Search in sources :

Example 1 with CallCredentials

use of io.grpc.CallCredentials in project grpc-java by grpc.

the class ComputeEngineChannelCredentials method create.

/**
 * Creates credentials for Google Compute Engine. This class sets up a secure channel using ALTS
 * if applicable and using TLS as fallback.
 */
public static ChannelCredentials create() {
    ChannelCredentials nettyCredentials = InternalNettyChannelCredentials.create(createClientFactory());
    CallCredentials callCredentials;
    if (InternalCheckGcpEnvironment.isOnGcp()) {
        callCredentials = MoreCallCredentials.from(ComputeEngineCredentials.create());
    } else {
        callCredentials = new FailingCallCredentials(Status.INTERNAL.withDescription("Compute Engine Credentials can only be used on Google Cloud Platform"));
    }
    return CompositeChannelCredentials.create(nettyCredentials, callCredentials);
}
Also used : ChannelCredentials(io.grpc.ChannelCredentials) InternalNettyChannelCredentials(io.grpc.netty.InternalNettyChannelCredentials) CompositeChannelCredentials(io.grpc.CompositeChannelCredentials) CallCredentials(io.grpc.CallCredentials) MoreCallCredentials(io.grpc.auth.MoreCallCredentials)

Example 2 with CallCredentials

use of io.grpc.CallCredentials in project google-cloud-java by GoogleCloudPlatform.

the class Subscriber method startPollingConnections.

private void startPollingConnections() throws IOException {
    synchronized (pollingSubscriberConnections) {
        Credentials credentials = credentialsProvider.getCredentials();
        CallCredentials callCredentials = credentials == null ? null : MoreCallCredentials.from(credentials);
        for (int i = 0; i < numChannels; i++) {
            SubscriberFutureStub stub = SubscriberGrpc.newFutureStub(channels.get(i));
            if (callCredentials != null) {
                stub = stub.withCallCredentials(callCredentials);
            }
            pollingSubscriberConnections.add(new PollingSubscriberConnection(cachedSubscriptionNameString, receiver, ackExpirationPadding, maxAckExtensionPeriod, ackLatencyDistribution, stub, flowController, flowControlSettings.getMaxOutstandingElementCount(), executor, alarmsExecutor, clock));
        }
        startConnections(pollingSubscriberConnections, new Listener() {

            @Override
            public void failed(State from, Throwable failure) {
                // If a connection failed is because of a fatal error, we should fail the
                // whole subscriber.
                stopAllPollingConnections();
                try {
                    notifyFailed(failure);
                } catch (IllegalStateException e) {
                    if (isRunning()) {
                        throw e;
                    }
                // It could happen that we are shutting down while some channels fail.
                }
            }
        });
    }
}
Also used : CallCredentials(io.grpc.CallCredentials) MoreCallCredentials(io.grpc.auth.MoreCallCredentials) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Credentials(com.google.auth.Credentials) CallCredentials(io.grpc.CallCredentials) MoreCallCredentials(io.grpc.auth.MoreCallCredentials) SubscriberFutureStub(com.google.pubsub.v1.SubscriberGrpc.SubscriberFutureStub)

Example 3 with CallCredentials

use of io.grpc.CallCredentials in project etcd-java by IBM.

the class EtcdClient method refreshCredentials.

private CallCredentials refreshCredentials() {
    return new CallCredentials() {

        // TODO volatile TBD
        private Metadata tokenHeader;

        private final long authTime = System.currentTimeMillis();

        private final ListenableFuture<Metadata> futureTokenHeader = Futures.transform(authenticate(), (Function<AuthenticateResponse, Metadata>) ar -> tokenHeader = tokenHeader(ar));

        @Override
        public void applyRequestMetadata(MethodDescriptor<?, ?> method, Attributes attrs, Executor appExecutor, MetadataApplier applier) {
            Metadata tokHeader = tokenHeader;
            if (tokHeader != null)
                applier.apply(tokHeader);
            else
                futureTokenHeader.addListener(() -> {
                    try {
                        applier.apply(futureTokenHeader.get());
                    } catch (ExecutionException | InterruptedException ee) {
                        // (IE won't be thrown)
                        Status failStatus = Status.fromThrowable(ee.getCause());
                        Code code = failStatus != null ? failStatus.getCode() : null;
                        if (code != Code.INVALID_ARGUMENT && (System.currentTimeMillis() - authTime) > 15_000L) {
                            // this will force another auth attempt
                            failStatus = Status.UNAUTHENTICATED.withDescription("re-attempt re-auth");
                        }
                        applier.fail(failStatus);
                    }
                }, directExecutor());
        }

        // @Override
        public void thisUsesUnstableApi() {
        }
    };
}
Also used : Status(io.grpc.Status) Function(com.google.common.base.Function) ScheduledThreadPoolExecutor(java.util.concurrent.ScheduledThreadPoolExecutor) MoreExecutors.directExecutor(com.google.common.util.concurrent.MoreExecutors.directExecutor) Executor(java.util.concurrent.Executor) Metadata(io.grpc.Metadata) Attributes(io.grpc.Attributes) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) MethodDescriptor(io.grpc.MethodDescriptor) Code(io.grpc.Status.Code) CallCredentials(io.grpc.CallCredentials)

Example 4 with CallCredentials

use of io.grpc.CallCredentials in project beam by apache.

the class GrpcWindmillServer method initializeWindmillService.

private synchronized void initializeWindmillService(Set<HostAndPort> endpoints) throws IOException {
    LOG.info("Initializing Streaming Engine GRPC client for endpoints: {}", endpoints);
    this.stubList.clear();
    this.syncStubList.clear();
    this.endpoints = ImmutableSet.<HostAndPort>copyOf(endpoints);
    for (HostAndPort endpoint : this.endpoints) {
        if ("localhost".equals(endpoint.getHost())) {
            initializeLocalHost(endpoint.getPort());
        } else {
            CallCredentials creds = MoreCallCredentials.from(new VendoredCredentialsAdapter(options.getGcpCredential()));
            this.stubList.add(CloudWindmillServiceV1Alpha1Grpc.newStub(remoteChannel(endpoint)).withCallCredentials(creds));
            this.syncStubList.add(CloudWindmillServiceV1Alpha1Grpc.newBlockingStub(remoteChannel(endpoint)).withCallCredentials(creds));
        }
    }
}
Also used : HostAndPort(org.apache.beam.vendor.guava.v26_0_jre.com.google.common.net.HostAndPort) MoreCallCredentials(org.apache.beam.vendor.grpc.v1p43p2.io.grpc.auth.MoreCallCredentials) CallCredentials(org.apache.beam.vendor.grpc.v1p43p2.io.grpc.CallCredentials)

Example 5 with CallCredentials

use of io.grpc.CallCredentials in project grpc-java by grpc.

the class GoogleAuthLibraryCallCredentialsTest method googleCredential_privacyAndIntegrityAllowed.

@Test
public void googleCredential_privacyAndIntegrityAllowed() {
    final AccessToken token = new AccessToken("allyourbase", new Date(Long.MAX_VALUE));
    final Credentials credentials = GoogleCredentials.create(token);
    GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials);
    callCredentials.applyRequestMetadata(new RequestInfoImpl(SecurityLevel.PRIVACY_AND_INTEGRITY), executor, applier);
    runPendingRunnables();
    verify(applier).apply(headersCaptor.capture());
    Metadata headers = headersCaptor.getValue();
    Iterable<String> authorization = headers.getAll(AUTHORIZATION);
    assertArrayEquals(new String[] { "Bearer allyourbase" }, Iterables.toArray(authorization, String.class));
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken) Metadata(io.grpc.Metadata) Date(java.util.Date) Credentials(com.google.auth.Credentials) CallCredentials(io.grpc.CallCredentials) OAuth2Credentials(com.google.auth.oauth2.OAuth2Credentials) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) Test(org.junit.Test)

Aggregations

CallCredentials (io.grpc.CallCredentials)9 Test (org.junit.Test)4 Credentials (com.google.auth.Credentials)3 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)3 AccessToken (com.google.auth.oauth2.AccessToken)2 OAuth2Credentials (com.google.auth.oauth2.OAuth2Credentials)2 ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)2 Metadata (io.grpc.Metadata)2 Status (io.grpc.Status)2 MoreCallCredentials (io.grpc.auth.MoreCallCredentials)2 Date (java.util.Date)2 Function (com.google.common.base.Function)1 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1 MoreExecutors.directExecutor (com.google.common.util.concurrent.MoreExecutors.directExecutor)1 SubscriberFutureStub (com.google.pubsub.v1.SubscriberGrpc.SubscriberFutureStub)1 Attributes (io.grpc.Attributes)1 ChannelCredentials (io.grpc.ChannelCredentials)1 CompositeChannelCredentials (io.grpc.CompositeChannelCredentials)1 ManagedChannel (io.grpc.ManagedChannel)1 MethodDescriptor (io.grpc.MethodDescriptor)1