fix: disable always_use_jwt_access (#395)

gcf-owl-bot[bot] · web-flow · commit c37bf21afdf4 · 2021-07-05T01:34:23.000Z
fix: disable always_use_jwt_access Committer: @busunkim96 PiperOrigin-RevId: 382142900 Source-Link: googleapis/googleapis@513440f Source-Link: googleapis/googleapis-gen@7b1e2c3
diff --git a/google/cloud/spanner_admin_database_v1/services/database_admin/transports/base.py b/google/cloud/spanner_admin_database_v1/services/database_admin/transports/base.py
@@ -108,7 +108,7 @@ def __init__(
         scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
 
         # Save the scopes.
-        self._scopes = scopes or self.AUTH_SCOPES
+        self._scopes = scopes
 
         # If no credentials are provided, then determine the appropriate
         # defaults.
diff --git a/google/cloud/spanner_admin_database_v1/services/database_admin/transports/grpc.py b/google/cloud/spanner_admin_database_v1/services/database_admin/transports/grpc.py
@@ -69,6 +69,7 @@ def __init__(
         client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
         quota_project_id: Optional[str] = None,
         client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+        always_use_jwt_access: Optional[bool] = False,
     ) -> None:
         """Instantiate the transport.
 
@@ -109,6 +110,8 @@ def __init__(
                 API requests. If ``None``, then default info will be used.
                 Generally, you only need to set this if you're developing
                 your own client library.
+            always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+                be used for service account credentials.
 
         Raises:
           google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -162,7 +165,7 @@ def __init__(
             scopes=scopes,
             quota_project_id=quota_project_id,
             client_info=client_info,
-            always_use_jwt_access=True,
+            always_use_jwt_access=always_use_jwt_access,
         )
 
         if not self._grpc_channel:
diff --git a/google/cloud/spanner_admin_database_v1/services/database_admin/transports/grpc_asyncio.py b/google/cloud/spanner_admin_database_v1/services/database_admin/transports/grpc_asyncio.py
@@ -115,6 +115,7 @@ def __init__(
         client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
         quota_project_id=None,
         client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+        always_use_jwt_access: Optional[bool] = False,
     ) -> None:
         """Instantiate the transport.
 
@@ -156,6 +157,8 @@ def __init__(
                 API requests. If ``None``, then default info will be used.
                 Generally, you only need to set this if you're developing
                 your own client library.
+            always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+                be used for service account credentials.
 
         Raises:
             google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -208,7 +211,7 @@ def __init__(
             scopes=scopes,
             quota_project_id=quota_project_id,
             client_info=client_info,
-            always_use_jwt_access=True,
+            always_use_jwt_access=always_use_jwt_access,
         )
 
         if not self._grpc_channel:
diff --git a/google/cloud/spanner_admin_database_v1/types/spanner_database_admin.py b/google/cloud/spanner_admin_database_v1/types/spanner_database_admin.py
@@ -121,6 +121,14 @@ class Database(proto.Message):
             sure to account for the time from the moment
             when the value is queried to the moment when you
             initiate the recovery.
+        default_leader (str):
+            Output only. The read-write region which contains the
+            database's leader replicas.
+
+            This is the same as the value of default_leader database
+            option set using DatabaseAdmin.CreateDatabase or
+            DatabaseAdmin.UpdateDatabaseDdl. If not explicitly set, this
+            is empty.
     """
 
     class State(proto.Enum):
@@ -144,6 +152,7 @@ class State(proto.Enum):
     earliest_version_time = proto.Field(
         proto.MESSAGE, number=7, message=timestamp_pb2.Timestamp,
     )
+    default_leader = proto.Field(proto.STRING, number=9,)
 
 
 class ListDatabasesRequest(proto.Message):
diff --git a/google/cloud/spanner_admin_instance_v1/services/instance_admin/transports/base.py b/google/cloud/spanner_admin_instance_v1/services/instance_admin/transports/base.py
@@ -106,7 +106,7 @@ def __init__(
         scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
 
         # Save the scopes.
-        self._scopes = scopes or self.AUTH_SCOPES
+        self._scopes = scopes
 
         # If no credentials are provided, then determine the appropriate
         # defaults.
diff --git a/google/cloud/spanner_admin_instance_v1/services/instance_admin/transports/grpc.py b/google/cloud/spanner_admin_instance_v1/services/instance_admin/transports/grpc.py
@@ -82,6 +82,7 @@ def __init__(
         client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
         quota_project_id: Optional[str] = None,
         client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+        always_use_jwt_access: Optional[bool] = False,
     ) -> None:
         """Instantiate the transport.
 
@@ -122,6 +123,8 @@ def __init__(
                 API requests. If ``None``, then default info will be used.
                 Generally, you only need to set this if you're developing
                 your own client library.
+            always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+                be used for service account credentials.
 
         Raises:
           google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -175,7 +178,7 @@ def __init__(
             scopes=scopes,
             quota_project_id=quota_project_id,
             client_info=client_info,
-            always_use_jwt_access=True,
+            always_use_jwt_access=always_use_jwt_access,
         )
 
         if not self._grpc_channel:
diff --git a/google/cloud/spanner_admin_instance_v1/services/instance_admin/transports/grpc_asyncio.py b/google/cloud/spanner_admin_instance_v1/services/instance_admin/transports/grpc_asyncio.py
@@ -128,6 +128,7 @@ def __init__(
         client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
         quota_project_id=None,
         client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+        always_use_jwt_access: Optional[bool] = False,
     ) -> None:
         """Instantiate the transport.
 
@@ -169,6 +170,8 @@ def __init__(
                 API requests. If ``None``, then default info will be used.
                 Generally, you only need to set this if you're developing
                 your own client library.
+            always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+                be used for service account credentials.
 
         Raises:
             google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -221,7 +224,7 @@ def __init__(
             scopes=scopes,
             quota_project_id=quota_project_id,
             client_info=client_info,
-            always_use_jwt_access=True,
+            always_use_jwt_access=always_use_jwt_access,
         )
 
         if not self._grpc_channel:
diff --git a/google/cloud/spanner_admin_instance_v1/types/spanner_instance_admin.py b/google/cloud/spanner_admin_instance_v1/types/spanner_instance_admin.py
@@ -88,11 +88,15 @@ class InstanceConfig(proto.Message):
             The geographic placement of nodes in this
             instance configuration and their replication
             properties.
+        leader_options (Sequence[str]):
+            Allowed values of the “default_leader” schema option for
+            databases in instances that use this instance configuration.
     """
 
     name = proto.Field(proto.STRING, number=1,)
     display_name = proto.Field(proto.STRING, number=2,)
     replicas = proto.RepeatedField(proto.MESSAGE, number=3, message="ReplicaInfo",)
+    leader_options = proto.RepeatedField(proto.STRING, number=4,)
 
 
 class Instance(proto.Message):
diff --git a/google/cloud/spanner_v1/services/spanner/transports/base.py b/google/cloud/spanner_v1/services/spanner/transports/base.py
@@ -103,7 +103,7 @@ def __init__(
         scopes_kwargs = self._get_scopes_kwargs(self._host, scopes)
 
         # Save the scopes.
-        self._scopes = scopes or self.AUTH_SCOPES
+        self._scopes = scopes
 
         # If no credentials are provided, then determine the appropriate
         # defaults.
diff --git a/google/cloud/spanner_v1/services/spanner/transports/grpc.py b/google/cloud/spanner_v1/services/spanner/transports/grpc.py
@@ -63,6 +63,7 @@ def __init__(
         client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
         quota_project_id: Optional[str] = None,
         client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+        always_use_jwt_access: Optional[bool] = False,
     ) -> None:
         """Instantiate the transport.
 
@@ -103,6 +104,8 @@ def __init__(
                 API requests. If ``None``, then default info will be used.
                 Generally, you only need to set this if you're developing
                 your own client library.
+            always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+                be used for service account credentials.
 
         Raises:
           google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
@@ -155,7 +158,7 @@ def __init__(
             scopes=scopes,
             quota_project_id=quota_project_id,
             client_info=client_info,
-            always_use_jwt_access=True,
+            always_use_jwt_access=always_use_jwt_access,
         )
 
         if not self._grpc_channel:
diff --git a/google/cloud/spanner_v1/services/spanner/transports/grpc_asyncio.py b/google/cloud/spanner_v1/services/spanner/transports/grpc_asyncio.py
@@ -109,6 +109,7 @@ def __init__(
         client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
         quota_project_id=None,
         client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
+        always_use_jwt_access: Optional[bool] = False,
     ) -> None:
         """Instantiate the transport.
 
@@ -150,6 +151,8 @@ def __init__(
                 API requests. If ``None``, then default info will be used.
                 Generally, you only need to set this if you're developing
                 your own client library.
+            always_use_jwt_access (Optional[bool]): Whether self signed JWT should
+                be used for service account credentials.
 
         Raises:
             google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
@@ -201,7 +204,7 @@ def __init__(
             scopes=scopes,
             quota_project_id=quota_project_id,
             client_info=client_info,
-            always_use_jwt_access=True,
+            always_use_jwt_access=always_use_jwt_access,
         )
 
         if not self._grpc_channel:
diff --git a/google/cloud/spanner_v1/types/type.py b/google/cloud/spanner_v1/types/type.py
@@ -41,6 +41,7 @@ class TypeCode(proto.Enum):
     ARRAY = 8
     STRUCT = 9
     NUMERIC = 10
+    JSON = 11
 
 
 class Type(proto.Message):
diff --git a/setup.py b/setup.py
@@ -30,7 +30,7 @@
 release_status = "Development Status :: 5 - Production/Stable"
 dependencies = [
     "google-api-core[grpc] >= 1.26.0, <2.0.0dev",
-    "" "google-cloud-core >= 1.4.1, < 2.0dev",
+    "google-cloud-core >= 1.4.1, < 2.0dev",
     "grpc-google-iam-v1 >= 0.12.3, < 0.13dev",
     "proto-plus >= 1.11.0",
     "sqlparse >= 0.3.0",
diff --git a/tests/unit/gapic/spanner_admin_database_v1/test_database_admin.py b/tests/unit/gapic/spanner_admin_database_v1/test_database_admin.py
@@ -147,7 +147,25 @@ def test_database_admin_client_service_account_always_use_jwt(client_class):
     ) as use_jwt:
         creds = service_account.Credentials(None, None, None)
         client = client_class(credentials=creds)
-        use_jwt.assert_called_with(True)
+        use_jwt.assert_not_called()
+
+
+@pytest.mark.parametrize(
+    "transport_class,transport_name",
+    [
+        (transports.DatabaseAdminGrpcTransport, "grpc"),
+        (transports.DatabaseAdminGrpcAsyncIOTransport, "grpc_asyncio"),
+    ],
+)
+def test_database_admin_client_service_account_always_use_jwt_true(
+    transport_class, transport_name
+):
+    with mock.patch.object(
+        service_account.Credentials, "with_always_use_jwt_access", create=True
+    ) as use_jwt:
+        creds = service_account.Credentials(None, None, None)
+        transport = transport_class(credentials=creds, always_use_jwt_access=True)
+        use_jwt.assert_called_once_with(True)
 
 
 @pytest.mark.parametrize(
@@ -1085,6 +1103,7 @@ def test_get_database(
             name="name_value",
             state=spanner_database_admin.Database.State.CREATING,
             version_retention_period="version_retention_period_value",
+            default_leader="default_leader_value",
         )
         response = client.get_database(request)
 
@@ -1098,6 +1117,7 @@ def test_get_database(
     assert response.name == "name_value"
     assert response.state == spanner_database_admin.Database.State.CREATING
     assert response.version_retention_period == "version_retention_period_value"
+    assert response.default_leader == "default_leader_value"
 
 
 def test_get_database_from_dict():
@@ -1140,6 +1160,7 @@ async def test_get_database_async(
                 name="name_value",
                 state=spanner_database_admin.Database.State.CREATING,
                 version_retention_period="version_retention_period_value",
+                default_leader="default_leader_value",
             )
         )
         response = await client.get_database(request)
@@ -1154,6 +1175,7 @@ async def test_get_database_async(
     assert response.name == "name_value"
     assert response.state == spanner_database_admin.Database.State.CREATING
     assert response.version_retention_period == "version_retention_period_value"
+    assert response.default_leader == "default_leader_value"
 
 
 @pytest.mark.asyncio
@@ -5046,10 +5068,7 @@ def test_database_admin_grpc_transport_client_cert_source_for_mtls(transport_cla
             "squid.clam.whelk:443",
             credentials=cred,
             credentials_file=None,
-            scopes=(
-                "https://www.googleapis.com/auth/cloud-platform",
-                "https://www.googleapis.com/auth/spanner.admin",
-            ),
+            scopes=None,
             ssl_credentials=mock_ssl_channel_creds,
             quota_project_id=None,
             options=[
@@ -5156,10 +5175,7 @@ def test_database_admin_transport_channel_mtls_with_client_cert_source(transport
                 "mtls.squid.clam.whelk:443",
                 credentials=cred,
                 credentials_file=None,
-                scopes=(
-                    "https://www.googleapis.com/auth/cloud-platform",
-                    "https://www.googleapis.com/auth/spanner.admin",
-                ),
+                scopes=None,
                 ssl_credentials=mock_ssl_cred,
                 quota_project_id=None,
                 options=[
@@ -5206,10 +5222,7 @@ def test_database_admin_transport_channel_mtls_with_adc(transport_class):
                 "mtls.squid.clam.whelk:443",
                 credentials=mock_cred,
                 credentials_file=None,
-                scopes=(
-                    "https://www.googleapis.com/auth/cloud-platform",
-                    "https://www.googleapis.com/auth/spanner.admin",
-                ),
+                scopes=None,
                 ssl_credentials=mock_ssl_cred,
                 quota_project_id=None,
                 options=[
diff --git a/tests/unit/gapic/spanner_admin_instance_v1/test_instance_admin.py b/tests/unit/gapic/spanner_admin_instance_v1/test_instance_admin.py
diff --git a/tests/unit/gapic/spanner_v1/test_spanner.py b/tests/unit/gapic/spanner_v1/test_spanner.py
