Simplify code around gRPC channel credentials (#440)

Volue-Public · Mar 14, 2024 · 7ccd627 · 7ccd627
1 parent ba8376f
commit 7ccd627
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 30 deletions.
diff --git a/src/volue/mesh/__init__.py b/src/volue/mesh/__init__.py
@@ -24,14 +24,12 @@
     XySet,
 )
 from ._connection import Connection
-from ._credentials import Credentials
 
 __title__ = "volue.mesh"
 __author__ = "Volue AS"
 
 __all__ = [
     "Authentication",
-    "Credentials",
     "Connection",
     "AttributeBase",
     "LinkRelationAttribute",

diff --git a/src/volue/mesh/_base_connection.py b/src/volue/mesh/_base_connection.py
@@ -8,7 +8,6 @@
 
 from . import _authentication
 from ._authentication import Authentication, ExternalAccessTokenPlugin
-from ._credentials import Credentials
 
 C = TypeVar("C", bound="Connection")
 
@@ -111,19 +110,21 @@ def __init__(
             # insecure connection (without TLS)
             channel = self._insecure_grpc_channel(target=target)
         else:
-            credentials: Credentials = Credentials(root_pem_certificate)
+            channel_credentials = grpc.ssl_channel_credentials(
+                root_certificates=root_pem_certificate
+            )
 
             # authentication requires TLS
             if authentication_parameters:
                 self.auth_metadata_plugin = Authentication(
-                    authentication_parameters, target, credentials.channel_creds
+                    authentication_parameters, target, channel_credentials
                 )
                 call_credentials = grpc.metadata_call_credentials(
                     self.auth_metadata_plugin
                 )
 
                 composite_credentials = grpc.composite_channel_credentials(
-                    credentials.channel_creds,
+                    channel_credentials,
                     call_credentials,
                 )
 
@@ -134,7 +135,7 @@ def __init__(
             else:
                 # connection using TLS (no Kerberos authentication)
                 channel = self._secure_grpc_channel(
-                    target=target, credentials=credentials.channel_creds
+                    target=target, credentials=channel_credentials
                 )
 
         self.mesh_service = core.v1alpha.core_pb2_grpc.MeshServiceStub(channel)

diff --git a/src/volue/mesh/_credentials.py b/src/volue/mesh/_credentials.py
diff --git a/src/volue/mesh/tests/test_authentication.py b/src/volue/mesh/tests/test_authentication.py
@@ -4,6 +4,7 @@
 
 import sys
 
+import grpc
 import pytest
 import pytest_asyncio
 
@@ -17,12 +18,14 @@ def auth_metadata_plugin(mesh_test_config):
     Note: Depending on the test-case there will be some tokens left (not revoked) in Mesh server.
     """
     assert mesh_test_config.creds_type == "kerberos"
-    credentials = mesh.Credentials(mesh_test_config.tls_root_certs)
+    channel_credentials = grpc.ssl_channel_credentials(
+        root_certificates=mesh_test_config.tls_root_certs
+    )
     authentication_parameters = mesh.Authentication.Parameters(
         mesh_test_config.krb5_svc, mesh_test_config.krb5_usr
     )
     return mesh.Authentication(
-        authentication_parameters, mesh_test_config.address, credentials.channel_creds
+        authentication_parameters, mesh_test_config.address, channel_credentials
     )