def test_behavior_outside_asyncio(self):
# Ensures non-AsyncIO object can be initiated
channel_creds = grpc.ssl_channel_credentials()
# Ensures AsyncIO API not raising outside of AsyncIO.
# NOTE(lidiz) This behavior is bound with GAPIC generator, and required
# by test frameworks like pytest. In test frameworks, objects shared
# across cases need to be created outside of AsyncIO coroutines.
aio.insecure_channel('')
aio.secure_channel('', channel_creds)
aio.server()
aio.init_grpc_aio()
aio.shutdown_grpc_aio()
async def coro():
server_target, _ = await start_test_server(secure=True) # pylint: disable=unused-variable
credentials = grpc.local_channel_credentials(
grpc.LocalConnectionType.LOCAL_TCP)
secure_channel = aio.secure_channel(server_target, credentials)
self.assertIsInstance(secure_channel, aio.Channel)
async def test_secure_no_cert(self):
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = aio.server()
server.add_generic_rpc_handlers((handler, ))
server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
port = server.add_secure_port('[::]:0', server_cred)
await server.start()
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES)
channel = aio.secure_channel('localhost:{}'.format(port),
channel_creds,
options=_PROPERTY_OPTIONS)
response = await channel.unary_unary(_UNARY_UNARY)(_REQUEST)
await channel.close()
await server.stop(None)
auth_data = pickle.loads(response)
self.assertIsNone(auth_data[_ID])
self.assertIsNone(auth_data[_ID_KEY])
self.assertDictEqual(
{
'security_level': [b'TSI_PRIVACY_AND_INTEGRITY'],
'transport_security_type': [b'ssl'],
'ssl_session_reused': [b'false'],
}, auth_data[_AUTH_CTX])
async def test_secure_client_cert(self):
handler = grpc.method_handlers_generic_handler('test', {
'UnaryUnary':
grpc.unary_unary_rpc_method_handler(handle_unary_unary)
})
server = aio.server()
server.add_generic_rpc_handlers((handler, ))
server_cred = grpc.ssl_server_credentials(
_SERVER_CERTS,
root_certificates=_TEST_ROOT_CERTIFICATES,
require_client_auth=True)
port = server.add_secure_port('[::]:0', server_cred)
await server.start()
channel_creds = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES,
private_key=_PRIVATE_KEY,
certificate_chain=_CERTIFICATE_CHAIN)
channel = aio.secure_channel('localhost:{}'.format(port),
channel_creds,
options=_PROPERTY_OPTIONS)
response = await channel.unary_unary(_UNARY_UNARY)(_REQUEST)
await channel.close()
await server.stop(None)
auth_data = pickle.loads(response)
auth_ctx = auth_data[_AUTH_CTX]
self.assertCountEqual(_CLIENT_IDS, auth_data[_ID])
self.assertEqual('x509_subject_alternative_name', auth_data[_ID_KEY])
self.assertSequenceEqual([b'ssl'], auth_ctx['transport_security_type'])
self.assertSequenceEqual([b'*.test.google.com'],
auth_ctx['x509_common_name'])
def test_behavior_outside_asyncio(self):
# Ensures non-AsyncIO object can be initiated
channel_creds = grpc.ssl_channel_credentials()
# Ensures AsyncIO API NOT working outside of AsyncIO
with self.assertRaises(RuntimeError):
aio.insecure_channel('')
with self.assertRaises(RuntimeError):
aio.secure_channel('', channel_creds)
with self.assertRaises(RuntimeError):
aio.server()
# Ensures init_grpc_aio fail outside of AsyncIO
with self.assertRaises(RuntimeError):
aio.init_grpc_aio()
def _create_channel(args):
target = f'{args.server_host}:{args.server_port}'
if args.use_tls or args.use_alts or args.custom_credentials_type is not None:
channel_credentials, options = interop_client_lib.get_secure_channel_parameters(
args)
return aio.secure_channel(target, channel_credentials, options)
else:
return aio.insecure_channel(target)
async def test_secure_channel(self):
server_target, _ = await start_test_server(secure=True) # pylint: disable=unused-variable
credentials = grpc.ssl_channel_credentials(
root_certificates=_TEST_ROOT_CERTIFICATES,
private_key=_PRIVATE_KEY,
certificate_chain=_CERTIFICATE_CHAIN,
)
secure_channel = aio.secure_channel(server_target, credentials)
self.assertIsInstance(secure_channel, aio.Channel)
def test_document_understanding_service_grpc_asyncio_transport_channel():
channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.DocumentUnderstandingServiceGrpcAsyncIOTransport(
host="squid.clam.whelk", channel=channel,
)
assert transport.grpc_channel == channel
assert transport._host == "squid.clam.whelk:443"
assert transport._ssl_channel_credentials == None
async def _do_one_shot_client_rpc(self, channel_creds, channel_options,
port, expect_ssl_session_reused):
channel = aio.secure_channel('localhost:{}'.format(port),
channel_creds,
options=channel_options)
response = await channel.unary_unary(_UNARY_UNARY)(_REQUEST)
auth_data = pickle.loads(response)
self.assertEqual(expect_ssl_session_reused,
auth_data[_AUTH_CTX]['ssl_session_reused'])
await channel.close()
def test_quota_controller_grpc_asyncio_transport_channel():
channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.QuotaControllerGrpcAsyncIOTransport(
host="squid.clam.whelk", channel=channel,
)
assert transport.grpc_channel == channel
assert transport._host == "squid.clam.whelk:443"
assert transport._ssl_channel_credentials == None
def test_policy_tag_manager_serialization_grpc_asyncio_transport_channel():
channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.PolicyTagManagerSerializationGrpcAsyncIOTransport(
host="squid.clam.whelk", channel=channel,
)
assert transport.grpc_channel == channel
assert transport._host == "squid.clam.whelk:443"
assert transport._ssl_channel_credentials == None
def test_video_intelligence_service_grpc_asyncio_transport_channel():
channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.VideoIntelligenceServiceGrpcAsyncIOTransport(
host="squid.clam.whelk", channel=channel,
)
assert transport.grpc_channel == channel
assert transport._host == "squid.clam.whelk:443"
assert transport._ssl_channel_credentials == None
def test_customer_license_service_grpc_asyncio_transport_channel():
channel = aio.secure_channel('http://localhost/', grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.CustomerLicenseServiceGrpcAsyncIOTransport(
host="squid.clam.whelk",
channel=channel,
)
assert transport.grpc_channel == channel
assert transport._host == "squid.clam.whelk:443"
assert transport._ssl_channel_credentials == None
def test_authorized_domains_grpc_asyncio_transport_channel():
channel = aio.secure_channel("http://localhost/",
grpc.local_channel_credentials())
# Check that channel is used if provided.
transport = transports.AuthorizedDomainsGrpcAsyncIOTransport(
host="squid.clam.whelk",
channel=channel,
)
assert transport.grpc_channel == channel
assert transport._host == "squid.clam.whelk:443"
assert transport._ssl_channel_credentials == None
def create_channel(
target,
credentials=None,
scopes=None,
ssl_credentials=None,
credentials_file=None,
quota_project_id=None,
default_scopes=None,
default_host=None,
**kwargs):
"""Create an AsyncIO secure channel with credentials.
Args:
target (str): The target service address in the format 'hostname:port'.
credentials (google.auth.credentials.Credentials): The credentials. If
not specified, then this function will attempt to ascertain the
credentials from the environment using :func:`google.auth.default`.
scopes (Sequence[str]): A optional list of scopes needed for this
service. These are only used when credentials are not specified and
are passed to :func:`google.auth.default`.
ssl_credentials (grpc.ChannelCredentials): Optional SSL channel
credentials. This can be used to specify different certificates.
credentials_file (str): A file with credentials that can be loaded with
:func:`google.auth.load_credentials_from_file`. This argument is
mutually exclusive with credentials.
quota_project_id (str): An optional project to use for billing and quota.
default_scopes (Sequence[str]): Default scopes passed by a Google client
library. Use 'scopes' for user-defined scopes.
default_host (str): The default endpoint. e.g., "pubsub.googleapis.com".
kwargs: Additional key-word args passed to :func:`aio.secure_channel`.
Returns:
aio.Channel: The created channel.
Raises:
google.api_core.DuplicateCredentialArgs: If both a credentials object and credentials_file are passed.
"""
composite_credentials = grpc_helpers._create_composite_credentials(
credentials=credentials,
credentials_file=credentials_file,
scopes=scopes,
default_scopes=default_scopes,
ssl_credentials=ssl_credentials,
quota_project_id=quota_project_id,
default_host=default_host
)
return aio.secure_channel(target, composite_credentials, **kwargs)
async def setUp(self):
server_credentials = grpc.ssl_server_credentials([
(resources.private_key(), resources.certificate_chain())
])
channel_credentials = grpc.ssl_channel_credentials(
resources.test_root_certificates())
channel_options = ((
'grpc.ssl_target_name_override',
_SERVER_HOST_OVERRIDE,
), )
address, self._server = await start_test_server(
secure=True, server_credentials=server_credentials)
self._channel = aio.secure_channel(address, channel_credentials,
channel_options)
self._stub = test_pb2_grpc.TestServiceStub(self._channel)
def __init__(self, address: str, config: control_pb2.ClientConfig,
hist: histogram.Histogram):
# Disables underlying reuse of subchannels
unique_option = (('iv', random.random()),)
# Parses the channel argument from config
channel_args = tuple(
(arg.name, arg.str_value) if arg.HasField('str_value') else (
arg.name, int(arg.int_value)) for arg in config.channel_args)
# Creates the channel
if config.HasField('security_params'):
channel_credentials = grpc.ssl_channel_credentials(
resources.test_root_certificates(),)
server_host_override_option = ((
'grpc.ssl_target_name_override',
config.security_params.server_host_override,
),)
self._channel = aio.secure_channel(
address, channel_credentials,
unique_option + channel_args + server_host_override_option)
else:
self._channel = aio.insecure_channel(address,
options=unique_option +
channel_args)
# Creates the stub
if config.payload_config.WhichOneof('payload') == 'simple_params':
self._generic = False
self._stub = benchmark_service_pb2_grpc.BenchmarkServiceStub(
self._channel)
payload = messages_pb2.Payload(
body=b'\0' * config.payload_config.simple_params.req_size)
self._request = messages_pb2.SimpleRequest(
payload=payload,
response_size=config.payload_config.simple_params.resp_size)
else:
self._generic = True
self._stub = GenericStub(self._channel)
self._request = b'\0' * config.payload_config.bytebuf_params.req_size
self._hist = hist
self._response_callbacks = []
self._concurrency = config.outstanding_rpcs_per_channel