def test_generate_access_token(self): # Setup Expected Response access_token = "accessToken-1938933922" expected_response = {"access_token": access_token} expected_response = common_pb2.GenerateAccessTokenResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = iam_credentials_v1.IAMCredentialsClient() # Setup Request name = client.service_account_path("[PROJECT]", "[SERVICE_ACCOUNT]") scope = [] response = client.generate_access_token(name, scope) assert expected_response == response assert len(channel.requests) == 1 expected_request = common_pb2.GenerateAccessTokenRequest(name=name, scope=scope) actual_request = channel.requests[0][1] assert expected_request == actual_request
def generate_access_token( self, name, scope, delegates=None, lifetime=None, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None, ): """ Generates an OAuth 2.0 access token for a service account. Example: >>> from google.cloud import iam_credentials_v1 >>> >>> client = iam_credentials_v1.IAMCredentialsClient() >>> >>> name = client.service_account_path('[PROJECT]', '[SERVICE_ACCOUNT]') >>> >>> # TODO: Initialize `scope`: >>> scope = [] >>> >>> response = client.generate_access_token(name, scope) Args: name (str): The resource name of the service account for which the credentials are requested, in the following format: ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``. scope (list[str]): Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required. delegates (list[str]): The sequence of service accounts in a delegation chain. Each service account must be granted the ``roles/iam.serviceAccountTokenCreator`` role on its next service account in the chain. The last service account in the chain must be granted the ``roles/iam.serviceAccountTokenCreator`` role on the service account that is specified in the ``name`` field of the request. The delegates must have the following format: ``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`` lifetime (Union[dict, ~google.cloud.iam_credentials_v1.types.Duration]): The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour. If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.iam_credentials_v1.types.Duration` retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will be retried using a default configuration. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata that is provided to the method. Returns: A :class:`~google.cloud.iam_credentials_v1.types.GenerateAccessTokenResponse` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ # Wrap the transport method to add retry and timeout logic. if "generate_access_token" not in self._inner_api_calls: self._inner_api_calls[ "generate_access_token"] = google.api_core.gapic_v1.method.wrap_method( self.transport.generate_access_token, default_retry=self._method_configs["GenerateAccessToken"]. retry, default_timeout=self. _method_configs["GenerateAccessToken"].timeout, client_info=self._client_info, ) request = common_pb2.GenerateAccessTokenRequest(name=name, scope=scope, delegates=delegates, lifetime=lifetime) if metadata is None: metadata = [] metadata = list(metadata) try: routing_header = [("name", name)] except AttributeError: pass else: routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( routing_header) metadata.append(routing_metadata) return self._inner_api_calls["generate_access_token"]( request, retry=retry, timeout=timeout, metadata=metadata)