diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 70558a699a2..558ce42129b 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -424,17 +424,19 @@ class ServerCredentials(object): self._credentials = credentials -class ServerCertificateConfig(object): - """A certificate config for use with an SSL-enabled Server, e.g., can - be returned in the certificate config fetching callback. +class ServerCertificateConfiguration(object): + """A certificate configuration for use with an SSL-enabled Server. + + Instances of this class can be returned in the certificate configuration + fetching callback. This class has no supported interface -- it exists to define the type of its instances and its instances exist to be passed to other functions. """ - def __init__(self, cert_config): - self._cert_config = cert_config + def __init__(self, certificate_configuration): + self._certificate_configuration = certificate_configuration ######################## Multi-Callable Interfaces ########################### @@ -1265,9 +1267,9 @@ def ssl_server_credentials(private_key_certificate_chain_pairs, ], require_client_auth)) -def ssl_server_certificate_config(private_key_certificate_chain_pairs, - root_certificates=None): - """Creates a ServerCertificateConfig for use with an SSL-enabled Server. +def ssl_server_certificate_configuration(private_key_certificate_chain_pairs, + root_certificates=None): + """Creates a ServerCertificateConfiguration for use with a Server. Args: private_key_certificate_chain_pairs: A collection of pairs of @@ -1277,38 +1279,38 @@ def ssl_server_certificate_config(private_key_certificate_chain_pairs, certificates that the server will use to verify client authentication. Returns: - A ServerCertificateConfig that can be returned in the certificate config - fetching callback. + A ServerCertificateConfiguration that can be returned in the certificate + configuration fetching callback. """ if len(private_key_certificate_chain_pairs) == 0: raise ValueError( 'At least one private key-certificate chain pair is required!') else: - return ServerCertificateConfig( + return ServerCertificateConfiguration( _cygrpc.server_certificate_config_ssl(root_certificates, [ _cygrpc.SslPemKeyCertPair(key, pem) for key, pem in private_key_certificate_chain_pairs ])) -def ssl_server_credentials_dynamic_cert_config(initial_cert_config, - cert_config_fetcher, - require_client_auth=False): +def dynamic_ssl_server_credentials(initial_certificate_configuration, + certificate_configuration_fetcher, + require_client_authentication=False): """Creates a ServerCredentials for use with an SSL-enabled Server. Args: - initial_cert_config (ServerCertificateConfig): the certificate - config with which the server will be initialized. - cert_config_fetcher (callable): a callable that takes no - arguments and should return a ServerCertificateConfig to - replace the server's current cert, or None for no change + initial_certificate_configuration (ServerCertificateConfiguration): The + certificate configuration with which the server will be initialized. + certificate_configuration_fetcher (callable): A callable that takes no + arguments and should return a ServerCertificateConfiguration to + replace the server's current certificate, or None for no change (i.e., the server will continue its current certificate config). The library will call this callback on *every* new client connection before starting the TLS handshake with the client, thus allowing the user application to optionally - return a new ServerCertificateConfig that the server will then + return a new ServerCertificateConfiguration that the server will then use for the handshake. - require_client_auth: A boolean indicating whether or not to + require_client_authentication: A boolean indicating whether or not to require clients to be authenticated. Returns: @@ -1316,7 +1318,8 @@ def ssl_server_credentials_dynamic_cert_config(initial_cert_config, """ return ServerCredentials( _cygrpc.server_credentials_ssl_dynamic_cert_config( - initial_cert_config, cert_config_fetcher, require_client_auth)) + initial_certificate_configuration, + certificate_configuration_fetcher, require_client_authentication)) def channel_ready_future(channel): @@ -1401,19 +1404,19 @@ __all__ = ('FutureTimeoutError', 'FutureCancelledError', 'Future', 'ChannelConnectivity', 'StatusCode', 'RpcError', 'RpcContext', 'Call', 'ChannelCredentials', 'CallCredentials', 'AuthMetadataContext', 'AuthMetadataPluginCallback', - 'AuthMetadataPlugin', 'ServerCertificateConfig', 'ServerCredentials', - 'UnaryUnaryMultiCallable', 'UnaryStreamMultiCallable', - 'StreamUnaryMultiCallable', 'StreamStreamMultiCallable', 'Channel', - 'ServicerContext', 'RpcMethodHandler', 'HandlerCallDetails', - 'GenericRpcHandler', 'ServiceRpcHandler', 'Server', - 'unary_unary_rpc_method_handler', 'unary_stream_rpc_method_handler', - 'stream_unary_rpc_method_handler', + 'AuthMetadataPlugin', 'ServerCertificateConfiguration', + 'ServerCredentials', 'UnaryUnaryMultiCallable', + 'UnaryStreamMultiCallable', 'StreamUnaryMultiCallable', + 'StreamStreamMultiCallable', 'Channel', 'ServicerContext', + 'RpcMethodHandler', 'HandlerCallDetails', 'GenericRpcHandler', + 'ServiceRpcHandler', 'Server', 'unary_unary_rpc_method_handler', + 'unary_stream_rpc_method_handler', 'stream_unary_rpc_method_handler', 'stream_stream_rpc_method_handler', 'method_handlers_generic_handler', 'ssl_channel_credentials', 'metadata_call_credentials', 'access_token_call_credentials', 'composite_call_credentials', 'composite_channel_credentials', - 'ssl_server_credentials', 'ssl_server_certificate_config', - 'ssl_server_credentials_dynamic_cert_config', 'channel_ready_future', + 'ssl_server_credentials', 'ssl_server_certificate_configuration', + 'dynamic_ssl_server_credentials', 'channel_ready_future', 'insecure_channel', 'secure_channel', 'server',) ############################### Extension Shims ################################ diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi index db813b7243f..bdba40b4f15 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi @@ -338,8 +338,9 @@ def server_certificate_config_ssl(pem_root_certs, pem_key_cert_pairs): def server_credentials_ssl_dynamic_cert_config(initial_cert_config, cert_config_fetcher, bint force_client_auth): - if not isinstance(initial_cert_config, grpc.ServerCertificateConfig): - raise TypeError('initial_cert_config must be a grpc.ServerCertificateConfig') + if not isinstance(initial_cert_config, grpc.ServerCertificateConfiguration): + raise TypeError( + 'initial_cert_config must be a grpc.ServerCertificateConfiguration') if not callable(cert_config_fetcher): raise TypeError('cert_config_fetcher must be callable') cdef ServerCredentials credentials = ServerCredentials() diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/server.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/server.pyx.pxi index 66565d084b1..5f3405936c6 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/server.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/server.pyx.pxi @@ -28,7 +28,7 @@ cdef grpc_ssl_certificate_config_reload_status _server_cert_config_fetcher_wrapp if not credentials.initial_cert_config_fetched: # C-core is asking for the initial cert config credentials.initial_cert_config_fetched = True - cert_config = credentials.initial_cert_config._cert_config + cert_config = credentials.initial_cert_config._certificate_configuration else: user_cb = credentials.cert_config_fetcher try: @@ -38,13 +38,15 @@ cdef grpc_ssl_certificate_config_reload_status _server_cert_config_fetcher_wrapp return GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL if cert_config_wrapper is None: return GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED - elif not isinstance(cert_config_wrapper, grpc.ServerCertificateConfig): - logging.error('Error fetching certificate config: certificate ' - 'config must be of type grpc.ServerCertificateConfig, ' - 'not %s' % type(cert_config_wrapper).__name__) + elif not isinstance( + cert_config_wrapper, grpc.ServerCertificateConfiguration): + logging.error( + 'Error fetching certificate configuration: certificate ' + 'configuration must be of type grpc.ServerCertificateConfiguration, ' + 'not %s' % type(cert_config_wrapper).__name__) return GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL else: - cert_config = cert_config_wrapper._cert_config + cert_config = cert_config_wrapper._certificate_configuration config[0] = cert_config.c_cert_config # our caller will assume ownership of memory, so we have to recreate # a copy of c_cert_config here diff --git a/src/python/grpcio_tests/tests/unit/_api_test.py b/src/python/grpcio_tests/tests/unit/_api_test.py index d877e0f993f..b14e8d5c753 100644 --- a/src/python/grpcio_tests/tests/unit/_api_test.py +++ b/src/python/grpcio_tests/tests/unit/_api_test.py @@ -30,7 +30,7 @@ class AllTest(unittest.TestCase): 'ChannelConnectivity', 'StatusCode', 'RpcError', 'RpcContext', 'Call', 'ChannelCredentials', 'CallCredentials', 'AuthMetadataContext', 'AuthMetadataPluginCallback', - 'AuthMetadataPlugin', 'ServerCertificateConfig', + 'AuthMetadataPlugin', 'ServerCertificateConfiguration', 'ServerCredentials', 'UnaryUnaryMultiCallable', 'UnaryStreamMultiCallable', 'StreamUnaryMultiCallable', 'StreamStreamMultiCallable', 'Channel', 'ServicerContext', @@ -42,10 +42,9 @@ class AllTest(unittest.TestCase): 'method_handlers_generic_handler', 'ssl_channel_credentials', 'metadata_call_credentials', 'access_token_call_credentials', 'composite_call_credentials', 'composite_channel_credentials', - 'ssl_server_credentials', 'ssl_server_certificate_config', - 'ssl_server_credentials_dynamic_cert_config', - 'channel_ready_future', 'insecure_channel', 'secure_channel', - 'server',) + 'ssl_server_credentials', 'ssl_server_certificate_configuration', + 'dynamic_ssl_server_credentials', 'channel_ready_future', + 'insecure_channel', 'secure_channel', 'server',) six.assertCountEqual(self, expected_grpc_code_elements, _from_grpc_import_star.GRPC_ELEMENTS) diff --git a/src/python/grpcio_tests/tests/unit/_server_ssl_cert_config_test.py b/src/python/grpcio_tests/tests/unit/_server_ssl_cert_config_test.py index d2f9f114a54..005d16ea757 100644 --- a/src/python/grpcio_tests/tests/unit/_server_ssl_cert_config_test.py +++ b/src/python/grpcio_tests/tests/unit/_server_ssl_cert_config_test.py @@ -11,11 +11,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -""" -This tests server certificate rotation support. +"""Tests server certificate rotation. -Here we test various aspects of gRPC Python, and in some cases C-core -by extension, support for server certificate rotation. +Here we test various aspects of gRPC Python, and in some cases gRPC +Core by extension, support for server certificate rotation. * ServerSSLCertReloadTestWithClientAuth: test ability to rotate server's SSL cert for use in future channels with clients while not @@ -27,7 +26,7 @@ by extension, support for server certificate rotation. not authenticate the client. * ServerSSLCertReloadTestCertConfigReuse: tests gRPC Python's ability - to deal with user's reuse of ServerCertificateConfig instances. + to deal with user's reuse of ServerCertificateConfiguration instances. """ import abc @@ -140,14 +139,14 @@ class _ServerSSLCertReloadTest( services_pb2_grpc.add_FirstServiceServicer_to_server( _server_application.FirstServiceServicer(), self.server) switch_cert_on_client_num = 10 - initial_cert_config = grpc.ssl_server_certificate_config( + initial_cert_config = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)], root_certificates=CA_2_PEM) self.cert_config_fetcher = CertConfigFetcher() - server_credentials = grpc.ssl_server_credentials_dynamic_cert_config( + server_credentials = grpc.dynamic_ssl_server_credentials( initial_cert_config, self.cert_config_fetcher, - require_client_auth=self.require_client_auth()) + require_client_authentication=self.require_client_auth()) self.port = self.server.add_secure_port('[::]:0', server_credentials) self.server.start() @@ -285,7 +284,7 @@ class _ServerSSLCertReloadTest( # moment of truth!! client should reject server because the # server switch cert... - cert_config = grpc.ssl_server_certificate_config( + cert_config = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_1_PEM) self.cert_config_fetcher.reset() @@ -362,18 +361,18 @@ class ServerSSLCertConfigFetcherParamsChecks(unittest.TestCase): def test_check_on_initial_config(self): with self.assertRaises(TypeError): - grpc.ssl_server_credentials_dynamic_cert_config(None, str) + grpc.dynamic_ssl_server_credentials(None, str) with self.assertRaises(TypeError): - grpc.ssl_server_credentials_dynamic_cert_config(1, str) + grpc.dynamic_ssl_server_credentials(1, str) def test_check_on_config_fetcher(self): - cert_config = grpc.ssl_server_certificate_config( + cert_config = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_1_PEM) with self.assertRaises(TypeError): - grpc.ssl_server_credentials_dynamic_cert_config(cert_config, None) + grpc.dynamic_ssl_server_credentials(cert_config, None) with self.assertRaises(TypeError): - grpc.ssl_server_credentials_dynamic_cert_config(cert_config, 1) + grpc.dynamic_ssl_server_credentials(cert_config, 1) class ServerSSLCertReloadTestWithClientAuth(_ServerSSLCertReloadTest): @@ -393,14 +392,14 @@ class ServerSSLCertReloadTestWithoutClientAuth(_ServerSSLCertReloadTest): class ServerSSLCertReloadTestCertConfigReuse(_ServerSSLCertReloadTest): - """Ensures that `ServerCertificateConfig` instances can be reused. + """Ensures that `ServerCertificateConfiguration` instances can be reused. - Because C-core takes ownership of the + Because gRPC Core takes ownership of the `grpc_ssl_server_certificate_config` encapsulated by - `ServerCertificateConfig`, this test reuses the same - `ServerCertificateConfig` instances multiple times to make sure + `ServerCertificateConfiguration`, this test reuses the same + `ServerCertificateConfiguration` instances multiple times to make sure gRPC Python takes care of maintaining the validity of - `ServerCertificateConfig` instances, so that such instances can be + `ServerCertificateConfiguration` instances, so that such instances can be re-used by user application. """ @@ -411,17 +410,17 @@ class ServerSSLCertReloadTestCertConfigReuse(_ServerSSLCertReloadTest): self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) services_pb2_grpc.add_FirstServiceServicer_to_server( _server_application.FirstServiceServicer(), self.server) - self.cert_config_A = grpc.ssl_server_certificate_config( + self.cert_config_A = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)], root_certificates=CA_2_PEM) - self.cert_config_B = grpc.ssl_server_certificate_config( + self.cert_config_B = grpc.ssl_server_certificate_configuration( [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)], root_certificates=CA_1_PEM) self.cert_config_fetcher = CertConfigFetcher() - server_credentials = grpc.ssl_server_credentials_dynamic_cert_config( + server_credentials = grpc.dynamic_ssl_server_credentials( self.cert_config_A, self.cert_config_fetcher, - require_client_auth=True) + require_client_authentication=True) self.port = self.server.add_secure_port('[::]:0', server_credentials) self.server.start()