Skip to content
This repository was archived by the owner on Dec 31, 2023. It is now read-only.

Commit a36c637

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
feat: add api key support (#203)
- [ ] Regenerate this pull request now. PiperOrigin-RevId: 423842556 Source-Link: googleapis/googleapis@a616ca0 Source-Link: https://github.com/googleapis/googleapis-gen/commit/29b938c58c1e51d019f2ee539d55dc0a3c86a905 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMjliOTM4YzU4YzFlNTFkMDE5ZjJlZTUzOWQ1NWRjMGEzYzg2YTkwNSJ9 fix(deps): require dataclasses for python 3.6
1 parent b9894cd commit a36c637

File tree

322 files changed

+151892
-61233
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

322 files changed

+151892
-61233
lines changed

google/cloud/compute_v1/services/accelerator_types/client.py

Lines changed: 84 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -218,6 +218,73 @@ def parse_common_location_path(path: str) -> Dict[str, str]:
218218
m = re.match(r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)$", path)
219219
return m.groupdict() if m else {}
220220

221+
@classmethod
222+
def get_mtls_endpoint_and_cert_source(
223+
cls, client_options: Optional[client_options_lib.ClientOptions] = None
224+
):
225+
"""Return the API endpoint and client cert source for mutual TLS.
226+
227+
The client cert source is determined in the following order:
228+
(1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
229+
client cert source is None.
230+
(2) if `client_options.client_cert_source` is provided, use the provided one; if the
231+
default client cert source exists, use the default one; otherwise the client cert
232+
source is None.
233+
234+
The API endpoint is determined in the following order:
235+
(1) if `client_options.api_endpoint` if provided, use the provided one.
236+
(2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
237+
default mTLS endpoint; if the environment variabel is "never", use the default API
238+
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
239+
use the default API endpoint.
240+
241+
More details can be found at https://google.aip.dev/auth/4114.
242+
243+
Args:
244+
client_options (google.api_core.client_options.ClientOptions): Custom options for the
245+
client. Only the `api_endpoint` and `client_cert_source` properties may be used
246+
in this method.
247+
248+
Returns:
249+
Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
250+
client cert source to use.
251+
252+
Raises:
253+
google.auth.exceptions.MutualTLSChannelError: If any errors happen.
254+
"""
255+
if client_options is None:
256+
client_options = client_options_lib.ClientOptions()
257+
use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
258+
use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
259+
if use_client_cert not in ("true", "false"):
260+
raise ValueError(
261+
"Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
262+
)
263+
if use_mtls_endpoint not in ("auto", "never", "always"):
264+
raise MutualTLSChannelError(
265+
"Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
266+
)
267+
268+
# Figure out the client cert source to use.
269+
client_cert_source = None
270+
if use_client_cert == "true":
271+
if client_options.client_cert_source:
272+
client_cert_source = client_options.client_cert_source
273+
elif mtls.has_default_client_cert_source():
274+
client_cert_source = mtls.default_client_cert_source()
275+
276+
# Figure out which api endpoint to use.
277+
if client_options.api_endpoint is not None:
278+
api_endpoint = client_options.api_endpoint
279+
elif use_mtls_endpoint == "always" or (
280+
use_mtls_endpoint == "auto" and client_cert_source
281+
):
282+
api_endpoint = cls.DEFAULT_MTLS_ENDPOINT
283+
else:
284+
api_endpoint = cls.DEFAULT_ENDPOINT
285+
286+
return api_endpoint, client_cert_source
287+
221288
def __init__(
222289
self,
223290
*,
@@ -268,57 +335,22 @@ def __init__(
268335
if client_options is None:
269336
client_options = client_options_lib.ClientOptions()
270337

271-
# Create SSL credentials for mutual TLS if needed.
272-
if os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") not in (
273-
"true",
274-
"false",
275-
):
276-
raise ValueError(
277-
"Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
278-
)
279-
use_client_cert = (
280-
os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") == "true"
338+
api_endpoint, client_cert_source_func = self.get_mtls_endpoint_and_cert_source(
339+
client_options
281340
)
282341

283-
client_cert_source_func = None
284-
is_mtls = False
285-
if use_client_cert:
286-
if client_options.client_cert_source:
287-
is_mtls = True
288-
client_cert_source_func = client_options.client_cert_source
289-
else:
290-
is_mtls = mtls.has_default_client_cert_source()
291-
if is_mtls:
292-
client_cert_source_func = mtls.default_client_cert_source()
293-
else:
294-
client_cert_source_func = None
295-
296-
# Figure out which api endpoint to use.
297-
if client_options.api_endpoint is not None:
298-
api_endpoint = client_options.api_endpoint
299-
else:
300-
use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
301-
if use_mtls_env == "never":
302-
api_endpoint = self.DEFAULT_ENDPOINT
303-
elif use_mtls_env == "always":
304-
api_endpoint = self.DEFAULT_MTLS_ENDPOINT
305-
elif use_mtls_env == "auto":
306-
if is_mtls:
307-
api_endpoint = self.DEFAULT_MTLS_ENDPOINT
308-
else:
309-
api_endpoint = self.DEFAULT_ENDPOINT
310-
else:
311-
raise MutualTLSChannelError(
312-
"Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted "
313-
"values: never, auto, always"
314-
)
342+
api_key_value = getattr(client_options, "api_key", None)
343+
if api_key_value and credentials:
344+
raise ValueError(
345+
"client_options.api_key and credentials are mutually exclusive"
346+
)
315347

316348
# Save or instantiate the transport.
317349
# Ordinarily, we provide the transport, but allowing a custom transport
318350
# instance provides an extensibility point for unusual situations.
319351
if isinstance(transport, AcceleratorTypesTransport):
320352
# transport is a AcceleratorTypesTransport instance.
321-
if credentials or client_options.credentials_file:
353+
if credentials or client_options.credentials_file or api_key_value:
322354
raise ValueError(
323355
"When providing a transport instance, "
324356
"provide its credentials directly."
@@ -330,6 +362,15 @@ def __init__(
330362
)
331363
self._transport = transport
332364
else:
365+
import google.auth._default # type: ignore
366+
367+
if api_key_value and hasattr(
368+
google.auth._default, "get_api_key_credentials"
369+
):
370+
credentials = google.auth._default.get_api_key_credentials(
371+
api_key_value
372+
)
373+
333374
Transport = type(self).get_transport_class(transport)
334375
self._transport = Transport(
335376
credentials=credentials,

google/cloud/compute_v1/services/accelerator_types/transports/base.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,6 @@ def __init__(
103103
credentials, _ = google.auth.load_credentials_from_file(
104104
credentials_file, **scopes_kwargs, quota_project_id=quota_project_id
105105
)
106-
107106
elif credentials is None:
108107
credentials, _ = google.auth.default(
109108
**scopes_kwargs, quota_project_id=quota_project_id

0 commit comments

Comments
 (0)