Skip to content
This repository was archived by the owner on Mar 6, 2026. It is now read-only.

Commit ff1de0a

Browse files
agrawalradhika-cellagrawalradhika-cell
committed
fix: Fix docstrings and minor nits
Signed-off-by: Radhika Agrawal <agrawalradhika@google.com>
1 parent 39bff9b commit ff1de0a

6 files changed

Lines changed: 23 additions & 27 deletions

File tree

google/auth/transport/_mtls_helper.py

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -410,11 +410,12 @@ def client_cert_callback():
410410
def check_use_client_cert():
411411
"""Returns boolean for whether the client certificate should be used for mTLS.
412412
413-
This value is meant to be interpreted as a boolean representing whether
414-
the client certificate should be used. If GOOGLE_API_USE_CLIENT_CERTIFICATE
415-
is unset, the value will be inferred by reading a file pointed at by
416-
GOOGLE_API_CERTIFICATE_CONFIG, and verifying it contains a "workload"
417-
section. If so, the function will return True, otherwise False.
413+
If GOOGLE_API_USE_CLIENT_CERTIFICATE is set to true or false, a corresponding
414+
bool value will be returned.
415+
If GOOGLE_API_USE_CLIENT_CERTIFICATE is unset, the value will be inferred
416+
by reading a file pointed at by GOOGLE_API_CERTIFICATE_CONFIG, and verifying
417+
it contains a "workload" section. If so, the function will return True,
418+
otherwise False.
418419
419420
Returns:
420421
bool: Whether the client certificate should be used for mTLS connection.
@@ -424,10 +425,7 @@ def check_use_client_cert():
424425
if use_client_cert:
425426
if use_client_cert.lower() == "true":
426427
return True
427-
# Check if GOOGLE_API_USE_CLIENT_CERTIFICATE is set to false explicitly.
428-
# Invalid values for GOOGLE_API_USE_CLIENT_CERTIFICATE are not handled here.
429-
# That will be handled by the code calling this function.
430-
elif use_client_cert.lower() == "false":
428+
else:
431429
return False
432430
else:
433431
# Check if the value of GOOGLE_API_CERTIFICATE_CONFIG is set.

google/auth/transport/grpc.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -292,7 +292,7 @@ class SslCredentials:
292292

293293
def __init__(self):
294294
use_client_cert = _mtls_helper.check_use_client_cert()
295-
if use_client_cert:
295+
if not use_client_cert:
296296
self._is_mtls = False
297297
else:
298298
# Load client SSL credentials.

google/auth/transport/mtls.py

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -116,14 +116,12 @@ def should_use_client_cert():
116116
"""Returns boolean for whether the client certificate should be used for mTLS.
117117
118118
This is a wrapper around _mtls_helper.check_use_client_cert().
119-
The value is meant to be interpreted as a boolean representing whether
120-
the client certificate should be used. If GOOGLE_API_USE_CLIENT_CERTIFICATE
121-
is unset, the value will be inferred by reading a file pointed at by
122-
GOOGLE_API_CERTIFICATE_CONFIG, and verifying it contains a "workload"
123-
section. If so, the function will return True, otherwise False. Also, note
124-
that if GOOGLE_API_USE_CLIENT_CERTIFICATE is set but is not 'true' or 'false'
125-
(case-insensitive), this check is inconclusive, that case should be handled
126-
by the caller.
119+
If GOOGLE_API_USE_CLIENT_CERTIFICATE is set to true or false, a corresponding
120+
bool value will be returned
121+
If GOOGLE_API_USE_CLIENT_CERTIFICATE is unset, the value will be inferred by
122+
reading a file pointed at by GOOGLE_API_CERTIFICATE_CONFIG, and verifying it
123+
contains a "workload" section. If so, the function will return True,
124+
otherwise False.
127125
128126
Returns:
129127
bool: indicating whether the client certificate should be used for mTLS.

google/auth/transport/requests.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -443,7 +443,7 @@ def configure_mtls_channel(self, client_cert_callback=None):
443443
creation failed for any reason.
444444
"""
445445
use_client_cert = google.auth.transport._mtls_helper.check_use_client_cert()
446-
if use_client_cert:
446+
if not use_client_cert:
447447
self._is_mtls = False
448448
return
449449
try:

google/auth/transport/urllib3.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -334,7 +334,7 @@ def configure_mtls_channel(self, client_cert_callback=None):
334334
creation failed for any reason.
335335
"""
336336
use_client_cert = transport._mtls_helper.check_use_client_cert()
337-
if use_client_cert:
337+
if not use_client_cert:
338338
return False
339339
try:
340340
import OpenSSL

tests/transport/test__mtls_helper.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -643,7 +643,7 @@ def test_crypto_error(self):
643643
def test_check_use_client_cert(self, monkeypatch):
644644
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "true")
645645
use_client_cert = _mtls_helper.check_use_client_cert()
646-
assert use_client_cert
646+
assert use_client_cert is True
647647

648648
def test_check_use_client_cert_for_workload_with_config_file(self, monkeypatch):
649649
config_data = {
@@ -663,19 +663,19 @@ def test_check_use_client_cert_for_workload_with_config_file(self, monkeypatch):
663663
mock_file_handle = mock.mock_open(read_data=config_file_content)
664664
with mock.patch("builtins.open", mock_file_handle):
665665
use_client_cert = _mtls_helper.check_use_client_cert()
666-
assert use_client_cert
666+
assert use_client_cert is True
667667

668668
def test_check_use_client_cert_false(self, monkeypatch):
669669
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
670670
use_client_cert = _mtls_helper.check_use_client_cert()
671-
assert not use_client_cert
671+
assert use_client_cert is False
672672

673673
def test_check_use_client_cert_for_workload_with_config_file_not_found(
674674
self, monkeypatch
675675
):
676676
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
677677
use_client_cert = _mtls_helper.check_use_client_cert()
678-
assert not use_client_cert
678+
assert use_client_cert is False
679679

680680
def test_check_use_client_cert_for_workload_with_config_file_not_json(
681681
self, monkeypatch
@@ -688,7 +688,7 @@ def test_check_use_client_cert_for_workload_with_config_file_not_json(
688688
mock_file_handle = mock.mock_open(read_data=config_file_content)
689689
with mock.patch("builtins.open", mock_file_handle):
690690
use_client_cert = _mtls_helper.check_use_client_cert()
691-
assert not use_client_cert
691+
assert use_client_cert is False
692692

693693
def test_check_use_client_cert_for_workload_with_config_file_no_workload(
694694
self, monkeypatch
@@ -702,11 +702,11 @@ def test_check_use_client_cert_for_workload_with_config_file_no_workload(
702702
mock_file_handle = mock.mock_open(read_data=config_file_content)
703703
with mock.patch("builtins.open", mock_file_handle):
704704
use_client_cert = _mtls_helper.check_use_client_cert()
705-
assert not use_client_cert
705+
assert use_client_cert is False
706706

707707
def test_check_use_client_cert_when_file_does_not_exist(self, monkeypatch):
708708
config_filename = "mock_certificate_config.json"
709709
monkeypatch.setenv("GOOGLE_API_CERTIFICATE_CONFIG", config_filename)
710710
monkeypatch.setenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "")
711711
use_client_cert = _mtls_helper.check_use_client_cert()
712-
assert not use_client_cert
712+
assert use_client_cert is False

0 commit comments

Comments
 (0)