From bdf8c2aed800063d4caa185032b3600ee0eb0415 Mon Sep 17 00:00:00 2001 From: Donna Dionne Date: Wed, 28 Jan 2015 19:26:37 -0800 Subject: [PATCH] Adding auth tests; test commands may change in the future and refactoring will happen when the commands are final. --- tools/dockerfile/grpc_cxx/Dockerfile | 2 + tools/gce_setup/grpc_docker.sh | 108 ++++++++++++++++++++- tools/gce_setup/new_grpc_docker_builder.sh | 1 + tools/gce_setup/shared_startup_funcs.sh | 31 ++++++ 4 files changed, 141 insertions(+), 1 deletion(-) diff --git a/tools/dockerfile/grpc_cxx/Dockerfile b/tools/dockerfile/grpc_cxx/Dockerfile index 141a20a8815..43da9fefc37 100644 --- a/tools/dockerfile/grpc_cxx/Dockerfile +++ b/tools/dockerfile/grpc_cxx/Dockerfile @@ -21,4 +21,6 @@ RUN cd /var/local/git/grpc && ls \ && make interop_client \ && make interop_server +ADD service_account service_account + CMD ["/var/local/git/grpc/bins/opt/interop_server", "--enable_ssl", "--port=8010"] diff --git a/tools/gce_setup/grpc_docker.sh b/tools/gce_setup/grpc_docker.sh index 6bb73269aef..f90a1c0095c 100755 --- a/tools/gce_setup/grpc_docker.sh +++ b/tools/gce_setup/grpc_docker.sh @@ -440,6 +440,55 @@ grpc_cloud_prod_test_args() { } } +# checks the positional args and assigns them to variables visible in the caller +# +# these are the positional args passed to grpc_cloud_prod_test after option flags +# are removed +# +# three args are expected, in order +# - test_case +# - host +# - client to run +grpc_cloud_prod_auth_test_args() { + grpc_gen_test_cmd="grpc_cloud_prod_auth_" + [[ -n $1 ]] && { # test_case + test_case=$1 + grpc_gen_test_cmd+="$1" + shift + } || { + echo "$FUNCNAME: missing arg: test_case" 1>&2 + return 1 + } + + [[ -n $1 ]] && { # host + host=$1 + shift + } || { + echo "$FUNCNAME: missing arg: host" 1>&2 + return 1 + } + + [[ -n $1 ]] && { # client_type + case $1 in + cxx|go|java|nodejs|php|python|ruby) + grpc_gen_test_cmd+="_gen_$1_cmd" + declare -F $grpc_gen_test_cmd >> /dev/null || { + echo "-f: test_func for $1 => $grpc_gen_test_cmd is not defined" 1>&2 + return 2 + } + shift + ;; + *) + echo "bad client_type: $1" 1>&2 + return 1 + ;; + esac + } || { + echo "$FUNCNAME: missing arg: client_type" 1>&2 + return 1 + } +} + _grpc_sync_scripts_args() { grpc_gce_script_root='tools/gce_setup' @@ -715,6 +764,33 @@ grpc_cloud_prod_test() { gcloud compute $project_opt ssh $zone_opt $host --command "$cmd" } +grpc_cloud_prod_auth_test() { + _grpc_ensure_gcloud_ssh || return 1; + # declare vars local so that they don't pollute the shell environment + # where they this func is used. + + local grpc_zone grpc_project dry_run # set by _grpc_set_project_and_zone + # grpc_cloud_prod_test_args + local test_case host grpc_gen_test_cmd + + # set the project zone and check that all necessary args are provided + _grpc_set_project_and_zone -f grpc_cloud_prod_auth_test_args "$@" || return 1 + gce_has_instance $grpc_project $host || return 1; + + local test_case_flag=" --test_case=$test_case" + cmd=$($grpc_gen_test_cmd $test_case_flag) + [[ -n $cmd ]] || return 1 + + local project_opt="--project $grpc_project" + local zone_opt="--zone $grpc_zone" + local ssh_cmd="bash -l -c \"$cmd\"" + echo "will run:" + echo " $ssh_cmd" + echo "on $host" + [[ $dry_run == 1 ]] && return 0 # don't run the command on a dry run + gcloud compute $project_opt ssh $zone_opt $host --command "$cmd" +} + # constructs the full dockerized ruby interop test cmd. # # call-seq: @@ -837,7 +913,37 @@ grpc_cloud_prod_gen_cxx_cmd() { local cmd_prefix="sudo docker run grpc/cxx"; local test_script="/var/local/git/grpc/bins/opt/interop_client --enable_ssl"; local gfe_flags=" --use_prod_roots --server_port=443 --server_host=grpc-test.sandbox.google.com --server_host_override=grpc-test.sandbox.google.com" - local the_cmd="$cmd_prefix $test_script $gfe_flags $@"; + local the_cmd="$cmd_prefix $test_script $gfe_flags $added_gfe_flags $@"; + echo $the_cmd +} + +# constructs the full dockerized cpp interop test cmd. +# +# +# call-seq: +# flags= .... # generic flags to include the command +# cmd=$($grpc_gen_test_cmd $flags) +grpc_cloud_prod_auth_service_account_creds_gen_cxx_cmd() { + local cmd_prefix="sudo docker run grpc/cxx"; + local test_script="/var/local/git/grpc/bins/opt/interop_client --enable_ssl"; + local gfe_flags=" --use_prod_roots --server_port=443 --server_host=grpc-test.sandbox.google.com --server_host_override=grpc-test.sandbox.google.com" + local added_gfe_flags=" --service_account_key_file=/service_account/stubbyCloudTestingTest-7dd63462c60c.json --oauth_scope=https://www.googleapis.com/auth/xapi.zoo" + local the_cmd="$cmd_prefix $test_script $gfe_flags $added_gfe_flags $@"; + echo $the_cmd +} + +# constructs the full dockerized cpp interop test cmd. +# +# +# call-seq: +# flags= .... # generic flags to include the command +# cmd=$($grpc_gen_test_cmd $flags) +grpc_cloud_prod_auth_compute_engine_creds_gen_cxx_cmd() { + local cmd_prefix="sudo docker run grpc/cxx"; + local test_script="/var/local/git/grpc/bins/opt/interop_client --enable_ssl"; + local gfe_flags=" --use_prod_roots --server_port=443 --server_host=grpc-test.sandbox.google.com --server_host_override=grpc-test.sandbox.google.com" + local added_gfe_flags=" --default_service_account=155450119199-r5aaqa2vqoa9g5mv2m6s3m1l293rlmel@developer.gserviceaccount.com --oauth_scope=https://www.googleapis.com/auth/xapi.zoo" + local the_cmd="$cmd_prefix $test_script $gfe_flags $added_gfe_flags $@"; echo $the_cmd } diff --git a/tools/gce_setup/new_grpc_docker_builder.sh b/tools/gce_setup/new_grpc_docker_builder.sh index 9a3988f3431..5d4fc361ade 100755 --- a/tools/gce_setup/new_grpc_docker_builder.sh +++ b/tools/gce_setup/new_grpc_docker_builder.sh @@ -87,6 +87,7 @@ add_instance() { local the_image='container-vm-v20140925' local scopes='compute-rw storage-full' scopes+=' https://www.googleapis.com/auth/gerritcodereview' + scopes+=' https://www.googleapis.com/auth/xapi.zoo' gcloud --project $project compute instances create $instance \ $address_flag \ --image $the_image \ diff --git a/tools/gce_setup/shared_startup_funcs.sh b/tools/gce_setup/shared_startup_funcs.sh index 69f6ba8cc00..f474701e836 100755 --- a/tools/gce_setup/shared_startup_funcs.sh +++ b/tools/gce_setup/shared_startup_funcs.sh @@ -416,6 +416,9 @@ grpc_dockerfile_install() { [[ $image_label == "grpc/ruby" ]] && { grpc_docker_sync_roots_pem $dockerfile_dir/cacerts || return 1; } + [[ $image_label == "grpc/cxx" ]] && { + grpc_docker_sync_service_account $dockerfile_dir/service_account || return 1; + } # TODO(temiola): maybe make cache/no-cache a func option? @@ -503,3 +506,31 @@ grpc_docker_sync_roots_pem() { } gsutil cp $src $gcs_certs_path $local_certs_path } + +# grpc_docker_sync_service_account. +# +# Copies the service account from GCS to the target dir +# +# call-seq: +# grpc_docker_sync_service_account +grpc_docker_sync_service_account() { + local target_dir=$1 + [[ -n $target_dir ]] || { echo "$FUNCNAME: missing arg: target_dir" >&2; return 1; } + + # determine the admin root; the parent of the dockerfile root, + local gs_dockerfile_root=$(load_metadata "attributes/gs_dockerfile_root") + [[ -n $gs_dockerfile_root ]] || { + echo "$FUNCNAME: missing metadata: gs_dockerfile_root" >&2 + return 1 + } + local gcs_admin_root=$(dirname $gs_dockerfile_root) + + # cp the file from gsutil to a known local area + local gcs_acct_path=$gcs_admin_root/service_account/stubbyCloudTestingTest-7dd63462c60c.json + local local_acct_path=$target_dir/stubbyCloudTestingTest-7dd63462c60c.json + mkdir -p $target_dir || { + echo "$FUNCNAME: could not create dir: $target_dir" 1>&2 + return 1 + } + gsutil cp $src $gcs_acct_path $local_acct_path +}