From ba0cb56b32921f16e082d0dff072720b68743304 Mon Sep 17 00:00:00 2001 From: Stanley Cheung Date: Thu, 15 Oct 2015 11:00:50 -0700 Subject: [PATCH 1/5] php: add use_tls and use_test_ca param to interop tests script --- src/php/tests/interop/interop_client.php | 79 +++++++++++++++--------- 1 file changed, 51 insertions(+), 28 deletions(-) diff --git a/src/php/tests/interop/interop_client.php b/src/php/tests/interop/interop_client.php index 1f903053a7d..3233a816ea9 100755 --- a/src/php/tests/interop/interop_client.php +++ b/src/php/tests/interop/interop_client.php @@ -36,6 +36,8 @@ require 'empty.php'; require 'message_set.php'; require 'messages.php'; require 'test.php'; +use Google\Auth\CredentialsLoader; +use Google\Auth\ApplicationDefaultCredentials; /** * Assertion function that always exits with an error code if the assertion is @@ -114,7 +116,7 @@ function serviceAccountCreds($stub, $args) { throw new Exception('Missing oauth scope'); } $jsonKey = json_decode( - file_get_contents(getenv(Google\Auth\CredentialsLoader::ENV_VAR)), + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), true); $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true); hardAssert($result->getUsername() == $jsonKey['client_email'], @@ -149,7 +151,7 @@ function computeEngineCreds($stub, $args) { */ function jwtTokenCreds($stub, $args) { $jsonKey = json_decode( - file_get_contents(getenv(Google\Auth\CredentialsLoader::ENV_VAR)), + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), true); $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true); hardAssert($result->getUsername() == $jsonKey['client_email'], @@ -319,12 +321,17 @@ function timeoutOnSleepingServer($stub) { } $args = getopt('', array('server_host:', 'server_port:', 'test_case:', + 'use_tls::', 'use_test_ca::', 'server_host_override:', 'oauth_scope:', 'default_service_account:')); -if (!array_key_exists('server_host', $args) || - !array_key_exists('server_port', $args) || - !array_key_exists('test_case', $args)) { - throw new Exception('Missing argument'); +if (!array_key_exists('server_host', $args)) { + throw new Exception('Missing argument: --server_host is required'); +} +if (!array_key_exists('server_port', $args)) { + throw new Exception('Missing argument: --server_port is required'); +} +if (!array_key_exists('test_case', $args)) { + throw new Exception('Missing argument: --test_case is required'); } if ($args['server_port'] == 443) { @@ -333,41 +340,57 @@ if ($args['server_port'] == 443) { $server_address = $args['server_host'] . ':' . $args['server_port']; } -if (!array_key_exists('server_host_override', $args)) { - $args['server_host_override'] = 'foo.test.google.fr'; +$test_case = $args['test_case']; + +$host_override = 'foo.test.google.fr'; +if (array_key_exists('server_host_override', $args)) { + $host_override = $args['server_host_override']; +} + +$use_tls = false; +if (array_key_exists('use_tls', $args) && + $args['use_tls'] != 'false') { + $use_tls = true; } -$ssl_cert_file = getenv('SSL_CERT_FILE'); -if (!$ssl_cert_file) { - $ssl_cert_file = dirname(__FILE__) . '/../data/ca.pem'; +$use_test_ca = false; +if (array_key_exists('use_test_ca', $args) && + $args['use_test_ca'] != 'false') { + $use_test_ca = true; } -$credentials = Grpc\Credentials::createSsl(file_get_contents($ssl_cert_file)); +$opts = []; -$opts = [ - 'grpc.ssl_target_name_override' => $args['server_host_override'], - 'credentials' => $credentials, - ]; +if ($use_tls) { + if ($use_test_ca) { + $ssl_cert_file = dirname(__FILE__) . '/../data/ca.pem'; + } else { + $ssl_cert_file = getenv('SSL_CERT_FILE'); + } + $ssl_credentials = Grpc\Credentials::createSsl( + file_get_contents($ssl_cert_file)); + $opts['credentials'] = $ssl_credentials; + $opts['grpc.ssl_target_name_override'] = $host_override; +} -if (in_array($args['test_case'], array( - 'service_account_creds', - 'compute_engine_creds', - 'jwt_token_creds'))) { - if ($args['test_case'] == 'jwt_token_creds') { - $auth = Google\Auth\ApplicationDefaultCredentials::getCredentials(); +if (in_array($test_case, array('service_account_creds', + 'compute_engine_creds', 'jwt_token_creds'))) { + if ($test_case == 'jwt_token_creds') { + $auth_credentials = ApplicationDefaultCredentials::getCredentials(); } else { - $auth = Google\Auth\ApplicationDefaultCredentials::getCredentials( - $args['oauth_scope']); + $auth_credentials = ApplicationDefaultCredentials::getCredentials( + $args['oauth_scope'] + ); } - $opts['update_metadata'] = $auth->getUpdateMetadataFunc(); + $opts['update_metadata'] = $auth_credentials->getUpdateMetadataFunc(); } $stub = new grpc\testing\TestServiceClient($server_address, $opts); echo "Connecting to $server_address\n"; -echo "Running test case $args[test_case]\n"; +echo "Running test case $test_case\n"; -switch ($args['test_case']) { +switch ($test_case) { case 'empty_unary': emptyUnary($stub); break; @@ -405,6 +428,6 @@ switch ($args['test_case']) { jwtTokenCreds($stub, $args); break; default: - echo "Unsupported test case $args[test_case]\n"; + echo "Unsupported test case $test_case\n"; exit(1); } From b87663b31a2b3ba10ae797dcef279ce62b60f4a6 Mon Sep 17 00:00:00 2001 From: Stanley Cheung Date: Thu, 15 Oct 2015 12:50:17 -0700 Subject: [PATCH 2/5] php: add use_tls=true flag to run_interop_tests script --- tools/run_tests/run_interop_tests.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/run_tests/run_interop_tests.py b/tools/run_tests/run_interop_tests.py index 1814ba1abc3..c9e2f09b2d2 100755 --- a/tools/run_tests/run_interop_tests.py +++ b/tools/run_tests/run_interop_tests.py @@ -220,11 +220,11 @@ class PHPLanguage: def cloud_to_prod_args(self): return (self.client_cmdline_base + _CLOUD_TO_PROD_BASE_ARGS + - ['--use_tls']) + ['--use_tls=true']) def cloud_to_cloud_args(self): return (self.client_cmdline_base + _CLOUD_TO_CLOUD_BASE_ARGS + - ['--use_tls', '--use_test_ca']) + ['--use_tls=true', '--use_test_ca=true']) def cloud_to_prod_env(self): return _SSL_CERT_ENV From 51c36d9e63af55caf66e1214f27309464418a635 Mon Sep 17 00:00:00 2001 From: Stanley Cheung Date: Thu, 15 Oct 2015 14:32:44 -0700 Subject: [PATCH 3/5] add composer/auth.json env variable --- tools/run_tests/run_interop_tests.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/run_tests/run_interop_tests.py b/tools/run_tests/run_interop_tests.py index c9e2f09b2d2..40e1b6e0cc6 100755 --- a/tools/run_tests/run_interop_tests.py +++ b/tools/run_tests/run_interop_tests.py @@ -230,7 +230,10 @@ class PHPLanguage: return _SSL_CERT_ENV def global_env(self): - return {} + # need to manually copy to each jenkins machine if we run into github + # rate limit when running `composer install` + return {"BUILD_INTEROP_DOCKER_EXTRA_ARGS": + "-v /var/local/.composer/auth.json:/root/.composer/auth.json:ro"} def __str__(self): return 'php' From cea11394c26e76c60a400d5e1fa6adbe205ba458 Mon Sep 17 00:00:00 2001 From: Stanley Cheung Date: Thu, 15 Oct 2015 14:52:34 -0700 Subject: [PATCH 4/5] bring env variable to build_interop_image script --- tools/run_tests/run_interop_tests.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/run_tests/run_interop_tests.py b/tools/run_tests/run_interop_tests.py index 40e1b6e0cc6..a4b6a747ed1 100755 --- a/tools/run_tests/run_interop_tests.py +++ b/tools/run_tests/run_interop_tests.py @@ -475,15 +475,16 @@ def server_jobspec(language, docker_image): def build_interop_image_jobspec(language, tag=None): """Creates jobspec for building interop docker image for a language""" + environ = language.global_env() if not tag: tag = 'grpc_interop_%s:%s' % (language.safename, uuid.uuid4()) - env = {'INTEROP_IMAGE': tag, - 'BASE_NAME': 'grpc_interop_%s' % language.safename} + environ['INTEROP_IMAGE'] = tag + environ['BASE_NAME'] = 'grpc_interop_%s' % language.safename if not args.travis: - env['TTY_FLAG'] = '-t' + environ['TTY_FLAG'] = '-t' build_job = jobset.JobSpec( cmdline=['tools/jenkins/build_interop_image.sh'], - environ=env, + environ=environ, shortname="build_docker_%s" % (language), timeout_seconds=30*60) build_job.tag = tag From 59a15a8558336e6194bd0af5389c616a597c6cae Mon Sep 17 00:00:00 2001 From: Stanley Cheung Date: Thu, 15 Oct 2015 14:37:18 -0700 Subject: [PATCH 5/5] php: add remaining auth interop tests --- src/php/tests/interop/interop_client.php | 78 ++++++++++++++++++++---- 1 file changed, 66 insertions(+), 12 deletions(-) diff --git a/src/php/tests/interop/interop_client.php b/src/php/tests/interop/interop_client.php index 3233a816ea9..6670ef3ab9c 100755 --- a/src/php/tests/interop/interop_client.php +++ b/src/php/tests/interop/interop_client.php @@ -38,6 +38,7 @@ require 'messages.php'; require 'test.php'; use Google\Auth\CredentialsLoader; use Google\Auth\ApplicationDefaultCredentials; +use GuzzleHttp\ClientInterface; /** * Assertion function that always exits with an error code if the assertion is @@ -54,7 +55,6 @@ function hardAssert($value, $error_message) { /** * Run the empty_unary test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods */ function emptyUnary($stub) { @@ -65,7 +65,6 @@ function emptyUnary($stub) { /** * Run the large_unary test. - * Passes when run against the C++/Node server as of 2015-04-30 * @param $stub Stub object that has service methods */ function largeUnary($stub) { @@ -78,7 +77,8 @@ function largeUnary($stub) { * @param $fillUsername boolean whether to fill result with username * @param $fillOauthScope boolean whether to fill result with oauth scope */ -function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false) { +function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false, + $metadata = array()) { $request_len = 271828; $response_len = 314159; @@ -92,7 +92,7 @@ function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false $request->setFillUsername($fillUsername); $request->setFillOauthScope($fillOauthScope); - list($result, $status) = $stub->UnaryCall($request)->wait(); + list($result, $status) = $stub->UnaryCall($request, $metadata)->wait(); hardAssert($status->code === Grpc\STATUS_OK, 'Call did not complete successfully'); hardAssert($result !== null, 'Call returned a null response'); $payload = $result->getPayload(); @@ -107,7 +107,6 @@ function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false /** * Run the service account credentials auth test. - * Passes when run against the cloud server as of 2015-04-30 * @param $stub Stub object that has service methods * @param $args array command line args */ @@ -145,7 +144,6 @@ function computeEngineCreds($stub, $args) { /** * Run the jwt token credentials auth test. - * Passes when run against the cloud server as of 2015-05-12 * @param $stub Stub object that has service methods * @param $args array command line args */ @@ -158,9 +156,45 @@ function jwtTokenCreds($stub, $args) { 'invalid email returned'); } +/** + * Run the oauth2_auth_token auth test. + * @param $stub Stub object that has service methods + * @param $args array command line args + */ +function oauth2AuthToken($stub, $args) { + $jsonKey = json_decode( + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), + true); + $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true); + hardAssert($result->getUsername() == $jsonKey['client_email'], + 'invalid email returned'); +} + +/** + * Run the per_rpc_creds auth test. + * @param $stub Stub object that has service methods + * @param $args array command line args + */ +function perRpcCreds($stub, $args) { + $jsonKey = json_decode( + file_get_contents(getenv(CredentialsLoader::ENV_VAR)), + true); + $auth_credentials = ApplicationDefaultCredentials::getCredentials( + $args['oauth_scope'] + ); + $token = $auth_credentials->fetchAuthToken(); + $metadata = array(CredentialsLoader::AUTH_METADATA_KEY => + array(sprintf("%s %s", + $token['token_type'], + $token['access_token']))); + $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true, + $metadata); + hardAssert($result->getUsername() == $jsonKey['client_email'], + 'invalid email returned'); +} + /** * Run the client_streaming test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods */ function clientStreaming($stub) { @@ -187,7 +221,6 @@ function clientStreaming($stub) { /** * Run the server_streaming test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods. */ function serverStreaming($stub) { @@ -218,7 +251,6 @@ function serverStreaming($stub) { /** * Run the ping_pong test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods. */ function pingPong($stub) { @@ -254,7 +286,6 @@ function pingPong($stub) { /** * Run the empty_stream test. - * Passes when run against the Node server as of 2015-10-09 * @param $stub Stub object that has service methods. */ function emptyStream($stub) { @@ -267,7 +298,6 @@ function emptyStream($stub) { /** * Run the cancel_after_begin test. - * Passes when run against the Node server as of 2015-08-28 * @param $stub Stub object that has service methods. */ function cancelAfterBegin($stub) { @@ -280,7 +310,6 @@ function cancelAfterBegin($stub) { /** * Run the cancel_after_first_response test. - * Passes when run against the Node server as of 2015-04-30 * @param $stub Stub object that has service methods. */ function cancelAfterFirstResponse($stub) { @@ -385,6 +414,25 @@ if (in_array($test_case, array('service_account_creds', $opts['update_metadata'] = $auth_credentials->getUpdateMetadataFunc(); } +if ($test_case == 'oauth2_auth_token') { + $auth_credentials = ApplicationDefaultCredentials::getCredentials( + $args['oauth_scope'] + ); + $token = $auth_credentials->fetchAuthToken(); + $update_metadata = + function($metadata, + $authUri = null, + ClientInterface $client = null) use ($token) { + $metadata_copy = $metadata; + $metadata_copy[CredentialsLoader::AUTH_METADATA_KEY] = + array(sprintf("%s %s", + $token['token_type'], + $token['access_token'])); + return $metadata_copy; + }; + $opts['update_metadata'] = $update_metadata; +} + $stub = new grpc\testing\TestServiceClient($server_address, $opts); echo "Connecting to $server_address\n"; @@ -427,6 +475,12 @@ switch ($test_case) { case 'jwt_token_creds': jwtTokenCreds($stub, $args); break; + case 'oauth2_auth_token': + oauth2AuthToken($stub, $args); + break; + case 'per_rpc_creds': + perRpcCreds($stub, $args); + break; default: echo "Unsupported test case $test_case\n"; exit(1);