Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: fix mtls issue in handwritten layer (#226)
* fix: fix mtls issue in handwritten layer

* chore: update scripts

* chore: update noxfile.py
  • Loading branch information
arithmetic1728 committed Oct 22, 2020
1 parent ec8f5f2 commit 09a409c
Show file tree
Hide file tree
Showing 12 changed files with 82 additions and 28 deletions.
2 changes: 1 addition & 1 deletion .kokoro/docs/common.cfg
Expand Up @@ -30,7 +30,7 @@ env_vars: {

env_vars: {
key: "V2_STAGING_BUCKET"
value: "docs-staging-v2-staging"
value: "docs-staging-v2"
}

# It will upload the docker image after successful builds.
Expand Down
6 changes: 6 additions & 0 deletions .kokoro/samples/python3.6/common.cfg
Expand Up @@ -13,6 +13,12 @@ env_vars: {
value: "py-3.6"
}

# Declare build specific Cloud project.
env_vars: {
key: "BUILD_SPECIFIC_GCLOUD_PROJECT"
value: "python-docs-samples-tests-py36"
}

env_vars: {
key: "TRAMPOLINE_BUILD_FILE"
value: "github/python-pubsub/.kokoro/test-samples.sh"
Expand Down
6 changes: 6 additions & 0 deletions .kokoro/samples/python3.7/common.cfg
Expand Up @@ -13,6 +13,12 @@ env_vars: {
value: "py-3.7"
}

# Declare build specific Cloud project.
env_vars: {
key: "BUILD_SPECIFIC_GCLOUD_PROJECT"
value: "python-docs-samples-tests-py37"
}

env_vars: {
key: "TRAMPOLINE_BUILD_FILE"
value: "github/python-pubsub/.kokoro/test-samples.sh"
Expand Down
6 changes: 6 additions & 0 deletions .kokoro/samples/python3.8/common.cfg
Expand Up @@ -13,6 +13,12 @@ env_vars: {
value: "py-3.8"
}

# Declare build specific Cloud project.
env_vars: {
key: "BUILD_SPECIFIC_GCLOUD_PROJECT"
value: "python-docs-samples-tests-py38"
}

env_vars: {
key: "TRAMPOLINE_BUILD_FILE"
value: "github/python-pubsub/.kokoro/test-samples.sh"
Expand Down
8 changes: 7 additions & 1 deletion .kokoro/test-samples.sh
Expand Up @@ -28,6 +28,12 @@ if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then
git checkout $LATEST_RELEASE
fi

# Exit early if samples directory doesn't exist
if [ ! -d "./samples" ]; then
echo "No tests run. `./samples` not found"
exit 0
fi

# Disable buffering, so that the logs stream through.
export PYTHONUNBUFFERED=1

Expand Down Expand Up @@ -101,4 +107,4 @@ cd "$ROOT"
# Workaround for Kokoro permissions issue: delete secrets
rm testing/{test-env.sh,client-secrets.json,service-account.json}

exit "$RTN"
exit "$RTN"
1 change: 1 addition & 0 deletions docs/conf.py
Expand Up @@ -39,6 +39,7 @@
"sphinx.ext.autosummary",
"sphinx.ext.intersphinx",
"sphinx.ext.coverage",
"sphinx.ext.doctest",
"sphinx.ext.napoleon",
"sphinx.ext.todo",
"sphinx.ext.viewcode",
Expand Down
21 changes: 13 additions & 8 deletions google/cloud/pubsub_v1/publisher/client.py
Expand Up @@ -130,15 +130,19 @@ def __init__(self, batch_settings=(), publisher_options=(), **kwargs):
target=os.environ.get("PUBSUB_EMULATOR_HOST")
)

# The GAPIC client has mTLS logic to determine the api endpoint and the
# ssl credentials to use. Here we create a GAPIC client to help compute the
# api endpoint and ssl credentials. The api endpoint will be used to set
# `self._target`, and ssl credentials will be passed to
# `grpc_helpers.create_channel` to establish a mTLS channel (if ssl
# credentials is not None).
client_options = kwargs.get("client_options", None)
if (
client_options
and "api_endpoint" in client_options
and isinstance(client_options["api_endpoint"], six.string_types)
):
self._target = client_options["api_endpoint"]
else:
self._target = publisher_client.PublisherClient.SERVICE_ADDRESS
credentials = kwargs.get("credentials", None)
client_for_mtls_info = publisher_client.PublisherClient(
credentials=credentials, client_options=client_options
)

self._target = client_for_mtls_info._transport._host

# Use a custom channel.
# We need this in order to set appropriate default message size and
Expand All @@ -149,6 +153,7 @@ def __init__(self, batch_settings=(), publisher_options=(), **kwargs):
channel = grpc_helpers.create_channel(
credentials=kwargs.pop("credentials", None),
target=self.target,
ssl_credentials=client_for_mtls_info._transport._ssl_channel_credentials,
scopes=publisher_client.PublisherClient._DEFAULT_SCOPES,
options={
"grpc.max_send_message_length": -1,
Expand Down
23 changes: 13 additions & 10 deletions google/cloud/pubsub_v1/subscriber/client.py
Expand Up @@ -16,7 +16,6 @@

import os
import pkg_resources
import six

import grpc

Expand Down Expand Up @@ -82,16 +81,19 @@ def __init__(self, **kwargs):
target=os.environ.get("PUBSUB_EMULATOR_HOST")
)

# api_endpoint wont be applied if 'transport' is passed in.
# The GAPIC client has mTLS logic to determine the api endpoint and the
# ssl credentials to use. Here we create a GAPIC client to help compute the
# api endpoint and ssl credentials. The api endpoint will be used to set
# `self._target`, and ssl credentials will be passed to
# `grpc_helpers.create_channel` to establish a mTLS channel (if ssl
# credentials is not None).
client_options = kwargs.get("client_options", None)
if (
client_options
and "api_endpoint" in client_options
and isinstance(client_options["api_endpoint"], six.string_types)
):
self._target = client_options["api_endpoint"]
else:
self._target = subscriber_client.SubscriberClient.SERVICE_ADDRESS
credentials = kwargs.get("credentials", None)
client_for_mtls_info = subscriber_client.SubscriberClient(
credentials=credentials, client_options=client_options
)

self._target = client_for_mtls_info._transport._host

# Use a custom channel.
# We need this in order to set appropriate default message size and
Expand All @@ -102,6 +104,7 @@ def __init__(self, **kwargs):
channel = grpc_helpers.create_channel(
credentials=kwargs.pop("credentials", None),
target=self.target,
ssl_credentials=client_for_mtls_info._transport._ssl_channel_credentials,
scopes=subscriber_client.SubscriberClient._DEFAULT_SCOPES,
options={
"grpc.max_send_message_length": -1,
Expand Down
5 changes: 5 additions & 0 deletions samples/snippets/noxfile.py
Expand Up @@ -199,6 +199,11 @@ def _get_repo_root():
break
if Path(p / ".git").exists():
return str(p)
# .git is not available in repos cloned via Cloud Build
# setup.py is always in the library's root, so use that instead
# https://github.com/googleapis/synthtool/issues/792
if Path(p / "setup.py").exists():
return str(p)
p = p.parent
raise Exception("Unable to detect repository root.")

Expand Down
8 changes: 4 additions & 4 deletions synth.metadata
Expand Up @@ -4,28 +4,28 @@
"git": {
"name": ".",
"remote": "https://github.com/googleapis/python-pubsub.git",
"sha": "c957047c84c5586e4a782e9ae297094be6cdba2e"
"sha": "0bf5d593573afea43bba7de90d2bb40ee0fc101e"
}
},
{
"git": {
"name": "synthtool",
"remote": "https://github.com/googleapis/synthtool.git",
"sha": "6abb59097be84599a1d6091fe534a49e5c5cf948"
"sha": "901ddd44e9ef7887ee681b9183bbdea99437fdcc"
}
},
{
"git": {
"name": "synthtool",
"remote": "https://github.com/googleapis/synthtool.git",
"sha": "6abb59097be84599a1d6091fe534a49e5c5cf948"
"sha": "901ddd44e9ef7887ee681b9183bbdea99437fdcc"
}
},
{
"git": {
"name": "synthtool",
"remote": "https://github.com/googleapis/synthtool.git",
"sha": "6abb59097be84599a1d6091fe534a49e5c5cf948"
"sha": "901ddd44e9ef7887ee681b9183bbdea99437fdcc"
}
}
],
Expand Down
12 changes: 10 additions & 2 deletions tests/unit/pubsub_v1/publisher/test_publisher_client.py
Expand Up @@ -18,6 +18,7 @@
import inspect

from google.auth import credentials
import grpc

import mock
import pytest
Expand Down Expand Up @@ -81,7 +82,7 @@ def test_init_w_api_endpoint():
assert isinstance(client.api, publisher_client.PublisherClient)
assert (client.api._transport.grpc_channel._channel.target()).decode(
"utf-8"
) == "testendpoint.google.com"
) == "testendpoint.google.com:443"


def test_init_w_unicode_api_endpoint():
Expand All @@ -91,7 +92,7 @@ def test_init_w_unicode_api_endpoint():
assert isinstance(client.api, publisher_client.PublisherClient)
assert (client.api._transport.grpc_channel._channel.target()).decode(
"utf-8"
) == "testendpoint.google.com"
) == "testendpoint.google.com:443"


def test_init_w_empty_client_options():
Expand All @@ -104,8 +105,13 @@ def test_init_w_empty_client_options():


def test_init_client_options_pass_through():
mock_ssl_creds = grpc.ssl_channel_credentials()

def init(self, *args, **kwargs):
self.kwargs = kwargs
self._transport = mock.Mock()
self._transport._host = "testendpoint.google.com"
self._transport._ssl_channel_credentials = mock_ssl_creds

with mock.patch.object(publisher_client.PublisherClient, "__init__", init):
client = publisher.Client(
Expand All @@ -119,6 +125,8 @@ def init(self, *args, **kwargs):
assert client_options.get("quota_project_id") == "42"
assert client_options.get("scopes") == []
assert client_options.get("credentials_file") == "file.json"
assert client.target == "testendpoint.google.com"
assert client.api.transport._ssl_channel_credentials == mock_ssl_creds


def test_init_emulator(monkeypatch):
Expand Down
12 changes: 10 additions & 2 deletions tests/unit/pubsub_v1/subscriber/test_subscriber_client.py
Expand Up @@ -13,6 +13,7 @@
# limitations under the License.

from google.auth import credentials
import grpc
import mock

from google.cloud.pubsub_v1 import subscriber
Expand Down Expand Up @@ -42,7 +43,7 @@ def test_init_w_api_endpoint():
assert isinstance(client.api, subscriber_client.SubscriberClient)
assert (client.api._transport.grpc_channel._channel.target()).decode(
"utf-8"
) == "testendpoint.google.com"
) == "testendpoint.google.com:443"


def test_init_w_unicode_api_endpoint():
Expand All @@ -52,7 +53,7 @@ def test_init_w_unicode_api_endpoint():
assert isinstance(client.api, subscriber_client.SubscriberClient)
assert (client.api._transport.grpc_channel._channel.target()).decode(
"utf-8"
) == "testendpoint.google.com"
) == "testendpoint.google.com:443"


def test_init_w_empty_client_options():
Expand All @@ -65,8 +66,13 @@ def test_init_w_empty_client_options():


def test_init_client_options_pass_through():
mock_ssl_creds = grpc.ssl_channel_credentials()

def init(self, *args, **kwargs):
self.kwargs = kwargs
self._transport = mock.Mock()
self._transport._host = "testendpoint.google.com"
self._transport._ssl_channel_credentials = mock_ssl_creds

with mock.patch.object(subscriber_client.SubscriberClient, "__init__", init):
client = subscriber.Client(
Expand All @@ -80,6 +86,8 @@ def init(self, *args, **kwargs):
assert client_options.get("quota_project_id") == "42"
assert client_options.get("scopes") == []
assert client_options.get("credentials_file") == "file.json"
assert client.target == "testendpoint.google.com"
assert client.api.transport._ssl_channel_credentials == mock_ssl_creds


def test_init_emulator(monkeypatch):
Expand Down

0 comments on commit 09a409c

Please sign in to comment.