def connect_to_thrift(conf): """ Connect to a thrift endpoint as determined by the 'conf' parameter. Note that this does *not* open the transport. Returns a tuple of (service, protocol, transport) """ if conf.transport_mode == 'http': mode = THttpClient(conf.http_url) mode.set_verify(conf.validate) else: if conf.use_ssl: try: from ssl import PROTOCOL_TLS PROTOCOL_SSLv23 = PROTOCOL_TLS except ImportError: try: from ssl import PROTOCOL_SSLv23 as PROTOCOL_TLS PROTOCOL_SSLv23 = PROTOCOL_TLS except ImportError: PROTOCOL_SSLv23 = PROTOCOL_TLS = 2 mode = TSSLSocketWithWildcardSAN(conf.host, conf.port, validate=conf.validate, ca_certs=conf.ca_certs, keyfile=conf.keyfile, certfile=conf.certfile, ssl_version=PROTOCOL_SSLv23) else: mode = TSocket(conf.host, conf.port) if conf.timeout_seconds: # Thrift trivia: You can do this after the fact with # _grab_transport_from_wrapper(self.wrapped.transport).setTimeout(seconds*1000) mode.setTimeout(conf.timeout_seconds * 1000.0) if conf.transport_mode == 'http': if conf.use_sasl and conf.mechanism != 'PLAIN': mode.set_kerberos_auth(service=conf.kerberos_principal) else: mode.set_basic_auth(conf.username, conf.password) if conf.transport_mode == 'socket' and conf.use_sasl: def sasl_factory(): saslc = sasl.Client() saslc.setAttr("host", str(conf.host)) saslc.setAttr("service", str(conf.kerberos_principal)) if conf.mechanism == 'PLAIN': saslc.setAttr("username", str(conf.username)) saslc.setAttr("password", str(conf.password)) # Defaults to 'hue' for a non-empty string unless using LDAP else: saslc.setAttr("maxbufsize", SASL_MAX_BUFFER.get()) saslc.init() return saslc transport = TSaslClientTransport(sasl_factory, conf.mechanism, mode) elif conf.transport == 'framed': transport = TFramedTransport(mode) else: transport = TBufferedTransport(mode) protocol = TBinaryProtocol(transport) if conf.multiple: protocol = TMultiplexedProtocol(protocol, conf.service_name) service = conf.klass(protocol) return service, protocol, transport
def connect_to_thrift(conf): """ Connect to a thrift endpoint as determined by the 'conf' parameter. Note that this does *not* open the transport. Returns a tuple of (service, protocol, transport) """ if conf.transport_mode == 'http': mode = THttpClient(conf.http_url) mode.set_verify(conf.validate) else: if conf.use_ssl: try: from ssl import PROTOCOL_TLS PROTOCOL_SSLv23 = PROTOCOL_TLS except ImportError: try: from ssl import PROTOCOL_SSLv23 as PROTOCOL_TLS PROTOCOL_SSLv23 = PROTOCOL_TLS except ImportError: PROTOCOL_SSLv23 = PROTOCOL_TLS = 2 mode = TSSLSocketWithWildcardSAN(conf.host, conf.port, validate=conf.validate, ca_certs=conf.ca_certs, keyfile=conf.keyfile, certfile=conf.certfile, ssl_version=PROTOCOL_SSLv23) else: mode = TSocket(conf.host, conf.port) if conf.timeout_seconds: # Thrift trivia: You can do this after the fact with # _grab_transport_from_wrapper(self.wrapped.transport).setTimeout(seconds*1000) mode.setTimeout(conf.timeout_seconds * 1000.0) if conf.transport_mode == 'http': if conf.use_sasl and conf.mechanism != 'PLAIN': mode.set_kerberos_auth(service=conf.kerberos_principal) elif USE_THRIFT_HTTP_JWT.get(): from desktop.auth.backend import find_user, rewrite_user # Cyclic dependency user = rewrite_user(find_user(conf.username)) if user is None: raise Exception("JWT: User not found.") if ENABLE_ORGANIZATIONS.get() and user.token: token = user.token elif user.profile.data.get('jwt_access_token'): token = user.profile.data['jwt_access_token'] else: raise Exception( "JWT: Could not retrive saved token from user.") mode.set_bearer_auth(token) else: mode.set_basic_auth(conf.username, conf.password) if conf.transport_mode == 'socket' and conf.use_sasl: def sasl_factory(): saslc = sasl.Client() saslc.setAttr("host", str(conf.host)) saslc.setAttr("service", str(conf.kerberos_principal)) if conf.mechanism == 'PLAIN': saslc.setAttr("username", str(conf.username)) saslc.setAttr( "password", str(conf.password) ) # Defaults to 'hue' for a non-empty string unless using LDAP else: saslc.setAttr("maxbufsize", SASL_MAX_BUFFER.get()) saslc.init() return saslc transport = TSaslClientTransport(sasl_factory, conf.mechanism, mode) elif conf.transport == 'framed': transport = TFramedTransport(mode) else: transport = TBufferedTransport(mode) protocol = TBinaryProtocol(transport) if conf.multiple: protocol = TMultiplexedProtocol(protocol, conf.service_name) service = conf.klass(protocol) return service, protocol, transport