From 867d0c132c6d033ff4af33e7657698d6a31887f7 Mon Sep 17 00:00:00 2001 From: yang-g Date: Wed, 2 Sep 2015 14:33:15 -0700 Subject: [PATCH 1/2] Fix auth tests --- test/cpp/interop/client.cc | 10 +++++----- test/cpp/interop/interop_client.cc | 17 +++++++---------- test/cpp/interop/interop_client.h | 5 ++--- tools/gce_setup/grpc_docker.sh | 15 ++++++++++++++- 4 files changed, 28 insertions(+), 19 deletions(-) diff --git a/test/cpp/interop/client.cc b/test/cpp/interop/client.cc index 20fe1c515ff..ba44a918db7 100644 --- a/test/cpp/interop/client.cc +++ b/test/cpp/interop/client.cc @@ -120,11 +120,10 @@ int main(int argc, char** argv) { grpc::string json_key = GetServiceAccountJsonKey(); client.DoJwtTokenCreds(json_key); } else if (FLAGS_test_case == "oauth2_auth_token") { - grpc::string json_key = GetServiceAccountJsonKey(); - client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope); + client.DoOauth2AuthToken(FLAGS_default_service_account, FLAGS_oauth_scope); } else if (FLAGS_test_case == "per_rpc_creds") { grpc::string json_key = GetServiceAccountJsonKey(); - client.DoPerRpcCreds(json_key, FLAGS_oauth_scope); + client.DoPerRpcCreds(json_key); } else if (FLAGS_test_case == "status_code_and_message") { client.DoStatusWithMessage(); } else if (FLAGS_test_case == "all") { @@ -143,8 +142,9 @@ int main(int argc, char** argv) { if (FLAGS_enable_ssl) { grpc::string json_key = GetServiceAccountJsonKey(); client.DoJwtTokenCreds(json_key); - client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope); - client.DoPerRpcCreds(json_key, FLAGS_oauth_scope); + client.DoOauth2AuthToken( + FLAGS_default_service_account, FLAGS_oauth_scope); + client.DoPerRpcCreds(json_key); } // compute_engine_creds only runs in GCE. } else { diff --git a/test/cpp/interop/interop_client.cc b/test/cpp/interop/interop_client.cc index 48ccf06da98..40c56c73de4 100644 --- a/test/cpp/interop/interop_client.cc +++ b/test/cpp/interop/interop_client.cc @@ -196,35 +196,32 @@ void InteropClient::DoOauth2AuthToken(const grpc::string& username, AssertOkOrPrintErrorStatus(s); GPR_ASSERT(!response.username().empty()); GPR_ASSERT(!response.oauth_scope().empty()); - GPR_ASSERT(username.find(response.username()) != grpc::string::npos); + GPR_ASSERT(username == response.username()); const char* oauth_scope_str = response.oauth_scope().c_str(); GPR_ASSERT(oauth_scope.find(oauth_scope_str) != grpc::string::npos); gpr_log(GPR_INFO, "Unary with oauth2 access token credentials done."); } -void InteropClient::DoPerRpcCreds(const grpc::string& username, - const grpc::string& oauth_scope) { +void InteropClient::DoPerRpcCreds(const grpc::string& json_key) { gpr_log(GPR_INFO, "Sending a unary rpc with per-rpc raw oauth2 access token ..."); SimpleRequest request; SimpleResponse response; request.set_fill_username(true); - request.set_fill_oauth_scope(true); std::unique_ptr stub(TestService::NewStub(channel_)); ClientContext context; - grpc::string access_token = GetOauth2AccessToken(); - std::shared_ptr creds = AccessTokenCredentials(access_token); + std::chrono::seconds token_lifetime = std::chrono::hours(1); + std::shared_ptr creds = + ServiceAccountJWTAccessCredentials(json_key, token_lifetime.count()); + context.set_credentials(creds); Status s = stub->UnaryCall(&context, request, &response); AssertOkOrPrintErrorStatus(s); GPR_ASSERT(!response.username().empty()); - GPR_ASSERT(!response.oauth_scope().empty()); - GPR_ASSERT(username.find(response.username()) != grpc::string::npos); - const char* oauth_scope_str = response.oauth_scope().c_str(); - GPR_ASSERT(oauth_scope.find(oauth_scope_str) != grpc::string::npos); + GPR_ASSERT(json_key.find(response.username()) != grpc::string::npos); gpr_log(GPR_INFO, "Unary with per-rpc oauth2 access token done."); } diff --git a/test/cpp/interop/interop_client.h b/test/cpp/interop/interop_client.h index 5a085c4c022..7bcb58571e4 100644 --- a/test/cpp/interop/interop_client.h +++ b/test/cpp/interop/interop_client.h @@ -68,12 +68,11 @@ class InteropClient { void DoJwtTokenCreds(const grpc::string& username); void DoComputeEngineCreds(const grpc::string& default_service_account, const grpc::string& oauth_scope); - // username is a string containing the user email + // username the GCE default service account email void DoOauth2AuthToken(const grpc::string& username, const grpc::string& oauth_scope); // username is a string containing the user email - void DoPerRpcCreds(const grpc::string& username, - const grpc::string& oauth_scope); + void DoPerRpcCreds(const grpc::string& json_key); private: void PerformLargeUnary(SimpleRequest* request, SimpleResponse* response); diff --git a/tools/gce_setup/grpc_docker.sh b/tools/gce_setup/grpc_docker.sh index ea7c798f408..3c996fc2fd6 100755 --- a/tools/gce_setup/grpc_docker.sh +++ b/tools/gce_setup/grpc_docker.sh @@ -530,7 +530,20 @@ grpc_cloud_prod_auth_test_args() { [[ -n $1 ]] && { # client_type case $1 in - cxx|go|java|node|php|python|ruby|csharp_mono) + go|java|node|php|python|ruby|csharp_mono) + grpc_client_platform='Docker' + grpc_gen_test_cmd+="_gen_$1_cmd" + declare -F $grpc_gen_test_cmd >> /dev/null || { + echo "-f: test_func for $1 => $grpc_gen_test_cmd is not defined" 1>&2 + return 2 + } + shift + ;; + cxx) + if [ "$test_case" == "oauth2_auth_token" ] + then + test_command="compute_engine_creds" + fi grpc_client_platform='Docker' grpc_gen_test_cmd+="_gen_$1_cmd" declare -F $grpc_gen_test_cmd >> /dev/null || { From 201ef598477c2042a8f4daae8e76f63bf8892e53 Mon Sep 17 00:00:00 2001 From: yang-g Date: Wed, 2 Sep 2015 15:55:10 -0700 Subject: [PATCH 2/2] more changes --- test/cpp/interop/interop_client.cc | 4 ++-- tools/gce_setup/grpc_docker.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/cpp/interop/interop_client.cc b/test/cpp/interop/interop_client.cc index 40c56c73de4..8124cae67a7 100644 --- a/test/cpp/interop/interop_client.cc +++ b/test/cpp/interop/interop_client.cc @@ -204,7 +204,7 @@ void InteropClient::DoOauth2AuthToken(const grpc::string& username, void InteropClient::DoPerRpcCreds(const grpc::string& json_key) { gpr_log(GPR_INFO, - "Sending a unary rpc with per-rpc raw oauth2 access token ..."); + "Sending a unary rpc with per-rpc JWT access token ..."); SimpleRequest request; SimpleResponse response; request.set_fill_username(true); @@ -222,7 +222,7 @@ void InteropClient::DoPerRpcCreds(const grpc::string& json_key) { AssertOkOrPrintErrorStatus(s); GPR_ASSERT(!response.username().empty()); GPR_ASSERT(json_key.find(response.username()) != grpc::string::npos); - gpr_log(GPR_INFO, "Unary with per-rpc oauth2 access token done."); + gpr_log(GPR_INFO, "Unary with per-rpc JWT access token done."); } void InteropClient::DoJwtTokenCreds(const grpc::string& username) { diff --git a/tools/gce_setup/grpc_docker.sh b/tools/gce_setup/grpc_docker.sh index 3c996fc2fd6..efebe03fac0 100755 --- a/tools/gce_setup/grpc_docker.sh +++ b/tools/gce_setup/grpc_docker.sh @@ -542,7 +542,7 @@ grpc_cloud_prod_auth_test_args() { cxx) if [ "$test_case" == "oauth2_auth_token" ] then - test_command="compute_engine_creds" + grpc_gen_test_cmd="grpc_cloud_prod_auth_compute_engine_creds" fi grpc_client_platform='Docker' grpc_gen_test_cmd+="_gen_$1_cmd"