feat: Adding new samples for the python callouts (#51)

* Adding use-case 5 * Adding cloud_log sample and refactoring some functions for better clarity * Adding tests for custom_response, adjusting dockerfile and adjusting formatting for the example * Adjusting the description of the custom_response --------- Co-authored-by: victorwoli <victorwo@ciandt.com>
GoogleCloudPlatform · Mar 20, 2024 · 2d0c68e · 2d0c68e
1 parent 8a0f3ff
commit 2d0c68e
Show file tree

Hide file tree

Showing 10 changed files with 866 additions and 4 deletions.
diff --git a/callouts/python/extproc/example/add_custom_response/Dockerfile b/callouts/python/extproc/example/add_custom_response/Dockerfile
@@ -0,0 +1,21 @@
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM marketplace.gcr.io/google/debian12
+RUN apt-get update && apt-get install -y python3-pip python3-grpc-tools
+WORKDIR /home/callouts/python
+COPY ./extproc/service ./extproc/service
+COPY ./extproc/proto ./extproc/proto
+COPY ./extproc/ssl_creds ./extproc/ssl_creds
+COPY ./extproc/example/add_custom_response ./extproc/example/add_custom_response
+EXPOSE 443
+EXPOSE 8080
+EXPOSE 80
+CMD [ "/usr/bin/python3", "-um", "extproc.example.add_custom_response.service_callout_example" ]
diff --git a/callouts/python/extproc/example/add_custom_response/__init__.py b/callouts/python/extproc/example/add_custom_response/__init__.py
diff --git a/callouts/python/extproc/example/add_custom_response/service_callout_example.py b/callouts/python/extproc/example/add_custom_response/service_callout_example.py
@@ -0,0 +1,68 @@
+# Copyright 2024 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from grpc import ServicerContext
+from extproc.proto import service_pb2
+from extproc.service import callout_server
+
+
+class CalloutServerExample(callout_server.CalloutServer):
+  """Example callout server.
+
+  Provides a non-comprehensive set of responses for each of the possible
+  callout interactions.
+
+  On a request header callout we check if it contains a header called '{mock:}', if yes then it will
+  generate a mock response, otherwise it will follow the standard flow and add a header
+  '{header-request: request}'. On response header callouts, we respond with a mutation to add
+  the header '{header-response: response}'.
+
+  On a request body callout we check if it contains in the body 'mock', if yes then it will generate
+  a mock response, otherwise it will follow the standard flow and provide a mutation to append '-added-body'
+  to the body. On response body callouts we send a mutation to replace the body with 'new-body'.
+  """
+
+  def on_request_body(
+      self, body: service_pb2.HttpBody, context: ServicerContext
+  ) -> service_pb2.BodyResponse:
+    """Custom processor on the request body."""
+    return callout_server.add_body_mutation(body='-added-body')
+
+  def on_response_body(
+      self, body: service_pb2.HttpBody, context: ServicerContext
+  ) -> service_pb2.BodyResponse:
+    """Custom processor on the response body."""
+    return callout_server.add_body_mutation(body='new-body', clear_body=False)
+
+  def on_request_headers(
+      self, headers: service_pb2.HttpHeaders, context: ServicerContext
+  ) -> service_pb2.HeadersResponse:
+    """Custom processor on request headers."""
+    return callout_server.add_header_mutation(
+      add=[('header-request', 'request')], remove=['foo'],
+      clear_route_cache=True
+    )
+
+  def on_response_headers(
+      self, headers: service_pb2.HttpHeaders, context: ServicerContext
+  ) -> service_pb2.HeadersResponse:
+    """Custom processor on response headers."""
+    return callout_server.add_header_mutation(
+      add=[('header-response', 'response')]
+    )
+
+
+if __name__ == '__main__':
+  # Run the gRPC service
+  CalloutServerExample(port=443, insecure_port=8080, health_check_port=80).run()
diff --git a/callouts/python/extproc/example/cloud_log/Dockerfile b/callouts/python/extproc/example/cloud_log/Dockerfile
@@ -0,0 +1,22 @@
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM marketplace.gcr.io/google/debian12
+RUN apt-get update && apt-get install -y python3-pip python3-grpc-tools
+RUN pip install google-cloud-logging --break-system-packages
+WORKDIR /home/callouts/python
+COPY ./extproc/service ./extproc/service
+COPY ./extproc/proto ./extproc/proto
+COPY ./extproc/ssl_creds ./extproc/ssl_creds
+COPY ./extproc/example/cloud_log ./extproc/example/cloud_log
+EXPOSE 443
+EXPOSE 8080
+EXPOSE 80
+CMD [ "/usr/bin/python3", "-um", "extproc.example.cloud_log.service_callout_example" ]
diff --git a/callouts/python/extproc/example/cloud_log/__init__.py b/callouts/python/extproc/example/cloud_log/__init__.py
diff --git a/callouts/python/extproc/example/cloud_log/service_callout_example.py b/callouts/python/extproc/example/cloud_log/service_callout_example.py
@@ -0,0 +1,60 @@
+# Copyright 2024 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import google.cloud.logging
+
+from grpc import ServicerContext
+from extproc.proto import service_pb2
+from extproc.service import callout_server
+
+
+class CalloutServerExample(callout_server.CalloutServer):
+  """Example callout server.
+
+  Provides a non-comprehensive set of responses for each of the possible
+  callout interactions.
+
+  For request header callouts we check the content of the request and
+  authorize the request or reject the request.
+  The content being checked is if the header has the header header-check.
+  The decision is logged to Cloud Logging.
+
+  For request body callouts we check the content of the request and
+  authorize the request or reject the request.
+  The content being checked is if the body has the body body-check.
+  The decision is logged to Cloud Logging.
+  """
+
+  def on_request_headers(
+      self, headers: service_pb2.HttpHeaders, context: ServicerContext
+  ) -> service_pb2.HeadersResponse:
+    """Custom processor on request headers."""
+    return callout_server.add_header_mutation(
+      add=[('header-request', 'request')],
+      clear_route_cache=True
+    )
+
+  def on_request_body(
+      self, body: service_pb2.HttpBody, context: ServicerContext
+  ) -> service_pb2.BodyResponse:
+    """Custom processor on the request body."""
+    return callout_server.add_body_mutation(body='-added-body')
+
+if __name__ == '__main__':
+  """Sets up Google Cloud Logging for the cloud_log example"""
+  client = google.cloud.logging.Client()
+  client.setup_logging()
+
+  # Run the gRPC service
+  CalloutServerExample(port=443, insecure_port=8080, health_check_port=80).run()
diff --git a/callouts/python/extproc/service/callout_server.py b/callouts/python/extproc/service/callout_server.py
@@ -18,6 +18,7 @@
 Bundled with an optional health check server.
 Can be set up to use ssl certificates.
 """
+import logging
 
 from concurrent import futures
 from http.server import BaseHTTPRequestHandler
@@ -30,7 +31,6 @@
 from extproc.proto import service_pb2
 from extproc.proto import service_pb2_grpc
 
-
 def add_header_mutation(
     add: list[tuple[str, str]] | None = None,
     remove: list[str] | None = None,
@@ -53,8 +53,8 @@ def add_header_mutation(
   if add:
     for k, v in add:
       header_value_option = service_pb2.HeaderValueOption(
-          header=service_pb2.HeaderValue(key=k, raw_value=bytes(v, 'utf-8'))
-        )
+        header=service_pb2.HeaderValue(key=k, raw_value=bytes(v, 'utf-8'))
+      )
       if append_action:
         header_value_option.append_action = append_action
       header_mutation.response.header_mutation.set_headers.append(header_value_option)
@@ -131,7 +131,6 @@ def get_device_type(host_value: str) -> str:
   else:
     return 'desktop'
 
-
 class HealthCheckService(BaseHTTPRequestHandler):
   """Server for responding to health check pings."""
 
@@ -299,6 +298,64 @@ def shutdown(self):
       self._health_check_server.shutdown()
     self._shutdown = True
 
+  def header_mock_check(self, request):
+    header_mock_check = next(
+      (header.raw_value for header in request.headers.headers if
+       header.key == 'mock'),
+      None)
+    if header_mock_check:
+      return True
+    return False
+
+  def body_mock_check(self, request):
+    body_content = request.body.decode('utf-8')
+    body_check = "mock"
+    if body_check in body_content:
+      return True
+    return False
+
+  def generate_mock_response(self, mock_type):
+    """Generate mock response based on type ('header' or 'body')."""
+    if mock_type == 'header':
+      mock_response = service_pb2.HeadersResponse()
+      mock_header = service_pb2.HeaderValueOption(
+        header=service_pb2.HeaderValue(key="Mock-Response", raw_value=bytes("Mocked-Value", 'utf-8')))
+      mock_response.response.header_mutation.set_headers.append(mock_header)
+      return mock_response
+    elif mock_type == 'body':
+      mock_response = service_pb2.BodyResponse()
+      mock_response.response.body_mutation.body = bytes("Mocked-Body", 'utf-8')
+      return mock_response
+
+  def validate_request(self, request, request_type):
+    """Validate both header and body of the request."""
+    if request_type == 'header':
+      header_value_check = next(
+        (header.raw_value for header in request.request_headers.headers.headers if
+         header.key == 'header-check'),
+        None)
+
+      if header_value_check:
+        return False
+
+    elif request_type == 'body':
+      body_content = request.request_body.body.decode('utf-8')
+      body_check = "body-check"
+
+      if body_check in body_content:
+        return False
+
+    return True
+
+  def request_denied(
+      self,
+      context
+  ):
+
+    request_denied_msg = "Request content is invalid or not allowed"
+    logging.warning(request_denied_msg)
+    context.abort(grpc.StatusCode.PERMISSION_DENIED, request_denied_msg)
+
   def process(
       self,
       request_iterator: Iterator[service_pb2.ProcessingRequest],
@@ -307,22 +364,46 @@ def process(
     """Process the client request."""
     for request in request_iterator:
       if request.HasField('request_headers'):
+        if not self.validate_request(request, 'header'):
+          self.request_denied(context)
+
+        if self.header_mock_check(request.request_headers):
+          mock_response = self.generate_mock_response('header')
+          yield service_pb2.ProcessingResponse(request_headers=mock_response)
+          return
+
         yield service_pb2.ProcessingResponse(
           request_headers=self.on_request_headers(
             request.request_headers, context
           )
         )
       if request.HasField('response_headers'):
+        if self.header_mock_check(request.response_headers):
+          mock_response = self.generate_mock_response('header')
+          yield service_pb2.ProcessingResponse(response_headers=mock_response)
+          return
         yield service_pb2.ProcessingResponse(
           response_headers=self.on_response_headers(
             request.response_headers, context
           )
         )
       if request.HasField('request_body'):
+        if not self.validate_request(request, 'body'):
+          self.request_denied(context)
+
+        if self.body_mock_check(request.request_body):
+          mock_response = self.generate_mock_response('body')
+          yield service_pb2.ProcessingResponse(request_body=mock_response)
+          return
+
         yield service_pb2.ProcessingResponse(
           request_body=self.on_request_body(request.request_body, context)
         )
       if request.HasField('response_body'):
+        if self.body_mock_check(request.response_body):
+          mock_response = self.generate_mock_response('body')
+          yield service_pb2.ProcessingResponse(response_body=mock_response)
+          return
         yield service_pb2.ProcessingResponse(
           response_body=self.on_response_body(request.response_body, context)
         )