Adds a compute engine auth GCE interop test

- also fixes the service_account test assertions
10 years ago · 8c750f44f4
parent 2e2085693b
commit 8c750f44f4
1 changed files with 74 additions and 54 deletions
--- a/src/ruby/bin/interop/interop_client.rb
+++ b/src/ruby/bin/interop/interop_client.rb
@ -56,6 +56,8 @@ require 'test/cpp/interop/empty'
 require 'signet/ssl_config'
 include Google::RPC::Auth
 # loads the certificates used to access the test server securely.
 def load_test_certs
  this_dir = File.expand_path(File.dirname(__FILE__))
@ -67,46 +69,53 @@ end
 # loads the certificates used to access the test server securely.
 def load_prod_cert
  fail 'could not find a production cert' if ENV['SSL_CERT_FILE'].nil?
-  p "loading prod certs from #{ENV['SSL_CERT_FILE']}"
+  logger.info("loading prod certs from #{ENV['SSL_CERT_FILE']}")
  File.open(ENV['SSL_CERT_FILE']).read
 end
-# creates a Credentials from the test certificates.
+# creates SSL Credentials from the test certificates.
 def test_creds
  certs = load_test_certs
  GRPC::Core::Credentials.new(certs[0])
 end
-RX_CERT = /-----BEGIN CERTIFICATE-----\n.*?-----END CERTIFICATE-----\n/m
+# creates SSL Credentials from the production certificates.
 # creates a Credentials from the production certificates.
 def prod_creds
  cert_text = load_prod_cert
  GRPC::Core::Credentials.new(cert_text)
 end
 # creates the SSL Credentials.
 def ssl_creds(use_test_ca)
  return test_creds if use_test_ca
  prod_creds
 end
 # creates a test stub that accesses host:port securely.
 def create_stub(opts)
  address = "#{opts.host}:#{opts.port}"
  if opts.secure
    creds = nil
    if opts.use_test_ca
      creds = test_creds
    else
      creds = prod_creds
    end
    stub_opts = {
-      :creds => creds,
+      :creds => ssl_creds(opts.use_test_ca),
      GRPC::Core::Channel::SSL_TARGET => opts.host_override
    }
-    # Allow service account updates if specified
+    # Add service account creds if specified
-    unless opts.oauth_scope.nil?
+    if %w(all service_account_creds).include?(opts.test_case)
-      cred_clz = Google::RPC::Auth::ServiceAccountCredentials
+      unless opts.oauth_scope.nil?
-      json_key_io = StringIO.new(File.read(opts.oauth_key_file))
+        fd = StringIO.new(File.read(opts.oauth_key_file))
-      auth_creds = cred_clz.new(opts.oauth_scope, json_key_io)
+        logger.info("loading oauth certs from #{opts.oauth_key_file}")
-      stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply))
+        auth_creds = ServiceAccountCredentials.new(opts.oauth_scope, fd)
        stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply))
      end
    end
    # Add compute engine creds if specified
    if %w(all compute_engine_creds).include?(opts.test_case)
      unless opts.oauth_scope.nil?
        auth_creds = GCECredentials.new
        stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply))
      end
    end
    logger.info("... connecting securely to #{address}")
@ -166,10 +175,10 @@ class NamedTests
  include Grpc::Testing::PayloadType
  attr_accessor :assertions # required by Minitest::Assertions
-  def initialize(stub, opts)
+  def initialize(stub, args)
    @assertions = 0  # required by Minitest::Assertions
    @stub = stub
-    @opts = opts
+    @args = args
  end
  def empty_unary
@ -185,18 +194,30 @@ class NamedTests
  def service_account_creds
    # ignore this test if the oauth options are not set
-    if @opts.oauth_scope.nil? || @opts.oauth_key_file.nil?
+    if @args.oauth_scope.nil? || @args.oauth_key_file.nil?
      p 'NOT RUN: service_account_creds; no service_account settings'
    end
-    json_key = File.read(@opts.oauth_key_file)
+    json_key = File.read(@args.oauth_key_file)
    wanted_email = MultiJson.load(json_key)['client_email']
-    resp = perform_large_unary
+    resp = perform_large_unary(fill_username: true,
-    assert_equal(@opts.oauth_scope, resp.oauth_scope,
+                               fill_oauth_scope: true)
-                 'service_account_creds: incorrect oauth_scope')
+    assert_equal(wanted_email, resp.username,
-    assert_equal(wanted_email, resp.username)
+                 'service_account_creds: incorrect username')
    assert(@args.oauth_scope.include?(resp.oauth_scope),
           'service_account_creds: incorrect oauth_scope')
    p 'OK: service_account_creds'
  end
  def compute_engine_creds
    resp = perform_large_unary(fill_username: true,
                               fill_oauth_scope: true)
    assert(@args.oauth_scope.include?(resp.oauth_scope),
           'service_account_creds: incorrect oauth_scope')
    assert_equal(@args.default_service_account, resp.username,
                 'service_account_creds: incorrect username')
    p 'OK: compute_engine_creds'
  end
  def client_streaming
    msg_sizes = [27_182, 8, 1828, 45_904]
    wanted_aggregate_size = 74_922
@ -264,66 +285,65 @@ class NamedTests
  end
 end
-Options = Struct.new(:oauth_scope, :oauth_key_file, :secure, :host,
+# Args is used to hold the command line info.
-                     :host_override, :port, :test_case, :use_test_ca)
+Args = Struct.new(:default_service_account, :host, :host_override,
                  :oauth_scope, :oauth_key_file, :port, :secure, :test_case,
                  :use_test_ca)
 # validates the the command line options, returning them as a Hash.
-def parse_options
+def parse_args
-  options = Options.new
+  args = Args.new
-  options.host_override = 'foo.test.google.com'
+  args.host_override = 'foo.test.google.com'
  OptionParser.new do |opts|
    opts.banner = 'Usage: --server_host <server_host> --server_port server_port'
    opts.on('--oauth_scope scope',
-            'Scope for OAuth tokens') do |v|
+            'Scope for OAuth tokens') { |v| args['oauth_scope'] = v }
      options['oauth_scope'] = v
    end
    opts.on('--server_host SERVER_HOST', 'server hostname') do |v|
-      options['host'] = v
+      args['host'] = v
    end
    opts.on('--default_service_account email_address',
            'email address of the default service account') do |v|
      args['default_service_account'] = v
    end
    opts.on('--service_account_key_file PATH',
            'Path to the service account json key file') do |v|
-      options['oauth_key_file'] = v
+      args['oauth_key_file'] = v
    end
    opts.on('--server_host_override HOST_OVERRIDE',
            'override host via a HTTP header') do |v|
-      options['host_override'] = v
+      args['host_override'] = v
    end
    opts.on('--server_port SERVER_PORT', 'server port') do |v|
      options['port'] = v
    end
    opts.on('--server_port SERVER_PORT', 'server port') { |v| args['port'] = v }
    # instance_methods(false) gives only the methods defined in that class
    test_cases = NamedTests.instance_methods(false).map(&:to_s)
    test_case_list = test_cases.join(',')
    opts.on('--test_case CODE', test_cases, {}, 'select a test_case',
-            "  (#{test_case_list})") do |v|
+            "  (#{test_case_list})") { |v| args['test_case'] = v }
      options['test_case'] = v
    end
    opts.on('-s', '--use_tls', 'require a secure connection?') do |v|
-      options['secure'] = v
+      args['secure'] = v
    end
    opts.on('-t', '--use_test_ca',
            'if secure, use the test certificate?') do |v|
-      options['use_test_ca'] = v
+      args['use_test_ca'] = v
    end
  end.parse!
-  _check_options(options)
+  _check_args(args)
 end
-def _check_options(opts)
+def _check_args(args)
-  %w(host port test_case).each do |arg|
+  %w(host port test_case).each do |a|
-    if opts[arg].nil?
+    if args[a].nil?
      fail(OptionParser::MissingArgument, "please specify --#{arg}")
    end
  end
-  if opts['oauth_key_file'].nil? ^ opts['oauth_scope'].nil?
+  if args['oauth_key_file'].nil? ^ args['oauth_scope'].nil?
    fail(OptionParser::MissingArgument,
         'please specify both of --service_account_key_file and --oauth_scope')
  end
-  opts
+  args
 end
 def main
-  opts = parse_options
+  opts = parse_args
  stub = create_stub(opts)
  NamedTests.new(stub, opts).method(opts['test_case']).call
 end