コード例 #1
0
ファイル: benchmark_client.py プロジェクト: aaronjheng/grpc
    def __init__(self, server, config, hist):
        # Create the stub
        if config.HasField('security_params'):
            creds = grpc.ssl_channel_credentials(
                resources.test_root_certificates())
            channel = test_common.test_secure_channel(
                server, creds, config.security_params.server_host_override)
        else:
            channel = grpc.insecure_channel(server)

        # waits for the channel to be ready before we start sending messages
        grpc.channel_ready_future(channel).result()

        if config.payload_config.WhichOneof('payload') == 'simple_params':
            self._generic = False
            self._stub = services_pb2.BenchmarkServiceStub(channel)
            payload = messages_pb2.Payload(
                body='\0' * config.payload_config.simple_params.req_size)
            self._request = messages_pb2.SimpleRequest(
                payload=payload,
                response_size=config.payload_config.simple_params.resp_size)
        else:
            self._generic = True
            self._stub = GenericStub(channel)
            self._request = '\0' * config.payload_config.bytebuf_params.req_size

        self._hist = hist
        self._response_callbacks = []
コード例 #2
0
ファイル: grpc_util.py プロジェクト: gyaresu/dotfiles
def MakeSecureChannel(target):
  """Creates grpc secure channel.

  Args:
    target: str, The server address, for example:
      bigtableadmin.googleapis.com:443.

  Returns:
    grpc.secure channel.
  """

  credentials = cred_store.Load()
  # ssl_channel_credentials() loads root certificates from
  # `grpc/_adapter/credentials/roots.pem`.
  transport_creds = grpc.ssl_channel_credentials()
  custom_metadata_plugin = _MetadataPlugin(credentials)
  auth_creds = grpc.metadata_call_credentials(
      custom_metadata_plugin, name='google_creds')
  channel_creds = grpc.composite_channel_credentials(
      transport_creds, auth_creds)
  channel_args = (
      ('grpc.primary_user_agent',
       http.MakeUserAgentString(properties.VALUES.metrics.command_name.Get())),
  )
  return grpc.secure_channel(target, channel_creds,
                             options=channel_args)
コード例 #3
0
ファイル: _auth_context_test.py プロジェクト: Falco20019/grpc
    def testSecureNoCert(self):
        handler = grpc.method_handlers_generic_handler('test', {
            'UnaryUnary':
            grpc.unary_unary_rpc_method_handler(handle_unary_unary)
        })
        server = test_common.test_server()
        server.add_generic_rpc_handlers((handler,))
        server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
        port = server.add_secure_port('[::]:0', server_cred)
        server.start()

        channel_creds = grpc.ssl_channel_credentials(
            root_certificates=_TEST_ROOT_CERTIFICATES)
        channel = grpc.secure_channel(
            'localhost:{}'.format(port),
            channel_creds,
            options=_PROPERTY_OPTIONS)
        response = channel.unary_unary(_UNARY_UNARY)(_REQUEST)
        channel.close()
        server.stop(None)

        auth_data = pickle.loads(response)
        self.assertIsNone(auth_data[_ID])
        self.assertIsNone(auth_data[_ID_KEY])
        self.assertDictEqual({
            'transport_security_type': [b'ssl'],
            'ssl_session_reused': [b'false'],
        }, auth_data[_AUTH_CTX])
コード例 #4
0
ファイル: _auth_context_test.py プロジェクト: Falco20019/grpc
    def testSessionResumption(self):
        # Set up a secure server
        handler = grpc.method_handlers_generic_handler('test', {
            'UnaryUnary':
            grpc.unary_unary_rpc_method_handler(handle_unary_unary)
        })
        server = test_common.test_server()
        server.add_generic_rpc_handlers((handler,))
        server_cred = grpc.ssl_server_credentials(_SERVER_CERTS)
        port = server.add_secure_port('[::]:0', server_cred)
        server.start()

        # Create a cache for TLS session tickets
        cache = session_cache.ssl_session_cache_lru(1)
        channel_creds = grpc.ssl_channel_credentials(
            root_certificates=_TEST_ROOT_CERTIFICATES)
        channel_options = _PROPERTY_OPTIONS + (
            ('grpc.ssl_session_cache', cache),)

        # Initial connection has no session to resume
        self._do_one_shot_client_rpc(
            channel_creds,
            channel_options,
            port,
            expect_ssl_session_reused=[b'false'])

        # Subsequent connections resume sessions
        self._do_one_shot_client_rpc(
            channel_creds,
            channel_options,
            port,
            expect_ssl_session_reused=[b'true'])
        server.stop(None)
コード例 #5
0
ファイル: grpc_client.py プロジェクト: opencord/xos
    def __init__(
        self,
        hostname,
        port=50051,
        cacert=SERVER_CA,
        username=None,
        password=None,
        sessionid=None,
    ):
        super(SecureClient, self).__init__(hostname, port)

        server_ca = open(cacert, "r").read()
        if sessionid:
            call_creds = metadata_call_credentials(SessionIdCallCredentials(sessionid))
        else:
            call_creds = metadata_call_credentials(
                UsernamePasswordCallCredentials(username, password)
            )
        chan_creds = ssl_channel_credentials(server_ca)
        chan_creds = composite_channel_credentials(chan_creds, call_creds)

        self.channel = grpc.secure_channel(
            "%s:%d" % (self.hostname, self.port), chan_creds
        )
        self.stub = xos_pb2_grpc.xosStub(self.channel)
        self.modeldefs = modeldefs_pb2_grpc.modeldefsStub(self.channel)
        self.utility = utility_pb2_grpc.utilityStub(self.channel)

        self.xos_orm = orm.ORMStub(self.stub, "xos")
コード例 #6
0
ファイル: xos_grpc_client.py プロジェクト: opencord/xos
    def __init__(
        self,
        consul_endpoint=None,
        work_dir="/tmp/xos_grpc_protos",
        endpoint="localhost:50055",
        reconnect_callback=None,
        cacert=SERVER_CA,
        username=None,
        password=None,
        sessionid=None,
    ):
        server_ca = open(cacert, "r").read()
        if sessionid:
            call_creds = metadata_call_credentials(SessionIdCallCredentials(sessionid))
        else:
            call_creds = metadata_call_credentials(
                UsernamePasswordCallCredentials(username, password)
            )
        chan_creds = ssl_channel_credentials(server_ca)
        chan_creds = composite_channel_credentials(chan_creds, call_creds)

        super(SecureClient, self).__init__(
            consul_endpoint, work_dir, endpoint, self.reconnected, chan_creds
        )

        self.reconnect_callback2 = reconnect_callback
コード例 #7
0
  def __init__(self, server, config, hist):
    # Create the stub
    if config.HasField('security_params'):
      creds = grpc.ssl_channel_credentials(resources.test_root_certificates())
      channel = test_common.test_secure_channel(
        server, creds, config.security_params.server_host_override)
    else:
      channel = grpc.insecure_channel(server)

    connected_event = threading.Event()
    def wait_for_ready(connectivity):
      if connectivity == grpc.ChannelConnectivity.READY:
        connected_event.set()
    channel.subscribe(wait_for_ready, try_to_connect=True)
    connected_event.wait()

    if config.payload_config.WhichOneof('payload') == 'simple_params':
      self._generic = False
      self._stub = services_pb2.BenchmarkServiceStub(channel)
      payload = messages_pb2.Payload(
          body='\0' * config.payload_config.simple_params.req_size)
      self._request = messages_pb2.SimpleRequest(
          payload=payload,
          response_size=config.payload_config.simple_params.resp_size)
    else:
      self._generic = True
      self._stub = GenericStub(channel)
      self._request = '\0' * config.payload_config.bytebuf_params.req_size

    self._hist = hist
    self._response_callbacks = []
コード例 #8
0
ファイル: _helpers.py プロジェクト: tmatsuo/gcloud-python
def make_secure_stub(credentials, user_agent, stub_class, host):
    """Makes a secure stub for an RPC service.

    Uses / depends on gRPC.

    :type credentials: :class:`oauth2client.client.OAuth2Credentials`
    :param credentials: The OAuth2 Credentials to use for creating
                        access tokens.

    :type user_agent: str
    :param user_agent: (Optional) The user agent to be used with API requests.

    :type stub_class: type
    :param stub_class: A gRPC stub type for a given service.

    :type host: str
    :param host: The host for the service.

    :rtype: object, instance of ``stub_class``
    :returns: The stub object used to make gRPC requests to a given API.
    """
    # ssl_channel_credentials() loads root certificates from
    # `grpc/_adapter/credentials/roots.pem`.
    transport_creds = grpc.ssl_channel_credentials()
    custom_metadata_plugin = MetadataPlugin(credentials, user_agent)
    auth_creds = grpc.metadata_call_credentials(
        custom_metadata_plugin, name='google_creds')
    channel_creds = grpc.composite_channel_credentials(
        transport_creds, auth_creds)
    target = '%s:%d' % (host, http_client.HTTPS_PORT)
    channel = grpc.secure_channel(target, channel_creds)
    return stub_class(channel)
コード例 #9
0
ファイル: _auth_context_test.py プロジェクト: Falco20019/grpc
    def testSecureClientCert(self):
        handler = grpc.method_handlers_generic_handler('test', {
            'UnaryUnary':
            grpc.unary_unary_rpc_method_handler(handle_unary_unary)
        })
        server = test_common.test_server()
        server.add_generic_rpc_handlers((handler,))
        server_cred = grpc.ssl_server_credentials(
            _SERVER_CERTS,
            root_certificates=_TEST_ROOT_CERTIFICATES,
            require_client_auth=True)
        port = server.add_secure_port('[::]:0', server_cred)
        server.start()

        channel_creds = grpc.ssl_channel_credentials(
            root_certificates=_TEST_ROOT_CERTIFICATES,
            private_key=_PRIVATE_KEY,
            certificate_chain=_CERTIFICATE_CHAIN)
        channel = grpc.secure_channel(
            'localhost:{}'.format(port),
            channel_creds,
            options=_PROPERTY_OPTIONS)

        response = channel.unary_unary(_UNARY_UNARY)(_REQUEST)
        channel.close()
        server.stop(None)

        auth_data = pickle.loads(response)
        auth_ctx = auth_data[_AUTH_CTX]
        six.assertCountEqual(self, _CLIENT_IDS, auth_data[_ID])
        self.assertEqual('x509_subject_alternative_name', auth_data[_ID_KEY])
        self.assertSequenceEqual([b'ssl'], auth_ctx['transport_security_type'])
        self.assertSequenceEqual([b'*.test.google.com'],
                                 auth_ctx['x509_common_name'])
コード例 #10
0
ファイル: methods.py プロジェクト: alexinblock/grpc
def _channel(args):
    target = '{}:{}'.format(args.server_host, args.server_port)
    if args.use_tls:
        channel_credentials = grpc.ssl_channel_credentials()
        channel = grpc.secure_channel(target, channel_credentials)
    else:
        channel = grpc.insecure_channel(target)
    return channel
コード例 #11
0
ファイル: bdd_grpc_util.py プロジェクト: 2016Nishi/fabric
def getGRPCChannel(ipAddress, port, root_certificates, ssl_target_name_override):
    # channel = grpc.insecure_channel("{0}:{1}".format(ipAddress, 7051), options = [('grpc.max_message_length', 100*1024*1024)])
    # creds = grpc.ssl_channel_credentials(root_certificates=root_certificates, private_key=private_key, certificate_chain=certificate_chain)
    creds = grpc.ssl_channel_credentials(root_certificates=root_certificates)
    channel = grpc.secure_channel("{0}:{1}".format(ipAddress, port), creds,
                                  options=(('grpc.ssl_target_name_override', ssl_target_name_override,),('grpc.default_authority', ssl_target_name_override,),))
    print("Returning GRPC for address: {0}".format(ipAddress))
    return channel
コード例 #12
0
ファイル: grpc.py プロジェクト: RodrigoMG07/ChallengeDrive
def secure_authorized_channel(
        credentials, request, target, ssl_credentials=None, **kwargs):
    """Creates a secure authorized gRPC channel.

    This creates a channel with SSL and :class:`AuthMetadataPlugin`. This
    channel can be used to create a stub that can make authorized requests.

    Example::

        import google.auth
        import google.auth.transport.grpc
        import google.auth.transport.requests
        from google.cloud.speech.v1 import cloud_speech_pb2

        # Get credentials.
        credentials, _ = google.auth.default()

        # Get an HTTP request function to refresh credentials.
        request = google.auth.transport.requests.Request()

        # Create a channel.
        channel = google.auth.transport.grpc.secure_authorized_channel(
            credentials, 'speech.googleapis.com:443', request)

        # Use the channel to create a stub.
        cloud_speech.create_Speech_stub(channel)

    Args:
        credentials (google.auth.credentials.Credentials): The credentials to
            add to requests.
        request (google.auth.transport.Request): A HTTP transport request
            object used to refresh credentials as needed. Even though gRPC
            is a separate transport, there's no way to refresh the credentials
            without using a standard http transport.
        target (str): The host and port of the service.
        ssl_credentials (grpc.ChannelCredentials): Optional SSL channel
            credentials. This can be used to specify different certificates.
        kwargs: Additional arguments to pass to :func:`grpc.secure_channel`.

    Returns:
        grpc.Channel: The created gRPC channel.
    """
    # Create the metadata plugin for inserting the authorization header.
    metadata_plugin = AuthMetadataPlugin(credentials, request)

    # Create a set of grpc.CallCredentials using the metadata plugin.
    google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin)

    if ssl_credentials is None:
        ssl_credentials = grpc.ssl_channel_credentials()

    # Combine the ssl credentials and the authorization credentials.
    composite_credentials = grpc.composite_channel_credentials(
        ssl_credentials, google_auth_credentials)

    return grpc.secure_channel(target, composite_credentials, **kwargs)
コード例 #13
0
def Main():
    try:
        parser = argparse.ArgumentParser()

        parser.add_argument('-d','--device', help='Input hostname',
            required=True)
        parser.add_argument('-t','--timeout', help='Input time_out value',
            required=True,type=int)
        parser.add_argument('-u', '--user', help='Input username',
            required=True)
        parser.add_argument('-pw', '--password', help='Input password',
            required=True)

        args = parser.parse_args()

        #Establish grpc channel to jet router
        creds = grpc.ssl_channel_credentials(open('/tmp/RSA2048.pem').read(),
                                                None, None)
        channel = grpc.secure_channel(args.device + ":32767", creds, 
            options=(('grpc.ssl_target_name_override', _HOST_OVERRIDE,),))

        #create stub for authentication services
        stub = authentication_service_pb2.LoginStub(channel)
        #Authenticate
        login_request = authentication_service_pb2.LoginRequest(
            user_name=args.user, password=args.password, client_id="SampleApp")
        login_response = stub.LoginCheck(login_request, args.timeout)

        #Check if authentication is successful
        if login_response.result == True:
            print "[INFO] Connected to gRPC Server:"
            print login_response.result
        else:
            print "[ERROR] gRPC Server Connection failed!!!"
            print login_response.result

        #Create stub for management services
        stub = management_service_pb2.ManagementRpcApiStub(channel)
        print "[INFO] Connected to JSD and created handle to mgd services"
        
        for i in range(1):
            #Provide API request details 
            op_xml_command = "<get-system-uptime-information>" \
            "</get-system-uptime-information>"
            op = management_service_pb2.ExecuteOpCommandRequest(
                xml_command=op_xml_command, out_format=2, request_id=1000)
            # Invoke API
            result = stub.ExecuteOpCommand(op, 100)
            # Check API response like status and output
            for i in result:
                print "[INFO] Invoked ExecuteOpCommand API return code = "
                print i.status
                print "[INFO] Return output in CLI format = "
                print i.data
    except Exception as ex:
        print ex
コード例 #14
0
ファイル: utils.py プロジェクト: arturgontijo/snet-cli
def open_grpc_channel(endpoint):
    """
       open grpc channel:
           - for http://  we open insecure_channel
           - for https:// we open secure_channel (with default credentials)
           - without prefix we open insecure_channel
    """
    if (endpoint.startswith("https://")):
        return grpc.secure_channel(remove_http_https_prefix(endpoint), grpc.ssl_channel_credentials())
    return grpc.insecure_channel(remove_http_https_prefix(endpoint))
コード例 #15
0
def secure_authorized_channel(
        credentials, target, ssl_credentials=None):
    """Creates a secure authorized gRPC channel."""
    if ssl_credentials is None:
        ssl_credentials = grpc.ssl_channel_credentials()

    metadata_plugin = AuthMetadataPlugin(credentials)
    call_credentials = grpc.metadata_call_credentials(metadata_plugin)
    channel_creds = grpc.composite_channel_credentials(
        ssl_credentials, call_credentials)

    return grpc.secure_channel(target, channel_creds)
コード例 #16
0
 def _do_one_shot_client_rpc(self,
                             expect_success,
                             root_certificates=None,
                             private_key=None,
                             certificate_chain=None):
     credentials = grpc.ssl_channel_credentials(
         root_certificates=root_certificates,
         private_key=private_key,
         certificate_chain=certificate_chain)
     with _create_channel(self.port, credentials) as client_channel:
         client_stub = _create_client_stub(client_channel, expect_success)
         self._perform_rpc(client_stub, expect_success)
コード例 #17
0
def create_channel(
    target, credentials=None, scopes=None, ssl_credentials=None, **kwargs
):
    """Create a secure channel with credentials.

    Args:
        target (str): The target service address in the format 'hostname:port'.
        credentials (google.auth.credentials.Credentials): The credentials. If
            not specified, then this function will attempt to ascertain the
            credentials from the environment using :func:`google.auth.default`.
        scopes (Sequence[str]): A optional list of scopes needed for this
            service. These are only used when credentials are not specified and
            are passed to :func:`google.auth.default`.
        ssl_credentials (grpc.ChannelCredentials): Optional SSL channel
            credentials. This can be used to specify different certificates.
        kwargs: Additional key-word args passed to
            :func:`grpc_gcp.secure_channel` or :func:`grpc.secure_channel`.

    Returns:
        grpc.Channel: The created channel.
    """
    if credentials is None:
        credentials, _ = google.auth.default(scopes=scopes)
    else:
        credentials = google.auth.credentials.with_scopes_if_required(
            credentials, scopes
        )

    request = google.auth.transport.requests.Request()

    # Create the metadata plugin for inserting the authorization header.
    metadata_plugin = google.auth.transport.grpc.AuthMetadataPlugin(
        credentials, request
    )

    # Create a set of grpc.CallCredentials using the metadata plugin.
    google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin)

    if ssl_credentials is None:
        ssl_credentials = grpc.ssl_channel_credentials()

    # Combine the ssl credentials and the authorization credentials.
    composite_credentials = grpc.composite_channel_credentials(
        ssl_credentials, google_auth_credentials
    )

    if HAS_GRPC_GCP:
        # If grpc_gcp module is available use grpc_gcp.secure_channel,
        # otherwise, use grpc.secure_channel to create grpc channel.
        return grpc_gcp.secure_channel(target, composite_credentials, **kwargs)
    else:
        return grpc.secure_channel(target, composite_credentials, **kwargs)
コード例 #18
0
ファイル: client.py プロジェクト: izouxv/grpc
def _get_channel(target, args):
  if args.use_tls:
    if args.use_test_ca:
      root_certificates = resources.test_root_certificates()
    else:
      root_certificates = None  # will load default roots.
    channel_credentials = grpc.ssl_channel_credentials(
        root_certificates=root_certificates)
    options = (('grpc.ssl_target_name_override', args.server_host_override,),)
    return grpc.secure_channel(
        target, channel_credentials, options=options)
  else:
    return grpc.insecure_channel(target)
コード例 #19
0
ファイル: DynamicCOS.py プロジェクト: Juniper/jet-app-store
def Main():
    """
    This function handles connections to Sites, Routers and JET firewall and management services
    """
    try:
        "connection handles to site is optional in case polling to sites on SNMP/DyCOS server"
        for i in range(1, n+1):
            creds = grpc.ssl_channel_credentials(open('{}.pem'.format(globals()['S%s_IP' %i])).read())
            channel = grpc.secure_channel(globals()['S%s_IP' %i]+':'+PORT, creds)
            res = _authenticateChannel(channel, USER, PASSWORD, CLIENT_ID)
            print "Authentication "+('success' if res else 'failure')+' for '+globals()['S%s_IP' %i]
            if res is False:
                return
            S_mgmt_stub = mgd_service_pb2.ManagementRpcApiStub(channel)
         
            globals()['mgmt_S%s' % i] = S_mgmt_stub

        "MX router connection and JET service handles"
        for i in range(1, n-1):
            creds = grpc.ssl_channel_credentials(open('{}.pem'.format(globals()['R%s_IP' %i])).read())
            channel = grpc.secure_channel(globals()['R%s_IP' %i]+':'+PORT, creds)
            res = _authenticateChannel(channel, USER, PASSWORD, CLIENT_ID)
            print "Authentication "+('success' if res else 'failure')+' for '+globals()['R%s_IP' %i]
            if res is False:
                return
            
            R_fw_stub = firewall_service_pb2.AclServiceStub(channel)
            R_mgmt_stub = mgd_service_pb2.ManagementRpcApiStub(channel)
            globals()['mgmt_R%s' % i] = R_mgmt_stub
            globals()['fw_R%s' % i] = R_fw_stub

        Initial_Cos_Configs()
        Get_Site_Latest_Data()

    except KeyboardInterrupt:
         pass
    except Exception as tx:
        print '%s' % (tx.message)
    return
コード例 #20
0
ファイル: _secure_interop_test.py プロジェクト: ambasta/grpc
 def setUp(self):
   self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
   test_pb2.add_TestServiceServicer_to_server(
       methods.TestService(), self.server)
   port = self.server.add_secure_port(
       '[::]:0', grpc.ssl_server_credentials(
           [(resources.private_key(), resources.certificate_chain())]))
   self.server.start()
   self.stub = test_pb2.TestServiceStub(
       grpc.secure_channel(
           'localhost:{}'.format(port),
           grpc.ssl_channel_credentials(resources.test_root_certificates()),
           (('grpc.ssl_target_name_override', _SERVER_HOST_OVERRIDE,),)))
コード例 #21
0
ファイル: grpcclient.py プロジェクト: Yan-waller/ceph
 def _get_channel(self):
     try:
         creds = grpc.ssl_channel_credentials(
             root_certificates=self.cert_context)
         self.channel = \
             grpc.secure_channel('{}:{}'.format(
                 self.host, self.port), creds,
                 options=(('grpc.ssl_target_name_override', self.ssl_target_name,),
                          ('grpc.default_authority', self.default_authority),))
     except Exception as e:
         self._logger.error(
             'failed to create connection exception: {}'.format(
                 ';'.join(str(e).split('\n\t'))))
コード例 #22
0
def get_auth():
    client_key_file = open("../../auth/client.key")
    client_key = client_key_file.read()
    client_key_file.close()

    client_crt_file = open("../../auth/client.crt")
    client_crt = client_crt_file.read()
    client_crt_file.close()

    ca_crt_file = open("../../auth/ca.crt")
    ca_crt = ca_crt_file.read()
    ca_crt_file.close()

    return grpc.ssl_channel_credentials(root_certificates=ca_crt, private_key=client_key, certificate_chain=client_crt)
コード例 #23
0
  def dial(self):
    if self.stub:
      self.stub.close()

    p = urlparse('http://' + self.addr)
    target = '%s:%s' % (p.hostname, p.port)

    if self.root_certificates or self.private_key or self.certificate_chain:
      creds = grpc.ssl_channel_credentials(
          self.root_certificates, self.private_key, self.certificate_chain)
      channel = grpc.secure_channel(target, creds)
    else:
      channel = grpc.insecure_channel(target)
    self.stub = vtgateservice_pb2.VitessStub(channel)
コード例 #24
0
def _create_client_stub(
        port,
        expect_success,
        root_certificates=None,
        private_key=None,
        certificate_chain=None,):
    channel = grpc.secure_channel('localhost:{}'.format(port),
                                  grpc.ssl_channel_credentials(
                                      root_certificates=root_certificates,
                                      private_key=private_key,
                                      certificate_chain=certificate_chain))
    if expect_success:
        # per Nathaniel: there's some robustness issue if we start
        # using a channel without waiting for it to be actually ready
        grpc.channel_ready_future(channel).result(timeout=10)
    return services_pb2_grpc.FirstServiceStub(channel)
コード例 #25
0
ファイル: grpc_vtgate_client.py プロジェクト: msolo/vitess
  def dial(self):
    if self.stub:
      self.stub.close()

    p = urlparse('http://' + self.addr)
    target = '%s:%s' % (p.hostname, p.port)

    if self.root_certificates or self.private_key or self.certificate_chain:
      creds = grpc.ssl_channel_credentials(
          self.root_certificates, self.private_key, self.certificate_chain)
      channel = grpc.secure_channel(target, creds)
    else:
      channel = grpc.insecure_channel(target)
    if self.auth_static_client_creds is not None:
      channel = grpc_with_metadata.GRPCWithMetadataChannel(channel, self.get_auth_static_client_creds)
    self.stub = vtgateservice_pb2.VitessStub(channel)
コード例 #26
0
def test_create_channel_implicit_with_ssl_creds(
    grpc_secure_channel, default, composite_creds_call
):
    target = "example.com:443"

    ssl_creds = grpc.ssl_channel_credentials()

    grpc_helpers.create_channel(target, ssl_credentials=ssl_creds)

    default.assert_called_once_with(scopes=None)
    composite_creds_call.assert_called_once_with(ssl_creds, mock.ANY)
    composite_creds = composite_creds_call.return_value
    if grpc_helpers.HAS_GRPC_GCP:
        grpc_secure_channel.assert_called_once_with(target, composite_creds, None)
    else:
        grpc_secure_channel.assert_called_once_with(target, composite_creds)
コード例 #27
0
 def setUp(self):
     self.server = test_common.test_server()
     test_pb2_grpc.add_TestServiceServicer_to_server(service.TestService(),
                                                     self.server)
     port = self.server.add_secure_port(
         '[::]:0',
         grpc.ssl_server_credentials([(resources.private_key(),
                                       resources.certificate_chain())]))
     self.server.start()
     self.stub = test_pb2_grpc.TestServiceStub(
         grpc.secure_channel('localhost:{}'.format(port),
                             grpc.ssl_channel_credentials(
                                 resources.test_root_certificates()), ((
                                     'grpc.ssl_target_name_override',
                                     _SERVER_HOST_OVERRIDE,
                                 ),)))
コード例 #28
0
ファイル: client.py プロジェクト: Falco20019/grpc
def _stub(args):
    target = '{}:{}'.format(args.server_host, args.server_port)
    if args.test_case == 'oauth2_auth_token':
        google_credentials, unused_project_id = google_auth.default(
            scopes=[args.oauth_scope])
        google_credentials.refresh(google_auth.transport.requests.Request())
        call_credentials = grpc.access_token_call_credentials(
            google_credentials.token)
    elif args.test_case == 'compute_engine_creds':
        google_credentials, unused_project_id = google_auth.default(
            scopes=[args.oauth_scope])
        call_credentials = grpc.metadata_call_credentials(
            google_auth.transport.grpc.AuthMetadataPlugin(
                credentials=google_credentials,
                request=google_auth.transport.requests.Request()))
    elif args.test_case == 'jwt_token_creds':
        google_credentials = google_auth_jwt.OnDemandCredentials.from_service_account_file(
            os.environ[google_auth.environment_vars.CREDENTIALS])
        call_credentials = grpc.metadata_call_credentials(
            google_auth.transport.grpc.AuthMetadataPlugin(
                credentials=google_credentials, request=None))
    else:
        call_credentials = None
    if args.use_tls:
        if args.use_test_ca:
            root_certificates = resources.test_root_certificates()
        else:
            root_certificates = None  # will load default roots.

        channel_credentials = grpc.ssl_channel_credentials(root_certificates)
        if call_credentials is not None:
            channel_credentials = grpc.composite_channel_credentials(
                channel_credentials, call_credentials)

        channel_opts = None
        if args.server_host_override:
            channel_opts = ((
                'grpc.ssl_target_name_override',
                args.server_host_override,
            ),)
        channel = grpc.secure_channel(target, channel_credentials, channel_opts)
    else:
        channel = grpc.insecure_channel(target)
    if args.test_case == "unimplemented_service":
        return test_pb2_grpc.UnimplementedServiceStub(channel)
    else:
        return test_pb2_grpc.TestServiceStub(channel)
コード例 #29
0
  def test_channel_credentials_composition(self):
    first_call_credentials = grpc.access_token_call_credentials('abc')
    second_call_credentials = grpc.access_token_call_credentials('def')
    third_call_credentials = grpc.access_token_call_credentials('ghi')
    channel_credentials = grpc.ssl_channel_credentials()

    channel_and_first = grpc.composite_channel_credentials(
        channel_credentials, first_call_credentials)
    channel_first_and_second = grpc.composite_channel_credentials(
        channel_credentials, first_call_credentials, second_call_credentials)
    channel_first_second_and_third = grpc.composite_channel_credentials(
        channel_credentials, first_call_credentials, second_call_credentials,
        third_call_credentials)

    self.assertIsInstance(channel_and_first, grpc.ChannelCredentials)
    self.assertIsInstance(channel_first_and_second, grpc.ChannelCredentials)
    self.assertIsInstance(
        channel_first_second_and_third, grpc.ChannelCredentials)
コード例 #30
0
ファイル: client.py プロジェクト: deepaklukose/grpc
def _get_channel(target, args):
    if args.use_tls:
        if args.use_test_ca:
            root_certificates = resources.test_root_certificates()
        else:
            root_certificates = None  # will load default roots.
        channel_credentials = grpc.ssl_channel_credentials(
            root_certificates=root_certificates)
        options = (('grpc.ssl_target_name_override',
                    args.server_host_override,),)
        channel = grpc.secure_channel(
            target, channel_credentials, options=options)
    else:
        channel = grpc.insecure_channel(target)

    # waits for the channel to be ready before we start sending messages
    grpc.channel_ready_future(channel).result()
    return channel
コード例 #31
0
ファイル: docs.py プロジェクト: TulipSolutions/tecl
try:
    from python.tulipsolutions.api.auth import jwt_interceptor
except ImportError:
    from tulipsolutions.api.auth import jwt_interceptor
try:
    from python.tulipsolutions.api.auth import message_authentication_interceptor
except ImportError:
    from tulipsolutions.api.auth import message_authentication_interceptor


if __name__ == '__main__':
    args = sys.argv
    if len(args) == 1:
        # Use system CA trust store to connect to public MockGrpc service.
        address = 'mockgrpc.test.tulipsolutions.nl:443'
        creds = grpc.ssl_channel_credentials()
    elif len(args) == 3:
        # Use Mock CA certificates from this repository
        # The server cert is set up to accept connections to localhost
        ca_cert_path = 'mockgrpc/src/main/resources/certs/mock_ca.crt'
        if not os.path.exists(ca_cert_path):
            # If this file is run from the examples workspace, the cert file will be placed here by Bazel
            ca_cert_path = "external/nl_tulipsolutions_tecl/" + ca_cert_path
        with open(ca_cert_path, 'rb') as ca_cert_file:
            trust_cert_collection = ca_cert_file.read()
        creds = grpc.ssl_channel_credentials(trust_cert_collection)
        address = '%s:%s' % (args[1], args[2])
    elif len(args) == 4:
        # Use command line provided CA certificate bundle
        address = '%s:%s' % (args[1], args[2])
        with open(args[3], 'rb') as ca_cert_file:
コード例 #32
0
ファイル: lnd_grpc.py プロジェクト: Rochard/lnd_grpc
 def build_credentials(self):
     self.cert_creds = grpc.ssl_channel_credentials(self.tls_cert_key)
     self.auth_creds = grpc.metadata_call_credentials(
         self.metadata_callback)
     self.combined_creds = grpc.composite_channel_credentials(
         self.cert_creds, self.auth_creds)
コード例 #33
0
ファイル: builder.py プロジェクト: tahigash/cisco-gnmi-python
    def construct(self, return_channel=False):
        """Constructs and returns the desired Client object.
        The instance of this class will reset to default values for further building.

        Returns
        -------
        Client or NXClient or XEClient or XRClient
        """
        channel = None
        if self.__secure:
            LOGGER.debug("Using secure channel.")
            channel_metadata_creds = None
            if self.__username and self.__password:
                LOGGER.debug("Using username/password call authentication.")
                channel_metadata_creds = grpc.metadata_call_credentials(
                    CiscoAuthPlugin(self.__username, self.__password))
            channel_ssl_creds = grpc.ssl_channel_credentials(
                self.__root_certificates, self.__private_key,
                self.__certificate_chain)
            channel_creds = None
            if channel_ssl_creds and channel_metadata_creds:
                LOGGER.debug(
                    "Using SSL/metadata authentication composite credentials.")
                channel_creds = grpc.composite_channel_credentials(
                    channel_ssl_creds, channel_metadata_creds)
            else:
                LOGGER.debug(
                    "Using SSL credentials, no channel metadata authentication."
                )
                channel_creds = channel_ssl_creds
            if self.__ssl_target_name_override is not False:
                if self.__ssl_target_name_override is None:
                    if not self.__root_certificates:
                        raise Exception(
                            "Deriving override requires root certificate!")
                    self.__ssl_target_name_override = get_cn_from_cert(
                        self.__root_certificates)
                    LOGGER.warning(
                        "Overriding SSL option from certificate could increase MITM susceptibility!"
                    )
                self.set_channel_option("grpc.ssl_target_name_override",
                                        self.__ssl_target_name_override)
            channel = grpc.secure_channel(self.__target_netloc.netloc,
                                          channel_creds,
                                          self.__channel_options)
        else:
            LOGGER.warning(
                "Insecure gRPC channel is against gNMI specification, personal data may be compromised."
            )
            channel = grpc.insecure_channel(self.__target_netloc.netloc)
        if self.__client_class is None:
            self.set_os()
        client = None
        if self.__secure:
            client = self.__client_class(channel)
        else:
            client = self.__client_class(
                channel,
                default_call_metadata=[
                    ("username", self.__username),
                    ("password", self.__password),
                ],
            )
        self._reset()
        if return_channel:
            return client, channel
        else:
            return client
コード例 #34
0
# coding: utf-8
from dialog_bot_sdk.bot import DialogBot
import grpc
import os


def on_msg(*params):
    print('on msg', params)
    d.messaging.send_message(
        params[0].peer, str(params[0].message.textMessage.text)
    )


if __name__ == '__main__':
    d = DialogBot.get_secure_bot(
        'grpc-test.transmit.im:8080',  # bot endpoint
        grpc.ssl_channel_credentials(),  # SSL credentials
        os.environ.get('BOT_TOKEN')  # bot token
    )

    d.messaging.on_message(on_msg)
コード例 #35
0
ファイル: tn-cli.py プロジェクト: Gys/tinode_chat
def run(args, schema, secret):
    try:
        if tn_globals.IsInteractive:
            tn_globals.Prompt = PromptSession()
        # Create secure channel with default credentials.
        channel = None
        if args.ssl:
            opts = (('grpc.ssl_target_name_override', args.ssl_host),) if args.ssl_host else None
            channel = grpc.secure_channel(args.host, grpc.ssl_channel_credentials(), opts)
        else:
            channel = grpc.insecure_channel(args.host)

        # Call the server
        stream = pbx.NodeStub(channel).MessageLoop(gen_message(schema, secret, args))

        # Read server responses
        for msg in stream:
            if msg.HasField("ctrl"):
                handle_ctrl(msg.ctrl)

            elif msg.HasField("meta"):
                what = []
                if len(msg.meta.sub) > 0:
                    what.append("sub")
                if msg.meta.HasField("desc"):
                    what.append("desc")
                if msg.meta.HasField("del"):
                    what.append("del")
                if len(msg.meta.tags) > 0:
                    what.append("tags")
                stdoutln("\r<= meta " + ",".join(what) + " " + msg.meta.topic)

                if tn_globals.WaitingFor and tn_globals.WaitingFor.await_id == msg.meta.id:
                    if 'varname' in tn_globals.WaitingFor:
                        tn_globals.Variables[tn_globals.WaitingFor.varname] = msg.meta
                    tn_globals.WaitingFor = None

            elif msg.HasField("data"):
                stdoutln("\n\rFrom: " + msg.data.from_user_id)
                stdoutln("Topic: " + msg.data.topic)
                stdoutln("Seq: " + str(msg.data.seq_id))
                if msg.data.head:
                    stdoutln("Headers:")
                    for key in msg.data.head:
                        stdoutln("\t" + key + ": "+str(msg.data.head[key]))
                stdoutln(json.loads(msg.data.content))

            elif msg.HasField("pres"):
                pass

            elif msg.HasField("info"):
                what = "unknown"
                if msg.info.what == pb.READ:
                    what = "read"
                elif msg.info.what == pb.RECV:
                    what = "recv"
                elif msg.info.what == pb.KP:
                    what = "kp"
                stdoutln("\rMessage #" + str(msg.info.seq_id) + " " + what +
                    " by " + msg.info.from_user_id + "; topic=" + msg.info.topic + " (" + msg.topic + ")")

            else:
                stdoutln("\rMessage type not handled" + str(msg))

    except grpc.RpcError as err:
        # print(err)
        printerr("gRPC failed with {0}: {1}".format(err.code(), err.details()))
    except Exception as ex:
        printerr("Request failed: {0}".format(ex))
        # print(traceback.format_exc())
    finally:
        printout('Shutting down...')
        channel.close()
        if tn_globals.InputThread != None:
            tn_globals.InputThread.join(0.3)
コード例 #36
0
 def get_cert_credentials(self):
     if self.cert_credentials is None:
         lnd_tls_cert_path = os.path.join(self.lnd.lnddir, 'tls.cert')
         lnd_tls_cert = open(lnd_tls_cert_path, 'rb').read()
         self.cert_credentials = grpc.ssl_channel_credentials(lnd_tls_cert)
     return self.cert_credentials
コード例 #37
0

@pytest.fixture
def event_loop():
    asyncio.set_event_loop(_test_event_loop)
    return asyncio.get_event_loop()


dir = os.path.dirname(__file__)
with open(os.path.join(dir, "../cert/mtls.crt"), "rb") as fh:
    cert = fh.read()
with open(os.path.join(dir, "../cert/mtls.key"), "rb") as fh:
    key = fh.read()

ssl_credentials = grpc.ssl_channel_credentials(root_certificates=cert,
                                               certificate_chain=cert,
                                               private_key=key)


def callback():
    return cert, key


client_options = ClientOptions.ClientOptions()
client_options.client_cert_source = callback


def pytest_addoption(parser):
    parser.addoption("--mtls",
                     action="store_true",
                     help="Run system test with mutual TLS channel")
コード例 #38
0
cert = open(os.path.expanduser("~/.lnd/tls.cert"), "rb").read()


def metadata_callback(context, callback):
    with open(
            os.path.expanduser(
                "~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon"),
            "rb") as f:
        macaroon_bytes = f.read()
        macaroon = codecs.encode(macaroon_bytes, "hex")
        callback([("macaroon", macaroon)], None)


# build ssl credentials using the cert the same as before
cert_creds = grpc.ssl_channel_credentials(cert)
# now build meta data credentials
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# combine the cert credentials and the macaroon auth credentials
combined_creds = grpc.composite_channel_credentials(cert_creds, auth_creds)
# finally pass in the combined credentials when creating a channel
channel = grpc.secure_channel("localhost:10009", combined_creds)
stub = lnrpc.LightningStub(channel)

# now every call will be made with the macaroon already included

list_req = ln.ListInvoiceRequest(pending_only=True,
                                 num_max_invoices=1,
                                 reversed=True)
invoice_num = stub.ListInvoices(list_req).invoices[-1].add_index
                        get_padded_frame_size(frame_samples, f.getframerate())
                        * 2, b'\0')
                request = stt_pb2.StreamingRecognizeRequest()
                request.audio_content = opus_encoder.encode(
                    data,
                    len(data) >> 1)
                yield request
    except Exception as e:
        print("Got exception in generate_requests", e)
        raise


def print_streaming_recognition_responses(responses):
    for response in responses:
        for result in response.results:
            print("Channel", result.recognition_result.channel)
            print("Phrase start:",
                  result.recognition_result.start_time.ToTimedelta())
            print("Phrase end:  ",
                  result.recognition_result.end_time.ToTimedelta())
            for alternative in result.recognition_result.alternatives:
                print('"' + alternative.transcript + '"')
            print("------------------")


stub = stt_pb2_grpc.SpeechToTextStub(
    grpc.secure_channel(endpoint, grpc.ssl_channel_credentials()))
metadata = authorization_metadata(api_key, secret_key, "tinkoff.cloud.stt")
responses = stub.StreamingRecognize(generate_requests(), metadata=metadata)
print_streaming_recognition_responses(responses)
コード例 #40
0
# -*- coding: utf-8 -*-

import grpc
from pb.authentication import authenticationService_pb2_grpc
from pb.common import replyInfo_pb2
from authService import auth
import unittest
import os

auth_host_staging = os.environ.get("AUTH_HOST_STAGING", "")
auth_host_production = os.environ.get("AUTH_HOST_PRODUCTION", "")
creds = grpc.ssl_channel_credentials()
staging_auth_channel = grpc.secure_channel(auth_host_staging,
                                           credentials=creds)
staging_auth_client = authenticationService_pb2_grpc.AuthenticationServiceStub(
    staging_auth_channel)
prod_auth_channel = grpc.secure_channel(auth_host_production,
                                        credentials=creds)
prod_auth_client = authenticationService_pb2_grpc.AuthenticationServiceStub(
    prod_auth_channel)
authenticator = auth.AdminAuthenticator(
    username=os.environ.get("AUTH_USERNAME", ""),
    password=os.environ.get("AUTH_PASSWORD", ""),
    company_id=os.environ.get("AUTH_COMPANY_ID", ""))


class AuthTestSuite(unittest.TestCase):
    """Basic authentication test cases."""
    @staticmethod
    def test_staging_authentication():
        assert authenticator is not None
コード例 #41
0
def _run(flags, experiment_url_callback=None):
    """Runs the main uploader program given parsed flags.

    Args:
      flags: An `argparse.Namespace`.
      experiment_url_callback: A function accepting a single string argument
        containing the full TB.dev URL of the uploaded experiment.
    """

    logging.set_stderrthreshold(logging.WARNING)
    intent = _get_intent(flags, experiment_url_callback)

    store = auth.CredentialsStore()
    if isinstance(intent, _AuthRevokeIntent):
        store.clear()
        sys.stderr.write("Logged out of uploader.\n")
        sys.stderr.flush()
        return
    # TODO(b/141723268): maybe reconfirm Google Account prior to reuse.
    credentials = store.read_credentials()
    if not credentials:
        _prompt_for_user_ack(intent)
        client_config = json.loads(auth.OAUTH_CLIENT_CONFIG)
        flow = auth.build_installed_app_flow(client_config)
        credentials = flow.run(force_console=flags.auth_force_console)
        sys.stderr.write("\n")  # Extra newline after auth flow messages.
        store.write_credentials(credentials)

    channel_options = None
    if flags.grpc_creds_type == "local":
        channel_creds = grpc.local_channel_credentials()
    elif flags.grpc_creds_type == "ssl":
        channel_creds = grpc.ssl_channel_credentials()
    elif flags.grpc_creds_type == "ssl_dev":
        # Configure the dev cert to use by passing the environment variable
        # GRPC_DEFAULT_SSL_ROOTS_FILE_PATH=path/to/cert.crt
        channel_creds = grpc.ssl_channel_credentials()
        channel_options = [("grpc.ssl_target_name_override", "localhost")]
    else:
        msg = "Invalid --grpc_creds_type %s" % flags.grpc_creds_type
        raise base_plugin.FlagsError(msg)

    try:
        server_info = _get_server_info(flags)
    except server_info_lib.CommunicationError as e:
        _die(str(e))
    _handle_server_info(server_info)
    logging.info("Received server info: <%r>", server_info)

    if not server_info.api_server.endpoint:
        logging.error("Server info response: %s", server_info)
        _die("Internal error: frontend did not specify an API server")
    composite_channel_creds = grpc.composite_channel_credentials(
        channel_creds, auth.id_token_call_credentials(credentials)
    )

    # TODO(@nfelt): In the `_UploadIntent` case, consider waiting until
    # logdir exists to open channel.
    channel = grpc.secure_channel(
        server_info.api_server.endpoint,
        composite_channel_creds,
        options=channel_options,
    )
    with channel:
        intent.execute(server_info, channel)
コード例 #42
0
ファイル: grpc.py プロジェクト: busunkim96/python-talent
    def __init__(self,
                 *,
                 host: str = "jobs.googleapis.com",
                 credentials: credentials.Credentials = None,
                 credentials_file: str = None,
                 scopes: Sequence[str] = None,
                 channel: grpc.Channel = None,
                 api_mtls_endpoint: str = None,
                 client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
                 quota_project_id: Optional[str] = None) -> None:
        """Instantiate the transport.

        Args:
            host (Optional[str]): The hostname to connect to.
            credentials (Optional[google.auth.credentials.Credentials]): The
                authorization credentials to attach to requests. These
                credentials identify the application to the service; if none
                are specified, the client will attempt to ascertain the
                credentials from the environment.
                This argument is ignored if ``channel`` is provided.
            credentials_file (Optional[str]): A file with credentials that can
                be loaded with :func:`google.auth.load_credentials_from_file`.
                This argument is ignored if ``channel`` is provided.
            scopes (Optional(Sequence[str])): A list of scopes. This argument is
                ignored if ``channel`` is provided.
            channel (Optional[grpc.Channel]): A ``Channel`` instance through
                which to make calls.
            api_mtls_endpoint (Optional[str]): The mutual TLS endpoint. If
                provided, it overrides the ``host`` argument and tries to create
                a mutual TLS channel with client SSL credentials from
                ``client_cert_source`` or applicatin default SSL credentials.
            client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): A
                callback to provide client SSL certificate bytes and private key
                bytes, both in PEM format. It is ignored if ``api_mtls_endpoint``
                is None.
            quota_project_id (Optional[str]): An optional project to use for billing
                and quota.

        Raises:
          google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
              creation failed for any reason.
          google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
              and ``credentials_file`` are passed.
        """
        if channel:
            # Sanity check: Ensure that channel and credentials are not both
            # provided.
            credentials = False

            # If a channel was explicitly provided, set it.
            self._grpc_channel = channel
        elif api_mtls_endpoint:
            host = (api_mtls_endpoint if ":" in api_mtls_endpoint else
                    api_mtls_endpoint + ":443")

            if credentials is None:
                credentials, _ = auth.default(
                    scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id)

            # Create SSL credentials with client_cert_source or application
            # default SSL credentials.
            if client_cert_source:
                cert, key = client_cert_source()
                ssl_credentials = grpc.ssl_channel_credentials(
                    certificate_chain=cert, private_key=key)
            else:
                ssl_credentials = SslCredentials().ssl_credentials

            # create a new channel. The provided one is ignored.
            self._grpc_channel = type(self).create_channel(
                host,
                credentials=credentials,
                credentials_file=credentials_file,
                ssl_credentials=ssl_credentials,
                scopes=scopes or self.AUTH_SCOPES,
                quota_project_id=quota_project_id,
            )

        self._stubs = {}  # type: Dict[str, Callable]

        # Run the base constructor.
        super().__init__(
            host=host,
            credentials=credentials,
            credentials_file=credentials_file,
            scopes=scopes or self.AUTH_SCOPES,
            quota_project_id=quota_project_id,
        )
コード例 #43
0
    def __init__(self, *,
            host: str = 'pubsub.googleapis.com',
            credentials: credentials.Credentials = None,
            channel: grpc.Channel = None,
            api_mtls_endpoint: str = None,
            client_cert_source: Callable[[], Tuple[bytes, bytes]] = None) -> None:
        """Instantiate the transport.

        Args:
            host (Optional[str]): The hostname to connect to.
            credentials (Optional[google.auth.credentials.Credentials]): The
                authorization credentials to attach to requests. These
                credentials identify the application to the service; if none
                are specified, the client will attempt to ascertain the
                credentials from the environment.
                This argument is ignored if ``channel`` is provided.
            channel (Optional[grpc.Channel]): A ``Channel`` instance through
                which to make calls.
            api_mtls_endpoint (Optional[str]): The mutual TLS endpoint. If
                provided, it overrides the ``host`` argument and tries to create
                a mutual TLS channel with client SSL credentials from
                ``client_cert_source`` or applicatin default SSL credentials.
            client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): A
                callback to provide client SSL certificate bytes and private key
                bytes, both in PEM format. It is ignored if ``api_mtls_endpoint``
                is None.

        Raises:
          google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
              creation failed for any reason.
        """
        if channel:
            # Sanity check: Ensure that channel and credentials are not both
            # provided.
            credentials = False

            # If a channel was explicitly provided, set it.
            self._grpc_channel = channel
        elif api_mtls_endpoint:
            host = api_mtls_endpoint if ":" in api_mtls_endpoint else api_mtls_endpoint + ":443"

            # Create SSL credentials with client_cert_source or application
            # default SSL credentials.
            if client_cert_source:
                cert, key = client_cert_source()
                ssl_credentials = grpc.ssl_channel_credentials(
                    certificate_chain=cert, private_key=key
                )
            else:
                ssl_credentials = SslCredentials().ssl_credentials

            # create a new channel. The provided one is ignored.
            self._grpc_channel = grpc_helpers.create_channel(
                host,
                credentials=credentials,
                ssl_credentials=ssl_credentials,
                scopes=self.AUTH_SCOPES,
            )

        # Run the base constructor.
        super().__init__(host=host, credentials=credentials)
        self._stubs = {}  # type: Dict[str, Callable]
    request.streaming_config.config.num_channels = num_channels
    return request

def generate_requests():
    try:
        with wave.open("../../audio/sample_3.wav") as f:
            yield build_first_request(f.getframerate(), f.getnchannels())
            frame_samples = f.getframerate()//10 # Send 100ms at a time
            for data in iter(lambda:f.readframes(frame_samples), b''):
                request = stt_pb2.StreamingRecognizeRequest()
                request.audio_content = data
                yield request
    except Exception as e:
        print("Got exception in generate_requests", e)
        raise

def print_streaming_recognition_responses(responses):
    for response in responses:
        for result in response.results:
            print("Channel", result.recognition_result.channel)
            print("Phrase start:", result.recognition_result.start_time.ToTimedelta())
            print("Phrase end:  ", result.recognition_result.end_time.ToTimedelta())
            for alternative in result.recognition_result.alternatives:
                print('"' + alternative.transcript + '"')
            print("------------------")

stub = stt_pb2_grpc.SpeechToTextStub(grpc.secure_channel(endpoint, grpc.ssl_channel_credentials()))
metadata = authorization_metadata(api_key, secret_key, "tinkoff.cloud.stt")
responses = stub.StreamingRecognize(generate_requests(), metadata=metadata)
print_streaming_recognition_responses(responses)
コード例 #45
0
ファイル: lnd.py プロジェクト: niftynei/lightning-integration
 def __init__(self, rpc_port):
     self.port = rpc_port
     cred = grpc.ssl_channel_credentials(open('tls.cert', 'rb').read())
     channel = grpc.secure_channel('localhost:{}'.format(rpc_port), cred)
     self.stub = lnrpc_grpc.LightningStub(channel)
コード例 #46
0
ファイル: grpc.py プロジェクト: Arshdeep10/scrapy
def secure_authorized_channel(
    credentials,
    request,
    target,
    ssl_credentials=None,
    client_cert_callback=None,
    **kwargs
):
    """Creates a secure authorized gRPC channel.

    This creates a channel with SSL and :class:`AuthMetadataPlugin`. This
    channel can be used to create a stub that can make authorized requests.
    Users can configure client certificate or rely on device certificates to
    establish a mutual TLS channel, if the `GOOGLE_API_USE_CLIENT_CERTIFICATE`
    variable is explicitly set to `true`.

    Example::

        import google.auth
        import google.auth.transport.grpc
        import google.auth.transport.requests
        from google.cloud.speech.v1 import cloud_speech_pb2

        # Get credentials.
        credentials, _ = google.auth.default()

        # Get an HTTP request function to refresh credentials.
        request = google.auth.transport.requests.Request()

        # Create a channel.
        channel = google.auth.transport.grpc.secure_authorized_channel(
            credentials, regular_endpoint, request,
            ssl_credentials=grpc.ssl_channel_credentials())

        # Use the channel to create a stub.
        cloud_speech.create_Speech_stub(channel)

    Usage:

    There are actually a couple of options to create a channel, depending on if
    you want to create a regular or mutual TLS channel.

    First let's list the endpoints (regular vs mutual TLS) to choose from::

        regular_endpoint = 'speech.googleapis.com:443'
        mtls_endpoint = 'speech.mtls.googleapis.com:443'

    Option 1: create a regular (non-mutual) TLS channel by explicitly setting
    the ssl_credentials::

        regular_ssl_credentials = grpc.ssl_channel_credentials()

        channel = google.auth.transport.grpc.secure_authorized_channel(
            credentials, regular_endpoint, request,
            ssl_credentials=regular_ssl_credentials)

    Option 2: create a mutual TLS channel by calling a callback which returns
    the client side certificate and the key (Note that
    `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable must be explicitly
    set to `true`)::

        def my_client_cert_callback():
            code_to_load_client_cert_and_key()
            if loaded:
                return (pem_cert_bytes, pem_key_bytes)
            raise MyClientCertFailureException()

        try:
            channel = google.auth.transport.grpc.secure_authorized_channel(
                credentials, mtls_endpoint, request,
                client_cert_callback=my_client_cert_callback)
        except MyClientCertFailureException:
            # handle the exception

    Option 3: use application default SSL credentials. It searches and uses
    the command in a context aware metadata file, which is available on devices
    with endpoint verification support (Note that
    `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable must be explicitly
    set to `true`).
    See https://cloud.google.com/endpoint-verification/docs/overview::

        try:
            default_ssl_credentials = SslCredentials()
        except:
            # Exception can be raised if the context aware metadata is malformed.
            # See :class:`SslCredentials` for the possible exceptions.

        # Choose the endpoint based on the SSL credentials type.
        if default_ssl_credentials.is_mtls:
            endpoint_to_use = mtls_endpoint
        else:
            endpoint_to_use = regular_endpoint
        channel = google.auth.transport.grpc.secure_authorized_channel(
            credentials, endpoint_to_use, request,
            ssl_credentials=default_ssl_credentials)

    Option 4: not setting ssl_credentials and client_cert_callback. For devices
    without endpoint verification support or `GOOGLE_API_USE_CLIENT_CERTIFICATE`
    environment variable is not `true`, a regular TLS channel is created;
    otherwise, a mutual TLS channel is created, however, the call should be
    wrapped in a try/except block in case of malformed context aware metadata.

    The following code uses regular_endpoint, it works the same no matter the
    created channle is regular or mutual TLS. Regular endpoint ignores client
    certificate and key::

        channel = google.auth.transport.grpc.secure_authorized_channel(
            credentials, regular_endpoint, request)

    The following code uses mtls_endpoint, if the created channle is regular,
    and API mtls_endpoint is confgured to require client SSL credentials, API
    calls using this channel will be rejected::

        channel = google.auth.transport.grpc.secure_authorized_channel(
            credentials, mtls_endpoint, request)

    Args:
        credentials (google.auth.credentials.Credentials): The credentials to
            add to requests.
        request (google.auth.transport.Request): A HTTP transport request
            object used to refresh credentials as needed. Even though gRPC
            is a separate transport, there's no way to refresh the credentials
            without using a standard http transport.
        target (str): The host and port of the service.
        ssl_credentials (grpc.ChannelCredentials): Optional SSL channel
            credentials. This can be used to specify different certificates.
            This argument is mutually exclusive with client_cert_callback;
            providing both will raise an exception.
            If ssl_credentials and client_cert_callback are None, application
            default SSL credentials are used if `GOOGLE_API_USE_CLIENT_CERTIFICATE`
            environment variable is explicitly set to `true`, otherwise one way TLS
            SSL credentials are used.
        client_cert_callback (Callable[[], (bytes, bytes)]): Optional
            callback function to obtain client certicate and key for mutual TLS
            connection. This argument is mutually exclusive with
            ssl_credentials; providing both will raise an exception.
            This argument does nothing unless `GOOGLE_API_USE_CLIENT_CERTIFICATE`
            environment variable is explicitly set to `true`.
        kwargs: Additional arguments to pass to :func:`grpc.secure_channel`.

    Returns:
        grpc.Channel: The created gRPC channel.

    Raises:
        google.auth.exceptions.MutualTLSChannelError: If mutual TLS channel
            creation failed for any reason.
    """
    # Create the metadata plugin for inserting the authorization header.
    metadata_plugin = AuthMetadataPlugin(credentials, request)

    # Create a set of grpc.CallCredentials using the metadata plugin.
    google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin)

    if ssl_credentials and client_cert_callback:
        raise ValueError(
            "Received both ssl_credentials and client_cert_callback; "
            "these are mutually exclusive."
        )

    # If SSL credentials are not explicitly set, try client_cert_callback and ADC.
    if not ssl_credentials:
        use_client_cert = os.getenv(
            environment_vars.GOOGLE_API_USE_CLIENT_CERTIFICATE, "false"
        )
        if use_client_cert == "true" and client_cert_callback:
            # Use the callback if provided.
            cert, key = client_cert_callback()
            ssl_credentials = grpc.ssl_channel_credentials(
                certificate_chain=cert, private_key=key
            )
        elif use_client_cert == "true":
            # Use application default SSL credentials.
            adc_ssl_credentils = SslCredentials()
            ssl_credentials = adc_ssl_credentils.ssl_credentials
        else:
            ssl_credentials = grpc.ssl_channel_credentials()

    # Combine the ssl credentials and the authorization credentials.
    composite_credentials = grpc.composite_channel_credentials(
        ssl_credentials, google_auth_credentials
    )

    return grpc.secure_channel(target, composite_credentials, **kwargs)
コード例 #47
0
def testvarsAttempt():
    try:
        import testvars
    except ImportError:
        common.conMsg('bot','Predefined test variables not found, continue with environment variables')
        return None
    else:
        common.conMsg('bot','Predefined test variables found, environment variables ignored')
        return None

if __name__ == '__main__':
    common.conMsg('bot','Starting bot')
    testvarsAttempt()
    lang = os.environ['LANGUAGE']
    mode = os.environ['ISSUE_TYPE_MODE']
    bot = DialogBot.get_secure_bot(os.environ['ENDPOINT'],grpc.ssl_channel_credentials(),os.environ['BOT_API_KEY'], verbose=False)

    if checkEnvs():
        credentials = common.parseCreds(os.environ['JIRA_CREDS'])
        link = credentials[2]
        projectId = jira.getProjectIdByProjectKey(credentials,os.environ['PROJECT_KEY'])
        if projectId:
            initializeBot()
            #dbInit()
            common.conMsg('bot','Started bot. Mode: ' + mode)
            while True:
                task_manager()
        else:
            common.conMsg('bot','Invalid JIRA Creds or JIRA Service Desk Project. Unable to start bot')
    else:
        common.conMsg('bot','Env variables error')
コード例 #48
0
    def _test(self):
        # things should work...
        self.cert_config_fetcher.configure(False, None)
        self._do_one_shot_client_rpc(True,
                                     root_certificates=CA_1_PEM,
                                     private_key=CLIENT_KEY_2_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_2_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 1)
        self.assertFalse(actual_calls[0].did_raise)
        self.assertIsNone(actual_calls[0].returned_cert_config)

        # client should reject server...
        # fails because client trusts ca2 and so will reject server
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._do_one_shot_client_rpc(False,
                                     root_certificates=CA_2_PEM,
                                     private_key=CLIENT_KEY_2_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_2_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertGreaterEqual(len(actual_calls), 1)
        self.assertFalse(actual_calls[0].did_raise)
        for i, call in enumerate(actual_calls):
            self.assertFalse(call.did_raise, 'i= {}'.format(i))
            self.assertIsNone(call.returned_cert_config, 'i= {}'.format(i))

        # should work again...
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(True, None)
        self._do_one_shot_client_rpc(True,
                                     root_certificates=CA_1_PEM,
                                     private_key=CLIENT_KEY_2_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_2_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 1)
        self.assertTrue(actual_calls[0].did_raise)
        self.assertIsNone(actual_calls[0].returned_cert_config)

        # if with_client_auth, then client should be rejected by
        # server because client uses key/cert1, but server trusts ca2,
        # so server will reject
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._do_one_shot_client_rpc(not self.require_client_auth(),
                                     root_certificates=CA_1_PEM,
                                     private_key=CLIENT_KEY_1_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_1_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertGreaterEqual(len(actual_calls), 1)
        for i, call in enumerate(actual_calls):
            self.assertFalse(call.did_raise, 'i= {}'.format(i))
            self.assertIsNone(call.returned_cert_config, 'i= {}'.format(i))

        # should work again...
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._do_one_shot_client_rpc(True,
                                     root_certificates=CA_1_PEM,
                                     private_key=CLIENT_KEY_2_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_2_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 1)
        self.assertFalse(actual_calls[0].did_raise)
        self.assertIsNone(actual_calls[0].returned_cert_config)

        # now create the "persistent" clients
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        channel_A = _create_channel(
            self.port,
            grpc.ssl_channel_credentials(
                root_certificates=CA_1_PEM,
                private_key=CLIENT_KEY_2_PEM,
                certificate_chain=CLIENT_CERT_CHAIN_2_PEM))
        persistent_client_stub_A = _create_client_stub(channel_A, True)
        self._perform_rpc(persistent_client_stub_A, True)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 1)
        self.assertFalse(actual_calls[0].did_raise)
        self.assertIsNone(actual_calls[0].returned_cert_config)

        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        channel_B = _create_channel(
            self.port,
            grpc.ssl_channel_credentials(
                root_certificates=CA_1_PEM,
                private_key=CLIENT_KEY_2_PEM,
                certificate_chain=CLIENT_CERT_CHAIN_2_PEM))
        persistent_client_stub_B = _create_client_stub(channel_B, True)
        self._perform_rpc(persistent_client_stub_B, True)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 1)
        self.assertFalse(actual_calls[0].did_raise)
        self.assertIsNone(actual_calls[0].returned_cert_config)

        # moment of truth!! client should reject server because the
        # server switch cert...
        cert_config = grpc.ssl_server_certificate_configuration(
            [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
            root_certificates=CA_1_PEM)
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, cert_config)
        self._do_one_shot_client_rpc(False,
                                     root_certificates=CA_1_PEM,
                                     private_key=CLIENT_KEY_2_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_2_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertGreaterEqual(len(actual_calls), 1)
        self.assertFalse(actual_calls[0].did_raise)
        for i, call in enumerate(actual_calls):
            self.assertFalse(call.did_raise, 'i= {}'.format(i))
            self.assertEqual(call.returned_cert_config, cert_config,
                             'i= {}'.format(i))

        # now should work again...
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._do_one_shot_client_rpc(True,
                                     root_certificates=CA_2_PEM,
                                     private_key=CLIENT_KEY_1_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_1_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 1)
        self.assertFalse(actual_calls[0].did_raise)
        self.assertIsNone(actual_calls[0].returned_cert_config)

        # client should be rejected by server if with_client_auth
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._do_one_shot_client_rpc(not self.require_client_auth(),
                                     root_certificates=CA_2_PEM,
                                     private_key=CLIENT_KEY_2_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_2_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertGreaterEqual(len(actual_calls), 1)
        for i, call in enumerate(actual_calls):
            self.assertFalse(call.did_raise, 'i= {}'.format(i))
            self.assertIsNone(call.returned_cert_config, 'i= {}'.format(i))

        # here client should reject server...
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._do_one_shot_client_rpc(False,
                                     root_certificates=CA_1_PEM,
                                     private_key=CLIENT_KEY_2_PEM,
                                     certificate_chain=CLIENT_CERT_CHAIN_2_PEM)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertGreaterEqual(len(actual_calls), 1)
        for i, call in enumerate(actual_calls):
            self.assertFalse(call.did_raise, 'i= {}'.format(i))
            self.assertIsNone(call.returned_cert_config, 'i= {}'.format(i))

        # persistent clients should continue to work
        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._perform_rpc(persistent_client_stub_A, True)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 0)

        self.cert_config_fetcher.reset()
        self.cert_config_fetcher.configure(False, None)
        self._perform_rpc(persistent_client_stub_B, True)
        actual_calls = self.cert_config_fetcher.getCalls()
        self.assertEqual(len(actual_calls), 0)

        channel_A.close()
        channel_B.close()
コード例 #49
0
        def run_secure_loop():
            logging.debug(
                "Remote: Starting a new connection loop for %s (%s:%d)" %
                (self.display_hostname, self.ip_address, self.port))

            cert = auth.get_singleton().load_cert(self.hostname,
                                                  self.ip_address)
            creds = grpc.ssl_channel_credentials(cert)

            with grpc.secure_channel("%s:%d" % (self.ip_address, self.port),
                                     creds) as channel:
                future = grpc.channel_ready_future(channel)

                try:
                    future.result(timeout=4)
                    self.stub = warp_pb2_grpc.WarpStub(channel)
                except grpc.FutureTimeoutError:
                    self.set_remote_status(RemoteStatus.UNREACHABLE)
                    future.cancel()

                    if not self.ping_timer.is_set():
                        logging.debug(
                            "Remote: Unable to establish secure connection with %s (%s:%d). Trying again in %ds"
                            % (self.display_hostname, self.ip_address,
                               self.port, CHANNEL_RETRY_WAIT_TIME))
                        self.ping_timer.wait(CHANNEL_RETRY_WAIT_TIME)
                        return True  # run_secure_loop()

                    return False  # run_secure_loop()

                duplex_fail_counter = 0
                one_ping = False  # A successful duplex response lets us finish setting things up.

                while not self.ping_timer.is_set():

                    if self.busy:
                        logging.debug(
                            "Remote Ping: Skipping keepalive ping to %s (%s:%d) (busy)"
                            % (self.display_hostname, self.ip_address,
                               self.port))
                        self.busy = False
                    else:
                        try:
                            # t = GLib.get_monotonic_time()
                            logging.debug("Remote Ping: to   %s (%s:%d)" %
                                          (self.display_hostname,
                                           self.ip_address, self.port))
                            self.stub.Ping(warp_pb2.LookupName(
                                id=self.local_ident,
                                readable_name=util.get_hostname()),
                                           timeout=5)
                            # logging.debug("Latency: %s (%s)"
                            # % (util.precise_format_time_span(GLib.get_monotonic_time() - t), self.display_hostname))
                            if not one_ping:
                                self.set_remote_status(
                                    RemoteStatus.AWAITING_DUPLEX)
                                if self.check_duplex_connection():
                                    logging.debug(
                                        "Remote: Connected to %s (%s:%d)" %
                                        (self.display_hostname,
                                         self.ip_address, self.port))

                                    self.set_remote_status(RemoteStatus.ONLINE)

                                    self.rpc_call(
                                        self.update_remote_machine_info)
                                    self.rpc_call(
                                        self.update_remote_machine_avatar)
                                    one_ping = True
                                else:
                                    duplex_fail_counter += 1
                                    if duplex_fail_counter > DUPLEX_MAX_FAILURES:
                                        logging.debug(
                                            "Remote: CheckDuplexConnection to %s (%s:%d) failed too many times"
                                            % (self.display_hostname,
                                               self.ip_address, self.port))
                                        self.ping_timer.wait(
                                            CHANNEL_RETRY_WAIT_TIME)
                                        return True
                        except grpc.RpcError as e:
                            logging.debug(
                                "Remote: Ping failed, shutting down %s (%s:%d)"
                                % (self.display_hostname, self.ip_address,
                                   self.port))
                            break

                    self.ping_timer.wait(
                        CONNECTED_PING_TIME if self.status ==
                        RemoteStatus.ONLINE else DUPLEX_WAIT_PING_TIME)

                # This is reached by the RpcError break above.  If the remote is still discoverable, start
                # the secure loop over.  This could have happened as a result of a quick disco/reconnect,
                # And we don't notice until it has already come back. In this case, try a new connection.
                if self.has_zc_presence and not self.ping_timer.is_set():
                    return True  # run_secure_loop()

                # The ping timer has been triggered, this is an orderly shutdown.
                return False  # run_secure_loop()
コード例 #50
0
 def create_client_channel(self):
     channel_credentials = grpc.ssl_channel_credentials(self.read_pem('tls/ca.pem'),
                                                        self.read_pem('tls/client-key.pem'),
                                                        self.read_pem('tls/client.pem'))
     return grpc.secure_channel('{}:{}'.format(self.client.args['address'], self.client.args['server_port']),
                                channel_credentials)
コード例 #51
0
    def __init__(self,
                 conn_str: str = "",
                 secure: bool = False,
                 metadata: List[Tuple[str, str]] = None,
                 connection_retries: int = 3):
        """Initializes the worker side grpc client.

        Args:
            conn_str: The host:port connection string for the ray server.
            secure: whether to use SSL secure channel or not.
            metadata: additional metadata passed in the grpc request headers.
            connection_retries: Number of times to attempt to reconnect to the
              ray server if it doesn't respond immediately. Setting to 0 tries
              at least once.  For infinite retries, catch the ConnectionError
              exception.
        """
        self._client_id = make_client_id()
        self.metadata = [("client_id", self._client_id)
                         ] + (metadata if metadata else [])
        self.channel = None
        self.server = None
        self._conn_state = grpc.ChannelConnectivity.IDLE
        self._converted: Dict[str, ClientStub] = {}

        if secure:
            credentials = grpc.ssl_channel_credentials()
            self.channel = grpc.secure_channel(conn_str,
                                               credentials,
                                               options=GRPC_OPTIONS)
        else:
            self.channel = grpc.insecure_channel(conn_str,
                                                 options=GRPC_OPTIONS)

        self.channel.subscribe(self._on_channel_state_change)

        # Retry the connection until the channel responds to something
        # looking like a gRPC connection, though it may be a proxy.
        conn_attempts = 0
        timeout = INITIAL_TIMEOUT_SEC
        service_ready = False
        while conn_attempts < max(connection_retries, 1):
            conn_attempts += 1
            try:
                # Let gRPC wait for us to see if the channel becomes ready.
                # If it throws, we couldn't connect.
                grpc.channel_ready_future(self.channel).result(timeout=timeout)
                # The HTTP2 channel is ready. Wrap the channel with the
                # RayletDriverStub, allowing for unary requests.
                self.server = ray_client_pb2_grpc.RayletDriverStub(
                    self.channel)
                service_ready = bool(self.ping_server())
                if service_ready:
                    break
                # Ray is not ready yet, wait a timeout
                time.sleep(timeout)
            except grpc.FutureTimeoutError:
                logger.info(
                    f"Couldn't connect channel in {timeout} seconds, retrying")
                # Note that channel_ready_future constitutes its own timeout,
                # which is why we do not sleep here.
            except grpc.RpcError as e:
                logger.info("Ray client server unavailable, "
                            f"retrying in {timeout}s...")
                logger.debug(f"Received when checking init: {e.details()}")
                # Ray is not ready yet, wait a timeout.
                time.sleep(timeout)
            # Fallthrough, backoff, and retry at the top of the loop
            logger.info("Waiting for Ray to become ready on the server, "
                        f"retry in {timeout}s...")
            timeout = backoff(timeout)

        # If we made it through the loop without service_ready
        # it means we've used up our retries and
        # should error back to the user.
        if not service_ready:
            raise ConnectionError("ray client connection timeout")

        # Initialize the streams to finish protocol negotiation.
        self.data_client = DataClient(self.channel, self._client_id,
                                      self.metadata)
        self.reference_count: Dict[bytes, int] = defaultdict(int)

        self.log_client = LogstreamClient(self.channel, self.metadata)
        self.log_client.set_logstream_level(logging.INFO)

        self.closed = False

        # Track these values to raise a warning if many tasks are being
        # scheduled
        self.total_num_tasks_scheduled = 0
        self.total_outbound_message_size_bytes = 0
コード例 #52
0
    def __init__(
        self,
        *,
        host: str = "secretmanager.googleapis.com",
        credentials: credentials.Credentials = None,
        credentials_file: Optional[str] = None,
        scopes: Optional[Sequence[str]] = None,
        channel: aio.Channel = None,
        api_mtls_endpoint: str = None,
        client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
        ssl_channel_credentials: grpc.ChannelCredentials = None,
        quota_project_id=None,
        client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
    ) -> None:
        """Instantiate the transport.

        Args:
            host (Optional[str]): The hostname to connect to.
            credentials (Optional[google.auth.credentials.Credentials]): The
                authorization credentials to attach to requests. These
                credentials identify the application to the service; if none
                are specified, the client will attempt to ascertain the
                credentials from the environment.
                This argument is ignored if ``channel`` is provided.
            credentials_file (Optional[str]): A file with credentials that can
                be loaded with :func:`google.auth.load_credentials_from_file`.
                This argument is ignored if ``channel`` is provided.
            scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
                service. These are only used when credentials are not specified and
                are passed to :func:`google.auth.default`.
            channel (Optional[aio.Channel]): A ``Channel`` instance through
                which to make calls.
            api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
                If provided, it overrides the ``host`` argument and tries to create
                a mutual TLS channel with client SSL credentials from
                ``client_cert_source`` or applicatin default SSL credentials.
            client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
                Deprecated. A callback to provide client SSL certificate bytes and
                private key bytes, both in PEM format. It is ignored if
                ``api_mtls_endpoint`` is None.
            ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
                for grpc channel. It is ignored if ``channel`` is provided.
            quota_project_id (Optional[str]): An optional project to use for billing
                and quota.
            client_info (google.api_core.gapic_v1.client_info.ClientInfo):	
                The client info used to send a user-agent string along with	
                API requests. If ``None``, then default info will be used.	
                Generally, you only need to set this if you're developing	
                your own client library.

        Raises:
            google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
              creation failed for any reason.
          google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
              and ``credentials_file`` are passed.
        """
        if channel:
            # Sanity check: Ensure that channel and credentials are not both
            # provided.
            credentials = False

            # If a channel was explicitly provided, set it.
            self._grpc_channel = channel
        elif api_mtls_endpoint:
            warnings.warn(
                "api_mtls_endpoint and client_cert_source are deprecated",
                DeprecationWarning,
            )

            host = (api_mtls_endpoint if ":" in api_mtls_endpoint else
                    api_mtls_endpoint + ":443")

            if credentials is None:
                credentials, _ = auth.default(
                    scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id)

            # Create SSL credentials with client_cert_source or application
            # default SSL credentials.
            if client_cert_source:
                cert, key = client_cert_source()
                ssl_credentials = grpc.ssl_channel_credentials(
                    certificate_chain=cert, private_key=key)
            else:
                ssl_credentials = SslCredentials().ssl_credentials

            # create a new channel. The provided one is ignored.
            self._grpc_channel = type(self).create_channel(
                host,
                credentials=credentials,
                credentials_file=credentials_file,
                ssl_credentials=ssl_credentials,
                scopes=scopes or self.AUTH_SCOPES,
                quota_project_id=quota_project_id,
            )
        else:
            host = host if ":" in host else host + ":443"

            if credentials is None:
                credentials, _ = auth.default(
                    scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id)

            # create a new channel. The provided one is ignored.
            self._grpc_channel = type(self).create_channel(
                host,
                credentials=credentials,
                credentials_file=credentials_file,
                ssl_credentials=ssl_channel_credentials,
                scopes=scopes or self.AUTH_SCOPES,
                quota_project_id=quota_project_id,
            )

        # Run the base constructor.
        super().__init__(
            host=host,
            credentials=credentials,
            credentials_file=credentials_file,
            scopes=scopes or self.AUTH_SCOPES,
            quota_project_id=quota_project_id,
            client_info=client_info,
        )

        self._stubs = {}
コード例 #53
0
ファイル: main.py プロジェクト: dialogs/dialog-office-bot
            API = GCaluAPI(SETTINGS["credentials_file"],
                           SETTINGS["token_file"])
        except:
            log.error("Can't initialize GoogleuAPI", exc_info=True)
            sys.exit(1)

        # Enable this flag and use this to obtain google calendar id
        if SETTINGS["show_calendars"]:
            for current_cal in API.get_calendars():
                log.info("{0} => {1}".format(current_cal["id"],
                                             current_cal["summary"]))

        try:
            bot = DialogBot.get_secure_bot(
                os.environ.get('BOT_ENDPOINT'),  # bot endpoint
                grpc.ssl_channel_credentials(
                ),  # SSL credentials (empty by default!)
                os.environ.get('BOT_TOKEN')  # bot token
            )
            bot.messaging.on_message(on_msg, raw_callback=raw_call)
        except:
            log.error("Can't initialize bot", exc_info=True)
            sys.exit(1)

    else:
        log.error(
            "{0} not found. Create one using settings_default.json as reference."
            .format(SETTINGS_PATH),
            exc_info=True)
        sys.exit(1)
コード例 #54
0
ファイル: client.py プロジェクト: davedavis/google-ads-python
    def __init__(
        self,
        *,
        credentials: Optional[credentials.Credentials] = None,
        transport: Union[str, KeywordPlanCampaignServiceTransport, None] = None,
        client_options: Optional[client_options_lib.ClientOptions] = None,
        client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
    ) -> None:
        """Instantiate the keyword plan campaign service client.

        Args:
            credentials (Optional[google.auth.credentials.Credentials]): The
                authorization credentials to attach to requests. These
                credentials identify the application to the service; if none
                are specified, the client will attempt to ascertain the
                credentials from the environment.
            transport (Union[str, ~.KeywordPlanCampaignServiceTransport]): The
                transport to use. If set to None, a transport is chosen
                automatically.
            client_options (google.api_core.client_options.ClientOptions): Custom options for the
                client. It won't take effect if a ``transport`` instance is provided.
                (1) The ``api_endpoint`` property can be used to override the
                default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
                environment variable can also be used to override the endpoint:
                "always" (always use the default mTLS endpoint), "never" (always
                use the default regular endpoint) and "auto" (auto switch to the
                default mTLS endpoint if client certificate is present, this is
                the default value). However, the ``api_endpoint`` property takes
                precedence if provided.
                (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
                is "true", then the ``client_cert_source`` property can be used
                to provide client certificate for mutual TLS transport. If
                not provided, the default SSL client certificate will be used if
                present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
                set, no client certificate will be used.
            client_info (google.api_core.gapic_v1.client_info.ClientInfo):
                The client info used to send a user-agent string along with
                API requests. If ``None``, then default info will be used.
                Generally, you only need to set this if you're developing
                your own client library.

        Raises:
            google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
                creation failed for any reason.
        """
        if isinstance(client_options, dict):
            client_options = client_options_lib.from_dict(client_options)
        if client_options is None:
            client_options = client_options_lib.ClientOptions()

        # Create SSL credentials for mutual TLS if needed.
        use_client_cert = bool(
            util.strtobool(
                os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
            )
        )

        ssl_credentials = None
        is_mtls = False
        if use_client_cert:
            if client_options.client_cert_source:
                import grpc  # type: ignore

                cert, key = client_options.client_cert_source()
                ssl_credentials = grpc.ssl_channel_credentials(
                    certificate_chain=cert, private_key=key
                )
                is_mtls = True
            else:
                creds = SslCredentials()
                is_mtls = creds.is_mtls
                ssl_credentials = creds.ssl_credentials if is_mtls else None

        # Figure out which api endpoint to use.
        if client_options.api_endpoint is not None:
            api_endpoint = client_options.api_endpoint
        else:
            use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
            if use_mtls_env == "never":
                api_endpoint = self.DEFAULT_ENDPOINT
            elif use_mtls_env == "always":
                api_endpoint = self.DEFAULT_MTLS_ENDPOINT
            elif use_mtls_env == "auto":
                api_endpoint = (
                    self.DEFAULT_MTLS_ENDPOINT
                    if is_mtls
                    else self.DEFAULT_ENDPOINT
                )
            else:
                raise MutualTLSChannelError(
                    "Unsupported GOOGLE_API_USE_MTLS_ENDPOINT value. Accepted values: never, auto, always"
                )

        # Save or instantiate the transport.
        # Ordinarily, we provide the transport, but allowing a custom transport
        # instance provides an extensibility point for unusual situations.
        if isinstance(transport, KeywordPlanCampaignServiceTransport):
            # transport is a KeywordPlanCampaignServiceTransport instance.
            if credentials:
                raise ValueError(
                    "When providing a transport instance, "
                    "provide its credentials directly."
                )
            self._transport = transport
        elif isinstance(transport, str):
            Transport = type(self).get_transport_class(transport)
            self._transport = Transport(
                credentials=credentials, host=self.DEFAULT_ENDPOINT
            )
        else:
            self._transport = KeywordPlanCampaignServiceGrpcTransport(
                credentials=credentials,
                host=api_endpoint,
                ssl_channel_credentials=ssl_credentials,
                client_info=client_info,
            )
コード例 #55
0
 def test_secure_channel(self):
     channel_credentials = grpc.ssl_channel_credentials()
     channel = grpc.secure_channel('google.com:443', channel_credentials)
     channel.close()
コード例 #56
0
ファイル: grpc.py プロジェクト: googleads/google-ads-python
    def __init__(
        self,
        *,
        host: str = "googleads.googleapis.com",
        credentials: ga_credentials.Credentials = None,
        credentials_file: str = None,
        scopes: Sequence[str] = None,
        channel: grpc.Channel = None,
        api_mtls_endpoint: str = None,
        client_cert_source: Callable[[], Tuple[bytes, bytes]] = None,
        ssl_channel_credentials: grpc.ChannelCredentials = None,
        client_cert_source_for_mtls: Callable[[], Tuple[bytes, bytes]] = None,
        quota_project_id: Optional[str] = None,
        client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
        always_use_jwt_access: Optional[bool] = False,
    ) -> None:
        """Instantiate the transport.

        Args:
            host (Optional[str]):
                 The hostname to connect to.
            credentials (Optional[google.auth.credentials.Credentials]): The
                authorization credentials to attach to requests. These
                credentials identify the application to the service; if none
                are specified, the client will attempt to ascertain the
                credentials from the environment.
                This argument is ignored if ``channel`` is provided.
            credentials_file (Optional[str]): A file with credentials that can
                be loaded with :func:`google.auth.load_credentials_from_file`.
                This argument is ignored if ``channel`` is provided.
            scopes (Optional(Sequence[str])): A list of scopes. This argument is
                ignored if ``channel`` is provided.
            channel (Optional[grpc.Channel]): A ``Channel`` instance through
                which to make calls.
            api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
                If provided, it overrides the ``host`` argument and tries to create
                a mutual TLS channel with client SSL credentials from
                ``client_cert_source`` or application default SSL credentials.
            client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
                Deprecated. A callback to provide client SSL certificate bytes and
                private key bytes, both in PEM format. It is ignored if
                ``api_mtls_endpoint`` is None.
            ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
                for the grpc channel. It is ignored if ``channel`` is provided.
            client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
                A callback to provide client certificate bytes and private key bytes,
                both in PEM format. It is used to configure a mutual TLS channel. It is
                ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
            quota_project_id (Optional[str]): An optional project to use for billing
                and quota.
            client_info (google.api_core.gapic_v1.client_info.ClientInfo):
                The client info used to send a user-agent string along with
                API requests. If ``None``, then default info will be used.
                Generally, you only need to set this if you're developing
                your own client library.
            always_use_jwt_access (Optional[bool]): Whether self signed JWT should
                be used for service account credentials.

        Raises:
          google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
              creation failed for any reason.
          google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
              and ``credentials_file`` are passed.
        """
        self._grpc_channel = None
        self._ssl_channel_credentials = ssl_channel_credentials
        self._stubs: Dict[str, Callable] = {}

        if api_mtls_endpoint:
            warnings.warn("api_mtls_endpoint is deprecated",
                          DeprecationWarning)
        if client_cert_source:
            warnings.warn("client_cert_source is deprecated",
                          DeprecationWarning)

        if channel:
            # Ignore credentials if a channel was passed.
            credentials = False
            # If a channel was explicitly provided, set it.
            self._grpc_channel = channel
            self._ssl_channel_credentials = None

        else:
            if api_mtls_endpoint:
                host = api_mtls_endpoint

                # Create SSL credentials with client_cert_source or application
                # default SSL credentials.
                if client_cert_source:
                    cert, key = client_cert_source()
                    self._ssl_channel_credentials = grpc.ssl_channel_credentials(
                        certificate_chain=cert, private_key=key)
                else:
                    self._ssl_channel_credentials = (
                        SslCredentials().ssl_credentials)

            else:
                if client_cert_source_for_mtls and not ssl_channel_credentials:
                    cert, key = client_cert_source_for_mtls()
                    self._ssl_channel_credentials = grpc.ssl_channel_credentials(
                        certificate_chain=cert, private_key=key)

        # The base transport sets the host, credentials and scopes
        super().__init__(
            host=host,
            credentials=credentials,
            credentials_file=credentials_file,
            scopes=scopes,
            quota_project_id=quota_project_id,
            client_info=client_info,
            always_use_jwt_access=always_use_jwt_access,
        )

        if not self._grpc_channel:
            self._grpc_channel = type(self).create_channel(
                self._host,
                # use the credentials which are saved
                credentials=self._credentials,
                # Set ``credentials_file`` to ``None`` here as
                # the credentials that we saved earlier should be used.
                credentials_file=None,
                scopes=self._scopes,
                ssl_credentials=self._ssl_channel_credentials,
                quota_project_id=quota_project_id,
                options=[
                    ("grpc.max_send_message_length", -1),
                    ("grpc.max_receive_message_length", -1),
                ],
            )

        # Wrap messages. This must be done after self._grpc_channel exists
        self._prep_wrapped_messages(client_info)
コード例 #57
0
def main():
    global dev_id
    host = ServerConfig.HOST
    server_port = ServerConfig.SERVER_PORT
    with open(ServerConfig.SERVER_CERTIFICATE, "rb") as file:
        trusted_certs = file.read()

    credentials = grpc.ssl_channel_credentials(root_certificates=trusted_certs)
    channel = grpc.secure_channel("{}:{}".format(host, server_port),
                                  credentials)
    client = P4RuntimeClient()

    streamC = client.StreamChannel()

    tables_initialized = False
    while True:
        try:
            packet = next(streamC)

            if packet.HasField("packet") and packet.packet.metadata[
                    0].metadata_id == dev_id:
                print "Packet-in: server => router controller %.9f" % time.time(
                )

                # Print packet information.
                ServerConfig.print_debug("Received packet:")
                ServerConfig.print_debug("Payload: {}".format(
                    hexlify(packet.packet.payload)))
                ServerConfig.print_debug("Switch id: {}".format(
                    packet.packet.metadata[0].metadata_id))
                ServerConfig.print_debug("Input port: {}\n".format(
                    hexlify(packet.packet.metadata[0].value)))

                # Extract packet.
                pkt = Ether(_pkt=packet.packet.payload)
                eth_src = pkt.getlayer(Ether).src
                eth_dst = pkt.getlayer(Ether).dst
                ether_type = pkt.getlayer(Ether).type
                ServerConfig.print_debug(
                    "Received Ethernet frame {} => {} type_hex {}".format(
                        eth_src, eth_dst, hex(ether_type)))

                # The packet can be either ipv4 or 802.1q (vlan).
                if ether_type == 2048 or ether_type == 33024:

                    # Print packet data.
                    ip_src = pkt[IP].src
                    ip_dst = pkt[IP].dst
                    ServerConfig.print_debug(
                        "Ethernet frame has IPv4 packet {} => {}".format(
                            ip_src, ip_dst))

                    # Call to write the entry into the table.
                    client.WriteTableEntry(p4runtime_pb2.Update.INSERT,
                                           IPV4_NHOP, ip_dst,
                                           ipv4_nhop_dict[ip_dst])
                    # client.ReadTableEntry(IPV4_NHOP, ip_dst)

                    # Packet out.
                    client.streamChannelRequest = p4runtime_pb2.StreamMessageRequest(
                    )
                    client.streamChannelRequest.packet.payload = packet.packet.payload
                    metadata = client.streamChannelRequest.packet.metadata.add(
                    )
                    metadata.metadata_id = packet.packet.metadata[
                        0].metadata_id
                    metadata.value = struct.pack("B", 1)
                    client.sendRequest = True
                    print "Packet-out: router controller => server %.9f" % time.time(
                    )

            if packet.HasField("other"):
                if tables_initialized is False:
                    for ip in send_frame_dict:
                        client.WriteTableEntry(p4runtime_pb2.Update.INSERT,
                                               SEND_FRAME, ip,
                                               send_frame_dict[ip])
                        # client.ReadTableEntry(SEND_FRAME, ip)
                    for ip in forward_table_dict:
                        client.WriteTableEntry(p4runtime_pb2.Update.INSERT,
                                               FORWARD, ip,
                                               forward_table_dict[ip])
                        # client.ReadTableEntry(FORWARD, ip)
                    tables_initialized = True

                if packet.other.value == "\n\014Auth success":

                    ServerConfig.print_debug(
                        "Received authentication response from server:")
                    ServerConfig.print_debug(packet)

                    # Prepare an arbitration request.
                    client.streamChannelRequest = p4runtime_pb2.StreamMessageRequest(
                    )
                    client.streamChannelRequest.arbitration.device_id = dev_id
                    client.streamChannelRequest.arbitration.role.id = 1
                    client.sendRequest = True

            if packet.HasField("arbitration"):
                ServerConfig.print_debug(
                    "Received arbitration response from server:")
                ServerConfig.print_debug(packet)

        except IndexError:
            continue
コード例 #58
0
ファイル: grpc_helpers.py プロジェクト: camka14/Projects
def _create_composite_credentials(
    credentials=None,
    credentials_file=None,
    default_scopes=None,
    scopes=None,
    ssl_credentials=None,
    quota_project_id=None,
    default_host=None,
):
    """Create the composite credentials for secure channels.

    Args:
        credentials (google.auth.credentials.Credentials): The credentials. If
            not specified, then this function will attempt to ascertain the
            credentials from the environment using :func:`google.auth.default`.
        credentials_file (str): A file with credentials that can be loaded with
            :func:`google.auth.load_credentials_from_file`. This argument is
            mutually exclusive with credentials.
        default_scopes (Sequence[str]): A optional list of scopes needed for this
            service. These are only used when credentials are not specified and
            are passed to :func:`google.auth.default`.
        scopes (Sequence[str]): A optional list of scopes needed for this
            service. These are only used when credentials are not specified and
            are passed to :func:`google.auth.default`.
        ssl_credentials (grpc.ChannelCredentials): Optional SSL channel
            credentials. This can be used to specify different certificates.
        quota_project_id (str): An optional project to use for billing and quota.
        default_host (str): The default endpoint. e.g., "pubsub.googleapis.com".

    Returns:
        grpc.ChannelCredentials: The composed channel credentials object.

    Raises:
        google.api_core.DuplicateCredentialArgs: If both a credentials object and credentials_file are passed.
    """
    if credentials and credentials_file:
        raise exceptions.DuplicateCredentialArgs(
            "'credentials' and 'credentials_file' are mutually exclusive.")

    if credentials_file:
        credentials, _ = google.auth.load_credentials_from_file(
            credentials_file, scopes=scopes, default_scopes=default_scopes)
    elif credentials:
        credentials = google.auth.credentials.with_scopes_if_required(
            credentials, scopes=scopes, default_scopes=default_scopes)
    else:
        credentials, _ = google.auth.default(scopes=scopes,
                                             default_scopes=default_scopes)

    if quota_project_id and isinstance(
            credentials, google.auth.credentials.CredentialsWithQuotaProject):
        credentials = credentials.with_quota_project(quota_project_id)

    request = google.auth.transport.requests.Request()

    # Create the metadata plugin for inserting the authorization header.
    metadata_plugin = google.auth.transport.grpc.AuthMetadataPlugin(
        credentials,
        request,
        default_host=default_host,
    )

    # Create a set of grpc.CallCredentials using the metadata plugin.
    google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin)

    if ssl_credentials is None:
        ssl_credentials = grpc.ssl_channel_credentials()

    # Combine the ssl credentials and the authorization credentials.
    return grpc.composite_channel_credentials(ssl_credentials,
                                              google_auth_credentials)
コード例 #59
0
 def _create_cloud_channel(self) -> grpc.Channel:
     if self._channel_fn:
         return self._channel_fn(self._server_url)
     return grpc.secure_channel(self._server_url,
                                grpc.ssl_channel_credentials())
コード例 #60
0
def getCredentials():
    with open('ca-bundle.pem', 'rb') as f:
        trusted_certs = f.read()
    sslCred = grpc.ssl_channel_credentials(root_certificates=trusted_certs)
    authCred = grpc.metadata_call_credentials(credentials)
    return grpc.composite_channel_credentials(sslCred, authCred)