diff --git a/src/php/tests/interop/interop_client.php b/src/php/tests/interop/interop_client.php index 1f903053a7d..6670ef3ab9c 100755 --- a/src/php/tests/interop/interop_client.php +++ b/src/php/tests/interop/interop_client.php @@ -36,6 +36,9 @@ require 'empty.php'; require 'message_set.php'; require 'messages.php'; require 'test.php'; +use Google\Auth\CredentialsLoader; +use Google\Auth\ApplicationDefaultCredentials; +use GuzzleHttp\ClientInterface; /** * Assertion function that always exits with an error code if the assertion is @@ -52,7 +55,6 @@ function hardAssert($value, $error_message) { /** * Run the empty_unary test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods */ function emptyUnary($stub) { @@ -63,7 +65,6 @@ function emptyUnary($stub) { /** * Run the large_unary test. - * Passes when run against the C++/Node server as of 2015-04-30 * @param $stub Stub object that has service methods */ function largeUnary($stub) { @@ -76,7 +77,8 @@ function largeUnary($stub) { * @param $fillUsername boolean whether to fill result with username * @param $fillOauthScope boolean whether to fill result with oauth scope */ -function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false) { +function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false, + $metadata = array()) { $request_len = 271828; $response_len = 314159; @@ -90,7 +92,7 @@ function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false $request->setFillUsername($fillUsername); $request->setFillOauthScope($fillOauthScope); - list($result, $status) = $stub->UnaryCall($request)->wait(); + list($result, $status) = $stub->UnaryCall($request, $metadata)->wait(); hardAssert($status->code === Grpc\STATUS_OK, 'Call did not complete successfully'); hardAssert($result !== null, 'Call returned a null response'); $payload = $result->getPayload(); @@ -105,7 +107,6 @@ function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false /** * Run the service account credentials auth test. - * Passes when run against the cloud server as of 2015-04-30 * @param $stub Stub object that has service methods * @param $args array command line args */ @@ -114,7 +115,7 @@ function serviceAccountCreds($stub, $args) { throw new Exception('Missing oauth scope'); } $jsonKey = json_decode( - file_get_contents(getenv(Google\Auth\CredentialsLoader::ENV_VAR)), + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), true); $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true); hardAssert($result->getUsername() == $jsonKey['client_email'], @@ -143,22 +144,57 @@ function computeEngineCreds($stub, $args) { /** * Run the jwt token credentials auth test. - * Passes when run against the cloud server as of 2015-05-12 * @param $stub Stub object that has service methods * @param $args array command line args */ function jwtTokenCreds($stub, $args) { $jsonKey = json_decode( - file_get_contents(getenv(Google\Auth\CredentialsLoader::ENV_VAR)), + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), true); $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true); hardAssert($result->getUsername() == $jsonKey['client_email'], 'invalid email returned'); } +/** + * Run the oauth2_auth_token auth test. + * @param $stub Stub object that has service methods + * @param $args array command line args + */ +function oauth2AuthToken($stub, $args) { + $jsonKey = json_decode( + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), + true); + $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true); + hardAssert($result->getUsername() == $jsonKey['client_email'], + 'invalid email returned'); +} + +/** + * Run the per_rpc_creds auth test. + * @param $stub Stub object that has service methods + * @param $args array command line args + */ +function perRpcCreds($stub, $args) { + $jsonKey = json_decode( + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), + true); + $auth_credentials = ApplicationDefaultCredentials::getCredentials( + $args['oauth_scope'] + ); + $token = $auth_credentials->fetchAuthToken(); + $metadata = array(CredentialsLoader::AUTH_METADATA_KEY => + array(sprintf("%s %s", + $token['token_type'], + $token['access_token']))); + $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true, + $metadata); + hardAssert($result->getUsername() == $jsonKey['client_email'], + 'invalid email returned'); +} + /** * Run the client_streaming test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods */ function clientStreaming($stub) { @@ -185,7 +221,6 @@ function clientStreaming($stub) { /** * Run the server_streaming test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods. */ function serverStreaming($stub) { @@ -216,7 +251,6 @@ function serverStreaming($stub) { /** * Run the ping_pong test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods. */ function pingPong($stub) { @@ -252,7 +286,6 @@ function pingPong($stub) { /** * Run the empty_stream test. - * Passes when run against the Node server as of 2015-10-09 * @param $stub Stub object that has service methods. */ function emptyStream($stub) { @@ -265,7 +298,6 @@ function emptyStream($stub) { /** * Run the cancel_after_begin test. - * Passes when run against the Node server as of 2015-08-28 * @param $stub Stub object that has service methods. */ function cancelAfterBegin($stub) { @@ -278,7 +310,6 @@ function cancelAfterBegin($stub) { /** * Run the cancel_after_first_response test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods. */ function cancelAfterFirstResponse($stub) { @@ -319,12 +350,17 @@ function timeoutOnSleepingServer($stub) { } $args = getopt('', array('server_host:', 'server_port:', 'test_case:', + 'use_tls::', 'use_test_ca::', 'server_host_override:', 'oauth_scope:', 'default_service_account:')); -if (!array_key_exists('server_host', $args) || - !array_key_exists('server_port', $args) || - !array_key_exists('test_case', $args)) { - throw new Exception('Missing argument'); +if (!array_key_exists('server_host', $args)) { + throw new Exception('Missing argument: --server_host is required'); +} +if (!array_key_exists('server_port', $args)) { + throw new Exception('Missing argument: --server_port is required'); +} +if (!array_key_exists('test_case', $args)) { + throw new Exception('Missing argument: --test_case is required'); } if ($args['server_port'] == 443) { @@ -333,41 +369,76 @@ if ($args['server_port'] == 443) { $server_address = $args['server_host'] . ':' . $args['server_port']; } -if (!array_key_exists('server_host_override', $args)) { - $args['server_host_override'] = 'foo.test.google.fr'; +$test_case = $args['test_case']; + +$host_override = 'foo.test.google.fr'; +if (array_key_exists('server_host_override', $args)) { + $host_override = $args['server_host_override']; +} + +$use_tls = false; +if (array_key_exists('use_tls', $args) && + $args['use_tls'] != 'false') { + $use_tls = true; } -$ssl_cert_file = getenv('SSL_CERT_FILE'); -if (!$ssl_cert_file) { - $ssl_cert_file = dirname(__FILE__) . '/../data/ca.pem'; +$use_test_ca = false; +if (array_key_exists('use_test_ca', $args) && + $args['use_test_ca'] != 'false') { + $use_test_ca = true; } -$credentials = Grpc\Credentials::createSsl(file_get_contents($ssl_cert_file)); +$opts = []; -$opts = [ - 'grpc.ssl_target_name_override' => $args['server_host_override'], - 'credentials' => $credentials, - ]; +if ($use_tls) { + if ($use_test_ca) { + $ssl_cert_file = dirname(__FILE__) . '/../data/ca.pem'; + } else { + $ssl_cert_file = getenv('SSL_CERT_FILE'); + } + $ssl_credentials = Grpc\Credentials::createSsl( + file_get_contents($ssl_cert_file)); + $opts['credentials'] = $ssl_credentials; + $opts['grpc.ssl_target_name_override'] = $host_override; +} -if (in_array($args['test_case'], array( - 'service_account_creds', - 'compute_engine_creds', - 'jwt_token_creds'))) { - if ($args['test_case'] == 'jwt_token_creds') { - $auth = Google\Auth\ApplicationDefaultCredentials::getCredentials(); +if (in_array($test_case, array('service_account_creds', + 'compute_engine_creds', 'jwt_token_creds'))) { + if ($test_case == 'jwt_token_creds') { + $auth_credentials = ApplicationDefaultCredentials::getCredentials(); } else { - $auth = Google\Auth\ApplicationDefaultCredentials::getCredentials( - $args['oauth_scope']); + $auth_credentials = ApplicationDefaultCredentials::getCredentials( + $args['oauth_scope'] + ); } - $opts['update_metadata'] = $auth->getUpdateMetadataFunc(); + $opts['update_metadata'] = $auth_credentials->getUpdateMetadataFunc(); +} + +if ($test_case == 'oauth2_auth_token') { + $auth_credentials = ApplicationDefaultCredentials::getCredentials( + $args['oauth_scope'] + ); + $token = $auth_credentials->fetchAuthToken(); + $update_metadata = + function($metadata, + $authUri = null, + ClientInterface $client = null) use ($token) { + $metadata_copy = $metadata; + $metadata_copy[CredentialsLoader::AUTH_METADATA_KEY] = + array(sprintf("%s %s", + $token['token_type'], + $token['access_token'])); + return $metadata_copy; + }; + $opts['update_metadata'] = $update_metadata; } $stub = new grpc\testing\TestServiceClient($server_address, $opts); echo "Connecting to $server_address\n"; -echo "Running test case $args[test_case]\n"; +echo "Running test case $test_case\n"; -switch ($args['test_case']) { +switch ($test_case) { case 'empty_unary': emptyUnary($stub); break; @@ -404,7 +475,13 @@ switch ($args['test_case']) { case 'jwt_token_creds': jwtTokenCreds($stub, $args); break; + case 'oauth2_auth_token': + oauth2AuthToken($stub, $args); + break; + case 'per_rpc_creds': + perRpcCreds($stub, $args); + break; default: - echo "Unsupported test case $args[test_case]\n"; + echo "Unsupported test case $test_case\n"; exit(1); } diff --git a/tools/run_tests/run_interop_tests.py b/tools/run_tests/run_interop_tests.py index 1814ba1abc3..a4b6a747ed1 100755 --- a/tools/run_tests/run_interop_tests.py +++ b/tools/run_tests/run_interop_tests.py @@ -220,17 +220,20 @@ class PHPLanguage: def cloud_to_prod_args(self): return (self.client_cmdline_base + _CLOUD_TO_PROD_BASE_ARGS + - ['--use_tls']) + ['--use_tls=true']) def cloud_to_cloud_args(self): return (self.client_cmdline_base + _CLOUD_TO_CLOUD_BASE_ARGS + - ['--use_tls', '--use_test_ca']) + ['--use_tls=true', '--use_test_ca=true']) def cloud_to_prod_env(self): return _SSL_CERT_ENV def global_env(self): - return {} + # need to manually copy to each jenkins machine if we run into github + # rate limit when running `composer install` + return {"BUILD_INTEROP_DOCKER_EXTRA_ARGS": + "-v /var/local/.composer/auth.json:/root/.composer/auth.json:ro"} def __str__(self): return 'php' @@ -472,15 +475,16 @@ def server_jobspec(language, docker_image): def build_interop_image_jobspec(language, tag=None): """Creates jobspec for building interop docker image for a language""" + environ = language.global_env() if not tag: tag = 'grpc_interop_%s:%s' % (language.safename, uuid.uuid4()) - env = {'INTEROP_IMAGE': tag, - 'BASE_NAME': 'grpc_interop_%s' % language.safename} + environ['INTEROP_IMAGE'] = tag + environ['BASE_NAME'] = 'grpc_interop_%s' % language.safename if not args.travis: - env['TTY_FLAG'] = '-t' + environ['TTY_FLAG'] = '-t' build_job = jobset.JobSpec( cmdline=['tools/jenkins/build_interop_image.sh'], - environ=env, + environ=environ, shortname="build_docker_%s" % (language), timeout_seconds=30*60) build_job.tag = tag