@BeforeClass public static void startServer() throws IOException { AfricasTalking.initialize(Fixtures.USERNAME, Fixtures.API_KEY); server = new Server(new Authenticator() { @Override public boolean authenticate(String client) { return client.compareToIgnoreCase(TEST_CLIENT_ID) == 0; } }); server.addSipCredentials("test", "secret", "sip://at.dev"); server.start(certFile, privateKeyFile, TEST_PORT); ManagedChannel ch = NettyChannelBuilder.forAddress("localhost", TEST_PORT) .sslContext(GrpcSslContexts.forClient().trustManager(certFile).build()) .build(); client = SdkServerServiceGrpc.newBlockingStub(ch) .withCallCredentials(new CallCredentials(){ @Override public void applyRequestMetadata(MethodDescriptor<?, ?> method, Attributes attrs, Executor appExecutor, final MetadataApplier applier) { appExecutor.execute(new Runnable(){ @Override public void run() { try { Metadata headers = new Metadata(); Metadata.Key<String> clientIdKey = Metadata.Key.of("X-Client-Id", Metadata.ASCII_STRING_MARSHALLER); headers.put(clientIdKey, TEST_CLIENT_ID); applier.apply(headers); } catch(Throwable ex) { applier.fail(Status.UNAUTHENTICATED.withCause(ex)); } } }); } }); }
/** * Creates a new instance. * * @param instanceName the instance name to be prepended to resource name of the {@code Write} * call. See the {@code ByteStream} service definition for details * @param channel the {@link io.grpc.Channel} to use for calls * @param callCredentials the credentials to use for authentication. May be {@code null}, in which * case no authentication is performed * @param callTimeoutSecs the timeout in seconds after which a {@code Write} gRPC call must be * complete. The timeout resets between retries * @param retrier the {@link Retrier} whose backoff strategy to use for retry timings. * @param retryService the executor service to schedule retries on. It's the responsibility of the * caller to properly shutdown the service after use. Users should avoid shutting down the * service before {@link #shutdown()} has been called */ public ByteStreamUploader( @Nullable String instanceName, Channel channel, @Nullable CallCredentials callCredentials, long callTimeoutSecs, Retrier retrier, ListeningScheduledExecutorService retryService) { checkArgument(callTimeoutSecs > 0, "callTimeoutSecs must be gt 0."); this.instanceName = instanceName; this.channel = channel; this.callCredentials = callCredentials; this.callTimeoutSecs = callTimeoutSecs; this.retrier = retrier; this.retryService = retryService; }
@VisibleForTesting public GrpcRemoteCache( Channel channel, CallCredentials credentials, RemoteOptions options, RemoteRetrier retrier, DigestUtil digestUtil) { super(digestUtil); this.options = options; this.credentials = credentials; this.channel = channel; this.retrier = retrier; uploader = new ByteStreamUploader(options.remoteInstanceName, channel, credentials, options.remoteTimeout, retrier, retryScheduler); }
/** * Creates a new instance. * * @param instanceName the instance name to be prepended to resource name of the {@code Write} * call. See the {@code ByteStream} service definition for details * @param channel the {@link io.grpc.Channel} to use for calls * @param callCredentials the credentials to use for authentication. May be {@code null}, in which * case no authentication is performed * @param callTimeoutSecs the timeout in seconds after which a {@code Write} gRPC call must be * complete. The timeout resets between retries * @param retrier the {@link RemoteRetrier} whose backoff strategy to use for retry timings. * @param retryService the executor service to schedule retries on. It's the responsibility of the * caller to properly shutdown the service after use. Users should avoid shutting down the * service before {@link #shutdown()} has been called */ public ByteStreamUploader( @Nullable String instanceName, Channel channel, @Nullable CallCredentials callCredentials, long callTimeoutSecs, RemoteRetrier retrier, ListeningScheduledExecutorService retryService) { checkArgument(callTimeoutSecs > 0, "callTimeoutSecs must be gt 0."); this.instanceName = instanceName; this.channel = channel; this.callCredentials = callCredentials; this.callTimeoutSecs = callTimeoutSecs; this.retrier = retrier; this.retryService = retryService; }
@Test public void serviceUri() throws Exception { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); callCredentials.applyRequestMetadata(method, Attributes.newBuilder() .setAll(attrs) .set(CallCredentials.ATTR_AUTHORITY, "example.com:443") .build(), executor, applier); verify(credentials).getRequestMetadata(eq(new URI("https://example.com/a.service"))); callCredentials.applyRequestMetadata(method, Attributes.newBuilder() .setAll(attrs) .set(CallCredentials.ATTR_AUTHORITY, "example.com:123") .build(), executor, applier); verify(credentials).getRequestMetadata(eq(new URI("https://example.com:123/a.service"))); }
@Test public void parameterPropagation_overrideByTransport() { Attributes transportAttrs = Attributes.newBuilder() .set(ATTR_KEY, ATTR_VALUE) .set(CallCredentials.ATTR_AUTHORITY, "transport-override-authority") .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.INTEGRITY) .build(); when(mockTransport.getAttributes()).thenReturn(transportAttrs); transport.newStream(method, origHeaders, callOptions); ArgumentCaptor<Attributes> attrsCaptor = ArgumentCaptor.forClass(null); verify(mockCreds).applyRequestMetadata(same(method), attrsCaptor.capture(), same(mockExecutor), any(MetadataApplier.class)); Attributes attrs = attrsCaptor.getValue(); assertSame(ATTR_VALUE, attrs.get(ATTR_KEY)); assertEquals("transport-override-authority", attrs.get(CallCredentials.ATTR_AUTHORITY)); assertSame(SecurityLevel.INTEGRITY, attrs.get(CallCredentials.ATTR_SECURITY_LEVEL)); }
@Test public void parameterPropagation_overrideByCallOptions() { Attributes transportAttrs = Attributes.newBuilder() .set(ATTR_KEY, ATTR_VALUE) .set(CallCredentials.ATTR_AUTHORITY, "transport-override-authority") .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.INTEGRITY) .build(); when(mockTransport.getAttributes()).thenReturn(transportAttrs); Executor anotherExecutor = mock(Executor.class); transport.newStream(method, origHeaders, callOptions.withAuthority("calloptions-authority").withExecutor(anotherExecutor)); ArgumentCaptor<Attributes> attrsCaptor = ArgumentCaptor.forClass(null); verify(mockCreds).applyRequestMetadata(same(method), attrsCaptor.capture(), same(anotherExecutor), any(MetadataApplier.class)); Attributes attrs = attrsCaptor.getValue(); assertSame(ATTR_VALUE, attrs.get(ATTR_KEY)); assertEquals("calloptions-authority", attrs.get(CallCredentials.ATTR_AUTHORITY)); assertSame(SecurityLevel.INTEGRITY, attrs.get(CallCredentials.ATTR_SECURITY_LEVEL)); }
/** * Get CallCredentials from OAuthCredentials * * @param oAuthCredentials the credentials from the AuthenticationHelper * @return the CallCredentials for the GRPC requests */ private CallCredentials getCallCredentials(OAuthCredentials oAuthCredentials) { AccessToken accessToken = new AccessToken( oAuthCredentials.getAccessToken(), new Date(oAuthCredentials.getExpirationTime()) ); OAuth2Credentials oAuth2Credentials = new OAuth2Credentials(accessToken); // Create an instance of {@link io.grpc.CallCredentials} return MoreCallCredentials.from(oAuth2Credentials); }
AsyncUpload( Channel channel, CallCredentials callCredentials, long callTimeoutSecs, String instanceName, Chunker chunker, Listener listener) { this.channel = channel; this.callCredentials = callCredentials; this.callTimeoutSecs = callTimeoutSecs; this.instanceName = instanceName; this.chunker = chunker; this.listener = listener; }
public BuildEventServiceGrpcClient( ManagedChannel channel, @Nullable CallCredentials callCredentials) { this.channel = channel; this.besAsync = withCallCredentials( PublishBuildEventGrpc.newStub(channel), callCredentials); this.besBlocking = withCallCredentials( PublishBuildEventGrpc.newBlockingStub(channel), callCredentials); this.streamReference = new AtomicReference<>(null); }
/** * Create a new {@link CallCredentials} object. * * @throws IOException in case the call credentials can't be constructed. */ public static CallCredentials newCallCredentials(AuthAndTLSOptions options) throws IOException { Credentials creds = newCredentials(options); if (creds != null) { return MoreCallCredentials.from(creds); } return null; }
@VisibleForTesting public static CallCredentials newCallCredentials( @Nullable InputStream credentialsFile, List<String> authScope) throws IOException { Credentials creds = newCredentials(credentialsFile, authScope); if (creds != null) { return MoreCallCredentials.from(creds); } return null; }
public GrpcRemoteExecutor( Channel channel, @Nullable CallCredentials callCredentials, int callTimeoutSecs, RemoteRetrier retrier) { Preconditions.checkArgument(callTimeoutSecs > 0, "callTimeoutSecs must be gt 0."); this.channel = channel; this.callCredentials = callCredentials; this.callTimeoutSecs = callTimeoutSecs; this.retrier = retrier; }
private GrpcRemoteCache newClient() throws IOException { AuthAndTLSOptions authTlsOptions = Options.getDefaults(AuthAndTLSOptions.class); authTlsOptions.useGoogleDefaultCredentials = true; authTlsOptions.googleCredentials = "/exec/root/creds.json"; authTlsOptions.googleAuthScopes = ImmutableList.of("dummy.scope"); GenericJson json = new GenericJson(); json.put("type", "authorized_user"); json.put("client_id", "some_client"); json.put("client_secret", "foo"); json.put("refresh_token", "bar"); Scratch scratch = new Scratch(); scratch.file(authTlsOptions.googleCredentials, new JacksonFactory().toString(json)); CallCredentials creds = GoogleAuthUtils.newCallCredentials( scratch.resolve(authTlsOptions.googleCredentials).getInputStream(), authTlsOptions.googleAuthScopes); RemoteOptions remoteOptions = Options.getDefaults(RemoteOptions.class); RemoteRetrier retrier = new RemoteRetrier( remoteOptions, RemoteRetrier.RETRIABLE_GRPC_ERRORS, Retrier.ALLOW_ALL_CALLS); return new GrpcRemoteCache( ClientInterceptors.intercept( InProcessChannelBuilder.forName(fakeServerName).directExecutor().build(), ImmutableList.of(new CallCredentialsInterceptor(creds))), creds, remoteOptions, retrier, DIGEST_UTIL); }
@Override public ClientStream newStream( MethodDescriptor<?, ?> method, Metadata headers, CallOptions callOptions) { CallCredentials creds = callOptions.getCredentials(); if (creds != null) { MetadataApplierImpl applier = new MetadataApplierImpl( delegate, method, headers, callOptions); Attributes.Builder effectiveAttrsBuilder = Attributes.newBuilder() .set(CallCredentials.ATTR_AUTHORITY, authority) .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.NONE) .setAll(delegate.getAttributes()); if (callOptions.getAuthority() != null) { effectiveAttrsBuilder.set(CallCredentials.ATTR_AUTHORITY, callOptions.getAuthority()); } try { creds.applyRequestMetadata(method, effectiveAttrsBuilder.build(), firstNonNull(callOptions.getExecutor(), appExecutor), applier); } catch (Throwable t) { applier.fail(Status.UNAUTHENTICATED .withDescription("Credentials should use fail() instead of throwing exceptions") .withCause(t)); } return applier.returnStream(); } else { return delegate.newStream(method, headers, callOptions); } }
@Test public void parameterPropagation_base() { Attributes transportAttrs = Attributes.newBuilder().set(ATTR_KEY, ATTR_VALUE).build(); when(mockTransport.getAttributes()).thenReturn(transportAttrs); transport.newStream(method, origHeaders, callOptions); ArgumentCaptor<Attributes> attrsCaptor = ArgumentCaptor.forClass(null); verify(mockCreds).applyRequestMetadata(same(method), attrsCaptor.capture(), same(mockExecutor), any(MetadataApplier.class)); Attributes attrs = attrsCaptor.getValue(); assertSame(ATTR_VALUE, attrs.get(ATTR_KEY)); assertSame(AUTHORITY, attrs.get(CallCredentials.ATTR_AUTHORITY)); assertSame(SecurityLevel.NONE, attrs.get(CallCredentials.ATTR_SECURITY_LEVEL)); }
public static void main(String[] args) throws InterruptedException { // ManagedChannel channel = ManagedChannelBuilder.forAddress("172.16.101.200", 44134).usePlaintext(true).build(); ManagedChannel channel = NettyChannelBuilder .forAddress("172.16.101.200", 44134) .negotiationType(NegotiationType.PLAINTEXT).build(); ReleaseServiceGrpc.ReleaseServiceBlockingStub blockingStub = ReleaseServiceGrpc .newBlockingStub(channel).withCallCredentials(new CallCredentials(){ @Override public void applyRequestMetadata(MethodDescriptor<?, ?> method, Attributes attrs, Executor appExecutor, MetadataApplier applier) { // TODO Auto-generated method stub Metadata metadata = new Metadata(); metadata.put(Metadata.Key.of("x-helm-api-client", Metadata.ASCII_STRING_MARSHALLER), "v2.2.0"); applier.apply(metadata); } }); deployAChart(blockingStub); //updateDeploy(blockingStub); //undeploy(blockingStub); /* Tiller.GetVersionResponse response = blockingStub.getVersion(Tiller.GetVersionRequest.newBuilder().build()); System.out.println(response.getVersion()); Iterator<Tiller.ListReleasesResponse> listReleasesIterator = blockingStub.listReleases(Tiller.ListReleasesRequest.newBuilder().build()); System.out.println("================start================="); while (listReleasesIterator.hasNext()) { System.out.println(listReleasesIterator.next()); System.out.println("---------------------------------"); } System.out.println("================end================="); Tiller.GetReleaseStatusResponse releaseStatus = blockingStub.getReleaseStatus(Tiller.GetReleaseStatusRequest .newBuilder() .setName("invited-catfish").build()); System.out.println("status:"+releaseStatus); System.out.println("-----------------"); Tiller.GetHistoryResponse history = blockingStub.getHistory(Tiller.GetHistoryRequest.newBuilder() .setName("invited-catfish").setMax(10).build()); System.out.println(history); */ try { channel.shutdown().awaitTermination(5, TimeUnit.SECONDS); } catch (InterruptedException e) { e.printStackTrace(); } }
private static <T extends AbstractStub<T>> T withCallCredentials( T stub, @Nullable CallCredentials callCredentials) { stub = callCredentials != null ? stub.withCallCredentials(callCredentials) : stub; return stub; }
public CallCredentialsInterceptor(CallCredentials credentials) { this.credentials = credentials; }
@Before public final void setUp() throws Exception { String fakeServerName = "fake server for " + getClass(); // Use a mutable service registry for later registering the service impl for each test case. fakeServer = InProcessServerBuilder.forName(fakeServerName) .fallbackHandlerRegistry(serviceRegistry) .directExecutor() .build() .start(); Chunker.setDefaultChunkSizeForTesting(1000); // Enough for everything to be one chunk. fs = new InMemoryFileSystem(new JavaClock(), HashFunction.SHA256); execRoot = fs.getPath("/exec/root"); FileSystemUtils.createDirectoryAndParents(execRoot); fakeFileCache = new FakeActionInputFileCache(execRoot); simpleSpawn = new SimpleSpawn( new FakeOwner("Mnemonic", "Progress Message"), ImmutableList.of("/bin/echo", "Hi!"), ImmutableMap.of("VARIABLE", "value"), /*executionInfo=*/ ImmutableMap.<String, String>of(), /*inputs=*/ ImmutableList.of(ActionInputHelper.fromPath("input")), /*outputs=*/ ImmutableList.<ActionInput>of( new ActionInput() { @Override public String getExecPathString() { return "foo"; } @Override public PathFragment getExecPath() { return null; // unused here. } }, new ActionInput() { @Override public String getExecPathString() { return "bar"; } @Override public PathFragment getExecPath() { return null; // unused here. } }), ResourceSet.ZERO); Path stdout = fs.getPath("/tmp/stdout"); Path stderr = fs.getPath("/tmp/stderr"); FileSystemUtils.createDirectoryAndParents(stdout.getParentDirectory()); FileSystemUtils.createDirectoryAndParents(stderr.getParentDirectory()); outErr = new FileOutErr(stdout, stderr); RemoteOptions options = Options.getDefaults(RemoteOptions.class); RemoteRetrier retrier = new RemoteRetrier(options, RemoteRetrier.RETRIABLE_GRPC_ERRORS, Retrier.ALLOW_ALL_CALLS); Channel channel = InProcessChannelBuilder.forName(fakeServerName).directExecutor().build(); GrpcRemoteExecutor executor = new GrpcRemoteExecutor(channel, null, options.remoteTimeout, retrier); CallCredentials creds = GoogleAuthUtils.newCallCredentials(Options.getDefaults(AuthAndTLSOptions.class)); GrpcRemoteCache remoteCache = new GrpcRemoteCache(channel, creds, options, retrier, DIGEST_UTIL); client = new RemoteSpawnRunner( execRoot, options, null, true, /*cmdlineReporter=*/ null, "build-req-id", "command-id", remoteCache, executor, DIGEST_UTIL); inputDigest = fakeFileCache.createScratchInput(simpleSpawn.getInputFiles().get(0), "xyz"); }
/** * Converts a Google Auth Library {@link Credentials} to {@link CallCredentials}. * * <p>Although this is a stable API, note that the returned instance's API is not stable. You are * free to use the class name {@code CallCredentials} and pass the instance to other code, but the * instance can't be called directly from code expecting stable behavior. See {@link * CallCredentials}. */ public static CallCredentials from(Credentials creds) { return new GoogleAuthLibraryCallCredentials(creds); }
/** * Returns a new stub that uses the given call credentials. * * @since 1.0.0 */ public final S withCallCredentials(CallCredentials credentials) { return build(channel, callOptions.withCallCredentials(credentials)); }
