diff --git a/packages/google-cloud-asset/docs/asset_v1p4beta1/asset_service.rst b/packages/google-cloud-asset/docs/asset_v1p4beta1/asset_service.rst deleted file mode 100644 index e46e3c5ecad0..000000000000 --- a/packages/google-cloud-asset/docs/asset_v1p4beta1/asset_service.rst +++ /dev/null @@ -1,6 +0,0 @@ -AssetService ------------------------------- - -.. automodule:: google.cloud.asset_v1p4beta1.services.asset_service - :members: - :inherited-members: diff --git a/packages/google-cloud-asset/docs/asset_v1p4beta1/services_.rst b/packages/google-cloud-asset/docs/asset_v1p4beta1/services_.rst deleted file mode 100644 index 6116177ffbea..000000000000 --- a/packages/google-cloud-asset/docs/asset_v1p4beta1/services_.rst +++ /dev/null @@ -1,6 +0,0 @@ -Services for Google Cloud Asset v1p4beta1 API -============================================= -.. toctree:: - :maxdepth: 2 - - asset_service diff --git a/packages/google-cloud-asset/docs/asset_v1p4beta1/types_.rst b/packages/google-cloud-asset/docs/asset_v1p4beta1/types_.rst deleted file mode 100644 index 60ea41e5faee..000000000000 --- a/packages/google-cloud-asset/docs/asset_v1p4beta1/types_.rst +++ /dev/null @@ -1,7 +0,0 @@ -Types for Google Cloud Asset v1p4beta1 API -========================================== - -.. automodule:: google.cloud.asset_v1p4beta1.types - :members: - :undoc-members: - :show-inheritance: diff --git a/packages/google-cloud-asset/docs/index.rst b/packages/google-cloud-asset/docs/index.rst index b306bcf1baa5..f038bdeae6fd 100644 --- a/packages/google-cloud-asset/docs/index.rst +++ b/packages/google-cloud-asset/docs/index.rst @@ -30,14 +30,6 @@ API Reference asset_v1p2beta1/services_ asset_v1p2beta1/types_ -API Reference -------------- -.. toctree:: - :maxdepth: 2 - - asset_v1p4beta1/services_ - asset_v1p4beta1/types_ - API Reference ------------- .. toctree:: diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/__init__.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/__init__.py deleted file mode 100644 index 0e6d142c1205..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/__init__.py +++ /dev/null @@ -1,38 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -from .services.asset_service import AssetServiceAsyncClient, AssetServiceClient -from .types.asset_service import ( - AnalyzeIamPolicyRequest, - AnalyzeIamPolicyResponse, - ExportIamPolicyAnalysisRequest, - ExportIamPolicyAnalysisResponse, - IamPolicyAnalysisOutputConfig, - IamPolicyAnalysisQuery, -) -from .types.assets import IamPolicyAnalysisResult - -__all__ = ( - "AssetServiceAsyncClient", - "AnalyzeIamPolicyRequest", - "AnalyzeIamPolicyResponse", - "AssetServiceClient", - "ExportIamPolicyAnalysisRequest", - "ExportIamPolicyAnalysisResponse", - "IamPolicyAnalysisOutputConfig", - "IamPolicyAnalysisQuery", - "IamPolicyAnalysisResult", -) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/gapic_metadata.json b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/gapic_metadata.json deleted file mode 100644 index 23a2f8a38ae6..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/gapic_metadata.json +++ /dev/null @@ -1,43 +0,0 @@ - { - "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", - "language": "python", - "libraryPackage": "google.cloud.asset_v1p4beta1", - "protoPackage": "google.cloud.asset.v1p4beta1", - "schema": "1.0", - "services": { - "AssetService": { - "clients": { - "grpc": { - "libraryClient": "AssetServiceClient", - "rpcs": { - "AnalyzeIamPolicy": { - "methods": [ - "analyze_iam_policy" - ] - }, - "ExportIamPolicyAnalysis": { - "methods": [ - "export_iam_policy_analysis" - ] - } - } - }, - "grpc-async": { - "libraryClient": "AssetServiceAsyncClient", - "rpcs": { - "AnalyzeIamPolicy": { - "methods": [ - "analyze_iam_policy" - ] - }, - "ExportIamPolicyAnalysis": { - "methods": [ - "export_iam_policy_analysis" - ] - } - } - } - } - } - } -} diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/gapic_version.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/gapic_version.py deleted file mode 100644 index 46d2c8163d5f..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/gapic_version.py +++ /dev/null @@ -1,16 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -__version__ = "3.30.1" # {x-release-please-version} diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/py.typed b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/py.typed deleted file mode 100644 index 3dbb09a39130..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/py.typed +++ /dev/null @@ -1,2 +0,0 @@ -# Marker file for PEP 561. -# The google-cloud-asset package uses inline types. diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/__init__.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/__init__.py deleted file mode 100644 index e8e1c3845db5..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/__init__.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/__init__.py deleted file mode 100644 index 548e6cbf4b49..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/__init__.py +++ /dev/null @@ -1,22 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from .async_client import AssetServiceAsyncClient -from .client import AssetServiceClient - -__all__ = ( - "AssetServiceClient", - "AssetServiceAsyncClient", -) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/async_client.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/async_client.py deleted file mode 100644 index 9f6db94f4b56..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/async_client.py +++ /dev/null @@ -1,407 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -import functools -import re -from typing import Dict, Mapping, Optional, Sequence, Tuple, Type, Union - -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1 -from google.api_core import retry as retries -from google.api_core.client_options import ClientOptions -from google.auth import credentials as ga_credentials # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.asset_v1p4beta1 import gapic_version as package_version - -try: - OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] -except AttributeError: # pragma: NO COVER - OptionalRetry = Union[retries.Retry, object] # type: ignore - -from google.api_core import operation # type: ignore -from google.api_core import operation_async # type: ignore - -from google.cloud.asset_v1p4beta1.types import asset_service, assets - -from .client import AssetServiceClient -from .transports.base import DEFAULT_CLIENT_INFO, AssetServiceTransport -from .transports.grpc_asyncio import AssetServiceGrpcAsyncIOTransport - - -class AssetServiceAsyncClient: - """Asset service definition.""" - - _client: AssetServiceClient - - DEFAULT_ENDPOINT = AssetServiceClient.DEFAULT_ENDPOINT - DEFAULT_MTLS_ENDPOINT = AssetServiceClient.DEFAULT_MTLS_ENDPOINT - - common_billing_account_path = staticmethod( - AssetServiceClient.common_billing_account_path - ) - parse_common_billing_account_path = staticmethod( - AssetServiceClient.parse_common_billing_account_path - ) - common_folder_path = staticmethod(AssetServiceClient.common_folder_path) - parse_common_folder_path = staticmethod(AssetServiceClient.parse_common_folder_path) - common_organization_path = staticmethod(AssetServiceClient.common_organization_path) - parse_common_organization_path = staticmethod( - AssetServiceClient.parse_common_organization_path - ) - common_project_path = staticmethod(AssetServiceClient.common_project_path) - parse_common_project_path = staticmethod( - AssetServiceClient.parse_common_project_path - ) - common_location_path = staticmethod(AssetServiceClient.common_location_path) - parse_common_location_path = staticmethod( - AssetServiceClient.parse_common_location_path - ) - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - AssetServiceAsyncClient: The constructed client. - """ - return AssetServiceClient.from_service_account_info.__func__(AssetServiceAsyncClient, info, *args, **kwargs) # type: ignore - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - AssetServiceAsyncClient: The constructed client. - """ - return AssetServiceClient.from_service_account_file.__func__(AssetServiceAsyncClient, filename, *args, **kwargs) # type: ignore - - from_service_account_json = from_service_account_file - - @classmethod - def get_mtls_endpoint_and_cert_source( - cls, client_options: Optional[ClientOptions] = None - ): - """Return the API endpoint and client cert source for mutual TLS. - - The client cert source is determined in the following order: - (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the - client cert source is None. - (2) if `client_options.client_cert_source` is provided, use the provided one; if the - default client cert source exists, use the default one; otherwise the client cert - source is None. - - The API endpoint is determined in the following order: - (1) if `client_options.api_endpoint` if provided, use the provided one. - (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the - default mTLS endpoint; if the environment variabel is "never", use the default API - endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise - use the default API endpoint. - - More details can be found at https://google.aip.dev/auth/4114. - - Args: - client_options (google.api_core.client_options.ClientOptions): Custom options for the - client. Only the `api_endpoint` and `client_cert_source` properties may be used - in this method. - - Returns: - Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the - client cert source to use. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If any errors happen. - """ - return AssetServiceClient.get_mtls_endpoint_and_cert_source(client_options) # type: ignore - - @property - def transport(self) -> AssetServiceTransport: - """Returns the transport used by the client instance. - - Returns: - AssetServiceTransport: The transport used by the client instance. - """ - return self._client.transport - - get_transport_class = functools.partial( - type(AssetServiceClient).get_transport_class, type(AssetServiceClient) - ) - - def __init__( - self, - *, - credentials: ga_credentials.Credentials = None, - transport: Union[str, AssetServiceTransport] = "grpc_asyncio", - client_options: ClientOptions = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the asset service client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Union[str, ~.AssetServiceTransport]): The - transport to use. If set to None, a transport is chosen - automatically. - client_options (ClientOptions): Custom options for the client. It - won't take effect if a ``transport`` instance is provided. - (1) The ``api_endpoint`` property can be used to override the - default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT - environment variable can also be used to override the endpoint: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto switch to the - default mTLS endpoint if client certificate is present, this is - the default value). However, the ``api_endpoint`` property takes - precedence if provided. - (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide client certificate for mutual TLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - """ - self._client = AssetServiceClient( - credentials=credentials, - transport=transport, - client_options=client_options, - client_info=client_info, - ) - - async def analyze_iam_policy( - self, - request: Union[asset_service.AnalyzeIamPolicyRequest, dict] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> asset_service.AnalyzeIamPolicyResponse: - r"""Analyzes IAM policies based on the specified request. Returns a - list of - [IamPolicyAnalysisResult][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult] - matching the request. - - .. code-block:: python - - from google.cloud import asset_v1p4beta1 - - async def sample_analyze_iam_policy(): - # Create a client - client = asset_v1p4beta1.AssetServiceAsyncClient() - - # Initialize request argument(s) - analysis_query = asset_v1p4beta1.IamPolicyAnalysisQuery() - analysis_query.parent = "parent_value" - - request = asset_v1p4beta1.AnalyzeIamPolicyRequest( - analysis_query=analysis_query, - ) - - # Make the request - response = await client.analyze_iam_policy(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.asset_v1p4beta1.types.AnalyzeIamPolicyRequest, dict]): - The request object. A request message for - [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1p4beta1.AssetService.AnalyzeIamPolicy]. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.asset_v1p4beta1.types.AnalyzeIamPolicyResponse: - A response message for - [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1p4beta1.AssetService.AnalyzeIamPolicy]. - - """ - # Create or coerce a protobuf request object. - request = asset_service.AnalyzeIamPolicyRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.analyze_iam_policy, - default_retry=retries.Retry( - initial=0.1, - maximum=60.0, - multiplier=1.3, - predicate=retries.if_exception_type( - core_exceptions.ServiceUnavailable, - ), - deadline=300.0, - ), - default_timeout=300.0, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("analysis_query.parent", request.analysis_query.parent),) - ), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def export_iam_policy_analysis( - self, - request: Union[asset_service.ExportIamPolicyAnalysisRequest, dict] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> operation_async.AsyncOperation: - r"""Exports IAM policy analysis based on the specified request. This - API implements the - [google.longrunning.Operation][google.longrunning.Operation] API - allowing you to keep track of the export. The metadata contains - the request to help callers to map responses to requests. - - .. code-block:: python - - from google.cloud import asset_v1p4beta1 - - async def sample_export_iam_policy_analysis(): - # Create a client - client = asset_v1p4beta1.AssetServiceAsyncClient() - - # Initialize request argument(s) - analysis_query = asset_v1p4beta1.IamPolicyAnalysisQuery() - analysis_query.parent = "parent_value" - - output_config = asset_v1p4beta1.IamPolicyAnalysisOutputConfig() - output_config.gcs_destination.uri = "uri_value" - - request = asset_v1p4beta1.ExportIamPolicyAnalysisRequest( - analysis_query=analysis_query, - output_config=output_config, - ) - - # Make the request - operation = client.export_iam_policy_analysis(request=request) - - print("Waiting for operation to complete...") - - response = await operation.result() - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.asset_v1p4beta1.types.ExportIamPolicyAnalysisRequest, dict]): - The request object. A request message for - [AssetService.ExportIamPolicyAnalysis][google.cloud.asset.v1p4beta1.AssetService.ExportIamPolicyAnalysis]. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.api_core.operation_async.AsyncOperation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.asset_v1p4beta1.types.ExportIamPolicyAnalysisResponse` The export IAM policy analysis response. This message is returned by the - [google.longrunning.Operations.GetOperation][] method - in the returned - [google.longrunning.Operation.response][] field. - - """ - # Create or coerce a protobuf request object. - request = asset_service.ExportIamPolicyAnalysisRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = gapic_v1.method_async.wrap_method( - self._client._transport.export_iam_policy_analysis, - default_timeout=60.0, - client_info=DEFAULT_CLIENT_INFO, - ) - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("analysis_query.parent", request.analysis_query.parent),) - ), - ) - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation_async.from_gapic( - response, - self._client._transport.operations_client, - asset_service.ExportIamPolicyAnalysisResponse, - metadata_type=asset_service.ExportIamPolicyAnalysisRequest, - ) - - # Done; return the response. - return response - - async def __aenter__(self): - return self - - async def __aexit__(self, exc_type, exc, tb): - await self.transport.close() - - -DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=package_version.__version__ -) - - -__all__ = ("AssetServiceAsyncClient",) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/client.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/client.py deleted file mode 100644 index 6320f171c413..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/client.py +++ /dev/null @@ -1,616 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -import os -import re -from typing import Dict, Mapping, Optional, Sequence, Tuple, Type, Union - -from google.api_core import client_options as client_options_lib -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1 -from google.api_core import retry as retries -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.exceptions import MutualTLSChannelError # type: ignore -from google.auth.transport import mtls # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.asset_v1p4beta1 import gapic_version as package_version - -try: - OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault] -except AttributeError: # pragma: NO COVER - OptionalRetry = Union[retries.Retry, object] # type: ignore - -from google.api_core import operation # type: ignore -from google.api_core import operation_async # type: ignore - -from google.cloud.asset_v1p4beta1.types import asset_service, assets - -from .transports.base import DEFAULT_CLIENT_INFO, AssetServiceTransport -from .transports.grpc import AssetServiceGrpcTransport -from .transports.grpc_asyncio import AssetServiceGrpcAsyncIOTransport - - -class AssetServiceClientMeta(type): - """Metaclass for the AssetService client. - - This provides class-level methods for building and retrieving - support objects (e.g. transport) without polluting the client instance - objects. - """ - - _transport_registry = OrderedDict() # type: Dict[str, Type[AssetServiceTransport]] - _transport_registry["grpc"] = AssetServiceGrpcTransport - _transport_registry["grpc_asyncio"] = AssetServiceGrpcAsyncIOTransport - - def get_transport_class( - cls, - label: str = None, - ) -> Type[AssetServiceTransport]: - """Returns an appropriate transport class. - - Args: - label: The name of the desired transport. If none is - provided, then the first transport in the registry is used. - - Returns: - The transport class to use. - """ - # If a specific transport is requested, return that one. - if label: - return cls._transport_registry[label] - - # No transport is requested; return the default (that is, the first one - # in the dictionary). - return next(iter(cls._transport_registry.values())) - - -class AssetServiceClient(metaclass=AssetServiceClientMeta): - """Asset service definition.""" - - @staticmethod - def _get_default_mtls_endpoint(api_endpoint): - """Converts api endpoint to mTLS endpoint. - - Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to - "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. - Args: - api_endpoint (Optional[str]): the api endpoint to convert. - Returns: - str: converted mTLS api endpoint. - """ - if not api_endpoint: - return api_endpoint - - mtls_endpoint_re = re.compile( - r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" - ) - - m = mtls_endpoint_re.match(api_endpoint) - name, mtls, sandbox, googledomain = m.groups() - if mtls or not googledomain: - return api_endpoint - - if sandbox: - return api_endpoint.replace( - "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" - ) - - return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") - - DEFAULT_ENDPOINT = "cloudasset.googleapis.com" - DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore - DEFAULT_ENDPOINT - ) - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - AssetServiceClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_info(info) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - AssetServiceClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_file(filename) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - from_service_account_json = from_service_account_file - - @property - def transport(self) -> AssetServiceTransport: - """Returns the transport used by the client instance. - - Returns: - AssetServiceTransport: The transport used by the client - instance. - """ - return self._transport - - @staticmethod - def common_billing_account_path( - billing_account: str, - ) -> str: - """Returns a fully-qualified billing_account string.""" - return "billingAccounts/{billing_account}".format( - billing_account=billing_account, - ) - - @staticmethod - def parse_common_billing_account_path(path: str) -> Dict[str, str]: - """Parse a billing_account path into its component segments.""" - m = re.match(r"^billingAccounts/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_folder_path( - folder: str, - ) -> str: - """Returns a fully-qualified folder string.""" - return "folders/{folder}".format( - folder=folder, - ) - - @staticmethod - def parse_common_folder_path(path: str) -> Dict[str, str]: - """Parse a folder path into its component segments.""" - m = re.match(r"^folders/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_organization_path( - organization: str, - ) -> str: - """Returns a fully-qualified organization string.""" - return "organizations/{organization}".format( - organization=organization, - ) - - @staticmethod - def parse_common_organization_path(path: str) -> Dict[str, str]: - """Parse a organization path into its component segments.""" - m = re.match(r"^organizations/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_project_path( - project: str, - ) -> str: - """Returns a fully-qualified project string.""" - return "projects/{project}".format( - project=project, - ) - - @staticmethod - def parse_common_project_path(path: str) -> Dict[str, str]: - """Parse a project path into its component segments.""" - m = re.match(r"^projects/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_location_path( - project: str, - location: str, - ) -> str: - """Returns a fully-qualified location string.""" - return "projects/{project}/locations/{location}".format( - project=project, - location=location, - ) - - @staticmethod - def parse_common_location_path(path: str) -> Dict[str, str]: - """Parse a location path into its component segments.""" - m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) - return m.groupdict() if m else {} - - @classmethod - def get_mtls_endpoint_and_cert_source( - cls, client_options: Optional[client_options_lib.ClientOptions] = None - ): - """Return the API endpoint and client cert source for mutual TLS. - - The client cert source is determined in the following order: - (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the - client cert source is None. - (2) if `client_options.client_cert_source` is provided, use the provided one; if the - default client cert source exists, use the default one; otherwise the client cert - source is None. - - The API endpoint is determined in the following order: - (1) if `client_options.api_endpoint` if provided, use the provided one. - (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the - default mTLS endpoint; if the environment variabel is "never", use the default API - endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise - use the default API endpoint. - - More details can be found at https://google.aip.dev/auth/4114. - - Args: - client_options (google.api_core.client_options.ClientOptions): Custom options for the - client. Only the `api_endpoint` and `client_cert_source` properties may be used - in this method. - - Returns: - Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the - client cert source to use. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If any errors happen. - """ - if client_options is None: - client_options = client_options_lib.ClientOptions() - use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") - use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") - if use_client_cert not in ("true", "false"): - raise ValueError( - "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" - ) - if use_mtls_endpoint not in ("auto", "never", "always"): - raise MutualTLSChannelError( - "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" - ) - - # Figure out the client cert source to use. - client_cert_source = None - if use_client_cert == "true": - if client_options.client_cert_source: - client_cert_source = client_options.client_cert_source - elif mtls.has_default_client_cert_source(): - client_cert_source = mtls.default_client_cert_source() - - # Figure out which api endpoint to use. - if client_options.api_endpoint is not None: - api_endpoint = client_options.api_endpoint - elif use_mtls_endpoint == "always" or ( - use_mtls_endpoint == "auto" and client_cert_source - ): - api_endpoint = cls.DEFAULT_MTLS_ENDPOINT - else: - api_endpoint = cls.DEFAULT_ENDPOINT - - return api_endpoint, client_cert_source - - def __init__( - self, - *, - credentials: Optional[ga_credentials.Credentials] = None, - transport: Union[str, AssetServiceTransport, None] = None, - client_options: Optional[client_options_lib.ClientOptions] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the asset service client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Union[str, AssetServiceTransport]): The - transport to use. If set to None, a transport is chosen - automatically. - client_options (google.api_core.client_options.ClientOptions): Custom options for the - client. It won't take effect if a ``transport`` instance is provided. - (1) The ``api_endpoint`` property can be used to override the - default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT - environment variable can also be used to override the endpoint: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto switch to the - default mTLS endpoint if client certificate is present, this is - the default value). However, the ``api_endpoint`` property takes - precedence if provided. - (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide client certificate for mutual TLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - """ - if isinstance(client_options, dict): - client_options = client_options_lib.from_dict(client_options) - if client_options is None: - client_options = client_options_lib.ClientOptions() - - api_endpoint, client_cert_source_func = self.get_mtls_endpoint_and_cert_source( - client_options - ) - - api_key_value = getattr(client_options, "api_key", None) - if api_key_value and credentials: - raise ValueError( - "client_options.api_key and credentials are mutually exclusive" - ) - - # Save or instantiate the transport. - # Ordinarily, we provide the transport, but allowing a custom transport - # instance provides an extensibility point for unusual situations. - if isinstance(transport, AssetServiceTransport): - # transport is a AssetServiceTransport instance. - if credentials or client_options.credentials_file or api_key_value: - raise ValueError( - "When providing a transport instance, " - "provide its credentials directly." - ) - if client_options.scopes: - raise ValueError( - "When providing a transport instance, provide its scopes " - "directly." - ) - self._transport = transport - else: - import google.auth._default # type: ignore - - if api_key_value and hasattr( - google.auth._default, "get_api_key_credentials" - ): - credentials = google.auth._default.get_api_key_credentials( - api_key_value - ) - - Transport = type(self).get_transport_class(transport) - self._transport = Transport( - credentials=credentials, - credentials_file=client_options.credentials_file, - host=api_endpoint, - scopes=client_options.scopes, - client_cert_source_for_mtls=client_cert_source_func, - quota_project_id=client_options.quota_project_id, - client_info=client_info, - always_use_jwt_access=True, - api_audience=client_options.api_audience, - ) - - def analyze_iam_policy( - self, - request: Union[asset_service.AnalyzeIamPolicyRequest, dict] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> asset_service.AnalyzeIamPolicyResponse: - r"""Analyzes IAM policies based on the specified request. Returns a - list of - [IamPolicyAnalysisResult][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult] - matching the request. - - .. code-block:: python - - from google.cloud import asset_v1p4beta1 - - def sample_analyze_iam_policy(): - # Create a client - client = asset_v1p4beta1.AssetServiceClient() - - # Initialize request argument(s) - analysis_query = asset_v1p4beta1.IamPolicyAnalysisQuery() - analysis_query.parent = "parent_value" - - request = asset_v1p4beta1.AnalyzeIamPolicyRequest( - analysis_query=analysis_query, - ) - - # Make the request - response = client.analyze_iam_policy(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.asset_v1p4beta1.types.AnalyzeIamPolicyRequest, dict]): - The request object. A request message for - [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1p4beta1.AssetService.AnalyzeIamPolicy]. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.cloud.asset_v1p4beta1.types.AnalyzeIamPolicyResponse: - A response message for - [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1p4beta1.AssetService.AnalyzeIamPolicy]. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a asset_service.AnalyzeIamPolicyRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, asset_service.AnalyzeIamPolicyRequest): - request = asset_service.AnalyzeIamPolicyRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.analyze_iam_policy] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("analysis_query.parent", request.analysis_query.parent),) - ), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def export_iam_policy_analysis( - self, - request: Union[asset_service.ExportIamPolicyAnalysisRequest, dict] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: float = None, - metadata: Sequence[Tuple[str, str]] = (), - ) -> operation.Operation: - r"""Exports IAM policy analysis based on the specified request. This - API implements the - [google.longrunning.Operation][google.longrunning.Operation] API - allowing you to keep track of the export. The metadata contains - the request to help callers to map responses to requests. - - .. code-block:: python - - from google.cloud import asset_v1p4beta1 - - def sample_export_iam_policy_analysis(): - # Create a client - client = asset_v1p4beta1.AssetServiceClient() - - # Initialize request argument(s) - analysis_query = asset_v1p4beta1.IamPolicyAnalysisQuery() - analysis_query.parent = "parent_value" - - output_config = asset_v1p4beta1.IamPolicyAnalysisOutputConfig() - output_config.gcs_destination.uri = "uri_value" - - request = asset_v1p4beta1.ExportIamPolicyAnalysisRequest( - analysis_query=analysis_query, - output_config=output_config, - ) - - # Make the request - operation = client.export_iam_policy_analysis(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.asset_v1p4beta1.types.ExportIamPolicyAnalysisRequest, dict]): - The request object. A request message for - [AssetService.ExportIamPolicyAnalysis][google.cloud.asset.v1p4beta1.AssetService.ExportIamPolicyAnalysis]. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, str]]): Strings which should be - sent along with the request as metadata. - - Returns: - google.api_core.operation.Operation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.asset_v1p4beta1.types.ExportIamPolicyAnalysisResponse` The export IAM policy analysis response. This message is returned by the - [google.longrunning.Operations.GetOperation][] method - in the returned - [google.longrunning.Operation.response][] field. - - """ - # Create or coerce a protobuf request object. - # Minor optimization to avoid making a copy if the user passes - # in a asset_service.ExportIamPolicyAnalysisRequest. - # There's no risk of modifying the input as we've already verified - # there are no flattened fields. - if not isinstance(request, asset_service.ExportIamPolicyAnalysisRequest): - request = asset_service.ExportIamPolicyAnalysisRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[ - self._transport.export_iam_policy_analysis - ] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("analysis_query.parent", request.analysis_query.parent),) - ), - ) - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation.from_gapic( - response, - self._transport.operations_client, - asset_service.ExportIamPolicyAnalysisResponse, - metadata_type=asset_service.ExportIamPolicyAnalysisRequest, - ) - - # Done; return the response. - return response - - def __enter__(self): - return self - - def __exit__(self, type, value, traceback): - """Releases underlying transport's resources. - - .. warning:: - ONLY use as a context manager if the transport is NOT shared - with other clients! Exiting the with block will CLOSE the transport - and may cause errors in other clients! - """ - self.transport.close() - - -DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=package_version.__version__ -) - - -__all__ = ("AssetServiceClient",) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/__init__.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/__init__.py deleted file mode 100644 index 668a6a850527..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/__init__.py +++ /dev/null @@ -1,32 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -from typing import Dict, Type - -from .base import AssetServiceTransport -from .grpc import AssetServiceGrpcTransport -from .grpc_asyncio import AssetServiceGrpcAsyncIOTransport - -# Compile a registry of transports. -_transport_registry = OrderedDict() # type: Dict[str, Type[AssetServiceTransport]] -_transport_registry["grpc"] = AssetServiceGrpcTransport -_transport_registry["grpc_asyncio"] = AssetServiceGrpcAsyncIOTransport - -__all__ = ( - "AssetServiceTransport", - "AssetServiceGrpcTransport", - "AssetServiceGrpcAsyncIOTransport", -) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/base.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/base.py deleted file mode 100644 index aa600a1c2156..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/base.py +++ /dev/null @@ -1,187 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import abc -from typing import Awaitable, Callable, Dict, Optional, Sequence, Union - -import google.api_core -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1, operations_v1 -from google.api_core import retry as retries -import google.auth # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.longrunning import operations_pb2 # type: ignore -from google.oauth2 import service_account # type: ignore - -from google.cloud.asset_v1p4beta1 import gapic_version as package_version -from google.cloud.asset_v1p4beta1.types import asset_service - -DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=package_version.__version__ -) - - -class AssetServiceTransport(abc.ABC): - """Abstract transport class for AssetService.""" - - AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",) - - DEFAULT_HOST: str = "cloudasset.googleapis.com" - - def __init__( - self, - *, - host: str = DEFAULT_HOST, - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - api_audience: Optional[str] = None, - **kwargs, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A list of scopes. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - """ - - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} - - # Save the scopes. - self._scopes = scopes - - # If no credentials are provided, then determine the appropriate - # defaults. - if credentials and credentials_file: - raise core_exceptions.DuplicateCredentialArgs( - "'credentials_file' and 'credentials' are mutually exclusive" - ) - - if credentials_file is not None: - credentials, _ = google.auth.load_credentials_from_file( - credentials_file, **scopes_kwargs, quota_project_id=quota_project_id - ) - elif credentials is None: - credentials, _ = google.auth.default( - **scopes_kwargs, quota_project_id=quota_project_id - ) - # Don't apply audience if the credentials file passed from user. - if hasattr(credentials, "with_gdch_audience"): - credentials = credentials.with_gdch_audience( - api_audience if api_audience else host - ) - - # If the credentials are service account credentials, then always try to use self signed JWT. - if ( - always_use_jwt_access - and isinstance(credentials, service_account.Credentials) - and hasattr(service_account.Credentials, "with_always_use_jwt_access") - ): - credentials = credentials.with_always_use_jwt_access(True) - - # Save the credentials. - self._credentials = credentials - - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ":" not in host: - host += ":443" - self._host = host - - def _prep_wrapped_messages(self, client_info): - # Precompute the wrapped methods. - self._wrapped_methods = { - self.analyze_iam_policy: gapic_v1.method.wrap_method( - self.analyze_iam_policy, - default_retry=retries.Retry( - initial=0.1, - maximum=60.0, - multiplier=1.3, - predicate=retries.if_exception_type( - core_exceptions.ServiceUnavailable, - ), - deadline=300.0, - ), - default_timeout=300.0, - client_info=client_info, - ), - self.export_iam_policy_analysis: gapic_v1.method.wrap_method( - self.export_iam_policy_analysis, - default_timeout=60.0, - client_info=client_info, - ), - } - - def close(self): - """Closes resources associated with the transport. - - .. warning:: - Only call this method if the transport is NOT shared - with other clients - this may cause errors in other clients! - """ - raise NotImplementedError() - - @property - def operations_client(self): - """Return the client designed to process long-running operations.""" - raise NotImplementedError() - - @property - def analyze_iam_policy( - self, - ) -> Callable[ - [asset_service.AnalyzeIamPolicyRequest], - Union[ - asset_service.AnalyzeIamPolicyResponse, - Awaitable[asset_service.AnalyzeIamPolicyResponse], - ], - ]: - raise NotImplementedError() - - @property - def export_iam_policy_analysis( - self, - ) -> Callable[ - [asset_service.ExportIamPolicyAnalysisRequest], - Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], - ]: - raise NotImplementedError() - - @property - def kind(self) -> str: - raise NotImplementedError() - - -__all__ = ("AssetServiceTransport",) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc.py deleted file mode 100644 index f309c50cde1d..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc.py +++ /dev/null @@ -1,318 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from typing import Callable, Dict, Optional, Sequence, Tuple, Union -import warnings - -from google.api_core import gapic_v1, grpc_helpers, operations_v1 -import google.auth # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.longrunning import operations_pb2 # type: ignore -import grpc # type: ignore - -from google.cloud.asset_v1p4beta1.types import asset_service - -from .base import DEFAULT_CLIENT_INFO, AssetServiceTransport - - -class AssetServiceGrpcTransport(AssetServiceTransport): - """gRPC backend transport for AssetService. - - Asset service definition. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - - _stubs: Dict[str, Callable] - - def __init__( - self, - *, - host: str = "cloudasset.googleapis.com", - credentials: ga_credentials.Credentials = None, - credentials_file: str = None, - scopes: Sequence[str] = None, - channel: grpc.Channel = None, - api_mtls_endpoint: str = None, - client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, - ssl_channel_credentials: grpc.ChannelCredentials = None, - client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - api_audience: Optional[str] = None, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if ``channel`` is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional(Sequence[str])): A list of scopes. This argument is - ignored if ``channel`` is provided. - channel (Optional[grpc.Channel]): A ``Channel`` instance through - which to make calls. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if ``channel`` is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if ``channel`` or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - self._operations_client: Optional[operations_v1.OperationsClient] = None - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if channel: - # Ignore credentials if a channel was passed. - credentials = False - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - api_audience=api_audience, - ) - - if not self._grpc_channel: - self._grpc_channel = type(self).create_channel( - self._host, - # use the credentials which are saved - credentials=self._credentials, - # Set ``credentials_file`` to ``None`` here as - # the credentials that we saved earlier should be used. - credentials_file=None, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Wrap messages. This must be done after self._grpc_channel exists - self._prep_wrapped_messages(client_info) - - @classmethod - def create_channel( - cls, - host: str = "cloudasset.googleapis.com", - credentials: ga_credentials.Credentials = None, - credentials_file: str = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs, - ) -> grpc.Channel: - """Create and return a gRPC channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - grpc.Channel: A gRPC channel object. - - Raises: - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - - return grpc_helpers.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs, - ) - - @property - def grpc_channel(self) -> grpc.Channel: - """Return the channel designed to connect to this service.""" - return self._grpc_channel - - @property - def operations_client(self) -> operations_v1.OperationsClient: - """Create the client designed to process long-running operations. - - This property caches on the instance; repeated calls return the same - client. - """ - # Quick check: Only create a new client if we do not already have one. - if self._operations_client is None: - self._operations_client = operations_v1.OperationsClient(self.grpc_channel) - - # Return the client from cache. - return self._operations_client - - @property - def analyze_iam_policy( - self, - ) -> Callable[ - [asset_service.AnalyzeIamPolicyRequest], asset_service.AnalyzeIamPolicyResponse - ]: - r"""Return a callable for the analyze iam policy method over gRPC. - - Analyzes IAM policies based on the specified request. Returns a - list of - [IamPolicyAnalysisResult][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult] - matching the request. - - Returns: - Callable[[~.AnalyzeIamPolicyRequest], - ~.AnalyzeIamPolicyResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "analyze_iam_policy" not in self._stubs: - self._stubs["analyze_iam_policy"] = self.grpc_channel.unary_unary( - "/google.cloud.asset.v1p4beta1.AssetService/AnalyzeIamPolicy", - request_serializer=asset_service.AnalyzeIamPolicyRequest.serialize, - response_deserializer=asset_service.AnalyzeIamPolicyResponse.deserialize, - ) - return self._stubs["analyze_iam_policy"] - - @property - def export_iam_policy_analysis( - self, - ) -> Callable[ - [asset_service.ExportIamPolicyAnalysisRequest], operations_pb2.Operation - ]: - r"""Return a callable for the export iam policy analysis method over gRPC. - - Exports IAM policy analysis based on the specified request. This - API implements the - [google.longrunning.Operation][google.longrunning.Operation] API - allowing you to keep track of the export. The metadata contains - the request to help callers to map responses to requests. - - Returns: - Callable[[~.ExportIamPolicyAnalysisRequest], - ~.Operation]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "export_iam_policy_analysis" not in self._stubs: - self._stubs["export_iam_policy_analysis"] = self.grpc_channel.unary_unary( - "/google.cloud.asset.v1p4beta1.AssetService/ExportIamPolicyAnalysis", - request_serializer=asset_service.ExportIamPolicyAnalysisRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs["export_iam_policy_analysis"] - - def close(self): - self.grpc_channel.close() - - @property - def kind(self) -> str: - return "grpc" - - -__all__ = ("AssetServiceGrpcTransport",) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc_asyncio.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc_asyncio.py deleted file mode 100644 index efe26166862b..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/services/asset_service/transports/grpc_asyncio.py +++ /dev/null @@ -1,321 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union -import warnings - -from google.api_core import gapic_v1, grpc_helpers_async, operations_v1 -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.longrunning import operations_pb2 # type: ignore -import grpc # type: ignore -from grpc.experimental import aio # type: ignore - -from google.cloud.asset_v1p4beta1.types import asset_service - -from .base import DEFAULT_CLIENT_INFO, AssetServiceTransport -from .grpc import AssetServiceGrpcTransport - - -class AssetServiceGrpcAsyncIOTransport(AssetServiceTransport): - """gRPC AsyncIO backend transport for AssetService. - - Asset service definition. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - - _grpc_channel: aio.Channel - _stubs: Dict[str, Callable] = {} - - @classmethod - def create_channel( - cls, - host: str = "cloudasset.googleapis.com", - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs, - ) -> aio.Channel: - """Create and return a gRPC AsyncIO channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - aio.Channel: A gRPC AsyncIO channel object. - """ - - return grpc_helpers_async.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs, - ) - - def __init__( - self, - *, - host: str = "cloudasset.googleapis.com", - credentials: ga_credentials.Credentials = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - channel: aio.Channel = None, - api_mtls_endpoint: str = None, - client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, - ssl_channel_credentials: grpc.ChannelCredentials = None, - client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None, - quota_project_id=None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - api_audience: Optional[str] = None, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to. - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if ``channel`` is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - channel (Optional[aio.Channel]): A ``Channel`` instance through - which to make calls. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if ``channel`` is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if ``channel`` or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - self._operations_client: Optional[operations_v1.OperationsAsyncClient] = None - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if channel: - # Ignore credentials if a channel was passed. - credentials = False - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - api_audience=api_audience, - ) - - if not self._grpc_channel: - self._grpc_channel = type(self).create_channel( - self._host, - # use the credentials which are saved - credentials=self._credentials, - # Set ``credentials_file`` to ``None`` here as - # the credentials that we saved earlier should be used. - credentials_file=None, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Wrap messages. This must be done after self._grpc_channel exists - self._prep_wrapped_messages(client_info) - - @property - def grpc_channel(self) -> aio.Channel: - """Create the channel designed to connect to this service. - - This property caches on the instance; repeated calls return - the same channel. - """ - # Return the channel from cache. - return self._grpc_channel - - @property - def operations_client(self) -> operations_v1.OperationsAsyncClient: - """Create the client designed to process long-running operations. - - This property caches on the instance; repeated calls return the same - client. - """ - # Quick check: Only create a new client if we do not already have one. - if self._operations_client is None: - self._operations_client = operations_v1.OperationsAsyncClient( - self.grpc_channel - ) - - # Return the client from cache. - return self._operations_client - - @property - def analyze_iam_policy( - self, - ) -> Callable[ - [asset_service.AnalyzeIamPolicyRequest], - Awaitable[asset_service.AnalyzeIamPolicyResponse], - ]: - r"""Return a callable for the analyze iam policy method over gRPC. - - Analyzes IAM policies based on the specified request. Returns a - list of - [IamPolicyAnalysisResult][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult] - matching the request. - - Returns: - Callable[[~.AnalyzeIamPolicyRequest], - Awaitable[~.AnalyzeIamPolicyResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "analyze_iam_policy" not in self._stubs: - self._stubs["analyze_iam_policy"] = self.grpc_channel.unary_unary( - "/google.cloud.asset.v1p4beta1.AssetService/AnalyzeIamPolicy", - request_serializer=asset_service.AnalyzeIamPolicyRequest.serialize, - response_deserializer=asset_service.AnalyzeIamPolicyResponse.deserialize, - ) - return self._stubs["analyze_iam_policy"] - - @property - def export_iam_policy_analysis( - self, - ) -> Callable[ - [asset_service.ExportIamPolicyAnalysisRequest], - Awaitable[operations_pb2.Operation], - ]: - r"""Return a callable for the export iam policy analysis method over gRPC. - - Exports IAM policy analysis based on the specified request. This - API implements the - [google.longrunning.Operation][google.longrunning.Operation] API - allowing you to keep track of the export. The metadata contains - the request to help callers to map responses to requests. - - Returns: - Callable[[~.ExportIamPolicyAnalysisRequest], - Awaitable[~.Operation]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "export_iam_policy_analysis" not in self._stubs: - self._stubs["export_iam_policy_analysis"] = self.grpc_channel.unary_unary( - "/google.cloud.asset.v1p4beta1.AssetService/ExportIamPolicyAnalysis", - request_serializer=asset_service.ExportIamPolicyAnalysisRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs["export_iam_policy_analysis"] - - def close(self): - return self.grpc_channel.close() - - -__all__ = ("AssetServiceGrpcAsyncIOTransport",) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/__init__.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/__init__.py deleted file mode 100644 index 7e854ed092f4..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/__init__.py +++ /dev/null @@ -1,34 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from .asset_service import ( - AnalyzeIamPolicyRequest, - AnalyzeIamPolicyResponse, - ExportIamPolicyAnalysisRequest, - ExportIamPolicyAnalysisResponse, - IamPolicyAnalysisOutputConfig, - IamPolicyAnalysisQuery, -) -from .assets import IamPolicyAnalysisResult - -__all__ = ( - "AnalyzeIamPolicyRequest", - "AnalyzeIamPolicyResponse", - "ExportIamPolicyAnalysisRequest", - "ExportIamPolicyAnalysisResponse", - "IamPolicyAnalysisOutputConfig", - "IamPolicyAnalysisQuery", - "IamPolicyAnalysisResult", -) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/asset_service.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/asset_service.py deleted file mode 100644 index 77c35bbcadb0..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/asset_service.py +++ /dev/null @@ -1,543 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from google.protobuf import duration_pb2 # type: ignore -import proto # type: ignore - -from google.cloud.asset_v1p4beta1.types import assets - -__protobuf__ = proto.module( - package="google.cloud.asset.v1p4beta1", - manifest={ - "IamPolicyAnalysisQuery", - "AnalyzeIamPolicyRequest", - "AnalyzeIamPolicyResponse", - "IamPolicyAnalysisOutputConfig", - "ExportIamPolicyAnalysisRequest", - "ExportIamPolicyAnalysisResponse", - }, -) - - -class IamPolicyAnalysisQuery(proto.Message): - r"""IAM policy analysis query message. - - Attributes: - parent (str): - Required. The relative name of the root - asset. Only resources and IAM policies within - the parent will be analyzed. This can only be an - organization number (such as - "organizations/123") or a folder number (such as - "folders/123"). - resource_selector (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisQuery.ResourceSelector): - Optional. Specifies a resource for analysis. - Leaving it empty means ANY. - identity_selector (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisQuery.IdentitySelector): - Optional. Specifies an identity for analysis. - Leaving it empty means ANY. - access_selector (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisQuery.AccessSelector): - Optional. Specifies roles or permissions for - analysis. Leaving it empty means ANY. - """ - - class ResourceSelector(proto.Message): - r"""Specifies the resource to analyze for access policies, which may be - set directly on the resource, or on ancestors such as organizations, - folders or projects. At least one of - [ResourceSelector][google.cloud.asset.v1p4beta1.IamPolicyAnalysisQuery.ResourceSelector], - [IdentitySelector][google.cloud.asset.v1p4beta1.IamPolicyAnalysisQuery.IdentitySelector] - or - [AccessSelector][google.cloud.asset.v1p4beta1.IamPolicyAnalysisQuery.AccessSelector] - must be specified in a request. - - Attributes: - full_resource_name (str): - Required. The `full resource - name `__ - . - """ - - full_resource_name = proto.Field( - proto.STRING, - number=1, - ) - - class IdentitySelector(proto.Message): - r"""Specifies an identity for which to determine resource access, - based on roles assigned either directly to them or to the groups - they belong to, directly or indirectly. - - Attributes: - identity (str): - Required. The identity appear in the form of members in `IAM - policy - binding `__. - """ - - identity = proto.Field( - proto.STRING, - number=1, - ) - - class AccessSelector(proto.Message): - r"""Specifies roles and/or permissions to analyze, to determine - both the identities possessing them and the resources they - control. If multiple values are specified, results will include - identities and resources matching any of them. - - Attributes: - roles (Sequence[str]): - Optional. The roles to appear in result. - permissions (Sequence[str]): - Optional. The permissions to appear in - result. - """ - - roles = proto.RepeatedField( - proto.STRING, - number=1, - ) - permissions = proto.RepeatedField( - proto.STRING, - number=2, - ) - - parent = proto.Field( - proto.STRING, - number=1, - ) - resource_selector = proto.Field( - proto.MESSAGE, - number=2, - message=ResourceSelector, - ) - identity_selector = proto.Field( - proto.MESSAGE, - number=3, - message=IdentitySelector, - ) - access_selector = proto.Field( - proto.MESSAGE, - number=4, - message=AccessSelector, - ) - - -class AnalyzeIamPolicyRequest(proto.Message): - r"""A request message for - [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1p4beta1.AssetService.AnalyzeIamPolicy]. - - Attributes: - analysis_query (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisQuery): - Required. The request query. - options (google.cloud.asset_v1p4beta1.types.AnalyzeIamPolicyRequest.Options): - Optional. The request options. - """ - - class Options(proto.Message): - r"""Contains request options. - - Attributes: - expand_groups (bool): - Optional. If true, the identities section of the result will - expand any Google groups appearing in an IAM policy binding. - - If [identity_selector][] is specified, the identity in the - result will be determined by the selector, and this flag - will have no effect. - - Default is false. - expand_roles (bool): - Optional. If true, the access section of result will expand - any roles appearing in IAM policy bindings to include their - permissions. - - If [access_selector][] is specified, the access section of - the result will be determined by the selector, and this flag - will have no effect. - - Default is false. - expand_resources (bool): - Optional. If true, the resource section of the result will - expand any resource attached to an IAM policy to include - resources lower in the resource hierarchy. - - For example, if the request analyzes for which resources - user A has permission P, and the results include an IAM - policy with P on a GCP folder, the results will also include - resources in that folder with permission P. - - If [resource_selector][] is specified, the resource section - of the result will be determined by the selector, and this - flag will have no effect. Default is false. - output_resource_edges (bool): - Optional. If true, the result will output - resource edges, starting from the policy - attached resource, to any expanded resources. - Default is false. - output_group_edges (bool): - Optional. If true, the result will output - group identity edges, starting from the - binding's group members, to any expanded - identities. Default is false. - analyze_service_account_impersonation (bool): - Optional. If true, the response will include access analysis - from identities to resources via service account - impersonation. This is a very expensive operation, because - many derived queries will be executed. We highly recommend - you use ExportIamPolicyAnalysis rpc instead. - - For example, if the request analyzes for which resources - user A has permission P, and there's an IAM policy states - user A has iam.serviceAccounts.getAccessToken permission to - a service account SA, and there's another IAM policy states - service account SA has permission P to a GCP folder F, then - user A potentially has access to the GCP folder F. And those - advanced analysis results will be included in - [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1p4beta1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. - - Another example, if the request analyzes for who has - permission P to a GCP folder F, and there's an IAM policy - states user A has iam.serviceAccounts.actAs permission to a - service account SA, and there's another IAM policy states - service account SA has permission P to the GCP folder F, - then user A potentially has access to the GCP folder F. And - those advanced analysis results will be included in - [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1p4beta1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. - - Default is false. - execution_timeout (google.protobuf.duration_pb2.Duration): - Optional. Amount of time executable has to complete. See - JSON representation of - `Duration `__. - - If this field is set with a value less than the RPC - deadline, and the execution of your query hasn't finished in - the specified execution timeout, you will get a response - with partial result. Otherwise, your query's execution will - continue until the RPC deadline. If it's not finished until - then, you will get a DEADLINE_EXCEEDED error. - - Default is empty. - """ - - expand_groups = proto.Field( - proto.BOOL, - number=1, - ) - expand_roles = proto.Field( - proto.BOOL, - number=2, - ) - expand_resources = proto.Field( - proto.BOOL, - number=3, - ) - output_resource_edges = proto.Field( - proto.BOOL, - number=4, - ) - output_group_edges = proto.Field( - proto.BOOL, - number=5, - ) - analyze_service_account_impersonation = proto.Field( - proto.BOOL, - number=6, - ) - execution_timeout = proto.Field( - proto.MESSAGE, - number=7, - message=duration_pb2.Duration, - ) - - analysis_query = proto.Field( - proto.MESSAGE, - number=1, - message="IamPolicyAnalysisQuery", - ) - options = proto.Field( - proto.MESSAGE, - number=2, - message=Options, - ) - - -class AnalyzeIamPolicyResponse(proto.Message): - r"""A response message for - [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1p4beta1.AssetService.AnalyzeIamPolicy]. - - Attributes: - main_analysis (google.cloud.asset_v1p4beta1.types.AnalyzeIamPolicyResponse.IamPolicyAnalysis): - The main analysis that matches the original - request. - service_account_impersonation_analysis (Sequence[google.cloud.asset_v1p4beta1.types.AnalyzeIamPolicyResponse.IamPolicyAnalysis]): - The service account impersonation analysis if - [AnalyzeIamPolicyRequest.analyze_service_account_impersonation][] - is enabled. - fully_explored (bool): - Represents whether all entries in the - [main_analysis][google.cloud.asset.v1p4beta1.AnalyzeIamPolicyResponse.main_analysis] - and - [service_account_impersonation_analysis][google.cloud.asset.v1p4beta1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis] - have been fully explored to answer the query in the request. - non_critical_errors (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.AnalysisState]): - A list of non-critical errors happened during the request - handling to explain why ``fully_explored`` is false, or - empty if no error happened. - """ - - class IamPolicyAnalysis(proto.Message): - r"""An analysis message to group the query and results. - - Attributes: - analysis_query (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisQuery): - The analysis query. - analysis_results (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult]): - A list of - [IamPolicyAnalysisResult][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult] - that matches the analysis query, or empty if no result is - found. - fully_explored (bool): - Represents whether all entries in the - [analysis_results][google.cloud.asset.v1p4beta1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.analysis_results] - have been fully explored to answer the query. - """ - - analysis_query = proto.Field( - proto.MESSAGE, - number=1, - message="IamPolicyAnalysisQuery", - ) - analysis_results = proto.RepeatedField( - proto.MESSAGE, - number=2, - message=assets.IamPolicyAnalysisResult, - ) - fully_explored = proto.Field( - proto.BOOL, - number=3, - ) - - main_analysis = proto.Field( - proto.MESSAGE, - number=1, - message=IamPolicyAnalysis, - ) - service_account_impersonation_analysis = proto.RepeatedField( - proto.MESSAGE, - number=2, - message=IamPolicyAnalysis, - ) - fully_explored = proto.Field( - proto.BOOL, - number=3, - ) - non_critical_errors = proto.RepeatedField( - proto.MESSAGE, - number=4, - message=assets.IamPolicyAnalysisResult.AnalysisState, - ) - - -class IamPolicyAnalysisOutputConfig(proto.Message): - r"""Output configuration for export IAM policy analysis - destination. - - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - gcs_destination (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisOutputConfig.GcsDestination): - Destination on Cloud Storage. - - This field is a member of `oneof`_ ``destination``. - """ - - class GcsDestination(proto.Message): - r"""A Cloud Storage location. - - Attributes: - uri (str): - Required. The uri of the Cloud Storage object. It's the same - uri that is used by gsutil. For example: - "gs://bucket_name/object_name". See `Viewing and Editing - Object - Metadata `__ - for more information. - """ - - uri = proto.Field( - proto.STRING, - number=1, - ) - - gcs_destination = proto.Field( - proto.MESSAGE, - number=1, - oneof="destination", - message=GcsDestination, - ) - - -class ExportIamPolicyAnalysisRequest(proto.Message): - r"""A request message for - [AssetService.ExportIamPolicyAnalysis][google.cloud.asset.v1p4beta1.AssetService.ExportIamPolicyAnalysis]. - - Attributes: - analysis_query (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisQuery): - Required. The request query. - options (google.cloud.asset_v1p4beta1.types.ExportIamPolicyAnalysisRequest.Options): - Optional. The request options. - output_config (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisOutputConfig): - Required. Output configuration indicating - where the results will be output to. - """ - - class Options(proto.Message): - r"""Contains request options. - - Attributes: - expand_groups (bool): - Optional. If true, the identities section of the result will - expand any Google groups appearing in an IAM policy binding. - - If [identity_selector][] is specified, the identity in the - result will be determined by the selector, and this flag - will have no effect. - - Default is false. - expand_roles (bool): - Optional. If true, the access section of result will expand - any roles appearing in IAM policy bindings to include their - permissions. - - If [access_selector][] is specified, the access section of - the result will be determined by the selector, and this flag - will have no effect. - - Default is false. - expand_resources (bool): - Optional. If true, the resource section of the result will - expand any resource attached to an IAM policy to include - resources lower in the resource hierarchy. - - For example, if the request analyzes for which resources - user A has permission P, and the results include an IAM - policy with P on a GCP folder, the results will also include - resources in that folder with permission P. - - If [resource_selector][] is specified, the resource section - of the result will be determined by the selector, and this - flag will have no effect. Default is false. - output_resource_edges (bool): - Optional. If true, the result will output - resource edges, starting from the policy - attached resource, to any expanded resources. - Default is false. - output_group_edges (bool): - Optional. If true, the result will output - group identity edges, starting from the - binding's group members, to any expanded - identities. Default is false. - analyze_service_account_impersonation (bool): - Optional. If true, the response will include access analysis - from identities to resources via service account - impersonation. This is a very expensive operation, because - many derived queries will be executed. - - For example, if the request analyzes for which resources - user A has permission P, and there's an IAM policy states - user A has iam.serviceAccounts.getAccessToken permission to - a service account SA, and there's another IAM policy states - service account SA has permission P to a GCP folder F, then - user A potentially has access to the GCP folder F. And those - advanced analysis results will be included in - [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1p4beta1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. - - Another example, if the request analyzes for who has - permission P to a GCP folder F, and there's an IAM policy - states user A has iam.serviceAccounts.actAs permission to a - service account SA, and there's another IAM policy states - service account SA has permission P to the GCP folder F, - then user A potentially has access to the GCP folder F. And - those advanced analysis results will be included in - [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1p4beta1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. - - Default is false. - """ - - expand_groups = proto.Field( - proto.BOOL, - number=1, - ) - expand_roles = proto.Field( - proto.BOOL, - number=2, - ) - expand_resources = proto.Field( - proto.BOOL, - number=3, - ) - output_resource_edges = proto.Field( - proto.BOOL, - number=4, - ) - output_group_edges = proto.Field( - proto.BOOL, - number=5, - ) - analyze_service_account_impersonation = proto.Field( - proto.BOOL, - number=6, - ) - - analysis_query = proto.Field( - proto.MESSAGE, - number=1, - message="IamPolicyAnalysisQuery", - ) - options = proto.Field( - proto.MESSAGE, - number=2, - message=Options, - ) - output_config = proto.Field( - proto.MESSAGE, - number=3, - message="IamPolicyAnalysisOutputConfig", - ) - - -class ExportIamPolicyAnalysisResponse(proto.Message): - r"""The export IAM policy analysis response. This message is returned by - the [google.longrunning.Operations.GetOperation][] method in the - returned [google.longrunning.Operation.response][] field. - - Attributes: - output_config (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisOutputConfig): - Output configuration indicating where the - results were output to. - """ - - output_config = proto.Field( - proto.MESSAGE, - number=1, - message="IamPolicyAnalysisOutputConfig", - ) - - -__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/assets.py b/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/assets.py deleted file mode 100644 index 97f7e6b827b9..000000000000 --- a/packages/google-cloud-asset/google/cloud/asset_v1p4beta1/types/assets.py +++ /dev/null @@ -1,316 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from google.iam.v1 import policy_pb2 # type: ignore -from google.rpc import code_pb2 # type: ignore -import proto # type: ignore - -__protobuf__ = proto.module( - package="google.cloud.asset.v1p4beta1", - manifest={ - "IamPolicyAnalysisResult", - }, -) - - -class IamPolicyAnalysisResult(proto.Message): - r"""IAM Policy analysis result, consisting of one IAM policy - binding and derived access control lists. - - Attributes: - attached_resource_full_name (str): - The full name of the resource to which the - [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] - policy attaches. - iam_binding (google.iam.v1.policy_pb2.Binding): - The Cloud IAM policy binding under analysis. - access_control_lists (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.AccessControlList]): - The access control lists derived from the - [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] - that match or potentially match resource and access - selectors specified in the request. - identity_list (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.IdentityList): - The identity list derived from members of the - [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] - that match or potentially match identity selector specified - in the request. - fully_explored (bool): - Represents whether all nodes in the transitive closure of - the - [iam_binding][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.iam_binding] - node have been explored. - """ - - class AnalysisState(proto.Message): - r"""Represents analysis state of each node in the result graph or - non-critical errors in the response. - - Attributes: - code (google.rpc.code_pb2.Code): - The Google standard error code that best describes the - state. For example: - - - OK means the node has been successfully explored; - - PERMISSION_DENIED means an access denied error is - encountered; - - DEADLINE_EXCEEDED means the node hasn't been explored in - time; - cause (str): - The human-readable description of the cause - of failure. - """ - - code = proto.Field( - proto.ENUM, - number=1, - enum=code_pb2.Code, - ) - cause = proto.Field( - proto.STRING, - number=2, - ) - - class Resource(proto.Message): - r"""A GCP resource that appears in an access control list. - - Attributes: - full_resource_name (str): - The `full resource - name `__. - analysis_state (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.AnalysisState): - The analysis state of this resource node. - """ - - full_resource_name = proto.Field( - proto.STRING, - number=1, - ) - analysis_state = proto.Field( - proto.MESSAGE, - number=2, - message="IamPolicyAnalysisResult.AnalysisState", - ) - - class Access(proto.Message): - r"""A role or permission that appears in an access control list. - - This message has `oneof`_ fields (mutually exclusive fields). - For each oneof, at most one member field can be set at the same time. - Setting any member of the oneof automatically clears all other - members. - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - role (str): - The role. - - This field is a member of `oneof`_ ``oneof_access``. - permission (str): - The permission. - - This field is a member of `oneof`_ ``oneof_access``. - analysis_state (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.AnalysisState): - The analysis state of this access node. - """ - - role = proto.Field( - proto.STRING, - number=1, - oneof="oneof_access", - ) - permission = proto.Field( - proto.STRING, - number=2, - oneof="oneof_access", - ) - analysis_state = proto.Field( - proto.MESSAGE, - number=3, - message="IamPolicyAnalysisResult.AnalysisState", - ) - - class Edge(proto.Message): - r"""A directional edge. - - Attributes: - source_node (str): - The source node of the edge. - target_node (str): - The target node of the edge. - """ - - source_node = proto.Field( - proto.STRING, - number=1, - ) - target_node = proto.Field( - proto.STRING, - number=2, - ) - - class Identity(proto.Message): - r"""An identity that appears in an access control list. - - Attributes: - name (str): - The identity name in any form of members appear in `IAM - policy - binding `__, - such as: - - - user:foo@google.com - - group:group1@google.com - - serviceAccount:s1@prj1.iam.gserviceaccount.com - - projectOwner:some_project_id - - domain:google.com - - allUsers - - etc. - analysis_state (google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.AnalysisState): - The analysis state of this identity node. - """ - - name = proto.Field( - proto.STRING, - number=1, - ) - analysis_state = proto.Field( - proto.MESSAGE, - number=2, - message="IamPolicyAnalysisResult.AnalysisState", - ) - - class AccessControlList(proto.Message): - r"""An access control list, derived from the above IAM policy binding, - which contains a set of resources and accesses. May include one item - from each set to compose an access control entry. - - NOTICE that there could be multiple access control lists for one IAM - policy binding. The access control lists are created based on - resource and access combinations. - - For example, assume we have the following cases in one IAM policy - binding: - - - Permission P1 and P2 apply to resource R1 and R2; - - Permission P3 applies to resource R2 and R3; - - This will result in the following access control lists: - - - AccessControlList 1: [R1, R2], [P1, P2] - - AccessControlList 2: [R2, R3], [P3] - - Attributes: - resources (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.Resource]): - The resources that match one of the following conditions: - - - The resource_selector, if it is specified in request; - - Otherwise, resources reachable from the policy attached - resource. - accesses (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.Access]): - The accesses that match one of the following conditions: - - - The access_selector, if it is specified in request; - - Otherwise, access specifiers reachable from the policy - binding's role. - resource_edges (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.Edge]): - Resource edges of the graph starting from the policy - attached resource to any descendant resources. The - [Edge.source_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.source_node] - contains the full resource name of a parent resource and - [Edge.target_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.target_node] - contains the full resource name of a child resource. This - field is present only if the output_resource_edges option is - enabled in request. - """ - - resources = proto.RepeatedField( - proto.MESSAGE, - number=1, - message="IamPolicyAnalysisResult.Resource", - ) - accesses = proto.RepeatedField( - proto.MESSAGE, - number=2, - message="IamPolicyAnalysisResult.Access", - ) - resource_edges = proto.RepeatedField( - proto.MESSAGE, - number=3, - message="IamPolicyAnalysisResult.Edge", - ) - - class IdentityList(proto.Message): - r""" - - Attributes: - identities (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.Identity]): - Only the identities that match one of the following - conditions will be presented: - - - The identity_selector, if it is specified in request; - - Otherwise, identities reachable from the policy binding's - members. - group_edges (Sequence[google.cloud.asset_v1p4beta1.types.IamPolicyAnalysisResult.Edge]): - Group identity edges of the graph starting from the - binding's group members to any node of the - [identities][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.IdentityList.identities]. - The - [Edge.source_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.source_node] - contains a group, such as "group:parent@google.com". The - [Edge.target_node][google.cloud.asset.v1p4beta1.IamPolicyAnalysisResult.Edge.target_node] - contains a member of the group, such as - "group:child@google.com" or "user:foo@google.com". This - field is present only if the output_group_edges option is - enabled in request. - """ - - identities = proto.RepeatedField( - proto.MESSAGE, - number=1, - message="IamPolicyAnalysisResult.Identity", - ) - group_edges = proto.RepeatedField( - proto.MESSAGE, - number=2, - message="IamPolicyAnalysisResult.Edge", - ) - - attached_resource_full_name = proto.Field( - proto.STRING, - number=1, - ) - iam_binding = proto.Field( - proto.MESSAGE, - number=2, - message=policy_pb2.Binding, - ) - access_control_lists = proto.RepeatedField( - proto.MESSAGE, - number=3, - message=AccessControlList, - ) - identity_list = proto.Field( - proto.MESSAGE, - number=4, - message=IdentityList, - ) - fully_explored = proto.Field( - proto.BOOL, - number=5, - ) - - -__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-asset/scripts/fixup_asset_v1beta1_keywords.py b/packages/google-cloud-asset/scripts/fixup_asset_v1beta1_keywords.py deleted file mode 100644 index e3bb75109916..000000000000 --- a/packages/google-cloud-asset/scripts/fixup_asset_v1beta1_keywords.py +++ /dev/null @@ -1,180 +0,0 @@ -#! /usr/bin/env python3 -# -*- coding: utf-8 -*- - -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -import argparse -import os -import libcst as cst -import pathlib -import sys -from typing import (Any, Callable, Dict, List, Sequence, Tuple) - - -def partition( - predicate: Callable[[Any], bool], - iterator: Sequence[Any] -) -> Tuple[List[Any], List[Any]]: - """A stable, out-of-place partition.""" - results = ([], []) - - for i in iterator: - results[int(predicate(i))].append(i) - - # Returns trueList, falseList - return results[1], results[0] - - -class assetCallTransformer(cst.CSTTransformer): - CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') - METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'batch_get_assets_history': ('parent', 'asset_names', 'content_type', 'read_time_window', ), - 'export_assets': ('parent', 'output_config', 'read_time', 'asset_types', 'content_type', ), - - } - - def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: - try: - key = original.func.attr.value - kword_params = self.METHOD_TO_PARAMS[key] - except (AttributeError, KeyError): - # Either not a method from the API or too convoluted to be sure. - return updated - - # If the existing code is valid, keyword args come after positional args. - # Therefore, all positional args must map to the first parameters. - args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) - if any(k.keyword.value == "request" for k in kwargs): - # We've already fixed this file, don't fix it again. - return updated - - kwargs, ctrl_kwargs = partition( - lambda a: not a.keyword.value in self.CTRL_PARAMS, - kwargs - ) - - args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] - ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) - for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) - - request_arg = cst.Arg( - value=cst.Dict([ - cst.DictElement( - cst.SimpleString("'{}'".format(name)), - cst.Element(value=arg.value) - ) - # Note: the args + kwargs looks silly, but keep in mind that - # the control parameters had to be stripped out, and that - # those could have been passed positionally or by keyword. - for name, arg in zip(kword_params, args + kwargs)]), - keyword=cst.Name("request") - ) - - return updated.with_changes( - args=[request_arg] + ctrl_kwargs - ) - - -def fix_files( - in_dir: pathlib.Path, - out_dir: pathlib.Path, - *, - transformer=assetCallTransformer(), -): - """Duplicate the input dir to the output dir, fixing file method calls. - - Preconditions: - * in_dir is a real directory - * out_dir is a real, empty directory - """ - pyfile_gen = ( - pathlib.Path(os.path.join(root, f)) - for root, _, files in os.walk(in_dir) - for f in files if os.path.splitext(f)[1] == ".py" - ) - - for fpath in pyfile_gen: - with open(fpath, 'r') as f: - src = f.read() - - # Parse the code and insert method call fixes. - tree = cst.parse_module(src) - updated = tree.visit(transformer) - - # Create the path and directory structure for the new file. - updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) - updated_path.parent.mkdir(parents=True, exist_ok=True) - - # Generate the updated source file at the corresponding path. - with open(updated_path, 'w') as f: - f.write(updated.code) - - -if __name__ == '__main__': - parser = argparse.ArgumentParser( - description="""Fix up source that uses the asset client library. - -The existing sources are NOT overwritten but are copied to output_dir with changes made. - -Note: This tool operates at a best-effort level at converting positional - parameters in client method calls to keyword based parameters. - Cases where it WILL FAIL include - A) * or ** expansion in a method call. - B) Calls via function or method alias (includes free function calls) - C) Indirect or dispatched calls (e.g. the method is looked up dynamically) - - These all constitute false negatives. The tool will also detect false - positives when an API method shares a name with another method. -""") - parser.add_argument( - '-d', - '--input-directory', - required=True, - dest='input_dir', - help='the input directory to walk for python files to fix up', - ) - parser.add_argument( - '-o', - '--output-directory', - required=True, - dest='output_dir', - help='the directory to output files fixed via un-flattening', - ) - args = parser.parse_args() - input_dir = pathlib.Path(args.input_dir) - output_dir = pathlib.Path(args.output_dir) - if not input_dir.is_dir(): - print( - f"input directory '{input_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if not output_dir.is_dir(): - print( - f"output directory '{output_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if os.listdir(output_dir): - print( - f"output directory '{output_dir}' is not empty", - file=sys.stderr, - ) - sys.exit(-1) - - fix_files(input_dir, output_dir) diff --git a/packages/google-cloud-asset/scripts/fixup_asset_v1p4beta1_keywords.py b/packages/google-cloud-asset/scripts/fixup_asset_v1p4beta1_keywords.py deleted file mode 100644 index 8ec156da13c2..000000000000 --- a/packages/google-cloud-asset/scripts/fixup_asset_v1p4beta1_keywords.py +++ /dev/null @@ -1,177 +0,0 @@ -#! /usr/bin/env python3 -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import argparse -import os -import libcst as cst -import pathlib -import sys -from typing import (Any, Callable, Dict, List, Sequence, Tuple) - - -def partition( - predicate: Callable[[Any], bool], - iterator: Sequence[Any] -) -> Tuple[List[Any], List[Any]]: - """A stable, out-of-place partition.""" - results = ([], []) - - for i in iterator: - results[int(predicate(i))].append(i) - - # Returns trueList, falseList - return results[1], results[0] - - -class assetCallTransformer(cst.CSTTransformer): - CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') - METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'analyze_iam_policy': ('analysis_query', 'options', ), - 'export_iam_policy_analysis': ('analysis_query', 'output_config', 'options', ), - } - - def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: - try: - key = original.func.attr.value - kword_params = self.METHOD_TO_PARAMS[key] - except (AttributeError, KeyError): - # Either not a method from the API or too convoluted to be sure. - return updated - - # If the existing code is valid, keyword args come after positional args. - # Therefore, all positional args must map to the first parameters. - args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) - if any(k.keyword.value == "request" for k in kwargs): - # We've already fixed this file, don't fix it again. - return updated - - kwargs, ctrl_kwargs = partition( - lambda a: a.keyword.value not in self.CTRL_PARAMS, - kwargs - ) - - args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] - ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) - for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) - - request_arg = cst.Arg( - value=cst.Dict([ - cst.DictElement( - cst.SimpleString("'{}'".format(name)), -cst.Element(value=arg.value) - ) - # Note: the args + kwargs looks silly, but keep in mind that - # the control parameters had to be stripped out, and that - # those could have been passed positionally or by keyword. - for name, arg in zip(kword_params, args + kwargs)]), - keyword=cst.Name("request") - ) - - return updated.with_changes( - args=[request_arg] + ctrl_kwargs - ) - - -def fix_files( - in_dir: pathlib.Path, - out_dir: pathlib.Path, - *, - transformer=assetCallTransformer(), -): - """Duplicate the input dir to the output dir, fixing file method calls. - - Preconditions: - * in_dir is a real directory - * out_dir is a real, empty directory - """ - pyfile_gen = ( - pathlib.Path(os.path.join(root, f)) - for root, _, files in os.walk(in_dir) - for f in files if os.path.splitext(f)[1] == ".py" - ) - - for fpath in pyfile_gen: - with open(fpath, 'r') as f: - src = f.read() - - # Parse the code and insert method call fixes. - tree = cst.parse_module(src) - updated = tree.visit(transformer) - - # Create the path and directory structure for the new file. - updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) - updated_path.parent.mkdir(parents=True, exist_ok=True) - - # Generate the updated source file at the corresponding path. - with open(updated_path, 'w') as f: - f.write(updated.code) - - -if __name__ == '__main__': - parser = argparse.ArgumentParser( - description="""Fix up source that uses the asset client library. - -The existing sources are NOT overwritten but are copied to output_dir with changes made. - -Note: This tool operates at a best-effort level at converting positional - parameters in client method calls to keyword based parameters. - Cases where it WILL FAIL include - A) * or ** expansion in a method call. - B) Calls via function or method alias (includes free function calls) - C) Indirect or dispatched calls (e.g. the method is looked up dynamically) - - These all constitute false negatives. The tool will also detect false - positives when an API method shares a name with another method. -""") - parser.add_argument( - '-d', - '--input-directory', - required=True, - dest='input_dir', - help='the input directory to walk for python files to fix up', - ) - parser.add_argument( - '-o', - '--output-directory', - required=True, - dest='output_dir', - help='the directory to output files fixed via un-flattening', - ) - args = parser.parse_args() - input_dir = pathlib.Path(args.input_dir) - output_dir = pathlib.Path(args.output_dir) - if not input_dir.is_dir(): - print( - f"input directory '{input_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if not output_dir.is_dir(): - print( - f"output directory '{output_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if os.listdir(output_dir): - print( - f"output directory '{output_dir}' is not empty", - file=sys.stderr, - ) - sys.exit(-1) - - fix_files(input_dir, output_dir) diff --git a/packages/google-cloud-asset/tests/unit/gapic/asset_v1p4beta1/__init__.py b/packages/google-cloud-asset/tests/unit/gapic/asset_v1p4beta1/__init__.py deleted file mode 100644 index e8e1c3845db5..000000000000 --- a/packages/google-cloud-asset/tests/unit/gapic/asset_v1p4beta1/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/packages/google-cloud-asset/tests/unit/gapic/asset_v1p4beta1/test_asset_service.py b/packages/google-cloud-asset/tests/unit/gapic/asset_v1p4beta1/test_asset_service.py deleted file mode 100644 index 835bd91de6fa..000000000000 --- a/packages/google-cloud-asset/tests/unit/gapic/asset_v1p4beta1/test_asset_service.py +++ /dev/null @@ -1,1707 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import os - -# try/except added for compatibility with python < 3.8 -try: - from unittest import mock - from unittest.mock import AsyncMock -except ImportError: - import mock - -import math - -from google.api_core import ( - future, - gapic_v1, - grpc_helpers, - grpc_helpers_async, - operation, - operations_v1, - path_template, -) -from google.api_core import client_options -from google.api_core import exceptions as core_exceptions -from google.api_core import operation_async # type: ignore -import google.auth -from google.auth import credentials as ga_credentials -from google.auth.exceptions import MutualTLSChannelError -from google.longrunning import operations_pb2 -from google.oauth2 import service_account -from google.protobuf import duration_pb2 # type: ignore -import grpc -from grpc.experimental import aio -from proto.marshal.rules.dates import DurationRule, TimestampRule -import pytest - -from google.cloud.asset_v1p4beta1.services.asset_service import ( - AssetServiceAsyncClient, - AssetServiceClient, - transports, -) -from google.cloud.asset_v1p4beta1.types import asset_service, assets - - -def client_cert_source_callback(): - return b"cert bytes", b"key bytes" - - -# If default endpoint is localhost, then default mtls endpoint will be the same. -# This method modifies the default endpoint so the client can produce a different -# mtls endpoint for endpoint testing purposes. -def modify_default_endpoint(client): - return ( - "foo.googleapis.com" - if ("localhost" in client.DEFAULT_ENDPOINT) - else client.DEFAULT_ENDPOINT - ) - - -def test__get_default_mtls_endpoint(): - api_endpoint = "example.googleapis.com" - api_mtls_endpoint = "example.mtls.googleapis.com" - sandbox_endpoint = "example.sandbox.googleapis.com" - sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" - non_googleapi = "api.example.com" - - assert AssetServiceClient._get_default_mtls_endpoint(None) is None - assert ( - AssetServiceClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint - ) - assert ( - AssetServiceClient._get_default_mtls_endpoint(api_mtls_endpoint) - == api_mtls_endpoint - ) - assert ( - AssetServiceClient._get_default_mtls_endpoint(sandbox_endpoint) - == sandbox_mtls_endpoint - ) - assert ( - AssetServiceClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) - == sandbox_mtls_endpoint - ) - assert AssetServiceClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi - - -@pytest.mark.parametrize( - "client_class,transport_name", - [ - (AssetServiceClient, "grpc"), - (AssetServiceAsyncClient, "grpc_asyncio"), - ], -) -def test_asset_service_client_from_service_account_info(client_class, transport_name): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object( - service_account.Credentials, "from_service_account_info" - ) as factory: - factory.return_value = creds - info = {"valid": True} - client = client_class.from_service_account_info(info, transport=transport_name) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == ("cloudasset.googleapis.com:443") - - -@pytest.mark.parametrize( - "transport_class,transport_name", - [ - (transports.AssetServiceGrpcTransport, "grpc"), - (transports.AssetServiceGrpcAsyncIOTransport, "grpc_asyncio"), - ], -) -def test_asset_service_client_service_account_always_use_jwt( - transport_class, transport_name -): - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=True) - use_jwt.assert_called_once_with(True) - - with mock.patch.object( - service_account.Credentials, "with_always_use_jwt_access", create=True - ) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=False) - use_jwt.assert_not_called() - - -@pytest.mark.parametrize( - "client_class,transport_name", - [ - (AssetServiceClient, "grpc"), - (AssetServiceAsyncClient, "grpc_asyncio"), - ], -) -def test_asset_service_client_from_service_account_file(client_class, transport_name): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object( - service_account.Credentials, "from_service_account_file" - ) as factory: - factory.return_value = creds - client = client_class.from_service_account_file( - "dummy/file/path.json", transport=transport_name - ) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - client = client_class.from_service_account_json( - "dummy/file/path.json", transport=transport_name - ) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == ("cloudasset.googleapis.com:443") - - -def test_asset_service_client_get_transport_class(): - transport = AssetServiceClient.get_transport_class() - available_transports = [ - transports.AssetServiceGrpcTransport, - ] - assert transport in available_transports - - transport = AssetServiceClient.get_transport_class("grpc") - assert transport == transports.AssetServiceGrpcTransport - - -@pytest.mark.parametrize( - "client_class,transport_class,transport_name", - [ - (AssetServiceClient, transports.AssetServiceGrpcTransport, "grpc"), - ( - AssetServiceAsyncClient, - transports.AssetServiceGrpcAsyncIOTransport, - "grpc_asyncio", - ), - ], -) -@mock.patch.object( - AssetServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(AssetServiceClient) -) -@mock.patch.object( - AssetServiceAsyncClient, - "DEFAULT_ENDPOINT", - modify_default_endpoint(AssetServiceAsyncClient), -) -def test_asset_service_client_client_options( - client_class, transport_class, transport_name -): - # Check that if channel is provided we won't create a new one. - with mock.patch.object(AssetServiceClient, "get_transport_class") as gtc: - transport = transport_class(credentials=ga_credentials.AnonymousCredentials()) - client = client_class(transport=transport) - gtc.assert_not_called() - - # Check that if channel is provided via str we will create a new one. - with mock.patch.object(AssetServiceClient, "get_transport_class") as gtc: - client = client_class(transport=transport_name) - gtc.assert_called() - - # Check the case api_endpoint is provided. - options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(transport=transport_name, client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "never". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "always". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_MTLS_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has - # unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): - with pytest.raises(MutualTLSChannelError): - client = client_class(transport=transport_name) - - # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. - with mock.patch.dict( - os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"} - ): - with pytest.raises(ValueError): - client = client_class(transport=transport_name) - - # Check the case quota_project_id is provided - options = client_options.ClientOptions(quota_project_id="octopus") - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id="octopus", - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - # Check the case api_endpoint is provided - options = client_options.ClientOptions( - api_audience="https://language.googleapis.com" - ) - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience="https://language.googleapis.com", - ) - - -@pytest.mark.parametrize( - "client_class,transport_class,transport_name,use_client_cert_env", - [ - (AssetServiceClient, transports.AssetServiceGrpcTransport, "grpc", "true"), - ( - AssetServiceAsyncClient, - transports.AssetServiceGrpcAsyncIOTransport, - "grpc_asyncio", - "true", - ), - (AssetServiceClient, transports.AssetServiceGrpcTransport, "grpc", "false"), - ( - AssetServiceAsyncClient, - transports.AssetServiceGrpcAsyncIOTransport, - "grpc_asyncio", - "false", - ), - ], -) -@mock.patch.object( - AssetServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(AssetServiceClient) -) -@mock.patch.object( - AssetServiceAsyncClient, - "DEFAULT_ENDPOINT", - modify_default_endpoint(AssetServiceAsyncClient), -) -@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) -def test_asset_service_client_mtls_env_auto( - client_class, transport_class, transport_name, use_client_cert_env -): - # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default - # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. - - # Check the case client_cert_source is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict( - os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} - ): - options = client_options.ClientOptions( - client_cert_source=client_cert_source_callback - ) - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - - if use_client_cert_env == "false": - expected_client_cert_source = None - expected_host = client.DEFAULT_ENDPOINT - else: - expected_client_cert_source = client_cert_source_callback - expected_host = client.DEFAULT_MTLS_ENDPOINT - - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case ADC client cert is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict( - os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} - ): - with mock.patch.object(transport_class, "__init__") as patched: - with mock.patch( - "google.auth.transport.mtls.has_default_client_cert_source", - return_value=True, - ): - with mock.patch( - "google.auth.transport.mtls.default_client_cert_source", - return_value=client_cert_source_callback, - ): - if use_client_cert_env == "false": - expected_host = client.DEFAULT_ENDPOINT - expected_client_cert_source = None - else: - expected_host = client.DEFAULT_MTLS_ENDPOINT - expected_client_cert_source = client_cert_source_callback - - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case client_cert_source and ADC client cert are not provided. - with mock.patch.dict( - os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env} - ): - with mock.patch.object(transport_class, "__init__") as patched: - with mock.patch( - "google.auth.transport.mtls.has_default_client_cert_source", - return_value=False, - ): - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - -@pytest.mark.parametrize("client_class", [AssetServiceClient, AssetServiceAsyncClient]) -@mock.patch.object( - AssetServiceClient, "DEFAULT_ENDPOINT", modify_default_endpoint(AssetServiceClient) -) -@mock.patch.object( - AssetServiceAsyncClient, - "DEFAULT_ENDPOINT", - modify_default_endpoint(AssetServiceAsyncClient), -) -def test_asset_service_client_get_mtls_endpoint_and_cert_source(client_class): - mock_client_cert_source = mock.Mock() - - # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "true". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - mock_api_endpoint = "foo" - options = client_options.ClientOptions( - client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint - ) - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source( - options - ) - assert api_endpoint == mock_api_endpoint - assert cert_source == mock_client_cert_source - - # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "false". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}): - mock_client_cert_source = mock.Mock() - mock_api_endpoint = "foo" - options = client_options.ClientOptions( - client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint - ) - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source( - options - ) - assert api_endpoint == mock_api_endpoint - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "never". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_ENDPOINT - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "always". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert doesn't exist. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - with mock.patch( - "google.auth.transport.mtls.has_default_client_cert_source", - return_value=False, - ): - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_ENDPOINT - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert exists. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - with mock.patch( - "google.auth.transport.mtls.has_default_client_cert_source", - return_value=True, - ): - with mock.patch( - "google.auth.transport.mtls.default_client_cert_source", - return_value=mock_client_cert_source, - ): - ( - api_endpoint, - cert_source, - ) = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT - assert cert_source == mock_client_cert_source - - -@pytest.mark.parametrize( - "client_class,transport_class,transport_name", - [ - (AssetServiceClient, transports.AssetServiceGrpcTransport, "grpc"), - ( - AssetServiceAsyncClient, - transports.AssetServiceGrpcAsyncIOTransport, - "grpc_asyncio", - ), - ], -) -def test_asset_service_client_client_options_scopes( - client_class, transport_class, transport_name -): - # Check the case scopes are provided. - options = client_options.ClientOptions( - scopes=["1", "2"], - ) - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=["1", "2"], - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - -@pytest.mark.parametrize( - "client_class,transport_class,transport_name,grpc_helpers", - [ - ( - AssetServiceClient, - transports.AssetServiceGrpcTransport, - "grpc", - grpc_helpers, - ), - ( - AssetServiceAsyncClient, - transports.AssetServiceGrpcAsyncIOTransport, - "grpc_asyncio", - grpc_helpers_async, - ), - ], -) -def test_asset_service_client_client_options_credentials_file( - client_class, transport_class, transport_name, grpc_helpers -): - # Check the case credentials file is provided. - options = client_options.ClientOptions(credentials_file="credentials.json") - - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file="credentials.json", - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - -def test_asset_service_client_client_options_from_dict(): - with mock.patch( - "google.cloud.asset_v1p4beta1.services.asset_service.transports.AssetServiceGrpcTransport.__init__" - ) as grpc_transport: - grpc_transport.return_value = None - client = AssetServiceClient(client_options={"api_endpoint": "squid.clam.whelk"}) - grpc_transport.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - -@pytest.mark.parametrize( - "client_class,transport_class,transport_name,grpc_helpers", - [ - ( - AssetServiceClient, - transports.AssetServiceGrpcTransport, - "grpc", - grpc_helpers, - ), - ( - AssetServiceAsyncClient, - transports.AssetServiceGrpcAsyncIOTransport, - "grpc_asyncio", - grpc_helpers_async, - ), - ], -) -def test_asset_service_client_create_channel_credentials_file( - client_class, transport_class, transport_name, grpc_helpers -): - # Check the case credentials file is provided. - options = client_options.ClientOptions(credentials_file="credentials.json") - - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file="credentials.json", - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # test that the credentials from file are saved and used as the credentials. - with mock.patch.object( - google.auth, "load_credentials_from_file", autospec=True - ) as load_creds, mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel" - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - file_creds = ga_credentials.AnonymousCredentials() - load_creds.return_value = (file_creds, None) - adc.return_value = (creds, None) - client = client_class(client_options=options, transport=transport_name) - create_channel.assert_called_with( - "cloudasset.googleapis.com:443", - credentials=file_creds, - credentials_file=None, - quota_project_id=None, - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - scopes=None, - default_host="cloudasset.googleapis.com", - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize( - "request_type", - [ - asset_service.AnalyzeIamPolicyRequest, - dict, - ], -) -def test_analyze_iam_policy(request_type, transport: str = "grpc"): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.analyze_iam_policy), "__call__" - ) as call: - # Designate an appropriate return value for the call. - call.return_value = asset_service.AnalyzeIamPolicyResponse( - fully_explored=True, - ) - response = client.analyze_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == asset_service.AnalyzeIamPolicyRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, asset_service.AnalyzeIamPolicyResponse) - assert response.fully_explored is True - - -def test_analyze_iam_policy_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.analyze_iam_policy), "__call__" - ) as call: - client.analyze_iam_policy() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == asset_service.AnalyzeIamPolicyRequest() - - -@pytest.mark.asyncio -async def test_analyze_iam_policy_async( - transport: str = "grpc_asyncio", request_type=asset_service.AnalyzeIamPolicyRequest -): - client = AssetServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.analyze_iam_policy), "__call__" - ) as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - asset_service.AnalyzeIamPolicyResponse( - fully_explored=True, - ) - ) - response = await client.analyze_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == asset_service.AnalyzeIamPolicyRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, asset_service.AnalyzeIamPolicyResponse) - assert response.fully_explored is True - - -@pytest.mark.asyncio -async def test_analyze_iam_policy_async_from_dict(): - await test_analyze_iam_policy_async(request_type=dict) - - -def test_analyze_iam_policy_field_headers(): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = asset_service.AnalyzeIamPolicyRequest() - - request.analysis_query.parent = "parent_value" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.analyze_iam_policy), "__call__" - ) as call: - call.return_value = asset_service.AnalyzeIamPolicyResponse() - client.analyze_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - "x-goog-request-params", - "analysis_query.parent=parent_value", - ) in kw["metadata"] - - -@pytest.mark.asyncio -async def test_analyze_iam_policy_field_headers_async(): - client = AssetServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = asset_service.AnalyzeIamPolicyRequest() - - request.analysis_query.parent = "parent_value" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.analyze_iam_policy), "__call__" - ) as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - asset_service.AnalyzeIamPolicyResponse() - ) - await client.analyze_iam_policy(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - "x-goog-request-params", - "analysis_query.parent=parent_value", - ) in kw["metadata"] - - -@pytest.mark.parametrize( - "request_type", - [ - asset_service.ExportIamPolicyAnalysisRequest, - dict, - ], -) -def test_export_iam_policy_analysis(request_type, transport: str = "grpc"): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.export_iam_policy_analysis), "__call__" - ) as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name="operations/spam") - response = client.export_iam_policy_analysis(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == asset_service.ExportIamPolicyAnalysisRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -def test_export_iam_policy_analysis_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.export_iam_policy_analysis), "__call__" - ) as call: - client.export_iam_policy_analysis() - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == asset_service.ExportIamPolicyAnalysisRequest() - - -@pytest.mark.asyncio -async def test_export_iam_policy_analysis_async( - transport: str = "grpc_asyncio", - request_type=asset_service.ExportIamPolicyAnalysisRequest, -): - client = AssetServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.export_iam_policy_analysis), "__call__" - ) as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name="operations/spam") - ) - response = await client.export_iam_policy_analysis(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == asset_service.ExportIamPolicyAnalysisRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -@pytest.mark.asyncio -async def test_export_iam_policy_analysis_async_from_dict(): - await test_export_iam_policy_analysis_async(request_type=dict) - - -def test_export_iam_policy_analysis_field_headers(): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = asset_service.ExportIamPolicyAnalysisRequest() - - request.analysis_query.parent = "parent_value" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.export_iam_policy_analysis), "__call__" - ) as call: - call.return_value = operations_pb2.Operation(name="operations/op") - client.export_iam_policy_analysis(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - "x-goog-request-params", - "analysis_query.parent=parent_value", - ) in kw["metadata"] - - -@pytest.mark.asyncio -async def test_export_iam_policy_analysis_field_headers_async(): - client = AssetServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = asset_service.ExportIamPolicyAnalysisRequest() - - request.analysis_query.parent = "parent_value" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.export_iam_policy_analysis), "__call__" - ) as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name="operations/op") - ) - await client.export_iam_policy_analysis(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - "x-goog-request-params", - "analysis_query.parent=parent_value", - ) in kw["metadata"] - - -def test_credentials_transport_error(): - # It is an error to provide credentials and a transport instance. - transport = transports.AssetServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # It is an error to provide a credentials file and a transport instance. - transport = transports.AssetServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = AssetServiceClient( - client_options={"credentials_file": "credentials.json"}, - transport=transport, - ) - - # It is an error to provide an api_key and a transport instance. - transport = transports.AssetServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - options = client_options.ClientOptions() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = AssetServiceClient( - client_options=options, - transport=transport, - ) - - # It is an error to provide an api_key and a credential. - options = mock.Mock() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = AssetServiceClient( - client_options=options, credentials=ga_credentials.AnonymousCredentials() - ) - - # It is an error to provide scopes and a transport instance. - transport = transports.AssetServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = AssetServiceClient( - client_options={"scopes": ["1", "2"]}, - transport=transport, - ) - - -def test_transport_instance(): - # A client may be instantiated with a custom transport instance. - transport = transports.AssetServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - client = AssetServiceClient(transport=transport) - assert client.transport is transport - - -def test_transport_get_channel(): - # A client may be instantiated with a custom transport instance. - transport = transports.AssetServiceGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - - transport = transports.AssetServiceGrpcAsyncIOTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.AssetServiceGrpcTransport, - transports.AssetServiceGrpcAsyncIOTransport, - ], -) -def test_transport_adc(transport_class): - # Test default credentials are used if not provided. - with mock.patch.object(google.auth, "default") as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class() - adc.assert_called_once() - - -@pytest.mark.parametrize( - "transport_name", - [ - "grpc", - ], -) -def test_transport_kind(transport_name): - transport = AssetServiceClient.get_transport_class(transport_name)( - credentials=ga_credentials.AnonymousCredentials(), - ) - assert transport.kind == transport_name - - -def test_transport_grpc_default(): - # A client should use the gRPC transport by default. - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - assert isinstance( - client.transport, - transports.AssetServiceGrpcTransport, - ) - - -def test_asset_service_base_transport_error(): - # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(core_exceptions.DuplicateCredentialArgs): - transport = transports.AssetServiceTransport( - credentials=ga_credentials.AnonymousCredentials(), - credentials_file="credentials.json", - ) - - -def test_asset_service_base_transport(): - # Instantiate the base transport. - with mock.patch( - "google.cloud.asset_v1p4beta1.services.asset_service.transports.AssetServiceTransport.__init__" - ) as Transport: - Transport.return_value = None - transport = transports.AssetServiceTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Every method on the transport should just blindly - # raise NotImplementedError. - methods = ( - "analyze_iam_policy", - "export_iam_policy_analysis", - ) - for method in methods: - with pytest.raises(NotImplementedError): - getattr(transport, method)(request=object()) - - with pytest.raises(NotImplementedError): - transport.close() - - # Additionally, the LRO client (a property) should - # also raise NotImplementedError - with pytest.raises(NotImplementedError): - transport.operations_client - - # Catch all for all remaining methods and properties - remainder = [ - "kind", - ] - for r in remainder: - with pytest.raises(NotImplementedError): - getattr(transport, r)() - - -def test_asset_service_base_transport_with_credentials_file(): - # Instantiate the base transport with a credentials file - with mock.patch.object( - google.auth, "load_credentials_from_file", autospec=True - ) as load_creds, mock.patch( - "google.cloud.asset_v1p4beta1.services.asset_service.transports.AssetServiceTransport._prep_wrapped_messages" - ) as Transport: - Transport.return_value = None - load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.AssetServiceTransport( - credentials_file="credentials.json", - quota_project_id="octopus", - ) - load_creds.assert_called_once_with( - "credentials.json", - scopes=None, - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - quota_project_id="octopus", - ) - - -def test_asset_service_base_transport_with_adc(): - # Test the default credentials are used if credentials and credentials_file are None. - with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch( - "google.cloud.asset_v1p4beta1.services.asset_service.transports.AssetServiceTransport._prep_wrapped_messages" - ) as Transport: - Transport.return_value = None - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.AssetServiceTransport() - adc.assert_called_once() - - -def test_asset_service_auth_adc(): - # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - AssetServiceClient() - adc.assert_called_once_with( - scopes=None, - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - quota_project_id=None, - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.AssetServiceGrpcTransport, - transports.AssetServiceGrpcAsyncIOTransport, - ], -) -def test_asset_service_transport_auth_adc(transport_class): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - adc.assert_called_once_with( - scopes=["1", "2"], - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - quota_project_id="octopus", - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.AssetServiceGrpcTransport, - transports.AssetServiceGrpcAsyncIOTransport, - ], -) -def test_asset_service_transport_auth_gdch_credentials(transport_class): - host = "https://language.com" - api_audience_tests = [None, "https://language2.com"] - api_audience_expect = [host, "https://language2.com"] - for t, e in zip(api_audience_tests, api_audience_expect): - with mock.patch.object(google.auth, "default", autospec=True) as adc: - gdch_mock = mock.MagicMock() - type(gdch_mock).with_gdch_audience = mock.PropertyMock( - return_value=gdch_mock - ) - adc.return_value = (gdch_mock, None) - transport_class(host=host, api_audience=t) - gdch_mock.with_gdch_audience.assert_called_once_with(e) - - -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.AssetServiceGrpcTransport, grpc_helpers), - (transports.AssetServiceGrpcAsyncIOTransport, grpc_helpers_async), - ], -) -def test_asset_service_transport_create_channel(transport_class, grpc_helpers): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - - create_channel.assert_called_with( - "cloudasset.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - default_scopes=("https://www.googleapis.com/auth/cloud-platform",), - scopes=["1", "2"], - default_host="cloudasset.googleapis.com", - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize( - "transport_class", - [transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport], -) -def test_asset_service_grpc_transport_client_cert_source_for_mtls(transport_class): - cred = ga_credentials.AnonymousCredentials() - - # Check ssl_channel_credentials is used if provided. - with mock.patch.object(transport_class, "create_channel") as mock_create_channel: - mock_ssl_channel_creds = mock.Mock() - transport_class( - host="squid.clam.whelk", - credentials=cred, - ssl_channel_credentials=mock_ssl_channel_creds, - ) - mock_create_channel.assert_called_once_with( - "squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_channel_creds, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls - # is used. - with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): - with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: - transport_class( - credentials=cred, - client_cert_source_for_mtls=client_cert_source_callback, - ) - expected_cert, expected_key = client_cert_source_callback() - mock_ssl_cred.assert_called_once_with( - certificate_chain=expected_cert, private_key=expected_key - ) - - -@pytest.mark.parametrize( - "transport_name", - [ - "grpc", - "grpc_asyncio", - ], -) -def test_asset_service_host_no_port(transport_name): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions( - api_endpoint="cloudasset.googleapis.com" - ), - transport=transport_name, - ) - assert client.transport._host == ("cloudasset.googleapis.com:443") - - -@pytest.mark.parametrize( - "transport_name", - [ - "grpc", - "grpc_asyncio", - ], -) -def test_asset_service_host_with_port(transport_name): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions( - api_endpoint="cloudasset.googleapis.com:8000" - ), - transport=transport_name, - ) - assert client.transport._host == ("cloudasset.googleapis.com:8000") - - -def test_asset_service_grpc_transport_channel(): - channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.AssetServiceGrpcTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -def test_asset_service_grpc_asyncio_transport_channel(): - channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.AssetServiceGrpcAsyncIOTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize( - "transport_class", - [transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport], -) -def test_asset_service_transport_channel_mtls_with_client_cert_source(transport_class): - with mock.patch( - "grpc.ssl_channel_credentials", autospec=True - ) as grpc_ssl_channel_cred: - with mock.patch.object( - transport_class, "create_channel" - ) as grpc_create_channel: - mock_ssl_cred = mock.Mock() - grpc_ssl_channel_cred.return_value = mock_ssl_cred - - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - - cred = ga_credentials.AnonymousCredentials() - with pytest.warns(DeprecationWarning): - with mock.patch.object(google.auth, "default") as adc: - adc.return_value = (cred, None) - transport = transport_class( - host="squid.clam.whelk", - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=client_cert_source_callback, - ) - adc.assert_called_once() - - grpc_ssl_channel_cred.assert_called_once_with( - certificate_chain=b"cert bytes", private_key=b"key bytes" - ) - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - assert transport._ssl_channel_credentials == mock_ssl_cred - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize( - "transport_class", - [transports.AssetServiceGrpcTransport, transports.AssetServiceGrpcAsyncIOTransport], -) -def test_asset_service_transport_channel_mtls_with_adc(transport_class): - mock_ssl_cred = mock.Mock() - with mock.patch.multiple( - "google.auth.transport.grpc.SslCredentials", - __init__=mock.Mock(return_value=None), - ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), - ): - with mock.patch.object( - transport_class, "create_channel" - ) as grpc_create_channel: - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - mock_cred = mock.Mock() - - with pytest.warns(DeprecationWarning): - transport = transport_class( - host="squid.clam.whelk", - credentials=mock_cred, - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=None, - ) - - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=mock_cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - - -def test_asset_service_grpc_lro_client(): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - transport = client.transport - - # Ensure that we have a api-core operations client. - assert isinstance( - transport.operations_client, - operations_v1.OperationsClient, - ) - - # Ensure that subsequent calls to the property send the exact same object. - assert transport.operations_client is transport.operations_client - - -def test_asset_service_grpc_lro_async_client(): - client = AssetServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc_asyncio", - ) - transport = client.transport - - # Ensure that we have a api-core operations client. - assert isinstance( - transport.operations_client, - operations_v1.OperationsAsyncClient, - ) - - # Ensure that subsequent calls to the property send the exact same object. - assert transport.operations_client is transport.operations_client - - -def test_common_billing_account_path(): - billing_account = "squid" - expected = "billingAccounts/{billing_account}".format( - billing_account=billing_account, - ) - actual = AssetServiceClient.common_billing_account_path(billing_account) - assert expected == actual - - -def test_parse_common_billing_account_path(): - expected = { - "billing_account": "clam", - } - path = AssetServiceClient.common_billing_account_path(**expected) - - # Check that the path construction is reversible. - actual = AssetServiceClient.parse_common_billing_account_path(path) - assert expected == actual - - -def test_common_folder_path(): - folder = "whelk" - expected = "folders/{folder}".format( - folder=folder, - ) - actual = AssetServiceClient.common_folder_path(folder) - assert expected == actual - - -def test_parse_common_folder_path(): - expected = { - "folder": "octopus", - } - path = AssetServiceClient.common_folder_path(**expected) - - # Check that the path construction is reversible. - actual = AssetServiceClient.parse_common_folder_path(path) - assert expected == actual - - -def test_common_organization_path(): - organization = "oyster" - expected = "organizations/{organization}".format( - organization=organization, - ) - actual = AssetServiceClient.common_organization_path(organization) - assert expected == actual - - -def test_parse_common_organization_path(): - expected = { - "organization": "nudibranch", - } - path = AssetServiceClient.common_organization_path(**expected) - - # Check that the path construction is reversible. - actual = AssetServiceClient.parse_common_organization_path(path) - assert expected == actual - - -def test_common_project_path(): - project = "cuttlefish" - expected = "projects/{project}".format( - project=project, - ) - actual = AssetServiceClient.common_project_path(project) - assert expected == actual - - -def test_parse_common_project_path(): - expected = { - "project": "mussel", - } - path = AssetServiceClient.common_project_path(**expected) - - # Check that the path construction is reversible. - actual = AssetServiceClient.parse_common_project_path(path) - assert expected == actual - - -def test_common_location_path(): - project = "winkle" - location = "nautilus" - expected = "projects/{project}/locations/{location}".format( - project=project, - location=location, - ) - actual = AssetServiceClient.common_location_path(project, location) - assert expected == actual - - -def test_parse_common_location_path(): - expected = { - "project": "scallop", - "location": "abalone", - } - path = AssetServiceClient.common_location_path(**expected) - - # Check that the path construction is reversible. - actual = AssetServiceClient.parse_common_location_path(path) - assert expected == actual - - -def test_client_with_default_client_info(): - client_info = gapic_v1.client_info.ClientInfo() - - with mock.patch.object( - transports.AssetServiceTransport, "_prep_wrapped_messages" - ) as prep: - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - with mock.patch.object( - transports.AssetServiceTransport, "_prep_wrapped_messages" - ) as prep: - transport_class = AssetServiceClient.get_transport_class() - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - -@pytest.mark.asyncio -async def test_transport_close_async(): - client = AssetServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc_asyncio", - ) - with mock.patch.object( - type(getattr(client.transport, "grpc_channel")), "close" - ) as close: - async with client: - close.assert_not_called() - close.assert_called_once() - - -def test_transport_close(): - transports = { - "grpc": "_grpc_channel", - } - - for transport, close_name in transports.items(): - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), transport=transport - ) - with mock.patch.object( - type(getattr(client.transport, close_name)), "close" - ) as close: - with client: - close.assert_not_called() - close.assert_called_once() - - -def test_client_ctx(): - transports = [ - "grpc", - ] - for transport in transports: - client = AssetServiceClient( - credentials=ga_credentials.AnonymousCredentials(), transport=transport - ) - # Test client calls underlying transport. - with mock.patch.object(type(client.transport), "close") as close: - close.assert_not_called() - with client: - pass - close.assert_called() - - -@pytest.mark.parametrize( - "client_class,transport_class", - [ - (AssetServiceClient, transports.AssetServiceGrpcTransport), - (AssetServiceAsyncClient, transports.AssetServiceGrpcAsyncIOTransport), - ], -) -def test_api_key_credentials(client_class, transport_class): - with mock.patch.object( - google.auth._default, "get_api_key_credentials", create=True - ) as get_api_key_credentials: - mock_cred = mock.Mock() - get_api_key_credentials.return_value = mock_cred - options = client_options.ClientOptions() - options.api_key = "api_key" - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=mock_cred, - credentials_file=None, - host=client.DEFAULT_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - )