From 93c840885ef963e8aac000e3d82f35fba3f6aef4 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 12 Aug 2021 15:55:19 +0000 Subject: [PATCH 01/12] chore(python): avoid `.nox` directories when building docs (#63) Source-Link: https://github.com/googleapis/synthtool/commit/7e1f6da50524b5d98eb67adbf6dd0805df54233d Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:a1a891041baa4ffbe1a809ac1b8b9b4a71887293c9101c88e8e255943c5aec2d --- .github/.OwlBot.lock.yaml | 2 +- docs/conf.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 9ee60f7..b771c37 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:aea14a583128771ae8aefa364e1652f3c56070168ef31beb203534222d842b8b + digest: sha256:a1a891041baa4ffbe1a809ac1b8b9b4a71887293c9101c88e8e255943c5aec2d diff --git a/docs/conf.py b/docs/conf.py index b09ecee..f9f210a 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -110,6 +110,7 @@ # directories to ignore when looking for source files. exclude_patterns = [ "_build", + "**/.nox/**/*", "samples/AUTHORING_GUIDE.md", "samples/CONTRIBUTING.md", "samples/snippets/README.rst", From fc031ee64856ceeed501f785045edfda92b858dd Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 13 Aug 2021 11:19:07 -0400 Subject: [PATCH 02/12] chore: drop mention of Python 2.7 from templates (#64) Source-Link: https://github.com/googleapis/synthtool/commit/facee4cc1ea096cd8bcc008bb85929daa7c414c0 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:9743664022bd63a8084be67f144898314c7ca12f0a03e422ac17c733c129d803 Co-authored-by: Owl Bot --- .github/.OwlBot.lock.yaml | 2 +- noxfile.py | 12 +++++++++--- scripts/readme-gen/templates/install_deps.tmpl.rst | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index b771c37..a9fcd07 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:a1a891041baa4ffbe1a809ac1b8b9b4a71887293c9101c88e8e255943c5aec2d + digest: sha256:9743664022bd63a8084be67f144898314c7ca12f0a03e422ac17c733c129d803 diff --git a/noxfile.py b/noxfile.py index 03aa2f5..2bf3ffd 100644 --- a/noxfile.py +++ b/noxfile.py @@ -84,9 +84,15 @@ def default(session): constraints_path = str( CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" ) - session.install("asyncmock", "pytest-asyncio", "-c", constraints_path) - - session.install("mock", "pytest", "pytest-cov", "-c", constraints_path) + session.install( + "mock", + "asyncmock", + "pytest", + "pytest-cov", + "pytest-asyncio", + "-c", + constraints_path, + ) session.install("-e", ".", "-c", constraints_path) diff --git a/scripts/readme-gen/templates/install_deps.tmpl.rst b/scripts/readme-gen/templates/install_deps.tmpl.rst index a0406db..275d649 100644 --- a/scripts/readme-gen/templates/install_deps.tmpl.rst +++ b/scripts/readme-gen/templates/install_deps.tmpl.rst @@ -12,7 +12,7 @@ Install Dependencies .. _Python Development Environment Setup Guide: https://cloud.google.com/python/setup -#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+. +#. Create a virtualenv. Samples are compatible with Python 3.6+. .. code-block:: bash From 16feeb99c3df72b36a0310c4e1089d182798af2f Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Wed, 18 Aug 2021 07:41:06 -0600 Subject: [PATCH 03/12] chore: generate python samples templates in owlbot.py (#65) Generate python samples templates in owlbot.py --- owlbot.py | 1 + 1 file changed, 1 insertion(+) diff --git a/owlbot.py b/owlbot.py index a1f9473..41cc945 100644 --- a/owlbot.py +++ b/owlbot.py @@ -40,6 +40,7 @@ # ---------------------------------------------------------------------------- templated_files = common.py_library(cov_level=98, microgenerator=True) +python.py_samples(skip_readmes=True) s.move( templated_files, excludes=[".coveragerc"], # the microgenerator has a goodcoveragerc file From 8ee013a099c4fdfe6907f7db03aedf47c25a8f16 Mon Sep 17 00:00:00 2001 From: Anthonios Partheniou Date: Fri, 27 Aug 2021 12:52:45 -0400 Subject: [PATCH 04/12] chore: migrate default branch from master to main (#66) --- .kokoro/build.sh | 2 +- .kokoro/test-samples-impl.sh | 2 +- CONTRIBUTING.rst | 12 ++++---- docs/conf.py | 10 +++---- owlbot.py | 56 +++++++++++++++++++++++++++++++++++- 5 files changed, 68 insertions(+), 14 deletions(-) diff --git a/.kokoro/build.sh b/.kokoro/build.sh index cd54992..aa7486c 100755 --- a/.kokoro/build.sh +++ b/.kokoro/build.sh @@ -41,7 +41,7 @@ python3 -m pip install --upgrade --quiet nox python3 -m nox --version # If this is a continuous build, send the test log to the FlakyBot. -# See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot. +# See https://github.com/googleapis/repo-automation-bots/tree/main/packages/flakybot. if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"continuous"* ]]; then cleanup() { chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot diff --git a/.kokoro/test-samples-impl.sh b/.kokoro/test-samples-impl.sh index 311a8d5..8a324c9 100755 --- a/.kokoro/test-samples-impl.sh +++ b/.kokoro/test-samples-impl.sh @@ -80,7 +80,7 @@ for file in samples/**/requirements.txt; do EXIT=$? # If this is a periodic build, send the test log to the FlakyBot. - # See https://github.com/googleapis/repo-automation-bots/tree/master/packages/flakybot. + # See https://github.com/googleapis/repo-automation-bots/tree/main/packages/flakybot. if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then chmod +x $KOKORO_GFILE_DIR/linux_amd64/flakybot $KOKORO_GFILE_DIR/linux_amd64/flakybot diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index bb5072f..3ba80fd 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -50,9 +50,9 @@ You'll have to create a development environment using a Git checkout: # Configure remotes such that you can pull changes from the googleapis/python-binary-authorization # repository into your local repository. $ git remote add upstream git@github.com:googleapis/python-binary-authorization.git - # fetch and merge changes from upstream into master + # fetch and merge changes from upstream into main $ git fetch upstream - $ git merge upstream/master + $ git merge upstream/main Now your local repo is set up such that you will push changes to your GitHub repo, from which you can submit a pull request. @@ -110,12 +110,12 @@ Coding Style variables:: export GOOGLE_CLOUD_TESTING_REMOTE="upstream" - export GOOGLE_CLOUD_TESTING_BRANCH="master" + export GOOGLE_CLOUD_TESTING_BRANCH="main" By doing this, you are specifying the location of the most up-to-date version of ``python-binary-authorization``. The the suggested remote name ``upstream`` should point to the official ``googleapis`` checkout and the - the branch should be the main branch on that remote (``master``). + the branch should be the main branch on that remote (``main``). - This repository contains configuration for the `pre-commit `__ tool, which automates checking @@ -209,7 +209,7 @@ The `description on PyPI`_ for the project comes directly from the ``README``. Due to the reStructuredText (``rst``) parser used by PyPI, relative links which will work on GitHub (e.g. ``CONTRIBUTING.rst`` instead of -``https://github.com/googleapis/python-binary-authorization/blob/master/CONTRIBUTING.rst``) +``https://github.com/googleapis/python-binary-authorization/blob/main/CONTRIBUTING.rst``) may cause problems creating links or rendering the description. .. _description on PyPI: https://pypi.org/project/google-cloud-binary-authorization @@ -234,7 +234,7 @@ We support: Supported versions can be found in our ``noxfile.py`` `config`_. -.. _config: https://github.com/googleapis/python-binary-authorization/blob/master/noxfile.py +.. _config: https://github.com/googleapis/python-binary-authorization/blob/main/noxfile.py We also explicitly decided to support Python 3 beginning with version 3.6. diff --git a/docs/conf.py b/docs/conf.py index f9f210a..3e51f11 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -76,8 +76,8 @@ # The encoding of source files. # source_encoding = 'utf-8-sig' -# The master toctree document. -master_doc = "index" +# The root toctree document. +root_doc = "index" # General information about the project. project = "google-cloud-binary-authorization" @@ -280,7 +280,7 @@ # author, documentclass [howto, manual, or own class]). latex_documents = [ ( - master_doc, + root_doc, "google-cloud-binary-authorization.tex", "google-cloud-binary-authorization Documentation", author, @@ -315,7 +315,7 @@ # (source start file, name, description, authors, manual section). man_pages = [ ( - master_doc, + root_doc, "google-cloud-binary-authorization", "google-cloud-binary-authorization Documentation", [author], @@ -334,7 +334,7 @@ # dir menu entry, description, category) texinfo_documents = [ ( - master_doc, + root_doc, "google-cloud-binary-authorization", "google-cloud-binary-authorization Documentation", author, diff --git a/owlbot.py b/owlbot.py index 41cc945..659cd16 100644 --- a/owlbot.py +++ b/owlbot.py @@ -43,7 +43,61 @@ python.py_samples(skip_readmes=True) s.move( templated_files, - excludes=[".coveragerc"], # the microgenerator has a goodcoveragerc file + excludes=[".coveragerc"], # the microgenerator has a good coveragerc file +) + +# Remove the replacements below once https://github.com/googleapis/synthtool/pull/1188 is merged + +# Update googleapis/repo-automation-bots repo to main in .kokoro/*.sh files +s.replace(".kokoro/*.sh", "repo-automation-bots/tree/master", "repo-automation-bots/tree/main") + +# Customize CONTRIBUTING.rst to replace master with main +s.replace( + "CONTRIBUTING.rst", + "fetch and merge changes from upstream into master", + "fetch and merge changes from upstream into main", +) + +s.replace( + "CONTRIBUTING.rst", + "git merge upstream/master", + "git merge upstream/main", +) + +s.replace( + "CONTRIBUTING.rst", + """export GOOGLE_CLOUD_TESTING_BRANCH=\"master\"""", + """export GOOGLE_CLOUD_TESTING_BRANCH=\"main\"""", +) + +s.replace( + "CONTRIBUTING.rst", + "remote \(``master``\)", + "remote (``main``)", +) + +s.replace( + "CONTRIBUTING.rst", + "blob/master/CONTRIBUTING.rst", + "blob/main/CONTRIBUTING.rst", +) + +s.replace( + "CONTRIBUTING.rst", + "blob/master/noxfile.py", + "blob/main/noxfile.py", +) + +s.replace( + "docs/conf.py", + "master_doc", + "root_doc", +) + +s.replace( + "docs/conf.py", + "# The master toctree document.", + "# The root toctree document.", ) s.shell.run(["nox", "-s", "blacken"], hide_output=False) From 47f4b623e7b63ca6a39f76de19f81fa3ce1d86b5 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Mon, 30 Aug 2021 15:26:50 +0000 Subject: [PATCH 05/12] chore(python): disable dependency dashboard (#68) --- .github/.OwlBot.lock.yaml | 2 +- renovate.json | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index a9fcd07..b75186c 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:9743664022bd63a8084be67f144898314c7ca12f0a03e422ac17c733c129d803 + digest: sha256:d6761eec279244e57fe9d21f8343381a01d3632c034811a72f68b83119e58c69 diff --git a/renovate.json b/renovate.json index c048955..9fa8816 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,8 @@ { "extends": [ - "config:base", ":preserveSemverRanges" + "config:base", + ":preserveSemverRanges", + ":disableDependencyDashboard" ], "ignorePaths": [".pre-commit-config.yaml"], "pip_requirements": { From 75a7799e64a1dd5950706f4b3e5a3b9ebc01c283 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 1 Sep 2021 15:44:44 +0000 Subject: [PATCH 06/12] chore(python): group renovate prs (#69) --- .github/.OwlBot.lock.yaml | 2 +- renovate.json | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index b75186c..ef3cb34 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:d6761eec279244e57fe9d21f8343381a01d3632c034811a72f68b83119e58c69 + digest: sha256:1456ea2b3b523ccff5e13030acef56d1de28f21249c62aa0f196265880338fa7 diff --git a/renovate.json b/renovate.json index 9fa8816..c21036d 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,7 @@ { "extends": [ "config:base", + "group:all", ":preserveSemverRanges", ":disableDependencyDashboard" ], From 59e1fc968d70d784ac0ffd4e2282b7dee50b55d1 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 3 Sep 2021 05:31:18 -0400 Subject: [PATCH 07/12] chore(python): rename default branch to main (#70) Source-Link: https://github.com/googleapis/synthtool/commit/5c0fa62eea9c33ebe61e582424b659eb264e1ba4 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:0ffe3bdd6c7159692df5f7744da74e5ef19966288a6bf76023e8e04e0c424d7d Co-authored-by: Owl Bot --- .github/.OwlBot.lock.yaml | 2 +- CONTRIBUTING.rst | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index ef3cb34..c07f148 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:1456ea2b3b523ccff5e13030acef56d1de28f21249c62aa0f196265880338fa7 + digest: sha256:0ffe3bdd6c7159692df5f7744da74e5ef19966288a6bf76023e8e04e0c424d7d diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 3ba80fd..33e1d4c 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -113,9 +113,9 @@ Coding Style export GOOGLE_CLOUD_TESTING_BRANCH="main" By doing this, you are specifying the location of the most up-to-date - version of ``python-binary-authorization``. The the suggested remote name ``upstream`` - should point to the official ``googleapis`` checkout and the - the branch should be the main branch on that remote (``main``). + version of ``python-binary-authorization``. The + remote name ``upstream`` should point to the official ``googleapis`` + checkout and the branch should be the default branch on that remote (``main``). - This repository contains configuration for the `pre-commit `__ tool, which automates checking From b32c7a2609bd6e58774c4e238d01fdbc2c985aa6 Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Tue, 7 Sep 2021 11:33:02 -0600 Subject: [PATCH 08/12] chore: reference main branch of google-cloud-python (#71) --- README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 0535ee8..24ead04 100644 --- a/README.rst +++ b/README.rst @@ -10,7 +10,7 @@ policy control for images deployed to Kubernetes Engine clusters. - `Product Documentation`_ .. |beta| image:: https://img.shields.io/badge/support-beta-orange.svg - :target: https://github.com/googleapis/google-cloud-python/blob/master/README.rst#beta-support + :target: https://github.com/googleapis/google-cloud-python/blob/main/README.rst#beta-support .. |pypi| image:: https://img.shields.io/pypi/v/google-cloud-binary-authorization.svg :target: https://pypi.org/project/google-cloud-binary-authorization/ .. |versions| image:: https://img.shields.io/pypi/pyversions/google-cloud-binary-authorization.svg @@ -81,4 +81,4 @@ Next Steps APIs that we cover. .. _Binary Authorization API Product documentation: https://cloud.google.com/binaryauthorization -.. _README: https://github.com/googleapis/google-cloud-python/blob/master/README.rst \ No newline at end of file +.. _README: https://github.com/googleapis/google-cloud-python/blob/main/README.rst \ No newline at end of file From 6e77950c295c618c6a18e04a9a99f6f07673856a Mon Sep 17 00:00:00 2001 From: Jeffrey Rennie Date: Tue, 21 Sep 2021 12:40:37 -0700 Subject: [PATCH 09/12] chore: relocate owl bot post processor (#73) chore: relocate owl bot post processor --- .github/.OwlBot.lock.yaml | 4 ++-- .github/.OwlBot.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index c07f148..2567653 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -1,3 +1,3 @@ docker: - image: gcr.io/repo-automation-bots/owlbot-python:latest - digest: sha256:0ffe3bdd6c7159692df5f7744da74e5ef19966288a6bf76023e8e04e0c424d7d + image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest + digest: sha256:87eee22d276554e4e52863ec9b1cb6a7245815dfae20439712bf644348215a5a diff --git a/.github/.OwlBot.yaml b/.github/.OwlBot.yaml index 0f1546c..0973a6e 100644 --- a/.github/.OwlBot.yaml +++ b/.github/.OwlBot.yaml @@ -13,7 +13,7 @@ # limitations under the License. docker: - image: gcr.io/repo-automation-bots/owlbot-python:latest + image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest deep-remove-regex: - /owl-bot-staging From cd828ec45edb5a297607ea7e9f94c39e68ef2d7d Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 23 Sep 2021 14:20:23 +0000 Subject: [PATCH 10/12] feat: add binaryauthorization v1 (#74) Closes #12 - [ ] Regenerate this pull request now. Committer: @alexander-fenster PiperOrigin-RevId: 398308923 Source-Link: https://github.com/googleapis/googleapis/commit/a3dccab3d2646799e6f3554994662c7aefa0d271 Source-Link: https://github.com/googleapis/googleapis-gen/commit/d475ce18d50c90ecdc27e425fdd498b26912266d Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZDQ3NWNlMThkNTBjOTBlY2RjMjdlNDI1ZmRkNDk4YjI2OTEyMjY2ZCJ9 fix: require grafeas>=1.1.2, proto-plus>=1.15.0 docs: fix broken links in README feat: set binaryauthorization_v1 as the default version --- README.rst | 12 +- .../binauthz_management_service_v1.rst | 10 + docs/binaryauthorization_v1/services.rst | 8 + .../system_policy_v1.rst | 6 + docs/binaryauthorization_v1/types.rst | 7 + .../validation_helper_v1.rst | 6 + docs/index.rst | 10 + google/cloud/binaryauthorization/__init__.py | 74 +- .../cloud/binaryauthorization_v1/__init__.py | 70 + .../gapic_metadata.json | 141 + google/cloud/binaryauthorization_v1/py.typed | 2 + .../services/__init__.py | 15 + .../__init__.py | 22 + .../async_client.py | 840 +++++ .../binauthz_management_service_v1/client.py | 970 ++++++ .../binauthz_management_service_v1/pagers.py | 156 + .../transports/__init__.py | 35 + .../transports/base.py | 317 ++ .../transports/grpc.py | 454 +++ .../transports/grpc_asyncio.py | 463 +++ .../services/system_policy_v1/__init__.py | 22 + .../services/system_policy_v1/async_client.py | 249 ++ .../services/system_policy_v1/client.py | 433 +++ .../system_policy_v1/transports/__init__.py | 33 + .../system_policy_v1/transports/base.py | 173 + .../system_policy_v1/transports/grpc.py | 257 ++ .../transports/grpc_asyncio.py | 260 ++ .../services/validation_helper_v1/__init__.py | 22 + .../validation_helper_v1/async_client.py | 223 ++ .../services/validation_helper_v1/client.py | 402 +++ .../transports/__init__.py | 35 + .../validation_helper_v1/transports/base.py | 177 ++ .../validation_helper_v1/transports/grpc.py | 262 ++ .../transports/grpc_asyncio.py | 265 ++ .../binaryauthorization_v1/types/__init__.py | 58 + .../binaryauthorization_v1/types/resources.py | 367 +++ .../binaryauthorization_v1/types/service.py | 247 ++ owlbot.py | 91 +- .../fixup_binaryauthorization_v1_keywords.py | 184 ++ setup.py | 5 +- testing/constraints-3.6.txt | 3 +- .../gapic/binaryauthorization_v1/__init__.py | 15 + .../test_binauthz_management_service_v1.py | 2821 +++++++++++++++++ .../test_system_policy_v1.py | 1308 ++++++++ .../test_validation_helper_v1.py | 1234 +++++++ 45 files changed, 12671 insertions(+), 93 deletions(-) create mode 100644 docs/binaryauthorization_v1/binauthz_management_service_v1.rst create mode 100644 docs/binaryauthorization_v1/services.rst create mode 100644 docs/binaryauthorization_v1/system_policy_v1.rst create mode 100644 docs/binaryauthorization_v1/types.rst create mode 100644 docs/binaryauthorization_v1/validation_helper_v1.rst create mode 100644 google/cloud/binaryauthorization_v1/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/gapic_metadata.json create mode 100644 google/cloud/binaryauthorization_v1/py.typed create mode 100644 google/cloud/binaryauthorization_v1/services/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/async_client.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/pagers.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py create mode 100644 google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py create mode 100644 google/cloud/binaryauthorization_v1/services/system_policy_v1/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/services/system_policy_v1/async_client.py create mode 100644 google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py create mode 100644 google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py create mode 100644 google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py create mode 100644 google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py create mode 100644 google/cloud/binaryauthorization_v1/services/validation_helper_v1/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/services/validation_helper_v1/async_client.py create mode 100644 google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py create mode 100644 google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py create mode 100644 google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py create mode 100644 google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py create mode 100644 google/cloud/binaryauthorization_v1/types/__init__.py create mode 100644 google/cloud/binaryauthorization_v1/types/resources.py create mode 100644 google/cloud/binaryauthorization_v1/types/service.py create mode 100644 scripts/fixup_binaryauthorization_v1_keywords.py create mode 100644 tests/unit/gapic/binaryauthorization_v1/__init__.py create mode 100644 tests/unit/gapic/binaryauthorization_v1/test_binauthz_management_service_v1.py create mode 100644 tests/unit/gapic/binaryauthorization_v1/test_system_policy_v1.py create mode 100644 tests/unit/gapic/binaryauthorization_v1/test_validation_helper_v1.py diff --git a/README.rst b/README.rst index 24ead04..36eb445 100644 --- a/README.rst +++ b/README.rst @@ -16,9 +16,9 @@ policy control for images deployed to Kubernetes Engine clusters. .. |versions| image:: https://img.shields.io/pypi/pyversions/google-cloud-binary-authorization.svg :target: https://pypi.org/project/google-cloud-binary-authorization/ -.. _Binary Authorization API: https://cloud.google.com/binaryauthorization -.. _Client Library Documentation: https://googleapis.github.io/google-cloud-python/latest/binaryauthorization/usage.html -.. _Product Documentation: https://cloud.google.com/binaryauthorization +.. _Binary Authorization API: https://cloud.google.com/binary-authorization +.. _Client Library Documentation: https://googleapis.dev/python/binaryauthorization/latest +.. _Product Documentation: https://cloud.google.com/binary-authorization Quick Start ----------- @@ -32,7 +32,7 @@ In order to use this library, you first need to go through the following steps: .. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project .. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project -.. _Enable the Binary Authorization API.: https://cloud.google.com/binaryauthorization +.. _Enable the Binary Authorization API.: https://cloud.google.com/binary-authorization .. _Setup Authentication.: https://googleapis.github.io/google-cloud-python/latest/core/auth.html Installation @@ -80,5 +80,5 @@ Next Steps - View this `README`_ to see the full list of Cloud APIs that we cover. -.. _Binary Authorization API Product documentation: https://cloud.google.com/binaryauthorization -.. _README: https://github.com/googleapis/google-cloud-python/blob/main/README.rst \ No newline at end of file +.. _Binary Authorization API Product documentation: https://cloud.google.com/binary-authorization +.. _README: https://github.com/googleapis/google-cloud-python/blob/main/README.rst diff --git a/docs/binaryauthorization_v1/binauthz_management_service_v1.rst b/docs/binaryauthorization_v1/binauthz_management_service_v1.rst new file mode 100644 index 0000000..1d11618 --- /dev/null +++ b/docs/binaryauthorization_v1/binauthz_management_service_v1.rst @@ -0,0 +1,10 @@ +BinauthzManagementServiceV1 +--------------------------------------------- + +.. automodule:: google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 + :members: + :inherited-members: + +.. automodule:: google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers + :members: + :inherited-members: diff --git a/docs/binaryauthorization_v1/services.rst b/docs/binaryauthorization_v1/services.rst new file mode 100644 index 0000000..d8423c9 --- /dev/null +++ b/docs/binaryauthorization_v1/services.rst @@ -0,0 +1,8 @@ +Services for Google Cloud Binaryauthorization v1 API +==================================================== +.. toctree:: + :maxdepth: 2 + + binauthz_management_service_v1 + system_policy_v1 + validation_helper_v1 diff --git a/docs/binaryauthorization_v1/system_policy_v1.rst b/docs/binaryauthorization_v1/system_policy_v1.rst new file mode 100644 index 0000000..da7e2d4 --- /dev/null +++ b/docs/binaryauthorization_v1/system_policy_v1.rst @@ -0,0 +1,6 @@ +SystemPolicyV1 +-------------------------------- + +.. automodule:: google.cloud.binaryauthorization_v1.services.system_policy_v1 + :members: + :inherited-members: diff --git a/docs/binaryauthorization_v1/types.rst b/docs/binaryauthorization_v1/types.rst new file mode 100644 index 0000000..f693b22 --- /dev/null +++ b/docs/binaryauthorization_v1/types.rst @@ -0,0 +1,7 @@ +Types for Google Cloud Binaryauthorization v1 API +================================================= + +.. automodule:: google.cloud.binaryauthorization_v1.types + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/binaryauthorization_v1/validation_helper_v1.rst b/docs/binaryauthorization_v1/validation_helper_v1.rst new file mode 100644 index 0000000..5d92ddc --- /dev/null +++ b/docs/binaryauthorization_v1/validation_helper_v1.rst @@ -0,0 +1,6 @@ +ValidationHelperV1 +------------------------------------ + +.. automodule:: google.cloud.binaryauthorization_v1.services.validation_helper_v1 + :members: + :inherited-members: diff --git a/docs/index.rst b/docs/index.rst index 9c3e955..d55ac54 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -2,6 +2,16 @@ .. include:: multiprocessing.rst +This package includes clients for multiple versions of Binary Authorization. +By default, you will get version ``v1``. + +API Reference +------------- +.. toctree:: + :maxdepth: 2 + + binaryauthorization_v1/services + binaryauthorization_v1/types API Reference ------------- diff --git a/google/cloud/binaryauthorization/__init__.py b/google/cloud/binaryauthorization/__init__.py index f054e4b..b480307 100644 --- a/google/cloud/binaryauthorization/__init__.py +++ b/google/cloud/binaryauthorization/__init__.py @@ -14,53 +14,73 @@ # limitations under the License. # -from google.cloud.binaryauthorization_v1beta1.services.binauthz_management_service_v1_beta1.client import ( - BinauthzManagementServiceV1Beta1Client, +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.client import ( + BinauthzManagementServiceV1Client, ) -from google.cloud.binaryauthorization_v1beta1.services.binauthz_management_service_v1_beta1.async_client import ( - BinauthzManagementServiceV1Beta1AsyncClient, +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.async_client import ( + BinauthzManagementServiceV1AsyncClient, ) - -from google.cloud.binaryauthorization_v1beta1.types.continuous_validation_logging import ( - ContinuousValidationEvent, +from google.cloud.binaryauthorization_v1.services.system_policy_v1.client import ( + SystemPolicyV1Client, +) +from google.cloud.binaryauthorization_v1.services.system_policy_v1.async_client import ( + SystemPolicyV1AsyncClient, +) +from google.cloud.binaryauthorization_v1.services.validation_helper_v1.client import ( + ValidationHelperV1Client, ) -from google.cloud.binaryauthorization_v1beta1.types.resources import AdmissionRule -from google.cloud.binaryauthorization_v1beta1.types.resources import ( +from google.cloud.binaryauthorization_v1.services.validation_helper_v1.async_client import ( + ValidationHelperV1AsyncClient, +) + +from google.cloud.binaryauthorization_v1.types.resources import AdmissionRule +from google.cloud.binaryauthorization_v1.types.resources import ( AdmissionWhitelistPattern, ) -from google.cloud.binaryauthorization_v1beta1.types.resources import Attestor -from google.cloud.binaryauthorization_v1beta1.types.resources import AttestorPublicKey -from google.cloud.binaryauthorization_v1beta1.types.resources import PkixPublicKey -from google.cloud.binaryauthorization_v1beta1.types.resources import Policy -from google.cloud.binaryauthorization_v1beta1.types.resources import ( - UserOwnedDrydockNote, +from google.cloud.binaryauthorization_v1.types.resources import Attestor +from google.cloud.binaryauthorization_v1.types.resources import AttestorPublicKey +from google.cloud.binaryauthorization_v1.types.resources import PkixPublicKey +from google.cloud.binaryauthorization_v1.types.resources import Policy +from google.cloud.binaryauthorization_v1.types.resources import UserOwnedGrafeasNote +from google.cloud.binaryauthorization_v1.types.service import CreateAttestorRequest +from google.cloud.binaryauthorization_v1.types.service import DeleteAttestorRequest +from google.cloud.binaryauthorization_v1.types.service import GetAttestorRequest +from google.cloud.binaryauthorization_v1.types.service import GetPolicyRequest +from google.cloud.binaryauthorization_v1.types.service import GetSystemPolicyRequest +from google.cloud.binaryauthorization_v1.types.service import ListAttestorsRequest +from google.cloud.binaryauthorization_v1.types.service import ListAttestorsResponse +from google.cloud.binaryauthorization_v1.types.service import UpdateAttestorRequest +from google.cloud.binaryauthorization_v1.types.service import UpdatePolicyRequest +from google.cloud.binaryauthorization_v1.types.service import ( + ValidateAttestationOccurrenceRequest, +) +from google.cloud.binaryauthorization_v1.types.service import ( + ValidateAttestationOccurrenceResponse, ) -from google.cloud.binaryauthorization_v1beta1.types.service import CreateAttestorRequest -from google.cloud.binaryauthorization_v1beta1.types.service import DeleteAttestorRequest -from google.cloud.binaryauthorization_v1beta1.types.service import GetAttestorRequest -from google.cloud.binaryauthorization_v1beta1.types.service import GetPolicyRequest -from google.cloud.binaryauthorization_v1beta1.types.service import ListAttestorsRequest -from google.cloud.binaryauthorization_v1beta1.types.service import ListAttestorsResponse -from google.cloud.binaryauthorization_v1beta1.types.service import UpdateAttestorRequest -from google.cloud.binaryauthorization_v1beta1.types.service import UpdatePolicyRequest __all__ = ( - "BinauthzManagementServiceV1Beta1Client", - "BinauthzManagementServiceV1Beta1AsyncClient", - "ContinuousValidationEvent", + "BinauthzManagementServiceV1Client", + "BinauthzManagementServiceV1AsyncClient", + "SystemPolicyV1Client", + "SystemPolicyV1AsyncClient", + "ValidationHelperV1Client", + "ValidationHelperV1AsyncClient", "AdmissionRule", "AdmissionWhitelistPattern", "Attestor", "AttestorPublicKey", "PkixPublicKey", "Policy", - "UserOwnedDrydockNote", + "UserOwnedGrafeasNote", "CreateAttestorRequest", "DeleteAttestorRequest", "GetAttestorRequest", "GetPolicyRequest", + "GetSystemPolicyRequest", "ListAttestorsRequest", "ListAttestorsResponse", "UpdateAttestorRequest", "UpdatePolicyRequest", + "ValidateAttestationOccurrenceRequest", + "ValidateAttestationOccurrenceResponse", ) diff --git a/google/cloud/binaryauthorization_v1/__init__.py b/google/cloud/binaryauthorization_v1/__init__.py new file mode 100644 index 0000000..c26f179 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/__init__.py @@ -0,0 +1,70 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from .services.binauthz_management_service_v1 import BinauthzManagementServiceV1Client +from .services.binauthz_management_service_v1 import ( + BinauthzManagementServiceV1AsyncClient, +) +from .services.system_policy_v1 import SystemPolicyV1Client +from .services.system_policy_v1 import SystemPolicyV1AsyncClient +from .services.validation_helper_v1 import ValidationHelperV1Client +from .services.validation_helper_v1 import ValidationHelperV1AsyncClient + +from .types.resources import AdmissionRule +from .types.resources import AdmissionWhitelistPattern +from .types.resources import Attestor +from .types.resources import AttestorPublicKey +from .types.resources import PkixPublicKey +from .types.resources import Policy +from .types.resources import UserOwnedGrafeasNote +from .types.service import CreateAttestorRequest +from .types.service import DeleteAttestorRequest +from .types.service import GetAttestorRequest +from .types.service import GetPolicyRequest +from .types.service import GetSystemPolicyRequest +from .types.service import ListAttestorsRequest +from .types.service import ListAttestorsResponse +from .types.service import UpdateAttestorRequest +from .types.service import UpdatePolicyRequest +from .types.service import ValidateAttestationOccurrenceRequest +from .types.service import ValidateAttestationOccurrenceResponse + +__all__ = ( + "BinauthzManagementServiceV1AsyncClient", + "SystemPolicyV1AsyncClient", + "ValidationHelperV1AsyncClient", + "AdmissionRule", + "AdmissionWhitelistPattern", + "Attestor", + "AttestorPublicKey", + "BinauthzManagementServiceV1Client", + "CreateAttestorRequest", + "DeleteAttestorRequest", + "GetAttestorRequest", + "GetPolicyRequest", + "GetSystemPolicyRequest", + "ListAttestorsRequest", + "ListAttestorsResponse", + "PkixPublicKey", + "Policy", + "SystemPolicyV1Client", + "UpdateAttestorRequest", + "UpdatePolicyRequest", + "UserOwnedGrafeasNote", + "ValidateAttestationOccurrenceRequest", + "ValidateAttestationOccurrenceResponse", + "ValidationHelperV1Client", +) diff --git a/google/cloud/binaryauthorization_v1/gapic_metadata.json b/google/cloud/binaryauthorization_v1/gapic_metadata.json new file mode 100644 index 0000000..1d349e7 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/gapic_metadata.json @@ -0,0 +1,141 @@ + { + "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", + "language": "python", + "libraryPackage": "google.cloud.binaryauthorization_v1", + "protoPackage": "google.cloud.binaryauthorization.v1", + "schema": "1.0", + "services": { + "BinauthzManagementServiceV1": { + "clients": { + "grpc": { + "libraryClient": "BinauthzManagementServiceV1Client", + "rpcs": { + "CreateAttestor": { + "methods": [ + "create_attestor" + ] + }, + "DeleteAttestor": { + "methods": [ + "delete_attestor" + ] + }, + "GetAttestor": { + "methods": [ + "get_attestor" + ] + }, + "GetPolicy": { + "methods": [ + "get_policy" + ] + }, + "ListAttestors": { + "methods": [ + "list_attestors" + ] + }, + "UpdateAttestor": { + "methods": [ + "update_attestor" + ] + }, + "UpdatePolicy": { + "methods": [ + "update_policy" + ] + } + } + }, + "grpc-async": { + "libraryClient": "BinauthzManagementServiceV1AsyncClient", + "rpcs": { + "CreateAttestor": { + "methods": [ + "create_attestor" + ] + }, + "DeleteAttestor": { + "methods": [ + "delete_attestor" + ] + }, + "GetAttestor": { + "methods": [ + "get_attestor" + ] + }, + "GetPolicy": { + "methods": [ + "get_policy" + ] + }, + "ListAttestors": { + "methods": [ + "list_attestors" + ] + }, + "UpdateAttestor": { + "methods": [ + "update_attestor" + ] + }, + "UpdatePolicy": { + "methods": [ + "update_policy" + ] + } + } + } + } + }, + "SystemPolicyV1": { + "clients": { + "grpc": { + "libraryClient": "SystemPolicyV1Client", + "rpcs": { + "GetSystemPolicy": { + "methods": [ + "get_system_policy" + ] + } + } + }, + "grpc-async": { + "libraryClient": "SystemPolicyV1AsyncClient", + "rpcs": { + "GetSystemPolicy": { + "methods": [ + "get_system_policy" + ] + } + } + } + } + }, + "ValidationHelperV1": { + "clients": { + "grpc": { + "libraryClient": "ValidationHelperV1Client", + "rpcs": { + "ValidateAttestationOccurrence": { + "methods": [ + "validate_attestation_occurrence" + ] + } + } + }, + "grpc-async": { + "libraryClient": "ValidationHelperV1AsyncClient", + "rpcs": { + "ValidateAttestationOccurrence": { + "methods": [ + "validate_attestation_occurrence" + ] + } + } + } + } + } + } +} diff --git a/google/cloud/binaryauthorization_v1/py.typed b/google/cloud/binaryauthorization_v1/py.typed new file mode 100644 index 0000000..5afd9ec --- /dev/null +++ b/google/cloud/binaryauthorization_v1/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-binaryauthorization package uses inline types. diff --git a/google/cloud/binaryauthorization_v1/services/__init__.py b/google/cloud/binaryauthorization_v1/services/__init__.py new file mode 100644 index 0000000..4de6597 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/__init__.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/__init__.py new file mode 100644 index 0000000..0cb1382 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .client import BinauthzManagementServiceV1Client +from .async_client import BinauthzManagementServiceV1AsyncClient + +__all__ = ( + "BinauthzManagementServiceV1Client", + "BinauthzManagementServiceV1AsyncClient", +) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/async_client.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/async_client.py new file mode 100644 index 0000000..bbc4840 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/async_client.py @@ -0,0 +1,840 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +import functools +import re +from typing import Dict, Sequence, Tuple, Type, Union +import pkg_resources + +import google.api_core.client_options as ClientOptions # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import ( + pagers, +) +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.protobuf import timestamp_pb2 # type: ignore +from .transports.base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO +from .transports.grpc_asyncio import BinauthzManagementServiceV1GrpcAsyncIOTransport +from .client import BinauthzManagementServiceV1Client + + +class BinauthzManagementServiceV1AsyncClient: + """Google Cloud Management Service for Binary Authorization admission + policies and attestation authorities. + + This API implements a REST model with the following objects: + + - [Policy][google.cloud.binaryauthorization.v1.Policy] + - [Attestor][google.cloud.binaryauthorization.v1.Attestor] + """ + + _client: BinauthzManagementServiceV1Client + + DEFAULT_ENDPOINT = BinauthzManagementServiceV1Client.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = BinauthzManagementServiceV1Client.DEFAULT_MTLS_ENDPOINT + + attestor_path = staticmethod(BinauthzManagementServiceV1Client.attestor_path) + parse_attestor_path = staticmethod( + BinauthzManagementServiceV1Client.parse_attestor_path + ) + policy_path = staticmethod(BinauthzManagementServiceV1Client.policy_path) + parse_policy_path = staticmethod( + BinauthzManagementServiceV1Client.parse_policy_path + ) + common_billing_account_path = staticmethod( + BinauthzManagementServiceV1Client.common_billing_account_path + ) + parse_common_billing_account_path = staticmethod( + BinauthzManagementServiceV1Client.parse_common_billing_account_path + ) + common_folder_path = staticmethod( + BinauthzManagementServiceV1Client.common_folder_path + ) + parse_common_folder_path = staticmethod( + BinauthzManagementServiceV1Client.parse_common_folder_path + ) + common_organization_path = staticmethod( + BinauthzManagementServiceV1Client.common_organization_path + ) + parse_common_organization_path = staticmethod( + BinauthzManagementServiceV1Client.parse_common_organization_path + ) + common_project_path = staticmethod( + BinauthzManagementServiceV1Client.common_project_path + ) + parse_common_project_path = staticmethod( + BinauthzManagementServiceV1Client.parse_common_project_path + ) + common_location_path = staticmethod( + BinauthzManagementServiceV1Client.common_location_path + ) + parse_common_location_path = staticmethod( + BinauthzManagementServiceV1Client.parse_common_location_path + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + BinauthzManagementServiceV1AsyncClient: The constructed client. + """ + return BinauthzManagementServiceV1Client.from_service_account_info.__func__(BinauthzManagementServiceV1AsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + BinauthzManagementServiceV1AsyncClient: The constructed client. + """ + return BinauthzManagementServiceV1Client.from_service_account_file.__func__(BinauthzManagementServiceV1AsyncClient, filename, *args, **kwargs) # type: ignore + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> BinauthzManagementServiceV1Transport: + """Returns the transport used by the client instance. + + Returns: + BinauthzManagementServiceV1Transport: The transport used by the client instance. + """ + return self._client.transport + + get_transport_class = functools.partial( + type(BinauthzManagementServiceV1Client).get_transport_class, + type(BinauthzManagementServiceV1Client), + ) + + def __init__( + self, + *, + credentials: ga_credentials.Credentials = None, + transport: Union[str, BinauthzManagementServiceV1Transport] = "grpc_asyncio", + client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the binauthz management service v1 client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.BinauthzManagementServiceV1Transport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client = BinauthzManagementServiceV1Client( + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, + ) + + async def get_policy( + self, + request: service.GetPolicyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Policy: + r"""A [policy][google.cloud.binaryauthorization.v1.Policy] specifies + the [attestors][google.cloud.binaryauthorization.v1.Attestor] + that must attest to a container image, before the project is + allowed to deploy that image. There is at most one policy per + project. All image admission requests are permitted if a project + has no policy. + + Gets the [policy][google.cloud.binaryauthorization.v1.Policy] + for this project. Returns a default + [policy][google.cloud.binaryauthorization.v1.Policy] if the + project does not have one. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.GetPolicyRequest`): + The request object. Request message for + [BinauthzManagementService.GetPolicy][]. + name (:class:`str`): + Required. The resource name of the + [policy][google.cloud.binaryauthorization.v1.Policy] to + retrieve, in the format ``projects/*/policy``. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Policy: + A [policy][google.cloud.binaryauthorization.v1.Policy] + for container image binary authorization. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetPolicyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_policy, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def update_policy( + self, + request: service.UpdatePolicyRequest = None, + *, + policy: resources.Policy = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Policy: + r"""Creates or updates a project's + [policy][google.cloud.binaryauthorization.v1.Policy], and + returns a copy of the new + [policy][google.cloud.binaryauthorization.v1.Policy]. A policy + is always updated as a whole, to avoid race conditions with + concurrent policy enforcement (or management!) requests. Returns + NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the + request is malformed. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest`): + The request object. Request message for + [BinauthzManagementService.UpdatePolicy][]. + policy (:class:`google.cloud.binaryauthorization_v1.types.Policy`): + Required. A new or updated + [policy][google.cloud.binaryauthorization.v1.Policy] + value. The service will overwrite the [policy + name][google.cloud.binaryauthorization.v1.Policy.name] + field with the resource name in the request URL, in the + format ``projects/*/policy``. + + This corresponds to the ``policy`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Policy: + A [policy][google.cloud.binaryauthorization.v1.Policy] + for container image binary authorization. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([policy]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdatePolicyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if policy is not None: + request.policy = policy + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.update_policy, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("policy.name", request.policy.name),) + ), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def create_attestor( + self, + request: service.CreateAttestorRequest = None, + *, + parent: str = None, + attestor_id: str = None, + attestor: resources.Attestor = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Attestor: + r"""Creates an + [attestor][google.cloud.binaryauthorization.v1.Attestor], and + returns a copy of the new + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the project does not exist, + INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if + the [attestor][google.cloud.binaryauthorization.v1.Attestor] + already exists. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.CreateAttestorRequest`): + The request object. Request message for + [BinauthzManagementService.CreateAttestor][]. + parent (:class:`str`): + Required. The parent of this + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + attestor_id (:class:`str`): + Required. The + [attestors][google.cloud.binaryauthorization.v1.Attestor] + ID. + + This corresponds to the ``attestor_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + attestor (:class:`google.cloud.binaryauthorization_v1.types.Attestor`): + Required. The initial + [attestor][google.cloud.binaryauthorization.v1.Attestor] + value. The service will overwrite the [attestor + name][google.cloud.binaryauthorization.v1.Attestor.name] + field with the resource name, in the format + ``projects/*/attestors/*``. + + This corresponds to the ``attestor`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Attestor: + An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image + artifacts. An existing attestor cannot be modified + except where indicated. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent, attestor_id, attestor]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateAttestorRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if attestor_id is not None: + request.attestor_id = attestor_id + if attestor is not None: + request.attestor = attestor + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_attestor, + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def get_attestor( + self, + request: service.GetAttestorRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Attestor: + r"""Gets an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.GetAttestorRequest`): + The request object. Request message for + [BinauthzManagementService.GetAttestor][]. + name (:class:`str`): + Required. The name of the + [attestor][google.cloud.binaryauthorization.v1.Attestor] + to retrieve, in the format ``projects/*/attestors/*``. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Attestor: + An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image + artifacts. An existing attestor cannot be modified + except where indicated. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetAttestorRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_attestor, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def update_attestor( + self, + request: service.UpdateAttestorRequest = None, + *, + attestor: resources.Attestor = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Attestor: + r"""Updates an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest`): + The request object. Request message for + [BinauthzManagementService.UpdateAttestor][]. + attestor (:class:`google.cloud.binaryauthorization_v1.types.Attestor`): + Required. The updated + [attestor][google.cloud.binaryauthorization.v1.Attestor] + value. The service will overwrite the [attestor + name][google.cloud.binaryauthorization.v1.Attestor.name] + field with the resource name in the request URL, in the + format ``projects/*/attestors/*``. + + This corresponds to the ``attestor`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Attestor: + An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image + artifacts. An existing attestor cannot be modified + except where indicated. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([attestor]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdateAttestorRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if attestor is not None: + request.attestor = attestor + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.update_attestor, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("attestor.name", request.attestor.name),) + ), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def list_attestors( + self, + request: service.ListAttestorsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListAttestorsAsyncPager: + r"""Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. + Returns INVALID_ARGUMENT if the project does not exist. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.ListAttestorsRequest`): + The request object. Request message for + [BinauthzManagementService.ListAttestors][]. + parent (:class:`str`): + Required. The resource name of the project associated + with the + [attestors][google.cloud.binaryauthorization.v1.Attestor], + in the format ``projects/*``. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsAsyncPager: + Response message for + [BinauthzManagementService.ListAttestors][]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListAttestorsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_attestors, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListAttestorsAsyncPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + async def delete_attestor( + self, + request: service.DeleteAttestorRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Deletes an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest`): + The request object. Request message for + [BinauthzManagementService.DeleteAttestor][]. + name (:class:`str`): + Required. The name of the + [attestors][google.cloud.binaryauthorization.v1.Attestor] + to delete, in the format ``projects/*/attestors/*``. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.DeleteAttestorRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.delete_attestor, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + await rpc( + request, retry=retry, timeout=timeout, metadata=metadata, + ) + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("BinauthzManagementServiceV1AsyncClient",) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py new file mode 100644 index 0000000..d5eb693 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py @@ -0,0 +1,970 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from distutils import util +import os +import re +from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union +import pkg_resources + +from google.api_core import client_options as client_options_lib # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import ( + pagers, +) +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.protobuf import timestamp_pb2 # type: ignore +from .transports.base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO +from .transports.grpc import BinauthzManagementServiceV1GrpcTransport +from .transports.grpc_asyncio import BinauthzManagementServiceV1GrpcAsyncIOTransport + + +class BinauthzManagementServiceV1ClientMeta(type): + """Metaclass for the BinauthzManagementServiceV1 client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + + _transport_registry = ( + OrderedDict() + ) # type: Dict[str, Type[BinauthzManagementServiceV1Transport]] + _transport_registry["grpc"] = BinauthzManagementServiceV1GrpcTransport + _transport_registry[ + "grpc_asyncio" + ] = BinauthzManagementServiceV1GrpcAsyncIOTransport + + def get_transport_class( + cls, label: str = None, + ) -> Type[BinauthzManagementServiceV1Transport]: + """Returns an appropriate transport class. + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class BinauthzManagementServiceV1Client( + metaclass=BinauthzManagementServiceV1ClientMeta +): + """Google Cloud Management Service for Binary Authorization admission + policies and attestation authorities. + + This API implements a REST model with the following objects: + + - [Policy][google.cloud.binaryauthorization.v1.Policy] + - [Attestor][google.cloud.binaryauthorization.v1.Attestor] + """ + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Converts api endpoint to mTLS endpoint. + + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + BinauthzManagementServiceV1Client: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + BinauthzManagementServiceV1Client: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file(filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> BinauthzManagementServiceV1Transport: + """Returns the transport used by the client instance. + + Returns: + BinauthzManagementServiceV1Transport: The transport used by the client + instance. + """ + return self._transport + + @staticmethod + def attestor_path(project: str, attestor: str,) -> str: + """Returns a fully-qualified attestor string.""" + return "projects/{project}/attestors/{attestor}".format( + project=project, attestor=attestor, + ) + + @staticmethod + def parse_attestor_path(path: str) -> Dict[str, str]: + """Parses a attestor path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/attestors/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def policy_path(project: str,) -> str: + """Returns a fully-qualified policy string.""" + return "projects/{project}/policy".format(project=project,) + + @staticmethod + def parse_policy_path(path: str) -> Dict[str, str]: + """Parses a policy path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/policy$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_billing_account_path(billing_account: str,) -> str: + """Returns a fully-qualified billing_account string.""" + return "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + + @staticmethod + def parse_common_billing_account_path(path: str) -> Dict[str, str]: + """Parse a billing_account path into its component segments.""" + m = re.match(r"^billingAccounts/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_folder_path(folder: str,) -> str: + """Returns a fully-qualified folder string.""" + return "folders/{folder}".format(folder=folder,) + + @staticmethod + def parse_common_folder_path(path: str) -> Dict[str, str]: + """Parse a folder path into its component segments.""" + m = re.match(r"^folders/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_organization_path(organization: str,) -> str: + """Returns a fully-qualified organization string.""" + return "organizations/{organization}".format(organization=organization,) + + @staticmethod + def parse_common_organization_path(path: str) -> Dict[str, str]: + """Parse a organization path into its component segments.""" + m = re.match(r"^organizations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_project_path(project: str,) -> str: + """Returns a fully-qualified project string.""" + return "projects/{project}".format(project=project,) + + @staticmethod + def parse_common_project_path(path: str) -> Dict[str, str]: + """Parse a project path into its component segments.""" + m = re.match(r"^projects/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_location_path(project: str, location: str,) -> str: + """Returns a fully-qualified location string.""" + return "projects/{project}/locations/{location}".format( + project=project, location=location, + ) + + @staticmethod + def parse_common_location_path(path: str) -> Dict[str, str]: + """Parse a location path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) + return m.groupdict() if m else {} + + def __init__( + self, + *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Union[str, BinauthzManagementServiceV1Transport, None] = None, + client_options: Optional[client_options_lib.ClientOptions] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the binauthz management service v1 client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, BinauthzManagementServiceV1Transport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. It won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + if isinstance(client_options, dict): + client_options = client_options_lib.from_dict(client_options) + if client_options is None: + client_options = client_options_lib.ClientOptions() + + # Create SSL credentials for mutual TLS if needed. + use_client_cert = bool( + util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) + ) + + client_cert_source_func = None + is_mtls = False + if use_client_cert: + if client_options.client_cert_source: + is_mtls = True + client_cert_source_func = client_options.client_cert_source + else: + is_mtls = mtls.has_default_client_cert_source() + if is_mtls: + client_cert_source_func = mtls.default_client_cert_source() + else: + client_cert_source_func = None + + # Figure out which api endpoint to use. + if client_options.api_endpoint is not None: + api_endpoint = client_options.api_endpoint + else: + use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") + if use_mtls_env == "never": + api_endpoint = self.DEFAULT_ENDPOINT + elif use_mtls_env == "always": + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + elif use_mtls_env == "auto": + if is_mtls: + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = self.DEFAULT_ENDPOINT + else: + raise MutualTLSChannelError( + "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " + "values: never, auto, always" + ) + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + if isinstance(transport, BinauthzManagementServiceV1Transport): + # transport is a BinauthzManagementServiceV1Transport instance. + if credentials or client_options.credentials_file: + raise ValueError( + "When providing a transport instance, " + "provide its credentials directly." + ) + if client_options.scopes: + raise ValueError( + "When providing a transport instance, provide its scopes " + "directly." + ) + self._transport = transport + else: + Transport = type(self).get_transport_class(transport) + self._transport = Transport( + credentials=credentials, + credentials_file=client_options.credentials_file, + host=api_endpoint, + scopes=client_options.scopes, + client_cert_source_for_mtls=client_cert_source_func, + quota_project_id=client_options.quota_project_id, + client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), + ) + + def get_policy( + self, + request: service.GetPolicyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Policy: + r"""A [policy][google.cloud.binaryauthorization.v1.Policy] specifies + the [attestors][google.cloud.binaryauthorization.v1.Attestor] + that must attest to a container image, before the project is + allowed to deploy that image. There is at most one policy per + project. All image admission requests are permitted if a project + has no policy. + + Gets the [policy][google.cloud.binaryauthorization.v1.Policy] + for this project. Returns a default + [policy][google.cloud.binaryauthorization.v1.Policy] if the + project does not have one. + + Args: + request (google.cloud.binaryauthorization_v1.types.GetPolicyRequest): + The request object. Request message for + [BinauthzManagementService.GetPolicy][]. + name (str): + Required. The resource name of the + [policy][google.cloud.binaryauthorization.v1.Policy] to + retrieve, in the format ``projects/*/policy``. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Policy: + A [policy][google.cloud.binaryauthorization.v1.Policy] + for container image binary authorization. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.GetPolicyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetPolicyRequest): + request = service.GetPolicyRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def update_policy( + self, + request: service.UpdatePolicyRequest = None, + *, + policy: resources.Policy = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Policy: + r"""Creates or updates a project's + [policy][google.cloud.binaryauthorization.v1.Policy], and + returns a copy of the new + [policy][google.cloud.binaryauthorization.v1.Policy]. A policy + is always updated as a whole, to avoid race conditions with + concurrent policy enforcement (or management!) requests. Returns + NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the + request is malformed. + + Args: + request (google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest): + The request object. Request message for + [BinauthzManagementService.UpdatePolicy][]. + policy (google.cloud.binaryauthorization_v1.types.Policy): + Required. A new or updated + [policy][google.cloud.binaryauthorization.v1.Policy] + value. The service will overwrite the [policy + name][google.cloud.binaryauthorization.v1.Policy.name] + field with the resource name in the request URL, in the + format ``projects/*/policy``. + + This corresponds to the ``policy`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Policy: + A [policy][google.cloud.binaryauthorization.v1.Policy] + for container image binary authorization. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([policy]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.UpdatePolicyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.UpdatePolicyRequest): + request = service.UpdatePolicyRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if policy is not None: + request.policy = policy + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.update_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("policy.name", request.policy.name),) + ), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def create_attestor( + self, + request: service.CreateAttestorRequest = None, + *, + parent: str = None, + attestor_id: str = None, + attestor: resources.Attestor = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Attestor: + r"""Creates an + [attestor][google.cloud.binaryauthorization.v1.Attestor], and + returns a copy of the new + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the project does not exist, + INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if + the [attestor][google.cloud.binaryauthorization.v1.Attestor] + already exists. + + Args: + request (google.cloud.binaryauthorization_v1.types.CreateAttestorRequest): + The request object. Request message for + [BinauthzManagementService.CreateAttestor][]. + parent (str): + Required. The parent of this + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + attestor_id (str): + Required. The + [attestors][google.cloud.binaryauthorization.v1.Attestor] + ID. + + This corresponds to the ``attestor_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + attestor (google.cloud.binaryauthorization_v1.types.Attestor): + Required. The initial + [attestor][google.cloud.binaryauthorization.v1.Attestor] + value. The service will overwrite the [attestor + name][google.cloud.binaryauthorization.v1.Attestor.name] + field with the resource name, in the format + ``projects/*/attestors/*``. + + This corresponds to the ``attestor`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Attestor: + An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image + artifacts. An existing attestor cannot be modified + except where indicated. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent, attestor_id, attestor]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.CreateAttestorRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.CreateAttestorRequest): + request = service.CreateAttestorRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if attestor_id is not None: + request.attestor_id = attestor_id + if attestor is not None: + request.attestor = attestor + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_attestor] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def get_attestor( + self, + request: service.GetAttestorRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Attestor: + r"""Gets an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Args: + request (google.cloud.binaryauthorization_v1.types.GetAttestorRequest): + The request object. Request message for + [BinauthzManagementService.GetAttestor][]. + name (str): + Required. The name of the + [attestor][google.cloud.binaryauthorization.v1.Attestor] + to retrieve, in the format ``projects/*/attestors/*``. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Attestor: + An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image + artifacts. An existing attestor cannot be modified + except where indicated. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.GetAttestorRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetAttestorRequest): + request = service.GetAttestorRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_attestor] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def update_attestor( + self, + request: service.UpdateAttestorRequest = None, + *, + attestor: resources.Attestor = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Attestor: + r"""Updates an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Args: + request (google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest): + The request object. Request message for + [BinauthzManagementService.UpdateAttestor][]. + attestor (google.cloud.binaryauthorization_v1.types.Attestor): + Required. The updated + [attestor][google.cloud.binaryauthorization.v1.Attestor] + value. The service will overwrite the [attestor + name][google.cloud.binaryauthorization.v1.Attestor.name] + field with the resource name in the request URL, in the + format ``projects/*/attestors/*``. + + This corresponds to the ``attestor`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Attestor: + An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image + artifacts. An existing attestor cannot be modified + except where indicated. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([attestor]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.UpdateAttestorRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.UpdateAttestorRequest): + request = service.UpdateAttestorRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if attestor is not None: + request.attestor = attestor + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.update_attestor] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("attestor.name", request.attestor.name),) + ), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def list_attestors( + self, + request: service.ListAttestorsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListAttestorsPager: + r"""Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. + Returns INVALID_ARGUMENT if the project does not exist. + + Args: + request (google.cloud.binaryauthorization_v1.types.ListAttestorsRequest): + The request object. Request message for + [BinauthzManagementService.ListAttestors][]. + parent (str): + Required. The resource name of the project associated + with the + [attestors][google.cloud.binaryauthorization.v1.Attestor], + in the format ``projects/*``. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsPager: + Response message for + [BinauthzManagementService.ListAttestors][]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.ListAttestorsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ListAttestorsRequest): + request = service.ListAttestorsRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_attestors] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListAttestorsPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + def delete_attestor( + self, + request: service.DeleteAttestorRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> None: + r"""Deletes an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Args: + request (google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest): + The request object. Request message for + [BinauthzManagementService.DeleteAttestor][]. + name (str): + Required. The name of the + [attestors][google.cloud.binaryauthorization.v1.Attestor] + to delete, in the format ``projects/*/attestors/*``. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.DeleteAttestorRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.DeleteAttestorRequest): + request = service.DeleteAttestorRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.delete_attestor] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + rpc( + request, retry=retry, timeout=timeout, metadata=metadata, + ) + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("BinauthzManagementServiceV1Client",) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/pagers.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/pagers.py new file mode 100644 index 0000000..30d2338 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/pagers.py @@ -0,0 +1,156 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from typing import ( + Any, + AsyncIterable, + Awaitable, + Callable, + Iterable, + Sequence, + Tuple, + Optional, +) + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service + + +class ListAttestorsPager: + """A pager for iterating through ``list_attestors`` requests. + + This class thinly wraps an initial + :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``attestors`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListAttestors`` requests and continue to iterate + through the ``attestors`` field on the + corresponding responses. + + All the usual :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., service.ListAttestorsResponse], + request: service.ListAttestorsRequest, + response: service.ListAttestorsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.binaryauthorization_v1.types.ListAttestorsRequest): + The initial request object. + response (google.cloud.binaryauthorization_v1.types.ListAttestorsResponse): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListAttestorsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterable[service.ListAttestorsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterable[resources.Attestor]: + for page in self.pages: + yield from page.attestors + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListAttestorsAsyncPager: + """A pager for iterating through ``list_attestors`` requests. + + This class thinly wraps an initial + :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``attestors`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListAttestors`` requests and continue to iterate + through the ``attestors`` field on the + corresponding responses. + + All the usual :class:`google.cloud.binaryauthorization_v1.types.ListAttestorsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., Awaitable[service.ListAttestorsResponse]], + request: service.ListAttestorsRequest, + response: service.ListAttestorsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiates the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.binaryauthorization_v1.types.ListAttestorsRequest): + The initial request object. + response (google.cloud.binaryauthorization_v1.types.ListAttestorsResponse): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListAttestorsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterable[service.ListAttestorsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, metadata=self._metadata) + yield self._response + + def __aiter__(self) -> AsyncIterable[resources.Attestor]: + async def async_generator(): + async for page in self.pages: + for response in page.attestors: + yield response + + return async_generator() + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/__init__.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/__init__.py new file mode 100644 index 0000000..444c09e --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/__init__.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from typing import Dict, Type + +from .base import BinauthzManagementServiceV1Transport +from .grpc import BinauthzManagementServiceV1GrpcTransport +from .grpc_asyncio import BinauthzManagementServiceV1GrpcAsyncIOTransport + + +# Compile a registry of transports. +_transport_registry = ( + OrderedDict() +) # type: Dict[str, Type[BinauthzManagementServiceV1Transport]] +_transport_registry["grpc"] = BinauthzManagementServiceV1GrpcTransport +_transport_registry["grpc_asyncio"] = BinauthzManagementServiceV1GrpcAsyncIOTransport + +__all__ = ( + "BinauthzManagementServiceV1Transport", + "BinauthzManagementServiceV1GrpcTransport", + "BinauthzManagementServiceV1GrpcAsyncIOTransport", +) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py new file mode 100644 index 0000000..12f8b89 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py @@ -0,0 +1,317 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import abc +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union +import packaging.version +import pkg_resources + +import google.auth # type: ignore +import google.api_core # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.protobuf import empty_pb2 # type: ignore + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + +try: + # google.auth.__version__ was added in 1.26.0 + _GOOGLE_AUTH_VERSION = google.auth.__version__ +except AttributeError: + try: # try pkg_resources if it is available + _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version + except pkg_resources.DistributionNotFound: # pragma: NO COVER + _GOOGLE_AUTH_VERSION = None + + +class BinauthzManagementServiceV1Transport(abc.ABC): + """Abstract transport class for BinauthzManagementServiceV1.""" + + AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",) + + DEFAULT_HOST: str = "binaryauthorization.googleapis.com" + + def __init__( + self, + *, + host: str = DEFAULT_HOST, + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + """ + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + + scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) + + # Save the scopes. + self._scopes = scopes + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise core_exceptions.DuplicateCredentialArgs( + "'credentials_file' and 'credentials' are mutually exclusive" + ) + + if credentials_file is not None: + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, **scopes_kwargs, quota_project_id=quota_project_id + ) + + elif credentials is None: + credentials, _ = google.auth.default( + **scopes_kwargs, quota_project_id=quota_project_id + ) + + # If the credentials is service account credentials, then always try to use self signed JWT. + if ( + always_use_jwt_access + and isinstance(credentials, service_account.Credentials) + and hasattr(service_account.Credentials, "with_always_use_jwt_access") + ): + credentials = credentials.with_always_use_jwt_access(True) + + # Save the credentials. + self._credentials = credentials + + # TODO(busunkim): This method is in the base transport + # to avoid duplicating code across the transport classes. These functions + # should be deleted once the minimum required versions of google-auth is increased. + + # TODO: Remove this function once google-auth >= 1.25.0 is required + @classmethod + def _get_scopes_kwargs( + cls, host: str, scopes: Optional[Sequence[str]] + ) -> Dict[str, Optional[Sequence[str]]]: + """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" + + scopes_kwargs = {} + + if _GOOGLE_AUTH_VERSION and ( + packaging.version.parse(_GOOGLE_AUTH_VERSION) + >= packaging.version.parse("1.25.0") + ): + scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} + else: + scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} + + return scopes_kwargs + + def _prep_wrapped_messages(self, client_info): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.get_policy: gapic_v1.method.wrap_method( + self.get_policy, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=client_info, + ), + self.update_policy: gapic_v1.method.wrap_method( + self.update_policy, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=client_info, + ), + self.create_attestor: gapic_v1.method.wrap_method( + self.create_attestor, default_timeout=600.0, client_info=client_info, + ), + self.get_attestor: gapic_v1.method.wrap_method( + self.get_attestor, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=client_info, + ), + self.update_attestor: gapic_v1.method.wrap_method( + self.update_attestor, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=client_info, + ), + self.list_attestors: gapic_v1.method.wrap_method( + self.list_attestors, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=client_info, + ), + self.delete_attestor: gapic_v1.method.wrap_method( + self.delete_attestor, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + core_exceptions.DeadlineExceeded, + core_exceptions.ServiceUnavailable, + ), + deadline=600.0, + ), + default_timeout=600.0, + client_info=client_info, + ), + } + + @property + def get_policy( + self, + ) -> Callable[ + [service.GetPolicyRequest], Union[resources.Policy, Awaitable[resources.Policy]] + ]: + raise NotImplementedError() + + @property + def update_policy( + self, + ) -> Callable[ + [service.UpdatePolicyRequest], + Union[resources.Policy, Awaitable[resources.Policy]], + ]: + raise NotImplementedError() + + @property + def create_attestor( + self, + ) -> Callable[ + [service.CreateAttestorRequest], + Union[resources.Attestor, Awaitable[resources.Attestor]], + ]: + raise NotImplementedError() + + @property + def get_attestor( + self, + ) -> Callable[ + [service.GetAttestorRequest], + Union[resources.Attestor, Awaitable[resources.Attestor]], + ]: + raise NotImplementedError() + + @property + def update_attestor( + self, + ) -> Callable[ + [service.UpdateAttestorRequest], + Union[resources.Attestor, Awaitable[resources.Attestor]], + ]: + raise NotImplementedError() + + @property + def list_attestors( + self, + ) -> Callable[ + [service.ListAttestorsRequest], + Union[service.ListAttestorsResponse, Awaitable[service.ListAttestorsResponse]], + ]: + raise NotImplementedError() + + @property + def delete_attestor( + self, + ) -> Callable[ + [service.DeleteAttestorRequest], + Union[empty_pb2.Empty, Awaitable[empty_pb2.Empty]], + ]: + raise NotImplementedError() + + +__all__ = ("BinauthzManagementServiceV1Transport",) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py new file mode 100644 index 0000000..53d8da3 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py @@ -0,0 +1,454 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import grpc_helpers # type: ignore +from google.api_core import gapic_v1 # type: ignore +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore + +import grpc # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.protobuf import empty_pb2 # type: ignore +from .base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO + + +class BinauthzManagementServiceV1GrpcTransport(BinauthzManagementServiceV1Transport): + """gRPC backend transport for BinauthzManagementServiceV1. + + Google Cloud Management Service for Binary Authorization admission + policies and attestation authorities. + + This API implements a REST model with the following objects: + + - [Policy][google.cloud.binaryauthorization.v1.Policy] + - [Attestor][google.cloud.binaryauthorization.v1.Attestor] + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _stubs: Dict[str, Callable] + + def __init__( + self, + *, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Sequence[str] = None, + channel: grpc.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + channel (Optional[grpc.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @classmethod + def create_channel( + cls, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Return the channel designed to connect to this service. + """ + return self._grpc_channel + + @property + def get_policy(self) -> Callable[[service.GetPolicyRequest], resources.Policy]: + r"""Return a callable for the get policy method over gRPC. + + A [policy][google.cloud.binaryauthorization.v1.Policy] specifies + the [attestors][google.cloud.binaryauthorization.v1.Attestor] + that must attest to a container image, before the project is + allowed to deploy that image. There is at most one policy per + project. All image admission requests are permitted if a project + has no policy. + + Gets the [policy][google.cloud.binaryauthorization.v1.Policy] + for this project. Returns a default + [policy][google.cloud.binaryauthorization.v1.Policy] if the + project does not have one. + + Returns: + Callable[[~.GetPolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_policy" not in self._stubs: + self._stubs["get_policy"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetPolicy", + request_serializer=service.GetPolicyRequest.serialize, + response_deserializer=resources.Policy.deserialize, + ) + return self._stubs["get_policy"] + + @property + def update_policy( + self, + ) -> Callable[[service.UpdatePolicyRequest], resources.Policy]: + r"""Return a callable for the update policy method over gRPC. + + Creates or updates a project's + [policy][google.cloud.binaryauthorization.v1.Policy], and + returns a copy of the new + [policy][google.cloud.binaryauthorization.v1.Policy]. A policy + is always updated as a whole, to avoid race conditions with + concurrent policy enforcement (or management!) requests. Returns + NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the + request is malformed. + + Returns: + Callable[[~.UpdatePolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_policy" not in self._stubs: + self._stubs["update_policy"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdatePolicy", + request_serializer=service.UpdatePolicyRequest.serialize, + response_deserializer=resources.Policy.deserialize, + ) + return self._stubs["update_policy"] + + @property + def create_attestor( + self, + ) -> Callable[[service.CreateAttestorRequest], resources.Attestor]: + r"""Return a callable for the create attestor method over gRPC. + + Creates an + [attestor][google.cloud.binaryauthorization.v1.Attestor], and + returns a copy of the new + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the project does not exist, + INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if + the [attestor][google.cloud.binaryauthorization.v1.Attestor] + already exists. + + Returns: + Callable[[~.CreateAttestorRequest], + ~.Attestor]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_attestor" not in self._stubs: + self._stubs["create_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/CreateAttestor", + request_serializer=service.CreateAttestorRequest.serialize, + response_deserializer=resources.Attestor.deserialize, + ) + return self._stubs["create_attestor"] + + @property + def get_attestor( + self, + ) -> Callable[[service.GetAttestorRequest], resources.Attestor]: + r"""Return a callable for the get attestor method over gRPC. + + Gets an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Returns: + Callable[[~.GetAttestorRequest], + ~.Attestor]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_attestor" not in self._stubs: + self._stubs["get_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetAttestor", + request_serializer=service.GetAttestorRequest.serialize, + response_deserializer=resources.Attestor.deserialize, + ) + return self._stubs["get_attestor"] + + @property + def update_attestor( + self, + ) -> Callable[[service.UpdateAttestorRequest], resources.Attestor]: + r"""Return a callable for the update attestor method over gRPC. + + Updates an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Returns: + Callable[[~.UpdateAttestorRequest], + ~.Attestor]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_attestor" not in self._stubs: + self._stubs["update_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdateAttestor", + request_serializer=service.UpdateAttestorRequest.serialize, + response_deserializer=resources.Attestor.deserialize, + ) + return self._stubs["update_attestor"] + + @property + def list_attestors( + self, + ) -> Callable[[service.ListAttestorsRequest], service.ListAttestorsResponse]: + r"""Return a callable for the list attestors method over gRPC. + + Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. + Returns INVALID_ARGUMENT if the project does not exist. + + Returns: + Callable[[~.ListAttestorsRequest], + ~.ListAttestorsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_attestors" not in self._stubs: + self._stubs["list_attestors"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/ListAttestors", + request_serializer=service.ListAttestorsRequest.serialize, + response_deserializer=service.ListAttestorsResponse.deserialize, + ) + return self._stubs["list_attestors"] + + @property + def delete_attestor( + self, + ) -> Callable[[service.DeleteAttestorRequest], empty_pb2.Empty]: + r"""Return a callable for the delete attestor method over gRPC. + + Deletes an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Returns: + Callable[[~.DeleteAttestorRequest], + ~.Empty]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_attestor" not in self._stubs: + self._stubs["delete_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/DeleteAttestor", + request_serializer=service.DeleteAttestorRequest.serialize, + response_deserializer=empty_pb2.Empty.FromString, + ) + return self._stubs["delete_attestor"] + + +__all__ = ("BinauthzManagementServiceV1GrpcTransport",) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py new file mode 100644 index 0000000..167e397 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py @@ -0,0 +1,463 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import gapic_v1 # type: ignore +from google.api_core import grpc_helpers_async # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +import packaging.version + +import grpc # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.protobuf import empty_pb2 # type: ignore +from .base import BinauthzManagementServiceV1Transport, DEFAULT_CLIENT_INFO +from .grpc import BinauthzManagementServiceV1GrpcTransport + + +class BinauthzManagementServiceV1GrpcAsyncIOTransport( + BinauthzManagementServiceV1Transport +): + """gRPC AsyncIO backend transport for BinauthzManagementServiceV1. + + Google Cloud Management Service for Binary Authorization admission + policies and attestation authorities. + + This API implements a REST model with the following objects: + + - [Policy][google.cloud.binaryauthorization.v1.Policy] + - [Attestor][google.cloud.binaryauthorization.v1.Attestor] + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel( + cls, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + def __init__( + self, + *, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: aio.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id=None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[aio.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Return the channel from cache. + return self._grpc_channel + + @property + def get_policy( + self, + ) -> Callable[[service.GetPolicyRequest], Awaitable[resources.Policy]]: + r"""Return a callable for the get policy method over gRPC. + + A [policy][google.cloud.binaryauthorization.v1.Policy] specifies + the [attestors][google.cloud.binaryauthorization.v1.Attestor] + that must attest to a container image, before the project is + allowed to deploy that image. There is at most one policy per + project. All image admission requests are permitted if a project + has no policy. + + Gets the [policy][google.cloud.binaryauthorization.v1.Policy] + for this project. Returns a default + [policy][google.cloud.binaryauthorization.v1.Policy] if the + project does not have one. + + Returns: + Callable[[~.GetPolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_policy" not in self._stubs: + self._stubs["get_policy"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetPolicy", + request_serializer=service.GetPolicyRequest.serialize, + response_deserializer=resources.Policy.deserialize, + ) + return self._stubs["get_policy"] + + @property + def update_policy( + self, + ) -> Callable[[service.UpdatePolicyRequest], Awaitable[resources.Policy]]: + r"""Return a callable for the update policy method over gRPC. + + Creates or updates a project's + [policy][google.cloud.binaryauthorization.v1.Policy], and + returns a copy of the new + [policy][google.cloud.binaryauthorization.v1.Policy]. A policy + is always updated as a whole, to avoid race conditions with + concurrent policy enforcement (or management!) requests. Returns + NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the + request is malformed. + + Returns: + Callable[[~.UpdatePolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_policy" not in self._stubs: + self._stubs["update_policy"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdatePolicy", + request_serializer=service.UpdatePolicyRequest.serialize, + response_deserializer=resources.Policy.deserialize, + ) + return self._stubs["update_policy"] + + @property + def create_attestor( + self, + ) -> Callable[[service.CreateAttestorRequest], Awaitable[resources.Attestor]]: + r"""Return a callable for the create attestor method over gRPC. + + Creates an + [attestor][google.cloud.binaryauthorization.v1.Attestor], and + returns a copy of the new + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the project does not exist, + INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if + the [attestor][google.cloud.binaryauthorization.v1.Attestor] + already exists. + + Returns: + Callable[[~.CreateAttestorRequest], + Awaitable[~.Attestor]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_attestor" not in self._stubs: + self._stubs["create_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/CreateAttestor", + request_serializer=service.CreateAttestorRequest.serialize, + response_deserializer=resources.Attestor.deserialize, + ) + return self._stubs["create_attestor"] + + @property + def get_attestor( + self, + ) -> Callable[[service.GetAttestorRequest], Awaitable[resources.Attestor]]: + r"""Return a callable for the get attestor method over gRPC. + + Gets an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Returns: + Callable[[~.GetAttestorRequest], + Awaitable[~.Attestor]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_attestor" not in self._stubs: + self._stubs["get_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetAttestor", + request_serializer=service.GetAttestorRequest.serialize, + response_deserializer=resources.Attestor.deserialize, + ) + return self._stubs["get_attestor"] + + @property + def update_attestor( + self, + ) -> Callable[[service.UpdateAttestorRequest], Awaitable[resources.Attestor]]: + r"""Return a callable for the update attestor method over gRPC. + + Updates an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Returns: + Callable[[~.UpdateAttestorRequest], + Awaitable[~.Attestor]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_attestor" not in self._stubs: + self._stubs["update_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdateAttestor", + request_serializer=service.UpdateAttestorRequest.serialize, + response_deserializer=resources.Attestor.deserialize, + ) + return self._stubs["update_attestor"] + + @property + def list_attestors( + self, + ) -> Callable[ + [service.ListAttestorsRequest], Awaitable[service.ListAttestorsResponse] + ]: + r"""Return a callable for the list attestors method over gRPC. + + Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. + Returns INVALID_ARGUMENT if the project does not exist. + + Returns: + Callable[[~.ListAttestorsRequest], + Awaitable[~.ListAttestorsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_attestors" not in self._stubs: + self._stubs["list_attestors"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/ListAttestors", + request_serializer=service.ListAttestorsRequest.serialize, + response_deserializer=service.ListAttestorsResponse.deserialize, + ) + return self._stubs["list_attestors"] + + @property + def delete_attestor( + self, + ) -> Callable[[service.DeleteAttestorRequest], Awaitable[empty_pb2.Empty]]: + r"""Return a callable for the delete attestor method over gRPC. + + Deletes an + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + Returns NOT_FOUND if the + [attestor][google.cloud.binaryauthorization.v1.Attestor] does + not exist. + + Returns: + Callable[[~.DeleteAttestorRequest], + Awaitable[~.Empty]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_attestor" not in self._stubs: + self._stubs["delete_attestor"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/DeleteAttestor", + request_serializer=service.DeleteAttestorRequest.serialize, + response_deserializer=empty_pb2.Empty.FromString, + ) + return self._stubs["delete_attestor"] + + +__all__ = ("BinauthzManagementServiceV1GrpcAsyncIOTransport",) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/__init__.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/__init__.py new file mode 100644 index 0000000..0d527b7 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .client import SystemPolicyV1Client +from .async_client import SystemPolicyV1AsyncClient + +__all__ = ( + "SystemPolicyV1Client", + "SystemPolicyV1AsyncClient", +) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/async_client.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/async_client.py new file mode 100644 index 0000000..75c81fc --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/async_client.py @@ -0,0 +1,249 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +import functools +import re +from typing import Dict, Sequence, Tuple, Type, Union +import pkg_resources + +import google.api_core.client_options as ClientOptions # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.protobuf import timestamp_pb2 # type: ignore +from .transports.base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO +from .transports.grpc_asyncio import SystemPolicyV1GrpcAsyncIOTransport +from .client import SystemPolicyV1Client + + +class SystemPolicyV1AsyncClient: + """API for working with the system policy.""" + + _client: SystemPolicyV1Client + + DEFAULT_ENDPOINT = SystemPolicyV1Client.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = SystemPolicyV1Client.DEFAULT_MTLS_ENDPOINT + + policy_path = staticmethod(SystemPolicyV1Client.policy_path) + parse_policy_path = staticmethod(SystemPolicyV1Client.parse_policy_path) + common_billing_account_path = staticmethod( + SystemPolicyV1Client.common_billing_account_path + ) + parse_common_billing_account_path = staticmethod( + SystemPolicyV1Client.parse_common_billing_account_path + ) + common_folder_path = staticmethod(SystemPolicyV1Client.common_folder_path) + parse_common_folder_path = staticmethod( + SystemPolicyV1Client.parse_common_folder_path + ) + common_organization_path = staticmethod( + SystemPolicyV1Client.common_organization_path + ) + parse_common_organization_path = staticmethod( + SystemPolicyV1Client.parse_common_organization_path + ) + common_project_path = staticmethod(SystemPolicyV1Client.common_project_path) + parse_common_project_path = staticmethod( + SystemPolicyV1Client.parse_common_project_path + ) + common_location_path = staticmethod(SystemPolicyV1Client.common_location_path) + parse_common_location_path = staticmethod( + SystemPolicyV1Client.parse_common_location_path + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SystemPolicyV1AsyncClient: The constructed client. + """ + return SystemPolicyV1Client.from_service_account_info.__func__(SystemPolicyV1AsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SystemPolicyV1AsyncClient: The constructed client. + """ + return SystemPolicyV1Client.from_service_account_file.__func__(SystemPolicyV1AsyncClient, filename, *args, **kwargs) # type: ignore + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> SystemPolicyV1Transport: + """Returns the transport used by the client instance. + + Returns: + SystemPolicyV1Transport: The transport used by the client instance. + """ + return self._client.transport + + get_transport_class = functools.partial( + type(SystemPolicyV1Client).get_transport_class, type(SystemPolicyV1Client) + ) + + def __init__( + self, + *, + credentials: ga_credentials.Credentials = None, + transport: Union[str, SystemPolicyV1Transport] = "grpc_asyncio", + client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the system policy v1 client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.SystemPolicyV1Transport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client = SystemPolicyV1Client( + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, + ) + + async def get_system_policy( + self, + request: service.GetSystemPolicyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Policy: + r"""Gets the current system policy in the specified + location. + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.GetSystemPolicyRequest`): + The request object. Request to read the current system + policy. + name (:class:`str`): + Required. The resource name, in the format + ``locations/*/policy``. Note that the system policy is + not associated with a project. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Policy: + A [policy][google.cloud.binaryauthorization.v1.Policy] + for container image binary authorization. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetSystemPolicyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_system_policy, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("SystemPolicyV1AsyncClient",) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py new file mode 100644 index 0000000..14b1aa0 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py @@ -0,0 +1,433 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from distutils import util +import os +import re +from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union +import pkg_resources + +from google.api_core import client_options as client_options_lib # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.protobuf import timestamp_pb2 # type: ignore +from .transports.base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO +from .transports.grpc import SystemPolicyV1GrpcTransport +from .transports.grpc_asyncio import SystemPolicyV1GrpcAsyncIOTransport + + +class SystemPolicyV1ClientMeta(type): + """Metaclass for the SystemPolicyV1 client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + + _transport_registry = ( + OrderedDict() + ) # type: Dict[str, Type[SystemPolicyV1Transport]] + _transport_registry["grpc"] = SystemPolicyV1GrpcTransport + _transport_registry["grpc_asyncio"] = SystemPolicyV1GrpcAsyncIOTransport + + def get_transport_class(cls, label: str = None,) -> Type[SystemPolicyV1Transport]: + """Returns an appropriate transport class. + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class SystemPolicyV1Client(metaclass=SystemPolicyV1ClientMeta): + """API for working with the system policy.""" + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Converts api endpoint to mTLS endpoint. + + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SystemPolicyV1Client: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SystemPolicyV1Client: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file(filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> SystemPolicyV1Transport: + """Returns the transport used by the client instance. + + Returns: + SystemPolicyV1Transport: The transport used by the client + instance. + """ + return self._transport + + @staticmethod + def policy_path(project: str,) -> str: + """Returns a fully-qualified policy string.""" + return "projects/{project}/policy".format(project=project,) + + @staticmethod + def parse_policy_path(path: str) -> Dict[str, str]: + """Parses a policy path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/policy$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_billing_account_path(billing_account: str,) -> str: + """Returns a fully-qualified billing_account string.""" + return "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + + @staticmethod + def parse_common_billing_account_path(path: str) -> Dict[str, str]: + """Parse a billing_account path into its component segments.""" + m = re.match(r"^billingAccounts/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_folder_path(folder: str,) -> str: + """Returns a fully-qualified folder string.""" + return "folders/{folder}".format(folder=folder,) + + @staticmethod + def parse_common_folder_path(path: str) -> Dict[str, str]: + """Parse a folder path into its component segments.""" + m = re.match(r"^folders/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_organization_path(organization: str,) -> str: + """Returns a fully-qualified organization string.""" + return "organizations/{organization}".format(organization=organization,) + + @staticmethod + def parse_common_organization_path(path: str) -> Dict[str, str]: + """Parse a organization path into its component segments.""" + m = re.match(r"^organizations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_project_path(project: str,) -> str: + """Returns a fully-qualified project string.""" + return "projects/{project}".format(project=project,) + + @staticmethod + def parse_common_project_path(path: str) -> Dict[str, str]: + """Parse a project path into its component segments.""" + m = re.match(r"^projects/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_location_path(project: str, location: str,) -> str: + """Returns a fully-qualified location string.""" + return "projects/{project}/locations/{location}".format( + project=project, location=location, + ) + + @staticmethod + def parse_common_location_path(path: str) -> Dict[str, str]: + """Parse a location path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) + return m.groupdict() if m else {} + + def __init__( + self, + *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Union[str, SystemPolicyV1Transport, None] = None, + client_options: Optional[client_options_lib.ClientOptions] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the system policy v1 client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, SystemPolicyV1Transport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. It won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + if isinstance(client_options, dict): + client_options = client_options_lib.from_dict(client_options) + if client_options is None: + client_options = client_options_lib.ClientOptions() + + # Create SSL credentials for mutual TLS if needed. + use_client_cert = bool( + util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) + ) + + client_cert_source_func = None + is_mtls = False + if use_client_cert: + if client_options.client_cert_source: + is_mtls = True + client_cert_source_func = client_options.client_cert_source + else: + is_mtls = mtls.has_default_client_cert_source() + if is_mtls: + client_cert_source_func = mtls.default_client_cert_source() + else: + client_cert_source_func = None + + # Figure out which api endpoint to use. + if client_options.api_endpoint is not None: + api_endpoint = client_options.api_endpoint + else: + use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") + if use_mtls_env == "never": + api_endpoint = self.DEFAULT_ENDPOINT + elif use_mtls_env == "always": + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + elif use_mtls_env == "auto": + if is_mtls: + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = self.DEFAULT_ENDPOINT + else: + raise MutualTLSChannelError( + "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " + "values: never, auto, always" + ) + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + if isinstance(transport, SystemPolicyV1Transport): + # transport is a SystemPolicyV1Transport instance. + if credentials or client_options.credentials_file: + raise ValueError( + "When providing a transport instance, " + "provide its credentials directly." + ) + if client_options.scopes: + raise ValueError( + "When providing a transport instance, provide its scopes " + "directly." + ) + self._transport = transport + else: + Transport = type(self).get_transport_class(transport) + self._transport = Transport( + credentials=credentials, + credentials_file=client_options.credentials_file, + host=api_endpoint, + scopes=client_options.scopes, + client_cert_source_for_mtls=client_cert_source_func, + quota_project_id=client_options.quota_project_id, + client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), + ) + + def get_system_policy( + self, + request: service.GetSystemPolicyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.Policy: + r"""Gets the current system policy in the specified + location. + + Args: + request (google.cloud.binaryauthorization_v1.types.GetSystemPolicyRequest): + The request object. Request to read the current system + policy. + name (str): + Required. The resource name, in the format + ``locations/*/policy``. Note that the system policy is + not associated with a project. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.Policy: + A [policy][google.cloud.binaryauthorization.v1.Policy] + for container image binary authorization. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a service.GetSystemPolicyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetSystemPolicyRequest): + request = service.GetSystemPolicyRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_system_policy] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("SystemPolicyV1Client",) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/__init__.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/__init__.py new file mode 100644 index 0000000..bc3c745 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/__init__.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from typing import Dict, Type + +from .base import SystemPolicyV1Transport +from .grpc import SystemPolicyV1GrpcTransport +from .grpc_asyncio import SystemPolicyV1GrpcAsyncIOTransport + + +# Compile a registry of transports. +_transport_registry = OrderedDict() # type: Dict[str, Type[SystemPolicyV1Transport]] +_transport_registry["grpc"] = SystemPolicyV1GrpcTransport +_transport_registry["grpc_asyncio"] = SystemPolicyV1GrpcAsyncIOTransport + +__all__ = ( + "SystemPolicyV1Transport", + "SystemPolicyV1GrpcTransport", + "SystemPolicyV1GrpcAsyncIOTransport", +) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py new file mode 100644 index 0000000..3e98f40 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py @@ -0,0 +1,173 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import abc +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union +import packaging.version +import pkg_resources + +import google.auth # type: ignore +import google.api_core # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + +try: + # google.auth.__version__ was added in 1.26.0 + _GOOGLE_AUTH_VERSION = google.auth.__version__ +except AttributeError: + try: # try pkg_resources if it is available + _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version + except pkg_resources.DistributionNotFound: # pragma: NO COVER + _GOOGLE_AUTH_VERSION = None + + +class SystemPolicyV1Transport(abc.ABC): + """Abstract transport class for SystemPolicyV1.""" + + AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",) + + DEFAULT_HOST: str = "binaryauthorization.googleapis.com" + + def __init__( + self, + *, + host: str = DEFAULT_HOST, + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + """ + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + + scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) + + # Save the scopes. + self._scopes = scopes + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise core_exceptions.DuplicateCredentialArgs( + "'credentials_file' and 'credentials' are mutually exclusive" + ) + + if credentials_file is not None: + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, **scopes_kwargs, quota_project_id=quota_project_id + ) + + elif credentials is None: + credentials, _ = google.auth.default( + **scopes_kwargs, quota_project_id=quota_project_id + ) + + # If the credentials is service account credentials, then always try to use self signed JWT. + if ( + always_use_jwt_access + and isinstance(credentials, service_account.Credentials) + and hasattr(service_account.Credentials, "with_always_use_jwt_access") + ): + credentials = credentials.with_always_use_jwt_access(True) + + # Save the credentials. + self._credentials = credentials + + # TODO(busunkim): This method is in the base transport + # to avoid duplicating code across the transport classes. These functions + # should be deleted once the minimum required versions of google-auth is increased. + + # TODO: Remove this function once google-auth >= 1.25.0 is required + @classmethod + def _get_scopes_kwargs( + cls, host: str, scopes: Optional[Sequence[str]] + ) -> Dict[str, Optional[Sequence[str]]]: + """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" + + scopes_kwargs = {} + + if _GOOGLE_AUTH_VERSION and ( + packaging.version.parse(_GOOGLE_AUTH_VERSION) + >= packaging.version.parse("1.25.0") + ): + scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} + else: + scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} + + return scopes_kwargs + + def _prep_wrapped_messages(self, client_info): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.get_system_policy: gapic_v1.method.wrap_method( + self.get_system_policy, default_timeout=None, client_info=client_info, + ), + } + + @property + def get_system_policy( + self, + ) -> Callable[ + [service.GetSystemPolicyRequest], + Union[resources.Policy, Awaitable[resources.Policy]], + ]: + raise NotImplementedError() + + +__all__ = ("SystemPolicyV1Transport",) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py new file mode 100644 index 0000000..b112d9f --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py @@ -0,0 +1,257 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import grpc_helpers # type: ignore +from google.api_core import gapic_v1 # type: ignore +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore + +import grpc # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from .base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO + + +class SystemPolicyV1GrpcTransport(SystemPolicyV1Transport): + """gRPC backend transport for SystemPolicyV1. + + API for working with the system policy. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _stubs: Dict[str, Callable] + + def __init__( + self, + *, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Sequence[str] = None, + channel: grpc.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + channel (Optional[grpc.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @classmethod + def create_channel( + cls, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Return the channel designed to connect to this service. + """ + return self._grpc_channel + + @property + def get_system_policy( + self, + ) -> Callable[[service.GetSystemPolicyRequest], resources.Policy]: + r"""Return a callable for the get system policy method over gRPC. + + Gets the current system policy in the specified + location. + + Returns: + Callable[[~.GetSystemPolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_system_policy" not in self._stubs: + self._stubs["get_system_policy"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.SystemPolicyV1/GetSystemPolicy", + request_serializer=service.GetSystemPolicyRequest.serialize, + response_deserializer=resources.Policy.deserialize, + ) + return self._stubs["get_system_policy"] + + +__all__ = ("SystemPolicyV1GrpcTransport",) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py new file mode 100644 index 0000000..e3474e7 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py @@ -0,0 +1,260 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import gapic_v1 # type: ignore +from google.api_core import grpc_helpers_async # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +import packaging.version + +import grpc # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from .base import SystemPolicyV1Transport, DEFAULT_CLIENT_INFO +from .grpc import SystemPolicyV1GrpcTransport + + +class SystemPolicyV1GrpcAsyncIOTransport(SystemPolicyV1Transport): + """gRPC AsyncIO backend transport for SystemPolicyV1. + + API for working with the system policy. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel( + cls, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + def __init__( + self, + *, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: aio.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id=None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[aio.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Return the channel from cache. + return self._grpc_channel + + @property + def get_system_policy( + self, + ) -> Callable[[service.GetSystemPolicyRequest], Awaitable[resources.Policy]]: + r"""Return a callable for the get system policy method over gRPC. + + Gets the current system policy in the specified + location. + + Returns: + Callable[[~.GetSystemPolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_system_policy" not in self._stubs: + self._stubs["get_system_policy"] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.SystemPolicyV1/GetSystemPolicy", + request_serializer=service.GetSystemPolicyRequest.serialize, + response_deserializer=resources.Policy.deserialize, + ) + return self._stubs["get_system_policy"] + + +__all__ = ("SystemPolicyV1GrpcAsyncIOTransport",) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/__init__.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/__init__.py new file mode 100644 index 0000000..0f6d61a --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .client import ValidationHelperV1Client +from .async_client import ValidationHelperV1AsyncClient + +__all__ = ( + "ValidationHelperV1Client", + "ValidationHelperV1AsyncClient", +) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/async_client.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/async_client.py new file mode 100644 index 0000000..5c55468 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/async_client.py @@ -0,0 +1,223 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +import functools +import re +from typing import Dict, Sequence, Tuple, Type, Union +import pkg_resources + +import google.api_core.client_options as ClientOptions # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.types import service +from .transports.base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO +from .transports.grpc_asyncio import ValidationHelperV1GrpcAsyncIOTransport +from .client import ValidationHelperV1Client + + +class ValidationHelperV1AsyncClient: + """BinAuthz Attestor verification""" + + _client: ValidationHelperV1Client + + DEFAULT_ENDPOINT = ValidationHelperV1Client.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = ValidationHelperV1Client.DEFAULT_MTLS_ENDPOINT + + common_billing_account_path = staticmethod( + ValidationHelperV1Client.common_billing_account_path + ) + parse_common_billing_account_path = staticmethod( + ValidationHelperV1Client.parse_common_billing_account_path + ) + common_folder_path = staticmethod(ValidationHelperV1Client.common_folder_path) + parse_common_folder_path = staticmethod( + ValidationHelperV1Client.parse_common_folder_path + ) + common_organization_path = staticmethod( + ValidationHelperV1Client.common_organization_path + ) + parse_common_organization_path = staticmethod( + ValidationHelperV1Client.parse_common_organization_path + ) + common_project_path = staticmethod(ValidationHelperV1Client.common_project_path) + parse_common_project_path = staticmethod( + ValidationHelperV1Client.parse_common_project_path + ) + common_location_path = staticmethod(ValidationHelperV1Client.common_location_path) + parse_common_location_path = staticmethod( + ValidationHelperV1Client.parse_common_location_path + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + ValidationHelperV1AsyncClient: The constructed client. + """ + return ValidationHelperV1Client.from_service_account_info.__func__(ValidationHelperV1AsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + ValidationHelperV1AsyncClient: The constructed client. + """ + return ValidationHelperV1Client.from_service_account_file.__func__(ValidationHelperV1AsyncClient, filename, *args, **kwargs) # type: ignore + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> ValidationHelperV1Transport: + """Returns the transport used by the client instance. + + Returns: + ValidationHelperV1Transport: The transport used by the client instance. + """ + return self._client.transport + + get_transport_class = functools.partial( + type(ValidationHelperV1Client).get_transport_class, + type(ValidationHelperV1Client), + ) + + def __init__( + self, + *, + credentials: ga_credentials.Credentials = None, + transport: Union[str, ValidationHelperV1Transport] = "grpc_asyncio", + client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the validation helper v1 client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.ValidationHelperV1Transport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client = ValidationHelperV1Client( + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, + ) + + async def validate_attestation_occurrence( + self, + request: service.ValidateAttestationOccurrenceRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.ValidateAttestationOccurrenceResponse: + r"""Returns whether the given Attestation for the given + image URI was signed by the given Attestor + + Args: + request (:class:`google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceRequest`): + The request object. Request message for + [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceResponse: + Response message for + [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]. + + """ + # Create or coerce a protobuf request object. + request = service.ValidateAttestationOccurrenceRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.validate_attestation_occurrence, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("attestor", request.attestor),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("ValidationHelperV1AsyncClient",) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py new file mode 100644 index 0000000..0c85ba2 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py @@ -0,0 +1,402 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from distutils import util +import os +import re +from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union +import pkg_resources + +from google.api_core import client_options as client_options_lib # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.types import service +from .transports.base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO +from .transports.grpc import ValidationHelperV1GrpcTransport +from .transports.grpc_asyncio import ValidationHelperV1GrpcAsyncIOTransport + + +class ValidationHelperV1ClientMeta(type): + """Metaclass for the ValidationHelperV1 client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + + _transport_registry = ( + OrderedDict() + ) # type: Dict[str, Type[ValidationHelperV1Transport]] + _transport_registry["grpc"] = ValidationHelperV1GrpcTransport + _transport_registry["grpc_asyncio"] = ValidationHelperV1GrpcAsyncIOTransport + + def get_transport_class( + cls, label: str = None, + ) -> Type[ValidationHelperV1Transport]: + """Returns an appropriate transport class. + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class ValidationHelperV1Client(metaclass=ValidationHelperV1ClientMeta): + """BinAuthz Attestor verification""" + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Converts api endpoint to mTLS endpoint. + + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + ValidationHelperV1Client: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + ValidationHelperV1Client: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file(filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> ValidationHelperV1Transport: + """Returns the transport used by the client instance. + + Returns: + ValidationHelperV1Transport: The transport used by the client + instance. + """ + return self._transport + + @staticmethod + def common_billing_account_path(billing_account: str,) -> str: + """Returns a fully-qualified billing_account string.""" + return "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + + @staticmethod + def parse_common_billing_account_path(path: str) -> Dict[str, str]: + """Parse a billing_account path into its component segments.""" + m = re.match(r"^billingAccounts/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_folder_path(folder: str,) -> str: + """Returns a fully-qualified folder string.""" + return "folders/{folder}".format(folder=folder,) + + @staticmethod + def parse_common_folder_path(path: str) -> Dict[str, str]: + """Parse a folder path into its component segments.""" + m = re.match(r"^folders/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_organization_path(organization: str,) -> str: + """Returns a fully-qualified organization string.""" + return "organizations/{organization}".format(organization=organization,) + + @staticmethod + def parse_common_organization_path(path: str) -> Dict[str, str]: + """Parse a organization path into its component segments.""" + m = re.match(r"^organizations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_project_path(project: str,) -> str: + """Returns a fully-qualified project string.""" + return "projects/{project}".format(project=project,) + + @staticmethod + def parse_common_project_path(path: str) -> Dict[str, str]: + """Parse a project path into its component segments.""" + m = re.match(r"^projects/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_location_path(project: str, location: str,) -> str: + """Returns a fully-qualified location string.""" + return "projects/{project}/locations/{location}".format( + project=project, location=location, + ) + + @staticmethod + def parse_common_location_path(path: str) -> Dict[str, str]: + """Parse a location path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) + return m.groupdict() if m else {} + + def __init__( + self, + *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Union[str, ValidationHelperV1Transport, None] = None, + client_options: Optional[client_options_lib.ClientOptions] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the validation helper v1 client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ValidationHelperV1Transport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. It won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto switch to the + default mTLS endpoint if client certificate is present, this is + the default value). However, the ``api_endpoint`` property takes + precedence if provided. + (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide client certificate for mutual TLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + if isinstance(client_options, dict): + client_options = client_options_lib.from_dict(client_options) + if client_options is None: + client_options = client_options_lib.ClientOptions() + + # Create SSL credentials for mutual TLS if needed. + use_client_cert = bool( + util.strtobool(os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")) + ) + + client_cert_source_func = None + is_mtls = False + if use_client_cert: + if client_options.client_cert_source: + is_mtls = True + client_cert_source_func = client_options.client_cert_source + else: + is_mtls = mtls.has_default_client_cert_source() + if is_mtls: + client_cert_source_func = mtls.default_client_cert_source() + else: + client_cert_source_func = None + + # Figure out which api endpoint to use. + if client_options.api_endpoint is not None: + api_endpoint = client_options.api_endpoint + else: + use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") + if use_mtls_env == "never": + api_endpoint = self.DEFAULT_ENDPOINT + elif use_mtls_env == "always": + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + elif use_mtls_env == "auto": + if is_mtls: + api_endpoint = self.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = self.DEFAULT_ENDPOINT + else: + raise MutualTLSChannelError( + "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted " + "values: never, auto, always" + ) + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + if isinstance(transport, ValidationHelperV1Transport): + # transport is a ValidationHelperV1Transport instance. + if credentials or client_options.credentials_file: + raise ValueError( + "When providing a transport instance, " + "provide its credentials directly." + ) + if client_options.scopes: + raise ValueError( + "When providing a transport instance, provide its scopes " + "directly." + ) + self._transport = transport + else: + Transport = type(self).get_transport_class(transport) + self._transport = Transport( + credentials=credentials, + credentials_file=client_options.credentials_file, + host=api_endpoint, + scopes=client_options.scopes, + client_cert_source_for_mtls=client_cert_source_func, + quota_project_id=client_options.quota_project_id, + client_info=client_info, + always_use_jwt_access=( + Transport == type(self).get_transport_class("grpc") + or Transport == type(self).get_transport_class("grpc_asyncio") + ), + ) + + def validate_attestation_occurrence( + self, + request: service.ValidateAttestationOccurrenceRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.ValidateAttestationOccurrenceResponse: + r"""Returns whether the given Attestation for the given + image URI was signed by the given Attestor + + Args: + request (google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceRequest): + The request object. Request message for + [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceResponse: + Response message for + [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.ValidateAttestationOccurrenceRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ValidateAttestationOccurrenceRequest): + request = service.ValidateAttestationOccurrenceRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.validate_attestation_occurrence + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("attestor", request.attestor),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + + +__all__ = ("ValidationHelperV1Client",) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/__init__.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/__init__.py new file mode 100644 index 0000000..a280567 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/__init__.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from typing import Dict, Type + +from .base import ValidationHelperV1Transport +from .grpc import ValidationHelperV1GrpcTransport +from .grpc_asyncio import ValidationHelperV1GrpcAsyncIOTransport + + +# Compile a registry of transports. +_transport_registry = ( + OrderedDict() +) # type: Dict[str, Type[ValidationHelperV1Transport]] +_transport_registry["grpc"] = ValidationHelperV1GrpcTransport +_transport_registry["grpc_asyncio"] = ValidationHelperV1GrpcAsyncIOTransport + +__all__ = ( + "ValidationHelperV1Transport", + "ValidationHelperV1GrpcTransport", + "ValidationHelperV1GrpcAsyncIOTransport", +) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py new file mode 100644 index 0000000..d91ba40 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py @@ -0,0 +1,177 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import abc +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union +import packaging.version +import pkg_resources + +import google.auth # type: ignore +import google.api_core # type: ignore +from google.api_core import exceptions as core_exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.binaryauthorization_v1.types import service + +try: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution( + "google-cloud-binary-authorization", + ).version, + ) +except pkg_resources.DistributionNotFound: + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() + +try: + # google.auth.__version__ was added in 1.26.0 + _GOOGLE_AUTH_VERSION = google.auth.__version__ +except AttributeError: + try: # try pkg_resources if it is available + _GOOGLE_AUTH_VERSION = pkg_resources.get_distribution("google-auth").version + except pkg_resources.DistributionNotFound: # pragma: NO COVER + _GOOGLE_AUTH_VERSION = None + + +class ValidationHelperV1Transport(abc.ABC): + """Abstract transport class for ValidationHelperV1.""" + + AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",) + + DEFAULT_HOST: str = "binaryauthorization.googleapis.com" + + def __init__( + self, + *, + host: str = DEFAULT_HOST, + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + """ + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + + scopes_kwargs = self._get_scopes_kwargs(self._host, scopes) + + # Save the scopes. + self._scopes = scopes + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise core_exceptions.DuplicateCredentialArgs( + "'credentials_file' and 'credentials' are mutually exclusive" + ) + + if credentials_file is not None: + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, **scopes_kwargs, quota_project_id=quota_project_id + ) + + elif credentials is None: + credentials, _ = google.auth.default( + **scopes_kwargs, quota_project_id=quota_project_id + ) + + # If the credentials is service account credentials, then always try to use self signed JWT. + if ( + always_use_jwt_access + and isinstance(credentials, service_account.Credentials) + and hasattr(service_account.Credentials, "with_always_use_jwt_access") + ): + credentials = credentials.with_always_use_jwt_access(True) + + # Save the credentials. + self._credentials = credentials + + # TODO(busunkim): This method is in the base transport + # to avoid duplicating code across the transport classes. These functions + # should be deleted once the minimum required versions of google-auth is increased. + + # TODO: Remove this function once google-auth >= 1.25.0 is required + @classmethod + def _get_scopes_kwargs( + cls, host: str, scopes: Optional[Sequence[str]] + ) -> Dict[str, Optional[Sequence[str]]]: + """Returns scopes kwargs to pass to google-auth methods depending on the google-auth version""" + + scopes_kwargs = {} + + if _GOOGLE_AUTH_VERSION and ( + packaging.version.parse(_GOOGLE_AUTH_VERSION) + >= packaging.version.parse("1.25.0") + ): + scopes_kwargs = {"scopes": scopes, "default_scopes": cls.AUTH_SCOPES} + else: + scopes_kwargs = {"scopes": scopes or cls.AUTH_SCOPES} + + return scopes_kwargs + + def _prep_wrapped_messages(self, client_info): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.validate_attestation_occurrence: gapic_v1.method.wrap_method( + self.validate_attestation_occurrence, + default_timeout=None, + client_info=client_info, + ), + } + + @property + def validate_attestation_occurrence( + self, + ) -> Callable[ + [service.ValidateAttestationOccurrenceRequest], + Union[ + service.ValidateAttestationOccurrenceResponse, + Awaitable[service.ValidateAttestationOccurrenceResponse], + ], + ]: + raise NotImplementedError() + + +__all__ = ("ValidationHelperV1Transport",) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py new file mode 100644 index 0000000..0eeb82f --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py @@ -0,0 +1,262 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import grpc_helpers # type: ignore +from google.api_core import gapic_v1 # type: ignore +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore + +import grpc # type: ignore + +from google.cloud.binaryauthorization_v1.types import service +from .base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO + + +class ValidationHelperV1GrpcTransport(ValidationHelperV1Transport): + """gRPC backend transport for ValidationHelperV1. + + BinAuthz Attestor verification + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _stubs: Dict[str, Callable] + + def __init__( + self, + *, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Sequence[str] = None, + channel: grpc.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + channel (Optional[grpc.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @classmethod + def create_channel( + cls, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: str = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Return the channel designed to connect to this service. + """ + return self._grpc_channel + + @property + def validate_attestation_occurrence( + self, + ) -> Callable[ + [service.ValidateAttestationOccurrenceRequest], + service.ValidateAttestationOccurrenceResponse, + ]: + r"""Return a callable for the validate attestation + occurrence method over gRPC. + + Returns whether the given Attestation for the given + image URI was signed by the given Attestor + + Returns: + Callable[[~.ValidateAttestationOccurrenceRequest], + ~.ValidateAttestationOccurrenceResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "validate_attestation_occurrence" not in self._stubs: + self._stubs[ + "validate_attestation_occurrence" + ] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.ValidationHelperV1/ValidateAttestationOccurrence", + request_serializer=service.ValidateAttestationOccurrenceRequest.serialize, + response_deserializer=service.ValidateAttestationOccurrenceResponse.deserialize, + ) + return self._stubs["validate_attestation_occurrence"] + + +__all__ = ("ValidationHelperV1GrpcTransport",) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py new file mode 100644 index 0000000..668000b --- /dev/null +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py @@ -0,0 +1,265 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import warnings +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import gapic_v1 # type: ignore +from google.api_core import grpc_helpers_async # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +import packaging.version + +import grpc # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.binaryauthorization_v1.types import service +from .base import ValidationHelperV1Transport, DEFAULT_CLIENT_INFO +from .grpc import ValidationHelperV1GrpcTransport + + +class ValidationHelperV1GrpcAsyncIOTransport(ValidationHelperV1Transport): + """gRPC AsyncIO backend transport for ValidationHelperV1. + + BinAuthz Attestor verification + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel( + cls, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs, + ) + + def __init__( + self, + *, + host: str = "binaryauthorization.googleapis.com", + credentials: ga_credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: aio.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + ssl_channel_credentials: grpc.ChannelCredentials = None, + client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id=None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[aio.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for grpc channel. It is ignored if ``channel`` is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure mutual TLS channel. It is + ignored if ``channel`` or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if channel: + # Ignore credentials if a channel was passed. + credentials = False + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + ) + + if not self._grpc_channel: + self._grpc_channel = type(self).create_channel( + self._host, + credentials=self._credentials, + credentials_file=credentials_file, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Wrap messages. This must be done after self._grpc_channel exists + self._prep_wrapped_messages(client_info) + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Return the channel from cache. + return self._grpc_channel + + @property + def validate_attestation_occurrence( + self, + ) -> Callable[ + [service.ValidateAttestationOccurrenceRequest], + Awaitable[service.ValidateAttestationOccurrenceResponse], + ]: + r"""Return a callable for the validate attestation + occurrence method over gRPC. + + Returns whether the given Attestation for the given + image URI was signed by the given Attestor + + Returns: + Callable[[~.ValidateAttestationOccurrenceRequest], + Awaitable[~.ValidateAttestationOccurrenceResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "validate_attestation_occurrence" not in self._stubs: + self._stubs[ + "validate_attestation_occurrence" + ] = self.grpc_channel.unary_unary( + "/google.cloud.binaryauthorization.v1.ValidationHelperV1/ValidateAttestationOccurrence", + request_serializer=service.ValidateAttestationOccurrenceRequest.serialize, + response_deserializer=service.ValidateAttestationOccurrenceResponse.deserialize, + ) + return self._stubs["validate_attestation_occurrence"] + + +__all__ = ("ValidationHelperV1GrpcAsyncIOTransport",) diff --git a/google/cloud/binaryauthorization_v1/types/__init__.py b/google/cloud/binaryauthorization_v1/types/__init__.py new file mode 100644 index 0000000..c682ebc --- /dev/null +++ b/google/cloud/binaryauthorization_v1/types/__init__.py @@ -0,0 +1,58 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .resources import ( + AdmissionRule, + AdmissionWhitelistPattern, + Attestor, + AttestorPublicKey, + PkixPublicKey, + Policy, + UserOwnedGrafeasNote, +) +from .service import ( + CreateAttestorRequest, + DeleteAttestorRequest, + GetAttestorRequest, + GetPolicyRequest, + GetSystemPolicyRequest, + ListAttestorsRequest, + ListAttestorsResponse, + UpdateAttestorRequest, + UpdatePolicyRequest, + ValidateAttestationOccurrenceRequest, + ValidateAttestationOccurrenceResponse, +) + +__all__ = ( + "AdmissionRule", + "AdmissionWhitelistPattern", + "Attestor", + "AttestorPublicKey", + "PkixPublicKey", + "Policy", + "UserOwnedGrafeasNote", + "CreateAttestorRequest", + "DeleteAttestorRequest", + "GetAttestorRequest", + "GetPolicyRequest", + "GetSystemPolicyRequest", + "ListAttestorsRequest", + "ListAttestorsResponse", + "UpdateAttestorRequest", + "UpdatePolicyRequest", + "ValidateAttestationOccurrenceRequest", + "ValidateAttestationOccurrenceResponse", +) diff --git a/google/cloud/binaryauthorization_v1/types/resources.py b/google/cloud/binaryauthorization_v1/types/resources.py new file mode 100644 index 0000000..ff2f328 --- /dev/null +++ b/google/cloud/binaryauthorization_v1/types/resources.py @@ -0,0 +1,367 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +from google.protobuf import timestamp_pb2 # type: ignore + + +__protobuf__ = proto.module( + package="google.cloud.binaryauthorization.v1", + manifest={ + "Policy", + "AdmissionWhitelistPattern", + "AdmissionRule", + "Attestor", + "UserOwnedGrafeasNote", + "PkixPublicKey", + "AttestorPublicKey", + }, +) + + +class Policy(proto.Message): + r"""A [policy][google.cloud.binaryauthorization.v1.Policy] for container + image binary authorization. + + Attributes: + name (str): + Output only. The resource name, in the format + ``projects/*/policy``. There is at most one policy per + project. + description (str): + Optional. A descriptive comment. + global_policy_evaluation_mode (google.cloud.binaryauthorization_v1.types.Policy.GlobalPolicyEvaluationMode): + Optional. Controls the evaluation of a + Google-maintained global admission policy for + common system-level images. Images not covered + by the global policy will be subject to the + project admission policy. This setting has no + effect when specified inside a global admission + policy. + admission_whitelist_patterns (Sequence[google.cloud.binaryauthorization_v1.types.AdmissionWhitelistPattern]): + Optional. Admission policy allowlisting. A + matching admission request will always be + permitted. This feature is typically used to + exclude Google or third-party infrastructure + images from Binary Authorization policies. + cluster_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.ClusterAdmissionRulesEntry]): + Optional. Per-cluster admission rules. Cluster spec format: + ``location.clusterId``. There can be at most one admission + rule per cluster spec. A ``location`` is either a compute + zone (e.g. us-central1-a) or a region (e.g. us-central1). + For ``clusterId`` syntax restrictions see + https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. + kubernetes_namespace_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.KubernetesNamespaceAdmissionRulesEntry]): + Optional. Per-kubernetes-namespace admission rules. K8s + namespace spec format: [a-z.-]+, e.g. 'some-namespace' + kubernetes_service_account_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.KubernetesServiceAccountAdmissionRulesEntry]): + Optional. Per-kubernetes-service-account admission rules. + Service account spec format: ``namespace:serviceaccount``. + e.g. 'test-ns:default' + istio_service_identity_admission_rules (Sequence[google.cloud.binaryauthorization_v1.types.Policy.IstioServiceIdentityAdmissionRulesEntry]): + Optional. Per-istio-service-identity + admission rules. Istio service identity spec + format: + spiffe:///ns//sa/ + or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default + default_admission_rule (google.cloud.binaryauthorization_v1.types.AdmissionRule): + Required. Default admission rule for a + cluster without a per-cluster, per- kubernetes- + service-account, or per-istio-service-identity + admission rule. + update_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. Time when the policy was last + updated. + """ + + class GlobalPolicyEvaluationMode(proto.Enum): + r"""""" + GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 + ENABLE = 1 + DISABLE = 2 + + name = proto.Field(proto.STRING, number=1,) + description = proto.Field(proto.STRING, number=6,) + global_policy_evaluation_mode = proto.Field( + proto.ENUM, number=7, enum=GlobalPolicyEvaluationMode, + ) + admission_whitelist_patterns = proto.RepeatedField( + proto.MESSAGE, number=2, message="AdmissionWhitelistPattern", + ) + cluster_admission_rules = proto.MapField( + proto.STRING, proto.MESSAGE, number=3, message="AdmissionRule", + ) + kubernetes_namespace_admission_rules = proto.MapField( + proto.STRING, proto.MESSAGE, number=10, message="AdmissionRule", + ) + kubernetes_service_account_admission_rules = proto.MapField( + proto.STRING, proto.MESSAGE, number=8, message="AdmissionRule", + ) + istio_service_identity_admission_rules = proto.MapField( + proto.STRING, proto.MESSAGE, number=9, message="AdmissionRule", + ) + default_admission_rule = proto.Field( + proto.MESSAGE, number=4, message="AdmissionRule", + ) + update_time = proto.Field(proto.MESSAGE, number=5, message=timestamp_pb2.Timestamp,) + + +class AdmissionWhitelistPattern(proto.Message): + r"""An [admission allowlist + pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] + exempts images from checks by [admission + rules][google.cloud.binaryauthorization.v1.AdmissionRule]. + + Attributes: + name_pattern (str): + An image name pattern to allowlist, in the form + ``registry/path/to/image``. This supports a trailing ``*`` + wildcard, but this is allowed only in text after the + ``registry/`` part. This also supports a trailing ``**`` + wildcard which matches subdirectories of a given entry. + """ + + name_pattern = proto.Field(proto.STRING, number=1,) + + +class AdmissionRule(proto.Message): + r"""An [admission + rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies + either that all container images used in a pod creation request must + be attested to by one or more + [attestors][google.cloud.binaryauthorization.v1.Attestor], that all + pod creations will be allowed, or that all pod creations will be + denied. + + Images matching an [admission allowlist + pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] + are exempted from admission rules and will never block a pod + creation. + + Attributes: + evaluation_mode (google.cloud.binaryauthorization_v1.types.AdmissionRule.EvaluationMode): + Required. How this admission rule will be + evaluated. + require_attestations_by (Sequence[str]): + Optional. The resource names of the attestors that must + attest to a container image, in the format + ``projects/*/attestors/*``. Each attestor must exist before + a policy can reference it. To add an attestor to a policy + the principal issuing the policy change request must be able + to read the attestor resource. + + Note: this field must be non-empty when the evaluation_mode + field specifies REQUIRE_ATTESTATION, otherwise it must be + empty. + enforcement_mode (google.cloud.binaryauthorization_v1.types.AdmissionRule.EnforcementMode): + Required. The action when a pod creation is + denied by the admission rule. + """ + + class EvaluationMode(proto.Enum): + r"""""" + EVALUATION_MODE_UNSPECIFIED = 0 + ALWAYS_ALLOW = 1 + REQUIRE_ATTESTATION = 2 + ALWAYS_DENY = 3 + + class EnforcementMode(proto.Enum): + r"""Defines the possible actions when a pod creation is denied by + an admission rule. + """ + ENFORCEMENT_MODE_UNSPECIFIED = 0 + ENFORCED_BLOCK_AND_AUDIT_LOG = 1 + DRYRUN_AUDIT_LOG_ONLY = 2 + + evaluation_mode = proto.Field(proto.ENUM, number=1, enum=EvaluationMode,) + require_attestations_by = proto.RepeatedField(proto.STRING, number=2,) + enforcement_mode = proto.Field(proto.ENUM, number=3, enum=EnforcementMode,) + + +class Attestor(proto.Message): + r"""An [attestor][google.cloud.binaryauthorization.v1.Attestor] that + attests to container image artifacts. An existing attestor cannot be + modified except where indicated. + + Attributes: + name (str): + Required. The resource name, in the format: + ``projects/*/attestors/*``. This field may not be updated. + description (str): + Optional. A descriptive comment. This field + may be updated. The field may be displayed in + chooser dialogs. + user_owned_grafeas_note (google.cloud.binaryauthorization_v1.types.UserOwnedGrafeasNote): + This specifies how an attestation will be + read, and how it will be used during policy + enforcement. + update_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. Time when the attestor was last + updated. + """ + + name = proto.Field(proto.STRING, number=1,) + description = proto.Field(proto.STRING, number=6,) + user_owned_grafeas_note = proto.Field( + proto.MESSAGE, number=3, oneof="attestor_type", message="UserOwnedGrafeasNote", + ) + update_time = proto.Field(proto.MESSAGE, number=4, message=timestamp_pb2.Timestamp,) + + +class UserOwnedGrafeasNote(proto.Message): + r"""An [user owned Grafeas + note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] + references a Grafeas Attestation.Authority Note created by the user. + + Attributes: + note_reference (str): + Required. The Grafeas resource name of a + Attestation.Authority Note, created by the user, in the + format: ``projects/*/notes/*``. This field may not be + updated. + + An attestation by this attestor is stored as a Grafeas + Attestation.Authority Occurrence that names a container + image and that links to this Note. Grafeas is an external + dependency. + public_keys (Sequence[google.cloud.binaryauthorization_v1.types.AttestorPublicKey]): + Optional. Public keys that verify + attestations signed by this attestor. This + field may be updated. + If this field is non-empty, one of the specified + public keys must verify that an attestation was + signed by this attestor for the image specified + in the admission request. + + If this field is empty, this attestor always + returns that no valid attestations exist. + delegation_service_account_email (str): + Output only. This field will contain the service account + email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators + must grant this service account the IAM role needed to read + attestations from the [note_reference][Note] in Container + Analysis (``containeranalysis.notes.occurrences.viewer``). + + This email address is fixed for the lifetime of the + Attestor, but callers should not make any other assumptions + about the service account email; future versions may use an + email based on a different naming pattern. + """ + + note_reference = proto.Field(proto.STRING, number=1,) + public_keys = proto.RepeatedField( + proto.MESSAGE, number=2, message="AttestorPublicKey", + ) + delegation_service_account_email = proto.Field(proto.STRING, number=3,) + + +class PkixPublicKey(proto.Message): + r"""A public key in the PkixPublicKey format (see + https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for + details). Public keys of this type are typically textually + encoded using the PEM format. + + Attributes: + public_key_pem (str): + A PEM-encoded public key, as described in + https://tools.ietf.org/html/rfc7468#section-13 + signature_algorithm (google.cloud.binaryauthorization_v1.types.PkixPublicKey.SignatureAlgorithm): + The signature algorithm used to verify a message against a + signature using this key. These signature algorithm must + match the structure and any object identifiers encoded in + ``public_key_pem`` (i.e. this algorithm must match that of + the public key). + """ + + class SignatureAlgorithm(proto.Enum): + r"""Represents a signature algorithm and other information + necessary to verify signatures with a given public key. This is + based primarily on the public key types supported by Tink's + PemKeyType, which is in turn based on KMS's supported signing + algorithms. See https://cloud.google.com/kms/docs/algorithms. In + the future, BinAuthz might support additional public key types + independently of Tink and/or KMS. + """ + _pb_options = {"allow_alias": True} + SIGNATURE_ALGORITHM_UNSPECIFIED = 0 + RSA_PSS_2048_SHA256 = 1 + RSA_PSS_3072_SHA256 = 2 + RSA_PSS_4096_SHA256 = 3 + RSA_PSS_4096_SHA512 = 4 + RSA_SIGN_PKCS1_2048_SHA256 = 5 + RSA_SIGN_PKCS1_3072_SHA256 = 6 + RSA_SIGN_PKCS1_4096_SHA256 = 7 + RSA_SIGN_PKCS1_4096_SHA512 = 8 + ECDSA_P256_SHA256 = 9 + EC_SIGN_P256_SHA256 = 9 + ECDSA_P384_SHA384 = 10 + EC_SIGN_P384_SHA384 = 10 + ECDSA_P521_SHA512 = 11 + EC_SIGN_P521_SHA512 = 11 + + public_key_pem = proto.Field(proto.STRING, number=1,) + signature_algorithm = proto.Field(proto.ENUM, number=2, enum=SignatureAlgorithm,) + + +class AttestorPublicKey(proto.Message): + r"""An [attestor public + key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that + will be used to verify attestations signed by this attestor. + + Attributes: + comment (str): + Optional. A descriptive comment. This field + may be updated. + id (str): + The ID of this public key. Signatures verified by BinAuthz + must include the ID of the public key that can be used to + verify them, and that ID must match the contents of this + field exactly. Additional restrictions on this field can be + imposed based on which public key type is encapsulated. See + the documentation on ``public_key`` cases below for details. + ascii_armored_pgp_public_key (str): + ASCII-armored representation of a PGP public key, as the + entire output by the command + ``gpg --export --armor foo@example.com`` (either LF or CRLF + line endings). When using this field, ``id`` should be left + blank. The BinAuthz API handlers will calculate the ID and + fill it in automatically. BinAuthz computes this ID as the + OpenPGP RFC4880 V4 fingerprint, represented as upper-case + hex. If ``id`` is provided by the caller, it will be + overwritten by the API-calculated ID. + pkix_public_key (google.cloud.binaryauthorization_v1.types.PkixPublicKey): + A raw PKIX SubjectPublicKeyInfo format public key. + + NOTE: ``id`` may be explicitly provided by the caller when + using this type of public key, but it MUST be a valid + RFC3986 URI. If ``id`` is left blank, a default one will be + computed based on the digest of the DER encoding of the + public key. + """ + + comment = proto.Field(proto.STRING, number=1,) + id = proto.Field(proto.STRING, number=2,) + ascii_armored_pgp_public_key = proto.Field( + proto.STRING, number=3, oneof="public_key", + ) + pkix_public_key = proto.Field( + proto.MESSAGE, number=5, oneof="public_key", message="PkixPublicKey", + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/google/cloud/binaryauthorization_v1/types/service.py b/google/cloud/binaryauthorization_v1/types/service.py new file mode 100644 index 0000000..862610b --- /dev/null +++ b/google/cloud/binaryauthorization_v1/types/service.py @@ -0,0 +1,247 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + +from google.cloud.binaryauthorization_v1.types import resources +from grafeas.grafeas_v1.types import attestation # type: ignore + + +__protobuf__ = proto.module( + package="google.cloud.binaryauthorization.v1", + manifest={ + "GetPolicyRequest", + "UpdatePolicyRequest", + "CreateAttestorRequest", + "GetAttestorRequest", + "UpdateAttestorRequest", + "ListAttestorsRequest", + "ListAttestorsResponse", + "DeleteAttestorRequest", + "GetSystemPolicyRequest", + "ValidateAttestationOccurrenceRequest", + "ValidateAttestationOccurrenceResponse", + }, +) + + +class GetPolicyRequest(proto.Message): + r"""Request message for [BinauthzManagementService.GetPolicy][]. + Attributes: + name (str): + Required. The resource name of the + [policy][google.cloud.binaryauthorization.v1.Policy] to + retrieve, in the format ``projects/*/policy``. + """ + + name = proto.Field(proto.STRING, number=1,) + + +class UpdatePolicyRequest(proto.Message): + r"""Request message for [BinauthzManagementService.UpdatePolicy][]. + Attributes: + policy (google.cloud.binaryauthorization_v1.types.Policy): + Required. A new or updated + [policy][google.cloud.binaryauthorization.v1.Policy] value. + The service will overwrite the [policy + name][google.cloud.binaryauthorization.v1.Policy.name] field + with the resource name in the request URL, in the format + ``projects/*/policy``. + """ + + policy = proto.Field(proto.MESSAGE, number=1, message=resources.Policy,) + + +class CreateAttestorRequest(proto.Message): + r"""Request message for [BinauthzManagementService.CreateAttestor][]. + Attributes: + parent (str): + Required. The parent of this + [attestor][google.cloud.binaryauthorization.v1.Attestor]. + attestor_id (str): + Required. The + [attestors][google.cloud.binaryauthorization.v1.Attestor] + ID. + attestor (google.cloud.binaryauthorization_v1.types.Attestor): + Required. The initial + [attestor][google.cloud.binaryauthorization.v1.Attestor] + value. The service will overwrite the [attestor + name][google.cloud.binaryauthorization.v1.Attestor.name] + field with the resource name, in the format + ``projects/*/attestors/*``. + """ + + parent = proto.Field(proto.STRING, number=1,) + attestor_id = proto.Field(proto.STRING, number=2,) + attestor = proto.Field(proto.MESSAGE, number=3, message=resources.Attestor,) + + +class GetAttestorRequest(proto.Message): + r"""Request message for [BinauthzManagementService.GetAttestor][]. + Attributes: + name (str): + Required. The name of the + [attestor][google.cloud.binaryauthorization.v1.Attestor] to + retrieve, in the format ``projects/*/attestors/*``. + """ + + name = proto.Field(proto.STRING, number=1,) + + +class UpdateAttestorRequest(proto.Message): + r"""Request message for [BinauthzManagementService.UpdateAttestor][]. + Attributes: + attestor (google.cloud.binaryauthorization_v1.types.Attestor): + Required. The updated + [attestor][google.cloud.binaryauthorization.v1.Attestor] + value. The service will overwrite the [attestor + name][google.cloud.binaryauthorization.v1.Attestor.name] + field with the resource name in the request URL, in the + format ``projects/*/attestors/*``. + """ + + attestor = proto.Field(proto.MESSAGE, number=1, message=resources.Attestor,) + + +class ListAttestorsRequest(proto.Message): + r"""Request message for [BinauthzManagementService.ListAttestors][]. + Attributes: + parent (str): + Required. The resource name of the project associated with + the + [attestors][google.cloud.binaryauthorization.v1.Attestor], + in the format ``projects/*``. + page_size (int): + Requested page size. The server may return + fewer results than requested. If unspecified, + the server will pick an appropriate default. + page_token (str): + A token identifying a page of results the server should + return. Typically, this is the value of + [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] + returned from the previous call to the ``ListAttestors`` + method. + """ + + parent = proto.Field(proto.STRING, number=1,) + page_size = proto.Field(proto.INT32, number=2,) + page_token = proto.Field(proto.STRING, number=3,) + + +class ListAttestorsResponse(proto.Message): + r"""Response message for [BinauthzManagementService.ListAttestors][]. + Attributes: + attestors (Sequence[google.cloud.binaryauthorization_v1.types.Attestor]): + The list of + [attestors][google.cloud.binaryauthorization.v1.Attestor]. + next_page_token (str): + A token to retrieve the next page of results. Pass this + value in the + [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] + field in the subsequent call to the ``ListAttestors`` method + to retrieve the next page of results. + """ + + @property + def raw_page(self): + return self + + attestors = proto.RepeatedField( + proto.MESSAGE, number=1, message=resources.Attestor, + ) + next_page_token = proto.Field(proto.STRING, number=2,) + + +class DeleteAttestorRequest(proto.Message): + r"""Request message for [BinauthzManagementService.DeleteAttestor][]. + Attributes: + name (str): + Required. The name of the + [attestors][google.cloud.binaryauthorization.v1.Attestor] to + delete, in the format ``projects/*/attestors/*``. + """ + + name = proto.Field(proto.STRING, number=1,) + + +class GetSystemPolicyRequest(proto.Message): + r"""Request to read the current system policy. + Attributes: + name (str): + Required. The resource name, in the format + ``locations/*/policy``. Note that the system policy is not + associated with a project. + """ + + name = proto.Field(proto.STRING, number=1,) + + +class ValidateAttestationOccurrenceRequest(proto.Message): + r"""Request message for + [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]. + + Attributes: + attestor (str): + Required. The resource name of the + [Attestor][google.cloud.binaryauthorization.v1.Attestor] of + the [occurrence][grafeas.v1.Occurrence], in the format + ``projects/*/attestors/*``. + attestation (grafeas.grafeas_v1.types.attestation.AttestationOccurrence): + Required. An + [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to + be checked that it can be verified by the Attestor. It does + not have to be an existing entity in Container Analysis. It + must otherwise be a valid AttestationOccurrence. + occurrence_note (str): + Required. The resource name of the [Note][grafeas.v1.Note] + to which the containing [Occurrence][grafeas.v1.Occurrence] + is associated. + occurrence_resource_uri (str): + Required. The URI of the artifact (e.g. container image) + that is the subject of the containing + [Occurrence][grafeas.v1.Occurrence]. + """ + + attestor = proto.Field(proto.STRING, number=1,) + attestation = proto.Field( + proto.MESSAGE, number=2, message=attestation.AttestationOccurrence, + ) + occurrence_note = proto.Field(proto.STRING, number=3,) + occurrence_resource_uri = proto.Field(proto.STRING, number=4,) + + +class ValidateAttestationOccurrenceResponse(proto.Message): + r"""Response message for + [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]. + + Attributes: + result (google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceResponse.Result): + The result of the Attestation validation. + denial_reason (str): + The reason for denial if the Attestation + couldn't be validated. + """ + + class Result(proto.Enum): + r"""The enum returned in the "result" field.""" + RESULT_UNSPECIFIED = 0 + VERIFIED = 1 + ATTESTATION_NOT_VERIFIABLE = 2 + + result = proto.Field(proto.ENUM, number=1, enum=Result,) + denial_reason = proto.Field(proto.STRING, number=2,) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/owlbot.py b/owlbot.py index 659cd16..d5031f7 100644 --- a/owlbot.py +++ b/owlbot.py @@ -14,15 +14,13 @@ """This script is used to synthesize generated parts of this library.""" -import os - import synthtool as s import synthtool.gcp as gcp from synthtool.languages import python common = gcp.CommonTemplates() -default_version = "v1beta1" +default_version = "v1" for library in s.get_staging_dirs(default_version): # Rename package to 'google-cloud-binary-authorization' @@ -31,6 +29,39 @@ "google-cloud-binaryauthorization", "google-cloud-binary-authorization", ) + + if library.name == "v1": + # Fix import of grafeas + s.replace( + [library / "google/**/*.py", library / "tests/**/*.py"], + "from grafeas.v1", + "from grafeas.grafeas_v1", + ) + + s.replace( + [library / "google/**/*.py", library / "tests/**/*.py"], + "from grafeas.grafeas_v1 import attestation_pb2", + "from grafeas.grafeas_v1.types import attestation", + ) + + s.replace( + [library / "google/**/*.py", library / "tests/**/*.py"], + "from grafeas.grafeas_v1 import common_pb2", + "from grafeas.grafeas_v1.types import common", + ) + + s.replace( + [library / "google/**/*.py", library / "tests/**/*.py"], + "message=attestation_pb2", + "message=attestation", + ) + + s.replace( + [library / "google/**/*.py", library / "tests/**/*.py"], + "grafeas.v1.attestation_pb2.AttestationOccurrence", + "grafeas.grafeas_v1.types.attestation.AttestationOccurrence", + ) + s.move(library, excludes=["setup.py", "README.rst", "docs/index.rst"]) s.remove_staging_dirs() @@ -46,58 +77,4 @@ excludes=[".coveragerc"], # the microgenerator has a good coveragerc file ) -# Remove the replacements below once https://github.com/googleapis/synthtool/pull/1188 is merged - -# Update googleapis/repo-automation-bots repo to main in .kokoro/*.sh files -s.replace(".kokoro/*.sh", "repo-automation-bots/tree/master", "repo-automation-bots/tree/main") - -# Customize CONTRIBUTING.rst to replace master with main -s.replace( - "CONTRIBUTING.rst", - "fetch and merge changes from upstream into master", - "fetch and merge changes from upstream into main", -) - -s.replace( - "CONTRIBUTING.rst", - "git merge upstream/master", - "git merge upstream/main", -) - -s.replace( - "CONTRIBUTING.rst", - """export GOOGLE_CLOUD_TESTING_BRANCH=\"master\"""", - """export GOOGLE_CLOUD_TESTING_BRANCH=\"main\"""", -) - -s.replace( - "CONTRIBUTING.rst", - "remote \(``master``\)", - "remote (``main``)", -) - -s.replace( - "CONTRIBUTING.rst", - "blob/master/CONTRIBUTING.rst", - "blob/main/CONTRIBUTING.rst", -) - -s.replace( - "CONTRIBUTING.rst", - "blob/master/noxfile.py", - "blob/main/noxfile.py", -) - -s.replace( - "docs/conf.py", - "master_doc", - "root_doc", -) - -s.replace( - "docs/conf.py", - "# The master toctree document.", - "# The root toctree document.", -) - s.shell.run(["nox", "-s", "blacken"], hide_output=False) diff --git a/scripts/fixup_binaryauthorization_v1_keywords.py b/scripts/fixup_binaryauthorization_v1_keywords.py new file mode 100644 index 0000000..c11889d --- /dev/null +++ b/scripts/fixup_binaryauthorization_v1_keywords.py @@ -0,0 +1,184 @@ +#! /usr/bin/env python3 +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import argparse +import os +import libcst as cst +import pathlib +import sys +from typing import (Any, Callable, Dict, List, Sequence, Tuple) + + +def partition( + predicate: Callable[[Any], bool], + iterator: Sequence[Any] +) -> Tuple[List[Any], List[Any]]: + """A stable, out-of-place partition.""" + results = ([], []) + + for i in iterator: + results[int(predicate(i))].append(i) + + # Returns trueList, falseList + return results[1], results[0] + + +class binaryauthorizationCallTransformer(cst.CSTTransformer): + CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') + METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { + 'create_attestor': ('parent', 'attestor_id', 'attestor', ), + 'delete_attestor': ('name', ), + 'get_attestor': ('name', ), + 'get_policy': ('name', ), + 'get_system_policy': ('name', ), + 'list_attestors': ('parent', 'page_size', 'page_token', ), + 'update_attestor': ('attestor', ), + 'update_policy': ('policy', ), + 'validate_attestation_occurrence': ('attestor', 'attestation', 'occurrence_note', 'occurrence_resource_uri', ), + } + + def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: + try: + key = original.func.attr.value + kword_params = self.METHOD_TO_PARAMS[key] + except (AttributeError, KeyError): + # Either not a method from the API or too convoluted to be sure. + return updated + + # If the existing code is valid, keyword args come after positional args. + # Therefore, all positional args must map to the first parameters. + args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) + if any(k.keyword.value == "request" for k in kwargs): + # We've already fixed this file, don't fix it again. + return updated + + kwargs, ctrl_kwargs = partition( + lambda a: not a.keyword.value in self.CTRL_PARAMS, + kwargs + ) + + args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] + ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) + for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) + + request_arg = cst.Arg( + value=cst.Dict([ + cst.DictElement( + cst.SimpleString("'{}'".format(name)), +cst.Element(value=arg.value) + ) + # Note: the args + kwargs looks silly, but keep in mind that + # the control parameters had to be stripped out, and that + # those could have been passed positionally or by keyword. + for name, arg in zip(kword_params, args + kwargs)]), + keyword=cst.Name("request") + ) + + return updated.with_changes( + args=[request_arg] + ctrl_kwargs + ) + + +def fix_files( + in_dir: pathlib.Path, + out_dir: pathlib.Path, + *, + transformer=binaryauthorizationCallTransformer(), +): + """Duplicate the input dir to the output dir, fixing file method calls. + + Preconditions: + * in_dir is a real directory + * out_dir is a real, empty directory + """ + pyfile_gen = ( + pathlib.Path(os.path.join(root, f)) + for root, _, files in os.walk(in_dir) + for f in files if os.path.splitext(f)[1] == ".py" + ) + + for fpath in pyfile_gen: + with open(fpath, 'r') as f: + src = f.read() + + # Parse the code and insert method call fixes. + tree = cst.parse_module(src) + updated = tree.visit(transformer) + + # Create the path and directory structure for the new file. + updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) + updated_path.parent.mkdir(parents=True, exist_ok=True) + + # Generate the updated source file at the corresponding path. + with open(updated_path, 'w') as f: + f.write(updated.code) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description="""Fix up source that uses the binaryauthorization client library. + +The existing sources are NOT overwritten but are copied to output_dir with changes made. + +Note: This tool operates at a best-effort level at converting positional + parameters in client method calls to keyword based parameters. + Cases where it WILL FAIL include + A) * or ** expansion in a method call. + B) Calls via function or method alias (includes free function calls) + C) Indirect or dispatched calls (e.g. the method is looked up dynamically) + + These all constitute false negatives. The tool will also detect false + positives when an API method shares a name with another method. +""") + parser.add_argument( + '-d', + '--input-directory', + required=True, + dest='input_dir', + help='the input directory to walk for python files to fix up', + ) + parser.add_argument( + '-o', + '--output-directory', + required=True, + dest='output_dir', + help='the directory to output files fixed via un-flattening', + ) + args = parser.parse_args() + input_dir = pathlib.Path(args.input_dir) + output_dir = pathlib.Path(args.output_dir) + if not input_dir.is_dir(): + print( + f"input directory '{input_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if not output_dir.is_dir(): + print( + f"output directory '{output_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if os.listdir(output_dir): + print( + f"output directory '{output_dir}' is not empty", + file=sys.stderr, + ) + sys.exit(-1) + + fix_files(input_dir, output_dir) diff --git a/setup.py b/setup.py index 9edeb77..e00139e 100644 --- a/setup.py +++ b/setup.py @@ -36,7 +36,7 @@ author="Google LLC", author_email="googleapis-packages@google.com", license="Apache 2.0", - url="https://github.com/googleapis/python-documentai", + url="https://github.com/googleapis/python-binary-authorization", packages=[ package for package in setuptools.PEP420PackageFinder.find() @@ -50,8 +50,9 @@ # Until this issue is closed # https://github.com/googleapis/google-cloud-python/issues/10566 "google-api-core[grpc] >= 1.26.0, <3.0.0dev", - "proto-plus >= 1.4.0", + "proto-plus >= 1.15.0", "packaging >= 14.3", + "grafeas >= 1.1.2", ), python_requires=">=3.6", classifiers=[ diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt index e94a653..db1749a 100644 --- a/testing/constraints-3.6.txt +++ b/testing/constraints-3.6.txt @@ -5,6 +5,7 @@ # e.g., if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0dev", # Then this file should have google-cloud-foo==1.14.0 google-api-core==1.26.0 -proto-plus==1.4.0 +proto-plus==1.15.0 +grafeas==1.1.2 packaging==14.3 google-auth==1.24.0 # TODO: remove when google-auth>=1.25.0 si transitively required through google-api-core diff --git a/tests/unit/gapic/binaryauthorization_v1/__init__.py b/tests/unit/gapic/binaryauthorization_v1/__init__.py new file mode 100644 index 0000000..4de6597 --- /dev/null +++ b/tests/unit/gapic/binaryauthorization_v1/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/tests/unit/gapic/binaryauthorization_v1/test_binauthz_management_service_v1.py b/tests/unit/gapic/binaryauthorization_v1/test_binauthz_management_service_v1.py new file mode 100644 index 0000000..bc3bf1c --- /dev/null +++ b/tests/unit/gapic/binaryauthorization_v1/test_binauthz_management_service_v1.py @@ -0,0 +1,2821 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import mock +import packaging.version + +import grpc +from grpc.experimental import aio +import math +import pytest +from proto.marshal.rules.dates import DurationRule, TimestampRule + + +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import ( + BinauthzManagementServiceV1AsyncClient, +) +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import ( + BinauthzManagementServiceV1Client, +) +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import ( + pagers, +) +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1 import ( + transports, +) +from google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base import ( + _GOOGLE_AUTH_VERSION, +) +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.oauth2 import service_account +from google.protobuf import timestamp_pb2 # type: ignore +import google.auth + + +# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively +# through google-api-core: +# - Delete the auth "less than" test cases +# - Delete these pytest markers (Make the "greater than or equal to" tests the default). +requires_google_auth_lt_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), + reason="This test requires google-auth < 1.25.0", +) +requires_google_auth_gte_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), + reason="This test requires google-auth >= 1.25.0", +) + + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return ( + "foo.googleapis.com" + if ("localhost" in client.DEFAULT_ENDPOINT) + else client.DEFAULT_ENDPOINT + ) + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert BinauthzManagementServiceV1Client._get_default_mtls_endpoint(None) is None + assert ( + BinauthzManagementServiceV1Client._get_default_mtls_endpoint(api_endpoint) + == api_mtls_endpoint + ) + assert ( + BinauthzManagementServiceV1Client._get_default_mtls_endpoint(api_mtls_endpoint) + == api_mtls_endpoint + ) + assert ( + BinauthzManagementServiceV1Client._get_default_mtls_endpoint(sandbox_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + BinauthzManagementServiceV1Client._get_default_mtls_endpoint( + sandbox_mtls_endpoint + ) + == sandbox_mtls_endpoint + ) + assert ( + BinauthzManagementServiceV1Client._get_default_mtls_endpoint(non_googleapi) + == non_googleapi + ) + + +@pytest.mark.parametrize( + "client_class", + [BinauthzManagementServiceV1Client, BinauthzManagementServiceV1AsyncClient,], +) +def test_binauthz_management_service_v1_client_from_service_account_info(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.BinauthzManagementServiceV1GrpcTransport, "grpc"), + (transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_binauthz_management_service_v1_client_service_account_always_use_jwt( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "client_class", + [BinauthzManagementServiceV1Client, BinauthzManagementServiceV1AsyncClient,], +) +def test_binauthz_management_service_v1_client_from_service_account_file(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_file" + ) as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +def test_binauthz_management_service_v1_client_get_transport_class(): + transport = BinauthzManagementServiceV1Client.get_transport_class() + available_transports = [ + transports.BinauthzManagementServiceV1GrpcTransport, + ] + assert transport in available_transports + + transport = BinauthzManagementServiceV1Client.get_transport_class("grpc") + assert transport == transports.BinauthzManagementServiceV1GrpcTransport + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + ( + BinauthzManagementServiceV1Client, + transports.BinauthzManagementServiceV1GrpcTransport, + "grpc", + ), + ( + BinauthzManagementServiceV1AsyncClient, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +@mock.patch.object( + BinauthzManagementServiceV1Client, + "DEFAULT_ENDPOINT", + modify_default_endpoint(BinauthzManagementServiceV1Client), +) +@mock.patch.object( + BinauthzManagementServiceV1AsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(BinauthzManagementServiceV1AsyncClient), +) +def test_binauthz_management_service_v1_client_client_options( + client_class, transport_class, transport_name +): + # Check that if channel is provided we won't create a new one. + with mock.patch.object( + BinauthzManagementServiceV1Client, "get_transport_class" + ) as gtc: + transport = transport_class(credentials=ga_credentials.AnonymousCredentials()) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object( + BinauthzManagementServiceV1Client, "get_transport_class" + ) as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class() + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"} + ): + with pytest.raises(ValueError): + client = client_class() + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name,use_client_cert_env", + [ + ( + BinauthzManagementServiceV1Client, + transports.BinauthzManagementServiceV1GrpcTransport, + "grpc", + "true", + ), + ( + BinauthzManagementServiceV1AsyncClient, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + "grpc_asyncio", + "true", + ), + ( + BinauthzManagementServiceV1Client, + transports.BinauthzManagementServiceV1GrpcTransport, + "grpc", + "false", + ), + ( + BinauthzManagementServiceV1AsyncClient, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + "grpc_asyncio", + "false", + ), + ], +) +@mock.patch.object( + BinauthzManagementServiceV1Client, + "DEFAULT_ENDPOINT", + modify_default_endpoint(BinauthzManagementServiceV1Client), +) +@mock.patch.object( + BinauthzManagementServiceV1AsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(BinauthzManagementServiceV1AsyncClient), +) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_binauthz_management_service_v1_client_mtls_env_auto( + client_class, transport_class, transport_name, use_client_cert_env +): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + options = client_options.ClientOptions( + client_cert_source=client_cert_source_callback + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, + ): + with mock.patch( + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + ( + BinauthzManagementServiceV1Client, + transports.BinauthzManagementServiceV1GrpcTransport, + "grpc", + ), + ( + BinauthzManagementServiceV1AsyncClient, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_binauthz_management_service_v1_client_client_options_scopes( + client_class, transport_class, transport_name +): + # Check the case scopes are provided. + options = client_options.ClientOptions(scopes=["1", "2"],) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + ( + BinauthzManagementServiceV1Client, + transports.BinauthzManagementServiceV1GrpcTransport, + "grpc", + ), + ( + BinauthzManagementServiceV1AsyncClient, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_binauthz_management_service_v1_client_client_options_credentials_file( + client_class, transport_class, transport_name +): + # Check the case credentials file is provided. + options = client_options.ClientOptions(credentials_file="credentials.json") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_binauthz_management_service_v1_client_client_options_from_dict(): + with mock.patch( + "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1GrpcTransport.__init__" + ) as grpc_transport: + grpc_transport.return_value = None + client = BinauthzManagementServiceV1Client( + client_options={"api_endpoint": "squid.clam.whelk"} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_get_policy(transport: str = "grpc", request_type=service.GetPolicyRequest): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy( + name="name_value", + description="description_value", + global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE, + ) + response = client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Policy) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.global_policy_evaluation_mode + == resources.Policy.GlobalPolicyEvaluationMode.ENABLE + ) + + +def test_get_policy_from_dict(): + test_get_policy(request_type=dict) + + +def test_get_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + client.get_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetPolicyRequest() + + +@pytest.mark.asyncio +async def test_get_policy_async( + transport: str = "grpc_asyncio", request_type=service.GetPolicyRequest +): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.Policy( + name="name_value", + description="description_value", + global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE, + ) + ) + response = await client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Policy) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.global_policy_evaluation_mode + == resources.Policy.GlobalPolicyEvaluationMode.ENABLE + ) + + +@pytest.mark.asyncio +async def test_get_policy_async_from_dict(): + await test_get_policy_async(request_type=dict) + + +def test_get_policy_field_headers(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetPolicyRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + call.return_value = resources.Policy() + client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_policy_field_headers_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetPolicyRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy()) + await client.get_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_policy_flattened(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_policy(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +def test_get_policy_flattened_error(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_policy( + service.GetPolicyRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_policy_flattened_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_policy(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_policy_flattened_error_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_policy( + service.GetPolicyRequest(), name="name_value", + ) + + +def test_update_policy( + transport: str = "grpc", request_type=service.UpdatePolicyRequest +): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy( + name="name_value", + description="description_value", + global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE, + ) + response = client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdatePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Policy) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.global_policy_evaluation_mode + == resources.Policy.GlobalPolicyEvaluationMode.ENABLE + ) + + +def test_update_policy_from_dict(): + test_update_policy(request_type=dict) + + +def test_update_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + client.update_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdatePolicyRequest() + + +@pytest.mark.asyncio +async def test_update_policy_async( + transport: str = "grpc_asyncio", request_type=service.UpdatePolicyRequest +): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.Policy( + name="name_value", + description="description_value", + global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE, + ) + ) + response = await client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdatePolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Policy) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.global_policy_evaluation_mode + == resources.Policy.GlobalPolicyEvaluationMode.ENABLE + ) + + +@pytest.mark.asyncio +async def test_update_policy_async_from_dict(): + await test_update_policy_async(request_type=dict) + + +def test_update_policy_field_headers(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdatePolicyRequest() + + request.policy.name = "policy.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + call.return_value = resources.Policy() + client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "policy.name=policy.name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_update_policy_field_headers_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdatePolicyRequest() + + request.policy.name = "policy.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy()) + await client.update_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "policy.name=policy.name/value",) in kw["metadata"] + + +def test_update_policy_flattened(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.update_policy(policy=resources.Policy(name="name_value"),) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].policy == resources.Policy(name="name_value") + + +def test_update_policy_flattened_error(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_policy( + service.UpdatePolicyRequest(), policy=resources.Policy(name="name_value"), + ) + + +@pytest.mark.asyncio +async def test_update_policy_flattened_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.update_policy( + policy=resources.Policy(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].policy == resources.Policy(name="name_value") + + +@pytest.mark.asyncio +async def test_update_policy_flattened_error_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.update_policy( + service.UpdatePolicyRequest(), policy=resources.Policy(name="name_value"), + ) + + +def test_create_attestor( + transport: str = "grpc", request_type=service.CreateAttestorRequest +): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor( + name="name_value", + description="description_value", + user_owned_grafeas_note=resources.UserOwnedGrafeasNote( + note_reference="note_reference_value" + ), + ) + response = client.create_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateAttestorRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Attestor) + assert response.name == "name_value" + assert response.description == "description_value" + + +def test_create_attestor_from_dict(): + test_create_attestor(request_type=dict) + + +def test_create_attestor_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_attestor), "__call__") as call: + client.create_attestor() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateAttestorRequest() + + +@pytest.mark.asyncio +async def test_create_attestor_async( + transport: str = "grpc_asyncio", request_type=service.CreateAttestorRequest +): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.Attestor(name="name_value", description="description_value",) + ) + response = await client.create_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.CreateAttestorRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Attestor) + assert response.name == "name_value" + assert response.description == "description_value" + + +@pytest.mark.asyncio +async def test_create_attestor_async_from_dict(): + await test_create_attestor_async(request_type=dict) + + +def test_create_attestor_field_headers(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateAttestorRequest() + + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_attestor), "__call__") as call: + call.return_value = resources.Attestor() + client.create_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_create_attestor_field_headers_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateAttestorRequest() + + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_attestor), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor()) + await client.create_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_create_attestor_flattened(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_attestor( + parent="parent_value", + attestor_id="attestor_id_value", + attestor=resources.Attestor(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].parent == "parent_value" + assert args[0].attestor_id == "attestor_id_value" + assert args[0].attestor == resources.Attestor(name="name_value") + + +def test_create_attestor_flattened_error(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_attestor( + service.CreateAttestorRequest(), + parent="parent_value", + attestor_id="attestor_id_value", + attestor=resources.Attestor(name="name_value"), + ) + + +@pytest.mark.asyncio +async def test_create_attestor_flattened_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.create_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_attestor( + parent="parent_value", + attestor_id="attestor_id_value", + attestor=resources.Attestor(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].parent == "parent_value" + assert args[0].attestor_id == "attestor_id_value" + assert args[0].attestor == resources.Attestor(name="name_value") + + +@pytest.mark.asyncio +async def test_create_attestor_flattened_error_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_attestor( + service.CreateAttestorRequest(), + parent="parent_value", + attestor_id="attestor_id_value", + attestor=resources.Attestor(name="name_value"), + ) + + +def test_get_attestor(transport: str = "grpc", request_type=service.GetAttestorRequest): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor( + name="name_value", + description="description_value", + user_owned_grafeas_note=resources.UserOwnedGrafeasNote( + note_reference="note_reference_value" + ), + ) + response = client.get_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetAttestorRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Attestor) + assert response.name == "name_value" + assert response.description == "description_value" + + +def test_get_attestor_from_dict(): + test_get_attestor(request_type=dict) + + +def test_get_attestor_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_attestor), "__call__") as call: + client.get_attestor() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetAttestorRequest() + + +@pytest.mark.asyncio +async def test_get_attestor_async( + transport: str = "grpc_asyncio", request_type=service.GetAttestorRequest +): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.Attestor(name="name_value", description="description_value",) + ) + response = await client.get_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetAttestorRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Attestor) + assert response.name == "name_value" + assert response.description == "description_value" + + +@pytest.mark.asyncio +async def test_get_attestor_async_from_dict(): + await test_get_attestor_async(request_type=dict) + + +def test_get_attestor_field_headers(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetAttestorRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_attestor), "__call__") as call: + call.return_value = resources.Attestor() + client.get_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_attestor_field_headers_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetAttestorRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_attestor), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor()) + await client.get_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_attestor_flattened(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_attestor(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +def test_get_attestor_flattened_error(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_attestor( + service.GetAttestorRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_attestor_flattened_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_attestor(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_attestor_flattened_error_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_attestor( + service.GetAttestorRequest(), name="name_value", + ) + + +def test_update_attestor( + transport: str = "grpc", request_type=service.UpdateAttestorRequest +): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor( + name="name_value", + description="description_value", + user_owned_grafeas_note=resources.UserOwnedGrafeasNote( + note_reference="note_reference_value" + ), + ) + response = client.update_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdateAttestorRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Attestor) + assert response.name == "name_value" + assert response.description == "description_value" + + +def test_update_attestor_from_dict(): + test_update_attestor(request_type=dict) + + +def test_update_attestor_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_attestor), "__call__") as call: + client.update_attestor() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdateAttestorRequest() + + +@pytest.mark.asyncio +async def test_update_attestor_async( + transport: str = "grpc_asyncio", request_type=service.UpdateAttestorRequest +): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.Attestor(name="name_value", description="description_value",) + ) + response = await client.update_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.UpdateAttestorRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Attestor) + assert response.name == "name_value" + assert response.description == "description_value" + + +@pytest.mark.asyncio +async def test_update_attestor_async_from_dict(): + await test_update_attestor_async(request_type=dict) + + +def test_update_attestor_field_headers(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateAttestorRequest() + + request.attestor.name = "attestor.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_attestor), "__call__") as call: + call.return_value = resources.Attestor() + client.update_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "attestor.name=attestor.name/value",) in kw[ + "metadata" + ] + + +@pytest.mark.asyncio +async def test_update_attestor_field_headers_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateAttestorRequest() + + request.attestor.name = "attestor.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_attestor), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor()) + await client.update_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "attestor.name=attestor.name/value",) in kw[ + "metadata" + ] + + +def test_update_attestor_flattened(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.update_attestor(attestor=resources.Attestor(name="name_value"),) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].attestor == resources.Attestor(name="name_value") + + +def test_update_attestor_flattened_error(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_attestor( + service.UpdateAttestorRequest(), + attestor=resources.Attestor(name="name_value"), + ) + + +@pytest.mark.asyncio +async def test_update_attestor_flattened_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.update_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Attestor() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Attestor()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.update_attestor( + attestor=resources.Attestor(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].attestor == resources.Attestor(name="name_value") + + +@pytest.mark.asyncio +async def test_update_attestor_flattened_error_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.update_attestor( + service.UpdateAttestorRequest(), + attestor=resources.Attestor(name="name_value"), + ) + + +def test_list_attestors( + transport: str = "grpc", request_type=service.ListAttestorsRequest +): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListAttestorsResponse( + next_page_token="next_page_token_value", + ) + response = client.list_attestors(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListAttestorsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListAttestorsPager) + assert response.next_page_token == "next_page_token_value" + + +def test_list_attestors_from_dict(): + test_list_attestors(request_type=dict) + + +def test_list_attestors_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + client.list_attestors() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListAttestorsRequest() + + +@pytest.mark.asyncio +async def test_list_attestors_async( + transport: str = "grpc_asyncio", request_type=service.ListAttestorsRequest +): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListAttestorsResponse(next_page_token="next_page_token_value",) + ) + response = await client.list_attestors(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.ListAttestorsRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListAttestorsAsyncPager) + assert response.next_page_token == "next_page_token_value" + + +@pytest.mark.asyncio +async def test_list_attestors_async_from_dict(): + await test_list_attestors_async(request_type=dict) + + +def test_list_attestors_field_headers(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListAttestorsRequest() + + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + call.return_value = service.ListAttestorsResponse() + client.list_attestors(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_list_attestors_field_headers_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListAttestorsRequest() + + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListAttestorsResponse() + ) + await client.list_attestors(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_list_attestors_flattened(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListAttestorsResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_attestors(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].parent == "parent_value" + + +def test_list_attestors_flattened_error(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_attestors( + service.ListAttestorsRequest(), parent="parent_value", + ) + + +@pytest.mark.asyncio +async def test_list_attestors_flattened_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListAttestorsResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListAttestorsResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_attestors(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].parent == "parent_value" + + +@pytest.mark.asyncio +async def test_list_attestors_flattened_error_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_attestors( + service.ListAttestorsRequest(), parent="parent_value", + ) + + +def test_list_attestors_pager(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListAttestorsResponse( + attestors=[ + resources.Attestor(), + resources.Attestor(), + resources.Attestor(), + ], + next_page_token="abc", + ), + service.ListAttestorsResponse(attestors=[], next_page_token="def",), + service.ListAttestorsResponse( + attestors=[resources.Attestor(),], next_page_token="ghi", + ), + service.ListAttestorsResponse( + attestors=[resources.Attestor(), resources.Attestor(),], + ), + RuntimeError, + ) + + metadata = () + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", ""),)), + ) + pager = client.list_attestors(request={}) + + assert pager._metadata == metadata + + results = [i for i in pager] + assert len(results) == 6 + assert all(isinstance(i, resources.Attestor) for i in results) + + +def test_list_attestors_pages(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_attestors), "__call__") as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListAttestorsResponse( + attestors=[ + resources.Attestor(), + resources.Attestor(), + resources.Attestor(), + ], + next_page_token="abc", + ), + service.ListAttestorsResponse(attestors=[], next_page_token="def",), + service.ListAttestorsResponse( + attestors=[resources.Attestor(),], next_page_token="ghi", + ), + service.ListAttestorsResponse( + attestors=[resources.Attestor(), resources.Attestor(),], + ), + RuntimeError, + ) + pages = list(client.list_attestors(request={}).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.asyncio +async def test_list_attestors_async_pager(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_attestors), "__call__", new_callable=mock.AsyncMock + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListAttestorsResponse( + attestors=[ + resources.Attestor(), + resources.Attestor(), + resources.Attestor(), + ], + next_page_token="abc", + ), + service.ListAttestorsResponse(attestors=[], next_page_token="def",), + service.ListAttestorsResponse( + attestors=[resources.Attestor(),], next_page_token="ghi", + ), + service.ListAttestorsResponse( + attestors=[resources.Attestor(), resources.Attestor(),], + ), + RuntimeError, + ) + async_pager = await client.list_attestors(request={},) + assert async_pager.next_page_token == "abc" + responses = [] + async for response in async_pager: + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, resources.Attestor) for i in responses) + + +@pytest.mark.asyncio +async def test_list_attestors_async_pages(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_attestors), "__call__", new_callable=mock.AsyncMock + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListAttestorsResponse( + attestors=[ + resources.Attestor(), + resources.Attestor(), + resources.Attestor(), + ], + next_page_token="abc", + ), + service.ListAttestorsResponse(attestors=[], next_page_token="def",), + service.ListAttestorsResponse( + attestors=[resources.Attestor(),], next_page_token="ghi", + ), + service.ListAttestorsResponse( + attestors=[resources.Attestor(), resources.Attestor(),], + ), + RuntimeError, + ) + pages = [] + async for page_ in (await client.list_attestors(request={})).pages: + pages.append(page_) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +def test_delete_attestor( + transport: str = "grpc", request_type=service.DeleteAttestorRequest +): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + response = client.delete_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.DeleteAttestorRequest() + + # Establish that the response is the type that we expect. + assert response is None + + +def test_delete_attestor_from_dict(): + test_delete_attestor(request_type=dict) + + +def test_delete_attestor_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call: + client.delete_attestor() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.DeleteAttestorRequest() + + +@pytest.mark.asyncio +async def test_delete_attestor_async( + transport: str = "grpc_asyncio", request_type=service.DeleteAttestorRequest +): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + response = await client.delete_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.DeleteAttestorRequest() + + # Establish that the response is the type that we expect. + assert response is None + + +@pytest.mark.asyncio +async def test_delete_attestor_async_from_dict(): + await test_delete_attestor_async(request_type=dict) + + +def test_delete_attestor_field_headers(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DeleteAttestorRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call: + call.return_value = None + client.delete_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_delete_attestor_field_headers_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DeleteAttestorRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + await client.delete_attestor(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_delete_attestor_flattened(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.delete_attestor(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +def test_delete_attestor_flattened_error(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_attestor( + service.DeleteAttestorRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_delete_attestor_flattened_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_attestor), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(None) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.delete_attestor(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_delete_attestor_flattened_error_async(): + client = BinauthzManagementServiceV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.delete_attestor( + service.DeleteAttestorRequest(), name="name_value", + ) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.BinauthzManagementServiceV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.BinauthzManagementServiceV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = BinauthzManagementServiceV1Client( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.BinauthzManagementServiceV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = BinauthzManagementServiceV1Client( + client_options={"scopes": ["1", "2"]}, transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.BinauthzManagementServiceV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = BinauthzManagementServiceV1Client(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.BinauthzManagementServiceV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.BinauthzManagementServiceV1GrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.BinauthzManagementServiceV1GrpcTransport, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, transports.BinauthzManagementServiceV1GrpcTransport, + ) + + +def test_binauthz_management_service_v1_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.BinauthzManagementServiceV1Transport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_binauthz_management_service_v1_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.BinauthzManagementServiceV1Transport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + "get_policy", + "update_policy", + "create_attestor", + "get_attestor", + "update_attestor", + "list_attestors", + "delete_attestor", + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + +@requires_google_auth_gte_1_25_0 +def test_binauthz_management_service_v1_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.BinauthzManagementServiceV1Transport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@requires_google_auth_lt_1_25_0 +def test_binauthz_management_service_v1_base_transport_with_credentials_file_old_google_auth(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.BinauthzManagementServiceV1Transport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +def test_binauthz_management_service_v1_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( + "google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.BinauthzManagementServiceV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.BinauthzManagementServiceV1Transport() + adc.assert_called_once() + + +@requires_google_auth_gte_1_25_0 +def test_binauthz_management_service_v1_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + BinauthzManagementServiceV1Client() + adc.assert_called_once_with( + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@requires_google_auth_lt_1_25_0 +def test_binauthz_management_service_v1_auth_adc_old_google_auth(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + BinauthzManagementServiceV1Client() + adc.assert_called_once_with( + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.BinauthzManagementServiceV1GrpcTransport, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + ], +) +@requires_google_auth_gte_1_25_0 +def test_binauthz_management_service_v1_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.BinauthzManagementServiceV1GrpcTransport, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + ], +) +@requires_google_auth_lt_1_25_0 +def test_binauthz_management_service_v1_transport_auth_adc_old_google_auth( + transport_class, +): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus") + adc.assert_called_once_with( + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.BinauthzManagementServiceV1GrpcTransport, grpc_helpers), + ( + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + grpc_helpers_async, + ), + ], +) +def test_binauthz_management_service_v1_transport_create_channel( + transport_class, grpc_helpers +): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "binaryauthorization.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=["1", "2"], + default_host="binaryauthorization.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.BinauthzManagementServiceV1GrpcTransport, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + ], +) +def test_binauthz_management_service_v1_grpc_transport_client_cert_source_for_mtls( + transport_class, +): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + +def test_binauthz_management_service_v1_host_no_port(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="binaryauthorization.googleapis.com" + ), + ) + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +def test_binauthz_management_service_v1_host_with_port(): + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="binaryauthorization.googleapis.com:8000" + ), + ) + assert client.transport._host == "binaryauthorization.googleapis.com:8000" + + +def test_binauthz_management_service_v1_grpc_transport_channel(): + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.BinauthzManagementServiceV1GrpcTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_binauthz_management_service_v1_grpc_asyncio_transport_channel(): + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.BinauthzManagementServiceV1GrpcAsyncIOTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.BinauthzManagementServiceV1GrpcTransport, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + ], +) +def test_binauthz_management_service_v1_transport_channel_mtls_with_client_cert_source( + transport_class, +): + with mock.patch( + "grpc.ssl_channel_credentials", autospec=True + ) as grpc_ssl_channel_cred: + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.BinauthzManagementServiceV1GrpcTransport, + transports.BinauthzManagementServiceV1GrpcAsyncIOTransport, + ], +) +def test_binauthz_management_service_v1_transport_channel_mtls_with_adc( + transport_class, +): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_attestor_path(): + project = "squid" + attestor = "clam" + expected = "projects/{project}/attestors/{attestor}".format( + project=project, attestor=attestor, + ) + actual = BinauthzManagementServiceV1Client.attestor_path(project, attestor) + assert expected == actual + + +def test_parse_attestor_path(): + expected = { + "project": "whelk", + "attestor": "octopus", + } + path = BinauthzManagementServiceV1Client.attestor_path(**expected) + + # Check that the path construction is reversible. + actual = BinauthzManagementServiceV1Client.parse_attestor_path(path) + assert expected == actual + + +def test_policy_path(): + project = "oyster" + expected = "projects/{project}/policy".format(project=project,) + actual = BinauthzManagementServiceV1Client.policy_path(project) + assert expected == actual + + +def test_parse_policy_path(): + expected = { + "project": "nudibranch", + } + path = BinauthzManagementServiceV1Client.policy_path(**expected) + + # Check that the path construction is reversible. + actual = BinauthzManagementServiceV1Client.parse_policy_path(path) + assert expected == actual + + +def test_common_billing_account_path(): + billing_account = "cuttlefish" + expected = "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + actual = BinauthzManagementServiceV1Client.common_billing_account_path( + billing_account + ) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "mussel", + } + path = BinauthzManagementServiceV1Client.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = BinauthzManagementServiceV1Client.parse_common_billing_account_path(path) + assert expected == actual + + +def test_common_folder_path(): + folder = "winkle" + expected = "folders/{folder}".format(folder=folder,) + actual = BinauthzManagementServiceV1Client.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "nautilus", + } + path = BinauthzManagementServiceV1Client.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = BinauthzManagementServiceV1Client.parse_common_folder_path(path) + assert expected == actual + + +def test_common_organization_path(): + organization = "scallop" + expected = "organizations/{organization}".format(organization=organization,) + actual = BinauthzManagementServiceV1Client.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "abalone", + } + path = BinauthzManagementServiceV1Client.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = BinauthzManagementServiceV1Client.parse_common_organization_path(path) + assert expected == actual + + +def test_common_project_path(): + project = "squid" + expected = "projects/{project}".format(project=project,) + actual = BinauthzManagementServiceV1Client.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "clam", + } + path = BinauthzManagementServiceV1Client.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = BinauthzManagementServiceV1Client.parse_common_project_path(path) + assert expected == actual + + +def test_common_location_path(): + project = "whelk" + location = "octopus" + expected = "projects/{project}/locations/{location}".format( + project=project, location=location, + ) + actual = BinauthzManagementServiceV1Client.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "oyster", + "location": "nudibranch", + } + path = BinauthzManagementServiceV1Client.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = BinauthzManagementServiceV1Client.parse_common_location_path(path) + assert expected == actual + + +def test_client_withDEFAULT_CLIENT_INFO(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object( + transports.BinauthzManagementServiceV1Transport, "_prep_wrapped_messages" + ) as prep: + client = BinauthzManagementServiceV1Client( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object( + transports.BinauthzManagementServiceV1Transport, "_prep_wrapped_messages" + ) as prep: + transport_class = BinauthzManagementServiceV1Client.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) diff --git a/tests/unit/gapic/binaryauthorization_v1/test_system_policy_v1.py b/tests/unit/gapic/binaryauthorization_v1/test_system_policy_v1.py new file mode 100644 index 0000000..546b2a7 --- /dev/null +++ b/tests/unit/gapic/binaryauthorization_v1/test_system_policy_v1.py @@ -0,0 +1,1308 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import mock +import packaging.version + +import grpc +from grpc.experimental import aio +import math +import pytest +from proto.marshal.rules.dates import DurationRule, TimestampRule + + +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.binaryauthorization_v1.services.system_policy_v1 import ( + SystemPolicyV1AsyncClient, +) +from google.cloud.binaryauthorization_v1.services.system_policy_v1 import ( + SystemPolicyV1Client, +) +from google.cloud.binaryauthorization_v1.services.system_policy_v1 import transports +from google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.base import ( + _GOOGLE_AUTH_VERSION, +) +from google.cloud.binaryauthorization_v1.types import resources +from google.cloud.binaryauthorization_v1.types import service +from google.oauth2 import service_account +from google.protobuf import timestamp_pb2 # type: ignore +import google.auth + + +# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively +# through google-api-core: +# - Delete the auth "less than" test cases +# - Delete these pytest markers (Make the "greater than or equal to" tests the default). +requires_google_auth_lt_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), + reason="This test requires google-auth < 1.25.0", +) +requires_google_auth_gte_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), + reason="This test requires google-auth >= 1.25.0", +) + + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return ( + "foo.googleapis.com" + if ("localhost" in client.DEFAULT_ENDPOINT) + else client.DEFAULT_ENDPOINT + ) + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert SystemPolicyV1Client._get_default_mtls_endpoint(None) is None + assert ( + SystemPolicyV1Client._get_default_mtls_endpoint(api_endpoint) + == api_mtls_endpoint + ) + assert ( + SystemPolicyV1Client._get_default_mtls_endpoint(api_mtls_endpoint) + == api_mtls_endpoint + ) + assert ( + SystemPolicyV1Client._get_default_mtls_endpoint(sandbox_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + SystemPolicyV1Client._get_default_mtls_endpoint(sandbox_mtls_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + SystemPolicyV1Client._get_default_mtls_endpoint(non_googleapi) == non_googleapi + ) + + +@pytest.mark.parametrize( + "client_class", [SystemPolicyV1Client, SystemPolicyV1AsyncClient,] +) +def test_system_policy_v1_client_from_service_account_info(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.SystemPolicyV1GrpcTransport, "grpc"), + (transports.SystemPolicyV1GrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_system_policy_v1_client_service_account_always_use_jwt( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "client_class", [SystemPolicyV1Client, SystemPolicyV1AsyncClient,] +) +def test_system_policy_v1_client_from_service_account_file(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_file" + ) as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +def test_system_policy_v1_client_get_transport_class(): + transport = SystemPolicyV1Client.get_transport_class() + available_transports = [ + transports.SystemPolicyV1GrpcTransport, + ] + assert transport in available_transports + + transport = SystemPolicyV1Client.get_transport_class("grpc") + assert transport == transports.SystemPolicyV1GrpcTransport + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc"), + ( + SystemPolicyV1AsyncClient, + transports.SystemPolicyV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +@mock.patch.object( + SystemPolicyV1Client, + "DEFAULT_ENDPOINT", + modify_default_endpoint(SystemPolicyV1Client), +) +@mock.patch.object( + SystemPolicyV1AsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(SystemPolicyV1AsyncClient), +) +def test_system_policy_v1_client_client_options( + client_class, transport_class, transport_name +): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(SystemPolicyV1Client, "get_transport_class") as gtc: + transport = transport_class(credentials=ga_credentials.AnonymousCredentials()) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(SystemPolicyV1Client, "get_transport_class") as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class() + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"} + ): + with pytest.raises(ValueError): + client = client_class() + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name,use_client_cert_env", + [ + (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc", "true"), + ( + SystemPolicyV1AsyncClient, + transports.SystemPolicyV1GrpcAsyncIOTransport, + "grpc_asyncio", + "true", + ), + (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc", "false"), + ( + SystemPolicyV1AsyncClient, + transports.SystemPolicyV1GrpcAsyncIOTransport, + "grpc_asyncio", + "false", + ), + ], +) +@mock.patch.object( + SystemPolicyV1Client, + "DEFAULT_ENDPOINT", + modify_default_endpoint(SystemPolicyV1Client), +) +@mock.patch.object( + SystemPolicyV1AsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(SystemPolicyV1AsyncClient), +) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_system_policy_v1_client_mtls_env_auto( + client_class, transport_class, transport_name, use_client_cert_env +): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + options = client_options.ClientOptions( + client_cert_source=client_cert_source_callback + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, + ): + with mock.patch( + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc"), + ( + SystemPolicyV1AsyncClient, + transports.SystemPolicyV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_system_policy_v1_client_client_options_scopes( + client_class, transport_class, transport_name +): + # Check the case scopes are provided. + options = client_options.ClientOptions(scopes=["1", "2"],) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (SystemPolicyV1Client, transports.SystemPolicyV1GrpcTransport, "grpc"), + ( + SystemPolicyV1AsyncClient, + transports.SystemPolicyV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_system_policy_v1_client_client_options_credentials_file( + client_class, transport_class, transport_name +): + # Check the case credentials file is provided. + options = client_options.ClientOptions(credentials_file="credentials.json") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_system_policy_v1_client_client_options_from_dict(): + with mock.patch( + "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1GrpcTransport.__init__" + ) as grpc_transport: + grpc_transport.return_value = None + client = SystemPolicyV1Client( + client_options={"api_endpoint": "squid.clam.whelk"} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_get_system_policy( + transport: str = "grpc", request_type=service.GetSystemPolicyRequest +): + client = SystemPolicyV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_system_policy), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy( + name="name_value", + description="description_value", + global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE, + ) + response = client.get_system_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetSystemPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Policy) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.global_policy_evaluation_mode + == resources.Policy.GlobalPolicyEvaluationMode.ENABLE + ) + + +def test_get_system_policy_from_dict(): + test_get_system_policy(request_type=dict) + + +def test_get_system_policy_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = SystemPolicyV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_system_policy), "__call__" + ) as call: + client.get_system_policy() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetSystemPolicyRequest() + + +@pytest.mark.asyncio +async def test_get_system_policy_async( + transport: str = "grpc_asyncio", request_type=service.GetSystemPolicyRequest +): + client = SystemPolicyV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_system_policy), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.Policy( + name="name_value", + description="description_value", + global_policy_evaluation_mode=resources.Policy.GlobalPolicyEvaluationMode.ENABLE, + ) + ) + response = await client.get_system_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.GetSystemPolicyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.Policy) + assert response.name == "name_value" + assert response.description == "description_value" + assert ( + response.global_policy_evaluation_mode + == resources.Policy.GlobalPolicyEvaluationMode.ENABLE + ) + + +@pytest.mark.asyncio +async def test_get_system_policy_async_from_dict(): + await test_get_system_policy_async(request_type=dict) + + +def test_get_system_policy_field_headers(): + client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetSystemPolicyRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_system_policy), "__call__" + ) as call: + call.return_value = resources.Policy() + client.get_system_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_system_policy_field_headers_async(): + client = SystemPolicyV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetSystemPolicyRequest() + + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_system_policy), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy()) + await client.get_system_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_system_policy_flattened(): + client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_system_policy), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_system_policy(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +def test_get_system_policy_flattened_error(): + client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_system_policy( + service.GetSystemPolicyRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_system_policy_flattened_async(): + client = SystemPolicyV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_system_policy), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.Policy() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.Policy()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_system_policy(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_system_policy_flattened_error_async(): + client = SystemPolicyV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_system_policy( + service.GetSystemPolicyRequest(), name="name_value", + ) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.SystemPolicyV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SystemPolicyV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.SystemPolicyV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SystemPolicyV1Client( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.SystemPolicyV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = SystemPolicyV1Client( + client_options={"scopes": ["1", "2"]}, transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.SystemPolicyV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = SystemPolicyV1Client(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.SystemPolicyV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.SystemPolicyV1GrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SystemPolicyV1GrpcTransport, + transports.SystemPolicyV1GrpcAsyncIOTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = SystemPolicyV1Client(credentials=ga_credentials.AnonymousCredentials(),) + assert isinstance(client.transport, transports.SystemPolicyV1GrpcTransport,) + + +def test_system_policy_v1_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.SystemPolicyV1Transport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_system_policy_v1_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.SystemPolicyV1Transport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ("get_system_policy",) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + +@requires_google_auth_gte_1_25_0 +def test_system_policy_v1_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.SystemPolicyV1Transport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@requires_google_auth_lt_1_25_0 +def test_system_policy_v1_base_transport_with_credentials_file_old_google_auth(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.SystemPolicyV1Transport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +def test_system_policy_v1_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( + "google.cloud.binaryauthorization_v1.services.system_policy_v1.transports.SystemPolicyV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.SystemPolicyV1Transport() + adc.assert_called_once() + + +@requires_google_auth_gte_1_25_0 +def test_system_policy_v1_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + SystemPolicyV1Client() + adc.assert_called_once_with( + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@requires_google_auth_lt_1_25_0 +def test_system_policy_v1_auth_adc_old_google_auth(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + SystemPolicyV1Client() + adc.assert_called_once_with( + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SystemPolicyV1GrpcTransport, + transports.SystemPolicyV1GrpcAsyncIOTransport, + ], +) +@requires_google_auth_gte_1_25_0 +def test_system_policy_v1_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SystemPolicyV1GrpcTransport, + transports.SystemPolicyV1GrpcAsyncIOTransport, + ], +) +@requires_google_auth_lt_1_25_0 +def test_system_policy_v1_transport_auth_adc_old_google_auth(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus") + adc.assert_called_once_with( + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.SystemPolicyV1GrpcTransport, grpc_helpers), + (transports.SystemPolicyV1GrpcAsyncIOTransport, grpc_helpers_async), + ], +) +def test_system_policy_v1_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "binaryauthorization.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=["1", "2"], + default_host="binaryauthorization.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.SystemPolicyV1GrpcTransport, + transports.SystemPolicyV1GrpcAsyncIOTransport, + ], +) +def test_system_policy_v1_grpc_transport_client_cert_source_for_mtls(transport_class): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + +def test_system_policy_v1_host_no_port(): + client = SystemPolicyV1Client( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="binaryauthorization.googleapis.com" + ), + ) + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +def test_system_policy_v1_host_with_port(): + client = SystemPolicyV1Client( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="binaryauthorization.googleapis.com:8000" + ), + ) + assert client.transport._host == "binaryauthorization.googleapis.com:8000" + + +def test_system_policy_v1_grpc_transport_channel(): + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.SystemPolicyV1GrpcTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_system_policy_v1_grpc_asyncio_transport_channel(): + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.SystemPolicyV1GrpcAsyncIOTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.SystemPolicyV1GrpcTransport, + transports.SystemPolicyV1GrpcAsyncIOTransport, + ], +) +def test_system_policy_v1_transport_channel_mtls_with_client_cert_source( + transport_class, +): + with mock.patch( + "grpc.ssl_channel_credentials", autospec=True + ) as grpc_ssl_channel_cred: + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.SystemPolicyV1GrpcTransport, + transports.SystemPolicyV1GrpcAsyncIOTransport, + ], +) +def test_system_policy_v1_transport_channel_mtls_with_adc(transport_class): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_policy_path(): + project = "squid" + expected = "projects/{project}/policy".format(project=project,) + actual = SystemPolicyV1Client.policy_path(project) + assert expected == actual + + +def test_parse_policy_path(): + expected = { + "project": "clam", + } + path = SystemPolicyV1Client.policy_path(**expected) + + # Check that the path construction is reversible. + actual = SystemPolicyV1Client.parse_policy_path(path) + assert expected == actual + + +def test_common_billing_account_path(): + billing_account = "whelk" + expected = "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + actual = SystemPolicyV1Client.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "octopus", + } + path = SystemPolicyV1Client.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = SystemPolicyV1Client.parse_common_billing_account_path(path) + assert expected == actual + + +def test_common_folder_path(): + folder = "oyster" + expected = "folders/{folder}".format(folder=folder,) + actual = SystemPolicyV1Client.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "nudibranch", + } + path = SystemPolicyV1Client.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = SystemPolicyV1Client.parse_common_folder_path(path) + assert expected == actual + + +def test_common_organization_path(): + organization = "cuttlefish" + expected = "organizations/{organization}".format(organization=organization,) + actual = SystemPolicyV1Client.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "mussel", + } + path = SystemPolicyV1Client.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = SystemPolicyV1Client.parse_common_organization_path(path) + assert expected == actual + + +def test_common_project_path(): + project = "winkle" + expected = "projects/{project}".format(project=project,) + actual = SystemPolicyV1Client.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "nautilus", + } + path = SystemPolicyV1Client.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = SystemPolicyV1Client.parse_common_project_path(path) + assert expected == actual + + +def test_common_location_path(): + project = "scallop" + location = "abalone" + expected = "projects/{project}/locations/{location}".format( + project=project, location=location, + ) + actual = SystemPolicyV1Client.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "squid", + "location": "clam", + } + path = SystemPolicyV1Client.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = SystemPolicyV1Client.parse_common_location_path(path) + assert expected == actual + + +def test_client_withDEFAULT_CLIENT_INFO(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object( + transports.SystemPolicyV1Transport, "_prep_wrapped_messages" + ) as prep: + client = SystemPolicyV1Client( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object( + transports.SystemPolicyV1Transport, "_prep_wrapped_messages" + ) as prep: + transport_class = SystemPolicyV1Client.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) diff --git a/tests/unit/gapic/binaryauthorization_v1/test_validation_helper_v1.py b/tests/unit/gapic/binaryauthorization_v1/test_validation_helper_v1.py new file mode 100644 index 0000000..04296e1 --- /dev/null +++ b/tests/unit/gapic/binaryauthorization_v1/test_validation_helper_v1.py @@ -0,0 +1,1234 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import mock +import packaging.version + +import grpc +from grpc.experimental import aio +import math +import pytest +from proto.marshal.rules.dates import DurationRule, TimestampRule + + +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.binaryauthorization_v1.services.validation_helper_v1 import ( + ValidationHelperV1AsyncClient, +) +from google.cloud.binaryauthorization_v1.services.validation_helper_v1 import ( + ValidationHelperV1Client, +) +from google.cloud.binaryauthorization_v1.services.validation_helper_v1 import transports +from google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.base import ( + _GOOGLE_AUTH_VERSION, +) +from google.cloud.binaryauthorization_v1.types import service +from google.oauth2 import service_account +from grafeas.grafeas_v1.types import attestation # type: ignore +from grafeas.grafeas_v1.types import common # type: ignore +import google.auth + + +# TODO(busunkim): Once google-auth >= 1.25.0 is required transitively +# through google-api-core: +# - Delete the auth "less than" test cases +# - Delete these pytest markers (Make the "greater than or equal to" tests the default). +requires_google_auth_lt_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) >= packaging.version.parse("1.25.0"), + reason="This test requires google-auth < 1.25.0", +) +requires_google_auth_gte_1_25_0 = pytest.mark.skipif( + packaging.version.parse(_GOOGLE_AUTH_VERSION) < packaging.version.parse("1.25.0"), + reason="This test requires google-auth >= 1.25.0", +) + + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return ( + "foo.googleapis.com" + if ("localhost" in client.DEFAULT_ENDPOINT) + else client.DEFAULT_ENDPOINT + ) + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert ValidationHelperV1Client._get_default_mtls_endpoint(None) is None + assert ( + ValidationHelperV1Client._get_default_mtls_endpoint(api_endpoint) + == api_mtls_endpoint + ) + assert ( + ValidationHelperV1Client._get_default_mtls_endpoint(api_mtls_endpoint) + == api_mtls_endpoint + ) + assert ( + ValidationHelperV1Client._get_default_mtls_endpoint(sandbox_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + ValidationHelperV1Client._get_default_mtls_endpoint(sandbox_mtls_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + ValidationHelperV1Client._get_default_mtls_endpoint(non_googleapi) + == non_googleapi + ) + + +@pytest.mark.parametrize( + "client_class", [ValidationHelperV1Client, ValidationHelperV1AsyncClient,] +) +def test_validation_helper_v1_client_from_service_account_info(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +@pytest.mark.parametrize( + "transport_class,transport_name", + [ + (transports.ValidationHelperV1GrpcTransport, "grpc"), + (transports.ValidationHelperV1GrpcAsyncIOTransport, "grpc_asyncio"), + ], +) +def test_validation_helper_v1_client_service_account_always_use_jwt( + transport_class, transport_name +): + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object( + service_account.Credentials, "with_always_use_jwt_access", create=True + ) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize( + "client_class", [ValidationHelperV1Client, ValidationHelperV1AsyncClient,] +) +def test_validation_helper_v1_client_from_service_account_file(client_class): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_file" + ) as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json("dummy/file/path.json") + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +def test_validation_helper_v1_client_get_transport_class(): + transport = ValidationHelperV1Client.get_transport_class() + available_transports = [ + transports.ValidationHelperV1GrpcTransport, + ] + assert transport in available_transports + + transport = ValidationHelperV1Client.get_transport_class("grpc") + assert transport == transports.ValidationHelperV1GrpcTransport + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (ValidationHelperV1Client, transports.ValidationHelperV1GrpcTransport, "grpc"), + ( + ValidationHelperV1AsyncClient, + transports.ValidationHelperV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +@mock.patch.object( + ValidationHelperV1Client, + "DEFAULT_ENDPOINT", + modify_default_endpoint(ValidationHelperV1Client), +) +@mock.patch.object( + ValidationHelperV1AsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(ValidationHelperV1AsyncClient), +) +def test_validation_helper_v1_client_client_options( + client_class, transport_class, transport_name +): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(ValidationHelperV1Client, "get_transport_class") as gtc: + transport = transport_class(credentials=ga_credentials.AnonymousCredentials()) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(ValidationHelperV1Client, "get_transport_class") as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class() + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"} + ): + with pytest.raises(ValueError): + client = client_class() + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name,use_client_cert_env", + [ + ( + ValidationHelperV1Client, + transports.ValidationHelperV1GrpcTransport, + "grpc", + "true", + ), + ( + ValidationHelperV1AsyncClient, + transports.ValidationHelperV1GrpcAsyncIOTransport, + "grpc_asyncio", + "true", + ), + ( + ValidationHelperV1Client, + transports.ValidationHelperV1GrpcTransport, + "grpc", + "false", + ), + ( + ValidationHelperV1AsyncClient, + transports.ValidationHelperV1GrpcAsyncIOTransport, + "grpc_asyncio", + "false", + ), + ], +) +@mock.patch.object( + ValidationHelperV1Client, + "DEFAULT_ENDPOINT", + modify_default_endpoint(ValidationHelperV1Client), +) +@mock.patch.object( + ValidationHelperV1AsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(ValidationHelperV1AsyncClient), +) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_validation_helper_v1_client_mtls_env_auto( + client_class, transport_class, transport_name, use_client_cert_env +): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + options = client_options.ClientOptions( + client_cert_source=client_cert_source_callback + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client.DEFAULT_ENDPOINT + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, + ): + with mock.patch( + "google.auth.transport.mtls.default_client_cert_source", + return_value=client_cert_source_callback, + ): + if use_client_cert_env == "false": + expected_host = client.DEFAULT_ENDPOINT + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict( + os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} + ): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (ValidationHelperV1Client, transports.ValidationHelperV1GrpcTransport, "grpc"), + ( + ValidationHelperV1AsyncClient, + transports.ValidationHelperV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_validation_helper_v1_client_client_options_scopes( + client_class, transport_class, transport_name +): + # Check the case scopes are provided. + options = client_options.ClientOptions(scopes=["1", "2"],) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + (ValidationHelperV1Client, transports.ValidationHelperV1GrpcTransport, "grpc"), + ( + ValidationHelperV1AsyncClient, + transports.ValidationHelperV1GrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_validation_helper_v1_client_client_options_credentials_file( + client_class, transport_class, transport_name +): + # Check the case credentials file is provided. + options = client_options.ClientOptions(credentials_file="credentials.json") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_validation_helper_v1_client_client_options_from_dict(): + with mock.patch( + "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1GrpcTransport.__init__" + ) as grpc_transport: + grpc_transport.return_value = None + client = ValidationHelperV1Client( + client_options={"api_endpoint": "squid.clam.whelk"} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + ) + + +def test_validate_attestation_occurrence( + transport: str = "grpc", request_type=service.ValidateAttestationOccurrenceRequest +): + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.validate_attestation_occurrence), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ValidateAttestationOccurrenceResponse( + result=service.ValidateAttestationOccurrenceResponse.Result.VERIFIED, + denial_reason="denial_reason_value", + ) + response = client.validate_attestation_occurrence(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.ValidateAttestationOccurrenceRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.ValidateAttestationOccurrenceResponse) + assert ( + response.result == service.ValidateAttestationOccurrenceResponse.Result.VERIFIED + ) + assert response.denial_reason == "denial_reason_value" + + +def test_validate_attestation_occurrence_from_dict(): + test_validate_attestation_occurrence(request_type=dict) + + +def test_validate_attestation_occurrence_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.validate_attestation_occurrence), "__call__" + ) as call: + client.validate_attestation_occurrence() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.ValidateAttestationOccurrenceRequest() + + +@pytest.mark.asyncio +async def test_validate_attestation_occurrence_async( + transport: str = "grpc_asyncio", + request_type=service.ValidateAttestationOccurrenceRequest, +): + client = ValidationHelperV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.validate_attestation_occurrence), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ValidateAttestationOccurrenceResponse( + result=service.ValidateAttestationOccurrenceResponse.Result.VERIFIED, + denial_reason="denial_reason_value", + ) + ) + response = await client.validate_attestation_occurrence(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.ValidateAttestationOccurrenceRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.ValidateAttestationOccurrenceResponse) + assert ( + response.result == service.ValidateAttestationOccurrenceResponse.Result.VERIFIED + ) + assert response.denial_reason == "denial_reason_value" + + +@pytest.mark.asyncio +async def test_validate_attestation_occurrence_async_from_dict(): + await test_validate_attestation_occurrence_async(request_type=dict) + + +def test_validate_attestation_occurrence_field_headers(): + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ValidateAttestationOccurrenceRequest() + + request.attestor = "attestor/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.validate_attestation_occurrence), "__call__" + ) as call: + call.return_value = service.ValidateAttestationOccurrenceResponse() + client.validate_attestation_occurrence(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "attestor=attestor/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_validate_attestation_occurrence_field_headers_async(): + client = ValidationHelperV1AsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ValidateAttestationOccurrenceRequest() + + request.attestor = "attestor/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.validate_attestation_occurrence), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ValidateAttestationOccurrenceResponse() + ) + await client.validate_attestation_occurrence(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "attestor=attestor/value",) in kw["metadata"] + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.ValidationHelperV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.ValidationHelperV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = ValidationHelperV1Client( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.ValidationHelperV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = ValidationHelperV1Client( + client_options={"scopes": ["1", "2"]}, transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.ValidationHelperV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = ValidationHelperV1Client(transport=transport) + assert client.transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.ValidationHelperV1GrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.ValidationHelperV1GrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.ValidationHelperV1GrpcTransport, + transports.ValidationHelperV1GrpcAsyncIOTransport, + ], +) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance(client.transport, transports.ValidationHelperV1GrpcTransport,) + + +def test_validation_helper_v1_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.ValidationHelperV1Transport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_validation_helper_v1_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.ValidationHelperV1Transport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ("validate_attestation_occurrence",) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + +@requires_google_auth_gte_1_25_0 +def test_validation_helper_v1_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.ValidationHelperV1Transport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@requires_google_auth_lt_1_25_0 +def test_validation_helper_v1_base_transport_with_credentials_file_old_google_auth(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch( + "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.ValidationHelperV1Transport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +def test_validation_helper_v1_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( + "google.cloud.binaryauthorization_v1.services.validation_helper_v1.transports.ValidationHelperV1Transport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.ValidationHelperV1Transport() + adc.assert_called_once() + + +@requires_google_auth_gte_1_25_0 +def test_validation_helper_v1_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + ValidationHelperV1Client() + adc.assert_called_once_with( + scopes=None, + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@requires_google_auth_lt_1_25_0 +def test_validation_helper_v1_auth_adc_old_google_auth(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + ValidationHelperV1Client() + adc.assert_called_once_with( + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.ValidationHelperV1GrpcTransport, + transports.ValidationHelperV1GrpcAsyncIOTransport, + ], +) +@requires_google_auth_gte_1_25_0 +def test_validation_helper_v1_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.ValidationHelperV1GrpcTransport, + transports.ValidationHelperV1GrpcAsyncIOTransport, + ], +) +@requires_google_auth_lt_1_25_0 +def test_validation_helper_v1_transport_auth_adc_old_google_auth(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus") + adc.assert_called_once_with( + scopes=("https://www.googleapis.com/auth/cloud-platform",), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.ValidationHelperV1GrpcTransport, grpc_helpers), + (transports.ValidationHelperV1GrpcAsyncIOTransport, grpc_helpers_async), + ], +) +def test_validation_helper_v1_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + + create_channel.assert_called_with( + "binaryauthorization.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=("https://www.googleapis.com/auth/cloud-platform",), + scopes=["1", "2"], + default_host="binaryauthorization.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.ValidationHelperV1GrpcTransport, + transports.ValidationHelperV1GrpcAsyncIOTransport, + ], +) +def test_validation_helper_v1_grpc_transport_client_cert_source_for_mtls( + transport_class, +): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds, + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback, + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, private_key=expected_key + ) + + +def test_validation_helper_v1_host_no_port(): + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="binaryauthorization.googleapis.com" + ), + ) + assert client.transport._host == "binaryauthorization.googleapis.com:443" + + +def test_validation_helper_v1_host_with_port(): + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="binaryauthorization.googleapis.com:8000" + ), + ) + assert client.transport._host == "binaryauthorization.googleapis.com:8000" + + +def test_validation_helper_v1_grpc_transport_channel(): + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.ValidationHelperV1GrpcTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_validation_helper_v1_grpc_asyncio_transport_channel(): + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.ValidationHelperV1GrpcAsyncIOTransport( + host="squid.clam.whelk", channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.ValidationHelperV1GrpcTransport, + transports.ValidationHelperV1GrpcAsyncIOTransport, + ], +) +def test_validation_helper_v1_transport_channel_mtls_with_client_cert_source( + transport_class, +): + with mock.patch( + "grpc.ssl_channel_credentials", autospec=True + ) as grpc_ssl_channel_cred: + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, "default") as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize( + "transport_class", + [ + transports.ValidationHelperV1GrpcTransport, + transports.ValidationHelperV1GrpcAsyncIOTransport, + ], +) +def test_validation_helper_v1_transport_channel_mtls_with_adc(transport_class): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object( + transport_class, "create_channel" + ) as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_common_billing_account_path(): + billing_account = "squid" + expected = "billingAccounts/{billing_account}".format( + billing_account=billing_account, + ) + actual = ValidationHelperV1Client.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "clam", + } + path = ValidationHelperV1Client.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = ValidationHelperV1Client.parse_common_billing_account_path(path) + assert expected == actual + + +def test_common_folder_path(): + folder = "whelk" + expected = "folders/{folder}".format(folder=folder,) + actual = ValidationHelperV1Client.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "octopus", + } + path = ValidationHelperV1Client.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = ValidationHelperV1Client.parse_common_folder_path(path) + assert expected == actual + + +def test_common_organization_path(): + organization = "oyster" + expected = "organizations/{organization}".format(organization=organization,) + actual = ValidationHelperV1Client.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "nudibranch", + } + path = ValidationHelperV1Client.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = ValidationHelperV1Client.parse_common_organization_path(path) + assert expected == actual + + +def test_common_project_path(): + project = "cuttlefish" + expected = "projects/{project}".format(project=project,) + actual = ValidationHelperV1Client.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "mussel", + } + path = ValidationHelperV1Client.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = ValidationHelperV1Client.parse_common_project_path(path) + assert expected == actual + + +def test_common_location_path(): + project = "winkle" + location = "nautilus" + expected = "projects/{project}/locations/{location}".format( + project=project, location=location, + ) + actual = ValidationHelperV1Client.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "scallop", + "location": "abalone", + } + path = ValidationHelperV1Client.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = ValidationHelperV1Client.parse_common_location_path(path) + assert expected == actual + + +def test_client_withDEFAULT_CLIENT_INFO(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object( + transports.ValidationHelperV1Transport, "_prep_wrapped_messages" + ) as prep: + client = ValidationHelperV1Client( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object( + transports.ValidationHelperV1Transport, "_prep_wrapped_messages" + ) as prep: + transport_class = ValidationHelperV1Client.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) From 7045df0313b0c6f05662745e90c28626d292d64e Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 24 Sep 2021 15:14:22 +0000 Subject: [PATCH 11/12] chore: use gapic-generator-python 0.51.2 (#78) - [ ] Regenerate this pull request now. fix: add 'dict' annotation type to 'request' Committer: @busunkim96 PiperOrigin-RevId: 398509016 Source-Link: https://github.com/googleapis/googleapis/commit/b224dfa52642a733ea64849d4e06d15c274bc08f Source-Link: https://github.com/googleapis/googleapis-gen/commit/63a1db7a38d74b9639592f521ed1daaf7299ad9a Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNjNhMWRiN2EzOGQ3NGI5NjM5NTkyZjUyMWVkMWRhYWY3Mjk5YWQ5YSJ9 --- .../binauthz_management_service_v1/client.py | 30 +++++++++---------- .../transports/base.py | 2 +- .../transports/grpc.py | 6 ++-- .../transports/grpc_asyncio.py | 6 ++-- .../services/system_policy_v1/client.py | 6 ++-- .../system_policy_v1/transports/base.py | 2 +- .../system_policy_v1/transports/grpc.py | 6 ++-- .../transports/grpc_asyncio.py | 6 ++-- .../services/validation_helper_v1/client.py | 6 ++-- .../validation_helper_v1/transports/base.py | 2 +- .../validation_helper_v1/transports/grpc.py | 6 ++-- .../transports/grpc_asyncio.py | 6 ++-- .../client.py | 30 +++++++++---------- .../transports/base.py | 2 +- .../transports/grpc.py | 6 ++-- .../transports/grpc_asyncio.py | 6 ++-- .../fixup_binaryauthorization_v1_keywords.py | 20 ++++++------- ...up_binaryauthorization_v1beta1_keywords.py | 16 +++++----- 18 files changed, 82 insertions(+), 82 deletions(-) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py index d5eb693..0530a02 100644 --- a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/client.py @@ -17,7 +17,7 @@ from distutils import util import os import re -from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union +from typing import Dict, Optional, Sequence, Tuple, Type, Union import pkg_resources from google.api_core import client_options as client_options_lib # type: ignore @@ -377,7 +377,7 @@ def __init__( def get_policy( self, - request: service.GetPolicyRequest = None, + request: Union[service.GetPolicyRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -397,7 +397,7 @@ def get_policy( project does not have one. Args: - request (google.cloud.binaryauthorization_v1.types.GetPolicyRequest): + request (Union[google.cloud.binaryauthorization_v1.types.GetPolicyRequest, dict]): The request object. Request message for [BinauthzManagementService.GetPolicy][]. name (str): @@ -459,7 +459,7 @@ def get_policy( def update_policy( self, - request: service.UpdatePolicyRequest = None, + request: Union[service.UpdatePolicyRequest, dict] = None, *, policy: resources.Policy = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -476,7 +476,7 @@ def update_policy( request is malformed. Args: - request (google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest): + request (Union[google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest, dict]): The request object. Request message for [BinauthzManagementService.UpdatePolicy][]. policy (google.cloud.binaryauthorization_v1.types.Policy): @@ -543,7 +543,7 @@ def update_policy( def create_attestor( self, - request: service.CreateAttestorRequest = None, + request: Union[service.CreateAttestorRequest, dict] = None, *, parent: str = None, attestor_id: str = None, @@ -562,7 +562,7 @@ def create_attestor( already exists. Args: - request (google.cloud.binaryauthorization_v1.types.CreateAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1.types.CreateAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.CreateAttestor][]. parent (str): @@ -647,7 +647,7 @@ def create_attestor( def get_attestor( self, - request: service.GetAttestorRequest = None, + request: Union[service.GetAttestorRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -661,7 +661,7 @@ def get_attestor( not exist. Args: - request (google.cloud.binaryauthorization_v1.types.GetAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1.types.GetAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.GetAttestor][]. name (str): @@ -724,7 +724,7 @@ def get_attestor( def update_attestor( self, - request: service.UpdateAttestorRequest = None, + request: Union[service.UpdateAttestorRequest, dict] = None, *, attestor: resources.Attestor = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -738,7 +738,7 @@ def update_attestor( not exist. Args: - request (google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.UpdateAttestor][]. attestor (google.cloud.binaryauthorization_v1.types.Attestor): @@ -806,7 +806,7 @@ def update_attestor( def list_attestors( self, - request: service.ListAttestorsRequest = None, + request: Union[service.ListAttestorsRequest, dict] = None, *, parent: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -817,7 +817,7 @@ def list_attestors( Returns INVALID_ARGUMENT if the project does not exist. Args: - request (google.cloud.binaryauthorization_v1.types.ListAttestorsRequest): + request (Union[google.cloud.binaryauthorization_v1.types.ListAttestorsRequest, dict]): The request object. Request message for [BinauthzManagementService.ListAttestors][]. parent (str): @@ -889,7 +889,7 @@ def list_attestors( def delete_attestor( self, - request: service.DeleteAttestorRequest = None, + request: Union[service.DeleteAttestorRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -903,7 +903,7 @@ def delete_attestor( not exist. Args: - request (google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.DeleteAttestor][]. name (str): diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py index 12f8b89..18b3d96 100644 --- a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/base.py @@ -119,7 +119,7 @@ def __init__( **scopes_kwargs, quota_project_id=quota_project_id ) - # If the credentials is service account credentials, then always try to use self signed JWT. + # If the credentials are service account credentials, then always try to use self signed JWT. if ( always_use_jwt_access and isinstance(credentials, service_account.Credentials) diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py index 53d8da3..27ec06e 100644 --- a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc.py @@ -88,16 +88,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py index 167e397..bb5c5b6 100644 --- a/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py +++ b/google/cloud/binaryauthorization_v1/services/binauthz_management_service_v1/transports/grpc_asyncio.py @@ -137,16 +137,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py index 14b1aa0..49d6573 100644 --- a/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/client.py @@ -17,7 +17,7 @@ from distutils import util import os import re -from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union +from typing import Dict, Optional, Sequence, Tuple, Type, Union import pkg_resources from google.api_core import client_options as client_options_lib # type: ignore @@ -348,7 +348,7 @@ def __init__( def get_system_policy( self, - request: service.GetSystemPolicyRequest = None, + request: Union[service.GetSystemPolicyRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -359,7 +359,7 @@ def get_system_policy( location. Args: - request (google.cloud.binaryauthorization_v1.types.GetSystemPolicyRequest): + request (Union[google.cloud.binaryauthorization_v1.types.GetSystemPolicyRequest, dict]): The request object. Request to read the current system policy. name (str): diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py index 3e98f40..78d44f8 100644 --- a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/base.py @@ -118,7 +118,7 @@ def __init__( **scopes_kwargs, quota_project_id=quota_project_id ) - # If the credentials is service account credentials, then always try to use self signed JWT. + # If the credentials are service account credentials, then always try to use self signed JWT. if ( always_use_jwt_access and isinstance(credentials, service_account.Credentials) diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py index b112d9f..fa5d87e 100644 --- a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc.py @@ -81,16 +81,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py index e3474e7..92c7b06 100644 --- a/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py +++ b/google/cloud/binaryauthorization_v1/services/system_policy_v1/transports/grpc_asyncio.py @@ -128,16 +128,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py index 0c85ba2..8bdd2ae 100644 --- a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/client.py @@ -17,7 +17,7 @@ from distutils import util import os import re -from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union +from typing import Dict, Optional, Sequence, Tuple, Type, Union import pkg_resources from google.api_core import client_options as client_options_lib # type: ignore @@ -337,7 +337,7 @@ def __init__( def validate_attestation_occurrence( self, - request: service.ValidateAttestationOccurrenceRequest = None, + request: Union[service.ValidateAttestationOccurrenceRequest, dict] = None, *, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, @@ -347,7 +347,7 @@ def validate_attestation_occurrence( image URI was signed by the given Attestor Args: - request (google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceRequest): + request (Union[google.cloud.binaryauthorization_v1.types.ValidateAttestationOccurrenceRequest, dict]): The request object. Request message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]. retry (google.api_core.retry.Retry): Designation of what errors, if any, diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py index d91ba40..8460bfc 100644 --- a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/base.py @@ -117,7 +117,7 @@ def __init__( **scopes_kwargs, quota_project_id=quota_project_id ) - # If the credentials is service account credentials, then always try to use self signed JWT. + # If the credentials are service account credentials, then always try to use self signed JWT. if ( always_use_jwt_access and isinstance(credentials, service_account.Credentials) diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py index 0eeb82f..4aec7f7 100644 --- a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc.py @@ -80,16 +80,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py index 668000b..8d5ea0d 100644 --- a/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py +++ b/google/cloud/binaryauthorization_v1/services/validation_helper_v1/transports/grpc_asyncio.py @@ -127,16 +127,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py index 771a38b..610f619 100644 --- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py +++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/client.py @@ -17,7 +17,7 @@ from distutils import util import os import re -from typing import Callable, Dict, Optional, Sequence, Tuple, Type, Union +from typing import Dict, Optional, Sequence, Tuple, Type, Union import pkg_resources from google.api_core import client_options as client_options_lib # type: ignore @@ -382,7 +382,7 @@ def __init__( def get_policy( self, - request: service.GetPolicyRequest = None, + request: Union[service.GetPolicyRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -404,7 +404,7 @@ def get_policy( project does not have one. Args: - request (google.cloud.binaryauthorization_v1beta1.types.GetPolicyRequest): + request (Union[google.cloud.binaryauthorization_v1beta1.types.GetPolicyRequest, dict]): The request object. Request message for [BinauthzManagementService.GetPolicy][]. name (str): @@ -466,7 +466,7 @@ def get_policy( def update_policy( self, - request: service.UpdatePolicyRequest = None, + request: Union[service.UpdatePolicyRequest, dict] = None, *, policy: resources.Policy = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -483,7 +483,7 @@ def update_policy( INVALID_ARGUMENT if the request is malformed. Args: - request (google.cloud.binaryauthorization_v1beta1.types.UpdatePolicyRequest): + request (Union[google.cloud.binaryauthorization_v1beta1.types.UpdatePolicyRequest, dict]): The request object. Request message for [BinauthzManagementService.UpdatePolicy][]. policy (google.cloud.binaryauthorization_v1beta1.types.Policy): @@ -550,7 +550,7 @@ def update_policy( def create_attestor( self, - request: service.CreateAttestorRequest = None, + request: Union[service.CreateAttestorRequest, dict] = None, *, parent: str = None, attestor_id: str = None, @@ -570,7 +570,7 @@ def create_attestor( already exists. Args: - request (google.cloud.binaryauthorization_v1beta1.types.CreateAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1beta1.types.CreateAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.CreateAttestor][]. parent (str): @@ -655,7 +655,7 @@ def create_attestor( def get_attestor( self, - request: service.GetAttestorRequest = None, + request: Union[service.GetAttestorRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -669,7 +669,7 @@ def get_attestor( does not exist. Args: - request (google.cloud.binaryauthorization_v1beta1.types.GetAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1beta1.types.GetAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.GetAttestor][]. name (str): @@ -732,7 +732,7 @@ def get_attestor( def update_attestor( self, - request: service.UpdateAttestorRequest = None, + request: Union[service.UpdateAttestorRequest, dict] = None, *, attestor: resources.Attestor = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -746,7 +746,7 @@ def update_attestor( does not exist. Args: - request (google.cloud.binaryauthorization_v1beta1.types.UpdateAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1beta1.types.UpdateAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.UpdateAttestor][]. attestor (google.cloud.binaryauthorization_v1beta1.types.Attestor): @@ -814,7 +814,7 @@ def update_attestor( def list_attestors( self, - request: service.ListAttestorsRequest = None, + request: Union[service.ListAttestorsRequest, dict] = None, *, parent: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -826,7 +826,7 @@ def list_attestors( Returns INVALID_ARGUMENT if the project does not exist. Args: - request (google.cloud.binaryauthorization_v1beta1.types.ListAttestorsRequest): + request (Union[google.cloud.binaryauthorization_v1beta1.types.ListAttestorsRequest, dict]): The request object. Request message for [BinauthzManagementService.ListAttestors][]. parent (str): @@ -898,7 +898,7 @@ def list_attestors( def delete_attestor( self, - request: service.DeleteAttestorRequest = None, + request: Union[service.DeleteAttestorRequest, dict] = None, *, name: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, @@ -912,7 +912,7 @@ def delete_attestor( does not exist. Args: - request (google.cloud.binaryauthorization_v1beta1.types.DeleteAttestorRequest): + request (Union[google.cloud.binaryauthorization_v1beta1.types.DeleteAttestorRequest, dict]): The request object. Request message for [BinauthzManagementService.DeleteAttestor][]. name (str): diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py index bfca7f3..6e334f8 100644 --- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py +++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/base.py @@ -119,7 +119,7 @@ def __init__( **scopes_kwargs, quota_project_id=quota_project_id ) - # If the credentials is service account credentials, then always try to use self signed JWT. + # If the credentials are service account credentials, then always try to use self signed JWT. if ( always_use_jwt_access and isinstance(credentials, service_account.Credentials) diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py index 537745f..6bb8997 100644 --- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py +++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc.py @@ -90,16 +90,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py index 2cf689c..411ed69 100644 --- a/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py +++ b/google/cloud/binaryauthorization_v1beta1/services/binauthz_management_service_v1_beta1/transports/grpc_asyncio.py @@ -137,16 +137,16 @@ def __init__( api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or applicatin default SSL credentials. + ``client_cert_source`` or application default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for grpc channel. It is ignored if ``channel`` is provided. + for the grpc channel. It is ignored if ``channel`` is provided. client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure mutual TLS channel. It is + both in PEM format. It is used to configure a mutual TLS channel. It is ignored if ``channel`` or ``ssl_channel_credentials`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. diff --git a/scripts/fixup_binaryauthorization_v1_keywords.py b/scripts/fixup_binaryauthorization_v1_keywords.py index c11889d..7b2f46d 100644 --- a/scripts/fixup_binaryauthorization_v1_keywords.py +++ b/scripts/fixup_binaryauthorization_v1_keywords.py @@ -39,15 +39,15 @@ def partition( class binaryauthorizationCallTransformer(cst.CSTTransformer): CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'create_attestor': ('parent', 'attestor_id', 'attestor', ), - 'delete_attestor': ('name', ), - 'get_attestor': ('name', ), - 'get_policy': ('name', ), - 'get_system_policy': ('name', ), - 'list_attestors': ('parent', 'page_size', 'page_token', ), - 'update_attestor': ('attestor', ), - 'update_policy': ('policy', ), - 'validate_attestation_occurrence': ('attestor', 'attestation', 'occurrence_note', 'occurrence_resource_uri', ), + 'create_attestor': ('parent', 'attestor_id', 'attestor', ), + 'delete_attestor': ('name', ), + 'get_attestor': ('name', ), + 'get_policy': ('name', ), + 'get_system_policy': ('name', ), + 'list_attestors': ('parent', 'page_size', 'page_token', ), + 'update_attestor': ('attestor', ), + 'update_policy': ('policy', ), + 'validate_attestation_occurrence': ('attestor', 'attestation', 'occurrence_note', 'occurrence_resource_uri', ), } def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: @@ -66,7 +66,7 @@ def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: return updated kwargs, ctrl_kwargs = partition( - lambda a: not a.keyword.value in self.CTRL_PARAMS, + lambda a: a.keyword.value not in self.CTRL_PARAMS, kwargs ) diff --git a/scripts/fixup_binaryauthorization_v1beta1_keywords.py b/scripts/fixup_binaryauthorization_v1beta1_keywords.py index 95b795b..d8d091d 100644 --- a/scripts/fixup_binaryauthorization_v1beta1_keywords.py +++ b/scripts/fixup_binaryauthorization_v1beta1_keywords.py @@ -39,13 +39,13 @@ def partition( class binaryauthorizationCallTransformer(cst.CSTTransformer): CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'create_attestor': ('parent', 'attestor_id', 'attestor', ), - 'delete_attestor': ('name', ), - 'get_attestor': ('name', ), - 'get_policy': ('name', ), - 'list_attestors': ('parent', 'page_size', 'page_token', ), - 'update_attestor': ('attestor', ), - 'update_policy': ('policy', ), + 'create_attestor': ('parent', 'attestor_id', 'attestor', ), + 'delete_attestor': ('name', ), + 'get_attestor': ('name', ), + 'get_policy': ('name', ), + 'list_attestors': ('parent', 'page_size', 'page_token', ), + 'update_attestor': ('attestor', ), + 'update_policy': ('policy', ), } def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: @@ -64,7 +64,7 @@ def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: return updated kwargs, ctrl_kwargs = partition( - lambda a: not a.keyword.value in self.CTRL_PARAMS, + lambda a: a.keyword.value not in self.CTRL_PARAMS, kwargs ) From 41e7de41afa6aaad49471ffdb95056ac2545caeb Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Fri, 24 Sep 2021 15:17:34 -0700 Subject: [PATCH 12/12] chore: release 0.4.0 (#76) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> --- CHANGELOG.md | 19 +++++++++++++++++++ setup.py | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 240169b..09c798f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## [0.4.0](https://www.github.com/googleapis/python-binary-authorization/compare/v0.3.1...v0.4.0) (2021-09-24) + + +### Features + +* add binaryauthorization v1 ([#74](https://www.github.com/googleapis/python-binary-authorization/issues/74)) ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d)) +* set binaryauthorization_v1 as the default version ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d)) + + +### Bug Fixes + +* add 'dict' annotation type to 'request' ([7045df0](https://www.github.com/googleapis/python-binary-authorization/commit/7045df0313b0c6f05662745e90c28626d292d64e)) +* require grafeas>=1.1.2, proto-plus>=1.15.0 ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d)) + + +### Documentation + +* fix broken links in README ([cd828ec](https://www.github.com/googleapis/python-binary-authorization/commit/cd828ec45edb5a297607ea7e9f94c39e68ef2d7d)) + ### [0.3.1](https://www.github.com/googleapis/python-binary-authorization/compare/v0.3.0...v0.3.1) (2021-07-26) diff --git a/setup.py b/setup.py index e00139e..2566f5c 100644 --- a/setup.py +++ b/setup.py @@ -20,7 +20,7 @@ import setuptools # type: ignore -version = "0.3.1" +version = "0.4.0" package_root = os.path.abspath(os.path.dirname(__file__))