Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 3527639e4e
Branches Tags
ydb
/
contrib
/
python
/
grpcio
/
py3
/
grpc
/
_auth.py

_auth.py 2.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. # Copyright 2016 gRPC authors.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. """GRPCAuthMetadataPlugins for standard authentication."""
    15. 

  15. 

  16. import inspect
    17. 

  17. from typing import Any, Optional
    18. 

  18. 

  19. import grpc
    20. 

  20. 

  21. 

  22. def _sign_request(callback: grpc.AuthMetadataPluginCallback,
    23. 

  23.                   token: Optional[str], error: Optional[Exception]):
    24. 

  24.     metadata = (('authorization', 'Bearer {}'.format(token)),)
    25. 

  25.     callback(metadata, error)
    26. 

  26. 

  27. 

  28. class GoogleCallCredentials(grpc.AuthMetadataPlugin):
    29. 

  29.     """Metadata wrapper for GoogleCredentials from the oauth2client library."""
    30. 

  30.     _is_jwt: bool
    31. 

  31.     _credentials: Any
    32. 

  32. 

  33.     # TODO(xuanwn): Give credentials an actual type.
    34. 

  34.     def __init__(self, credentials: Any):
    35. 

  35.         self._credentials = credentials
    36. 

  36.         # Hack to determine if these are JWT creds and we need to pass
    37. 

  37.         # additional_claims when getting a token
    38. 

  38.         self._is_jwt = 'additional_claims' in inspect.getfullargspec(
    39. 

  39.             credentials.get_access_token).args
    40. 

  40. 

  41.     def __call__(self, context: grpc.AuthMetadataContext,
    42. 

  42.                  callback: grpc.AuthMetadataPluginCallback):
    43. 

  43.         try:
    44. 

  44.             if self._is_jwt:
    45. 

  45.                 access_token = self._credentials.get_access_token(
    46. 

  46.                     additional_claims={
    47. 

  47.                         'aud':
    48. 

  48.                             context.
    49. 

  49.                             service_url  # pytype: disable=attribute-error
    50. 

  50.                     }).access_token
    51. 

  51.             else:
    52. 

  52.                 access_token = self._credentials.get_access_token().access_token
    53. 

  53.         except Exception as exception:  # pylint: disable=broad-except
    54. 

  54.             _sign_request(callback, None, exception)
    55. 

  55.         else:
    56. 

  56.             _sign_request(callback, access_token, None)
    57. 

  57. 

  58. 

  59. class AccessTokenAuthMetadataPlugin(grpc.AuthMetadataPlugin):
    60. 

  60.     """Metadata wrapper for raw access token credentials."""
    61. 

  61.     _access_token: str
    62. 

  62. 

  63.     def __init__(self, access_token: str):
    64. 

  64.         self._access_token = access_token
    65. 

  65. 

  66.     def __call__(self, context: grpc.AuthMetadataContext,
    67. 

  67.                  callback: grpc.AuthMetadataPluginCallback):
    68. 

  68.         _sign_request(callback, self._access_token, None)
    69.