def test_generate_access_token(self):
# Setup Expected Response
access_token = "accessToken-1938933922"
expected_response = {"access_token": access_token}
expected_response = common_pb2.GenerateAccessTokenResponse(
**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
patch = mock.patch("google.api_core.grpc_helpers.create_channel")
with patch as create_channel:
create_channel.return_value = channel
client = iam_credentials_v1.IAMCredentialsClient()
# Setup Request
name = client.service_account_path("[PROJECT]", "[SERVICE_ACCOUNT]")
scope = []
response = client.generate_access_token(name, scope)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = common_pb2.GenerateAccessTokenRequest(name=name,
scope=scope)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def generate_access_token(
self,
name,
scope,
delegates=None,
lifetime=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Generates an OAuth 2.0 access token for a service account.
Example:
>>> from google.cloud import iam_credentials_v1
>>>
>>> client = iam_credentials_v1.IAMCredentialsClient()
>>>
>>> name = client.service_account_path('[PROJECT]', '[SERVICE_ACCOUNT]')
>>>
>>> # TODO: Initialize `scope`:
>>> scope = []
>>>
>>> response = client.generate_access_token(name, scope)
Args:
name (str): The resource name of the service account for which the credentials are
requested, in the following format:
``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``.
scope (list[str]): Code to identify the scopes to be included in the OAuth 2.0 access token.
See https://developers.google.com/identity/protocols/googlescopes for more
information.
At least one value required.
delegates (list[str]): The sequence of service accounts in a delegation chain. Each service
account must be granted the ``roles/iam.serviceAccountTokenCreator``
role on its next service account in the chain. The last service account
in the chain must be granted the
``roles/iam.serviceAccountTokenCreator`` role on the service account
that is specified in the ``name`` field of the request.
The delegates must have the following format:
``projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}``
lifetime (Union[dict, ~google.cloud.iam_credentials_v1.types.Duration]): The desired lifetime duration of the access token in seconds.
Must be set to a value less than or equal to 3600 (1 hour). If a value is
not specified, the token's lifetime will be set to a default value of one
hour.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.iam_credentials_v1.types.Duration`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.iam_credentials_v1.types.GenerateAccessTokenResponse` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "generate_access_token" not in self._inner_api_calls:
self._inner_api_calls[
"generate_access_token"] = google.api_core.gapic_v1.method.wrap_method(
self.transport.generate_access_token,
default_retry=self._method_configs["GenerateAccessToken"].
retry,
default_timeout=self.
_method_configs["GenerateAccessToken"].timeout,
client_info=self._client_info,
)
request = common_pb2.GenerateAccessTokenRequest(name=name,
scope=scope,
delegates=delegates,
lifetime=lifetime)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header)
metadata.append(routing_metadata)
return self._inner_api_calls["generate_access_token"](
request, retry=retry, timeout=timeout, metadata=metadata)
