Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: faa5f83347
Branches Tags
ydb
/
contrib
/
python
/
grpcio
/
py2
/
grpc
/
_auth.py

_auth.py 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. # Copyright 2016 gRPC authors.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. """GRPCAuthMetadataPlugins for standard authentication."""
    15. 

  15. 

  16. import inspect
    17. 

  17. import sys
    18. 

  18. 

  19. import grpc
    20. 

  20. 

  21. 

  22. def _sign_request(callback, token, error):
    23. 

  23.     metadata = (('authorization', 'Bearer {}'.format(token)),)
    24. 

  24.     callback(metadata, error)
    25. 

  25. 

  26. 

  27. class GoogleCallCredentials(grpc.AuthMetadataPlugin):
    28. 

  28.     """Metadata wrapper for GoogleCredentials from the oauth2client library."""
    29. 

  29. 

  30.     def __init__(self, credentials):
    31. 

  31.         self._credentials = credentials
    32. 

  32.         # Hack to determine if these are JWT creds and we need to pass
    33. 

  33.         # additional_claims when getting a token
    34. 

  34.         if sys.version_info[0] == 2:
    35. 

  35.             args = inspect.getargspec(credentials.get_access_token).args
    36. 

  36.         else:
    37. 

  37.             args = inspect.getfullargspec(credentials.get_access_token).args
    38. 

  38.         self._is_jwt = 'additional_claims' in args
    39. 

  39. 

  40.     def __call__(self, context, callback):
    41. 

  41.         try:
    42. 

  42.             if self._is_jwt:
    43. 

  43.                 access_token = self._credentials.get_access_token(
    44. 

  44.                     additional_claims={
    45. 

  45.                         'aud': context.service_url
    46. 

  46.                     }).access_token
    47. 

  47.             else:
    48. 

  48.                 access_token = self._credentials.get_access_token().access_token
    49. 

  49.         except Exception as exception:  # pylint: disable=broad-except
    50. 

  50.             _sign_request(callback, None, exception)
    51. 

  51.         else:
    52. 

  52.             _sign_request(callback, access_token, None)
    53. 

  53. 

  54. 

  55. class AccessTokenAuthMetadataPlugin(grpc.AuthMetadataPlugin):
    56. 

  56.     """Metadata wrapper for raw access token credentials."""
    57. 

  57. 

  58.     def __init__(self, access_token):
    59. 

  59.         self._access_token = access_token
    60. 

  60. 

  61.     def __call__(self, context, callback):
    62. 

  62.         _sign_request(callback, self._access_token, None)
    63.