The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#) https://grpc.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1609 lines
67 KiB

10 years ago
/*
*
* Copyright 2015 gRPC authors.
10 years ago
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
10 years ago
*
* http://www.apache.org/licenses/LICENSE-2.0
10 years ago
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
10 years ago
*
*/
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/credentials/credentials.h"
10 years ago
#include <openssl/rsa.h>
#include <stdlib.h>
#include <string.h>
#include <grpc/grpc_security.h>
#include <grpc/slice.h>
#include <grpc/support/alloc.h>
10 years ago
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
10 years ago
#include <grpc/support/time.h>
#include "src/core/lib/gpr/env.h"
#include "src/core/lib/gpr/string.h"
#include "src/core/lib/gpr/tmpfile.h"
#include "src/core/lib/gprpp/host_port.h"
9 years ago
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/iomgr/error.h"
#include "src/core/lib/security/credentials/composite/composite_credentials.h"
#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
#include "src/core/lib/security/transport/auth_filters.h"
#include "src/core/lib/uri/uri_parser.h"
#include "test/core/util/test_config.h"
10 years ago
using grpc_core::internal::grpc_flush_cached_google_default_credentials;
using grpc_core::internal::set_gce_tenancy_checker_for_testing;
/* -- Constants. -- */
static const char test_google_iam_authorization_token[] = "blahblahblhahb";
static const char test_google_iam_authority_selector[] = "respectmyauthoritah";
static const char test_oauth2_bearer_token[] =
"Bearer blaaslkdjfaslkdfasdsfasf";
Updating moe_db.txt with the latest equivalence since the ruby import changed the exported structure. Change on 2014/12/01 by nnoble <nnoble@google.com> ------------- new [] file for grpc testing. Change on 2014/12/02 by donnadionne <donnadionne@google.com> ------------- Fix unfinished calls in thread_stress_test. Previously we had an early return if we cancelled a stream part way through a message. Correct this, so that half close and full close signals are propagated up the stack correctly so that higher level state machines can see the termination. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Remove dependency on internal C code. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Turn off the flaky bit from thread_stress_test. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Add test cases of empty request/response, request streaming, response streaming, and half duplex streaming. Bring up the GFE/ESF for mannual test: [] build java/com/google/net/[]/testing/integration/hexa:server_components_env []-bin/java/com/google/net/[]/testing/integration/hexa/server_components_env --manual --rpc_port=25000 --use_autobahn Change on 2014/12/02 by chenw <chenw@google.com> ------------- Make echo/server.c and fling/server.c shutdown cleanly on SIGINT, and update the relevant tests to exercise this mechanism. Now "[] coverage" and the memory leak detector are able to see into the server processes. Change on 2014/12/02 by pmarks <pmarks@google.com> ------------- Allow the # of channels to be configurable in this performance test. The threads will use the channels in statically-defined round-robin order (not based on when RPCs complete on any channel). The interesting cases are #channels=1 or #channels=#threads (we previously only had the latter case) Change on 2014/12/02 by vpai <vpai@google.com> ------------- Fixed a typo and reworded a comment. Change on 2014/12/02 by gnezdo <gnezdo@google.com> ------------- Require the grpc_call in this ClientContext to be NULL before allowing set_call to be invoked. Otherwise, it's an indication of a leak somewhere. Change on 2014/12/02 by vpai <vpai@google.com> ------------- Correctly return status other than ok and add a test for it. Change on 2014/12/02 by yangg <yangg@google.com> ------------- Better C++ guards for grpc_security.h Change on 2014/12/02 by nnoble <nnoble@google.com> ------------- Use nullptr instead of NULL for consistency. Change on 2014/12/02 by vpai <vpai@google.com> ------------- Updates the ruby gRPC service class to require the serialization method to be a static method - this brings it inline with the proto3 ruby API - it adds a monkey patch to allow existing proto (beefcake) to continue working. Change on 2014/12/02 by temiola <temiola@google.com> ------------- Adding a buildable unit to the blue print file. Added the buildable unit as its name will be usesd as tap project id. This test will fail right away in tap until tests are actually added. Change on 2014/12/02 by donnadionne <donnadionne@google.com> ------------- Move interop ESF C++ server from Java to grpc directory. Tests passed: [] test javatests/com/google/net/[]/testing/integration/hexa/... [] test net/grpc/testing/interop/esf_server/... Change on 2014/12/02 by chenw <chenw@google.com> ------------- Return a lame channel as opposed to NULL when secure channel creation fails. - Looks like we're going to need something similar server-side. - I changed the prototype of the lame client channel factory to take an explicit void as I think this is better practice in C. Let me know if you disagree and I will revert these changes. Change on 2014/12/02 by jboeuf <jboeuf@google.com> ------------- Putting ALPN support where it belongs. Change on 2014/12/02 by jboeuf <jboeuf@google.com> ------------- GOAWAY send path. Sends a GOAWAY frame when shutting down. This is not read and understood yet. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Adds support for secure channels and servers. - wraps new C apis (credentials, server_credentials) and Server#add_secure_http_port - adds tests to ensure credentials and server credentials can be created - updates client_server_spec to run the client_server wrapper layer end-to-end tests using a secure channel Change on 2014/12/03 by temiola <temiola@google.com> ------------- Fix existing issues regarding out of order events. At the client side, using pluck as the client_metadata_read can happen anytime after invoke. At the server side, allow halfclose_ok and rpc_end to come in reverse order. Change on 2014/12/03 by yangg <yangg@google.com> ------------- Don't track coverage of tests. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Change UnaryCall to conform standard test requirement of LargeUnaryCall. Change on 2014/12/03 by yangg <yangg@google.com> ------------- updating alpn version to h2-15 ensure all interop are on the same version and working. Java and go are not ready for h2-16 yet. Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Add config to bring echo server in []. This is used to test production GFE as its bckend. Change on 2014/12/03 by chenw <chenw@google.com> ------------- In preparation for fixing shutdown race issues, change em to take ownership of the file descriptor. Add an API to grpc_tcp to take an already created grpc_em_fd object, and change tcp_client to use that API. This is needed because otherwise an em user's close() of the file descriptor may race with libevent internals. That's not an issue yet because destroy() frees the events inline, but that can't be done safely if there is a concurrent poller. Change on 2014/12/03 by klempner <klempner@google.com> ------------- Fixing TAP opensource build We don't want to compile and run C++ tests in the C target. Change on 2014/12/03 by nnoble <nnoble@google.com> ------------- Move and separate interop tests by languages. Small fixes to the test runner. Improving logging. Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Fixing the opensource build: -) The C/C++ split wasn't done up to the 'dep' target level -) The alpn.c file was missing from build.json Change on 2014/12/03 by nnoble <nnoble@google.com> ------------- Adding blue print files after projects exist Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Refactor StreamContext using the new completion_queue_pluck API. The dedicated the poller thread has been removed. This CL keeps the current behavior to make it short. There is one following to make it usable for both client and server. The tags for pluck is based on the address of this StreamContext object for potential debug use. The Read/Write and Wait cannot be called concurrently now and this might need to be fixed. Change on 2014/12/03 by yangg <yangg@google.com> ------------- Binary encoding utilities. Support base64 encoding, HPACK static huffman encoding, and doing both at once. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Enforce Makefile regeneration in presubmits. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Make CloseSend() send a real zero-length control message to indicate EOS. Change on 2014/12/03 by zhaoq <zhaoq@google.com> ------------- Prefer to create dualstack sockets for TCP clients and servers, with automatic fallback for environments where IPV6_V6ONLY can't be turned off. Change on 2014/12/03 by pmarks <pmarks@google.com> ------------- Add opensource path to build targets. Ensure that MOE is going to run. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Add PingPong test case. Delete FullDuplex test case. The latter is not specified for client in https://docs.google.com/document/d/1dwrPpIu5EqiKVsquZfoOqTj7vP8fa1i49gornJo50Qw/edit# Change on 2014/12/03 by chenw <chenw@google.com> ------------- Make generate_projects.sh check out the generated targets. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- rspec cleanup - stops declaring specs within the GRPC module - splits Bidi streaming specs into a separate test suite adding tests in the GRPC module was a mistake, it pollutes the module and can affect other tests that run later by the test runner the bidi tests are currently flaky, having them run in their own test suite allows having two separate continuous builds (once ruby gRPC is on GitHub), one that includes bidi where we tolerate flakiness, and another that does not, where there should be no flakiness at all Change on 2014/12/03 by temiola <temiola@google.com> ------------- Adding support for composite and IAM credentials. - For now, we don't do any checks on credentials compatibility in the composite credentials. Maybe we'll add that later. - Refactored the end to end security tests so that we always use the public API (except for the fake security context which is not exposed). Change on 2014/12/03 by jboeuf <jboeuf@google.com> ------------- Make GPR library buildable in Visual Studio 2013. Change on 2014/12/04 by jtattermusch <jtattermusch@google.com> ------------- Adds codegen for ruby This is being added now that ruby's proto and grpc apis are defined and stable Change on 2014/12/04 by temiola <temiola@google.com> ------------- Prevent NewStream() from sending negative or 0 timeout. Change on 2014/12/04 by zhaoq <zhaoq@google.com> ------------- Add a grpc_sockaddr_to_string() function, and use it when logging bind failures. Also improve const-correctness in some earlier code. I'm not certain whether inet_ntop() will need any platform-specific implementations, but for now the compiler offers no complaints. Demo: $ []-bin/net/grpc/c/echo_server 1.2.3.4:80 ... tcp_server.c:139] bind addr=[::ffff:1.2.3.4]:80: Permission denied Change on 2014/12/04 by pmarks <pmarks@google.com> ------------- Refactoring - moves c wrapped classes to a submodule Google::RPC::Core - this allows for an explicit rule when reading through gRPC ruby code for telling when an object is pure ruby or wrapped C Change on 2014/12/04 by temiola <temiola@google.com> ------------- Fixes the bidi_call [] Change on 2014/12/04 by temiola <temiola@google.com> ------------- Fixing dev build when activating surface traces. Change on 2014/12/04 by nnoble <nnoble@google.com> ------------- Updates the tests to reflect that fact that some Credentials compose works. Change on 2014/12/04 by temiola <temiola@google.com> ------------- Making the generate_project_test actually do something. Change on 2014/12/04 by nnoble <nnoble@google.com> ------------- Rename "esf_server" to "[]4_server". Delete "test_sever" from Java directory. Change on 2014/12/04 by chenw <chenw@google.com> ------------- Added PHP client interop tests. Tested large_unary against the C++ server. Change on 2014/12/04 by mlumish <mlumish@google.com> ------------- Refactor grpc_create_dualstack_socket() by pulling the setsockopt into its own function. This separates the magic test flag from the real fallback logic. Change on 2014/12/04 by pmarks <pmarks@google.com> ------------- Fixes the type of the constant used for test cert hostname Change on 2014/12/04 by temiola <temiola@google.com> ------------- Disabling these tests as they're causing flakiness. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Change intptr --> uintptr. Handles the case where a void* turns into a negative number, which then gets hashed into a negative bucket and segfaults. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Add a test fixture to force parsers to handle one byte at a time. This should expand coverage and hopefully prevent errors at some point (it seems to pass out of the box for now though). Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- The code generator isn't +x. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Updates math_client and math_server to allow construction using crednetials By: - Extending rpc_server constructor so that it takes a credentials keyword param - Extending client_stub constructor so that it takes a credentials keyword param Change on 2014/12/04 by temiola <temiola@google.com> ------------- Format output a little more nicely. Print each line of output separately - previously logging.info was truncating this at some maximum length, and logs were getting lost. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Up timeout for this test. Under TSAN, if we process one byte at a time, this timeout can be reached - and I think this is the cause of the following flake: [] Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Adding more error logging for ssl. Change on 2014/12/05 by jboeuf <jboeuf@google.com> ------------- Read path for goaway. Still need to add hooks to deprecate a channel on the client side when goaway is received. Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Separate accept() into server_accept() and server_end_of_initial_metadata(). This allows servers to initiate reads before finishing writing metadata. Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Fix for breakage 11512317 - adding missing test files. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- grpc c++ server side streaming support. This is based on [] There is a lot of room to clean up the internal implementation which may require refactoring of CompletionQueue. The current cl serves as a working implementation with the missing interfaces. The sample generated files are included and will be removed before submitting. Change on 2014/12/05 by yangg <yangg@google.com> ------------- Changed to the latest timeout format again (search "grpc-timeout" in [] for the spec). Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Fixing opensource build. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Making absolutely sure we can do the moe export by adding a sh_test for it. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Change :scheme psuedo-header from "grpc" to "http" or "https". Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Add server credential wrapping for c++ server. It only wraps ssl and []2 for now. The ServerCredentials class and the factory class are in a similar fashion as client side wrapping. The difference is the factory method returns shared_ptr instead of unique_ptr as the server builder needs to keep a reference to it for actually creating the server later. The integration will happen in a following cl. Change on 2014/12/05 by yangg <yangg@google.com> ------------- Fixed bugs in new_grpc_docker_builder.sh Change on 2014/12/05 by mlumish <mlumish@google.com> ------------- In secure endpoint, hold a refcount for the life of a write callback if the write does not complete immediately. Change on 2014/12/05 by klempner <klempner@google.com> ------------- Add migration support to MOE and have TAP verify it doesn't break. Migration support allows mirroring commits from [] into the git repo, instead of just a dump of the current source. Change on 2014/12/05 by ejona <ejona@google.com> ------------- Change initial window size to 65535 according http2 draft 15. Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Re-enable the flaky cases in dualstack_socket_test, with additional logging to help track down the problem if it surfaces again. This also seems like a good opportunity to make grpc_socket_utils a separate library, as it's not really specific to TCP. Example output: logspam: [], 26570) resolved 2 addrs in 37ms: logspam: [0] [::1]:26570 logspam: [1] 127.0.0.1:26570 Change on 2014/12/05 by pmarks <pmarks@google.com> ------------- Opensource build fixes. -) A function that has a return type should actually return something. -) Don't pass unsigned chars to strlen and strncmp. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Created by MOE: http://code.google.com/p/moe-java MOE_MIGRATED_REVID=81458281
10 years ago
/* This JSON key was generated with the GCE console and revoked immediately.
The identifiers have been changed as well.
Maximum size for a string literal is 509 chars in C89, yay! */
static const char test_json_key_str_part1[] =
"{ \"private_key\": \"-----BEGIN PRIVATE KEY-----"
"\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE"
"qg"
"WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/"
"rWBQvS4hle4LfijkP3J5BG+"
"IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+"
"uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/"
"zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/"
"8HpCqFYM9V8f34SBWfD4fRFT+n/"
"73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+";
static const char test_json_key_str_part2[] =
"53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+"
"dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/"
"XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA"
"G"
"W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz"
"A"
"ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+"
"6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/"
"5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ"
"Y"
"Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", ";
static const char test_json_key_str_part3[] =
"\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
"\"client_email\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
"com\", \"client_id\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
"com\", \"type\": \"service_account\" }";
/* Test refresh token. */
static const char test_refresh_token_str[] =
"{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
" \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
" \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
" \"type\": \"authorized_user\"}";
static const char valid_oauth2_json_response[] =
"{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\","
" \"expires_in\":3599, "
" \"token_type\":\"Bearer\"}";
static const char valid_sts_json_response[] =
"{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\","
" \"expires_in\":3599, "
" \"issued_token_type\":\"urn:ietf:params:oauth:token-type:access_token\", "
" \"token_type\":\"Bearer\"}";
static const char test_scope[] = "perm1 perm2";
static const char test_signed_jwt[] =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImY0OTRkN2M1YWU2MGRmOTcyNmM4YW"
"U0MDcyZTViYTdmZDkwODg2YzcifQ";
static const char test_signed_jwt_token_type[] =
"urn:ietf:params:oauth:token-type:id_token";
static const char test_signed_jwt_path_prefix[] = "test_sign_jwt";
static const char test_service_url[] = "https://foo.com/foo.v1";
static const char other_test_service_url[] = "https://bar.com/bar.v1";
static const char test_sts_endpoint_url[] =
"https://foo.com:5555/v1/token-exchange";
static const char test_method[] = "ThisIsNotAMethod";
/* -- Global state flags. -- */
static bool g_test_is_on_gce = false;
static bool g_test_gce_tenancy_checker_called = false;
/* -- Utils. -- */
static char* test_json_key_str(void) {
size_t result_len = strlen(test_json_key_str_part1) +
strlen(test_json_key_str_part2) +
strlen(test_json_key_str_part3);
7 years ago
char* result = static_cast<char*>(gpr_malloc(result_len + 1));
char* current = result;
strcpy(result, test_json_key_str_part1);
current += strlen(test_json_key_str_part1);
strcpy(current, test_json_key_str_part2);
current += strlen(test_json_key_str_part2);
strcpy(current, test_json_key_str_part3);
return result;
}
static grpc_httpcli_response http_response(int status, const char* body) {
10 years ago
grpc_httpcli_response response;
response = {};
10 years ago
response.status = status;
response.body = gpr_strdup(const_cast<char*>(body));
response.body_length = strlen(body);
10 years ago
return response;
}
/* -- Tests. -- */
static void test_empty_md_array(void) {
grpc_core::ExecCtx exec_ctx;
grpc_credentials_mdelem_array md_array;
md_array = {};
GPR_ASSERT(md_array.md == nullptr);
GPR_ASSERT(md_array.size == 0);
grpc_credentials_mdelem_array_destroy(&md_array);
}
static void test_add_to_empty_md_array(void) {
grpc_core::ExecCtx exec_ctx;
grpc_credentials_mdelem_array md_array;
md_array = {};
const char* key = "hello";
const char* value = "there blah blah blah blah blah blah blah";
grpc_mdelem md = grpc_mdelem_from_slices(
grpc_slice_from_copied_string(key), grpc_slice_from_copied_string(value));
grpc_credentials_mdelem_array_add(&md_array, md);
GPR_ASSERT(md_array.size == 1);
GPR_ASSERT(grpc_mdelem_eq(md, md_array.md[0]));
GRPC_MDELEM_UNREF(md);
grpc_credentials_mdelem_array_destroy(&md_array);
}
static void test_add_abunch_to_md_array(void) {
grpc_core::ExecCtx exec_ctx;
grpc_credentials_mdelem_array md_array;
md_array = {};
const char* key = "hello";
const char* value = "there blah blah blah blah blah blah blah";
grpc_mdelem md = grpc_mdelem_from_slices(
grpc_slice_from_copied_string(key), grpc_slice_from_copied_string(value));
size_t num_entries = 1000;
for (size_t i = 0; i < num_entries; ++i) {
grpc_credentials_mdelem_array_add(&md_array, md);
}
for (size_t i = 0; i < num_entries; ++i) {
GPR_ASSERT(grpc_mdelem_eq(md_array.md[i], md));
}
GRPC_MDELEM_UNREF(md);
grpc_credentials_mdelem_array_destroy(&md_array);
}
static void test_oauth2_token_fetcher_creds_parsing_ok(void) {
grpc_core::ExecCtx exec_ctx;
grpc_mdelem token_md = GRPC_MDNULL;
7 years ago
grpc_millis token_lifetime;
grpc_httpcli_response response =
http_response(200, valid_oauth2_json_response);
GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response(
&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_OK);
7 years ago
GPR_ASSERT(token_lifetime == 3599 * GPR_MS_PER_SEC);
GPR_ASSERT(grpc_slice_str_cmp(GRPC_MDKEY(token_md), "authorization") == 0);
GPR_ASSERT(grpc_slice_str_cmp(GRPC_MDVALUE(token_md),
8 years ago
"Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_") ==
0);
GRPC_MDELEM_UNREF(token_md);
grpc_http_response_destroy(&response);
}
static void test_oauth2_token_fetcher_creds_parsing_bad_http_status(void) {
grpc_core::ExecCtx exec_ctx;
grpc_mdelem token_md = GRPC_MDNULL;
7 years ago
grpc_millis token_lifetime;
grpc_httpcli_response response =
http_response(401, valid_oauth2_json_response);
GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response(
&response, &token_md, &token_lifetime) ==
GRPC_CREDENTIALS_ERROR);
grpc_http_response_destroy(&response);
10 years ago
}
static void test_oauth2_token_fetcher_creds_parsing_empty_http_body(void) {
grpc_core::ExecCtx exec_ctx;
grpc_mdelem token_md = GRPC_MDNULL;
7 years ago
grpc_millis token_lifetime;
grpc_httpcli_response response = http_response(200, "");
GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response(
&response, &token_md, &token_lifetime) ==
GRPC_CREDENTIALS_ERROR);
grpc_http_response_destroy(&response);
10 years ago
}
static void test_oauth2_token_fetcher_creds_parsing_invalid_json(void) {
grpc_core::ExecCtx exec_ctx;
grpc_mdelem token_md = GRPC_MDNULL;
7 years ago
grpc_millis token_lifetime;
grpc_httpcli_response response =
http_response(200,
"{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\","
" \"expires_in\":3599, "
" \"token_type\":\"Bearer\"");
GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response(
&response, &token_md, &token_lifetime) ==
GRPC_CREDENTIALS_ERROR);
grpc_http_response_destroy(&response);
10 years ago
}
static void test_oauth2_token_fetcher_creds_parsing_missing_token(void) {
grpc_core::ExecCtx exec_ctx;
grpc_mdelem token_md = GRPC_MDNULL;
7 years ago
grpc_millis token_lifetime;
grpc_httpcli_response response = http_response(200,
"{"
" \"expires_in\":3599, "
" \"token_type\":\"Bearer\"}");
GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response(
&response, &token_md, &token_lifetime) ==
GRPC_CREDENTIALS_ERROR);
grpc_http_response_destroy(&response);
10 years ago
}
static void test_oauth2_token_fetcher_creds_parsing_missing_token_type(void) {
grpc_core::ExecCtx exec_ctx;
grpc_mdelem token_md = GRPC_MDNULL;
7 years ago
grpc_millis token_lifetime;
grpc_httpcli_response response =
http_response(200,
"{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\","
" \"expires_in\":3599, "
"}");
GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response(
&response, &token_md, &token_lifetime) ==
GRPC_CREDENTIALS_ERROR);
grpc_http_response_destroy(&response);
}
static void test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime(
void) {
grpc_core::ExecCtx exec_ctx;
grpc_mdelem token_md = GRPC_MDNULL;
7 years ago
grpc_millis token_lifetime;
grpc_httpcli_response response =
http_response(200,
"{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\","
" \"token_type\":\"Bearer\"}");
GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response(
&response, &token_md, &token_lifetime) ==
GRPC_CREDENTIALS_ERROR);
grpc_http_response_destroy(&response);
10 years ago
}
typedef struct {
const char* key;
const char* value;
} expected_md;
typedef struct {
grpc_error* expected_error;
const expected_md* expected;
size_t expected_size;
grpc_credentials_mdelem_array md_array;
grpc_closure on_request_metadata;
grpc_call_credentials* creds;
grpc_polling_entity pollent;
} request_metadata_state;
static void check_metadata(const expected_md* expected,
grpc_credentials_mdelem_array* md_array) {
for (size_t i = 0; i < md_array->size; ++i) {
size_t j;
for (j = 0; j < md_array->size; ++j) {
if (0 ==
grpc_slice_str_cmp(GRPC_MDKEY(md_array->md[j]), expected[i].key)) {
GPR_ASSERT(grpc_slice_str_cmp(GRPC_MDVALUE(md_array->md[j]),
expected[i].value) == 0);
break;
}
}
if (j == md_array->size) {
gpr_log(GPR_ERROR, "key %s not found", expected[i].key);
GPR_ASSERT(0);
Updating moe_db.txt with the latest equivalence since the ruby import changed the exported structure. Change on 2014/12/01 by nnoble <nnoble@google.com> ------------- new [] file for grpc testing. Change on 2014/12/02 by donnadionne <donnadionne@google.com> ------------- Fix unfinished calls in thread_stress_test. Previously we had an early return if we cancelled a stream part way through a message. Correct this, so that half close and full close signals are propagated up the stack correctly so that higher level state machines can see the termination. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Remove dependency on internal C code. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Turn off the flaky bit from thread_stress_test. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Add test cases of empty request/response, request streaming, response streaming, and half duplex streaming. Bring up the GFE/ESF for mannual test: [] build java/com/google/net/[]/testing/integration/hexa:server_components_env []-bin/java/com/google/net/[]/testing/integration/hexa/server_components_env --manual --rpc_port=25000 --use_autobahn Change on 2014/12/02 by chenw <chenw@google.com> ------------- Make echo/server.c and fling/server.c shutdown cleanly on SIGINT, and update the relevant tests to exercise this mechanism. Now "[] coverage" and the memory leak detector are able to see into the server processes. Change on 2014/12/02 by pmarks <pmarks@google.com> ------------- Allow the # of channels to be configurable in this performance test. The threads will use the channels in statically-defined round-robin order (not based on when RPCs complete on any channel). The interesting cases are #channels=1 or #channels=#threads (we previously only had the latter case) Change on 2014/12/02 by vpai <vpai@google.com> ------------- Fixed a typo and reworded a comment. Change on 2014/12/02 by gnezdo <gnezdo@google.com> ------------- Require the grpc_call in this ClientContext to be NULL before allowing set_call to be invoked. Otherwise, it's an indication of a leak somewhere. Change on 2014/12/02 by vpai <vpai@google.com> ------------- Correctly return status other than ok and add a test for it. Change on 2014/12/02 by yangg <yangg@google.com> ------------- Better C++ guards for grpc_security.h Change on 2014/12/02 by nnoble <nnoble@google.com> ------------- Use nullptr instead of NULL for consistency. Change on 2014/12/02 by vpai <vpai@google.com> ------------- Updates the ruby gRPC service class to require the serialization method to be a static method - this brings it inline with the proto3 ruby API - it adds a monkey patch to allow existing proto (beefcake) to continue working. Change on 2014/12/02 by temiola <temiola@google.com> ------------- Adding a buildable unit to the blue print file. Added the buildable unit as its name will be usesd as tap project id. This test will fail right away in tap until tests are actually added. Change on 2014/12/02 by donnadionne <donnadionne@google.com> ------------- Move interop ESF C++ server from Java to grpc directory. Tests passed: [] test javatests/com/google/net/[]/testing/integration/hexa/... [] test net/grpc/testing/interop/esf_server/... Change on 2014/12/02 by chenw <chenw@google.com> ------------- Return a lame channel as opposed to NULL when secure channel creation fails. - Looks like we're going to need something similar server-side. - I changed the prototype of the lame client channel factory to take an explicit void as I think this is better practice in C. Let me know if you disagree and I will revert these changes. Change on 2014/12/02 by jboeuf <jboeuf@google.com> ------------- Putting ALPN support where it belongs. Change on 2014/12/02 by jboeuf <jboeuf@google.com> ------------- GOAWAY send path. Sends a GOAWAY frame when shutting down. This is not read and understood yet. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Adds support for secure channels and servers. - wraps new C apis (credentials, server_credentials) and Server#add_secure_http_port - adds tests to ensure credentials and server credentials can be created - updates client_server_spec to run the client_server wrapper layer end-to-end tests using a secure channel Change on 2014/12/03 by temiola <temiola@google.com> ------------- Fix existing issues regarding out of order events. At the client side, using pluck as the client_metadata_read can happen anytime after invoke. At the server side, allow halfclose_ok and rpc_end to come in reverse order. Change on 2014/12/03 by yangg <yangg@google.com> ------------- Don't track coverage of tests. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Change UnaryCall to conform standard test requirement of LargeUnaryCall. Change on 2014/12/03 by yangg <yangg@google.com> ------------- updating alpn version to h2-15 ensure all interop are on the same version and working. Java and go are not ready for h2-16 yet. Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Add config to bring echo server in []. This is used to test production GFE as its bckend. Change on 2014/12/03 by chenw <chenw@google.com> ------------- In preparation for fixing shutdown race issues, change em to take ownership of the file descriptor. Add an API to grpc_tcp to take an already created grpc_em_fd object, and change tcp_client to use that API. This is needed because otherwise an em user's close() of the file descriptor may race with libevent internals. That's not an issue yet because destroy() frees the events inline, but that can't be done safely if there is a concurrent poller. Change on 2014/12/03 by klempner <klempner@google.com> ------------- Fixing TAP opensource build We don't want to compile and run C++ tests in the C target. Change on 2014/12/03 by nnoble <nnoble@google.com> ------------- Move and separate interop tests by languages. Small fixes to the test runner. Improving logging. Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Fixing the opensource build: -) The C/C++ split wasn't done up to the 'dep' target level -) The alpn.c file was missing from build.json Change on 2014/12/03 by nnoble <nnoble@google.com> ------------- Adding blue print files after projects exist Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Refactor StreamContext using the new completion_queue_pluck API. The dedicated the poller thread has been removed. This CL keeps the current behavior to make it short. There is one following to make it usable for both client and server. The tags for pluck is based on the address of this StreamContext object for potential debug use. The Read/Write and Wait cannot be called concurrently now and this might need to be fixed. Change on 2014/12/03 by yangg <yangg@google.com> ------------- Binary encoding utilities. Support base64 encoding, HPACK static huffman encoding, and doing both at once. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Enforce Makefile regeneration in presubmits. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Make CloseSend() send a real zero-length control message to indicate EOS. Change on 2014/12/03 by zhaoq <zhaoq@google.com> ------------- Prefer to create dualstack sockets for TCP clients and servers, with automatic fallback for environments where IPV6_V6ONLY can't be turned off. Change on 2014/12/03 by pmarks <pmarks@google.com> ------------- Add opensource path to build targets. Ensure that MOE is going to run. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Add PingPong test case. Delete FullDuplex test case. The latter is not specified for client in https://docs.google.com/document/d/1dwrPpIu5EqiKVsquZfoOqTj7vP8fa1i49gornJo50Qw/edit# Change on 2014/12/03 by chenw <chenw@google.com> ------------- Make generate_projects.sh check out the generated targets. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- rspec cleanup - stops declaring specs within the GRPC module - splits Bidi streaming specs into a separate test suite adding tests in the GRPC module was a mistake, it pollutes the module and can affect other tests that run later by the test runner the bidi tests are currently flaky, having them run in their own test suite allows having two separate continuous builds (once ruby gRPC is on GitHub), one that includes bidi where we tolerate flakiness, and another that does not, where there should be no flakiness at all Change on 2014/12/03 by temiola <temiola@google.com> ------------- Adding support for composite and IAM credentials. - For now, we don't do any checks on credentials compatibility in the composite credentials. Maybe we'll add that later. - Refactored the end to end security tests so that we always use the public API (except for the fake security context which is not exposed). Change on 2014/12/03 by jboeuf <jboeuf@google.com> ------------- Make GPR library buildable in Visual Studio 2013. Change on 2014/12/04 by jtattermusch <jtattermusch@google.com> ------------- Adds codegen for ruby This is being added now that ruby's proto and grpc apis are defined and stable Change on 2014/12/04 by temiola <temiola@google.com> ------------- Prevent NewStream() from sending negative or 0 timeout. Change on 2014/12/04 by zhaoq <zhaoq@google.com> ------------- Add a grpc_sockaddr_to_string() function, and use it when logging bind failures. Also improve const-correctness in some earlier code. I'm not certain whether inet_ntop() will need any platform-specific implementations, but for now the compiler offers no complaints. Demo: $ []-bin/net/grpc/c/echo_server 1.2.3.4:80 ... tcp_server.c:139] bind addr=[::ffff:1.2.3.4]:80: Permission denied Change on 2014/12/04 by pmarks <pmarks@google.com> ------------- Refactoring - moves c wrapped classes to a submodule Google::RPC::Core - this allows for an explicit rule when reading through gRPC ruby code for telling when an object is pure ruby or wrapped C Change on 2014/12/04 by temiola <temiola@google.com> ------------- Fixes the bidi_call [] Change on 2014/12/04 by temiola <temiola@google.com> ------------- Fixing dev build when activating surface traces. Change on 2014/12/04 by nnoble <nnoble@google.com> ------------- Updates the tests to reflect that fact that some Credentials compose works. Change on 2014/12/04 by temiola <temiola@google.com> ------------- Making the generate_project_test actually do something. Change on 2014/12/04 by nnoble <nnoble@google.com> ------------- Rename "esf_server" to "[]4_server". Delete "test_sever" from Java directory. Change on 2014/12/04 by chenw <chenw@google.com> ------------- Added PHP client interop tests. Tested large_unary against the C++ server. Change on 2014/12/04 by mlumish <mlumish@google.com> ------------- Refactor grpc_create_dualstack_socket() by pulling the setsockopt into its own function. This separates the magic test flag from the real fallback logic. Change on 2014/12/04 by pmarks <pmarks@google.com> ------------- Fixes the type of the constant used for test cert hostname Change on 2014/12/04 by temiola <temiola@google.com> ------------- Disabling these tests as they're causing flakiness. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Change intptr --> uintptr. Handles the case where a void* turns into a negative number, which then gets hashed into a negative bucket and segfaults. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Add a test fixture to force parsers to handle one byte at a time. This should expand coverage and hopefully prevent errors at some point (it seems to pass out of the box for now though). Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- The code generator isn't +x. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Updates math_client and math_server to allow construction using crednetials By: - Extending rpc_server constructor so that it takes a credentials keyword param - Extending client_stub constructor so that it takes a credentials keyword param Change on 2014/12/04 by temiola <temiola@google.com> ------------- Format output a little more nicely. Print each line of output separately - previously logging.info was truncating this at some maximum length, and logs were getting lost. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Up timeout for this test. Under TSAN, if we process one byte at a time, this timeout can be reached - and I think this is the cause of the following flake: [] Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Adding more error logging for ssl. Change on 2014/12/05 by jboeuf <jboeuf@google.com> ------------- Read path for goaway. Still need to add hooks to deprecate a channel on the client side when goaway is received. Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Separate accept() into server_accept() and server_end_of_initial_metadata(). This allows servers to initiate reads before finishing writing metadata. Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Fix for breakage 11512317 - adding missing test files. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- grpc c++ server side streaming support. This is based on [] There is a lot of room to clean up the internal implementation which may require refactoring of CompletionQueue. The current cl serves as a working implementation with the missing interfaces. The sample generated files are included and will be removed before submitting. Change on 2014/12/05 by yangg <yangg@google.com> ------------- Changed to the latest timeout format again (search "grpc-timeout" in [] for the spec). Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Fixing opensource build. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Making absolutely sure we can do the moe export by adding a sh_test for it. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Change :scheme psuedo-header from "grpc" to "http" or "https". Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Add server credential wrapping for c++ server. It only wraps ssl and []2 for now. The ServerCredentials class and the factory class are in a similar fashion as client side wrapping. The difference is the factory method returns shared_ptr instead of unique_ptr as the server builder needs to keep a reference to it for actually creating the server later. The integration will happen in a following cl. Change on 2014/12/05 by yangg <yangg@google.com> ------------- Fixed bugs in new_grpc_docker_builder.sh Change on 2014/12/05 by mlumish <mlumish@google.com> ------------- In secure endpoint, hold a refcount for the life of a write callback if the write does not complete immediately. Change on 2014/12/05 by klempner <klempner@google.com> ------------- Add migration support to MOE and have TAP verify it doesn't break. Migration support allows mirroring commits from [] into the git repo, instead of just a dump of the current source. Change on 2014/12/05 by ejona <ejona@google.com> ------------- Change initial window size to 65535 according http2 draft 15. Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Re-enable the flaky cases in dualstack_socket_test, with additional logging to help track down the problem if it surfaces again. This also seems like a good opportunity to make grpc_socket_utils a separate library, as it's not really specific to TCP. Example output: logspam: [], 26570) resolved 2 addrs in 37ms: logspam: [0] [::1]:26570 logspam: [1] 127.0.0.1:26570 Change on 2014/12/05 by pmarks <pmarks@google.com> ------------- Opensource build fixes. -) A function that has a return type should actually return something. -) Don't pass unsigned chars to strlen and strncmp. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Created by MOE: http://code.google.com/p/moe-java MOE_MIGRATED_REVID=81458281
10 years ago
}
}
}
static void check_request_metadata(void* arg, grpc_error* error) {
request_metadata_state* state = static_cast<request_metadata_state*>(arg);
gpr_log(GPR_INFO, "expected_error: %s",
grpc_error_string(state->expected_error));
gpr_log(GPR_INFO, "actual_error: %s", grpc_error_string(error));
if (state->expected_error == GRPC_ERROR_NONE) {
GPR_ASSERT(error == GRPC_ERROR_NONE);
} else {
grpc_slice expected_error;
GPR_ASSERT(grpc_error_get_str(state->expected_error,
GRPC_ERROR_STR_DESCRIPTION, &expected_error));
grpc_slice actual_error;
GPR_ASSERT(
grpc_error_get_str(error, GRPC_ERROR_STR_DESCRIPTION, &actual_error));
GPR_ASSERT(grpc_slice_cmp(expected_error, actual_error) == 0);
GRPC_ERROR_UNREF(state->expected_error);
}
gpr_log(GPR_INFO, "expected_size=%" PRIdPTR " actual_size=%" PRIdPTR,
state->expected_size, state->md_array.size);
GPR_ASSERT(state->md_array.size == state->expected_size);
check_metadata(state->expected, &state->md_array);
grpc_credentials_mdelem_array_destroy(&state->md_array);
grpc_pollset_set_destroy(grpc_polling_entity_pollset_set(&state->pollent));
gpr_free(state);
}
static request_metadata_state* make_request_metadata_state(
grpc_error* expected_error, const expected_md* expected,
size_t expected_size) {
7 years ago
request_metadata_state* state =
static_cast<request_metadata_state*>(gpr_zalloc(sizeof(*state)));
state->expected_error = expected_error;
state->expected = expected;
state->expected_size = expected_size;
state->pollent =
grpc_polling_entity_create_from_pollset_set(grpc_pollset_set_create());
GRPC_CLOSURE_INIT(&state->on_request_metadata, check_request_metadata, state,
grpc_schedule_on_exec_ctx);
return state;
}
static void run_request_metadata_test(grpc_call_credentials* creds,
grpc_auth_metadata_context auth_md_ctx,
request_metadata_state* state) {
grpc_error* error = GRPC_ERROR_NONE;
if (creds->get_request_metadata(&state->pollent, auth_md_ctx,
&state->md_array, &state->on_request_metadata,
&error)) {
// Synchronous result. Invoke the callback directly.
check_request_metadata(state, error);
GRPC_ERROR_UNREF(error);
}
}
static void test_google_iam_creds(void) {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {{GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
test_google_iam_authorization_token},
{GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
test_google_iam_authority_selector}};
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_call_credentials* creds = grpc_google_iam_credentials_create(
test_google_iam_authorization_token, test_google_iam_authority_selector,
nullptr);
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
run_request_metadata_test(creds, auth_md_ctx, state);
creds->Unref();
}
static void test_access_token_creds(void) {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {{GRPC_AUTHORIZATION_METADATA_KEY, "Bearer blah"}};
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_call_credentials* creds =
grpc_access_token_credentials_create("blah", nullptr);
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
GPR_ASSERT(strcmp(creds->type(), GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) == 0);
run_request_metadata_test(creds, auth_md_ctx, state);
creds->Unref();
}
namespace {
class check_channel_oauth2 final : public grpc_channel_credentials {
public:
check_channel_oauth2() : grpc_channel_credentials("mock") {}
~check_channel_oauth2() override = default;
grpc_core::RefCountedPtr<grpc_channel_security_connector>
create_security_connector(
grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
const char* /*target*/, const grpc_channel_args* /*args*/,
grpc_channel_args** /*new_args*/) override {
GPR_ASSERT(strcmp(type(), "mock") == 0);
GPR_ASSERT(call_creds != nullptr);
GPR_ASSERT(strcmp(call_creds->type(), GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) ==
0);
return nullptr;
}
};
} // namespace
static void test_channel_oauth2_composite_creds(void) {
grpc_core::ExecCtx exec_ctx;
grpc_channel_args* new_args;
grpc_channel_credentials* channel_creds = new check_channel_oauth2();
grpc_call_credentials* oauth2_creds =
grpc_access_token_credentials_create("blah", nullptr);
grpc_channel_credentials* channel_oauth2_creds =
grpc_composite_channel_credentials_create(channel_creds, oauth2_creds,
nullptr);
grpc_channel_credentials_release(channel_creds);
grpc_call_credentials_release(oauth2_creds);
channel_oauth2_creds->create_security_connector(nullptr, nullptr, nullptr,
&new_args);
grpc_channel_credentials_release(channel_oauth2_creds);
}
static void test_oauth2_google_iam_composite_creds(void) {
grpc_core::ExecCtx exec_ctx;
Updating moe_db.txt with the latest equivalence since the ruby import changed the exported structure. Change on 2014/12/01 by nnoble <nnoble@google.com> ------------- new [] file for grpc testing. Change on 2014/12/02 by donnadionne <donnadionne@google.com> ------------- Fix unfinished calls in thread_stress_test. Previously we had an early return if we cancelled a stream part way through a message. Correct this, so that half close and full close signals are propagated up the stack correctly so that higher level state machines can see the termination. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Remove dependency on internal C code. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Turn off the flaky bit from thread_stress_test. Change on 2014/12/02 by ctiller <ctiller@google.com> ------------- Add test cases of empty request/response, request streaming, response streaming, and half duplex streaming. Bring up the GFE/ESF for mannual test: [] build java/com/google/net/[]/testing/integration/hexa:server_components_env []-bin/java/com/google/net/[]/testing/integration/hexa/server_components_env --manual --rpc_port=25000 --use_autobahn Change on 2014/12/02 by chenw <chenw@google.com> ------------- Make echo/server.c and fling/server.c shutdown cleanly on SIGINT, and update the relevant tests to exercise this mechanism. Now "[] coverage" and the memory leak detector are able to see into the server processes. Change on 2014/12/02 by pmarks <pmarks@google.com> ------------- Allow the # of channels to be configurable in this performance test. The threads will use the channels in statically-defined round-robin order (not based on when RPCs complete on any channel). The interesting cases are #channels=1 or #channels=#threads (we previously only had the latter case) Change on 2014/12/02 by vpai <vpai@google.com> ------------- Fixed a typo and reworded a comment. Change on 2014/12/02 by gnezdo <gnezdo@google.com> ------------- Require the grpc_call in this ClientContext to be NULL before allowing set_call to be invoked. Otherwise, it's an indication of a leak somewhere. Change on 2014/12/02 by vpai <vpai@google.com> ------------- Correctly return status other than ok and add a test for it. Change on 2014/12/02 by yangg <yangg@google.com> ------------- Better C++ guards for grpc_security.h Change on 2014/12/02 by nnoble <nnoble@google.com> ------------- Use nullptr instead of NULL for consistency. Change on 2014/12/02 by vpai <vpai@google.com> ------------- Updates the ruby gRPC service class to require the serialization method to be a static method - this brings it inline with the proto3 ruby API - it adds a monkey patch to allow existing proto (beefcake) to continue working. Change on 2014/12/02 by temiola <temiola@google.com> ------------- Adding a buildable unit to the blue print file. Added the buildable unit as its name will be usesd as tap project id. This test will fail right away in tap until tests are actually added. Change on 2014/12/02 by donnadionne <donnadionne@google.com> ------------- Move interop ESF C++ server from Java to grpc directory. Tests passed: [] test javatests/com/google/net/[]/testing/integration/hexa/... [] test net/grpc/testing/interop/esf_server/... Change on 2014/12/02 by chenw <chenw@google.com> ------------- Return a lame channel as opposed to NULL when secure channel creation fails. - Looks like we're going to need something similar server-side. - I changed the prototype of the lame client channel factory to take an explicit void as I think this is better practice in C. Let me know if you disagree and I will revert these changes. Change on 2014/12/02 by jboeuf <jboeuf@google.com> ------------- Putting ALPN support where it belongs. Change on 2014/12/02 by jboeuf <jboeuf@google.com> ------------- GOAWAY send path. Sends a GOAWAY frame when shutting down. This is not read and understood yet. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Adds support for secure channels and servers. - wraps new C apis (credentials, server_credentials) and Server#add_secure_http_port - adds tests to ensure credentials and server credentials can be created - updates client_server_spec to run the client_server wrapper layer end-to-end tests using a secure channel Change on 2014/12/03 by temiola <temiola@google.com> ------------- Fix existing issues regarding out of order events. At the client side, using pluck as the client_metadata_read can happen anytime after invoke. At the server side, allow halfclose_ok and rpc_end to come in reverse order. Change on 2014/12/03 by yangg <yangg@google.com> ------------- Don't track coverage of tests. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Change UnaryCall to conform standard test requirement of LargeUnaryCall. Change on 2014/12/03 by yangg <yangg@google.com> ------------- updating alpn version to h2-15 ensure all interop are on the same version and working. Java and go are not ready for h2-16 yet. Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Add config to bring echo server in []. This is used to test production GFE as its bckend. Change on 2014/12/03 by chenw <chenw@google.com> ------------- In preparation for fixing shutdown race issues, change em to take ownership of the file descriptor. Add an API to grpc_tcp to take an already created grpc_em_fd object, and change tcp_client to use that API. This is needed because otherwise an em user's close() of the file descriptor may race with libevent internals. That's not an issue yet because destroy() frees the events inline, but that can't be done safely if there is a concurrent poller. Change on 2014/12/03 by klempner <klempner@google.com> ------------- Fixing TAP opensource build We don't want to compile and run C++ tests in the C target. Change on 2014/12/03 by nnoble <nnoble@google.com> ------------- Move and separate interop tests by languages. Small fixes to the test runner. Improving logging. Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Fixing the opensource build: -) The C/C++ split wasn't done up to the 'dep' target level -) The alpn.c file was missing from build.json Change on 2014/12/03 by nnoble <nnoble@google.com> ------------- Adding blue print files after projects exist Change on 2014/12/03 by donnadionne <donnadionne@google.com> ------------- Refactor StreamContext using the new completion_queue_pluck API. The dedicated the poller thread has been removed. This CL keeps the current behavior to make it short. There is one following to make it usable for both client and server. The tags for pluck is based on the address of this StreamContext object for potential debug use. The Read/Write and Wait cannot be called concurrently now and this might need to be fixed. Change on 2014/12/03 by yangg <yangg@google.com> ------------- Binary encoding utilities. Support base64 encoding, HPACK static huffman encoding, and doing both at once. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Enforce Makefile regeneration in presubmits. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Make CloseSend() send a real zero-length control message to indicate EOS. Change on 2014/12/03 by zhaoq <zhaoq@google.com> ------------- Prefer to create dualstack sockets for TCP clients and servers, with automatic fallback for environments where IPV6_V6ONLY can't be turned off. Change on 2014/12/03 by pmarks <pmarks@google.com> ------------- Add opensource path to build targets. Ensure that MOE is going to run. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- Add PingPong test case. Delete FullDuplex test case. The latter is not specified for client in https://docs.google.com/document/d/1dwrPpIu5EqiKVsquZfoOqTj7vP8fa1i49gornJo50Qw/edit# Change on 2014/12/03 by chenw <chenw@google.com> ------------- Make generate_projects.sh check out the generated targets. Change on 2014/12/03 by ctiller <ctiller@google.com> ------------- rspec cleanup - stops declaring specs within the GRPC module - splits Bidi streaming specs into a separate test suite adding tests in the GRPC module was a mistake, it pollutes the module and can affect other tests that run later by the test runner the bidi tests are currently flaky, having them run in their own test suite allows having two separate continuous builds (once ruby gRPC is on GitHub), one that includes bidi where we tolerate flakiness, and another that does not, where there should be no flakiness at all Change on 2014/12/03 by temiola <temiola@google.com> ------------- Adding support for composite and IAM credentials. - For now, we don't do any checks on credentials compatibility in the composite credentials. Maybe we'll add that later. - Refactored the end to end security tests so that we always use the public API (except for the fake security context which is not exposed). Change on 2014/12/03 by jboeuf <jboeuf@google.com> ------------- Make GPR library buildable in Visual Studio 2013. Change on 2014/12/04 by jtattermusch <jtattermusch@google.com> ------------- Adds codegen for ruby This is being added now that ruby's proto and grpc apis are defined and stable Change on 2014/12/04 by temiola <temiola@google.com> ------------- Prevent NewStream() from sending negative or 0 timeout. Change on 2014/12/04 by zhaoq <zhaoq@google.com> ------------- Add a grpc_sockaddr_to_string() function, and use it when logging bind failures. Also improve const-correctness in some earlier code. I'm not certain whether inet_ntop() will need any platform-specific implementations, but for now the compiler offers no complaints. Demo: $ []-bin/net/grpc/c/echo_server 1.2.3.4:80 ... tcp_server.c:139] bind addr=[::ffff:1.2.3.4]:80: Permission denied Change on 2014/12/04 by pmarks <pmarks@google.com> ------------- Refactoring - moves c wrapped classes to a submodule Google::RPC::Core - this allows for an explicit rule when reading through gRPC ruby code for telling when an object is pure ruby or wrapped C Change on 2014/12/04 by temiola <temiola@google.com> ------------- Fixes the bidi_call [] Change on 2014/12/04 by temiola <temiola@google.com> ------------- Fixing dev build when activating surface traces. Change on 2014/12/04 by nnoble <nnoble@google.com> ------------- Updates the tests to reflect that fact that some Credentials compose works. Change on 2014/12/04 by temiola <temiola@google.com> ------------- Making the generate_project_test actually do something. Change on 2014/12/04 by nnoble <nnoble@google.com> ------------- Rename "esf_server" to "[]4_server". Delete "test_sever" from Java directory. Change on 2014/12/04 by chenw <chenw@google.com> ------------- Added PHP client interop tests. Tested large_unary against the C++ server. Change on 2014/12/04 by mlumish <mlumish@google.com> ------------- Refactor grpc_create_dualstack_socket() by pulling the setsockopt into its own function. This separates the magic test flag from the real fallback logic. Change on 2014/12/04 by pmarks <pmarks@google.com> ------------- Fixes the type of the constant used for test cert hostname Change on 2014/12/04 by temiola <temiola@google.com> ------------- Disabling these tests as they're causing flakiness. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Change intptr --> uintptr. Handles the case where a void* turns into a negative number, which then gets hashed into a negative bucket and segfaults. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Add a test fixture to force parsers to handle one byte at a time. This should expand coverage and hopefully prevent errors at some point (it seems to pass out of the box for now though). Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- The code generator isn't +x. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Updates math_client and math_server to allow construction using crednetials By: - Extending rpc_server constructor so that it takes a credentials keyword param - Extending client_stub constructor so that it takes a credentials keyword param Change on 2014/12/04 by temiola <temiola@google.com> ------------- Format output a little more nicely. Print each line of output separately - previously logging.info was truncating this at some maximum length, and logs were getting lost. Change on 2014/12/04 by ctiller <ctiller@google.com> ------------- Up timeout for this test. Under TSAN, if we process one byte at a time, this timeout can be reached - and I think this is the cause of the following flake: [] Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Adding more error logging for ssl. Change on 2014/12/05 by jboeuf <jboeuf@google.com> ------------- Read path for goaway. Still need to add hooks to deprecate a channel on the client side when goaway is received. Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Separate accept() into server_accept() and server_end_of_initial_metadata(). This allows servers to initiate reads before finishing writing metadata. Change on 2014/12/05 by ctiller <ctiller@google.com> ------------- Fix for breakage 11512317 - adding missing test files. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- grpc c++ server side streaming support. This is based on [] There is a lot of room to clean up the internal implementation which may require refactoring of CompletionQueue. The current cl serves as a working implementation with the missing interfaces. The sample generated files are included and will be removed before submitting. Change on 2014/12/05 by yangg <yangg@google.com> ------------- Changed to the latest timeout format again (search "grpc-timeout" in [] for the spec). Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Fixing opensource build. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Making absolutely sure we can do the moe export by adding a sh_test for it. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Change :scheme psuedo-header from "grpc" to "http" or "https". Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Add server credential wrapping for c++ server. It only wraps ssl and []2 for now. The ServerCredentials class and the factory class are in a similar fashion as client side wrapping. The difference is the factory method returns shared_ptr instead of unique_ptr as the server builder needs to keep a reference to it for actually creating the server later. The integration will happen in a following cl. Change on 2014/12/05 by yangg <yangg@google.com> ------------- Fixed bugs in new_grpc_docker_builder.sh Change on 2014/12/05 by mlumish <mlumish@google.com> ------------- In secure endpoint, hold a refcount for the life of a write callback if the write does not complete immediately. Change on 2014/12/05 by klempner <klempner@google.com> ------------- Add migration support to MOE and have TAP verify it doesn't break. Migration support allows mirroring commits from [] into the git repo, instead of just a dump of the current source. Change on 2014/12/05 by ejona <ejona@google.com> ------------- Change initial window size to 65535 according http2 draft 15. Change on 2014/12/05 by zhaoq <zhaoq@google.com> ------------- Re-enable the flaky cases in dualstack_socket_test, with additional logging to help track down the problem if it surfaces again. This also seems like a good opportunity to make grpc_socket_utils a separate library, as it's not really specific to TCP. Example output: logspam: [], 26570) resolved 2 addrs in 37ms: logspam: [0] [::1]:26570 logspam: [1] 127.0.0.1:26570 Change on 2014/12/05 by pmarks <pmarks@google.com> ------------- Opensource build fixes. -) A function that has a return type should actually return something. -) Don't pass unsigned chars to strlen and strncmp. Change on 2014/12/05 by nnoble <nnoble@google.com> ------------- Created by MOE: http://code.google.com/p/moe-java MOE_MIGRATED_REVID=81458281
10 years ago
expected_md emd[] = {
{GRPC_AUTHORIZATION_METADATA_KEY, test_oauth2_bearer_token},
{GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
test_google_iam_authorization_token},
{GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
test_google_iam_authority_selector}};
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
grpc_call_credentials* oauth2_creds = grpc_md_only_test_credentials_create(
"authorization", test_oauth2_bearer_token, 0);
grpc_call_credentials* google_iam_creds = grpc_google_iam_credentials_create(
test_google_iam_authorization_token, test_google_iam_authority_selector,
nullptr);
grpc_call_credentials* composite_creds =
9 years ago
grpc_composite_call_credentials_create(oauth2_creds, google_iam_creds,
nullptr);
oauth2_creds->Unref();
google_iam_creds->Unref();
GPR_ASSERT(strcmp(composite_creds->type(),
GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
const grpc_composite_call_credentials::CallCredentialsList& creds_list =
static_cast<const grpc_composite_call_credentials*>(composite_creds)
->inner();
GPR_ASSERT(creds_list.size() == 2);
GPR_ASSERT(strcmp(creds_list[0]->type(), GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) ==
0);
GPR_ASSERT(strcmp(creds_list[1]->type(), GRPC_CALL_CREDENTIALS_TYPE_IAM) ==
0);
run_request_metadata_test(composite_creds, auth_md_ctx, state);
composite_creds->Unref();
}
namespace {
class check_channel_oauth2_google_iam final : public grpc_channel_credentials {
public:
check_channel_oauth2_google_iam() : grpc_channel_credentials("mock") {}
~check_channel_oauth2_google_iam() override = default;
grpc_core::RefCountedPtr<grpc_channel_security_connector>
create_security_connector(
grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
const char* /*target*/, const grpc_channel_args* /*args*/,
grpc_channel_args** /*new_args*/) override {
GPR_ASSERT(strcmp(type(), "mock") == 0);
GPR_ASSERT(call_creds != nullptr);
GPR_ASSERT(
strcmp(call_creds->type(), GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
const grpc_composite_call_credentials::CallCredentialsList& creds_list =
static_cast<const grpc_composite_call_credentials*>(call_creds.get())
->inner();
GPR_ASSERT(
strcmp(creds_list[0]->type(), GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) == 0);
GPR_ASSERT(strcmp(creds_list[1]->type(), GRPC_CALL_CREDENTIALS_TYPE_IAM) ==
0);
return nullptr;
}
};
} // namespace
static void test_channel_oauth2_google_iam_composite_creds(void) {
grpc_core::ExecCtx exec_ctx;
grpc_channel_args* new_args;
grpc_channel_credentials* channel_creds =
new check_channel_oauth2_google_iam();
grpc_call_credentials* oauth2_creds =
grpc_access_token_credentials_create("blah", nullptr);
grpc_channel_credentials* channel_oauth2_creds =
9 years ago
grpc_composite_channel_credentials_create(channel_creds, oauth2_creds,
nullptr);
grpc_call_credentials* google_iam_creds = grpc_google_iam_credentials_create(
test_google_iam_authorization_token, test_google_iam_authority_selector,
nullptr);
grpc_channel_credentials* channel_oauth2_iam_creds =
grpc_composite_channel_credentials_create(channel_oauth2_creds,
google_iam_creds, nullptr);
grpc_channel_credentials_release(channel_creds);
grpc_call_credentials_release(oauth2_creds);
grpc_channel_credentials_release(channel_oauth2_creds);
grpc_call_credentials_release(google_iam_creds);
channel_oauth2_iam_creds->create_security_connector(nullptr, nullptr, nullptr,
&new_args);
grpc_channel_credentials_release(channel_oauth2_iam_creds);
}
static void validate_compute_engine_http_request(
const grpc_httpcli_request* request) {
GPR_ASSERT(request->handshaker != &grpc_httpcli_ssl);
GPR_ASSERT(strcmp(request->host, "metadata.google.internal.") == 0);
GPR_ASSERT(
strcmp(request->http.path,
"/computeMetadata/v1/instance/service-accounts/default/token") ==
0);
GPR_ASSERT(request->http.hdr_count == 1);
GPR_ASSERT(strcmp(request->http.hdrs[0].key, "Metadata-Flavor") == 0);
GPR_ASSERT(strcmp(request->http.hdrs[0].value, "Google") == 0);
}
static int compute_engine_httpcli_get_success_override(
const grpc_httpcli_request* request, grpc_millis /*deadline*/,
grpc_closure* on_done, grpc_httpcli_response* response) {
validate_compute_engine_http_request(request);
*response = http_response(200, valid_oauth2_json_response);
5 years ago
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_done, GRPC_ERROR_NONE);
return 1;
}
static int compute_engine_httpcli_get_failure_override(
const grpc_httpcli_request* request, grpc_millis /*deadline*/,
grpc_closure* on_done, grpc_httpcli_response* response) {
validate_compute_engine_http_request(request);
*response = http_response(403, "Not Authorized.");
5 years ago
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_done, GRPC_ERROR_NONE);
return 1;
}
static int httpcli_post_should_not_be_called(
const grpc_httpcli_request* /*request*/, const char* /*body_bytes*/,
5 years ago
size_t /*body_size*/, grpc_millis /*deadline*/, grpc_closure* /*on_done*/,
grpc_httpcli_response* /*response*/) {
GPR_ASSERT("HTTP POST should not be called" == nullptr);
return 1;
}
static int httpcli_get_should_not_be_called(
const grpc_httpcli_request* /*request*/, grpc_millis /*deadline*/,
grpc_closure* /*on_done*/, grpc_httpcli_response* /*response*/) {
GPR_ASSERT("HTTP GET should not be called" == nullptr);
return 1;
}
static void test_compute_engine_creds_success() {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {
{"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}};
grpc_call_credentials* creds =
grpc_google_compute_engine_credentials_create(nullptr);
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
/* First request: http get should be called. */
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_httpcli_set_override(compute_engine_httpcli_get_success_override,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
/* Second request: the cached token should be served directly. */
state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
}
static void test_compute_engine_creds_failure(void) {
grpc_core::ExecCtx exec_ctx;
request_metadata_state* state = make_request_metadata_state(
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"Error occurred when fetching oauth2 token."),
nullptr, 0);
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
grpc_call_credentials* creds =
grpc_google_compute_engine_credentials_create(nullptr);
grpc_httpcli_set_override(compute_engine_httpcli_get_failure_override,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds, auth_md_ctx, state);
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
}
static void validate_refresh_token_http_request(
const grpc_httpcli_request* request, const char* body, size_t body_size) {
/* The content of the assertion is tested extensively in json_token_test. */
char* expected_body = nullptr;
GPR_ASSERT(body != nullptr);
GPR_ASSERT(body_size != 0);
gpr_asprintf(&expected_body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING,
"32555999999.apps.googleusercontent.com",
"EmssLNjJy1332hD4KFsecret",
"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42");
GPR_ASSERT(strlen(expected_body) == body_size);
GPR_ASSERT(memcmp(expected_body, body, body_size) == 0);
gpr_free(expected_body);
GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl);
GPR_ASSERT(strcmp(request->host, GRPC_GOOGLE_OAUTH2_SERVICE_HOST) == 0);
GPR_ASSERT(
strcmp(request->http.path, GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH) == 0);
GPR_ASSERT(request->http.hdr_count == 1);
GPR_ASSERT(strcmp(request->http.hdrs[0].key, "Content-Type") == 0);
GPR_ASSERT(strcmp(request->http.hdrs[0].value,
"application/x-www-form-urlencoded") == 0);
}
static int refresh_token_httpcli_post_success(
const grpc_httpcli_request* request, const char* body, size_t body_size,
grpc_millis /*deadline*/, grpc_closure* on_done,
grpc_httpcli_response* response) {
validate_refresh_token_http_request(request, body, body_size);
*response = http_response(200, valid_oauth2_json_response);
5 years ago
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_done, GRPC_ERROR_NONE);
return 1;
}
static int token_httpcli_post_failure(const grpc_httpcli_request* /*request*/,
const char* /*body*/,
size_t /*body_size*/,
grpc_millis /*deadline*/,
grpc_closure* on_done,
grpc_httpcli_response* response) {
*response = http_response(403, "Not Authorized.");
5 years ago
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_done, GRPC_ERROR_NONE);
return 1;
}
static void test_refresh_token_creds_success(void) {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {
{"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}};
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
grpc_call_credentials* creds = grpc_google_refresh_token_credentials_create(
test_refresh_token_str, nullptr);
/* First request: http put should be called. */
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
refresh_token_httpcli_post_success);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
/* Second request: the cached token should be served directly. */
state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
}
static void test_refresh_token_creds_failure(void) {
grpc_core::ExecCtx exec_ctx;
request_metadata_state* state = make_request_metadata_state(
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"Error occurred when fetching oauth2 token."),
nullptr, 0);
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
grpc_call_credentials* creds = grpc_google_refresh_token_credentials_create(
test_refresh_token_str, nullptr);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
token_httpcli_post_failure);
run_request_metadata_test(creds, auth_md_ctx, state);
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
}
static void test_valid_sts_creds_options(void) {
grpc_sts_credentials_options valid_options = {
test_sts_endpoint_url, // sts_endpoint_url
nullptr, // resource
nullptr, // audience
nullptr, // scope
nullptr, // requested_token_type
test_signed_jwt_path_prefix, // subject_token_path
test_signed_jwt_token_type, // subject_token_type
nullptr, // actor_token_path
nullptr // actor_token_type
};
grpc_uri* sts_url;
grpc_error* error =
grpc_core::ValidateStsCredentialsOptions(&valid_options, &sts_url);
GPR_ASSERT(error == GRPC_ERROR_NONE);
GPR_ASSERT(sts_url != nullptr);
grpc_core::StringView host;
grpc_core::StringView port;
GPR_ASSERT(grpc_core::SplitHostPort(sts_url->authority, &host, &port));
GPR_ASSERT(grpc_core::StringViewCmp(host, "foo.com") == 0);
GPR_ASSERT(grpc_core::StringViewCmp(port, "5555") == 0);
grpc_uri_destroy(sts_url);
}
static void test_invalid_sts_creds_options(void) {
grpc_sts_credentials_options invalid_options = {
test_sts_endpoint_url, // sts_endpoint_url
nullptr, // resource
nullptr, // audience
nullptr, // scope
nullptr, // requested_token_type
nullptr, // subject_token_path (Required)
test_signed_jwt_token_type, // subject_token_type
nullptr, // actor_token_path
nullptr // actor_token_type
};
grpc_uri* url_should_be_null;
grpc_error* error = grpc_core::ValidateStsCredentialsOptions(
&invalid_options, &url_should_be_null);
GPR_ASSERT(error != GRPC_ERROR_NONE);
GRPC_ERROR_UNREF(error);
GPR_ASSERT(url_should_be_null == nullptr);
invalid_options = {
test_sts_endpoint_url, // sts_endpoint_url
nullptr, // resource
nullptr, // audience
nullptr, // scope
nullptr, // requested_token_type
test_signed_jwt_path_prefix, // subject_token_path
nullptr, // subject_token_type (Required)
nullptr, // actor_token_path
nullptr // actor_token_type
};
error = grpc_core::ValidateStsCredentialsOptions(&invalid_options,
&url_should_be_null);
GPR_ASSERT(error != GRPC_ERROR_NONE);
GRPC_ERROR_UNREF(error);
GPR_ASSERT(url_should_be_null == nullptr);
invalid_options = {
nullptr, // sts_endpoint_url (Required)
nullptr, // resource
nullptr, // audience
nullptr, // scope
nullptr, // requested_token_type
test_signed_jwt_path_prefix, // subject_token_path
test_signed_jwt_token_type, // subject_token_type (Required)
nullptr, // actor_token_path
nullptr // actor_token_type
};
error = grpc_core::ValidateStsCredentialsOptions(&invalid_options,
&url_should_be_null);
GPR_ASSERT(error != GRPC_ERROR_NONE);
GRPC_ERROR_UNREF(error);
GPR_ASSERT(url_should_be_null == nullptr);
invalid_options = {
"not_a_valid_uri", // sts_endpoint_url
nullptr, // resource
nullptr, // audience
nullptr, // scope
nullptr, // requested_token_type
test_signed_jwt_path_prefix, // subject_token_path
test_signed_jwt_token_type, // subject_token_type (Required)
nullptr, // actor_token_path
nullptr // actor_token_type
};
error = grpc_core::ValidateStsCredentialsOptions(&invalid_options,
&url_should_be_null);
GPR_ASSERT(error != GRPC_ERROR_NONE);
GRPC_ERROR_UNREF(error);
GPR_ASSERT(url_should_be_null == nullptr);
invalid_options = {
"ftp://ftp.is.not.a.valid.scheme/bar", // sts_endpoint_url
nullptr, // resource
nullptr, // audience
nullptr, // scope
nullptr, // requested_token_type
test_signed_jwt_path_prefix, // subject_token_path
test_signed_jwt_token_type, // subject_token_type (Required)
nullptr, // actor_token_path
nullptr // actor_token_type
};
error = grpc_core::ValidateStsCredentialsOptions(&invalid_options,
&url_should_be_null);
GPR_ASSERT(error != GRPC_ERROR_NONE);
GRPC_ERROR_UNREF(error);
GPR_ASSERT(url_should_be_null == nullptr);
}
static void validate_sts_token_http_request(const grpc_httpcli_request* request,
const char* body,
size_t body_size) {
// Check that the body is constructed properly.
GPR_ASSERT(body != nullptr);
GPR_ASSERT(body_size != 0);
GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl);
char* get_url_equivalent;
gpr_asprintf(&get_url_equivalent, "%s?%s", test_sts_endpoint_url, body);
grpc_uri* url = grpc_uri_parse(get_url_equivalent, false);
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "resource"), "resource") == 0);
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "audience"), "audience") == 0);
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "scope"), "scope") == 0);
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "requested_token_type"),
"requested_token_type") == 0);
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "subject_token"),
test_signed_jwt) == 0);
GPR_ASSERT(strcmp(grpc_uri_get_query_arg(url, "subject_token_type"),
test_signed_jwt_token_type) == 0);
GPR_ASSERT(grpc_uri_get_query_arg(url, "actor_token") == nullptr);
GPR_ASSERT(grpc_uri_get_query_arg(url, "actor_token_type") == nullptr);
grpc_uri_destroy(url);
gpr_free(get_url_equivalent);
// Check the rest of the request.
GPR_ASSERT(strcmp(request->host, "foo.com:5555") == 0);
GPR_ASSERT(strcmp(request->http.path, "/v1/token-exchange") == 0);
GPR_ASSERT(request->http.hdr_count == 1);
GPR_ASSERT(strcmp(request->http.hdrs[0].key, "Content-Type") == 0);
GPR_ASSERT(strcmp(request->http.hdrs[0].value,
"application/x-www-form-urlencoded") == 0);
}
static int sts_token_httpcli_post_success(const grpc_httpcli_request* request,
const char* body, size_t body_size,
grpc_millis /*deadline*/,
grpc_closure* on_done,
grpc_httpcli_response* response) {
validate_sts_token_http_request(request, body, body_size);
*response = http_response(200, valid_sts_json_response);
5 years ago
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_done, GRPC_ERROR_NONE);
return 1;
}
static char* write_tmp_jwt_file(void) {
char* path;
FILE* tmp = gpr_tmpfile(test_signed_jwt_path_prefix, &path);
GPR_ASSERT(path != nullptr);
GPR_ASSERT(tmp != nullptr);
size_t jwt_length = strlen(test_signed_jwt);
GPR_ASSERT(fwrite(test_signed_jwt, 1, jwt_length, tmp) == jwt_length);
fclose(tmp);
return path;
}
static void test_sts_creds_success(void) {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {
{"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}};
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
char* test_signed_jwt_path = write_tmp_jwt_file();
grpc_sts_credentials_options valid_options = {
test_sts_endpoint_url, // sts_endpoint_url
"resource", // resource
"audience", // audience
"scope", // scope
"requested_token_type", // requested_token_type
test_signed_jwt_path, // subject_token_path
test_signed_jwt_token_type, // subject_token_type
nullptr, // actor_token_path
nullptr // actor_token_type
};
grpc_call_credentials* creds =
grpc_sts_credentials_create(&valid_options, nullptr);
/* First request: http put should be called. */
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
sts_token_httpcli_post_success);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
/* Second request: the cached token should be served directly. */
state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
gpr_free(test_signed_jwt_path);
}
static void test_sts_creds_load_token_failure(void) {
grpc_core::ExecCtx exec_ctx;
request_metadata_state* state = make_request_metadata_state(
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"Error occurred when fetching oauth2 token."),
nullptr, 0);
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
char* test_signed_jwt_path = write_tmp_jwt_file();
grpc_sts_credentials_options options = {
test_sts_endpoint_url, // sts_endpoint_url
"resource", // resource
"audience", // audience
"scope", // scope
"requested_token_type", // requested_token_type
"invalid_path", // subject_token_path
test_signed_jwt_token_type, // subject_token_type
nullptr, // actor_token_path
nullptr // actor_token_type
};
grpc_call_credentials* creds = grpc_sts_credentials_create(&options, nullptr);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds, auth_md_ctx, state);
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
gpr_free(test_signed_jwt_path);
}
static void test_sts_creds_http_failure(void) {
grpc_core::ExecCtx exec_ctx;
request_metadata_state* state = make_request_metadata_state(
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"Error occurred when fetching oauth2 token."),
nullptr, 0);
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
char* test_signed_jwt_path = write_tmp_jwt_file();
grpc_sts_credentials_options valid_options = {
test_sts_endpoint_url, // sts_endpoint_url
"resource", // resource
"audience", // audience
"scope", // scope
"requested_token_type", // requested_token_type
test_signed_jwt_path, // subject_token_path
test_signed_jwt_token_type, // subject_token_type
nullptr, // actor_token_path
nullptr // actor_token_type
};
grpc_call_credentials* creds =
grpc_sts_credentials_create(&valid_options, nullptr);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
token_httpcli_post_failure);
run_request_metadata_test(creds, auth_md_ctx, state);
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
gpr_free(test_signed_jwt_path);
}
static void validate_jwt_encode_and_sign_params(
const grpc_auth_json_key* json_key, const char* scope,
gpr_timespec token_lifetime) {
GPR_ASSERT(grpc_auth_json_key_is_valid(json_key));
GPR_ASSERT(json_key->private_key != nullptr);
GPR_ASSERT(RSA_check_key(json_key->private_key));
GPR_ASSERT(json_key->type != nullptr &&
strcmp(json_key->type, "service_account") == 0);
GPR_ASSERT(json_key->private_key_id != nullptr &&
strcmp(json_key->private_key_id,
"e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0);
GPR_ASSERT(json_key->client_id != nullptr &&
strcmp(json_key->client_id,
"777-abaslkan11hlb6nmim3bpspl31ud.apps."
"googleusercontent.com") == 0);
GPR_ASSERT(json_key->client_email != nullptr &&
strcmp(json_key->client_email,
"777-abaslkan11hlb6nmim3bpspl31ud@developer."
"gserviceaccount.com") == 0);
if (scope != nullptr) GPR_ASSERT(strcmp(scope, test_scope) == 0);
GPR_ASSERT(!gpr_time_cmp(token_lifetime, grpc_max_auth_token_lifetime()));
}
static char* encode_and_sign_jwt_success(const grpc_auth_json_key* json_key,
const char* /*audience*/,
gpr_timespec token_lifetime,
const char* scope) {
validate_jwt_encode_and_sign_params(json_key, scope, token_lifetime);
return gpr_strdup(test_signed_jwt);
}
static char* encode_and_sign_jwt_failure(const grpc_auth_json_key* json_key,
const char* /*audience*/,
gpr_timespec token_lifetime,
const char* scope) {
validate_jwt_encode_and_sign_params(json_key, scope, token_lifetime);
return nullptr;
}
static char* encode_and_sign_jwt_should_not_be_called(
const grpc_auth_json_key* /*json_key*/, const char* /*audience*/,
gpr_timespec /*token_lifetime*/, const char* /*scope*/) {
GPR_ASSERT("grpc_jwt_encode_and_sign should not be called" == nullptr);
return nullptr;
}
static grpc_service_account_jwt_access_credentials* creds_as_jwt(
grpc_call_credentials* creds) {
GPR_ASSERT(creds != nullptr);
GPR_ASSERT(strcmp(creds->type(), GRPC_CALL_CREDENTIALS_TYPE_JWT) == 0);
return reinterpret_cast<grpc_service_account_jwt_access_credentials*>(creds);
}
static void test_jwt_creds_lifetime(void) {
char* json_key_string = test_json_key_str();
// Max lifetime.
grpc_call_credentials* jwt_creds =
grpc_service_account_jwt_access_credentials_create(
json_key_string, grpc_max_auth_token_lifetime(), nullptr);
GPR_ASSERT(gpr_time_cmp(creds_as_jwt(jwt_creds)->jwt_lifetime(),
grpc_max_auth_token_lifetime()) == 0);
grpc_call_credentials_release(jwt_creds);
// Shorter lifetime.
gpr_timespec token_lifetime = {10, 0, GPR_TIMESPAN};
GPR_ASSERT(gpr_time_cmp(grpc_max_auth_token_lifetime(), token_lifetime) > 0);
jwt_creds = grpc_service_account_jwt_access_credentials_create(
json_key_string, token_lifetime, nullptr);
GPR_ASSERT(gpr_time_cmp(creds_as_jwt(jwt_creds)->jwt_lifetime(),
token_lifetime) == 0);
grpc_call_credentials_release(jwt_creds);
// Cropped lifetime.
gpr_timespec add_to_max = {10, 0, GPR_TIMESPAN};
token_lifetime = gpr_time_add(grpc_max_auth_token_lifetime(), add_to_max);
jwt_creds = grpc_service_account_jwt_access_credentials_create(
json_key_string, token_lifetime, nullptr);
GPR_ASSERT(gpr_time_cmp(creds_as_jwt(jwt_creds)->jwt_lifetime(),
grpc_max_auth_token_lifetime()) == 0);
grpc_call_credentials_release(jwt_creds);
gpr_free(json_key_string);
}
static void test_jwt_creds_success(void) {
char* json_key_string = test_json_key_str();
grpc_core::ExecCtx exec_ctx;
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
char* expected_md_value;
gpr_asprintf(&expected_md_value, "Bearer %s", test_signed_jwt);
expected_md emd[] = {{"authorization", expected_md_value}};
grpc_call_credentials* creds =
grpc_service_account_jwt_access_credentials_create(
json_key_string, grpc_max_auth_token_lifetime(), nullptr);
/* First request: jwt_encode_and_sign should be called. */
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
/* Second request: the cached token should be served directly. */
state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_jwt_encode_and_sign_set_override(
encode_and_sign_jwt_should_not_be_called);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
/* Third request: Different service url so jwt_encode_and_sign should be
called again (no caching). */
state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
auth_md_ctx.service_url = other_test_service_url;
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
run_request_metadata_test(creds, auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
creds->Unref();
gpr_free(json_key_string);
gpr_free(expected_md_value);
grpc_jwt_encode_and_sign_set_override(nullptr);
}
static void test_jwt_creds_signing_failure(void) {
char* json_key_string = test_json_key_str();
grpc_core::ExecCtx exec_ctx;
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
request_metadata_state* state = make_request_metadata_state(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Could not generate JWT."), nullptr,
0);
grpc_call_credentials* creds =
grpc_service_account_jwt_access_credentials_create(
json_key_string, grpc_max_auth_token_lifetime(), nullptr);
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure);
run_request_metadata_test(creds, auth_md_ctx, state);
gpr_free(json_key_string);
creds->Unref();
grpc_jwt_encode_and_sign_set_override(nullptr);
}
static void set_google_default_creds_env_var_with_file_contents(
const char* file_prefix, const char* contents) {
size_t contents_len = strlen(contents);
char* creds_file_name;
FILE* creds_file = gpr_tmpfile(file_prefix, &creds_file_name);
GPR_ASSERT(creds_file_name != nullptr);
GPR_ASSERT(creds_file != nullptr);
GPR_ASSERT(fwrite(contents, 1, contents_len, creds_file) == contents_len);
fclose(creds_file);
gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, creds_file_name);
gpr_free(creds_file_name);
}
static void test_google_default_creds_auth_key(void) {
grpc_core::ExecCtx exec_ctx;
grpc_composite_channel_credentials* creds;
char* json_key = test_json_key_str();
grpc_flush_cached_google_default_credentials();
set_google_default_creds_env_var_with_file_contents(
"json_key_google_default_creds", json_key);
gpr_free(json_key);
7 years ago
creds = reinterpret_cast<grpc_composite_channel_credentials*>(
grpc_google_default_credentials_create());
auto* default_creds =
reinterpret_cast<const grpc_google_default_channel_credentials*>(
creds->inner_creds());
GPR_ASSERT(default_creds->ssl_creds() != nullptr);
auto* jwt =
reinterpret_cast<const grpc_service_account_jwt_access_credentials*>(
creds->call_creds());
GPR_ASSERT(
strcmp(jwt->key().client_id,
"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") ==
0);
creds->Unref();
gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
}
static void test_google_default_creds_refresh_token(void) {
grpc_core::ExecCtx exec_ctx;
grpc_composite_channel_credentials* creds;
grpc_flush_cached_google_default_credentials();
set_google_default_creds_env_var_with_file_contents(
"refresh_token_google_default_creds", test_refresh_token_str);
7 years ago
creds = reinterpret_cast<grpc_composite_channel_credentials*>(
grpc_google_default_credentials_create());
auto* default_creds =
reinterpret_cast<const grpc_google_default_channel_credentials*>(
creds->inner_creds());
GPR_ASSERT(default_creds->ssl_creds() != nullptr);
auto* refresh =
reinterpret_cast<const grpc_google_refresh_token_credentials*>(
creds->call_creds());
GPR_ASSERT(strcmp(refresh->refresh_token().client_id,
"32555999999.apps.googleusercontent.com") == 0);
creds->Unref();
gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
}
static int default_creds_metadata_server_detection_httpcli_get_success_override(
const grpc_httpcli_request* request, grpc_millis /*deadline*/,
grpc_closure* on_done, grpc_httpcli_response* response) {
*response = http_response(200, "");
grpc_http_header* headers =
static_cast<grpc_http_header*>(gpr_malloc(sizeof(*headers) * 1));
headers[0].key = gpr_strdup("Metadata-Flavor");
headers[0].value = gpr_strdup("Google");
response->hdr_count = 1;
response->hdrs = headers;
GPR_ASSERT(strcmp(request->http.path, "/") == 0);
GPR_ASSERT(strcmp(request->host, "metadata.google.internal.") == 0);
5 years ago
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_done, GRPC_ERROR_NONE);
return 1;
}
static char* null_well_known_creds_path_getter(void) { return nullptr; }
static bool test_gce_tenancy_checker(void) {
g_test_gce_tenancy_checker_called = true;
return g_test_is_on_gce;
}
static void test_google_default_creds_gce(void) {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {
{"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}};
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
grpc_flush_cached_google_default_credentials();
gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
grpc_override_well_known_credentials_path_getter(
null_well_known_creds_path_getter);
set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker);
g_test_gce_tenancy_checker_called = false;
g_test_is_on_gce = true;
/* Simulate a successful detection of GCE. */
grpc_composite_channel_credentials* creds =
7 years ago
reinterpret_cast<grpc_composite_channel_credentials*>(
grpc_google_default_credentials_create());
/* Verify that the default creds actually embeds a GCE creds. */
GPR_ASSERT(creds != nullptr);
GPR_ASSERT(creds->call_creds() != nullptr);
grpc_httpcli_set_override(compute_engine_httpcli_get_success_override,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds->mutable_call_creds(), auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
GPR_ASSERT(g_test_gce_tenancy_checker_called == true);
/* Cleanup. */
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
grpc_override_well_known_credentials_path_getter(nullptr);
}
static void test_google_default_creds_non_gce(void) {
grpc_core::ExecCtx exec_ctx;
expected_md emd[] = {
{"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}};
request_metadata_state* state =
make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd));
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
grpc_flush_cached_google_default_credentials();
gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
grpc_override_well_known_credentials_path_getter(
null_well_known_creds_path_getter);
set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker);
g_test_gce_tenancy_checker_called = false;
g_test_is_on_gce = false;
/* Simulate a successful detection of metadata server. */
grpc_httpcli_set_override(
default_creds_metadata_server_detection_httpcli_get_success_override,
httpcli_post_should_not_be_called);
grpc_composite_channel_credentials* creds =
reinterpret_cast<grpc_composite_channel_credentials*>(
grpc_google_default_credentials_create());
/* Verify that the default creds actually embeds a GCE creds. */
GPR_ASSERT(creds != nullptr);
GPR_ASSERT(creds->call_creds() != nullptr);
grpc_httpcli_set_override(compute_engine_httpcli_get_success_override,
httpcli_post_should_not_be_called);
run_request_metadata_test(creds->mutable_call_creds(), auth_md_ctx, state);
grpc_core::ExecCtx::Get()->Flush();
GPR_ASSERT(g_test_gce_tenancy_checker_called == true);
/* Cleanup. */
creds->Unref();
grpc_httpcli_set_override(nullptr, nullptr);
grpc_override_well_known_credentials_path_getter(nullptr);
}
static int default_creds_gce_detection_httpcli_get_failure_override(
const grpc_httpcli_request* request, grpc_millis /*deadline*/,
grpc_closure* on_done, grpc_httpcli_response* response) {
/* No magic header. */
GPR_ASSERT(strcmp(request->http.path, "/") == 0);
GPR_ASSERT(strcmp(request->host, "metadata.google.internal.") == 0);
*response = http_response(200, "");
5 years ago
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_done, GRPC_ERROR_NONE);
return 1;
}
static void test_no_google_default_creds(void) {
grpc_flush_cached_google_default_credentials();
gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
grpc_override_well_known_credentials_path_getter(
null_well_known_creds_path_getter);
set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker);
g_test_gce_tenancy_checker_called = false;
g_test_is_on_gce = false;
grpc_httpcli_set_override(
default_creds_gce_detection_httpcli_get_failure_override,
httpcli_post_should_not_be_called);
/* Simulate a successful detection of GCE. */
GPR_ASSERT(grpc_google_default_credentials_create() == nullptr);
/* Try a second one. GCE detection should occur again. */
g_test_gce_tenancy_checker_called = false;
GPR_ASSERT(grpc_google_default_credentials_create() == nullptr);
GPR_ASSERT(g_test_gce_tenancy_checker_called == true);
/* Cleanup. */
grpc_override_well_known_credentials_path_getter(nullptr);
grpc_httpcli_set_override(nullptr, nullptr);
}
typedef enum {
PLUGIN_INITIAL_STATE,
PLUGIN_GET_METADATA_CALLED_STATE,
PLUGIN_DESTROY_CALLED_STATE
} plugin_state;
static const expected_md plugin_md[] = {{"foo", "bar"}, {"hi", "there"}};
static int plugin_get_metadata_success(
void* state, grpc_auth_metadata_context context,
grpc_credentials_plugin_metadata_cb /*cb*/, void* /*user_data*/,
grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
size_t* num_creds_md, grpc_status_code* /*status*/,
const char** /*error_details*/) {
GPR_ASSERT(strcmp(context.service_url, test_service_url) == 0);
GPR_ASSERT(strcmp(context.method_name, test_method) == 0);
GPR_ASSERT(context.channel_auth_context == nullptr);
GPR_ASSERT(context.reserved == nullptr);
GPR_ASSERT(GPR_ARRAY_SIZE(plugin_md) <
GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX);
plugin_state* s = static_cast<plugin_state*>(state);
*s = PLUGIN_GET_METADATA_CALLED_STATE;
for (size_t i = 0; i < GPR_ARRAY_SIZE(plugin_md); ++i) {
memset(&creds_md[i], 0, sizeof(grpc_metadata));
creds_md[i].key = grpc_slice_from_copied_string(plugin_md[i].key);
creds_md[i].value = grpc_slice_from_copied_string(plugin_md[i].value);
}
*num_creds_md = GPR_ARRAY_SIZE(plugin_md);
return true; // Synchronous return.
}
static const char* plugin_error_details = "Could not get metadata for plugin.";
static int plugin_get_metadata_failure(
void* state, grpc_auth_metadata_context context,
grpc_credentials_plugin_metadata_cb /*cb*/, void* /*user_data*/,
grpc_metadata /*creds_md*/[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
size_t* /*num_creds_md*/, grpc_status_code* status,
const char** error_details) {
GPR_ASSERT(strcmp(context.service_url, test_service_url) == 0);
GPR_ASSERT(strcmp(context.method_name, test_method) == 0);
GPR_ASSERT(context.channel_auth_context == nullptr);
GPR_ASSERT(context.reserved == nullptr);
plugin_state* s = static_cast<plugin_state*>(state);
*s = PLUGIN_GET_METADATA_CALLED_STATE;
*status = GRPC_STATUS_UNAUTHENTICATED;
*error_details = gpr_strdup(plugin_error_details);
return true; // Synchronous return.
}
static void plugin_destroy(void* state) {
plugin_state* s = static_cast<plugin_state*>(state);
*s = PLUGIN_DESTROY_CALLED_STATE;
}
static void test_metadata_plugin_success(void) {
plugin_state state = PLUGIN_INITIAL_STATE;
grpc_metadata_credentials_plugin plugin;
grpc_core::ExecCtx exec_ctx;
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
request_metadata_state* md_state = make_request_metadata_state(
GRPC_ERROR_NONE, plugin_md, GPR_ARRAY_SIZE(plugin_md));
plugin.state = &state;
plugin.get_metadata = plugin_get_metadata_success;
plugin.destroy = plugin_destroy;
grpc_call_credentials* creds =
grpc_metadata_credentials_create_from_plugin(plugin, nullptr);
GPR_ASSERT(state == PLUGIN_INITIAL_STATE);
run_request_metadata_test(creds, auth_md_ctx, md_state);
GPR_ASSERT(state == PLUGIN_GET_METADATA_CALLED_STATE);
creds->Unref();
GPR_ASSERT(state == PLUGIN_DESTROY_CALLED_STATE);
}
static void test_metadata_plugin_failure(void) {
plugin_state state = PLUGIN_INITIAL_STATE;
grpc_metadata_credentials_plugin plugin;
grpc_core::ExecCtx exec_ctx;
grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method,
nullptr, nullptr};
char* expected_error;
gpr_asprintf(&expected_error,
"Getting metadata from plugin failed with error: %s",
plugin_error_details);
request_metadata_state* md_state = make_request_metadata_state(
GRPC_ERROR_CREATE_FROM_COPIED_STRING(expected_error), nullptr, 0);
gpr_free(expected_error);
plugin.state = &state;
plugin.get_metadata = plugin_get_metadata_failure;
plugin.destroy = plugin_destroy;
grpc_call_credentials* creds =
grpc_metadata_credentials_create_from_plugin(plugin, nullptr);
GPR_ASSERT(state == PLUGIN_INITIAL_STATE);
run_request_metadata_test(creds, auth_md_ctx, md_state);
GPR_ASSERT(state == PLUGIN_GET_METADATA_CALLED_STATE);
creds->Unref();
GPR_ASSERT(state == PLUGIN_DESTROY_CALLED_STATE);
}
static void test_get_well_known_google_credentials_file_path(void) {
char* path;
char* home = gpr_getenv("HOME");
bool restore_home_env = false;
#if defined(GRPC_BAZEL_BUILD) && (defined(GPR_POSIX_ENV) || defined(GPR_LINUX_ENV))
// when running under bazel with locally, the HOME variable is not set
// so we set it to some fake value
restore_home_env = true;
gpr_setenv("HOME", "/fake/home/for/bazel");
#endif /* defined(GRPC_BAZEL_BUILD) && (defined(GPR_POSIX_ENV) || defined(GPR_LINUX_ENV)) */
path = grpc_get_well_known_google_credentials_file_path();
GPR_ASSERT(path != nullptr);
gpr_free(path);
#if defined(GPR_POSIX_ENV) || defined(GPR_LINUX_ENV)
restore_home_env = true;
gpr_unsetenv("HOME");
path = grpc_get_well_known_google_credentials_file_path();
GPR_ASSERT(path == nullptr);
gpr_free(path);
#endif /* GPR_POSIX_ENV || GPR_LINUX_ENV */
if (restore_home_env) {
if (home) {
gpr_setenv("HOME", home);
} else {
gpr_unsetenv("HOME");
}
}
gpr_free(home);
}
static void test_channel_creds_duplicate_without_call_creds(void) {
grpc_core::ExecCtx exec_ctx;
grpc_channel_credentials* channel_creds =
grpc_fake_transport_security_credentials_create();
grpc_core::RefCountedPtr<grpc_channel_credentials> dup =
channel_creds->duplicate_without_call_credentials();
GPR_ASSERT(dup == channel_creds);
dup.reset();
grpc_call_credentials* call_creds =
grpc_access_token_credentials_create("blah", nullptr);
grpc_channel_credentials* composite_creds =
grpc_composite_channel_credentials_create(channel_creds, call_creds,
nullptr);
call_creds->Unref();
dup = composite_creds->duplicate_without_call_credentials();
GPR_ASSERT(dup == channel_creds);
dup.reset();
channel_creds->Unref();
composite_creds->Unref();
}
typedef struct {
const char* url_scheme;
const char* call_host;
const char* call_method;
const char* desired_service_url;
const char* desired_method_name;
} auth_metadata_context_test_case;
static void test_auth_metadata_context(void) {
auth_metadata_context_test_case test_cases[] = {
// No service nor method.
{"https", "www.foo.com", "", "https://www.foo.com", ""},
// No method.
{"https", "www.foo.com", "/Service", "https://www.foo.com/Service", ""},
// Empty service and method.
{"https", "www.foo.com", "//", "https://www.foo.com/", ""},
// Empty method.
{"https", "www.foo.com", "/Service/", "https://www.foo.com/Service", ""},
// Malformed url.
{"https", "www.foo.com:", "/Service/", "https://www.foo.com:/Service",
""},
// https, default explicit port.
{"https", "www.foo.com:443", "/Service/FooMethod",
"https://www.foo.com/Service", "FooMethod"},
// https, default implicit port.
{"https", "www.foo.com", "/Service/FooMethod",
"https://www.foo.com/Service", "FooMethod"},
// https with ipv6 literal, default explicit port.
{"https", "[1080:0:0:0:8:800:200C:417A]:443", "/Service/FooMethod",
"https://[1080:0:0:0:8:800:200C:417A]/Service", "FooMethod"},
// https with ipv6 literal, default implicit port.
{"https", "[1080:0:0:0:8:800:200C:443]", "/Service/FooMethod",
"https://[1080:0:0:0:8:800:200C:443]/Service", "FooMethod"},
// https, custom port.
{"https", "www.foo.com:8888", "/Service/FooMethod",
"https://www.foo.com:8888/Service", "FooMethod"},
// https with ipv6 literal, custom port.
{"https", "[1080:0:0:0:8:800:200C:417A]:8888", "/Service/FooMethod",
"https://[1080:0:0:0:8:800:200C:417A]:8888/Service", "FooMethod"},
// custom url scheme, https default port.
{"blah", "www.foo.com:443", "/Service/FooMethod",
"blah://www.foo.com:443/Service", "FooMethod"}};
for (uint32_t i = 0; i < GPR_ARRAY_SIZE(test_cases); i++) {
const char* url_scheme = test_cases[i].url_scheme;
grpc_slice call_host =
grpc_slice_from_copied_string(test_cases[i].call_host);
grpc_slice call_method =
grpc_slice_from_copied_string(test_cases[i].call_method);
grpc_auth_metadata_context auth_md_context;
memset(&auth_md_context, 0, sizeof(auth_md_context));
grpc_auth_metadata_context_build(url_scheme, call_host, call_method,
nullptr, &auth_md_context);
if (strcmp(auth_md_context.service_url,
test_cases[i].desired_service_url) != 0) {
gpr_log(GPR_ERROR, "Invalid service url, want: %s, got %s.",
test_cases[i].desired_service_url, auth_md_context.service_url);
GPR_ASSERT(false);
}
if (strcmp(auth_md_context.method_name,
test_cases[i].desired_method_name) != 0) {
gpr_log(GPR_ERROR, "Invalid method name, want: %s, got %s.",
test_cases[i].desired_method_name, auth_md_context.method_name);
GPR_ASSERT(false);
}
GPR_ASSERT(auth_md_context.channel_auth_context == nullptr);
grpc_slice_unref(call_host);
grpc_slice_unref(call_method);
grpc_auth_metadata_context_reset(&auth_md_context);
}
}
int main(int argc, char** argv) {
grpc::testing::TestEnvironment env(argc, argv);
grpc_init();
test_empty_md_array();
test_add_to_empty_md_array();
test_add_abunch_to_md_array();
test_oauth2_token_fetcher_creds_parsing_ok();
test_oauth2_token_fetcher_creds_parsing_bad_http_status();
test_oauth2_token_fetcher_creds_parsing_empty_http_body();
test_oauth2_token_fetcher_creds_parsing_invalid_json();
test_oauth2_token_fetcher_creds_parsing_missing_token();
test_oauth2_token_fetcher_creds_parsing_missing_token_type();
test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime();
test_google_iam_creds();
test_access_token_creds();
test_channel_oauth2_composite_creds();
test_oauth2_google_iam_composite_creds();
test_channel_oauth2_google_iam_composite_creds();
test_compute_engine_creds_success();
test_compute_engine_creds_failure();
test_refresh_token_creds_success();
test_refresh_token_creds_failure();
test_valid_sts_creds_options();
test_invalid_sts_creds_options();
test_sts_creds_success();
test_sts_creds_load_token_failure();
test_sts_creds_http_failure();
test_jwt_creds_lifetime();
test_jwt_creds_success();
test_jwt_creds_signing_failure();
test_google_default_creds_auth_key();
test_google_default_creds_refresh_token();
test_google_default_creds_gce();
test_google_default_creds_non_gce();
test_no_google_default_creds();
test_metadata_plugin_success();
test_metadata_plugin_failure();
test_get_well_known_google_credentials_file_path();
test_channel_creds_duplicate_without_call_creds();
test_auth_metadata_context();
grpc_shutdown();
10 years ago
return 0;
}