feat: add mtls support (#7)

Author: yoshi-automation

docs/conf.py

@@ -38,6 +38,7 @@
  "sphinx.ext.napoleon",
  "sphinx.ext.todo",
  "sphinx.ext.viewcode",
+ "recommonmark",
 ]
 
 # autodoc/autosummary flags
@@ -49,10 +50,6 @@
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ["_templates"]
 
-# Allow markdown includes (so releases.md can include CHANGLEOG.md)
-# http://www.sphinx-doc.org/en/master/markdown.html
-source_parsers = {".md": "recommonmark.parser.CommonMarkParser"}
-
 # The suffix(es) of source filenames.
 # You can specify multiple suffix as a list of string:
 # source_suffix = ['.rst', '.md']

google/cloud/memcache_v1beta2/services/cloud_memcache/client.py

@@ -16,7 +16,8 @@
 #
 
 from collections import OrderedDict
-from typing import Dict, Sequence, Tuple, Type, Union
+import re
+from typing import Callable, Dict, Sequence, Tuple, Type, Union
 import pkg_resources
 
 import google.api_core.client_options as ClientOptions # type: ignore
@@ -90,8 +91,38 @@ class CloudMemcacheClient(metaclass=CloudMemcacheClientMeta):
  - ``projects/my-memcached-project/locations/us-central1/instances/my-memcached``
  """
 
- DEFAULT_OPTIONS = ClientOptions.ClientOptions(
- api_endpoint="memcache.googleapis.com"
+ @staticmethod
+ def _get_default_mtls_endpoint(api_endpoint):
+ """Convert api endpoint to mTLS endpoint.
+ Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
+ "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
+ Args:
+ api_endpoint (Optional[str]): the api endpoint to convert.
+ Returns:
+ str: converted mTLS api endpoint.
+ """
+ if not api_endpoint:
+ return api_endpoint
+
+ mtls_endpoint_re = re.compile(
+ r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?"
+ )
+
+ m = mtls_endpoint_re.match(api_endpoint)
+ name, mtls, sandbox, googledomain = m.groups()
+ if mtls or not googledomain:
+ return api_endpoint
+
+ if sandbox:
+ return api_endpoint.replace(
+ "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
+ )
+
+ return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
+
+ DEFAULT_ENDPOINT = "memcache.googleapis.com"
+ DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
+ DEFAULT_ENDPOINT
  )
 
  @classmethod
@@ -121,12 +152,21 @@ def instance_path(project: str, location: str, instance: str) -> str:
  project=project, location=location, instance=instance
  )
 
+ @staticmethod
+ def parse_instance_path(path: str) -> Dict[str, str]:
+ """Parse a instance path into its component segments."""
+ m = re.match(
+ r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)/instances/(?P<instance>.+?)$",
+ path,
+ )
+ return m.groupdict() if m else {}
+
  def __init__(
  self,
  *,
  credentials: credentials.Credentials = None,
  transport: Union[str, CloudMemcacheTransport] = None,
- client_options: ClientOptions = DEFAULT_OPTIONS,
+ client_options: ClientOptions = None,
  ) -> None:
  """Instantiate the cloud memcache client.
 
@@ -140,6 +180,17 @@ def __init__(
  transport to use. If set to None, a transport is chosen
  automatically.
  client_options (ClientOptions): Custom options for the client.
+ (1) The ``api_endpoint`` property can be used to override the
+ default endpoint provided by the client.
+ (2) If ``transport`` argument is None, ``client_options`` can be
+ used to create a mutual TLS transport. If ``client_cert_source``
+ is provided, mutual TLS transport will be created with the given
+ ``api_endpoint`` or the default mTLS endpoint, and the client
+ SSL credentials obtained from ``client_cert_source``.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
  """
  if isinstance(client_options, dict):
  client_options = ClientOptions.from_dict(client_options)
@@ -148,17 +199,46 @@ def __init__(
  # Ordinarily, we provide the transport, but allowing a custom transport
  # instance provides an extensibility point for unusual situations.
  if isinstance(transport, CloudMemcacheTransport):
+ # transport is a CloudMemcacheTransport instance.
  if credentials:
  raise ValueError(
  "When providing a transport instance, "
  "provide its credentials directly."
  )
  self._transport = transport
- else:
+ elif client_options is None or (
+ client_options.api_endpoint is None
+ and client_options.client_cert_source is None
+ ):
+ # Don't trigger mTLS if we get an empty ClientOptions.
  Transport = type(self).get_transport_class(transport)
  self._transport = Transport(
+ credentials=credentials, host=self.DEFAULT_ENDPOINT
+ )
+ else:
+ # We have a non-empty ClientOptions. If client_cert_source is
+ # provided, trigger mTLS with user provided endpoint or the default
+ # mTLS endpoint.
+ if client_options.client_cert_source:
+ api_mtls_endpoint = (
+ client_options.api_endpoint
+ if client_options.api_endpoint
+ else self.DEFAULT_MTLS_ENDPOINT
+ )
+ else:
+ api_mtls_endpoint = None
+
+ api_endpoint = (
+ client_options.api_endpoint
+ if client_options.api_endpoint
+ else self.DEFAULT_ENDPOINT
+ )
+
+ self._transport = CloudMemcacheGrpcTransport(
  credentials=credentials,
- host=client_options.api_endpoint or "memcache.googleapis.com",
+ host=api_endpoint,
+ api_mtls_endpoint=api_mtls_endpoint,
+ client_cert_source=client_options.client_cert_source,
  )
 
  def list_instances(

google/cloud/memcache_v1beta2/services/cloud_memcache/transports/grpc.py

@@ -15,11 +15,13 @@
 # limitations under the License.
 #
 
-from typing import Callable, Dict
+from typing import Callable, Dict, Tuple
 
 from google.api_core import grpc_helpers # type: ignore
 from google.api_core import operations_v1 # type: ignore
 from google.auth import credentials # type: ignore
+from google.auth.transport.grpc import SslCredentials # type: ignore
+
 
 import grpc # type: ignore
 
@@ -66,7 +68,9 @@ def __init__(
  *,
  host: str = "memcache.googleapis.com",
  credentials: credentials.Credentials = None,
- channel: grpc.Channel = None
+ channel: grpc.Channel = None,
+ api_mtls_endpoint: str = None,
+ client_cert_source: Callable[[], Tuple[bytes, bytes]] = None
  ) -> None:
  """Instantiate the transport.
 
@@ -80,20 +84,55 @@ def __init__(
  This argument is ignored if ``channel`` is provided.
  channel (Optional[grpc.Channel]): A ``Channel`` instance through
  which to make calls.
+ api_mtls_endpoint (Optional[str]): The mutual TLS endpoint. If
+ provided, it overrides the ``host`` argument and tries to create
+ a mutual TLS channel with client SSL credentials from
+ ``client_cert_source`` or applicatin default SSL credentials.
+ client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): A
+ callback to provide client SSL certificate bytes and private key
+ bytes, both in PEM format. It is ignored if ``api_mtls_endpoint``
+ is None.
+
+ Raises:
+ google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
+ creation failed for any reason.
  """
- # Sanity check: Ensure that channel and credentials are not both
- # provided.
  if channel:
+ # Sanity check: Ensure that channel and credentials are not both
+ # provided.
  credentials = False
 
+ # If a channel was explicitly provided, set it.
+ self._grpc_channel = channel
+ elif api_mtls_endpoint:
+ host = (
+ api_mtls_endpoint
+ if ":" in api_mtls_endpoint
+ else api_mtls_endpoint + ":443"
+ )
+
+ # Create SSL credentials with client_cert_source or application
+ # default SSL credentials.
+ if client_cert_source:
+ cert, key = client_cert_source()
+ ssl_credentials = grpc.ssl_channel_credentials(
+ certificate_chain=cert, private_key=key
+ )
+ else:
+ ssl_credentials = SslCredentials().ssl_credentials
+
+ # create a new channel. The provided one is ignored.
+ self._grpc_channel = grpc_helpers.create_channel(
+ host,
+ credentials=credentials,
+ ssl_credentials=ssl_credentials,
+ scopes=self.AUTH_SCOPES,
+ )
+
  # Run the base constructor.
  super().__init__(host=host, credentials=credentials)
  self._stubs = {} # type: Dict[str, Callable]
 
- # If a channel was explicitly provided, set it.
- if channel:
- self._grpc_channel = channel
-
  @classmethod
  def create_channel(
  cls,

mypy.ini

@@ -1,3 +1,3 @@
 [mypy]
-python_version = 3.5
+python_version = 3.6
 namespace_packages = True

setup.py

@@ -40,9 +40,7 @@
  platforms="Posix; MacOS X; Windows",
  include_package_data=True,
  install_requires=(
- "google-api-core >= 1.8.0, < 2.0.0dev",
- "googleapis-common-protos >= 1.5.8",
- "grpcio >= 1.10.0",
+ "google-api-core[grpc] >= 1.17.0, < 2.0.0dev",
  "proto-plus >= 0.4.0",
  ),
  python_requires=">=3.6",