chore: update replacements to unblock gapic-generator update

parthea · parthea · commit 0acea6177d90 · 2025-12-18T16:32:17.000Z
diff --git a/.librarian/generator-input/client-post-processing/integrate-isolated-handwritten-code.yaml b/.librarian/generator-input/client-post-processing/integrate-isolated-handwritten-code.yaml
@@ -45,10 +45,10 @@ replacements:
       packages/google-cloud-vision/google/cloud/vision_v1p4beta1/__init__.py,
     ]    
     before: |
-      from .types.web_detection import WebDetection\n
+      \)\n
       __all__ = \(
     after: |
-      from .types.web_detection import WebDetection\n\n
+      \)\n
       @add_single_feature_methods
       class ImageAnnotatorClient(VisionHelpers, IacImageAnnotatorClient):
           __doc__ = IacImageAnnotatorClient.__doc__
diff --git a/.librarian/generator-input/client-post-processing/unique-grafeas-client.yaml b/.librarian/generator-input/client-post-processing/unique-grafeas-client.yaml
@@ -434,12 +434,19 @@ replacements:
           with mock.patch.dict\(
               os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
           \):
-              with pytest.raises\(ValueError\) as excinfo:
-                  GrafeasClient._read_environment_variables\(\)
-          assert \(
-              str\(excinfo.value\)
-              == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
-          \)
+              if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+                  with pytest.raises\(ValueError\) as excinfo:
+                      GrafeasClient._read_environment_variables\(\)
+                  assert \(
+                      str\(excinfo.value\)
+                      == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
+                  \)
+              else:
+                  assert GrafeasClient._read_environment_variables\(\) == \(
+                      False,
+                      "auto",
+                      None,
+                  \)
 
           with mock.patch.dict\(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}\):
               assert GrafeasClient._read_environment_variables\(\) == \(False, "never", None\)
@@ -462,6 +469,105 @@ replacements:
               assert GrafeasClient._read_environment_variables\(\) == \(False, "auto", "foo.com"\)
 
 
+      def test_use_client_cert_effective\(\):
+          # Test case 1: Test when `should_use_client_cert` returns True.
+          # We mock the `should_use_client_cert` function to simulate a scenario where
+          # the google-auth library supports automatic mTLS and determines that a
+          # client certificate should be used.
+          if hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch\(
+                  "google.auth.transport.mtls.should_use_client_cert", return_value=True
+              \):
+                  assert GrafeasClient._use_client_cert_effective\(\) is True
+
+          # Test case 2: Test when `should_use_client_cert` returns False.
+          # We mock the `should_use_client_cert` function to simulate a scenario where
+          # the google-auth library supports automatic mTLS and determines that a
+          # client certificate should NOT be used.
+          if hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch\(
+                  "google.auth.transport.mtls.should_use_client_cert", return_value=False
+              \):
+                  assert GrafeasClient._use_client_cert_effective\(\) is False
+
+          # Test case 3: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to "true".
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}\):
+                  assert GrafeasClient._use_client_cert_effective\(\) is True
+
+          # Test case 4: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to "false".
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(
+                  os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}
+              \):
+                  assert GrafeasClient._use_client_cert_effective\(\) is False
+
+          # Test case 5: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to "True".
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "True"}\):
+                  assert GrafeasClient._use_client_cert_effective\(\) is True
+
+          # Test case 6: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to "False".
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(
+                  os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "False"}
+              \):
+                  assert GrafeasClient._use_client_cert_effective\(\) is False
+
+          # Test case 7: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to "TRUE".
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "TRUE"}\):
+                  assert GrafeasClient._use_client_cert_effective\(\) is True
+
+          # Test case 8: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to "FALSE".
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(
+                  os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "FALSE"}
+              \):
+                  assert GrafeasClient._use_client_cert_effective\(\) is False
+
+          # Test case 9: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not set.
+          # In this case, the method should return False, which is the default value.
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(os.environ, clear=True\):
+                  assert GrafeasClient._use_client_cert_effective\(\) is False
+
+          # Test case 10: Test when `should_use_client_cert` is unavailable and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to an invalid value.
+          # The method should raise a ValueError as the environment variable must be either
+          # "true" or "false".
+          if not hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(
+                  os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "unsupported"}
+              \):
+                  with pytest.raises\(ValueError\):
+                      GrafeasClient._use_client_cert_effective\(\)
+
+          # Test case 11: Test when `should_use_client_cert` is available and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is set to an invalid value.
+          # The method should return False as the environment variable is set to an invalid value.
+          if hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(
+                  os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "unsupported"}
+              \):
+                  assert GrafeasClient._use_client_cert_effective\(\) is False
+
+          # Test case 12: Test when `should_use_client_cert` is available and the
+          # `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is unset. Also,
+          # the GOOGLE_API_CONFIG environment variable is unset.
+          if hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              with mock.patch.dict\(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": ""}\):
+                  with mock.patch.dict\(os.environ, {"GOOGLE_API_CERTIFICATE_CONFIG": ""}\):
+                      assert GrafeasClient._use_client_cert_effective\(\) is False
+
+
       def test__get_client_cert_source\(\):
           mock_provided_cert_source = mock.Mock\(\)
           mock_default_cert_source = mock.Mock\(\)
@@ -814,17 +920,6 @@ replacements:
               == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
           \)
 
-          # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value.
-          with mock.patch.dict\(
-              os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
-          \):
-              with pytest.raises\(ValueError\) as excinfo:
-                  client = client_class\(transport=transport_name\)
-          assert \(
-              str\(excinfo.value\)
-              == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
-          \)
-
           # Check the case quota_project_id is provided
           options = client_options.ClientOptions\(quota_project_id="octopus"\)
           with mock.patch.object\(transport_class, "__init__"\) as patched:
@@ -1034,6 +1129,119 @@ replacements:
               assert api_endpoint == mock_api_endpoint
               assert cert_source is None
 
+          # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "Unsupported".
+          with mock.patch.dict\(
+              os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
+          \):
+              if hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+                  mock_client_cert_source = mock.Mock\(\)
+                  mock_api_endpoint = "foo"
+                  options = client_options.ClientOptions\(
+                      client_cert_source=mock_client_cert_source,
+                      api_endpoint=mock_api_endpoint,
+                  \)
+                  api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source\(
+                      options
+                  \)
+                  assert api_endpoint == mock_api_endpoint
+                  assert cert_source is None
+
+          # Test cases for mTLS enablement when GOOGLE_API_USE_CLIENT_CERTIFICATE is unset.
+          test_cases = \[
+              \(
+                  # With workloads present in config, mTLS is enabled.
+                  {
+                      "version": 1,
+                      "cert_configs": {
+                          "workload": {
+                              "cert_path": "path/to/cert/file",
+                              "key_path": "path/to/key/file",
+                          }
+                      },
+                  },
+                  mock_client_cert_source,
+              \),
+              \(
+                  # With workloads not present in config, mTLS is disabled.
+                  {
+                      "version": 1,
+                      "cert_configs": {},
+                  },
+                  None,
+              \),
+          \]
+          if hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              for config_data, expected_cert_source in test_cases:
+                  env = os.environ.copy\(\)
+                  env.pop\("GOOGLE_API_USE_CLIENT_CERTIFICATE", None\)
+                  with mock.patch.dict\(os.environ, env, clear=True\):
+                      config_filename = "mock_certificate_config.json"
+                      config_file_content = json.dumps\(config_data\)
+                      m = mock.mock_open\(read_data=config_file_content\)
+                      with mock.patch\("builtins.open", m\):
+                          with mock.patch.dict\(
+                              os.environ, {"GOOGLE_API_CERTIFICATE_CONFIG": config_filename}
+                          \):
+                              mock_api_endpoint = "foo"
+                              options = client_options.ClientOptions\(
+                                  client_cert_source=mock_client_cert_source,
+                                  api_endpoint=mock_api_endpoint,
+                              \)
+                              \(
+                                  api_endpoint,
+                                  cert_source,
+                              \) = client_class.get_mtls_endpoint_and_cert_source\(options\)
+                              assert api_endpoint == mock_api_endpoint
+                              assert cert_source is expected_cert_source
+
+          # Test cases for mTLS enablement when GOOGLE_API_USE_CLIENT_CERTIFICATE is unset\(empty\).
+          test_cases = \[
+              \(
+                  # With workloads present in config, mTLS is enabled.
+                  {
+                      "version": 1,
+                      "cert_configs": {
+                          "workload": {
+                              "cert_path": "path/to/cert/file",
+                              "key_path": "path/to/key/file",
+                          }
+                      },
+                  },
+                  mock_client_cert_source,
+              \),
+              \(
+                  # With workloads not present in config, mTLS is disabled.
+                  {
+                      "version": 1,
+                      "cert_configs": {},
+                  },
+                  None,
+              \),
+          \]
+          if hasattr\(google.auth.transport.mtls, "should_use_client_cert"\):
+              for config_data, expected_cert_source in test_cases:
+                  env = os.environ.copy\(\)
+                  env.pop\("GOOGLE_API_USE_CLIENT_CERTIFICATE", ""\)
+                  with mock.patch.dict\(os.environ, env, clear=True\):
+                      config_filename = "mock_certificate_config.json"
+                      config_file_content = json.dumps\(config_data\)
+                      m = mock.mock_open\(read_data=config_file_content\)
+                      with mock.patch\("builtins.open", m\):
+                          with mock.patch.dict\(
+                              os.environ, {"GOOGLE_API_CERTIFICATE_CONFIG": config_filename}
+                          \):
+                              mock_api_endpoint = "foo"
+                              options = client_options.ClientOptions\(
+                                  client_cert_source=mock_client_cert_source,
+                                  api_endpoint=mock_api_endpoint,
+                              \)
+                              \(
+                                  api_endpoint,
+                                  cert_source,
+                              \) = client_class.get_mtls_endpoint_and_cert_source\(options\)
+                              assert api_endpoint == mock_api_endpoint
+                              assert cert_source is expected_cert_source
+
           # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "never".
           with mock.patch.dict\(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}\):
               api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source\(\)
@@ -1084,18 +1292,6 @@ replacements:
                   == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
               \)
 
-          # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value.
-          with mock.patch.dict\(
-              os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
-          \):
-              with pytest.raises\(ValueError\) as excinfo:
-                  client_class.get_mtls_endpoint_and_cert_source\(\)
-      
-              assert \(
-                  str\(excinfo.value\)
-                  == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
-              \)
-
 
       @pytest.mark.parametrize\("client_class", \[GrafeasClient, GrafeasAsyncClient\]\)
       @mock.patch.object\(
@@ -1390,20 +1586,16 @@ replacements:
       \        \)
       \        if client_options is None:
       \            client_options = client_options_lib.ClientOptions\(\)
-      \        use_client_cert = os.getenv\("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"\)
+      \        use_client_cert = GrafeasClient._use_client_cert_effective\(\)
       \        use_mtls_endpoint = os.getenv\("GOOGLE_API_USE_MTLS_ENDPOINT", "auto"\)
-      \        if use_client_cert not in \("true", "false"\):
-      \            raise ValueError\(
-      \                "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
-      \            \)
       \        if use_mtls_endpoint not in \("auto", "never", "always"\):
       \            raise MutualTLSChannelError\(
       \                "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
       \            \)
       \
       \        # Figure out the client cert source to use.
       \        client_cert_source = None
-      \        if use_client_cert == "true":
+      \        if use_client_cert:
       \            if client_options.client_cert_source:
       \                client_cert_source = client_options.client_cert_source
       \            elif mtls.has_default_client_cert_source\(\):
@@ -1435,20 +1627,14 @@ replacements:
       \            google.auth.exceptions.MutualTLSChannelError: If GOOGLE_API_USE_MTLS_ENDPOINT
       \                is not any of \["auto", "never", "always"\].
       \        """
-      \        use_client_cert = os.getenv\(
-      \            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
-      \        \).lower\(\)
+      \        use_client_cert = GrafeasClient._use_client_cert_effective\(\)
       \        use_mtls_endpoint = os.getenv\("GOOGLE_API_USE_MTLS_ENDPOINT", "auto"\).lower\(\)
       \        universe_domain_env = os.getenv\("GOOGLE_CLOUD_UNIVERSE_DOMAIN"\)
-      \        if use_client_cert not in \("true", "false"\):
-      \            raise ValueError\(
-      \                "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
-      \            \)
       \        if use_mtls_endpoint not in \("auto", "never", "always"\):
       \            raise MutualTLSChannelError\(
       \                "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
       \            \)
-      \        return use_client_cert == "true", use_mtls_endpoint, universe_domain_env
+      \        return use_client_cert, use_mtls_endpoint, universe_domain_env
       \
       \    @staticmethod
       \    def _get_client_cert_source\(provided_cert_source, use_cert_flag\):
diff --git a/packages/google-cloud-monitoring-dashboards/tests/unit/gapic/dashboard_v1/test_dashboards_service.py b/packages/google-cloud-monitoring-dashboards/tests/unit/gapic/dashboard_v1/test_dashboards_service.py
@@ -304,13 +304,6 @@ def test_dashboards_service_client_client_options(
         with pytest.raises(MutualTLSChannelError):
             client = client_class(transport=transport_name)
 
-    # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value.
-    with mock.patch.dict(
-        os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}
-    ):
-        with pytest.raises(ValueError):
-            client = client_class(transport=transport_name)
-
     # Check the case quota_project_id is provided
     options = client_options.ClientOptions(quota_project_id="octopus")
     with mock.patch.object(transport_class, "__init__") as patched:
