server/instance.py: Register authentication gRPC interceptor

ddb69ad6 · Martin Blanchard · 8827a263 · ddb69ad6
Commit ddb69ad6 authored 6 years ago by Martin Blanchard
--- a/buildgrid/server/instance.py
+++ b/buildgrid/server/instance.py
@@ -26,6 +26,7 @@ import grpc
 from buildgrid._enums import BotStatus, MetricRecordDomain, MetricRecordType
 from buildgrid._protos.buildgrid.v2 import monitoring_pb2
 from buildgrid.server.actioncache.service import ActionCacheService
+from buildgrid.server._authentication import AuthMetadataMethod, AuthMetadataAlgorithm, AuthMetadataServerInterceptor
 from buildgrid.server.bots.service import BotsService
 from buildgrid.server.cas.service import ByteStreamService, ContentAddressableStorageService
 from buildgrid.server.execution.service import ExecutionService
@@ -44,11 +45,21 @@ class BuildGridServer:
    requisite services.
    """

-    def __init__(self, max_workers=None, monitor=False):
+    def __init__(self, max_workers=None, monitor=False, auth_method=AuthMetadataMethod.NONE,
+                 auth_secret=None, auth_algorithm=AuthMetadataAlgorithm.NONE):
        """Initializes a new :class:`BuildGridServer` instance.

        Args:
            max_workers (int, optional): A pool of max worker threads.
+            monitor (bool, optional): Whether or not to globally activate server
+                monitoring. Defaults to ``False``.
+            auth_method (AuthMetadataMethod, optional): Authentication method to
+                be used for request authorization. Defaults to ``NONE``.
+            auth_secret (str, optional): The secret or key to be used for
+                authorizing request using `auth_method`. Defaults to ``None``.
+            auth_algorithm (AuthMetadataAlgorithm, optional): The crytographic
+                algorithm to be uses in combination with `auth_secret` for
+                authorizing request using `auth_method`. Defaults to ``NONE``.
        """
        self.__logger = logging.getLogger(__name__)

@@ -56,8 +67,17 @@ class BuildGridServer:
            # Use max_workers default from Python 3.5+
            max_workers = (os.cpu_count() or 1) * 5

+        self.__grpc_auth_interceptor = None
+        if auth_method != AuthMetadataMethod.NONE:
+            self.__grpc_auth_interceptor = AuthMetadataServerInterceptor(
+                method=auth_method , secret=auth_secret , algorithm=auth_algorithm)
        self.__grpc_executor = futures.ThreadPoolExecutor(max_workers)
-        self.__grpc_server = grpc.server(self.__grpc_executor)
+
+        if self.__grpc_auth_interceptor is not None:
+            self.__grpc_server = grpc.server(
+                self.__grpc_executor, interceptors=(self.__grpc_auth_interceptor,))
+        else:
+            self.__grpc_server = grpc.server(self.__grpc_executor)

        self.__main_loop = asyncio.get_event_loop()
        self.__monitoring_bus = None