Expose local credentials on Python layer

src/python/grpcio/grpc/_cython/_cygrpc/credentials.pxd.pxi

@@ -97,3 +97,8 @@ cdef class ServerCredentials:
   cdef object cert_config_fetcher
   # whether C-core has asked for the initial_cert_config
   cdef bint initial_cert_config_fetched
+
+
+cdef class LocalChannelCredentials(ChannelCredentials):
+
+  cdef readonly object _local_connect_type

src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi

@@ -328,3 +328,25 @@ cdef grpc_ssl_certificate_config_reload_status _server_cert_config_fetcher_wrapp
       cert_config.c_ssl_pem_key_cert_pairs_count)
   return GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW
 
+
+class LocalConnectType:
+  uds = UDS
+  local_tcp = LOCAL_TCP
+
+cdef class LocalChannelCredentials(ChannelCredentials):
+
+  def __cinit__(self, grpc_local_connect_type local_connect_type):
+    self._local_connect_type = local_connect_type
+
+  cdef grpc_channel_credentials *c(self) except *:
+    cdef grpc_local_connect_type local_connect_type
+    local_connect_type = self._local_connect_type
+    return grpc_local_credentials_create(local_connect_type)
+
+def channel_credentials_local(grpc_local_connect_type local_connect_type):
+  return LocalChannelCredentials(local_connect_type)
+
+def server_credentials_local(grpc_local_connect_type local_connect_type):
+  cdef ServerCredentials credentials = ServerCredentials()
+  credentials.c_credentials = grpc_local_server_credentials_create(local_connect_type)
+  return credentials

src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi

@@ -584,6 +584,12 @@ cdef extern from "grpc/grpc_security.h":
 
   void grpc_auth_context_release(grpc_auth_context *context)
 
+  grpc_channel_credentials *grpc_local_credentials_create(
+    grpc_local_connect_type type)
+  grpc_server_credentials *grpc_local_server_credentials_create(
+    grpc_local_connect_type type)
+
+
 cdef extern from "grpc/compression.h":
 
   ctypedef enum grpc_compression_algorithm:
@@ -624,3 +630,9 @@ cdef extern from "grpc/impl/codegen/compression_types.h":
 
   const char *_GRPC_COMPRESSION_REQUEST_ALGORITHM_MD_KEY \
     "GRPC_COMPRESSION_REQUEST_ALGORITHM_MD_KEY"
+
+
+cdef extern from "grpc/grpc_security_constants.h":
+  ctypedef enum grpc_local_connect_type:
+    UDS
+    LOCAL_TCP

src/python/grpcio/grpc/_local_credentials.py

@@ -0,0 +1,57 @@
+
+# Copyright 2019 The gRPC authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""gRPC's local credential API."""
+
+import enum
+import grpc
+from grpc._cython import cygrpc
+
+
+@enum.unique
+class LocalConnectType(enum.Enum):
+    """Type of local connections for which local channel/server credentials will be applied.
+
+    Attributes:
+      UDS: Unix domain socket connections
+      LOCAL_TCP: Local TCP connections.
+    """
+    UDS = cygrpc.LocalConnectType.uds
+    LOCAL_TCP = cygrpc.LocalConnectType.local_tcp
+
+
+def local_channel_credentials(local_connect_type=LocalConnectType.LOCAL_TCP):
+    """Creates a local ChannelCredentials used for local connections.
+
+    Args:
+      local_connect_type: Local connection type (either UDS or LOCAL_TCP)
+
+    Returns:
+      A ChannelCredentials for use with a local Channel
+    """
+    return grpc.ChannelCredentials(
+        cygrpc.channel_credentials_local(local_connect_type.value))
+
+
+def local_server_credentials(local_connect_type=LocalConnectType.LOCAL_TCP):
+    """Creates a local ServerCredentials used for local connections.
+
+    Args:
+      local_connect_type: Local connection type (either UDS or LOCAL_TCP)
+
+    Returns:
+      A ServerCredentials for use with a local Server
+    """
+    return grpc.ServerCredentials(
+        cygrpc.server_credentials_local(local_connect_type.value))

src/python/grpcio_tests/tests/tests.json

@@ -53,6 +53,7 @@
   "unit._interceptor_test.InterceptorTest",
   "unit._invalid_metadata_test.InvalidMetadataTest",
   "unit._invocation_defects_test.InvocationDefectsTest",
+  "unit._local_credentials_test.LocalCredentialsTest",
   "unit._logging_test.LoggingTest",
   "unit._metadata_code_details_test.MetadataCodeDetailsTest",
   "unit._metadata_flags_test.MetadataFlagsTest",

src/python/grpcio_tests/tests/unit/BUILD.bazel

@@ -19,6 +19,7 @@ GRPCIO_TESTS_UNIT = [
     "_interceptor_test.py",
     "_invalid_metadata_test.py",
     "_invocation_defects_test.py",
+    "_local_crednetials_test.py",
     "_logging_test.py",
     "_metadata_code_details_test.py",
     "_metadata_test.py",

src/python/grpcio_tests/tests/unit/_local_credentials_test.py

@@ -0,0 +1,64 @@
+# Copyright 2019 The gRPC authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Test of RPCs made using local credentials."""
+
+import unittest
+from concurrent.futures import ThreadPoolExecutor
+import grpc
+from grpc import local_credentials
+
+
+class _GenericHandler(grpc.GenericRpcHandler):
+
+    def service(self, handler_call_details):
+        return grpc.unary_unary_rpc_method_handler(
+            lambda request, unused_context: request)
+
+
+class LocalCredentialsTest(unittest.TestCase):
+
+    def _create_server(self):
+        server = grpc.server(ThreadPoolExecutor())
+        server.add_generic_rpc_handlers((_GenericHandler(),))
+        return server
+
+    def test_local_tcp(self):
+        server_addr = '[::1]:{}'
+        channel_creds = local_credentials.local_channel_credentials(
+            local_credentials.LocalConnectType.LOCAL_TCP)
+        server_creds = local_credentials.local_server_credentials(
+            local_credentials.LocalConnectType.LOCAL_TCP)
+        server = self._create_server()
+        port = server.add_secure_port(server_addr.format(0), server_creds)
+        server.start()
+        channel = grpc.secure_channel(server_addr.format(port), channel_creds)
+        self.assertEqual(b'abc', channel.unary_unary('/test/method')(b'abc'))
+        server.stop(None)
+
+    def test_uds(self):
+        server_addr = 'unix:/tmp/grpc_fullstack_test'
+        channel_creds = local_credentials.local_channel_credentials(
+            local_credentials.LocalConnectType.UDS)
+        server_creds = local_credentials.local_server_credentials(
+            local_credentials.LocalConnectType.UDS)
+        server = self._create_server()
+        server.add_secure_port(server_addr, server_creds)
+        server.start()
+        channel = grpc.secure_channel(server_addr, channel_creds)
+        self.assertEqual(b'abc', channel.unary_unary('/test/method')(b'abc'))
+        server.stop(None)
+
+
+if __name__ == '__main__':
+    unittest.main()