From 102ac0e3ddf7e776ae742571c7fcec00c51270a4 Mon Sep 17 00:00:00 2001 From: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com> Date: Thu, 13 Jun 2024 15:31:01 -0700 Subject: [PATCH 01/10] fix: fix the document of secure_authorized_session --- google/auth/transport/grpc.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 9a817976d..e691abea0 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -148,7 +148,7 @@ def secure_authorized_channel( regular_ssl_credentials = grpc.ssl_channel_credentials() channel = google.auth.transport.grpc.secure_authorized_channel( - credentials, regular_endpoint, request, + credentials, request, regular_endpoint, ssl_credentials=regular_ssl_credentials) Option 2: create a mutual TLS channel by calling a callback which returns @@ -188,7 +188,7 @@ def my_client_cert_callback(): else: endpoint_to_use = regular_endpoint channel = google.auth.transport.grpc.secure_authorized_channel( - credentials, endpoint_to_use, request, + credentials, request, endpoint_to_use, ssl_credentials=default_ssl_credentials) Option 4: not setting ssl_credentials and client_cert_callback. For devices @@ -202,14 +202,14 @@ def my_client_cert_callback(): certificate and key:: channel = google.auth.transport.grpc.secure_authorized_channel( - credentials, regular_endpoint, request) + credentials, request, regular_endpoint) The following code uses mtls_endpoint, if the created channle is regular, and API mtls_endpoint is confgured to require client SSL credentials, API calls using this channel will be rejected:: channel = google.auth.transport.grpc.secure_authorized_channel( - credentials, mtls_endpoint, request) + credentials, request, mtls_endpoint) Args: credentials (google.auth.credentials.Credentials): The credentials to From 0605fafc7567ddb3ce48752f7f83cb07a3cad792 Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:32:05 -0500 Subject: [PATCH 02/10] Update grpc.py Also updated docstring for similar error with `mtls_endpoint` --- google/auth/transport/grpc.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index e691abea0..2d658961b 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -51,7 +51,7 @@ class AuthMetadataPlugin(grpc.AuthMetadataPlugin): account credentials. """ - def __init__(self, credentials, request, default_host=None): + def __init__(self, request, default_host=None): # pylint: disable=no-value-for-parameter # pylint doesn't realize that the super method takes no arguments # because this class is the same name as the superclass. @@ -73,7 +73,7 @@ def _get_authorization_headers(self, context): # Attempt to use self-signed JWTs when a service account is used. # A default host must be explicitly provided since it cannot always # be determined from the context.service_url. - if isinstance(self._credentials, service_account.Credentials): + if isinstance(self._ service_account.Credentials): self._credentials._create_self_signed_jwt( "https://{}/".format(self._default_host) if self._default_host else None ) @@ -164,7 +164,7 @@ def my_client_cert_callback(): try: channel = google.auth.transport.grpc.secure_authorized_channel( - credentials, mtls_endpoint, request, + credentials, request, mtls_endpoint, client_cert_callback=my_client_cert_callback) except MyClientCertFailureException: # handle the exception @@ -202,14 +202,14 @@ def my_client_cert_callback(): certificate and key:: channel = google.auth.transport.grpc.secure_authorized_channel( - credentials, request, regular_endpoint) + request, regular_endpoint) The following code uses mtls_endpoint, if the created channle is regular, - and API mtls_endpoint is confgured to require client SSL credentials, API + and API mtls_endpoint is confgured to require client SSL API calls using this channel will be rejected:: channel = google.auth.transport.grpc.secure_authorized_channel( - credentials, request, mtls_endpoint) + request, mtls_endpoint) Args: credentials (google.auth.credentials.Credentials): The credentials to @@ -243,7 +243,7 @@ def my_client_cert_callback(): creation failed for any reason. """ # Create the metadata plugin for inserting the authorization header. - metadata_plugin = AuthMetadataPlugin(credentials, request) + metadata_plugin = AuthMetadataPlugin( request) # Create a set of grpc.CallCredentials using the metadata plugin. google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin) @@ -274,10 +274,10 @@ def my_client_cert_callback(): # Combine the ssl credentials and the authorization credentials. composite_credentials = grpc.composite_channel_credentials( - ssl_credentials, google_auth_credentials + ssl_ google_auth_credentials ) - return grpc.secure_channel(target, composite_credentials, **kwargs) + return grpc.secure_channel(target, composite_ **kwargs) class SslCredentials: From 3f8a8ef901987c91a298889ec3506dab7b98c74f Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:35:20 -0500 Subject: [PATCH 03/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 2d658961b..249738daa 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -51,7 +51,7 @@ class AuthMetadataPlugin(grpc.AuthMetadataPlugin): account credentials. """ - def __init__(self, request, default_host=None): + def __init__(self, credentials, request, default_host=None): # pylint: disable=no-value-for-parameter # pylint doesn't realize that the super method takes no arguments # because this class is the same name as the superclass. From bf2286fd536cbdb15ec7f54b59f056649b007cff Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:35:26 -0500 Subject: [PATCH 04/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 249738daa..bceeaf147 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -73,7 +73,7 @@ def _get_authorization_headers(self, context): # Attempt to use self-signed JWTs when a service account is used. # A default host must be explicitly provided since it cannot always # be determined from the context.service_url. - if isinstance(self._ service_account.Credentials): + if isinstance(self._credentials, service_account.Credentials): self._credentials._create_self_signed_jwt( "https://{}/".format(self._default_host) if self._default_host else None ) From 8a3a0e574bd7808a022814aaa8fbe2c036676292 Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:35:34 -0500 Subject: [PATCH 05/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index bceeaf147..af6b5e4d0 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -202,7 +202,7 @@ def my_client_cert_callback(): certificate and key:: channel = google.auth.transport.grpc.secure_authorized_channel( - request, regular_endpoint) + credentials, request, regular_endpoint) The following code uses mtls_endpoint, if the created channle is regular, and API mtls_endpoint is confgured to require client SSL API From 7d19a763cf81765277801d4c9faa8274296c71e1 Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:35:41 -0500 Subject: [PATCH 06/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index af6b5e4d0..01491745a 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -205,7 +205,7 @@ def my_client_cert_callback(): credentials, request, regular_endpoint) The following code uses mtls_endpoint, if the created channle is regular, - and API mtls_endpoint is confgured to require client SSL API + and API mtls_endpoint is confgured to require client SSL credentials, API calls using this channel will be rejected:: channel = google.auth.transport.grpc.secure_authorized_channel( From 7105c2692763b8f96d259908361cdaf5fc3af6bd Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:35:47 -0500 Subject: [PATCH 07/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 01491745a..0ca5a3cff 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -209,7 +209,7 @@ def my_client_cert_callback(): calls using this channel will be rejected:: channel = google.auth.transport.grpc.secure_authorized_channel( - request, mtls_endpoint) + credentials, request, mtls_endpoint) Args: credentials (google.auth.credentials.Credentials): The credentials to From 6f166d29e46bc36797a3bc11d7d0dae0858164cc Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:35:53 -0500 Subject: [PATCH 08/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 0ca5a3cff..9648e78e6 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -243,7 +243,7 @@ def my_client_cert_callback(): creation failed for any reason. """ # Create the metadata plugin for inserting the authorization header. - metadata_plugin = AuthMetadataPlugin( request) + metadata_plugin = AuthMetadataPlugin(credentials, request) # Create a set of grpc.CallCredentials using the metadata plugin. google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin) From 5a0039af167e57b221930b76fda124da591f6731 Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:35:58 -0500 Subject: [PATCH 09/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 9648e78e6..383acdcc4 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -274,7 +274,7 @@ def my_client_cert_callback(): # Combine the ssl credentials and the authorization credentials. composite_credentials = grpc.composite_channel_credentials( - ssl_ google_auth_credentials + ssl_credentials, google_auth_credentials ) return grpc.secure_channel(target, composite_ **kwargs) From 555ad91a351d3721f894ade455d990f39ec22bc3 Mon Sep 17 00:00:00 2001 From: Chalmer Lowe Date: Fri, 26 Dec 2025 09:36:04 -0500 Subject: [PATCH 10/10] Update google/auth/transport/grpc.py --- google/auth/transport/grpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 383acdcc4..e02502b52 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -277,7 +277,7 @@ def my_client_cert_callback(): ssl_credentials, google_auth_credentials ) - return grpc.secure_channel(target, composite_ **kwargs) + return grpc.secure_channel(target, composite_credentials, **kwargs) class SslCredentials: