirements": {
diff --git a/scripts/fixup_binaryauthorization_v1_keywords.py b/scripts/fixup_binaryauthorization_v1_keywords.py
new file mode 100644
index 0000000..7b2f46d
--- /dev/null
+++ b/scripts/fixup_binaryauthorization_v1_keywords.py
@@ -0,0 +1,184 @@
+#! /usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import argparse
+import os
+import libcst as cst
+import pathlib
+import sys
+from typing import (Any, Callable, Dict, List, Sequence, Tuple)
+
+
+def partition(
+ predicate: Callable[[Any], bool],
+ iterator: Sequence[Any]
+) -> Tuple[List[Any], List[Any]]:
+ """A stable, out-of-place partition."""
+ results = ([], [])
+
+ for i in iterator:
+ results[int(predicate(i))].append(i)
+
+ # Returns trueList, falseList
+ return results[1], results[0]
+
+
+class binaryauthorizationCallTransformer(cst.CSTTransformer):
+ CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata')
+ METHOD_TO_PARAMS: Dict[str, Tuple[str]] = {
+ 'create_attestor': ('parent', 'attestor_id', 'attestor', ),
+ 'delete_attestor': ('name', ),
+ 'get_attestor': ('name', ),
+ 'get_policy': ('name', ),
+ 'get_system_policy': ('name', ),
+ 'list_attestors': ('parent', 'page_size', 'page_token', ),
+ 'update_attestor': ('attestor', ),
+ 'update_policy': ('policy', ),
+ 'validate_attestation_occurrence': ('attestor', 'attestation', 'occurrence_note', 'occurrence_resource_uri', ),
+ }
+
+ def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode:
+ try:
+ key = original.func.attr.value
+ kword_params = self.METHOD_TO_PARAMS[key]
+ except (AttributeError, KeyError):
+ # Either not a method from the API or too convoluted to be sure.
+ return updated
+
+ # If the existing code is valid, keyword args come after positional args.
+ # Therefore, all positional args must map to the first parameters.
+ args, kwargs = partition(lambda a: not bool(a.keyword), updated.args)
+ if any(k.keyword.value == "request" for k in kwargs):
+ # We've already fixed this file, don't fix it again.
+ return updated
+
+ kwargs, ctrl_kwargs = partition(
+ lambda a: a.keyword.value not in self.CTRL_PARAMS,
+ kwargs
+ )
+
+ args, ctrl_args = args[:len(kword_params)], args[len(kword_params):]
+ ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl))
+ for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS))
+
+ request_arg = cst.Arg(
+ value=cst.Dict([
+ cst.DictElement(
+ cst.SimpleString("'{}'".format(name)),
+cst.Element(value=arg.value)
+ )
+ # Note: the args + kwargs looks silly, but keep in mind that
+ # the control parameters had to be stripped out, and that
+ # those could have been passed positionally or by keyword.
+ for name, arg in zip(kword_params, args + kwargs)]),
+ keyword=cst.Name("request")
+ )
+
+ return updated.with_changes(
+ args=[request_arg] + ctrl_kwargs
+ )
+
+
+def fix_files(
+ in_dir: pathlib.Path,
+ out_dir: pathlib.Path,
+ *,
+ transformer=binaryauthorizationCallTransformer(),
+):
+ """Duplicate the input dir to the output dir, fixing file method calls.
+
+ Preconditions:
+ * in_dir is a real directory
+ * out_dir is a real, empty directory
+ """
+ pyfile_gen = (
+ pathlib.Path(os.path.join(root, f))
+ for root, _, files in os.walk(in_dir)
+ for f in files if os.path.splitext(f)[1] == ".py"
+ )
+
+ for fpath in pyfile_gen:
+ with open(fpath, 'r') as f:
+ src = f.read()
+
+ # Parse the code and insert method call fixes.
+ tree = cst.parse_module(src)
+ updated = tree.visit(transformer)
+
+ # Create the path and directory structure for the new file.
+ updated_path = out_dir.joinpath(fpath.relative_to(in_dir))
+ updated_path.parent.mkdir(parents=True, exist_ok=True)
+
+ # Generate the updated source file at the corresponding path.
+ with open(updated_path, 'w') as f:
+ f.write(updated.code)
+
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser(
+ description="""Fix up source that uses the binaryauthorization client library.
+
+The existing sources are NOT overwritten but are copied to output_dir with changes made.
+
+Note: This tool operates at a best-effort level at converting positional
+ parameters in client method calls to keyword based parameters.
+ Cases where it WILL FAIL include
+ A) * or ** expansion in a method call.
+ B) Calls via function or method alias (includes free function calls)
+ C) Indirect or dispatched calls (e.g. the method is looked up dynamically)
+
+ These all constitute false negatives. The tool will also detect false
+ positives when an API method shares a name with another method.
+""")
+ parser.add_argument(
+ '-d',
+ '--input-directory',
+ required=True,
+ dest='input_dir',
+ help='the input directory to walk for python files to fix up',
+ )
+ parser.add_argument(
+ '-o',
+ '--output-directory',
+ required=True,
+ dest='output_dir',
+ help='the directory to output files fixed via un-flattening',
+ )
+ args = parser.parse_args()
+ input_dir = pathlib.Path(args.input_dir)
+ output_dir = pathlib.Path(args.output_dir)
+ if not input_dir.is_dir():
+ print(
+ f"input directory '{input_dir}' does not exist or is not a directory",
+ file=sys.stderr,
+ )
+ sys.exit(-1)
+
+ if not output_dir.is_dir():
+ print(
+ f"output directory '{output_dir}' does not exist or is not a directory",
+ file=sys.stderr,
+ )
+ sys.exit(-1)
+
+ if os.listdir(output_dir):
+ print(
+ f"output directory '{output_dir}' is not empty",
+ file=sys.stderr,
+ )
+ sys.exit(-1)
+
+ fix_files(input_dir, output_dir)
diff --git a/scripts/fixup_binaryauthorization_v1beta1_keywords.py b/scripts/fixup_binaryauthorization_v1beta1_keywords.py
index 95b795b..d8d091d 100644
--- a/scripts/fixup_binaryauthorization_v1beta1_keywords.py
+++ b/scripts/fixup_binaryauthorization_v1beta1_keywords.py
@@ -39,13 +39,13 @@ def partition(
class binaryauthorizationCallTransformer(cst.CSTTransformer):
CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata')
METHOD_TO_PARAMS: Dict[str, Tuple[str]] = {
- 'create_attestor': ('parent', 'attestor_id', 'attestor', ),
- 'delete_attestor': ('name', ),
- 'get_attestor': ('name', ),
- 'get_policy': ('name', ),
- 'list_attestors': ('parent', 'page_size', 'page_token', ),
- 'update_attestor': ('attestor', ),
- 'update_policy': ('policy', ),
+ 'create_attestor': ('parent', 'attestor_id', 'attestor', ),
+ 'delete_attestor': ('name', ),
+ 'get_attestor': ('name', ),
+ 'get_policy': ('name', ),
+ 'list_attestors': ('parent', 'page_size', 'page_token', ),
+ 'update_attestor': ('attestor', ),
+ 'update_policy': ('policy', ),
}
def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode:
@@ -64,7 +64,7 @@ def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode:
return updated
kwargs, ctrl_kwargs = partition(
- lambda a: not a.keyword.value in self.CTRL_PARAMS,
+ lambda a: a.keyword.value not in self.CTRL_PARAMS,
kwargs
)
diff --git a/scripts/readme-gen/templates/install_deps.tmpl.rst b/scripts/readme-gen/templates/install_deps.tmpl.rst
index a0406db..275d649 100644
--- a/scripts/readme-gen/templates/install_deps.tmpl.rst
+++ b/scripts/readme-gen/templates/install_deps.tmpl.rst
@@ -12,7 +12,7 @@ Install Dependencies
.. _Python Development Environment Setup Guide:
https://cloud.google.com/python/setup
-#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+.
+#. Create a virtualenv. Samples are compatible with Python 3.6+.
.. code-block:: bash
diff --git a/setup.py b/setup.py
index 9edeb77..2566f5c 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@
import setuptools # type: ignore
-version = "0.3.1"
+version = "0.4.0"
package_root = os.path.abspath(os.path.dirname(__file__))
@@ -36,7 +36,7 @@
author="Google LLC",
author_email="googleapis-packages@google.com",
license="Apache 2.0",
- url="https://github.com/googleapis/python-documentai",
+ url="https://github.com/googleapis/python-binary-authorization",
packages=[
package
for package in setuptools.PEP420PackageFinder.find()
@@ -50,8 +50,9 @@
# Until this issue is closed
# https://github.com/googleapis/google-cloud-python/issues/10566
"google-api-core[grpc] >= 1.26.0, <3.0.0dev",
- "proto-plus >= 1.4.0",
+ "proto-plus >= 1.15.0",
"packaging >= 14.3",
+ "grafeas >= 1.1.2",
),
python_requires=">=3.6",
classifiers=[
diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt
index e94a653..db1749a 100644
--- a/testing/constraints-3.6.txt
+++ b/testing/constraints-3.6.txt
@@ -5,6 +5,7 @@
# e.g., if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0dev",
# Then this file should have google-cloud-foo==1.14.0
google-api-core==1.26.0
-proto-plus==1.4.0
+proto-plus==1.15.0
+grafeas==1.1.2
packaging==14.3
google-auth==1.24.0 # TODO: remove when google-auth>=1.25.0 si transitively required through google-api-core
diff --git a/tests/unit/gapic/binaryauthorization_v1/__init__.py b/tests/unit/gapic/binaryauthorization_v1/__init__.py
new file mode 100644
index 0000000..4de6597
--- /dev/null
+++ b/tests/unit/gapic/binaryauthorization_v1/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
diff --git a/tests/unit/gapic/binaryauthorization_v1/test_binauthz_management_service_v1.py b/tests/unit/gapic/binaryauthorization_v1/test_binauthz_management_service_v1.py
new file mode 100644
index 0000000..bc3bf1c
--- /dev/null
+++ b/tests/unit/gapic/binaryauthorization_v1/test_binauthz_management_service_v1.py
@@ -0,0 +1,2821 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import os
+import mock
+import packaging.version
+
+import grpc
+from grpc.experimental import aio
+import math
+import pytest
+from proto.marshal.rules.dates import DurationRule, TimestampRule
+
+
+from google.api_core import client_options
+from google.api_core import exceptions as core_exceptions
+from google.api_core import gapic_v1
+from google.api_core import grpc_helpers
+from google.api_core import grpc_helpers_async
+from google.auth import credentials as ga_credentials
+from google.auth.exceptions import MutualTLSChannelError
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import (
+ BinauthzManagementServiceV1AsyncClient,
+)
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import (
+ BinauthzManagementServiceV1Client,
+)
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import (
+ pagers,
+)
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import (
+ transports,
+)
+from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base import (
+ _GOOGLE_AUTH_VERSION,
+)
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.oauth2 import service_account
+from google.protobuf import timestamp_pb2 # type: ignore
+import google.auth
+
+
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
+# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
+requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth < 1.25.0",
+)
+requires_google_auth_gte_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth >= 1.25.0",
+)
+
+
+def client_cert_source_callback():
+ return b"cert bytes", b"key bytes"
+
+
+# If default endpoint is localhost, then default mtls endpoint will be the same.
+# This method modifies the default endpoint so the client can produce a different
+# mtls endpoint for endpoint testing purposes.
+def modify_default_endpoint(client):
+ return (
+ "foo.googleapis.com"
+ if ("localhost" in client.DEFAULT_ENDPOINT)
+ else client.DEFAULT_ENDPOINT
+ )
+
+
+def test__get_default_mtls_endpoint():
+ api_endpoint = "example.googleapis.com"
+ api_mtls_endpoint = "example.mtls.googleapis.com"
+ sandbox_endpoint = "example.sandbox.googleapis.com"
+ sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com"
+ non_googleapi = "api.example.com"
+
+ assert BinauthzManagementServiceV1Client._get_default_mtls_endpoint(None) is None
+ assert (
+ BinauthzManagementServiceV1Client._get_default_mtls_endpoint(api_endpoint)
+ == api_mtls_endpoint
+ )
+ assert (
+ BinauthzManagementServiceV1Client._get_default_mtls_endpoint(api_mtls_endpoint)
+ == api_mtls_endpoint
+ )
+ assert (
+ BinauthzManagementServiceV1Client._get_default_mtls_endpoint(sandbox_endpoint)
+ == sandbox_mtls_endpoint
+ )
+ assert (
+ BinauthzManagementServiceV1Client._get_default_mtls_endpoint(
+ sandbox_mtls_endpoint
+ )
+ == sandbox_mtls_endpoint
+ )
+ assert (
+ BinauthzManagementServiceV1Client._get_default_mtls_endpoint(non_googleapi)
+ == non_googleapi
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class",
+ [BinauthzManagementServiceV1Client, BinauthzManagementServiceV1AsyncClient,],
+)
+def test_binauthz_management_service_v1_client_from_service_account_info(client_class):
+ creds = ga_credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_info"
+ ) as factory:
+ factory.return_value = creds
+ info = {"valid": True}
+ client = client_class.from_service_account_info(info)
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.BinauthzManagementServiceV1GrpcTransport, "grpc"),
+ (transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_binauthz_management_service_v1_client_service_account_always_use_jwt(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=False)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "client_class",
+ [BinauthzManagementServiceV1Client, BinauthzManagementServiceV1AsyncClient,],
+)
+def test_binauthz_management_service_v1_client_from_service_account_file(client_class):
+ creds = ga_credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_file"
+ ) as factory:
+ factory.return_value = creds
+ client = client_class.from_service_account_file("dummy/file/path.json")
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ client = client_class.from_service_account_json("dummy/file/path.json")
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+def test_binauthz_management_service_v1_client_get_transport_class():
+ transport = BinauthzManagementServiceV1Client.get_transport_class()
+ available_transports = [
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ ]
+ assert transport in available_transports
+
+ transport = BinauthzManagementServiceV1Client.get_transport_class("grpc")
+ assert transport == transports.BinauthzManagementServiceV1GrpcTransport
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (
+ BinauthzManagementServiceV1Client,
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ "grpc",
+ ),
+ (
+ BinauthzManagementServiceV1AsyncClient,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+@mock.patch.object(
+ BinauthzManagementServiceV1Client,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(BinauthzManagementServiceV1Client),
+)
+@mock.patch.object(
+ BinauthzManagementServiceV1AsyncClient,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(BinauthzManagementServiceV1AsyncClient),
+)
+def test_binauthz_management_service_v1_client_client_options(
+ client_class, transport_class, transport_name
+):
+ # Check that if channel is provided we won't create a new one.
+ with mock.patch.object(
+ BinauthzManagementServiceV1Client, "get_transport_class"
+ ) as gtc:
+ transport = transport_class(credentials=ga_credentials.AnonymousCredentials())
+ client = client_class(transport=transport)
+ gtc.assert_not_called()
+
+ # Check that if channel is provided via str we will create a new one.
+ with mock.patch.object(
+ BinauthzManagementServiceV1Client, "get_transport_class"
+ ) as gtc:
+ client = client_class(transport=transport_name)
+ gtc.assert_called()
+
+ # Check the case api_endpoint is provided.
+ options = client_options.ClientOptions(api_endpoint="squid.clam.whelk")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host="squid.clam.whelk",
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
+ # "never".
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
+ # "always".
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_MTLS_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
+ # unsupported value.
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}):
+ with pytest.raises(MutualTLSChannelError):
+ client = client_class()
+
+ # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
+ ):
+ with pytest.raises(ValueError):
+ client = client_class()
+
+ # Check the case quota_project_id is provided
+ options = client_options.ClientOptions(quota_project_id="octopus")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id="octopus",
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name,use_client_cert_env",
+ [
+ (
+ BinauthzManagementServiceV1Client,
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ "grpc",
+ "true",
+ ),
+ (
+ BinauthzManagementServiceV1AsyncClient,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ "true",
+ ),
+ (
+ BinauthzManagementServiceV1Client,
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ "grpc",
+ "false",
+ ),
+ (
+ BinauthzManagementServiceV1AsyncClient,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ "false",
+ ),
+ ],
+)
+@mock.patch.object(
+ BinauthzManagementServiceV1Client,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(BinauthzManagementServiceV1Client),
+)
+@mock.patch.object(
+ BinauthzManagementServiceV1AsyncClient,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(BinauthzManagementServiceV1AsyncClient),
+)
+@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"})
+def test_binauthz_management_service_v1_client_mtls_env_auto(
+ client_class, transport_class, transport_name, use_client_cert_env
+):
+ # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default
+ # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists.
+
+ # Check the case client_cert_source is provided. Whether client cert is used depends on
+ # GOOGLE_API_USE_CLIENT_CERTIFICATE value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ options = client_options.ClientOptions(
+ client_cert_source=client_cert_source_callback
+ )
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+
+ if use_client_cert_env == "false":
+ expected_client_cert_source = None
+ expected_host = client.DEFAULT_ENDPOINT
+ else:
+ expected_client_cert_source = client_cert_source_callback
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case ADC client cert is provided. Whether client cert is used depends on
+ # GOOGLE_API_USE_CLIENT_CERTIFICATE value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=True,
+ ):
+ with mock.patch(
+ "google.auth.transport.mtls.default_client_cert_source",
+ return_value=client_cert_source_callback,
+ ):
+ if use_client_cert_env == "false":
+ expected_host = client.DEFAULT_ENDPOINT
+ expected_client_cert_source = None
+ else:
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+ expected_client_cert_source = client_cert_source_callback
+
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case client_cert_source and ADC client cert are not provided.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=False,
+ ):
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (
+ BinauthzManagementServiceV1Client,
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ "grpc",
+ ),
+ (
+ BinauthzManagementServiceV1AsyncClient,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+def test_binauthz_management_service_v1_client_client_options_scopes(
+ client_class, transport_class, transport_name
+):
+ # Check the case scopes are provided.
+ options = client_options.ClientOptions(scopes=["1", "2"],)
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=["1", "2"],
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (
+ BinauthzManagementServiceV1Client,
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ "grpc",
+ ),
+ (
+ BinauthzManagementServiceV1AsyncClient,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+def test_binauthz_management_service_v1_client_client_options_credentials_file(
+ client_class, transport_class, transport_name
+):
+ # Check the case credentials file is provided.
+ options = client_options.ClientOptions(credentials_file="credentials.json")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file="credentials.json",
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+def test_binauthz_management_service_v1_client_client_options_from_dict():
+ with mock.patch(
+ "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1GrpcTransport.__init__"
+ ) as grpc_transport:
+ grpc_transport.return_value = None
+ client = BinauthzManagementServiceV1Client(
+ client_options={"api_endpoint": "squid.clam.whelk"}
+ )
+ grpc_transport.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host="squid.clam.whelk",
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+def test_get_policy(transport: str = "grpc", request_type=service.GetPolicyRequest):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy(
+ name="name_value",
+ description="description_value",
+ global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE,
+ )
+ response = client.get_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetPolicyRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Policy)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+ assert (
+ response.global_policy_evaluation_mode
+ == resources.Policy.GlobalPolicyEvaluationMode.ENABLE
+ )
+
+
+def test_get_policy_from_dict():
+ test_get_policy(request_type=dict)
+
+
+def test_get_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_policy), "__call__") as call:
+ client.get_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetPolicyRequest()
+
+
+@pytest.mark.asyncio
+async def test_get_policy_async(
+ transport: str = "grpc_asyncio", request_type=service.GetPolicyRequest
+):
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ resources.Policy(
+ name="name_value",
+ description="description_value",
+ global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE,
+ )
+ )
+ response = await client.get_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetPolicyRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Policy)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+ assert (
+ response.global_policy_evaluation_mode
+ == resources.Policy.GlobalPolicyEvaluationMode.ENABLE
+ )
+
+
+@pytest.mark.asyncio
+async def test_get_policy_async_from_dict():
+ await test_get_policy_async(request_type=dict)
+
+
+def test_get_policy_field_headers():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.GetPolicyRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_policy), "__call__") as call:
+ call.return_value = resources.Policy()
+ client.get_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_get_policy_field_headers_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.GetPolicyRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_policy), "__call__") as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy())
+ await client.get_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+def test_get_policy_flattened():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy()
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.get_policy(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+def test_get_policy_flattened_error():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.get_policy(
+ service.GetPolicyRequest(), name="name_value",
+ )
+
+
+@pytest.mark.asyncio
+async def test_get_policy_flattened_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy()
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy())
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.get_policy(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+@pytest.mark.asyncio
+async def test_get_policy_flattened_error_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.get_policy(
+ service.GetPolicyRequest(), name="name_value",
+ )
+
+
+def test_update_policy(
+ transport: str = "grpc", request_type=service.UpdatePolicyRequest
+):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy(
+ name="name_value",
+ description="description_value",
+ global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE,
+ )
+ response = client.update_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.UpdatePolicyRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Policy)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+ assert (
+ response.global_policy_evaluation_mode
+ == resources.Policy.GlobalPolicyEvaluationMode.ENABLE
+ )
+
+
+def test_update_policy_from_dict():
+ test_update_policy(request_type=dict)
+
+
+def test_update_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_policy), "__call__") as call:
+ client.update_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.UpdatePolicyRequest()
+
+
+@pytest.mark.asyncio
+async def test_update_policy_async(
+ transport: str = "grpc_asyncio", request_type=service.UpdatePolicyRequest
+):
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ resources.Policy(
+ name="name_value",
+ description="description_value",
+ global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE,
+ )
+ )
+ response = await client.update_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.UpdatePolicyRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Policy)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+ assert (
+ response.global_policy_evaluation_mode
+ == resources.Policy.GlobalPolicyEvaluationMode.ENABLE
+ )
+
+
+@pytest.mark.asyncio
+async def test_update_policy_async_from_dict():
+ await test_update_policy_async(request_type=dict)
+
+
+def test_update_policy_field_headers():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.UpdatePolicyRequest()
+
+ request.policy.name = "policy.name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_policy), "__call__") as call:
+ call.return_value = resources.Policy()
+ client.update_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "policy.name=policy.name/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_update_policy_field_headers_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.UpdatePolicyRequest()
+
+ request.policy.name = "policy.name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_policy), "__call__") as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy())
+ await client.update_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "policy.name=policy.name/value",) in kw["metadata"]
+
+
+def test_update_policy_flattened():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy()
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.update_policy(policy=resources.Policy(name="name_value"),)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].policy == resources.Policy(name="name_value")
+
+
+def test_update_policy_flattened_error():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.update_policy(
+ service.UpdatePolicyRequest(), policy=resources.Policy(name="name_value"),
+ )
+
+
+@pytest.mark.asyncio
+async def test_update_policy_flattened_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_policy), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy()
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy())
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.update_policy(
+ policy=resources.Policy(name="name_value"),
+ )
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].policy == resources.Policy(name="name_value")
+
+
+@pytest.mark.asyncio
+async def test_update_policy_flattened_error_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.update_policy(
+ service.UpdatePolicyRequest(), policy=resources.Policy(name="name_value"),
+ )
+
+
+def test_create_attestor(
+ transport: str = "grpc", request_type=service.CreateAttestorRequest
+):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor(
+ name="name_value",
+ description="description_value",
+ user_owned_grafeas_note=resources.UserOwnedGrafeasNote(
+ note_reference="note_reference_value"
+ ),
+ )
+ response = client.create_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.CreateAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Attestor)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+
+
+def test_create_attestor_from_dict():
+ test_create_attestor(request_type=dict)
+
+
+def test_create_attestor_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_attestor), "__call__") as call:
+ client.create_attestor()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.CreateAttestorRequest()
+
+
+@pytest.mark.asyncio
+async def test_create_attestor_async(
+ transport: str = "grpc_asyncio", request_type=service.CreateAttestorRequest
+):
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ resources.Attestor(name="name_value", description="description_value",)
+ )
+ response = await client.create_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.CreateAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Attestor)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+
+
+@pytest.mark.asyncio
+async def test_create_attestor_async_from_dict():
+ await test_create_attestor_async(request_type=dict)
+
+
+def test_create_attestor_field_headers():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.CreateAttestorRequest()
+
+ request.parent = "parent/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_attestor), "__call__") as call:
+ call.return_value = resources.Attestor()
+ client.create_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_create_attestor_field_headers_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.CreateAttestorRequest()
+
+ request.parent = "parent/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_attestor), "__call__") as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor())
+ await client.create_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"]
+
+
+def test_create_attestor_flattened():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor()
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.create_attestor(
+ parent="parent_value",
+ attestor_id="attestor_id_value",
+ attestor=resources.Attestor(name="name_value"),
+ )
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].parent == "parent_value"
+ assert args[0].attestor_id == "attestor_id_value"
+ assert args[0].attestor == resources.Attestor(name="name_value")
+
+
+def test_create_attestor_flattened_error():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.create_attestor(
+ service.CreateAttestorRequest(),
+ parent="parent_value",
+ attestor_id="attestor_id_value",
+ attestor=resources.Attestor(name="name_value"),
+ )
+
+
+@pytest.mark.asyncio
+async def test_create_attestor_flattened_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.create_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor()
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor())
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.create_attestor(
+ parent="parent_value",
+ attestor_id="attestor_id_value",
+ attestor=resources.Attestor(name="name_value"),
+ )
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].parent == "parent_value"
+ assert args[0].attestor_id == "attestor_id_value"
+ assert args[0].attestor == resources.Attestor(name="name_value")
+
+
+@pytest.mark.asyncio
+async def test_create_attestor_flattened_error_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.create_attestor(
+ service.CreateAttestorRequest(),
+ parent="parent_value",
+ attestor_id="attestor_id_value",
+ attestor=resources.Attestor(name="name_value"),
+ )
+
+
+def test_get_attestor(transport: str = "grpc", request_type=service.GetAttestorRequest):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor(
+ name="name_value",
+ description="description_value",
+ user_owned_grafeas_note=resources.UserOwnedGrafeasNote(
+ note_reference="note_reference_value"
+ ),
+ )
+ response = client.get_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Attestor)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+
+
+def test_get_attestor_from_dict():
+ test_get_attestor(request_type=dict)
+
+
+def test_get_attestor_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_attestor), "__call__") as call:
+ client.get_attestor()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetAttestorRequest()
+
+
+@pytest.mark.asyncio
+async def test_get_attestor_async(
+ transport: str = "grpc_asyncio", request_type=service.GetAttestorRequest
+):
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ resources.Attestor(name="name_value", description="description_value",)
+ )
+ response = await client.get_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Attestor)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+
+
+@pytest.mark.asyncio
+async def test_get_attestor_async_from_dict():
+ await test_get_attestor_async(request_type=dict)
+
+
+def test_get_attestor_field_headers():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.GetAttestorRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_attestor), "__call__") as call:
+ call.return_value = resources.Attestor()
+ client.get_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_get_attestor_field_headers_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.GetAttestorRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_attestor), "__call__") as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor())
+ await client.get_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+def test_get_attestor_flattened():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor()
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.get_attestor(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+def test_get_attestor_flattened_error():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.get_attestor(
+ service.GetAttestorRequest(), name="name_value",
+ )
+
+
+@pytest.mark.asyncio
+async def test_get_attestor_flattened_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.get_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor()
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor())
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.get_attestor(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+@pytest.mark.asyncio
+async def test_get_attestor_flattened_error_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.get_attestor(
+ service.GetAttestorRequest(), name="name_value",
+ )
+
+
+def test_update_attestor(
+ transport: str = "grpc", request_type=service.UpdateAttestorRequest
+):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor(
+ name="name_value",
+ description="description_value",
+ user_owned_grafeas_note=resources.UserOwnedGrafeasNote(
+ note_reference="note_reference_value"
+ ),
+ )
+ response = client.update_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.UpdateAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Attestor)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+
+
+def test_update_attestor_from_dict():
+ test_update_attestor(request_type=dict)
+
+
+def test_update_attestor_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_attestor), "__call__") as call:
+ client.update_attestor()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.UpdateAttestorRequest()
+
+
+@pytest.mark.asyncio
+async def test_update_attestor_async(
+ transport: str = "grpc_asyncio", request_type=service.UpdateAttestorRequest
+):
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ resources.Attestor(name="name_value", description="description_value",)
+ )
+ response = await client.update_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.UpdateAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Attestor)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+
+
+@pytest.mark.asyncio
+async def test_update_attestor_async_from_dict():
+ await test_update_attestor_async(request_type=dict)
+
+
+def test_update_attestor_field_headers():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.UpdateAttestorRequest()
+
+ request.attestor.name = "attestor.name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_attestor), "__call__") as call:
+ call.return_value = resources.Attestor()
+ client.update_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "attestor.name=attestor.name/value",) in kw[
+ "metadata"
+ ]
+
+
+@pytest.mark.asyncio
+async def test_update_attestor_field_headers_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.UpdateAttestorRequest()
+
+ request.attestor.name = "attestor.name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_attestor), "__call__") as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor())
+ await client.update_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "attestor.name=attestor.name/value",) in kw[
+ "metadata"
+ ]
+
+
+def test_update_attestor_flattened():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor()
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.update_attestor(attestor=resources.Attestor(name="name_value"),)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].attestor == resources.Attestor(name="name_value")
+
+
+def test_update_attestor_flattened_error():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.update_attestor(
+ service.UpdateAttestorRequest(),
+ attestor=resources.Attestor(name="name_value"),
+ )
+
+
+@pytest.mark.asyncio
+async def test_update_attestor_flattened_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.update_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Attestor()
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor())
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.update_attestor(
+ attestor=resources.Attestor(name="name_value"),
+ )
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].attestor == resources.Attestor(name="name_value")
+
+
+@pytest.mark.asyncio
+async def test_update_attestor_flattened_error_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.update_attestor(
+ service.UpdateAttestorRequest(),
+ attestor=resources.Attestor(name="name_value"),
+ )
+
+
+def test_list_attestors(
+ transport: str = "grpc", request_type=service.ListAttestorsRequest
+):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = service.ListAttestorsResponse(
+ next_page_token="next_page_token_value",
+ )
+ response = client.list_attestors(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.ListAttestorsRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, pagers.ListAttestorsPager)
+ assert response.next_page_token == "next_page_token_value"
+
+
+def test_list_attestors_from_dict():
+ test_list_attestors(request_type=dict)
+
+
+def test_list_attestors_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ client.list_attestors()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.ListAttestorsRequest()
+
+
+@pytest.mark.asyncio
+async def test_list_attestors_async(
+ transport: str = "grpc_asyncio", request_type=service.ListAttestorsRequest
+):
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ service.ListAttestorsResponse(next_page_token="next_page_token_value",)
+ )
+ response = await client.list_attestors(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.ListAttestorsRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, pagers.ListAttestorsAsyncPager)
+ assert response.next_page_token == "next_page_token_value"
+
+
+@pytest.mark.asyncio
+async def test_list_attestors_async_from_dict():
+ await test_list_attestors_async(request_type=dict)
+
+
+def test_list_attestors_field_headers():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.ListAttestorsRequest()
+
+ request.parent = "parent/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ call.return_value = service.ListAttestorsResponse()
+ client.list_attestors(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_list_attestors_field_headers_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.ListAttestorsRequest()
+
+ request.parent = "parent/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ service.ListAttestorsResponse()
+ )
+ await client.list_attestors(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"]
+
+
+def test_list_attestors_flattened():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = service.ListAttestorsResponse()
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.list_attestors(parent="parent_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].parent == "parent_value"
+
+
+def test_list_attestors_flattened_error():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.list_attestors(
+ service.ListAttestorsRequest(), parent="parent_value",
+ )
+
+
+@pytest.mark.asyncio
+async def test_list_attestors_flattened_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = service.ListAttestorsResponse()
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ service.ListAttestorsResponse()
+ )
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.list_attestors(parent="parent_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].parent == "parent_value"
+
+
+@pytest.mark.asyncio
+async def test_list_attestors_flattened_error_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.list_attestors(
+ service.ListAttestorsRequest(), parent="parent_value",
+ )
+
+
+def test_list_attestors_pager():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials,
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ # Set the response to a series of pages.
+ call.side_effect = (
+ service.ListAttestorsResponse(
+ attestors=[
+ resources.Attestor(),
+ resources.Attestor(),
+ resources.Attestor(),
+ ],
+ next_page_token="abc",
+ ),
+ service.ListAttestorsResponse(attestors=[], next_page_token="def",),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(),], next_page_token="ghi",
+ ),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(), resources.Attestor(),],
+ ),
+ RuntimeError,
+ )
+
+ metadata = ()
+ metadata = tuple(metadata) + (
+ gapic_v1.routing_header.to_grpc_metadata((("parent", ""),)),
+ )
+ pager = client.list_attestors(request={})
+
+ assert pager._metadata == metadata
+
+ results = [i for i in pager]
+ assert len(results) == 6
+ assert all(isinstance(i, resources.Attestor) for i in results)
+
+
+def test_list_attestors_pages():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials,
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.list_attestors), "__call__") as call:
+ # Set the response to a series of pages.
+ call.side_effect = (
+ service.ListAttestorsResponse(
+ attestors=[
+ resources.Attestor(),
+ resources.Attestor(),
+ resources.Attestor(),
+ ],
+ next_page_token="abc",
+ ),
+ service.ListAttestorsResponse(attestors=[], next_page_token="def",),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(),], next_page_token="ghi",
+ ),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(), resources.Attestor(),],
+ ),
+ RuntimeError,
+ )
+ pages = list(client.list_attestors(request={}).pages)
+ for page_, token in zip(pages, ["abc", "def", "ghi", ""]):
+ assert page_.raw_page.next_page_token == token
+
+
+@pytest.mark.asyncio
+async def test_list_attestors_async_pager():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials,
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.list_attestors), "__call__", new_callable=mock.AsyncMock
+ ) as call:
+ # Set the response to a series of pages.
+ call.side_effect = (
+ service.ListAttestorsResponse(
+ attestors=[
+ resources.Attestor(),
+ resources.Attestor(),
+ resources.Attestor(),
+ ],
+ next_page_token="abc",
+ ),
+ service.ListAttestorsResponse(attestors=[], next_page_token="def",),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(),], next_page_token="ghi",
+ ),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(), resources.Attestor(),],
+ ),
+ RuntimeError,
+ )
+ async_pager = await client.list_attestors(request={},)
+ assert async_pager.next_page_token == "abc"
+ responses = []
+ async for response in async_pager:
+ responses.append(response)
+
+ assert len(responses) == 6
+ assert all(isinstance(i, resources.Attestor) for i in responses)
+
+
+@pytest.mark.asyncio
+async def test_list_attestors_async_pages():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials,
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.list_attestors), "__call__", new_callable=mock.AsyncMock
+ ) as call:
+ # Set the response to a series of pages.
+ call.side_effect = (
+ service.ListAttestorsResponse(
+ attestors=[
+ resources.Attestor(),
+ resources.Attestor(),
+ resources.Attestor(),
+ ],
+ next_page_token="abc",
+ ),
+ service.ListAttestorsResponse(attestors=[], next_page_token="def",),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(),], next_page_token="ghi",
+ ),
+ service.ListAttestorsResponse(
+ attestors=[resources.Attestor(), resources.Attestor(),],
+ ),
+ RuntimeError,
+ )
+ pages = []
+ async for page_ in (await client.list_attestors(request={})).pages:
+ pages.append(page_)
+ for page_, token in zip(pages, ["abc", "def", "ghi", ""]):
+ assert page_.raw_page.next_page_token == token
+
+
+def test_delete_attestor(
+ transport: str = "grpc", request_type=service.DeleteAttestorRequest
+):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = None
+ response = client.delete_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.DeleteAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert response is None
+
+
+def test_delete_attestor_from_dict():
+ test_delete_attestor(request_type=dict)
+
+
+def test_delete_attestor_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call:
+ client.delete_attestor()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.DeleteAttestorRequest()
+
+
+@pytest.mark.asyncio
+async def test_delete_attestor_async(
+ transport: str = "grpc_asyncio", request_type=service.DeleteAttestorRequest
+):
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None)
+ response = await client.delete_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.DeleteAttestorRequest()
+
+ # Establish that the response is the type that we expect.
+ assert response is None
+
+
+@pytest.mark.asyncio
+async def test_delete_attestor_async_from_dict():
+ await test_delete_attestor_async(request_type=dict)
+
+
+def test_delete_attestor_field_headers():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.DeleteAttestorRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call:
+ call.return_value = None
+ client.delete_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_delete_attestor_field_headers_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.DeleteAttestorRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None)
+ await client.delete_attestor(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+def test_delete_attestor_flattened():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = None
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.delete_attestor(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+def test_delete_attestor_flattened_error():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.delete_attestor(
+ service.DeleteAttestorRequest(), name="name_value",
+ )
+
+
+@pytest.mark.asyncio
+async def test_delete_attestor_flattened_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = None
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None)
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.delete_attestor(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+@pytest.mark.asyncio
+async def test_delete_attestor_flattened_error_async():
+ client = BinauthzManagementServiceV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.delete_attestor(
+ service.DeleteAttestorRequest(), name="name_value",
+ )
+
+
+def test_credentials_transport_error():
+ # It is an error to provide credentials and a transport instance.
+ transport = transports.BinauthzManagementServiceV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # It is an error to provide a credentials file and a transport instance.
+ transport = transports.BinauthzManagementServiceV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = BinauthzManagementServiceV1Client(
+ client_options={"credentials_file": "credentials.json"},
+ transport=transport,
+ )
+
+ # It is an error to provide scopes and a transport instance.
+ transport = transports.BinauthzManagementServiceV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = BinauthzManagementServiceV1Client(
+ client_options={"scopes": ["1", "2"]}, transport=transport,
+ )
+
+
+def test_transport_instance():
+ # A client may be instantiated with a custom transport instance.
+ transport = transports.BinauthzManagementServiceV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ client = BinauthzManagementServiceV1Client(transport=transport)
+ assert client.transport is transport
+
+
+def test_transport_get_channel():
+ # A client may be instantiated with a custom transport instance.
+ transport = transports.BinauthzManagementServiceV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ channel = transport.grpc_channel
+ assert channel
+
+ transport = transports.BinauthzManagementServiceV1GrpcAsyncIOTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ channel = transport.grpc_channel
+ assert channel
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ ],
+)
+def test_transport_adc(transport_class):
+ # Test default credentials are used if not provided.
+ with mock.patch.object(google.auth, "default") as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class()
+ adc.assert_called_once()
+
+
+def test_transport_grpc_default():
+ # A client should use the gRPC transport by default.
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ assert isinstance(
+ client.transport, transports.BinauthzManagementServiceV1GrpcTransport,
+ )
+
+
+def test_binauthz_management_service_v1_base_transport_error():
+ # Passing both a credentials object and credentials_file should raise an error
+ with pytest.raises(core_exceptions.DuplicateCredentialArgs):
+ transport = transports.BinauthzManagementServiceV1Transport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ credentials_file="credentials.json",
+ )
+
+
+def test_binauthz_management_service_v1_base_transport():
+ # Instantiate the base transport.
+ with mock.patch(
+ "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport.__init__"
+ ) as Transport:
+ Transport.return_value = None
+ transport = transports.BinauthzManagementServiceV1Transport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Every method on the transport should just blindly
+ # raise NotImplementedError.
+ methods = (
+ "get_policy",
+ "update_policy",
+ "create_attestor",
+ "get_attestor",
+ "update_attestor",
+ "list_attestors",
+ "delete_attestor",
+ )
+ for method in methods:
+ with pytest.raises(NotImplementedError):
+ getattr(transport, method)(request=object())
+
+
+@requires_google_auth_gte_1_25_0
+def test_binauthz_management_service_v1_base_transport_with_credentials_file():
+ # Instantiate the base transport with a credentials file
+ with mock.patch.object(
+ google.auth, "load_credentials_from_file", autospec=True
+ ) as load_creds, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.BinauthzManagementServiceV1Transport(
+ credentials_file="credentials.json", quota_project_id="octopus",
+ )
+ load_creds.assert_called_once_with(
+ "credentials.json",
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_binauthz_management_service_v1_base_transport_with_credentials_file_old_google_auth():
+ # Instantiate the base transport with a credentials file
+ with mock.patch.object(
+ google.auth, "load_credentials_from_file", autospec=True
+ ) as load_creds, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.BinauthzManagementServiceV1Transport(
+ credentials_file="credentials.json", quota_project_id="octopus",
+ )
+ load_creds.assert_called_once_with(
+ "credentials.json",
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+def test_binauthz_management_service_v1_base_transport_with_adc():
+ # Test the default credentials are used if credentials and credentials_file are None.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.BinauthzManagementServiceV1Transport()
+ adc.assert_called_once()
+
+
+@requires_google_auth_gte_1_25_0
+def test_binauthz_management_service_v1_auth_adc():
+ # If no credentials are provided, we should use ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ BinauthzManagementServiceV1Client()
+ adc.assert_called_once_with(
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id=None,
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_binauthz_management_service_v1_auth_adc_old_google_auth():
+ # If no credentials are provided, we should use ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ BinauthzManagementServiceV1Client()
+ adc.assert_called_once_with(
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id=None,
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_gte_1_25_0
+def test_binauthz_management_service_v1_transport_auth_adc(transport_class):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+ adc.assert_called_once_with(
+ scopes=["1", "2"],
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_lt_1_25_0
+def test_binauthz_management_service_v1_transport_auth_adc_old_google_auth(
+ transport_class,
+):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus")
+ adc.assert_called_once_with(
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class,grpc_helpers",
+ [
+ (transports.BinauthzManagementServiceV1GrpcTransport, grpc_helpers),
+ (
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ grpc_helpers_async,
+ ),
+ ],
+)
+def test_binauthz_management_service_v1_transport_create_channel(
+ transport_class, grpc_helpers
+):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(
+ google.auth, "default", autospec=True
+ ) as adc, mock.patch.object(
+ grpc_helpers, "create_channel", autospec=True
+ ) as create_channel:
+ creds = ga_credentials.AnonymousCredentials()
+ adc.return_value = (creds, None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+
+ create_channel.assert_called_with(
+ "binaryauthorization.googleapis.com:443",
+ credentials=creds,
+ credentials_file=None,
+ quota_project_id="octopus",
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=["1", "2"],
+ default_host="binaryauthorization.googleapis.com",
+ ssl_credentials=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ ],
+)
+def test_binauthz_management_service_v1_grpc_transport_client_cert_source_for_mtls(
+ transport_class,
+):
+ cred = ga_credentials.AnonymousCredentials()
+
+ # Check ssl_channel_credentials is used if provided.
+ with mock.patch.object(transport_class, "create_channel") as mock_create_channel:
+ mock_ssl_channel_creds = mock.Mock()
+ transport_class(
+ host="squid.clam.whelk",
+ credentials=cred,
+ ssl_channel_credentials=mock_ssl_channel_creds,
+ )
+ mock_create_channel.assert_called_once_with(
+ "squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_channel_creds,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls
+ # is used.
+ with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()):
+ with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred:
+ transport_class(
+ credentials=cred,
+ client_cert_source_for_mtls=client_cert_source_callback,
+ )
+ expected_cert, expected_key = client_cert_source_callback()
+ mock_ssl_cred.assert_called_once_with(
+ certificate_chain=expected_cert, private_key=expected_key
+ )
+
+
+def test_binauthz_management_service_v1_host_no_port():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ client_options=client_options.ClientOptions(
+ api_endpoint="binaryauthorization.googleapis.com"
+ ),
+ )
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+def test_binauthz_management_service_v1_host_with_port():
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ client_options=client_options.ClientOptions(
+ api_endpoint="binaryauthorization.googleapis.com:8000"
+ ),
+ )
+ assert client.transport._host == "binaryauthorization.googleapis.com:8000"
+
+
+def test_binauthz_management_service_v1_grpc_transport_channel():
+ channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials())
+
+ # Check that channel is used if provided.
+ transport = transports.BinauthzManagementServiceV1GrpcTransport(
+ host="squid.clam.whelk", channel=channel,
+ )
+ assert transport.grpc_channel == channel
+ assert transport._host == "squid.clam.whelk:443"
+ assert transport._ssl_channel_credentials == None
+
+
+def test_binauthz_management_service_v1_grpc_asyncio_transport_channel():
+ channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
+
+ # Check that channel is used if provided.
+ transport = transports.BinauthzManagementServiceV1GrpcAsyncIOTransport(
+ host="squid.clam.whelk", channel=channel,
+ )
+ assert transport.grpc_channel == channel
+ assert transport._host == "squid.clam.whelk:443"
+ assert transport._ssl_channel_credentials == None
+
+
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ ],
+)
+def test_binauthz_management_service_v1_transport_channel_mtls_with_client_cert_source(
+ transport_class,
+):
+ with mock.patch(
+ "grpc.ssl_channel_credentials", autospec=True
+ ) as grpc_ssl_channel_cred:
+ with mock.patch.object(
+ transport_class, "create_channel"
+ ) as grpc_create_channel:
+ mock_ssl_cred = mock.Mock()
+ grpc_ssl_channel_cred.return_value = mock_ssl_cred
+
+ mock_grpc_channel = mock.Mock()
+ grpc_create_channel.return_value = mock_grpc_channel
+
+ cred = ga_credentials.AnonymousCredentials()
+ with pytest.warns(DeprecationWarning):
+ with mock.patch.object(google.auth, "default") as adc:
+ adc.return_value = (cred, None)
+ transport = transport_class(
+ host="squid.clam.whelk",
+ api_mtls_endpoint="mtls.squid.clam.whelk",
+ client_cert_source=client_cert_source_callback,
+ )
+ adc.assert_called_once()
+
+ grpc_ssl_channel_cred.assert_called_once_with(
+ certificate_chain=b"cert bytes", private_key=b"key bytes"
+ )
+ grpc_create_channel.assert_called_once_with(
+ "mtls.squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_cred,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+ assert transport.grpc_channel == mock_grpc_channel
+ assert transport._ssl_channel_credentials == mock_ssl_cred
+
+
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.BinauthzManagementServiceV1GrpcTransport,
+ transports.BinauthzManagementServiceV1GrpcAsyncIOTransport,
+ ],
+)
+def test_binauthz_management_service_v1_transport_channel_mtls_with_adc(
+ transport_class,
+):
+ mock_ssl_cred = mock.Mock()
+ with mock.patch.multiple(
+ "google.auth.transport.grpc.SslCredentials",
+ __init__=mock.Mock(return_value=None),
+ ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred),
+ ):
+ with mock.patch.object(
+ transport_class, "create_channel"
+ ) as grpc_create_channel:
+ mock_grpc_channel = mock.Mock()
+ grpc_create_channel.return_value = mock_grpc_channel
+ mock_cred = mock.Mock()
+
+ with pytest.warns(DeprecationWarning):
+ transport = transport_class(
+ host="squid.clam.whelk",
+ credentials=mock_cred,
+ api_mtls_endpoint="mtls.squid.clam.whelk",
+ client_cert_source=None,
+ )
+
+ grpc_create_channel.assert_called_once_with(
+ "mtls.squid.clam.whelk:443",
+ credentials=mock_cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_cred,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+ assert transport.grpc_channel == mock_grpc_channel
+
+
+def test_attestor_path():
+ project = "squid"
+ attestor = "clam"
+ expected = "projects/{project}/attestors/{attestor}".format(
+ project=project, attestor=attestor,
+ )
+ actual = BinauthzManagementServiceV1Client.attestor_path(project, attestor)
+ assert expected == actual
+
+
+def test_parse_attestor_path():
+ expected = {
+ "project": "whelk",
+ "attestor": "octopus",
+ }
+ path = BinauthzManagementServiceV1Client.attestor_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = BinauthzManagementServiceV1Client.parse_attestor_path(path)
+ assert expected == actual
+
+
+def test_policy_path():
+ project = "oyster"
+ expected = "projects/{project}/policy".format(project=project,)
+ actual = BinauthzManagementServiceV1Client.policy_path(project)
+ assert expected == actual
+
+
+def test_parse_policy_path():
+ expected = {
+ "project": "nudibranch",
+ }
+ path = BinauthzManagementServiceV1Client.policy_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = BinauthzManagementServiceV1Client.parse_policy_path(path)
+ assert expected == actual
+
+
+def test_common_billing_account_path():
+ billing_account = "cuttlefish"
+ expected = "billingAccounts/{billing_account}".format(
+ billing_account=billing_account,
+ )
+ actual = BinauthzManagementServiceV1Client.common_billing_account_path(
+ billing_account
+ )
+ assert expected == actual
+
+
+def test_parse_common_billing_account_path():
+ expected = {
+ "billing_account": "mussel",
+ }
+ path = BinauthzManagementServiceV1Client.common_billing_account_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = BinauthzManagementServiceV1Client.parse_common_billing_account_path(path)
+ assert expected == actual
+
+
+def test_common_folder_path():
+ folder = "winkle"
+ expected = "folders/{folder}".format(folder=folder,)
+ actual = BinauthzManagementServiceV1Client.common_folder_path(folder)
+ assert expected == actual
+
+
+def test_parse_common_folder_path():
+ expected = {
+ "folder": "nautilus",
+ }
+ path = BinauthzManagementServiceV1Client.common_folder_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = BinauthzManagementServiceV1Client.parse_common_folder_path(path)
+ assert expected == actual
+
+
+def test_common_organization_path():
+ organization = "scallop"
+ expected = "organizations/{organization}".format(organization=organization,)
+ actual = BinauthzManagementServiceV1Client.common_organization_path(organization)
+ assert expected == actual
+
+
+def test_parse_common_organization_path():
+ expected = {
+ "organization": "abalone",
+ }
+ path = BinauthzManagementServiceV1Client.common_organization_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = BinauthzManagementServiceV1Client.parse_common_organization_path(path)
+ assert expected == actual
+
+
+def test_common_project_path():
+ project = "squid"
+ expected = "projects/{project}".format(project=project,)
+ actual = BinauthzManagementServiceV1Client.common_project_path(project)
+ assert expected == actual
+
+
+def test_parse_common_project_path():
+ expected = {
+ "project": "clam",
+ }
+ path = BinauthzManagementServiceV1Client.common_project_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = BinauthzManagementServiceV1Client.parse_common_project_path(path)
+ assert expected == actual
+
+
+def test_common_location_path():
+ project = "whelk"
+ location = "octopus"
+ expected = "projects/{project}/locations/{location}".format(
+ project=project, location=location,
+ )
+ actual = BinauthzManagementServiceV1Client.common_location_path(project, location)
+ assert expected == actual
+
+
+def test_parse_common_location_path():
+ expected = {
+ "project": "oyster",
+ "location": "nudibranch",
+ }
+ path = BinauthzManagementServiceV1Client.common_location_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = BinauthzManagementServiceV1Client.parse_common_location_path(path)
+ assert expected == actual
+
+
+def test_client_withDEFAULT_CLIENT_INFO():
+ client_info = gapic_v1.client_info.ClientInfo()
+
+ with mock.patch.object(
+ transports.BinauthzManagementServiceV1Transport, "_prep_wrapped_messages"
+ ) as prep:
+ client = BinauthzManagementServiceV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
+ )
+ prep.assert_called_once_with(client_info)
+
+ with mock.patch.object(
+ transports.BinauthzManagementServiceV1Transport, "_prep_wrapped_messages"
+ ) as prep:
+ transport_class = BinauthzManagementServiceV1Client.get_transport_class()
+ transport = transport_class(
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
+ )
+ prep.assert_called_once_with(client_info)
diff --git a/tests/unit/gapic/binaryauthorization_v1/test_system_policy_v1.py b/tests/unit/gapic/binaryauthorization_v1/test_system_policy_v1.py
new file mode 100644
index 0000000..546b2a7
--- /dev/null
+++ b/tests/unit/gapic/binaryauthorization_v1/test_system_policy_v1.py
@@ -0,0 +1,1308 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import os
+import mock
+import packaging.version
+
+import grpc
+from grpc.experimental import aio
+import math
+import pytest
+from proto.marshal.rules.dates import DurationRule, TimestampRule
+
+
+from google.api_core import client_options
+from google.api_core import exceptions as core_exceptions
+from google.api_core import gapic_v1
+from google.api_core import grpc_helpers
+from google.api_core import grpc_helpers_async
+from google.auth import credentials as ga_credentials
+from google.auth.exceptions import MutualTLSChannelError
+from google.cloud.binaryauthorization_v1.services.system_policy_v1 import (
+ SystemPolicyV1AsyncClient,
+)
+from google.cloud.binaryauthorization_v1.services.system_policy_v1 import (
+ SystemPolicyV1Client,
+)
+from google.cloud.binaryauthorization_v1.services.system_policy_v1 import transports
+from google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.base import (
+ _GOOGLE_AUTH_VERSION,
+)
+from google.cloud.binaryauthorization_v1.types import resources
+from google.cloud.binaryauthorization_v1.types import service
+from google.oauth2 import service_account
+from google.protobuf import timestamp_pb2 # type: ignore
+import google.auth
+
+
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
+# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
+requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth < 1.25.0",
+)
+requires_google_auth_gte_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth >= 1.25.0",
+)
+
+
+def client_cert_source_callback():
+ return b"cert bytes", b"key bytes"
+
+
+# If default endpoint is localhost, then default mtls endpoint will be the same.
+# This method modifies the default endpoint so the client can produce a different
+# mtls endpoint for endpoint testing purposes.
+def modify_default_endpoint(client):
+ return (
+ "foo.googleapis.com"
+ if ("localhost" in client.DEFAULT_ENDPOINT)
+ else client.DEFAULT_ENDPOINT
+ )
+
+
+def test__get_default_mtls_endpoint():
+ api_endpoint = "example.googleapis.com"
+ api_mtls_endpoint = "example.mtls.googleapis.com"
+ sandbox_endpoint = "example.sandbox.googleapis.com"
+ sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com"
+ non_googleapi = "api.example.com"
+
+ assert SystemPolicyV1Client._get_default_mtls_endpoint(None) is None
+ assert (
+ SystemPolicyV1Client._get_default_mtls_endpoint(api_endpoint)
+ == api_mtls_endpoint
+ )
+ assert (
+ SystemPolicyV1Client._get_default_mtls_endpoint(api_mtls_endpoint)
+ == api_mtls_endpoint
+ )
+ assert (
+ SystemPolicyV1Client._get_default_mtls_endpoint(sandbox_endpoint)
+ == sandbox_mtls_endpoint
+ )
+ assert (
+ SystemPolicyV1Client._get_default_mtls_endpoint(sandbox_mtls_endpoint)
+ == sandbox_mtls_endpoint
+ )
+ assert (
+ SystemPolicyV1Client._get_default_mtls_endpoint(non_googleapi) == non_googleapi
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class", [SystemPolicyV1Client, SystemPolicyV1AsyncClient,]
+)
+def test_system_policy_v1_client_from_service_account_info(client_class):
+ creds = ga_credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_info"
+ ) as factory:
+ factory.return_value = creds
+ info = {"valid": True}
+ client = client_class.from_service_account_info(info)
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.SystemPolicyV1GrpcTransport, "grpc"),
+ (transports.SystemPolicyV1GrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_system_policy_v1_client_service_account_always_use_jwt(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=False)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "client_class", [SystemPolicyV1Client, SystemPolicyV1AsyncClient,]
+)
+def test_system_policy_v1_client_from_service_account_file(client_class):
+ creds = ga_credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_file"
+ ) as factory:
+ factory.return_value = creds
+ client = client_class.from_service_account_file("dummy/file/path.json")
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ client = client_class.from_service_account_json("dummy/file/path.json")
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+def test_system_policy_v1_client_get_transport_class():
+ transport = SystemPolicyV1Client.get_transport_class()
+ available_transports = [
+ transports.SystemPolicyV1GrpcTransport,
+ ]
+ assert transport in available_transports
+
+ transport = SystemPolicyV1Client.get_transport_class("grpc")
+ assert transport == transports.SystemPolicyV1GrpcTransport
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc"),
+ (
+ SystemPolicyV1AsyncClient,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+@mock.patch.object(
+ SystemPolicyV1Client,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(SystemPolicyV1Client),
+)
+@mock.patch.object(
+ SystemPolicyV1AsyncClient,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(SystemPolicyV1AsyncClient),
+)
+def test_system_policy_v1_client_client_options(
+ client_class, transport_class, transport_name
+):
+ # Check that if channel is provided we won't create a new one.
+ with mock.patch.object(SystemPolicyV1Client, "get_transport_class") as gtc:
+ transport = transport_class(credentials=ga_credentials.AnonymousCredentials())
+ client = client_class(transport=transport)
+ gtc.assert_not_called()
+
+ # Check that if channel is provided via str we will create a new one.
+ with mock.patch.object(SystemPolicyV1Client, "get_transport_class") as gtc:
+ client = client_class(transport=transport_name)
+ gtc.assert_called()
+
+ # Check the case api_endpoint is provided.
+ options = client_options.ClientOptions(api_endpoint="squid.clam.whelk")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host="squid.clam.whelk",
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
+ # "never".
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
+ # "always".
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_MTLS_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
+ # unsupported value.
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}):
+ with pytest.raises(MutualTLSChannelError):
+ client = client_class()
+
+ # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
+ ):
+ with pytest.raises(ValueError):
+ client = client_class()
+
+ # Check the case quota_project_id is provided
+ options = client_options.ClientOptions(quota_project_id="octopus")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id="octopus",
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name,use_client_cert_env",
+ [
+ (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc", "true"),
+ (
+ SystemPolicyV1AsyncClient,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ "true",
+ ),
+ (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc", "false"),
+ (
+ SystemPolicyV1AsyncClient,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ "false",
+ ),
+ ],
+)
+@mock.patch.object(
+ SystemPolicyV1Client,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(SystemPolicyV1Client),
+)
+@mock.patch.object(
+ SystemPolicyV1AsyncClient,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(SystemPolicyV1AsyncClient),
+)
+@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"})
+def test_system_policy_v1_client_mtls_env_auto(
+ client_class, transport_class, transport_name, use_client_cert_env
+):
+ # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default
+ # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists.
+
+ # Check the case client_cert_source is provided. Whether client cert is used depends on
+ # GOOGLE_API_USE_CLIENT_CERTIFICATE value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ options = client_options.ClientOptions(
+ client_cert_source=client_cert_source_callback
+ )
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+
+ if use_client_cert_env == "false":
+ expected_client_cert_source = None
+ expected_host = client.DEFAULT_ENDPOINT
+ else:
+ expected_client_cert_source = client_cert_source_callback
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case ADC client cert is provided. Whether client cert is used depends on
+ # GOOGLE_API_USE_CLIENT_CERTIFICATE value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=True,
+ ):
+ with mock.patch(
+ "google.auth.transport.mtls.default_client_cert_source",
+ return_value=client_cert_source_callback,
+ ):
+ if use_client_cert_env == "false":
+ expected_host = client.DEFAULT_ENDPOINT
+ expected_client_cert_source = None
+ else:
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+ expected_client_cert_source = client_cert_source_callback
+
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case client_cert_source and ADC client cert are not provided.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=False,
+ ):
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc"),
+ (
+ SystemPolicyV1AsyncClient,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+def test_system_policy_v1_client_client_options_scopes(
+ client_class, transport_class, transport_name
+):
+ # Check the case scopes are provided.
+ options = client_options.ClientOptions(scopes=["1", "2"],)
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=["1", "2"],
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc"),
+ (
+ SystemPolicyV1AsyncClient,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+def test_system_policy_v1_client_client_options_credentials_file(
+ client_class, transport_class, transport_name
+):
+ # Check the case credentials file is provided.
+ options = client_options.ClientOptions(credentials_file="credentials.json")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file="credentials.json",
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+def test_system_policy_v1_client_client_options_from_dict():
+ with mock.patch(
+ "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1GrpcTransport.__init__"
+ ) as grpc_transport:
+ grpc_transport.return_value = None
+ client = SystemPolicyV1Client(
+ client_options={"api_endpoint": "squid.clam.whelk"}
+ )
+ grpc_transport.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host="squid.clam.whelk",
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+def test_get_system_policy(
+ transport: str = "grpc", request_type=service.GetSystemPolicyRequest
+):
+ client = SystemPolicyV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_system_policy), "__call__"
+ ) as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy(
+ name="name_value",
+ description="description_value",
+ global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE,
+ )
+ response = client.get_system_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetSystemPolicyRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Policy)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+ assert (
+ response.global_policy_evaluation_mode
+ == resources.Policy.GlobalPolicyEvaluationMode.ENABLE
+ )
+
+
+def test_get_system_policy_from_dict():
+ test_get_system_policy(request_type=dict)
+
+
+def test_get_system_policy_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = SystemPolicyV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_system_policy), "__call__"
+ ) as call:
+ client.get_system_policy()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetSystemPolicyRequest()
+
+
+@pytest.mark.asyncio
+async def test_get_system_policy_async(
+ transport: str = "grpc_asyncio", request_type=service.GetSystemPolicyRequest
+):
+ client = SystemPolicyV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_system_policy), "__call__"
+ ) as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ resources.Policy(
+ name="name_value",
+ description="description_value",
+ global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE,
+ )
+ )
+ response = await client.get_system_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.GetSystemPolicyRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, resources.Policy)
+ assert response.name == "name_value"
+ assert response.description == "description_value"
+ assert (
+ response.global_policy_evaluation_mode
+ == resources.Policy.GlobalPolicyEvaluationMode.ENABLE
+ )
+
+
+@pytest.mark.asyncio
+async def test_get_system_policy_async_from_dict():
+ await test_get_system_policy_async(request_type=dict)
+
+
+def test_get_system_policy_field_headers():
+ client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),)
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.GetSystemPolicyRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_system_policy), "__call__"
+ ) as call:
+ call.return_value = resources.Policy()
+ client.get_system_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_get_system_policy_field_headers_async():
+ client = SystemPolicyV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.GetSystemPolicyRequest()
+
+ request.name = "name/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_system_policy), "__call__"
+ ) as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy())
+ await client.get_system_policy(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "name=name/value",) in kw["metadata"]
+
+
+def test_get_system_policy_flattened():
+ client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),)
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_system_policy), "__call__"
+ ) as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy()
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ client.get_system_policy(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+def test_get_system_policy_flattened_error():
+ client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),)
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ client.get_system_policy(
+ service.GetSystemPolicyRequest(), name="name_value",
+ )
+
+
+@pytest.mark.asyncio
+async def test_get_system_policy_flattened_async():
+ client = SystemPolicyV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.get_system_policy), "__call__"
+ ) as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = resources.Policy()
+
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy())
+ # Call the method with a truthy value for each flattened field,
+ # using the keyword arguments to the method.
+ response = await client.get_system_policy(name="name_value",)
+
+ # Establish that the underlying call was made with the expected
+ # request object values.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0].name == "name_value"
+
+
+@pytest.mark.asyncio
+async def test_get_system_policy_flattened_error_async():
+ client = SystemPolicyV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Attempting to call a method with both a request object and flattened
+ # fields is an error.
+ with pytest.raises(ValueError):
+ await client.get_system_policy(
+ service.GetSystemPolicyRequest(), name="name_value",
+ )
+
+
+def test_credentials_transport_error():
+ # It is an error to provide credentials and a transport instance.
+ transport = transports.SystemPolicyV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = SystemPolicyV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # It is an error to provide a credentials file and a transport instance.
+ transport = transports.SystemPolicyV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = SystemPolicyV1Client(
+ client_options={"credentials_file": "credentials.json"},
+ transport=transport,
+ )
+
+ # It is an error to provide scopes and a transport instance.
+ transport = transports.SystemPolicyV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = SystemPolicyV1Client(
+ client_options={"scopes": ["1", "2"]}, transport=transport,
+ )
+
+
+def test_transport_instance():
+ # A client may be instantiated with a custom transport instance.
+ transport = transports.SystemPolicyV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ client = SystemPolicyV1Client(transport=transport)
+ assert client.transport is transport
+
+
+def test_transport_get_channel():
+ # A client may be instantiated with a custom transport instance.
+ transport = transports.SystemPolicyV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ channel = transport.grpc_channel
+ assert channel
+
+ transport = transports.SystemPolicyV1GrpcAsyncIOTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ channel = transport.grpc_channel
+ assert channel
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SystemPolicyV1GrpcTransport,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ ],
+)
+def test_transport_adc(transport_class):
+ # Test default credentials are used if not provided.
+ with mock.patch.object(google.auth, "default") as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class()
+ adc.assert_called_once()
+
+
+def test_transport_grpc_default():
+ # A client should use the gRPC transport by default.
+ client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),)
+ assert isinstance(client.transport, transports.SystemPolicyV1GrpcTransport,)
+
+
+def test_system_policy_v1_base_transport_error():
+ # Passing both a credentials object and credentials_file should raise an error
+ with pytest.raises(core_exceptions.DuplicateCredentialArgs):
+ transport = transports.SystemPolicyV1Transport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ credentials_file="credentials.json",
+ )
+
+
+def test_system_policy_v1_base_transport():
+ # Instantiate the base transport.
+ with mock.patch(
+ "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport.__init__"
+ ) as Transport:
+ Transport.return_value = None
+ transport = transports.SystemPolicyV1Transport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Every method on the transport should just blindly
+ # raise NotImplementedError.
+ methods = ("get_system_policy",)
+ for method in methods:
+ with pytest.raises(NotImplementedError):
+ getattr(transport, method)(request=object())
+
+
+@requires_google_auth_gte_1_25_0
+def test_system_policy_v1_base_transport_with_credentials_file():
+ # Instantiate the base transport with a credentials file
+ with mock.patch.object(
+ google.auth, "load_credentials_from_file", autospec=True
+ ) as load_creds, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.SystemPolicyV1Transport(
+ credentials_file="credentials.json", quota_project_id="octopus",
+ )
+ load_creds.assert_called_once_with(
+ "credentials.json",
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_system_policy_v1_base_transport_with_credentials_file_old_google_auth():
+ # Instantiate the base transport with a credentials file
+ with mock.patch.object(
+ google.auth, "load_credentials_from_file", autospec=True
+ ) as load_creds, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.SystemPolicyV1Transport(
+ credentials_file="credentials.json", quota_project_id="octopus",
+ )
+ load_creds.assert_called_once_with(
+ "credentials.json",
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+def test_system_policy_v1_base_transport_with_adc():
+ # Test the default credentials are used if credentials and credentials_file are None.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.SystemPolicyV1Transport()
+ adc.assert_called_once()
+
+
+@requires_google_auth_gte_1_25_0
+def test_system_policy_v1_auth_adc():
+ # If no credentials are provided, we should use ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ SystemPolicyV1Client()
+ adc.assert_called_once_with(
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id=None,
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_system_policy_v1_auth_adc_old_google_auth():
+ # If no credentials are provided, we should use ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ SystemPolicyV1Client()
+ adc.assert_called_once_with(
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id=None,
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SystemPolicyV1GrpcTransport,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_gte_1_25_0
+def test_system_policy_v1_transport_auth_adc(transport_class):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+ adc.assert_called_once_with(
+ scopes=["1", "2"],
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SystemPolicyV1GrpcTransport,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_lt_1_25_0
+def test_system_policy_v1_transport_auth_adc_old_google_auth(transport_class):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus")
+ adc.assert_called_once_with(
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class,grpc_helpers",
+ [
+ (transports.SystemPolicyV1GrpcTransport, grpc_helpers),
+ (transports.SystemPolicyV1GrpcAsyncIOTransport, grpc_helpers_async),
+ ],
+)
+def test_system_policy_v1_transport_create_channel(transport_class, grpc_helpers):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(
+ google.auth, "default", autospec=True
+ ) as adc, mock.patch.object(
+ grpc_helpers, "create_channel", autospec=True
+ ) as create_channel:
+ creds = ga_credentials.AnonymousCredentials()
+ adc.return_value = (creds, None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+
+ create_channel.assert_called_with(
+ "binaryauthorization.googleapis.com:443",
+ credentials=creds,
+ credentials_file=None,
+ quota_project_id="octopus",
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=["1", "2"],
+ default_host="binaryauthorization.googleapis.com",
+ ssl_credentials=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SystemPolicyV1GrpcTransport,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ ],
+)
+def test_system_policy_v1_grpc_transport_client_cert_source_for_mtls(transport_class):
+ cred = ga_credentials.AnonymousCredentials()
+
+ # Check ssl_channel_credentials is used if provided.
+ with mock.patch.object(transport_class, "create_channel") as mock_create_channel:
+ mock_ssl_channel_creds = mock.Mock()
+ transport_class(
+ host="squid.clam.whelk",
+ credentials=cred,
+ ssl_channel_credentials=mock_ssl_channel_creds,
+ )
+ mock_create_channel.assert_called_once_with(
+ "squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_channel_creds,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls
+ # is used.
+ with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()):
+ with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred:
+ transport_class(
+ credentials=cred,
+ client_cert_source_for_mtls=client_cert_source_callback,
+ )
+ expected_cert, expected_key = client_cert_source_callback()
+ mock_ssl_cred.assert_called_once_with(
+ certificate_chain=expected_cert, private_key=expected_key
+ )
+
+
+def test_system_policy_v1_host_no_port():
+ client = SystemPolicyV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ client_options=client_options.ClientOptions(
+ api_endpoint="binaryauthorization.googleapis.com"
+ ),
+ )
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+def test_system_policy_v1_host_with_port():
+ client = SystemPolicyV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ client_options=client_options.ClientOptions(
+ api_endpoint="binaryauthorization.googleapis.com:8000"
+ ),
+ )
+ assert client.transport._host == "binaryauthorization.googleapis.com:8000"
+
+
+def test_system_policy_v1_grpc_transport_channel():
+ channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials())
+
+ # Check that channel is used if provided.
+ transport = transports.SystemPolicyV1GrpcTransport(
+ host="squid.clam.whelk", channel=channel,
+ )
+ assert transport.grpc_channel == channel
+ assert transport._host == "squid.clam.whelk:443"
+ assert transport._ssl_channel_credentials == None
+
+
+def test_system_policy_v1_grpc_asyncio_transport_channel():
+ channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
+
+ # Check that channel is used if provided.
+ transport = transports.SystemPolicyV1GrpcAsyncIOTransport(
+ host="squid.clam.whelk", channel=channel,
+ )
+ assert transport.grpc_channel == channel
+ assert transport._host == "squid.clam.whelk:443"
+ assert transport._ssl_channel_credentials == None
+
+
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SystemPolicyV1GrpcTransport,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ ],
+)
+def test_system_policy_v1_transport_channel_mtls_with_client_cert_source(
+ transport_class,
+):
+ with mock.patch(
+ "grpc.ssl_channel_credentials", autospec=True
+ ) as grpc_ssl_channel_cred:
+ with mock.patch.object(
+ transport_class, "create_channel"
+ ) as grpc_create_channel:
+ mock_ssl_cred = mock.Mock()
+ grpc_ssl_channel_cred.return_value = mock_ssl_cred
+
+ mock_grpc_channel = mock.Mock()
+ grpc_create_channel.return_value = mock_grpc_channel
+
+ cred = ga_credentials.AnonymousCredentials()
+ with pytest.warns(DeprecationWarning):
+ with mock.patch.object(google.auth, "default") as adc:
+ adc.return_value = (cred, None)
+ transport = transport_class(
+ host="squid.clam.whelk",
+ api_mtls_endpoint="mtls.squid.clam.whelk",
+ client_cert_source=client_cert_source_callback,
+ )
+ adc.assert_called_once()
+
+ grpc_ssl_channel_cred.assert_called_once_with(
+ certificate_chain=b"cert bytes", private_key=b"key bytes"
+ )
+ grpc_create_channel.assert_called_once_with(
+ "mtls.squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_cred,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+ assert transport.grpc_channel == mock_grpc_channel
+ assert transport._ssl_channel_credentials == mock_ssl_cred
+
+
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.SystemPolicyV1GrpcTransport,
+ transports.SystemPolicyV1GrpcAsyncIOTransport,
+ ],
+)
+def test_system_policy_v1_transport_channel_mtls_with_adc(transport_class):
+ mock_ssl_cred = mock.Mock()
+ with mock.patch.multiple(
+ "google.auth.transport.grpc.SslCredentials",
+ __init__=mock.Mock(return_value=None),
+ ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred),
+ ):
+ with mock.patch.object(
+ transport_class, "create_channel"
+ ) as grpc_create_channel:
+ mock_grpc_channel = mock.Mock()
+ grpc_create_channel.return_value = mock_grpc_channel
+ mock_cred = mock.Mock()
+
+ with pytest.warns(DeprecationWarning):
+ transport = transport_class(
+ host="squid.clam.whelk",
+ credentials=mock_cred,
+ api_mtls_endpoint="mtls.squid.clam.whelk",
+ client_cert_source=None,
+ )
+
+ grpc_create_channel.assert_called_once_with(
+ "mtls.squid.clam.whelk:443",
+ credentials=mock_cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_cred,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+ assert transport.grpc_channel == mock_grpc_channel
+
+
+def test_policy_path():
+ project = "squid"
+ expected = "projects/{project}/policy".format(project=project,)
+ actual = SystemPolicyV1Client.policy_path(project)
+ assert expected == actual
+
+
+def test_parse_policy_path():
+ expected = {
+ "project": "clam",
+ }
+ path = SystemPolicyV1Client.policy_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = SystemPolicyV1Client.parse_policy_path(path)
+ assert expected == actual
+
+
+def test_common_billing_account_path():
+ billing_account = "whelk"
+ expected = "billingAccounts/{billing_account}".format(
+ billing_account=billing_account,
+ )
+ actual = SystemPolicyV1Client.common_billing_account_path(billing_account)
+ assert expected == actual
+
+
+def test_parse_common_billing_account_path():
+ expected = {
+ "billing_account": "octopus",
+ }
+ path = SystemPolicyV1Client.common_billing_account_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = SystemPolicyV1Client.parse_common_billing_account_path(path)
+ assert expected == actual
+
+
+def test_common_folder_path():
+ folder = "oyster"
+ expected = "folders/{folder}".format(folder=folder,)
+ actual = SystemPolicyV1Client.common_folder_path(folder)
+ assert expected == actual
+
+
+def test_parse_common_folder_path():
+ expected = {
+ "folder": "nudibranch",
+ }
+ path = SystemPolicyV1Client.common_folder_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = SystemPolicyV1Client.parse_common_folder_path(path)
+ assert expected == actual
+
+
+def test_common_organization_path():
+ organization = "cuttlefish"
+ expected = "organizations/{organization}".format(organization=organization,)
+ actual = SystemPolicyV1Client.common_organization_path(organization)
+ assert expected == actual
+
+
+def test_parse_common_organization_path():
+ expected = {
+ "organization": "mussel",
+ }
+ path = SystemPolicyV1Client.common_organization_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = SystemPolicyV1Client.parse_common_organization_path(path)
+ assert expected == actual
+
+
+def test_common_project_path():
+ project = "winkle"
+ expected = "projects/{project}".format(project=project,)
+ actual = SystemPolicyV1Client.common_project_path(project)
+ assert expected == actual
+
+
+def test_parse_common_project_path():
+ expected = {
+ "project": "nautilus",
+ }
+ path = SystemPolicyV1Client.common_project_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = SystemPolicyV1Client.parse_common_project_path(path)
+ assert expected == actual
+
+
+def test_common_location_path():
+ project = "scallop"
+ location = "abalone"
+ expected = "projects/{project}/locations/{location}".format(
+ project=project, location=location,
+ )
+ actual = SystemPolicyV1Client.common_location_path(project, location)
+ assert expected == actual
+
+
+def test_parse_common_location_path():
+ expected = {
+ "project": "squid",
+ "location": "clam",
+ }
+ path = SystemPolicyV1Client.common_location_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = SystemPolicyV1Client.parse_common_location_path(path)
+ assert expected == actual
+
+
+def test_client_withDEFAULT_CLIENT_INFO():
+ client_info = gapic_v1.client_info.ClientInfo()
+
+ with mock.patch.object(
+ transports.SystemPolicyV1Transport, "_prep_wrapped_messages"
+ ) as prep:
+ client = SystemPolicyV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
+ )
+ prep.assert_called_once_with(client_info)
+
+ with mock.patch.object(
+ transports.SystemPolicyV1Transport, "_prep_wrapped_messages"
+ ) as prep:
+ transport_class = SystemPolicyV1Client.get_transport_class()
+ transport = transport_class(
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
+ )
+ prep.assert_called_once_with(client_info)
diff --git a/tests/unit/gapic/binaryauthorization_v1/test_validation_helper_v1.py b/tests/unit/gapic/binaryauthorization_v1/test_validation_helper_v1.py
new file mode 100644
index 0000000..04296e1
--- /dev/null
+++ b/tests/unit/gapic/binaryauthorization_v1/test_validation_helper_v1.py
@@ -0,0 +1,1234 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import os
+import mock
+import packaging.version
+
+import grpc
+from grpc.experimental import aio
+import math
+import pytest
+from proto.marshal.rules.dates import DurationRule, TimestampRule
+
+
+from google.api_core import client_options
+from google.api_core import exceptions as core_exceptions
+from google.api_core import gapic_v1
+from google.api_core import grpc_helpers
+from google.api_core import grpc_helpers_async
+from google.auth import credentials as ga_credentials
+from google.auth.exceptions import MutualTLSChannelError
+from google.cloud.binaryauthorization_v1.services.validation_helper_v1 import (
+ ValidationHelperV1AsyncClient,
+)
+from google.cloud.binaryauthorization_v1.services.validation_helper_v1 import (
+ ValidationHelperV1Client,
+)
+from google.cloud.binaryauthorization_v1.services.validation_helper_v1 import transports
+from google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.base import (
+ _GOOGLE_AUTH_VERSION,
+)
+from google.cloud.binaryauthorization_v1.types import service
+from google.oauth2 import service_account
+from grafeas.grafeas_v1.types import attestation # type: ignore
+from grafeas.grafeas_v1.types import common # type: ignore
+import google.auth
+
+
+# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively
+# through google-api-core:
+# - Delete the auth "less than" test cases
+# - Delete these pytest markers (Make the "greater than or equal to" tests the default).
+requires_google_auth_lt_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth < 1.25.0",
+)
+requires_google_auth_gte_1_25_0 = pytest.mark.skipif(
+ packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"),
+ reason="This test requires google-auth >= 1.25.0",
+)
+
+
+def client_cert_source_callback():
+ return b"cert bytes", b"key bytes"
+
+
+# If default endpoint is localhost, then default mtls endpoint will be the same.
+# This method modifies the default endpoint so the client can produce a different
+# mtls endpoint for endpoint testing purposes.
+def modify_default_endpoint(client):
+ return (
+ "foo.googleapis.com"
+ if ("localhost" in client.DEFAULT_ENDPOINT)
+ else client.DEFAULT_ENDPOINT
+ )
+
+
+def test__get_default_mtls_endpoint():
+ api_endpoint = "example.googleapis.com"
+ api_mtls_endpoint = "example.mtls.googleapis.com"
+ sandbox_endpoint = "example.sandbox.googleapis.com"
+ sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com"
+ non_googleapi = "api.example.com"
+
+ assert ValidationHelperV1Client._get_default_mtls_endpoint(None) is None
+ assert (
+ ValidationHelperV1Client._get_default_mtls_endpoint(api_endpoint)
+ == api_mtls_endpoint
+ )
+ assert (
+ ValidationHelperV1Client._get_default_mtls_endpoint(api_mtls_endpoint)
+ == api_mtls_endpoint
+ )
+ assert (
+ ValidationHelperV1Client._get_default_mtls_endpoint(sandbox_endpoint)
+ == sandbox_mtls_endpoint
+ )
+ assert (
+ ValidationHelperV1Client._get_default_mtls_endpoint(sandbox_mtls_endpoint)
+ == sandbox_mtls_endpoint
+ )
+ assert (
+ ValidationHelperV1Client._get_default_mtls_endpoint(non_googleapi)
+ == non_googleapi
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class", [ValidationHelperV1Client, ValidationHelperV1AsyncClient,]
+)
+def test_validation_helper_v1_client_from_service_account_info(client_class):
+ creds = ga_credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_info"
+ ) as factory:
+ factory.return_value = creds
+ info = {"valid": True}
+ client = client_class.from_service_account_info(info)
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+@pytest.mark.parametrize(
+ "transport_class,transport_name",
+ [
+ (transports.ValidationHelperV1GrpcTransport, "grpc"),
+ (transports.ValidationHelperV1GrpcAsyncIOTransport, "grpc_asyncio"),
+ ],
+)
+def test_validation_helper_v1_client_service_account_always_use_jwt(
+ transport_class, transport_name
+):
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=True)
+ use_jwt.assert_called_once_with(True)
+
+ with mock.patch.object(
+ service_account.Credentials, "with_always_use_jwt_access", create=True
+ ) as use_jwt:
+ creds = service_account.Credentials(None, None, None)
+ transport = transport_class(credentials=creds, always_use_jwt_access=False)
+ use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+ "client_class", [ValidationHelperV1Client, ValidationHelperV1AsyncClient,]
+)
+def test_validation_helper_v1_client_from_service_account_file(client_class):
+ creds = ga_credentials.AnonymousCredentials()
+ with mock.patch.object(
+ service_account.Credentials, "from_service_account_file"
+ ) as factory:
+ factory.return_value = creds
+ client = client_class.from_service_account_file("dummy/file/path.json")
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ client = client_class.from_service_account_json("dummy/file/path.json")
+ assert client.transport._credentials == creds
+ assert isinstance(client, client_class)
+
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+def test_validation_helper_v1_client_get_transport_class():
+ transport = ValidationHelperV1Client.get_transport_class()
+ available_transports = [
+ transports.ValidationHelperV1GrpcTransport,
+ ]
+ assert transport in available_transports
+
+ transport = ValidationHelperV1Client.get_transport_class("grpc")
+ assert transport == transports.ValidationHelperV1GrpcTransport
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (ValidationHelperV1Client, transports.ValidationHelperV1GrpcTransport, "grpc"),
+ (
+ ValidationHelperV1AsyncClient,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+@mock.patch.object(
+ ValidationHelperV1Client,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(ValidationHelperV1Client),
+)
+@mock.patch.object(
+ ValidationHelperV1AsyncClient,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(ValidationHelperV1AsyncClient),
+)
+def test_validation_helper_v1_client_client_options(
+ client_class, transport_class, transport_name
+):
+ # Check that if channel is provided we won't create a new one.
+ with mock.patch.object(ValidationHelperV1Client, "get_transport_class") as gtc:
+ transport = transport_class(credentials=ga_credentials.AnonymousCredentials())
+ client = client_class(transport=transport)
+ gtc.assert_not_called()
+
+ # Check that if channel is provided via str we will create a new one.
+ with mock.patch.object(ValidationHelperV1Client, "get_transport_class") as gtc:
+ client = client_class(transport=transport_name)
+ gtc.assert_called()
+
+ # Check the case api_endpoint is provided.
+ options = client_options.ClientOptions(api_endpoint="squid.clam.whelk")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host="squid.clam.whelk",
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
+ # "never".
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is
+ # "always".
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_MTLS_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has
+ # unsupported value.
+ with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}):
+ with pytest.raises(MutualTLSChannelError):
+ client = client_class()
+
+ # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
+ ):
+ with pytest.raises(ValueError):
+ client = client_class()
+
+ # Check the case quota_project_id is provided
+ options = client_options.ClientOptions(quota_project_id="octopus")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id="octopus",
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name,use_client_cert_env",
+ [
+ (
+ ValidationHelperV1Client,
+ transports.ValidationHelperV1GrpcTransport,
+ "grpc",
+ "true",
+ ),
+ (
+ ValidationHelperV1AsyncClient,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ "true",
+ ),
+ (
+ ValidationHelperV1Client,
+ transports.ValidationHelperV1GrpcTransport,
+ "grpc",
+ "false",
+ ),
+ (
+ ValidationHelperV1AsyncClient,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ "false",
+ ),
+ ],
+)
+@mock.patch.object(
+ ValidationHelperV1Client,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(ValidationHelperV1Client),
+)
+@mock.patch.object(
+ ValidationHelperV1AsyncClient,
+ "DEFAULT_ENDPOINT",
+ modify_default_endpoint(ValidationHelperV1AsyncClient),
+)
+@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"})
+def test_validation_helper_v1_client_mtls_env_auto(
+ client_class, transport_class, transport_name, use_client_cert_env
+):
+ # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default
+ # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists.
+
+ # Check the case client_cert_source is provided. Whether client cert is used depends on
+ # GOOGLE_API_USE_CLIENT_CERTIFICATE value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ options = client_options.ClientOptions(
+ client_cert_source=client_cert_source_callback
+ )
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+
+ if use_client_cert_env == "false":
+ expected_client_cert_source = None
+ expected_host = client.DEFAULT_ENDPOINT
+ else:
+ expected_client_cert_source = client_cert_source_callback
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case ADC client cert is provided. Whether client cert is used depends on
+ # GOOGLE_API_USE_CLIENT_CERTIFICATE value.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=True,
+ ):
+ with mock.patch(
+ "google.auth.transport.mtls.default_client_cert_source",
+ return_value=client_cert_source_callback,
+ ):
+ if use_client_cert_env == "false":
+ expected_host = client.DEFAULT_ENDPOINT
+ expected_client_cert_source = None
+ else:
+ expected_host = client.DEFAULT_MTLS_ENDPOINT
+ expected_client_cert_source = client_cert_source_callback
+
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=expected_host,
+ scopes=None,
+ client_cert_source_for_mtls=expected_client_cert_source,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+ # Check the case client_cert_source and ADC client cert are not provided.
+ with mock.patch.dict(
+ os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}
+ ):
+ with mock.patch.object(transport_class, "__init__") as patched:
+ with mock.patch(
+ "google.auth.transport.mtls.has_default_client_cert_source",
+ return_value=False,
+ ):
+ patched.return_value = None
+ client = client_class()
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (ValidationHelperV1Client, transports.ValidationHelperV1GrpcTransport, "grpc"),
+ (
+ ValidationHelperV1AsyncClient,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+def test_validation_helper_v1_client_client_options_scopes(
+ client_class, transport_class, transport_name
+):
+ # Check the case scopes are provided.
+ options = client_options.ClientOptions(scopes=["1", "2"],)
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host=client.DEFAULT_ENDPOINT,
+ scopes=["1", "2"],
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+@pytest.mark.parametrize(
+ "client_class,transport_class,transport_name",
+ [
+ (ValidationHelperV1Client, transports.ValidationHelperV1GrpcTransport, "grpc"),
+ (
+ ValidationHelperV1AsyncClient,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ "grpc_asyncio",
+ ),
+ ],
+)
+def test_validation_helper_v1_client_client_options_credentials_file(
+ client_class, transport_class, transport_name
+):
+ # Check the case credentials file is provided.
+ options = client_options.ClientOptions(credentials_file="credentials.json")
+ with mock.patch.object(transport_class, "__init__") as patched:
+ patched.return_value = None
+ client = client_class(client_options=options)
+ patched.assert_called_once_with(
+ credentials=None,
+ credentials_file="credentials.json",
+ host=client.DEFAULT_ENDPOINT,
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+def test_validation_helper_v1_client_client_options_from_dict():
+ with mock.patch(
+ "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1GrpcTransport.__init__"
+ ) as grpc_transport:
+ grpc_transport.return_value = None
+ client = ValidationHelperV1Client(
+ client_options={"api_endpoint": "squid.clam.whelk"}
+ )
+ grpc_transport.assert_called_once_with(
+ credentials=None,
+ credentials_file=None,
+ host="squid.clam.whelk",
+ scopes=None,
+ client_cert_source_for_mtls=None,
+ quota_project_id=None,
+ client_info=transports.base.DEFAULT_CLIENT_INFO,
+ always_use_jwt_access=True,
+ )
+
+
+def test_validate_attestation_occurrence(
+ transport: str = "grpc", request_type=service.ValidateAttestationOccurrenceRequest
+):
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.validate_attestation_occurrence), "__call__"
+ ) as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = service.ValidateAttestationOccurrenceResponse(
+ result=service.ValidateAttestationOccurrenceResponse.Result.VERIFIED,
+ denial_reason="denial_reason_value",
+ )
+ response = client.validate_attestation_occurrence(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.ValidateAttestationOccurrenceRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, service.ValidateAttestationOccurrenceResponse)
+ assert (
+ response.result == service.ValidateAttestationOccurrenceResponse.Result.VERIFIED
+ )
+ assert response.denial_reason == "denial_reason_value"
+
+
+def test_validate_attestation_occurrence_from_dict():
+ test_validate_attestation_occurrence(request_type=dict)
+
+
+def test_validate_attestation_occurrence_empty_call():
+ # This test is a coverage failsafe to make sure that totally empty calls,
+ # i.e. request == None and no flattened fields passed, work.
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport="grpc",
+ )
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.validate_attestation_occurrence), "__call__"
+ ) as call:
+ client.validate_attestation_occurrence()
+ call.assert_called()
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.ValidateAttestationOccurrenceRequest()
+
+
+@pytest.mark.asyncio
+async def test_validate_attestation_occurrence_async(
+ transport: str = "grpc_asyncio",
+ request_type=service.ValidateAttestationOccurrenceRequest,
+):
+ client = ValidationHelperV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # Everything is optional in proto3 as far as the runtime is concerned,
+ # and we are mocking out the actual API, so just send an empty request.
+ request = request_type()
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.validate_attestation_occurrence), "__call__"
+ ) as call:
+ # Designate an appropriate return value for the call.
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ service.ValidateAttestationOccurrenceResponse(
+ result=service.ValidateAttestationOccurrenceResponse.Result.VERIFIED,
+ denial_reason="denial_reason_value",
+ )
+ )
+ response = await client.validate_attestation_occurrence(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == service.ValidateAttestationOccurrenceRequest()
+
+ # Establish that the response is the type that we expect.
+ assert isinstance(response, service.ValidateAttestationOccurrenceResponse)
+ assert (
+ response.result == service.ValidateAttestationOccurrenceResponse.Result.VERIFIED
+ )
+ assert response.denial_reason == "denial_reason_value"
+
+
+@pytest.mark.asyncio
+async def test_validate_attestation_occurrence_async_from_dict():
+ await test_validate_attestation_occurrence_async(request_type=dict)
+
+
+def test_validate_attestation_occurrence_field_headers():
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.ValidateAttestationOccurrenceRequest()
+
+ request.attestor = "attestor/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.validate_attestation_occurrence), "__call__"
+ ) as call:
+ call.return_value = service.ValidateAttestationOccurrenceResponse()
+ client.validate_attestation_occurrence(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls) == 1
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "attestor=attestor/value",) in kw["metadata"]
+
+
+@pytest.mark.asyncio
+async def test_validate_attestation_occurrence_field_headers_async():
+ client = ValidationHelperV1AsyncClient(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Any value that is part of the HTTP/1.1 URI should be sent as
+ # a field header. Set these to a non-empty value.
+ request = service.ValidateAttestationOccurrenceRequest()
+
+ request.attestor = "attestor/value"
+
+ # Mock the actual call within the gRPC stub, and fake the request.
+ with mock.patch.object(
+ type(client.transport.validate_attestation_occurrence), "__call__"
+ ) as call:
+ call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(
+ service.ValidateAttestationOccurrenceResponse()
+ )
+ await client.validate_attestation_occurrence(request)
+
+ # Establish that the underlying gRPC stub method was called.
+ assert len(call.mock_calls)
+ _, args, _ = call.mock_calls[0]
+ assert args[0] == request
+
+ # Establish that the field header was sent.
+ _, _, kw = call.mock_calls[0]
+ assert ("x-goog-request-params", "attestor=attestor/value",) in kw["metadata"]
+
+
+def test_credentials_transport_error():
+ # It is an error to provide credentials and a transport instance.
+ transport = transports.ValidationHelperV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), transport=transport,
+ )
+
+ # It is an error to provide a credentials file and a transport instance.
+ transport = transports.ValidationHelperV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = ValidationHelperV1Client(
+ client_options={"credentials_file": "credentials.json"},
+ transport=transport,
+ )
+
+ # It is an error to provide scopes and a transport instance.
+ transport = transports.ValidationHelperV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ with pytest.raises(ValueError):
+ client = ValidationHelperV1Client(
+ client_options={"scopes": ["1", "2"]}, transport=transport,
+ )
+
+
+def test_transport_instance():
+ # A client may be instantiated with a custom transport instance.
+ transport = transports.ValidationHelperV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ client = ValidationHelperV1Client(transport=transport)
+ assert client.transport is transport
+
+
+def test_transport_get_channel():
+ # A client may be instantiated with a custom transport instance.
+ transport = transports.ValidationHelperV1GrpcTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ channel = transport.grpc_channel
+ assert channel
+
+ transport = transports.ValidationHelperV1GrpcAsyncIOTransport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ channel = transport.grpc_channel
+ assert channel
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.ValidationHelperV1GrpcTransport,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ ],
+)
+def test_transport_adc(transport_class):
+ # Test default credentials are used if not provided.
+ with mock.patch.object(google.auth, "default") as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class()
+ adc.assert_called_once()
+
+
+def test_transport_grpc_default():
+ # A client should use the gRPC transport by default.
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+ assert isinstance(client.transport, transports.ValidationHelperV1GrpcTransport,)
+
+
+def test_validation_helper_v1_base_transport_error():
+ # Passing both a credentials object and credentials_file should raise an error
+ with pytest.raises(core_exceptions.DuplicateCredentialArgs):
+ transport = transports.ValidationHelperV1Transport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ credentials_file="credentials.json",
+ )
+
+
+def test_validation_helper_v1_base_transport():
+ # Instantiate the base transport.
+ with mock.patch(
+ "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport.__init__"
+ ) as Transport:
+ Transport.return_value = None
+ transport = transports.ValidationHelperV1Transport(
+ credentials=ga_credentials.AnonymousCredentials(),
+ )
+
+ # Every method on the transport should just blindly
+ # raise NotImplementedError.
+ methods = ("validate_attestation_occurrence",)
+ for method in methods:
+ with pytest.raises(NotImplementedError):
+ getattr(transport, method)(request=object())
+
+
+@requires_google_auth_gte_1_25_0
+def test_validation_helper_v1_base_transport_with_credentials_file():
+ # Instantiate the base transport with a credentials file
+ with mock.patch.object(
+ google.auth, "load_credentials_from_file", autospec=True
+ ) as load_creds, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.ValidationHelperV1Transport(
+ credentials_file="credentials.json", quota_project_id="octopus",
+ )
+ load_creds.assert_called_once_with(
+ "credentials.json",
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_validation_helper_v1_base_transport_with_credentials_file_old_google_auth():
+ # Instantiate the base transport with a credentials file
+ with mock.patch.object(
+ google.auth, "load_credentials_from_file", autospec=True
+ ) as load_creds, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ load_creds.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.ValidationHelperV1Transport(
+ credentials_file="credentials.json", quota_project_id="octopus",
+ )
+ load_creds.assert_called_once_with(
+ "credentials.json",
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+def test_validation_helper_v1_base_transport_with_adc():
+ # Test the default credentials are used if credentials and credentials_file are None.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch(
+ "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport._prep_wrapped_messages"
+ ) as Transport:
+ Transport.return_value = None
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport = transports.ValidationHelperV1Transport()
+ adc.assert_called_once()
+
+
+@requires_google_auth_gte_1_25_0
+def test_validation_helper_v1_auth_adc():
+ # If no credentials are provided, we should use ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ ValidationHelperV1Client()
+ adc.assert_called_once_with(
+ scopes=None,
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id=None,
+ )
+
+
+@requires_google_auth_lt_1_25_0
+def test_validation_helper_v1_auth_adc_old_google_auth():
+ # If no credentials are provided, we should use ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ ValidationHelperV1Client()
+ adc.assert_called_once_with(
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id=None,
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.ValidationHelperV1GrpcTransport,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_gte_1_25_0
+def test_validation_helper_v1_transport_auth_adc(transport_class):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+ adc.assert_called_once_with(
+ scopes=["1", "2"],
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.ValidationHelperV1GrpcTransport,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ ],
+)
+@requires_google_auth_lt_1_25_0
+def test_validation_helper_v1_transport_auth_adc_old_google_auth(transport_class):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(google.auth, "default", autospec=True) as adc:
+ adc.return_value = (ga_credentials.AnonymousCredentials(), None)
+ transport_class(quota_project_id="octopus")
+ adc.assert_called_once_with(
+ scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ quota_project_id="octopus",
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class,grpc_helpers",
+ [
+ (transports.ValidationHelperV1GrpcTransport, grpc_helpers),
+ (transports.ValidationHelperV1GrpcAsyncIOTransport, grpc_helpers_async),
+ ],
+)
+def test_validation_helper_v1_transport_create_channel(transport_class, grpc_helpers):
+ # If credentials and host are not provided, the transport class should use
+ # ADC credentials.
+ with mock.patch.object(
+ google.auth, "default", autospec=True
+ ) as adc, mock.patch.object(
+ grpc_helpers, "create_channel", autospec=True
+ ) as create_channel:
+ creds = ga_credentials.AnonymousCredentials()
+ adc.return_value = (creds, None)
+ transport_class(quota_project_id="octopus", scopes=["1", "2"])
+
+ create_channel.assert_called_with(
+ "binaryauthorization.googleapis.com:443",
+ credentials=creds,
+ credentials_file=None,
+ quota_project_id="octopus",
+ default_scopes=("https://www.googleapis.com/auth/cloud-platform",),
+ scopes=["1", "2"],
+ default_host="binaryauthorization.googleapis.com",
+ ssl_credentials=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.ValidationHelperV1GrpcTransport,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ ],
+)
+def test_validation_helper_v1_grpc_transport_client_cert_source_for_mtls(
+ transport_class,
+):
+ cred = ga_credentials.AnonymousCredentials()
+
+ # Check ssl_channel_credentials is used if provided.
+ with mock.patch.object(transport_class, "create_channel") as mock_create_channel:
+ mock_ssl_channel_creds = mock.Mock()
+ transport_class(
+ host="squid.clam.whelk",
+ credentials=cred,
+ ssl_channel_credentials=mock_ssl_channel_creds,
+ )
+ mock_create_channel.assert_called_once_with(
+ "squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_channel_creds,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+
+ # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls
+ # is used.
+ with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()):
+ with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred:
+ transport_class(
+ credentials=cred,
+ client_cert_source_for_mtls=client_cert_source_callback,
+ )
+ expected_cert, expected_key = client_cert_source_callback()
+ mock_ssl_cred.assert_called_once_with(
+ certificate_chain=expected_cert, private_key=expected_key
+ )
+
+
+def test_validation_helper_v1_host_no_port():
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ client_options=client_options.ClientOptions(
+ api_endpoint="binaryauthorization.googleapis.com"
+ ),
+ )
+ assert client.transport._host == "binaryauthorization.googleapis.com:443"
+
+
+def test_validation_helper_v1_host_with_port():
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(),
+ client_options=client_options.ClientOptions(
+ api_endpoint="binaryauthorization.googleapis.com:8000"
+ ),
+ )
+ assert client.transport._host == "binaryauthorization.googleapis.com:8000"
+
+
+def test_validation_helper_v1_grpc_transport_channel():
+ channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials())
+
+ # Check that channel is used if provided.
+ transport = transports.ValidationHelperV1GrpcTransport(
+ host="squid.clam.whelk", channel=channel,
+ )
+ assert transport.grpc_channel == channel
+ assert transport._host == "squid.clam.whelk:443"
+ assert transport._ssl_channel_credentials == None
+
+
+def test_validation_helper_v1_grpc_asyncio_transport_channel():
+ channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
+
+ # Check that channel is used if provided.
+ transport = transports.ValidationHelperV1GrpcAsyncIOTransport(
+ host="squid.clam.whelk", channel=channel,
+ )
+ assert transport.grpc_channel == channel
+ assert transport._host == "squid.clam.whelk:443"
+ assert transport._ssl_channel_credentials == None
+
+
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.ValidationHelperV1GrpcTransport,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ ],
+)
+def test_validation_helper_v1_transport_channel_mtls_with_client_cert_source(
+ transport_class,
+):
+ with mock.patch(
+ "grpc.ssl_channel_credentials", autospec=True
+ ) as grpc_ssl_channel_cred:
+ with mock.patch.object(
+ transport_class, "create_channel"
+ ) as grpc_create_channel:
+ mock_ssl_cred = mock.Mock()
+ grpc_ssl_channel_cred.return_value = mock_ssl_cred
+
+ mock_grpc_channel = mock.Mock()
+ grpc_create_channel.return_value = mock_grpc_channel
+
+ cred = ga_credentials.AnonymousCredentials()
+ with pytest.warns(DeprecationWarning):
+ with mock.patch.object(google.auth, "default") as adc:
+ adc.return_value = (cred, None)
+ transport = transport_class(
+ host="squid.clam.whelk",
+ api_mtls_endpoint="mtls.squid.clam.whelk",
+ client_cert_source=client_cert_source_callback,
+ )
+ adc.assert_called_once()
+
+ grpc_ssl_channel_cred.assert_called_once_with(
+ certificate_chain=b"cert bytes", private_key=b"key bytes"
+ )
+ grpc_create_channel.assert_called_once_with(
+ "mtls.squid.clam.whelk:443",
+ credentials=cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_cred,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+ assert transport.grpc_channel == mock_grpc_channel
+ assert transport._ssl_channel_credentials == mock_ssl_cred
+
+
+# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are
+# removed from grpc/grpc_asyncio transport constructor.
+@pytest.mark.parametrize(
+ "transport_class",
+ [
+ transports.ValidationHelperV1GrpcTransport,
+ transports.ValidationHelperV1GrpcAsyncIOTransport,
+ ],
+)
+def test_validation_helper_v1_transport_channel_mtls_with_adc(transport_class):
+ mock_ssl_cred = mock.Mock()
+ with mock.patch.multiple(
+ "google.auth.transport.grpc.SslCredentials",
+ __init__=mock.Mock(return_value=None),
+ ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred),
+ ):
+ with mock.patch.object(
+ transport_class, "create_channel"
+ ) as grpc_create_channel:
+ mock_grpc_channel = mock.Mock()
+ grpc_create_channel.return_value = mock_grpc_channel
+ mock_cred = mock.Mock()
+
+ with pytest.warns(DeprecationWarning):
+ transport = transport_class(
+ host="squid.clam.whelk",
+ credentials=mock_cred,
+ api_mtls_endpoint="mtls.squid.clam.whelk",
+ client_cert_source=None,
+ )
+
+ grpc_create_channel.assert_called_once_with(
+ "mtls.squid.clam.whelk:443",
+ credentials=mock_cred,
+ credentials_file=None,
+ scopes=None,
+ ssl_credentials=mock_ssl_cred,
+ quota_project_id=None,
+ options=[
+ ("grpc.max_send_message_length", -1),
+ ("grpc.max_receive_message_length", -1),
+ ],
+ )
+ assert transport.grpc_channel == mock_grpc_channel
+
+
+def test_common_billing_account_path():
+ billing_account = "squid"
+ expected = "billingAccounts/{billing_account}".format(
+ billing_account=billing_account,
+ )
+ actual = ValidationHelperV1Client.common_billing_account_path(billing_account)
+ assert expected == actual
+
+
+def test_parse_common_billing_account_path():
+ expected = {
+ "billing_account": "clam",
+ }
+ path = ValidationHelperV1Client.common_billing_account_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = ValidationHelperV1Client.parse_common_billing_account_path(path)
+ assert expected == actual
+
+
+def test_common_folder_path():
+ folder = "whelk"
+ expected = "folders/{folder}".format(folder=folder,)
+ actual = ValidationHelperV1Client.common_folder_path(folder)
+ assert expected == actual
+
+
+def test_parse_common_folder_path():
+ expected = {
+ "folder": "octopus",
+ }
+ path = ValidationHelperV1Client.common_folder_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = ValidationHelperV1Client.parse_common_folder_path(path)
+ assert expected == actual
+
+
+def test_common_organization_path():
+ organization = "oyster"
+ expected = "organizations/{organization}".format(organization=organization,)
+ actual = ValidationHelperV1Client.common_organization_path(organization)
+ assert expected == actual
+
+
+def test_parse_common_organization_path():
+ expected = {
+ "organization": "nudibranch",
+ }
+ path = ValidationHelperV1Client.common_organization_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = ValidationHelperV1Client.parse_common_organization_path(path)
+ assert expected == actual
+
+
+def test_common_project_path():
+ project = "cuttlefish"
+ expected = "projects/{project}".format(project=project,)
+ actual = ValidationHelperV1Client.common_project_path(project)
+ assert expected == actual
+
+
+def test_parse_common_project_path():
+ expected = {
+ "project": "mussel",
+ }
+ path = ValidationHelperV1Client.common_project_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = ValidationHelperV1Client.parse_common_project_path(path)
+ assert expected == actual
+
+
+def test_common_location_path():
+ project = "winkle"
+ location = "nautilus"
+ expected = "projects/{project}/locations/{location}".format(
+ project=project, location=location,
+ )
+ actual = ValidationHelperV1Client.common_location_path(project, location)
+ assert expected == actual
+
+
+def test_parse_common_location_path():
+ expected = {
+ "project": "scallop",
+ "location": "abalone",
+ }
+ path = ValidationHelperV1Client.common_location_path(**expected)
+
+ # Check that the path construction is reversible.
+ actual = ValidationHelperV1Client.parse_common_location_path(path)
+ assert expected == actual
+
+
+def test_client_withDEFAULT_CLIENT_INFO():
+ client_info = gapic_v1.client_info.ClientInfo()
+
+ with mock.patch.object(
+ transports.ValidationHelperV1Transport, "_prep_wrapped_messages"
+ ) as prep:
+ client = ValidationHelperV1Client(
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
+ )
+ prep.assert_called_once_with(client_info)
+
+ with mock.patch.object(
+ transports.ValidationHelperV1Transport, "_prep_wrapped_messages"
+ ) as prep:
+ transport_class = ValidationHelperV1Client.get_transport_class()
+ transport = transport_class(
+ credentials=ga_credentials.AnonymousCredentials(), client_info=client_info,
+ )
+ prep.assert_called_once_with(client_info)