cloud-sql-python-connector/google/cloud/sql/connector/utils.py at main · GoogleCloudPlatform/cloud-sql-python-connector · GitHub

Name: cloud-sql-python-connector/google/cloud/sql/connector/utils.py at main · GoogleCloudPlatform/cloud-sql-python-connector · GitHub
Rating: 4.4 (6412 reviews)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
"""
Copyright 2019 Google LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""

importaiofiles
fromcryptography.hazmat.backendsimportdefault_backend
fromcryptography.hazmat.primitivesimportserialization
fromcryptography.hazmat.primitives.asymmetricimportrsa


asyncdefgenerate_keys() ->tuple[bytes, str]:
"""A helper function to generate the private and public keys.

 backend - The value specified is default_backend(). This is because the
 cryptography library used to support different backends, but now only uses
 the default_backend().

 public_exponent - The public exponent is one of the variables used in the
 generation of the keys. 65537 is recommended due to being a good balance
 between speed and security.

 key_size - The cryptography documentation recommended a key_size
 of at least 2048.

 """
private_key_obj=rsa.generate_private_key(
backend=default_backend(), public_exponent=65537, key_size=2048
 )

pub_key= (
private_key_obj.public_key()
 .public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
 )
 .decode("UTF-8")
 )

priv_key=private_key_obj.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
 )

returnpriv_key, pub_key


asyncdefwrite_to_file(
dir_path: str, serverCaCert: str, ephemeralCert: str, priv_key: bytes
) ->tuple[str, str, str]:
"""
 Helper function to write the serverCaCert, ephemeral certificate and
 private key to .pem files in a given directory
 """
ca_filename=f"{dir_path}/ca.pem"
cert_filename=f"{dir_path}/cert.pem"
key_filename=f"{dir_path}/priv.pem"

asyncwithaiofiles.open(ca_filename, "w+") asca_out:
awaitca_out.write(serverCaCert)
asyncwithaiofiles.open(cert_filename, "w+") asephemeral_out:
awaitephemeral_out.write(ephemeralCert)
asyncwithaiofiles.open(key_filename, "wb") aspriv_out:
awaitpriv_out.write(priv_key)

return (ca_filename, cert_filename, key_filename)


defformat_database_user(database_version: str, user: str) ->str:
"""Format database `user` param for Cloud SQL automatic IAM authentication.

 Args:
 database_version (str): Cloud SQL database version.
 user (str): Database username to connect to Cloud SQL database with.

 Returns:
 str: Formatted database username.
 """
# remove suffix for Postgres service accounts
ifdatabase_version.startswith("POSTGRES"):
suffix=".gserviceaccount.com"
user=user[: -len(suffix)] ifuser.endswith(suffix) elseuser
returnuser

# remove everything after and including the @ for MySQL
ifdatabase_version.startswith("MYSQL") and"@"inuser:
returnuser.split("@")[0]

returnuser