From 2b3eca0858f26cac5f2ecf47d1c3172c4fdb7fef Mon Sep 17 00:00:00 2001 From: Taras Galkovskyi Date: Fri, 10 Apr 2020 14:09:17 +0000 Subject: [PATCH] adding api to configure target service accounts for client ALTS --- src/python/grpcio/grpc/__init__.py | 8 +++++--- .../grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi | 8 +++++--- src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi | 1 + src/python/grpcio_tests/tests/interop/client.py | 2 +- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 04c3f69a475..ac17c53d6e9 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1833,22 +1833,24 @@ def local_server_credentials(local_connect_type=LocalConnectionType.LOCAL_TCP): _cygrpc.server_credentials_local(local_connect_type.value)) -def alts_channel_credentials(): +def alts_channel_credentials(service_accounts=[]): """Creates a ChannelCredentials for use with an ALTS-enabled Channel. This is an EXPERIMENTAL API. + Args: + service_accounts: list of strings, target service accounts Returns: A ChannelCredentials for use with an ALTS-enabled Channel """ - return ChannelCredentials(_cygrpc.channel_credentials_alts()) + return ChannelCredentials(_cygrpc.channel_credentials_alts(service_accounts)) def alts_server_credentials(): """Creates a ServerCredentials for use with an ALTS-enabled connections. This is an EXPERIMENTAL API. - + Returns: A ServerCredentials for use with an ALTS-enabled Server """ diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi index a45766abc67..3cc11362bc6 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi @@ -354,8 +354,10 @@ def server_credentials_local(grpc_local_connect_type local_connect_type): cdef class ALTSChannelCredentials(ChannelCredentials): - def __cinit__(self): + def __cinit__(self, service_accounts): self.c_options = grpc_alts_credentials_client_options_create() + for account in service_accounts: + grpc_alts_credentials_client_options_add_target_service_account(self.c_options, account) def __dealloc__(self): if self.c_options != NULL: @@ -365,8 +367,8 @@ cdef class ALTSChannelCredentials(ChannelCredentials): return grpc_alts_credentials_create(self.c_options) -def channel_credentials_alts(): - return ALTSChannelCredentials() +def channel_credentials_alts(service_accounts): + return ALTSChannelCredentials(service_accounts) def server_credentials_alts(): diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi index e8b164a7004..98a71f92699 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi @@ -618,6 +618,7 @@ cdef extern from "grpc/grpc_security.h": grpc_alts_credentials_options* grpc_alts_credentials_client_options_create() grpc_alts_credentials_options* grpc_alts_credentials_server_options_create() void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options) + void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account) diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index 6537413dbdd..03f6113a88c 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -107,7 +107,7 @@ def get_secure_channel_parameters(args): args.server_host_override, ),) else args.use_alts: - channel_credentials = grpc.alts_channel_credentials() + channel_credentials = grpc.alts_channel_credentials(['svc_account1@gmail.com']) return channel_credentials, channel_opts