Merge pull request #13479 from nathanielmanistaatgoogle/certificate-configuration

Avoid abbreviation in Python API.

src/python/grpcio/grpc/__init__.py

@@ -424,17 +424,19 @@ class ServerCredentials(object):
         self._credentials = credentials
 
 
-class ServerCertificateConfig(object):
-    """A certificate config for use with an SSL-enabled Server, e.g., can
-    be returned in the certificate config fetching callback.
+class ServerCertificateConfiguration(object):
+    """A certificate configuration for use with an SSL-enabled Server.
+
+    Instances of this class can be returned in the certificate configuration
+    fetching callback.
 
     This class has no supported interface -- it exists to define the
     type of its instances and its instances exist to be passed to
     other functions.
     """
 
-    def __init__(self, cert_config):
-        self._cert_config = cert_config
+    def __init__(self, certificate_configuration):
+        self._certificate_configuration = certificate_configuration
 
 
 ########################  Multi-Callable Interfaces  ###########################
@@ -1265,9 +1267,9 @@ def ssl_server_credentials(private_key_certificate_chain_pairs,
             ], require_client_auth))
 
 
-def ssl_server_certificate_config(private_key_certificate_chain_pairs,
-                                  root_certificates=None):
-    """Creates a ServerCertificateConfig for use with an SSL-enabled Server.
+def ssl_server_certificate_configuration(private_key_certificate_chain_pairs,
+                                         root_certificates=None):
+    """Creates a ServerCertificateConfiguration for use with a Server.
 
     Args:
       private_key_certificate_chain_pairs: A collection of pairs of
@@ -1277,38 +1279,38 @@ def ssl_server_certificate_config(private_key_certificate_chain_pairs,
         certificates that the server will use to verify client authentication.
 
     Returns:
-      A ServerCertificateConfig that can be returned in the certificate config
-      fetching callback.
+      A ServerCertificateConfiguration that can be returned in the certificate
+        configuration fetching callback.
     """
     if len(private_key_certificate_chain_pairs) == 0:
         raise ValueError(
             'At least one private key-certificate chain pair is required!')
     else:
-        return ServerCertificateConfig(
+        return ServerCertificateConfiguration(
             _cygrpc.server_certificate_config_ssl(root_certificates, [
                 _cygrpc.SslPemKeyCertPair(key, pem)
                 for key, pem in private_key_certificate_chain_pairs
             ]))
 
 
-def ssl_server_credentials_dynamic_cert_config(initial_cert_config,
-                                               cert_config_fetcher,
-                                               require_client_auth=False):
+def dynamic_ssl_server_credentials(initial_certificate_configuration,
+                                   certificate_configuration_fetcher,
+                                   require_client_authentication=False):
     """Creates a ServerCredentials for use with an SSL-enabled Server.
 
     Args:
-      initial_cert_config (ServerCertificateConfig): the certificate
-        config with which the server will be initialized.
-      cert_config_fetcher (callable): a callable that takes no
-        arguments and should return a ServerCertificateConfig to
-        replace the server's current cert, or None for no change
+      initial_certificate_configuration (ServerCertificateConfiguration): The
+        certificate configuration with which the server will be initialized.
+      certificate_configuration_fetcher (callable): A callable that takes no
+        arguments and should return a ServerCertificateConfiguration to
+        replace the server's current certificate, or None for no change
         (i.e., the server will continue its current certificate
         config). The library will call this callback on *every* new
         client connection before starting the TLS handshake with the
         client, thus allowing the user application to optionally
-        return a new ServerCertificateConfig that the server will then
+        return a new ServerCertificateConfiguration that the server will then
         use for the handshake.
-      require_client_auth: A boolean indicating whether or not to
+      require_client_authentication: A boolean indicating whether or not to
         require clients to be authenticated.
 
     Returns:
@@ -1316,7 +1318,8 @@ def ssl_server_credentials_dynamic_cert_config(initial_cert_config,
     """
     return ServerCredentials(
         _cygrpc.server_credentials_ssl_dynamic_cert_config(
-            initial_cert_config, cert_config_fetcher, require_client_auth))
+            initial_certificate_configuration,
+            certificate_configuration_fetcher, require_client_authentication))
 
 
 def channel_ready_future(channel):
@@ -1401,19 +1404,19 @@ __all__ = ('FutureTimeoutError', 'FutureCancelledError', 'Future',
            'ChannelConnectivity', 'StatusCode', 'RpcError', 'RpcContext',
            'Call', 'ChannelCredentials', 'CallCredentials',
            'AuthMetadataContext', 'AuthMetadataPluginCallback',
-           'AuthMetadataPlugin', 'ServerCertificateConfig', 'ServerCredentials',
-           'UnaryUnaryMultiCallable', 'UnaryStreamMultiCallable',
-           'StreamUnaryMultiCallable', 'StreamStreamMultiCallable', 'Channel',
-           'ServicerContext', 'RpcMethodHandler', 'HandlerCallDetails',
-           'GenericRpcHandler', 'ServiceRpcHandler', 'Server',
-           'unary_unary_rpc_method_handler', 'unary_stream_rpc_method_handler',
-           'stream_unary_rpc_method_handler',
+           'AuthMetadataPlugin', 'ServerCertificateConfiguration',
+           'ServerCredentials', 'UnaryUnaryMultiCallable',
+           'UnaryStreamMultiCallable', 'StreamUnaryMultiCallable',
+           'StreamStreamMultiCallable', 'Channel', 'ServicerContext',
+           'RpcMethodHandler', 'HandlerCallDetails', 'GenericRpcHandler',
+           'ServiceRpcHandler', 'Server', 'unary_unary_rpc_method_handler',
+           'unary_stream_rpc_method_handler', 'stream_unary_rpc_method_handler',
            'stream_stream_rpc_method_handler',
            'method_handlers_generic_handler', 'ssl_channel_credentials',
            'metadata_call_credentials', 'access_token_call_credentials',
            'composite_call_credentials', 'composite_channel_credentials',
-           'ssl_server_credentials', 'ssl_server_certificate_config',
-           'ssl_server_credentials_dynamic_cert_config', 'channel_ready_future',
+           'ssl_server_credentials', 'ssl_server_certificate_configuration',
+           'dynamic_ssl_server_credentials', 'channel_ready_future',
            'insecure_channel', 'secure_channel', 'server',)
 
 ############################### Extension Shims ################################

src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi

@@ -338,8 +338,9 @@ def server_certificate_config_ssl(pem_root_certs, pem_key_cert_pairs):
 def server_credentials_ssl_dynamic_cert_config(initial_cert_config,
                                                cert_config_fetcher,
                                                bint force_client_auth):
-  if not isinstance(initial_cert_config, grpc.ServerCertificateConfig):
-    raise TypeError('initial_cert_config must be a grpc.ServerCertificateConfig')
+  if not isinstance(initial_cert_config, grpc.ServerCertificateConfiguration):
+    raise TypeError(
+        'initial_cert_config must be a grpc.ServerCertificateConfiguration')
   if not callable(cert_config_fetcher):
     raise TypeError('cert_config_fetcher must be callable')
   cdef ServerCredentials credentials = ServerCredentials()

src/python/grpcio/grpc/_cython/_cygrpc/server.pyx.pxi

@@ -28,7 +28,7 @@ cdef grpc_ssl_certificate_config_reload_status _server_cert_config_fetcher_wrapp
   if not credentials.initial_cert_config_fetched:
     # C-core is asking for the initial cert config
     credentials.initial_cert_config_fetched = True
-    cert_config = credentials.initial_cert_config._cert_config
+    cert_config = credentials.initial_cert_config._certificate_configuration
   else:
     user_cb = credentials.cert_config_fetcher
     try:
@@ -38,13 +38,15 @@ cdef grpc_ssl_certificate_config_reload_status _server_cert_config_fetcher_wrapp
       return GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL
     if cert_config_wrapper is None:
       return GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED
-    elif not isinstance(cert_config_wrapper, grpc.ServerCertificateConfig):
-      logging.error('Error fetching certificate config: certificate '
-                    'config must be of type grpc.ServerCertificateConfig, '
-                    'not %s' % type(cert_config_wrapper).__name__)
+    elif not isinstance(
+        cert_config_wrapper, grpc.ServerCertificateConfiguration):
+      logging.error(
+          'Error fetching certificate configuration: certificate '
+          'configuration must be of type grpc.ServerCertificateConfiguration, '
+          'not %s' % type(cert_config_wrapper).__name__)
       return GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL
     else:
-      cert_config = cert_config_wrapper._cert_config
+      cert_config = cert_config_wrapper._certificate_configuration
   config[0] = <grpc_ssl_server_certificate_config*>cert_config.c_cert_config
   # our caller will assume ownership of memory, so we have to recreate
   # a copy of c_cert_config here

src/python/grpcio_tests/tests/unit/_api_test.py

@@ -30,7 +30,7 @@ class AllTest(unittest.TestCase):
             'ChannelConnectivity', 'StatusCode', 'RpcError', 'RpcContext',
             'Call', 'ChannelCredentials', 'CallCredentials',
             'AuthMetadataContext', 'AuthMetadataPluginCallback',
-            'AuthMetadataPlugin', 'ServerCertificateConfig',
+            'AuthMetadataPlugin', 'ServerCertificateConfiguration',
             'ServerCredentials', 'UnaryUnaryMultiCallable',
             'UnaryStreamMultiCallable', 'StreamUnaryMultiCallable',
             'StreamStreamMultiCallable', 'Channel', 'ServicerContext',
@@ -42,10 +42,9 @@ class AllTest(unittest.TestCase):
             'method_handlers_generic_handler', 'ssl_channel_credentials',
             'metadata_call_credentials', 'access_token_call_credentials',
             'composite_call_credentials', 'composite_channel_credentials',
-            'ssl_server_credentials', 'ssl_server_certificate_config',
-            'ssl_server_credentials_dynamic_cert_config',
-            'channel_ready_future', 'insecure_channel', 'secure_channel',
-            'server',)
+            'ssl_server_credentials', 'ssl_server_certificate_configuration',
+            'dynamic_ssl_server_credentials', 'channel_ready_future',
+            'insecure_channel', 'secure_channel', 'server',)
 
         six.assertCountEqual(self, expected_grpc_code_elements,
                              _from_grpc_import_star.GRPC_ELEMENTS)

src/python/grpcio_tests/tests/unit/_server_ssl_cert_config_test.py

@@ -11,11 +11,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-"""
-This tests server certificate rotation support.
+"""Tests server certificate rotation.
 
-Here we test various aspects of gRPC Python, and in some cases C-core
-by extension, support for server certificate rotation.
+Here we test various aspects of gRPC Python, and in some cases gRPC
+Core by extension, support for server certificate rotation.
 
 * ServerSSLCertReloadTestWithClientAuth: test ability to rotate
   server's SSL cert for use in future channels with clients while not
@@ -27,7 +26,7 @@ by extension, support for server certificate rotation.
   not authenticate the client.
 
 * ServerSSLCertReloadTestCertConfigReuse: tests gRPC Python's ability
-  to deal with user's reuse of ServerCertificateConfig instances.
+  to deal with user's reuse of ServerCertificateConfiguration instances.
 """
 
 import abc
@@ -140,14 +139,14 @@ class _ServerSSLCertReloadTest(
         services_pb2_grpc.add_FirstServiceServicer_to_server(
             _server_application.FirstServiceServicer(), self.server)
         switch_cert_on_client_num = 10
-        initial_cert_config = grpc.ssl_server_certificate_config(
+        initial_cert_config = grpc.ssl_server_certificate_configuration(
             [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)],
             root_certificates=CA_2_PEM)
         self.cert_config_fetcher = CertConfigFetcher()
-        server_credentials = grpc.ssl_server_credentials_dynamic_cert_config(
+        server_credentials = grpc.dynamic_ssl_server_credentials(
             initial_cert_config,
             self.cert_config_fetcher,
-            require_client_auth=self.require_client_auth())
+            require_client_authentication=self.require_client_auth())
         self.port = self.server.add_secure_port('[::]:0', server_credentials)
         self.server.start()
 
@@ -285,7 +284,7 @@ class _ServerSSLCertReloadTest(
 
         # moment of truth!! client should reject server because the
         # server switch cert...
-        cert_config = grpc.ssl_server_certificate_config(
+        cert_config = grpc.ssl_server_certificate_configuration(
             [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
             root_certificates=CA_1_PEM)
         self.cert_config_fetcher.reset()
@@ -362,18 +361,18 @@ class ServerSSLCertConfigFetcherParamsChecks(unittest.TestCase):
 
     def test_check_on_initial_config(self):
         with self.assertRaises(TypeError):
-            grpc.ssl_server_credentials_dynamic_cert_config(None, str)
+            grpc.dynamic_ssl_server_credentials(None, str)
         with self.assertRaises(TypeError):
-            grpc.ssl_server_credentials_dynamic_cert_config(1, str)
+            grpc.dynamic_ssl_server_credentials(1, str)
 
     def test_check_on_config_fetcher(self):
-        cert_config = grpc.ssl_server_certificate_config(
+        cert_config = grpc.ssl_server_certificate_configuration(
             [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
             root_certificates=CA_1_PEM)
         with self.assertRaises(TypeError):
-            grpc.ssl_server_credentials_dynamic_cert_config(cert_config, None)
+            grpc.dynamic_ssl_server_credentials(cert_config, None)
         with self.assertRaises(TypeError):
-            grpc.ssl_server_credentials_dynamic_cert_config(cert_config, 1)
+            grpc.dynamic_ssl_server_credentials(cert_config, 1)
 
 
 class ServerSSLCertReloadTestWithClientAuth(_ServerSSLCertReloadTest):
@@ -393,14 +392,14 @@ class ServerSSLCertReloadTestWithoutClientAuth(_ServerSSLCertReloadTest):
 
 
 class ServerSSLCertReloadTestCertConfigReuse(_ServerSSLCertReloadTest):
-    """Ensures that `ServerCertificateConfig` instances can be reused.
+    """Ensures that `ServerCertificateConfiguration` instances can be reused.
 
-    Because C-core takes ownership of the
+    Because gRPC Core takes ownership of the
     `grpc_ssl_server_certificate_config` encapsulated by
-    `ServerCertificateConfig`, this test reuses the same
-    `ServerCertificateConfig` instances multiple times to make sure
+    `ServerCertificateConfiguration`, this test reuses the same
+    `ServerCertificateConfiguration` instances multiple times to make sure
     gRPC Python takes care of maintaining the validity of
-    `ServerCertificateConfig` instances, so that such instances can be
+    `ServerCertificateConfiguration` instances, so that such instances can be
     re-used by user application.
     """
 
@@ -411,17 +410,17 @@ class ServerSSLCertReloadTestCertConfigReuse(_ServerSSLCertReloadTest):
         self.server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
         services_pb2_grpc.add_FirstServiceServicer_to_server(
             _server_application.FirstServiceServicer(), self.server)
-        self.cert_config_A = grpc.ssl_server_certificate_config(
+        self.cert_config_A = grpc.ssl_server_certificate_configuration(
             [(SERVER_KEY_1_PEM, SERVER_CERT_CHAIN_1_PEM)],
             root_certificates=CA_2_PEM)
-        self.cert_config_B = grpc.ssl_server_certificate_config(
+        self.cert_config_B = grpc.ssl_server_certificate_configuration(
             [(SERVER_KEY_2_PEM, SERVER_CERT_CHAIN_2_PEM)],
             root_certificates=CA_1_PEM)
         self.cert_config_fetcher = CertConfigFetcher()
-        server_credentials = grpc.ssl_server_credentials_dynamic_cert_config(
+        server_credentials = grpc.dynamic_ssl_server_credentials(
             self.cert_config_A,
             self.cert_config_fetcher,
-            require_client_auth=True)
+            require_client_authentication=True)
         self.port = self.server.add_secure_port('[::]:0', server_credentials)
         self.server.start()