Port MTLS functionality to AsyncClient

lidizheng · lidizheng · commit fa417220b674 · 2020-04-13T18:40:46.000-07:00
diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/async_client.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/async_client.py.j2
@@ -2,6 +2,7 @@
 
 {% block content %}
 from collections import OrderedDict
+import re
 from typing import Dict, {% if service.any_server_streaming %}AsyncIterable, {% endif %}{% if service.any_client_streaming %}AsyncIterator, {% endif %}Sequence, Tuple, Type, Union
 import pkg_resources
 
@@ -57,7 +58,40 @@ class {{ service.async_client_name }}Meta(type):
 class {{ service.async_client_name }}(metaclass={{ service.async_client_name }}Meta):
     """{{ service.meta.doc|rst(width=72, indent=4) }}"""
 
-    DEFAULT_OPTIONS = ClientOptions.ClientOptions({% if service.host %}api_endpoint='{{ service.host }}'{% endif %})
+    @staticmethod
+    def _get_default_mtls_endpoint(api_endpoint):
+        """Convert api endpoint to mTLS endpoint.
+        Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
+        "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
+        Args:
+            api_endpoint (Optional[str]): the api endpoint to convert.
+        Returns:
+            str: converted mTLS api endpoint.
+        """
+        if not api_endpoint:
+            return api_endpoint
+
+        mtls_endpoint_re = re.compile(
+            r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?"
+        )
+
+        m = mtls_endpoint_re.match(api_endpoint)
+        name, mtls, sandbox, googledomain = m.groups()
+        if mtls or not googledomain:
+            return api_endpoint
+
+        if sandbox:
+            return api_endpoint.replace(
+                "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
+            )
+
+        return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
+
+    DEFAULT_ENDPOINT = {% if service.host %}'{{ service.host }}'{% else %}None{% endif %}
+    DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__(  # type: ignore
+        DEFAULT_ENDPOINT
+    )
+    DEFAULT_MTLS_TRANSPORT = {{ service.grpc_asyncio_transport_name }}
 
     @classmethod
     def from_service_account_file(cls, filename: str, *args, **kwargs):
@@ -92,9 +126,9 @@ class {{ service.async_client_name }}(metaclass={{ service.async_client_name }}M
     def __init__(self, *,
             credentials: credentials.Credentials = None,
             transport: Union[str, {{ service.name }}Transport] = None,
-            client_options: ClientOptions = DEFAULT_OPTIONS,
+            client_options: ClientOptions = None,
             ) -> None:
-        """Instantiate the {{ (service.async_client_name|snake_case).replace('_', ' ') }}.
+        """Instantiate the {{ (service.client_name|snake_case).replace('_', ' ') }}.
 
         Args:
             credentials (Optional[google.auth.credentials.Credentials]): The
@@ -106,6 +140,17 @@ class {{ service.async_client_name }}(metaclass={{ service.async_client_name }}M
                 transport to use. If set to None, a transport is chosen
                 automatically.
             client_options (ClientOptions): Custom options for the client.
+                (1) The ``api_endpoint`` property can be used to override the
+                default endpoint provided by the client.
+                (2) If ``transport`` argument is None, ``client_options`` can be
+                used to create a mutual TLS transport. If ``client_cert_source``
+                is provided, mutual TLS transport will be created with the given
+                ``api_endpoint`` or the default mTLS endpoint, and the client
+                SSL credentials obtained from ``client_cert_source``.
+
+        Raises:
+            google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+                creation failed for any reason.
         """
         if isinstance(client_options, dict):
             client_options = ClientOptions.from_dict(client_options)
@@ -114,15 +159,44 @@ class {{ service.async_client_name }}(metaclass={{ service.async_client_name }}M
         # Ordinarily, we provide the transport, but allowing a custom transport
         # instance provides an extensibility point for unusual situations.
         if isinstance(transport, {{ service.name }}Transport):
+            # transport is a {{ service.name }}Transport instance.
             if credentials:
                 raise ValueError('When providing a transport instance, '
                                  'provide its credentials directly.')
             self._transport = transport
-        else:
+        elif client_options is None or (
+            client_options.api_endpoint == None
+            and client_options.client_cert_source is None
+        ):
+            # Don't trigger mTLS if we get an empty ClientOptions.
             Transport = type(self).get_transport_class(transport)
             self._transport = Transport(
+                credentials=credentials, host=self.DEFAULT_ENDPOINT
+            )
+        else:
+            # We have a non-empty ClientOptions. If client_cert_source is
+            # provided, trigger mTLS with user provided endpoint or the default
+            # mTLS endpoint.
+            if client_options.client_cert_source:
+                api_mtls_endpoint = (
+                    client_options.api_endpoint
+                    if client_options.api_endpoint
+                    else self.DEFAULT_MTLS_ENDPOINT
+                )
+            else:
+                api_mtls_endpoint = None
+
+            api_endpoint = (
+                client_options.api_endpoint
+                if client_options.api_endpoint
+                else self.DEFAULT_ENDPOINT
+            )
+
+            self._transport = self.DEFAULT_MTLS_TRANSPORT(
                 credentials=credentials,
-                host=client_options.api_endpoint{% if service.host %} or '{{ service.host }}'{% endif %},
+                host=api_endpoint,
+                api_mtls_endpoint=api_mtls_endpoint,
+                client_cert_source=client_options.client_cert_source,
             )
 
     {% for method in service.methods.values() -%}
diff --git a/gapic/templates/%namespace/%name_%version/%sub/services/%service/client.py.j2 b/gapic/templates/%namespace/%name_%version/%sub/services/%service/client.py.j2
@@ -91,6 +91,7 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
     DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__(  # type: ignore
         DEFAULT_ENDPOINT
     )
+    DEFAULT_MTLS_TRANSPORT = {{ service.grpc_transport_name }}
 
     @classmethod
     def from_service_account_file(cls, filename: str, *args, **kwargs):
@@ -191,7 +192,7 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):
                 else self.DEFAULT_ENDPOINT
             )
 
-            self._transport = {{ service.name }}GrpcTransport(
+            self._transport = self.DEFAULT_MTLS_TRANSPORT(
                 credentials=credentials,
                 host=api_endpoint,
                 api_mtls_endpoint=api_mtls_endpoint,

Original file line number	Diff line number	Diff line change
`@@ -91,6 +91,7 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):`
`91`	`91`	`DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore`
`92`	`92`	`DEFAULT_ENDPOINT`
`93`	`93`	`)`
	`94`	`+ DEFAULT_MTLS_TRANSPORT = {{ service.grpc_transport_name }}`
`94`	`95`
`95`	`96`	`@classmethod`
`96`	`97`	`def from_service_account_file(cls, filename: str, args, *kwargs):`
`@@ -191,7 +192,7 @@ class {{ service.client_name }}(metaclass={{ service.client_name }}Meta):`
`191`	`192`	`else self.DEFAULT_ENDPOINT`
`192`	`193`	`)`
`193`	`194`
`194`		`- self._transport = {{ service.name }}GrpcTransport(`
	`195`	`+ self._transport = self.DEFAULT_MTLS_TRANSPORT(`
`195`	`196`	`credentials=credentials,`
`196`	`197`	`host=api_endpoint,`
`197`	`198`	`api_mtls_endpoint=api_mtls_endpoint,`