chore: Add dependencies and async function related wrapper

Signed-off-by: Radhika Agrawal <agrawalradhika@google.com>

Author: agrawalradhika-cell

google/auth/aio/transport/mtls.py

@@ -13,9 +13,10 @@
 # limitations under the License.
 
 """
-Helper functions for mTLS in async.
+Helper functions for mTLS in async for discovery of certs.
 """
 
+import asyncio
 import logging
 from os import getenv, path
 
@@ -42,6 +43,20 @@ def _check_config_path(config_path):
     return config_path
 
 
+async def _run_in_executor(func, *args):
+    """Run a blocking function in an executor to avoid blocking the event loop.
+
+    This implements the non-blocking execution strategy for disk I/O operations.
+    """
+    try:
+        # For python versions 3.9 and newer versions
+        return await asyncio.to_thread(func, *args)
+    except AttributeError:
+        # Fallback for older Python versions
+        loop = asyncio.get_running_loop()
+        return await loop.run_in_executor(None, func, *args)
+
+
 def has_default_client_cert_source():
     """Check if default client SSL credentials exists on the device.
 
@@ -56,7 +71,7 @@ def has_default_client_cert_source():
     return False
 
 
-def get_client_ssl_credentials(
+async def get_client_ssl_credentials(
     generate_encrypted_key=False,
     certificate_config_path=None,
 ):
@@ -84,16 +99,18 @@ def get_client_ssl_credentials(
     """
 
     # Attempt to retrieve X.509 Workload cert and key.
-    cert, key = google.auth.transport._mtls_helper._get_workload_cert_and_key(
-        certificate_config_path
+    cert, key = await _run_in_executor(
+        google.auth.transport._mtls_helper._get_workload_cert_and_key,
+        certificate_config_path,
     )
+
     if cert and key:
         return True, cert, key, None
 
     return False, None, None, None
 
 
-def get_client_cert_and_key(client_cert_callback=None):
+async def get_client_cert_and_key(client_cert_callback=None):
     """Returns the client side certificate and private key. The function first
     tries to get certificate and key from client_cert_callback; if the callback
     is None or doesn't provide certificate and key, the function tries application
@@ -117,5 +134,7 @@ def get_client_cert_and_key(client_cert_callback=None):
         cert, key = client_cert_callback()
         return True, cert, key
 
-    has_cert, cert, key, _ = get_client_ssl_credentials(generate_encrypted_key=False)
+    has_cert, cert, key, _ = await get_client_ssl_credentials(
+        generate_encrypted_key=False
+    )
     return has_cert, cert, key

tests/transport/test_aio_mtls_helper.py

@@ -1,5 +1,16 @@
-# Copyright 2024 Google LLC
-# Licensed under the Apache License, Version 2.0...
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
 from unittest import mock
 
@@ -41,42 +52,46 @@ def test_has_default_client_cert_source_env_var(self, mock_getenv, mock_check):
 
         assert mtls.has_default_client_cert_source() is True
 
+    @pytest.mark.asyncio
     @mock.patch("google.auth.transport._mtls_helper._get_workload_cert_and_key")
-    def test_get_client_ssl_credentials_success(self, mock_workload):
+    async def test_get_client_ssl_credentials_success(self, mock_workload):
         mock_workload.return_value = (CERT_DATA, KEY_DATA)
 
-        success, cert, key, passphrase = mtls.get_client_ssl_credentials()
+        success, cert, key, passphrase = await mtls.get_client_ssl_credentials()
 
         assert success is True
         assert cert == CERT_DATA
         assert key == KEY_DATA
         assert passphrase is None
 
-    def test_get_client_cert_and_key_callback(self):
+    @pytest.mark.asyncio
+    async def test_get_client_cert_and_key_callback(self):
         # The callback should be tried first and return immediately
         callback = mock.Mock(return_value=(CERT_DATA, KEY_DATA))
 
-        success, cert, key = mtls.get_client_cert_and_key(callback)
+        success, cert, key = await mtls.get_client_cert_and_key(callback)
 
         assert success is True
         assert cert == CERT_DATA
         assert key == KEY_DATA
         callback.assert_called_once()
 
+    @pytest.mark.asyncio
     @mock.patch("google.auth.aio.transport.mtls.get_client_ssl_credentials")
-    def test_get_client_cert_and_key_default(self, mock_get_ssl):
+    async def test_get_client_cert_and_key_default(self, mock_get_ssl):
         # If no callback, it should call get_client_ssl_credentials
         mock_get_ssl.return_value = (True, CERT_DATA, KEY_DATA, None)
 
-        success, cert, key = mtls.get_client_cert_and_key(None)
+        success, cert, key = await mtls.get_client_cert_and_key(None)
 
         assert success is True
         assert cert == CERT_DATA
         assert key == KEY_DATA
         mock_get_ssl.assert_called_with(generate_encrypted_key=False)
 
+    @pytest.mark.asyncio
     @mock.patch("google.auth.transport._mtls_helper._get_workload_cert_and_key")
-    def test_get_client_ssl_credentials_error(self, mock_workload):
+    async def test_get_client_ssl_credentials_error(self, mock_workload):
         """Tests that ClientCertError is propagated correctly."""
         # Setup the mock to raise the specific google-auth exception
         mock_workload.side_effect = exceptions.ClientCertError(
@@ -85,10 +100,11 @@ def test_get_client_ssl_credentials_error(self, mock_workload):
 
         # Verify that calling our function raises the same exception
         with pytest.raises(exceptions.ClientCertError, match="Failed to read metadata"):
-            mtls.get_client_ssl_credentials()
+            await mtls.get_client_ssl_credentials()
 
+    @pytest.mark.asyncio
     @mock.patch("google.auth.aio.transport.mtls.get_client_ssl_credentials")
-    def test_get_client_cert_and_key_exception_propagation(self, mock_get_ssl):
+    async def test_get_client_cert_and_key_exception_propagation(self, mock_get_ssl):
         """Tests that get_client_cert_and_key propagates errors from its internal calls."""
         mock_get_ssl.side_effect = exceptions.ClientCertError(
             "Underlying credentials failed"
@@ -98,4 +114,4 @@ def test_get_client_cert_and_key_exception_propagation(self, mock_get_ssl):
             exceptions.ClientCertError, match="Underlying credentials failed"
         ):
             # Pass None for callback so it attempts to call get_client_ssl_credentials
-            mtls.get_client_cert_and_key(client_cert_callback=None)
+            await mtls.get_client_cert_and_key(client_cert_callback=None)