using CallCredentials from Python
1,457 views
Skip to first unread message
smb...@gmail.com
Jan 10, 2017, 9:31:35 PM1/10/17
to grpc.io
Hi, I'm trying to attach CallCredentials to an RPC. This is what I've done, using AccessTokenCallCredentials as an example:
Not only does my custom header not appear to be set, but I can't find an evidence that UsernamePasswordCallCredentials.__call__ is ever being called. Where am I going wrong?
Thanks,
Scott
class UsernamePasswordCallCredentials(grpc.AuthMetadataPlugin):
def __init__(self, username):
self._username = username
def __call__(self, context, callback):
print "in __call__"
metadata = (('x-custom-auth-ticket', self._username),)
callback(metadata, None)
call_creds = metadata_call_credentials(UsernamePasswordCallCredentials("foo"))
channel = grpc.insecure_channel("localhost:50055")
stub = my_pb2_grpc.myStub(channel)
stub.ListUser(Empty(), credentials=call_creds)Not only does my custom header not appear to be set, but I can't find an evidence that UsernamePasswordCallCredentials.__call__ is ever being called. Where am I going wrong?
Thanks,
Scott
Ken Payson
Jan 10, 2017, 10:19:13 PM1/10/17
to smb...@gmail.com, grpc.io
Call credentials can only be used on a secure channel.
In your example, it should look something like:
call_creds = grpc.metadata_call_credentials(UsernamePasswordCallCredentials("foo"))
ssl_creds = grpc.ssl_channel_credentials()
channel_creds = grpc.composite_channel_credentials(ssl_creds, call_creds)
channel = grpc.secure_channel("localhost:50055", channel_creds)
Note that your server will need to host a secure port on localhost:50055
--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscribe@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/c5fd8d6d-f686-4e44-90e2-98e33fd8e75a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
JI Ioannidis
Jan 19, 2017, 3:34:31 PM1/19/17
to grpc.io, smb...@gmail.com
Are SSL credentials supported by the python client yet? IOW, if my client does
how can the server access the client cert? I already have mechanisms in place for issuing client certs, it's a bit annoying to have a parallel mechanism for issuing and validating, not to mention worrying about a proper implementation thereof, channel credentials.
creds = grpc.ssl_channel_credentials(
root_certificates=ca.crt,
private_key=client.key,
certificate_chain=client.crt)
root_certificates=ca.crt,
private_key=client.key,
certificate_chain=client.crt)
I've had this issue for a long time and I still don't have a satisfactory workaround.
tx
/ji
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
Nathaniel Manista
Jan 24, 2017, 5:12:46 PM1/24/17
to JI Ioannidis, grpc.io, smb...@gmail.com
On Thu, Jan 19, 2017 at 12:34 PM, JI Ioannidis <jay...@gmail.com> wrote:
Are SSL credentials supported by the python client yet?
Well, you can provide them (as you've done in the code below, right?).
IOW, if my client doescreds = grpc.ssl_channel_credentials(
root_certificates=ca.crt,
private_key=client.key,
certificate_chain=client.crt)how can the server access the client cert?
I don't know that this will be possible prior to the resolution of issue 7710, which isn't on our list of things to fix soon. Can you tell us more about how onerous the feature's absence is to you and how valuable you would find its implementation?
-Nathaniel
Reply all
Reply to author
Forward
0 new messages