Python grpc.ssl_channel_credentials() Examples
The following are 30
code examples of grpc.ssl_channel_credentials().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
grpc
, or try the search function
.
.
Example #1
| Source File: bookstore_client.py From python-docs-samples with Apache License 2.0 | 9 votes |
|
def run(host, port, api_key, auth_token, timeout, use_tls):
"""Makes a basic ListShelves call against a gRPC Bookstore server."""
if use_tls:
with open('../roots.pem', 'rb') as f:
creds = grpc.ssl_channel_credentials(f.read())
channel = grpc.secure_channel('{}:{}'.format(host, port), creds)
else:
channel = grpc.insecure_channel('{}:{}'.format(host, port))
stub = bookstore_pb2_grpc.BookstoreStub(channel)
metadata = []
if api_key:
metadata.append(('x-api-key', api_key))
if auth_token:
metadata.append(('authorization', 'Bearer ' + auth_token))
shelves = stub.ListShelves(empty_pb2.Empty(), timeout, metadata=metadata)
print('ListShelves: {}'.format(shelves))
Example #2
| Source File: Tbon.py From pcocc with GNU General Public License v3.0 | 8 votes |
|
def __init__(self, connect_info):
self._vmid = connect_info[0]
self._host = connect_info[1]
self._port = connect_info[2]
self._stub = None
self._channel = None
client_cert = Config().batch.client_cert
credential = grpc.ssl_channel_credentials(
root_certificates=client_cert.ca_cert,
private_key=client_cert.key,
certificate_chain=client_cert.cert
)
self._channel = grpc.secure_channel(
self._host + ":" + self._port, credential)
self._stub = agent_pb2_grpc.pcoccNodeStub(self._channel)
Example #3
| Source File: __init__.py From mocktailsmixer with MIT License | 7 votes |
|
def create_grpc_channel(target, credentials, ssl_credentials_file=None,
grpc_channel_options=[]):
"""Create and return a gRPC channel.
Args:
credentials(google.oauth2.credentials.Credentials): OAuth2 credentials.
ssl_credentials_file(str): Path to SSL credentials.pem file
(for testing).
grpc_channel_options([(option_name, option_val)]): gRPC channel options.
Returns:
grpc.Channel.
"""
ssl_credentials = None
if ssl_credentials_file:
with open(ssl_credentials_file) as f:
ssl_credentials = grpc.ssl_channel_credentials(f.read())
http_request = google.auth.transport.requests.Request()
# TODO(proppy): figure out if/why we need to force a refresh.
# if yes, consider remove access token from serialized credentials.
credentials.refresh(http_request)
return google.auth.transport.grpc.secure_authorized_channel(
credentials, http_request, target,
ssl_credentials=ssl_credentials,
options=grpc_channel_options)
Example #4
| Source File: blitz.ip2tor.py From raspiblitz with MIT License | 6 votes |
|
def lndPayInvoice(lnInvoiceString):
try:
# call LND GRPC API
macaroon = codecs.encode(open(LND_ADMIN_MACAROON_PATH, 'rb').read(), 'hex')
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(LND_TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
channel = grpc.secure_channel("{0}:10009".format(LND_IP), ssl_creds)
stub = rpcstub.LightningStub(channel)
request = lnrpc.SendRequest(
payment_request=lnInvoiceString,
)
response = stub.SendPaymentSync(request, metadata=[('macaroon', macaroon)])
# validate results
if len(response.payment_error) > 0:
print("error='PAYMENT FAILED'")
print("error_detail='{}'".format(response.payment_error))
return
except Exception as e:
print("error='FAILED LND INVOICE PAYMENT'")
return
return response
Example #5
| Source File: lnd.initwallet.py From raspiblitz with MIT License | 6 votes |
|
def main():
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open('/mnt/hdd/lnd/tls.cert', 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
channel = grpc.secure_channel('localhost:10009', ssl_creds)
stub = lnrpc.WalletUnlockerStub(channel)
wallet_password, seed_words, seed_password, file_path_scb = parse_args()
if mode == "new":
print("# *** CREATING NEW LND WALLET ***")
new(stub, wallet_password)
elif mode == "seed":
print("# *** RECOVERING LND WALLET FROM SEED ***")
seed(stub, wallet_password, seed_words, seed_password)
elif mode == "scb":
print("# *** RECOVERING LND WALLET FROM SEED + SCB ***")
scb(stub, wallet_password, seed_words, seed_password, file_path_scb)
Example #6
| Source File: blitz.ip2tor.py From raspiblitz with MIT License | 6 votes |
|
def lndDecodeInvoice(lnInvoiceString):
try:
# call LND GRPC API
macaroon = codecs.encode(open(LND_ADMIN_MACAROON_PATH, 'rb').read(), 'hex')
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(LND_TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
channel = grpc.secure_channel("{0}:10009".format(LND_IP), ssl_creds)
stub = rpcstub.LightningStub(channel)
request = lnrpc.PayReqString(
pay_req=lnInvoiceString,
)
response = stub.DecodePayReq(request, metadata=[('macaroon', macaroon)])
# validate results
if response.num_msat <= 0:
print("error='ZERO INVOICES NOT ALLOWED'")
return
except Exception as e:
print("error='FAILED LND INVOICE DECODING'")
return
return response
Example #7
| Source File: client.py From python-etcd3 with Apache License 2.0 | 6 votes |
|
def _get_secure_creds(self, ca_cert, cert_key=None, cert_cert=None):
cert_key_file = None
cert_cert_file = None
with open(ca_cert, 'rb') as f:
ca_cert_file = f.read()
if cert_key is not None:
with open(cert_key, 'rb') as f:
cert_key_file = f.read()
if cert_cert is not None:
with open(cert_cert, 'rb') as f:
cert_cert_file = f.read()
return grpc.ssl_channel_credentials(
ca_cert_file,
cert_key_file,
cert_cert_file
)
Example #8
| Source File: base_client.py From lnd_grpc with MIT License | 6 votes |
|
def combined_credentials(self) -> grpc.CallCredentials:
"""
Combine ssl and macaroon credentials
:return: grpc.composite_channel_credentials
"""
cert_creds = grpc.ssl_channel_credentials(self.tls_cert)
auth_creds = grpc.metadata_call_credentials(self.metadata_callback)
return grpc.composite_channel_credentials(cert_creds, auth_creds)
Example #9
| Source File: service_client.py From snet-cli with MIT License | 6 votes |
|
def _get_grpc_channel(self):
endpoint = self.options.get("endpoint", None)
if endpoint is None:
endpoint = self.service_metadata.get_all_endpoints_for_group(self.group["group_name"])[0]
endpoint_object = urlparse(endpoint)
if endpoint_object.port is not None:
channel_endpoint = endpoint_object.hostname + ":" + str(endpoint_object.port)
else:
channel_endpoint = endpoint_object.hostname
if endpoint_object.scheme == "http":
return grpc.insecure_channel(channel_endpoint)
elif endpoint_object.scheme == "https":
return grpc.secure_channel(channel_endpoint, grpc.ssl_channel_credentials())
else:
raise ValueError('Unsupported scheme in service metadata ("{}")'.format(endpoint_object.scheme))
Example #10
| Source File: application.py From python-app-sdk with MIT License | 6 votes |
|
def __init__(self, app_id, access_key,
handler_address="", cert_content="",
discovery_address="discovery.thethings.network:1900"):
self.app_id = app_id
self.app_access_key = access_key
if not handler_address:
discovery = DiscoveryClient(discovery_address)
announcement = discovery.get_by_app_id(self.app_id.encode())
handler_address = announcement.net_address
cert_content = announcement.certificate
elif not cert_content:
raise RuntimeError("You need to provide credentials")
creds = grpc.ssl_channel_credentials(cert_content.encode())
channel = grpc.secure_channel(handler_address, creds)
self.client = handler.ApplicationManagerStub(channel)
Example #11
| Source File: conftest.py From gapic-generator-python with Apache License 2.0 | 6 votes |
|
def construct_client(client_class,
use_mtls,
transport="grpc",
channel_creator=grpc.insecure_channel):
if use_mtls:
with mock.patch("grpc.ssl_channel_credentials", autospec=True) as mock_ssl_cred:
mock_ssl_cred.return_value = ssl_credentials
client = client_class(
credentials=credentials.AnonymousCredentials(),
client_options=client_options,
)
mock_ssl_cred.assert_called_once_with(
certificate_chain=cert, private_key=key
)
return client
else:
transport = client_class.get_transport_class(transport)(
channel=channel_creator("localhost:7469")
)
return client_class(transport=transport)
Example #12
| Source File: client.py From predixpy with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def _init_channel(self):
"""
build the grpc channel used for both publisher and subscriber
:return: None
"""
host = self._get_host()
port = self._get_grpc_port()
if 'TLS_PEM_FILE' in os.environ:
with open(os.environ['TLS_PEM_FILE'], mode='rb') as f: # b is important -> binary
file_content = f.read()
credentials = grpc.ssl_channel_credentials(root_certificates=file_content)
else:
credentials = grpc.ssl_channel_credentials()
self._channel = grpc.secure_channel(host + ":" + port, credentials=credentials)
self._init_health_checker()
Example #13
| Source File: test_inference_endpoints.py From inference-model-manager with Apache License 2.0 | 6 votes |
|
def test_wrong_certificates():
url = endpoint_info.info
trusted_cert, wrong_key, wrong_ca = prepare_certs(
CERT_SERVER,
CERT_BAD_CLIENT_KEY,
CERT_BAD_CLIENT)
creds = grpc.ssl_channel_credentials(root_certificates=trusted_cert,
private_key=wrong_key, certificate_chain=wrong_ca)
stub, request = prepare_stub_and_request(url, MODEL_NAME, creds=creds)
numpy_input = numpy.zeros((1, 224, 224, 3), numpy.dtype('<f'))
request.inputs[model_input].CopyFrom(
tf.contrib.util.make_tensor_proto(numpy_input, shape=[1, 224, 224, 3]))
with pytest.raises(grpc.RpcError) as context:
stub.Predict(request, RPC_TIMEOUT)
assert context.value.details() == 'Received http2 header with status: 403'
Example #14
| Source File: test_inference_endpoints.py From inference-model-manager with Apache License 2.0 | 6 votes |
|
def test_prediction_with_certificates():
time.sleep(30)
endpoint_info.url = endpoint_info.info
trusted_cert, trusted_key, trusted_ca = prepare_certs(
CERT_SERVER,
CERT_CLIENT_KEY,
CERT_CLIENT)
endpoint_info.credentials = grpc.ssl_channel_credentials(root_certificates=trusted_cert,
private_key=trusted_key,
certificate_chain=trusted_ca)
# resnet_v1 test
prediction_response = perform_inference()
assert not prediction_response == "Failed"
response = numpy.array(prediction_response.outputs[model_output].float_val)
max_output = numpy.argmax(response) - 1
num_label = classes.imagenet_classes[max_output]
test_label = classes.imagenet_classes[first_label]
assert max_output == first_label
assert num_label == test_label
assert response.size == 1000
Example #15
| Source File: grpc_client.py From inference-model-manager with Apache License 2.0 | 6 votes |
|
def get_stub_and_request(endpoint_address, model_name, certs, ssl, target_name, request_type):
request_type = INFERENCE_REQUEST if request_type is None else request_type
if ssl:
server_ca_cert, client_key, client_cert = prepare_certs(server_cert=certs['server_cert'],
client_key=certs['client_key'],
client_ca=certs['client_cert'])
creds = grpc.ssl_channel_credentials(root_certificates=server_ca_cert,
private_key=client_key, certificate_chain=client_cert)
stub, request = prepare_stub_and_request(address=endpoint_address, model_name=model_name,
creds=creds, opts=target_name,
request_type=request_type)
else:
stub, request = prepare_stub_and_request(address=endpoint_address, model_name=model_name,
creds=None, opts=target_name,
request_type=request_type)
return stub, request
Example #16
| Source File: utils.py From snet-cli with MIT License | 5 votes |
|
def open_grpc_channel(endpoint):
"""
open grpc channel:
- for http:// we open insecure_channel
- for https:// we open secure_channel (with default credentials)
- without prefix we open insecure_channel
"""
if (endpoint.startswith("https://")):
return grpc.secure_channel(remove_http_https_prefix(endpoint), grpc.ssl_channel_credentials())
return grpc.insecure_channel(remove_http_https_prefix(endpoint))
Example #17
| Source File: freecall_payment_strategy.py From snet-cli with MIT License | 5 votes |
|
def is_free_call_available(self, email, token_for_free_call, token_expiry_date_block, signature,
current_block_number, daemon_endpoint):
try:
with add_to_path(str(RESOURCES_PATH.joinpath("proto"))):
state_service_pb2 = importlib.import_module("state_service_pb2")
with add_to_path(str(RESOURCES_PATH.joinpath("proto"))):
state_service_pb2_grpc = importlib.import_module("state_service_pb2_grpc")
request = state_service_pb2.FreeCallStateRequest()
request.user_id = email
request.token_for_free_call = token_for_free_call
request.token_expiry_date_block = token_expiry_date_block
request.signature = signature
request.current_block = current_block_number
endpoint_object = urlparse(daemon_endpoint)
if endpoint_object.port is not None:
channel_endpoint = endpoint_object.hostname + ":" + str(endpoint_object.port)
else:
channel_endpoint = endpoint_object.hostname
if endpoint_object.scheme == "http":
channel = grpc.insecure_channel(channel_endpoint)
elif endpoint_object.scheme == "https":
channel = grpc.secure_channel(channel_endpoint, grpc.ssl_channel_credentials())
else:
raise ValueError('Unsupported scheme in service metadata ("{}")'.format(endpoint_object.scheme))
stub = state_service_pb2_grpc.FreeCallStateServiceStub(channel)
response = stub.GetFreeCallsAvailable(request)
if response.free_calls_available > 0:
return True
return False
except Exception as e:
return False
Example #18
| Source File: grpc_ssl_test.py From rules_pyz with Apache License 2.0 | 5 votes |
|
def test_connect(self):
# when zipped grpc needs to load a resource that it tries to get from disk
# that resource must be unzipped along with the native code library
credentials = grpc.ssl_channel_credentials()
channel = grpc.secure_channel('datastore.googleapis.com', credentials)
datastore_stub = datastore_pb2_grpc.DatastoreStub(channel)
request = datastore_pb2.LookupRequest()
with self.assertRaisesRegexp(grpc.RpcError, 'missing required authentication') as context:
datastore_stub.Lookup(request)
self.assertEqual(context.exception.code(), grpc.StatusCode.UNAUTHENTICATED)
Example #19
| Source File: common.py From lnd-grpc-client with MIT License | 5 votes |
|
def generate_credentials(cert, macaroon):
"""Create composite channel credentials using cert and macaroon metatdata"""
# create cert credentials from the tls.cert file
cert_creds = grpc.ssl_channel_credentials(cert)
# build meta data credentials
metadata_plugin = MacaroonMetadataPlugin(macaroon)
auth_creds = grpc.metadata_call_credentials(metadata_plugin)
# combine the cert credentials and the macaroon auth credentials
# such that every call is properly encrypted and authenticated
return grpc.composite_channel_credentials(cert_creds, auth_creds)
Example #20
| Source File: grpc_helper.py From resilient-community-apps with MIT License | 5 votes |
|
def gRPC_Connect_Server(self, auth_type=None, channel=None, stub_class=None, certificate_path=None):
"""
:param auth_type: Input Secure Connection type
:param channel: gRPC Channel
:param stub_class: a Stub Class object from imported pb2 library
:param certificate_path: path of the ssl/tls certificate
:return: stub class object
"""
# Checking supplied Input Arguments
if channel is None:
raise ValueError("channel argument should not be None type")
if stub_class is None:
raise ValueError("stub class object should not be None type")
if auth_type not in ['ssl', 'tls', 'oauth2'] and auth_type is None:
self.log_object.info("gRPC Channel Connection is not secure.")
channel_object = grpc.insecure_channel(channel)
stub_class_obj = stub_class(channel_object)
return stub_class_obj, channel_object
elif auth_type.find('ssl') != -1 or auth_type.find('tls') != -1:
self.log_object.info("Channel Authentication is secure : {0}".format(auth_type))
if certificate_path is None:
raise ValueError("Please specify the valid certificate path")
with open(certificate_path, 'rb') as certificate:
channel_cred = grpc.ssl_channel_credentials(root_certificates=certificate.read())
channel_object = grpc.secure_channel(channel, channel_cred)
stub_class_obj = stub_class(channel_object)
return stub_class_obj, channel_object
else:
raise NotImplementedError("The authentication type {0} is not supported".format(auth_type))
Example #21
| Source File: lnd_client.py From node-launcher with MIT License | 5 votes |
|
def get_cert_credentials(self):
lnd_tls_cert = open(self.tls_cert_path, 'rb').read()
cert_credentials = grpc.ssl_channel_credentials(lnd_tls_cert)
return cert_credentials
# noinspection PyUnusedLocal
Example #22
| Source File: experiment_from_dev.py From tensorboard with Apache License 2.0 | 5 votes |
|
def get_api_client(api_endpoint=None):
server_info = _get_server_info(api_endpoint=api_endpoint)
_handle_server_info(server_info)
channel_creds = grpc.ssl_channel_credentials()
credentials = auth.CredentialsStore().read_credentials()
if credentials:
channel_creds = grpc.composite_channel_credentials(
channel_creds, auth.id_token_call_credentials(credentials)
)
channel = grpc.secure_channel(
server_info.api_server.endpoint, channel_creds
)
return export_service_pb2_grpc.TensorBoardExporterServiceStub(channel)
Example #23
| Source File: test_inference_endpoints.py From inference-model-manager with Apache License 2.0 | 5 votes |
|
def test_no_certificates():
url = endpoint_info.info
trusted_cert, _, _ = prepare_certs(CERT_SERVER)
creds = grpc.ssl_channel_credentials(root_certificates=trusted_cert)
stub, request = prepare_stub_and_request(url, MODEL_NAME, creds=creds)
numpy_input = numpy.zeros((1, 224, 224, 3), numpy.dtype('<f'))
request.inputs[model_input].CopyFrom(
tf.contrib.util.make_tensor_proto(numpy_input, shape=[1, 224, 224, 3]))
with pytest.raises(grpc.RpcError) as context:
stub.Predict(request, RPC_TIMEOUT)
assert context.value.details() == 'Received http2 header with status: 400'
Example #24
| Source File: test_ovms.py From inference-model-manager with Apache License 2.0 | 5 votes |
|
def test_ovms_serving_status(ovms_endpoint):
ovms_endpoint_response, namespace = ovms_endpoint
url = json.loads(ovms_endpoint_response.text)['data']['url']
start_time = time.time()
tick = start_time
running = False
while tick - start_time < 100:
tick = time.time()
try:
all_pods = get_all_pods_in_namespace(namespace)
pod_name = all_pods.items[0].metadata.name
logging.info("Pod name :", pod_name)
logs = get_logs_of_pod("ovms", pod_name)
logging.info(logs)
if "Server listens on port 9000 and will be serving models" in logs:
running = True
break
except Exception as e:
logging.info(e)
time.sleep(10)
assert running is True
trusted_cert, trusted_key, trusted_ca = prepare_certs(
CERT_SERVER,
CERT_CLIENT_KEY,
CERT_CLIENT)
creds = grpc.ssl_channel_credentials(root_certificates=trusted_cert, private_key=trusted_key,
certificate_chain=trusted_ca)
stub, _ = prepare_stub_and_request(url, "", creds=creds)
request = get_model_metadata_request("ovms_resnet")
response = stub.GetModelMetadata(request, 10)
assert "ovms_resnet" == response.model_spec.name
Example #25
| Source File: tiller.py From pyhelm with Apache License 2.0 | 5 votes |
|
def get_channel(self):
"""
Return a tiller channel
"""
target = '%s:%s' % (self._host, self._port)
# Despite Helm sets grpc keep alive to 30 seconds, it handles grpc "too_many_pings" errors
# which we don't want to handle. Setting it to 30 seconds will cause such an error at times.
options = (
("grpc.keepalive_time_ms", GRPC_KEEPALIVE_TIME_MS),
("grpc.http2.min_time_between_pings_ms", GRPC_MIN_TIME_BETWEEN_PINGS_MS),
("grpc.http2.max_pings_without_data", 0),
("grpc.keepalive_permit_without_calls", 1),
("grpc.max_receive_message_length", GRPC_MAX_RECEIVE_MESSAGE_LENGTH),
("grpc.max_send_message_length", GRPC_MAX_SEND_MESSAGE_LENGTH)
)
if self._tls_config:
ssl_channel_credentials = grpc.ssl_channel_credentials(
root_certificates=self._tls_config.ca_data,
private_key=self._tls_config.key_data,
certificate_chain=self._tls_config.cert_data
)
return grpc.secure_channel(target, ssl_channel_credentials, options=options)
else:
return grpc.insecure_channel(target, options=options)
Example #26
| Source File: grpc.py From google-auth-library-python with Apache License 2.0 | 5 votes |
|
def ssl_credentials(self):
"""Get the created SSL channel credentials.
For devices with endpoint verification support, if the device certificate
loading has any problems, corresponding exceptions will be raised. For
a device without endpoint verification support, no exceptions will be
raised.
Returns:
grpc.ChannelCredentials: The created grpc channel credentials.
Raises:
google.auth.exceptions.MutualTLSChannelError: If mutual TLS channel
creation failed for any reason.
"""
if self._is_mtls:
try:
_, cert, key, _ = _mtls_helper.get_client_ssl_credentials()
self._ssl_credentials = grpc.ssl_channel_credentials(
certificate_chain=cert, private_key=key
)
except exceptions.ClientCertError as caught_exc:
new_exc = exceptions.MutualTLSChannelError(caught_exc)
six.raise_from(new_exc, caught_exc)
else:
self._ssl_credentials = grpc.ssl_channel_credentials()
return self._ssl_credentials
Example #27
| Source File: tls_example.py From pydgraph with Apache License 2.0 | 5 votes |
|
def create_client(addr='localhost:9080'):
# Read certs
with open('./tls/ca.crt', 'rb') as f:
root_ca_cert = f.read()
with open('./tls/client.user.key', 'rb') as f:
client_cert_key = f.read()
with open('./tls/client.user.crt', 'rb') as f:
client_cert = f.read()
# Connect to Dgraph via gRPC with mutual TLS.
creds = grpc.ssl_channel_credentials(root_certificates=root_ca_cert,
private_key=client_cert_key,
certificate_chain=client_cert)
client_stub = pydgraph.DgraphClientStub(addr, credentials=creds)
return pydgraph.DgraphClient(client_stub)
Example #28
| Source File: grpc_connector.py From loopchain with Apache License 2.0 | 5 votes |
|
def create_client_channel(cls, keys: GRPCSecureKeyCollection, host, ssl_auth_type: conf.SSLAuthType):
credentials = grpc.ssl_channel_credentials(
root_certificates=keys.ssl_root_crt)
return grpc.secure_channel(host, credentials)
Example #29
| Source File: conftest.py From dcos with Apache License 2.0 | 5 votes |
|
def grpc_stub(repo_is_ee):
if repo_is_ee:
channel_credential = grpc.ssl_channel_credentials(
root_certificates=pathlib.Path(
'/run/dcos/pki/CA/ca-bundle.crt').read_bytes(),
)
channel = grpc.secure_channel('localhost:12379', channel_credential)
else:
channel = grpc.insecure_channel('localhost:12379')
with channel:
stub = grpc_endpoint_pb2_grpc.MockServiceStub(channel)
yield stub
Example #30
| Source File: grpc_connector.py From loopchain with Apache License 2.0 | 5 votes |
|
def create_client_channel(cls, keys: GRPCSecureKeyCollection, host, ssl_auth_type: conf.SSLAuthType):
credentials = grpc.ssl_channel_credentials(
root_certificates=keys.ssl_root_crt,
private_key=keys.ssl_pk,
certificate_chain=keys.ssl_crt)
return grpc.secure_channel(host, credentials)
