Make make_secure_channel use google-auth (#2808)

Jon Wayne Parrott · web-flow · commit d20f3bb74589 · 2016-12-05T12:56:51.000-08:00
diff --git a/core/google/cloud/_helpers.py b/core/google/cloud/_helpers.py
@@ -32,11 +32,9 @@
 
 try:
     import grpc
-    from google.auth.transport.grpc import (
-        AuthMetadataPlugin)  # pragma: NO COVER
-except ImportError:
+    import google.auth.transport.grpc
+except ImportError:  # pragma: NO COVER
     grpc = None
-    AuthMetadataPlugin = None
 
 import httplib2
 import six
@@ -485,22 +483,16 @@ def make_secure_channel(credentials, user_agent, host):
     :rtype: :class:`grpc._channel.Channel`
     :returns: gRPC secure channel with credentials attached.
     """
-    # ssl_channel_credentials() loads root certificates from
-    # `grpc/_adapter/credentials/roots.pem`.
-    transport_creds = grpc.ssl_channel_credentials()
-    http = httplib2.Http()
-    custom_metadata_plugin = AuthMetadataPlugin(
-        credentials, google_auth_httplib2.Request(http=http))
-    auth_creds = grpc.metadata_call_credentials(
-        custom_metadata_plugin, name='google_creds')
-    channel_creds = grpc.composite_channel_credentials(
-        transport_creds, auth_creds)
     target = '%s:%d' % (host, http_client.HTTPS_PORT)
-    channel_args = (
+    http_request = google_auth_httplib2.Request(http=httplib2.Http())
+    options = (
         ('grpc.primary_user_agent', user_agent),
     )
-    return grpc.secure_channel(target, channel_creds,
-                               options=channel_args)
+    return google.auth.transport.grpc.secure_authorized_channel(
+        credentials,
+        http_request,
+        target,
+        options=options)
 
 
 def make_secure_stub(credentials, user_agent, stub_class, host):
diff --git a/core/tox.ini b/core/tox.ini
@@ -4,6 +4,7 @@ envlist =
 
 [testing]
 deps =
+    grpcio
     mock
     pytest
 covercmd =
diff --git a/core/unit_tests/test__helpers.py b/core/unit_tests/test__helpers.py
@@ -624,65 +624,25 @@ def _call_fut(self, *args, **kwargs):
 
     def test_it(self):
         from six.moves import http_client
-        from google.cloud import _helpers as MUT
-
-        SSL_CREDS = object()
-        METADATA_CREDS = object()
-        COMPOSITE_CREDS = object()
-        CHANNEL = object()
-
-        class _GRPCModule(object):
-
-            def __init__(self):
-                self.ssl_channel_credentials_args = None
-                self.metadata_call_credentials_args = None
-                self.composite_channel_credentials_args = None
-                self.secure_channel_args = None
-
-            def ssl_channel_credentials(self, *args):
-                self.ssl_channel_credentials_args = args
-                return SSL_CREDS
-
-            def metadata_call_credentials(self, *args, **kwargs):
-                self.metadata_call_credentials_args = (args, kwargs)
-                return METADATA_CREDS
-
-            def composite_channel_credentials(self, *args):
-                self.composite_channel_credentials_args = args
-                return COMPOSITE_CREDS
 
-            def secure_channel(self, *args, **kwargs):
-                self.secure_channel_args = (args, kwargs)
-                return CHANNEL
-
-        grpc_mod = _GRPCModule()
-
-        host = 'HOST'
         credentials = object()
+        host = 'HOST'
         user_agent = 'USER_AGENT'
 
-        grpc_patch = mock.patch.object(MUT, 'grpc', new=grpc_mod)
-        request_patch = mock.patch('google_auth_httplib2.Request')
-        plugin_patch = mock.patch.object(
-            MUT, 'AuthMetadataPlugin', create=True)
-        with grpc_patch, request_patch as request_mock, plugin_patch as plugin:
+        secure_authorized_channel_patch = mock.patch(
+            'google.auth.transport.grpc.secure_authorized_channel',
+            autospec=True)
+
+        with secure_authorized_channel_patch as secure_authorized_channel:
             result = self._call_fut(credentials, user_agent, host)
 
-        self.assertIs(result, CHANNEL)
-        plugin.assert_called_once_with(credentials, request_mock.return_value)
-        self.assertEqual(grpc_mod.ssl_channel_credentials_args, ())
-        self.assertEqual(grpc_mod.metadata_call_credentials_args,
-                         ((plugin.return_value,), {'name': 'google_creds'}))
-        self.assertEqual(
-            grpc_mod.composite_channel_credentials_args,
-            (SSL_CREDS, METADATA_CREDS))
-        target = '%s:%d' % (host, http_client.HTTPS_PORT)
-        secure_args = (target, COMPOSITE_CREDS)
-        secure_kwargs = {
-            'options': (('grpc.primary_user_agent', user_agent),)
-        }
-        self.assertEqual(grpc_mod.secure_channel_args,
-                         (secure_args, secure_kwargs))
+        self.assertIs(result, secure_authorized_channel.return_value)
+
+        expected_target = '%s:%d' % (host, http_client.HTTPS_PORT)
+        expected_options = (('grpc.primary_user_agent', user_agent),)
+
+        secure_authorized_channel.assert_called_once_with(
+            credentials, mock.ANY, expected_target, options=expected_options)
 
 
 class Test_make_secure_stub(unittest.TestCase):
