Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add cred info to auth related errors #2115

Merged
merged 6 commits into from
Jan 9, 2025
Merged

feat: add cred info to auth related errors #2115

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f77061b
feat: add cred info to auth error details
arithmetic1728 Aug 29, 2024
b4d4855
Merge branch 'main' into cred_info
arithmetic1728 Sep 11, 2024
e82788a
Merge branch 'main' into cred_info
arithmetic1728 Jan 8, 2025
a91ca96
update
arithmetic1728 Jan 8, 2025
a5dd887
update
arithmetic1728 Jan 9, 2025
0b914cc
update golden
arithmetic1728 Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 72 additions & 40 deletions gapic/templates/%namespace/%name_%version/%sub/services/%service/_mixins.py.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,16 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e

{% endif %}

Expand Down Expand Up @@ -105,12 +109,16 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}

{% if "DeleteOperation" in api.mixin_api_methods %}
Expand Down Expand Up @@ -278,12 +286,16 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}
{% endif %} {# LRO #}

Expand Down Expand Up @@ -405,12 +417,16 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}

{% if "GetIamPolicy" in api.mixin_api_methods %}
Expand Down Expand Up @@ -528,12 +544,16 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}

{% if "TestIamPermissions" in api.mixin_api_methods %}
Expand Down Expand Up @@ -589,12 +609,16 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}
{% endif %}

Expand Down Expand Up @@ -649,12 +673,16 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}

{% if "ListLocations" in api.mixin_api_methods %}
Expand Down Expand Up @@ -705,11 +733,15 @@
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}
{% endif %}
64 changes: 49 additions & 15 deletions gapic/templates/%namespace/%name_%version/%sub/services/%service/client.py.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ from collections import OrderedDict
{% if service.any_extended_operations_methods %}
import functools
{% endif %}
from http import HTTPStatus
import json
import os
import re
from typing import Dict, Callable, Mapping, MutableMapping, MutableSequence, Optional, {% if service.any_server_streaming %}Iterable, {% endif %}{% if service.any_client_streaming %}Iterator, {% endif %}Sequence, Tuple, Type, Union, cast
Expand Down Expand Up @@ -417,6 +419,26 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
{{ service.client_name }}._compare_universes(self.universe_domain, self.transport._credentials))
return self._is_universe_domain_valid

def _add_cred_info_for_auth_errors(
self,
error: core_exceptions.GoogleAPICallError
) -> None:
"""Adds credential info string to error details for 401/403/404 errors.

Args:
error (google.api_core.exceptions.GoogleAPICallError): The error to add the cred info.
"""
if error.code not in [HTTPStatus.UNAUTHORIZED, HTTPStatus.FORBIDDEN, HTTPStatus.NOT_FOUND]:
return

cred = self._transport._credentials
if not hasattr(cred, "get_cred_info"):
return

cred_info = cred.get_cred_info() # type: ignore
if cred_info and hasattr(error._details, "append"):
error._details.append(json.dumps(cred_info))

@property
def api_endpoint(self):
"""Return the API endpoint used by the client instance.
Expand Down Expand Up @@ -706,12 +728,16 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e

def get_iam_policy(
self,
Expand Down Expand Up @@ -827,12 +853,16 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e

def test_iam_permissions(
self,
Expand Down Expand Up @@ -886,12 +916,16 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
# Validate the universe domain.
self._validate_universe_domain()

# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)
try:
# Send the request.
response = rpc(
request, retry=retry, timeout=timeout, metadata=metadata,)

# Done; return the response.
return response
# Done; return the response.
return response
except core_exceptions.GoogleAPICallError as e:
self._add_cred_info_for_auth_errors(e)
raise e
{% endif %}

DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(gapic_version=package_version.__version__)
Expand Down
47 changes: 46 additions & 1 deletion gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ from grpc.experimental import aio
{% if "rest" in opts.transport %}
from collections.abc import Iterable
from google.protobuf import json_format
import json
{% endif %}
import json
import math
import pytest
from google.api_core import api_core_version
Expand Down Expand Up @@ -89,6 +89,13 @@ from google.iam.v1 import policy_pb2 # type: ignore
{% endfilter %}
{{ shared_macros.add_google_api_core_version_header_import(service.version) }}

CRED_INFO_JSON = {
"credential_source": "/path/to/file",
"credential_type": "service account credentials",
"principal": "service-account@example.com",
}
CRED_INFO_STRING = json.dumps(CRED_INFO_JSON)

def client_cert_source_callback():
return b"cert bytes", b"key bytes"

Expand Down Expand Up @@ -250,6 +257,44 @@ def test__get_universe_domain():
{{ service.client_name }}._get_universe_domain("", None)
assert str(excinfo.value) == "Universe Domain cannot be an empty string."

@pytest.mark.parametrize("error_code,cred_info_json,show_cred_info", [
(401, CRED_INFO_JSON, True),
(403, CRED_INFO_JSON, True),
(404, CRED_INFO_JSON, True),
(500, CRED_INFO_JSON, False),
(401, None, False),
(403, None, False),
(404, None, False),
(500, None, False)
])
def test__add_cred_info_for_auth_errors(error_code, cred_info_json, show_cred_info):
cred = mock.Mock(["get_cred_info"])
cred.get_cred_info = mock.Mock(return_value=cred_info_json)
client = {{ service.client_name }}(credentials=cred)
client._transport._credentials = cred

error = core_exceptions.GoogleAPICallError("message", details=[])
error.code = error_code

client._add_cred_info_for_auth_errors(error)
if show_cred_info:
assert error.details == [CRED_INFO_STRING]
else:
assert error.details == []

@pytest.mark.parametrize("error_code", [401,403,404,500])
def test__add_cred_info_for_auth_errors_no_get_cred_info(error_code):
cred = mock.Mock([])
assert not hasattr(cred, "get_cred_info")
client = {{ service.client_name }}(credentials=cred)
client._transport._credentials = cred

error = core_exceptions.GoogleAPICallError("message", details=[])
error.code = error_code

client._add_cred_info_for_auth_errors(error)
assert error.details == []

@pytest.mark.parametrize("client_class,transport_class,transport_name", [
{% if 'grpc' in opts.transport %}
({{ service.client_name }}, transports.{{ service.grpc_transport_name }}, "grpc"),
Expand Down
Loading