def _create_grpc_channel(self, endpoint, ssl=False, ca_cert=None, cert_key=None, cert_cert=None, default_ca=False, options=None, *, loop=None, executor=None): credentials = None if not ssl: channel = aiogrpc.insecure_channel(endpoint, options=options, loop=loop, executor=executor, standalone_pool_for_streaming=True) else: if default_ca: ca_cert = None else: if ca_cert is None: logger.warning("Certificate authority is not specified. Empty CA will be used. To use system CA set" " `default_ca=True`") ca_cert = '' # to ensure ssl connect , set grpc env # os.environ['GRPC_SSL_CIPHER_SUITES'] = 'ECDHE-ECDSA-AES256-GCM-SHA384' credentials = aiogrpc.ssl_channel_credentials(ca_cert, cert_key, cert_cert) channel = aiogrpc.secure_channel(endpoint, credentials, options=options, loop=loop, executor=executor, standalone_pool_for_streaming=True) # Save parameters for auto-recreate self._credentials = credentials self._options = options self._loop = channel._loop self._executor = executor return channel
def __post_init__(self): if not self.tls_ca_cert and self.tls_ca_cert_path: with open(self.tls_ca_cert_path, 'rb') as inf: self.tls_ca_cert = inf.read() if not self.client_cert and self.client_cert_path: with open(self.client_cert_path, 'rb') as inf: self.client_cert = inf.read() if not self.client_key and self.client_key_path: with open(self.client_key_path, 'rb') as inf: self.client_key = inf.read() opts = [ ("grpc.ssl_target_name_override", self.ssl_target_name) ] if self.ssl_target_name else [] # pylint: disable=attribute-defined-outside-init # Create GRPC channel if self.tls_ca_cert: # Add client credentials if available if self.client_cert and self.client_key: creds = aiogrpc.ssl_channel_credentials( self.tls_ca_cert, private_key=self.client_key, certificate_chain=self.client_cert ) else: creds = aiogrpc.ssl_channel_credentials(self.tls_ca_cert) # Create secure channel self._grpc_channel = aiogrpc.secure_channel( self.endpoint, creds, opts ) else: # Create insecure channel if no cert self._grpc_channel = aiogrpc.insecure_channel(self.endpoint, opts)
def _connect(self, timeout: float, request_control: bool) -> None: """The function that runs on the connection thread. This will connect to Vector, and establish the BehaviorControl stream. """ try: if threading.main_thread() is threading.current_thread(): raise Exception("\n\nConnection._connect must be run outside of the main thread.") self._loop = asyncio.new_event_loop() asyncio.set_event_loop(self._loop) self._done_signal = asyncio.Event() self._control_events = _ControlEventManager(self._loop) trusted_certs = None with open(self.cert_file, 'rb') as cert: trusted_certs = cert.read() # Pin the robot certificate for opening the channel channel_credentials = aiogrpc.ssl_channel_credentials(root_certificates=trusted_certs) # Add authorization header for all the calls call_credentials = aiogrpc.access_token_call_credentials(self._guid) credentials = aiogrpc.composite_channel_credentials(channel_credentials, call_credentials) self._logger.info(f"Connecting to {self.host} for {self.name} using {self.cert_file}") self._channel = aiogrpc.secure_channel(self.host, credentials, options=(("grpc.ssl_target_name_override", self.name,),)) # Verify the connection to Vector is able to be established (client-side) try: # Explicitly grab _channel._channel to test the underlying grpc channel directly grpc.channel_ready_future(self._channel._channel).result(timeout=timeout) # pylint: disable=protected-access except grpc.FutureTimeoutError as e: raise exceptions.VectorNotFoundException() from e self._interface = client.ExternalInterfaceStub(self._channel) # Verify Vector and the SDK have compatible protocol versions version = protocol.ProtocolVersionRequest(client_version=0, min_host_version=0) protocol_version = self._loop.run_until_complete(self._interface.ProtocolVersion(version)) if protocol_version.result != protocol.ProtocolVersionResponse.SUCCESS: # pylint: disable=no-member raise exceptions.VectorInvalidVersionException(version, protocol_version) self._control_stream_task = self._loop.create_task(self._open_connections()) # WV -->-- if (request_control): self._loop.run_until_complete(self._request_control(timeout=timeout)) # WV --<-- except Exception as e: # pylint: disable=broad-except # Propagate the errors to the calling thread setattr(self._ready_signal, "exception", e) return finally: self._ready_signal.set() async def wait_until_done(): return await self._done_signal.wait() self._loop.run_until_complete(wait_until_done())
def _recreate_grpc_channel(self, endpoint): self._call_credentials = None self._metadata = None if self._credentials: channel = aiogrpc.secure_channel(endpoint, self._credentials, options=self._options, loop=self._loop, executor=self._executor, standalone_pool_for_streaming=True) else: channel = aiogrpc.insecure_channel(endpoint, options=self._options, loop=self._loop, executor=self._executor, standalone_pool_for_streaming=True) return channel
def create_grpc_channel(target, cert_file=None, client_key=None, client_cert=None, opts=None): """Construct a grpc channel. Args: target: server address include host:port cert_file: ssl/tls root cert file for the connection opts: grpc channel options grpc.default_authority: default authority grpc.ssl_target_name_override: ssl target name override Returns: grpc channel """ root_cert = None if cert_file: if isinstance(cert_file, bytes): root_cert = cert_file else: with open(cert_file, 'rb') as f: root_cert = f.read() if client_key: if not isinstance(client_key, bytes): with open(client_key, 'rb') as f: client_key = f.read() if client_cert: if not isinstance(client_cert, bytes): with open(client_cert, 'rb') as f: client_cert = f.read() if root_cert is None: return aiogrpc.insecure_channel(target, opts) else: if client_cert and client_key: creds = aiogrpc. \ ssl_channel_credentials(root_cert, private_key=client_key, certificate_chain=client_cert) else: creds = aiogrpc.ssl_channel_credentials(root_cert) return aiogrpc.secure_channel(target, creds, opts)
def __init__(self, host='localhost', port=2379, ca_cert=None, cert_key=None, cert_cert=None, timeout=None, user=None, password=None): self._url = '{host}:{port}'.format(host=host, port=port) cert_params = [c is not None for c in (cert_cert, cert_key)] if ca_cert is not None: if all(cert_params): credentials = self._get_secure_creds(ca_cert, cert_key, cert_cert) self.uses_secure_channel = True self.channel = aiogrpc.secure_channel(self._url, credentials) elif any(cert_params): # some of the cert parameters are set raise ValueError( 'to use a secure channel ca_cert is required by itself, ' 'or cert_cert and cert_key must both be specified.') else: credentials = self._get_secure_creds(ca_cert, None, None) self.uses_secure_channel = True self.channel = aiogrpc.secure_channel(self._url, credentials) else: self.uses_secure_channel = False self.channel = aiogrpc.insecure_channel(self._url) self.timeout = timeout self.call_credentials = None self._user = user self._password = password
def __connect(self): """Connect to the server""" cert = open('grpc-server.crt').read().encode("utf8") creds = grpc.ssl_channel_credentials(cert) channel = grpc.secure_channel("139.59.47.250:443", creds, options=(( 'grpc.ssl_target_name_override', "localhost", ), )) self.action_stub = DalalMessage_pb2_grpc.DalalActionServiceStub( channel) self.stream_stub = DalalMessage_pb2_grpc.DalalStreamServiceStub( channel)
async def member_healthy(self, members=None): if not members: members = await self.member_list() members = [m.clientURLs for m in members] health_members = [] unhealth_members = [] for m in members: m = [u.rpartition("//")[2] for u in m] m = [u for u in m if u] if m: server_endpoint = ipv4_endpoints(m) if self._credentials: channel = aiogrpc.secure_channel( server_endpoint, self._credentials, options=self._options, loop=self._loop, executor=self._executor, standalone_pool_for_streaming=True) else: channel = aiogrpc.insecure_channel( server_endpoint, options=self._options, loop=self._loop, executor=self._executor, standalone_pool_for_streaming=True) try: maintenance = Maintenance(channel=channel, timeout=2, username=self.username, password=self.password) try: await maintenance.status() except grpc.RpcError: unhealth_members.append(m) else: health_members.append(m) finally: await channel.close() else: unhealth_members.append(m) return health_members, unhealth_members
def _open_channel(self, rpc_server, rpc_port, cert_path, macaroon_path, is_async) -> ChannelData: try: macaroon = "" if macaroon_path is not None: with open(macaroon_path, 'rb') as f: macaroon_bytes = f.read() macaroon = codecs.encode(macaroon_bytes, 'hex') rpc_url = "{}:{}".format(rpc_server, rpc_port) cert = open(cert_path, "rb").read() except FileNotFoundError as file_error: print(file_error) return ChannelData( channel=None, macaroon=None, error=ServerError(error_message=str(file_error))) try: if is_async: creds = aiogrpc.ssl_channel_credentials(cert) channel = aiogrpc.secure_channel(rpc_url, creds) else: creds = grpc.ssl_channel_credentials(cert) channel = grpc.secure_channel(rpc_url, creds) grpc.channel_ready_future(channel).result(timeout=2) except grpc.RpcError as exc: # pylint: disable=E1101 print(exc) return ChannelData( channel=None, macaroon=None, error=ServerError.generic_rpc_error(exc.code(), exc.details())) except grpc.FutureTimeoutError as exc: print(exc) return ChannelData( channel=None, macaroon=None, error=WalletInstanceNotRunning()) return ChannelData(channel=channel, macaroon=macaroon, error=None)
def __connect(self): """Connect to the server""" try: cert = open('grpc-server.crt').read().encode("utf8") creds = grpc.ssl_channel_credentials(cert) channel = grpc.secure_channel("localhost:8000", creds, options=(( 'grpc.ssl_target_name_override', "localhost", ), )) self.action_stub = DalalMessage_pb2_grpc.DalalActionServiceStub( channel) self.stream_stub = DalalMessage_pb2_grpc.DalalStreamServiceStub( channel) except Exception as e: error_traceback = ''.join(traceback.format_tb(e.__traceback__)) error_message = "Got error: {} @@@ {}".format( str(e), error_traceback) self.write_to_logs(-1, error_message)
def _connect(self, timeout: float) -> None: """The function that runs on the connection thread. This will connect to Vector, and establish the BehaviorControl stream. """ try: if threading.main_thread() is threading.current_thread(): raise Exception( "\n\nConnection._connect must be run outside of the main thread." ) self._loop = asyncio.new_event_loop() asyncio.set_event_loop(self._loop) self._done_signal = asyncio.Event() if not self._requires_behavior_control: self._control_events = _ControlEventManager(self._loop) else: self._control_events = _ControlEventManager( self._loop, priority=CONTROL_PRIORITY_LEVEL.TOP_PRIORITY_AI) trusted_certs = None with open(self.cert_file, 'rb') as cert: trusted_certs = cert.read() # Pin the robot certificate for opening the channel channel_credentials = aiogrpc.ssl_channel_credentials( root_certificates=trusted_certs) # Add authorization header for all the calls call_credentials = aiogrpc.access_token_call_credentials( self._guid) credentials = aiogrpc.composite_channel_credentials( channel_credentials, call_credentials) self._logger.info( f"Connecting to {self.host} for {self.name} using {self.cert_file}" ) self._channel = aiogrpc.secure_channel( self.host, credentials, options=(( "grpc.ssl_target_name_override", self.name, ), )) # Verify the connection to Vector is able to be established (client-side) try: # Explicitly grab _channel._channel to test the underlying grpc channel directly grpc.channel_ready_future(self._channel._channel).result( timeout=timeout) # pylint: disable=protected-access except grpc.FutureTimeoutError as e: raise VectorNotFoundException() from e self._interface = client.ExternalInterfaceStub(self._channel) # Verify Vector and the SDK have compatible protocol versions version = protocol.ProtocolVersionRequest( client_version=CLIENT_VERSION, min_host_version=MIN_HOST_VERSION) protocol_version = self._loop.run_until_complete( self._interface.ProtocolVersion(version)) if protocol_version.result != protocol.ProtocolVersionResponse.SUCCESS or MIN_HOST_VERSION > protocol_version.host_version: # pylint: disable=no-member raise VectorInvalidVersionException(version, protocol_version) self._control_stream_task = self._loop.create_task( self._open_connections()) # Initialze SDK sdk_module_version = __version__ python_version = platform.python_version() python_implementation = platform.python_implementation() os_version = platform.platform() cpu_version = platform.machine() initialize = protocol.SDKInitializationRequest( sdk_module_version=sdk_module_version, python_version=python_version, python_implementation=python_implementation, os_version=os_version, cpu_version=cpu_version) self._loop.run_until_complete( self._interface.SDKInitialization(initialize)) if self._requires_behavior_control: self._loop.run_until_complete( self._request_control(timeout=timeout)) except Exception as e: # pylint: disable=broad-except # Propagate the errors to the calling thread setattr(self._ready_signal, "exception", e) self._loop.close() return finally: self._ready_signal.set() try: async def wait_until_done(): return await self._done_signal.wait() self._loop.run_until_complete(wait_until_done()) finally: self._loop.close()