def test_identity_grpc_transport_channel_mtls_with_adc(grpc_create_channel,
api_mtls_endpoint):
# Check that if channel and client_cert_source are None, but api_mtls_endpoint
# is provided, then a mTLS channel will be created with SSL ADC.
mock_grpc_channel = mock.Mock()
grpc_create_channel.return_value = mock_grpc_channel
# Mock google.auth.transport.grpc.SslCredentials class.
mock_ssl_cred = mock.Mock()
with mock.patch.multiple(
"google.auth.transport.grpc.SslCredentials",
__init__=mock.Mock(return_value=None),
ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred),
):
mock_cred = mock.Mock()
transport = transports.IdentityGrpcTransport(
host="squid.clam.whelk",
credentials=mock_cred,
api_mtls_endpoint=api_mtls_endpoint,
client_cert_source=None,
)
grpc_create_channel.assert_called_once_with(
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
ssl_credentials=mock_ssl_cred,
scopes=(),
)
assert transport.grpc_channel == mock_grpc_channel
def test_identity_grpc_transport_channel_mtls_with_client_cert_source(
grpc_create_channel, grpc_ssl_channel_cred):
# Check that if channel is None, but api_mtls_endpoint and client_cert_source
# are provided, then a mTLS channel will be created.
mock_cred = mock.Mock()
mock_ssl_cred = mock.Mock()
grpc_ssl_channel_cred.return_value = mock_ssl_cred
mock_grpc_channel = mock.Mock()
grpc_create_channel.return_value = mock_grpc_channel
transport = transports.IdentityGrpcTransport(
host="squid.clam.whelk",
credentials=mock_cred,
api_mtls_endpoint="mtls.squid.clam.whelk",
client_cert_source=client_cert_source_callback,
)
grpc_ssl_channel_cred.assert_called_once_with(
certificate_chain=b"cert bytes", private_key=b"key bytes")
grpc_create_channel.assert_called_once_with(
"mtls.squid.clam.whelk:443",
credentials=mock_cred,
ssl_credentials=mock_ssl_cred,
scopes=(),
)
assert transport.grpc_channel == mock_grpc_channel
def test_transport_instance():
# A client may be instantiated with a custom transport instance.
transport = transports.IdentityGrpcTransport(
credentials=credentials.AnonymousCredentials(),
)
client = IdentityClient(transport=transport)
assert client._transport is transport
def test_credentials_transport_error():
# It is an error to provide credentials and a transport instance.
transport = transports.IdentityGrpcTransport(
credentials=credentials.AnonymousCredentials(), )
with pytest.raises(ValueError):
client = IdentityClient(
credentials=credentials.AnonymousCredentials(),
transport=transport,
)
def test_identity_grpc_transport_channel():
channel = grpc.insecure_channel('http://localhost/')
# Check that if channel is provided, mtls endpoint and client_cert_source
# won't be used.
callback = mock.MagicMock()
transport = transports.IdentityGrpcTransport(
host="squid.clam.whelk",
channel=channel,
api_mtls_endpoint="mtls.squid.clam.whelk",
client_cert_source=callback,
)
assert transport.grpc_channel == channel
assert transport._host == "squid.clam.whelk:443"
assert not callback.called
def test_identity_client_client_options():
# Check that if channel is provided we won't create a new one.
with mock.patch(
'google.showcase_v1beta1.services.identity.IdentityClient.get_transport_class'
) as gtc:
transport = transports.IdentityGrpcTransport(
credentials=credentials.AnonymousCredentials())
client = IdentityClient(transport=transport)
gtc.assert_not_called()
# Check mTLS is not triggered with empty client options.
options = client_options.ClientOptions()
with mock.patch(
'google.showcase_v1beta1.services.identity.IdentityClient.get_transport_class'
) as gtc:
transport = gtc.return_value = mock.MagicMock()
client = IdentityClient(client_options=options)
transport.assert_called_once_with(
credentials=None,
host=client.DEFAULT_ENDPOINT,
)
# Check mTLS is not triggered if api_endpoint is provided but
# client_cert_source is None.
options = client_options.ClientOptions(api_endpoint="squid.clam.whelk")
with mock.patch(
'google.showcase_v1beta1.services.identity.transports.IdentityGrpcTransport.__init__'
) as grpc_transport:
grpc_transport.return_value = None
client = IdentityClient(client_options=options)
grpc_transport.assert_called_once_with(
api_mtls_endpoint=None,
client_cert_source=None,
credentials=None,
host="squid.clam.whelk",
)
# Check mTLS is triggered if client_cert_source is provided.
options = client_options.ClientOptions(
client_cert_source=client_cert_source_callback)
with mock.patch(
'google.showcase_v1beta1.services.identity.transports.IdentityGrpcTransport.__init__'
) as grpc_transport:
grpc_transport.return_value = None
client = IdentityClient(client_options=options)
grpc_transport.assert_called_once_with(
api_mtls_endpoint=client.DEFAULT_MTLS_ENDPOINT,
client_cert_source=client_cert_source_callback,
credentials=None,
host=client.DEFAULT_ENDPOINT,
)
# Check mTLS is triggered if api_endpoint and client_cert_source are provided.
options = client_options.ClientOptions(
api_endpoint="squid.clam.whelk",
client_cert_source=client_cert_source_callback)
with mock.patch(
'google.showcase_v1beta1.services.identity.transports.IdentityGrpcTransport.__init__'
) as grpc_transport:
grpc_transport.return_value = None
client = IdentityClient(client_options=options)
grpc_transport.assert_called_once_with(
api_mtls_endpoint="squid.clam.whelk",
client_cert_source=client_cert_source_callback,
credentials=None,
host="squid.clam.whelk",
)
def test_identity_grpc_transport_channel():
channel = grpc.insecure_channel('http://localhost/')
transport = transports.IdentityGrpcTransport(
channel=channel,
)
assert transport.grpc_channel is channel
