From be5f05921955213ed8cec41fa9518f244e9acbfb Mon Sep 17 00:00:00 2001 From: yang-g Date: Mon, 13 Jul 2015 11:11:50 -0700 Subject: [PATCH] Add oauth2_auth_token test case in interop test --- Makefile | 2 + build.json | 2 + test/core/security/fetch_oauth2.c | 47 ++-------- test/core/security/oauth2_utils.c | 92 +++++++++++++++++++ test/core/security/oauth2_utils.h | 51 ++++++++++ test/cpp/interop/client.cc | 9 +- test/cpp/interop/client_helper.cc | 39 ++++++-- test/cpp/interop/client_helper.h | 2 + test/cpp/interop/interop_client.cc | 17 ++++ test/cpp/interop/interop_client.h | 3 + tools/run_tests/sources_and_headers.json | 6 ++ .../grpc_test_util/grpc_test_util.vcxproj | 3 + 12 files changed, 225 insertions(+), 48 deletions(-) create mode 100644 test/core/security/oauth2_utils.c create mode 100644 test/core/security/oauth2_utils.h diff --git a/Makefile b/Makefile index 08171320d44..6bb5c61c658 100644 --- a/Makefile +++ b/Makefile @@ -3419,6 +3419,7 @@ LIBGRPC_TEST_UTIL_SRC = \ test/core/end2end/data/test_root_cert.c \ test/core/end2end/cq_verifier.c \ test/core/iomgr/endpoint_tests.c \ + test/core/security/oauth2_utils.c \ test/core/util/grpc_profiler.c \ test/core/util/parse_hexstring.c \ test/core/util/port_posix.c \ @@ -3463,6 +3464,7 @@ endif LIBGRPC_TEST_UTIL_UNSECURE_SRC = \ test/core/end2end/cq_verifier.c \ test/core/iomgr/endpoint_tests.c \ + test/core/security/oauth2_utils.c \ test/core/util/grpc_profiler.c \ test/core/util/parse_hexstring.c \ test/core/util/port_posix.c \ diff --git a/build.json b/build.json index 7d2242b116e..4caa094b4f0 100644 --- a/build.json +++ b/build.json @@ -320,6 +320,7 @@ "headers": [ "test/core/end2end/cq_verifier.h", "test/core/iomgr/endpoint_tests.h", + "test/core/security/oauth2_utils.h", "test/core/util/grpc_profiler.h", "test/core/util/parse_hexstring.h", "test/core/util/port.h", @@ -328,6 +329,7 @@ "src": [ "test/core/end2end/cq_verifier.c", "test/core/iomgr/endpoint_tests.c", + "test/core/security/oauth2_utils.c", "test/core/util/grpc_profiler.c", "test/core/util/parse_hexstring.c", "test/core/util/port_posix.c", diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c index 767f724b62f..64c4dde5d98 100644 --- a/test/core/security/fetch_oauth2.c +++ b/test/core/security/fetch_oauth2.c @@ -44,35 +44,7 @@ #include "src/core/security/credentials.h" #include "src/core/support/file.h" - -typedef struct { - grpc_pollset pollset; - int is_done; -} synchronizer; - -static void on_oauth2_response(void *user_data, - grpc_credentials_md *md_elems, - size_t num_md, grpc_credentials_status status) { - synchronizer *sync = user_data; - char *token; - gpr_slice token_slice; - if (status == GRPC_CREDENTIALS_ERROR) { - gpr_log(GPR_ERROR, "Fetching token failed."); - } else { - GPR_ASSERT(num_md == 1); - token_slice = md_elems[0].value; - token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1); - memcpy(token, GPR_SLICE_START_PTR(token_slice), - GPR_SLICE_LENGTH(token_slice)); - token[GPR_SLICE_LENGTH(token_slice)] = '\0'; - printf("Got token: %s.\n", token); - gpr_free(token); - } - gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); - sync->is_done = 1; - grpc_pollset_kick(&sync->pollset); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); -} +#include "test/core/security/oauth2_utils.h" static grpc_credentials *create_service_account_creds( const char *json_key_file_path, const char *scope) { @@ -101,10 +73,10 @@ static grpc_credentials *create_refresh_token_creds( } int main(int argc, char **argv) { - synchronizer sync; grpc_credentials *creds = NULL; char *json_key_file_path = NULL; char *json_refresh_token_file_path = NULL; + char *token = NULL; int use_gce = 0; char *scope = NULL; gpr_cmdline *cl = gpr_cmdline_create("fetch_oauth2"); @@ -175,16 +147,11 @@ int main(int argc, char **argv) { } GPR_ASSERT(creds != NULL); - grpc_pollset_init(&sync.pollset); - sync.is_done = 0; - - grpc_credentials_get_request_metadata(creds, &sync.pollset, "", on_oauth2_response, &sync); - - gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); - while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); - - grpc_pollset_destroy(&sync.pollset); + token = grpc_test_fetch_oauth2_token_with_credentials(creds); + if (token != NULL) { + printf("Got token: %s.\n", token); + gpr_free(token); + } grpc_credentials_release(creds); gpr_cmdline_destroy(cl); grpc_shutdown(); diff --git a/test/core/security/oauth2_utils.c b/test/core/security/oauth2_utils.c new file mode 100644 index 00000000000..7196d4778df --- /dev/null +++ b/test/core/security/oauth2_utils.c @@ -0,0 +1,92 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "test/core/security/oauth2_utils.h" + +#include + +#include +#include +#include +#include +#include +#include + +#include "src/core/security/credentials.h" + +typedef struct { + grpc_pollset pollset; + int is_done; + char *token; +} synchronizer; + +static void on_oauth2_response(void *user_data, grpc_credentials_md *md_elems, + size_t num_md, grpc_credentials_status status) { + synchronizer *sync = user_data; + char *token = NULL; + gpr_slice token_slice; + if (status == GRPC_CREDENTIALS_ERROR) { + gpr_log(GPR_ERROR, "Fetching token failed."); + } else { + GPR_ASSERT(num_md == 1); + token_slice = md_elems[0].value; + token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1); + memcpy(token, GPR_SLICE_START_PTR(token_slice), + GPR_SLICE_LENGTH(token_slice)); + token[GPR_SLICE_LENGTH(token_slice)] = '\0'; + } + gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); + sync->is_done = 1; + sync->token = token; + grpc_pollset_kick(&sync->pollset); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); +} + +static void do_nothing(void *unused) {} + +char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds) { + synchronizer sync; + grpc_pollset_init(&sync.pollset); + sync.is_done = 0; + + grpc_credentials_get_request_metadata(creds, &sync.pollset, "", + on_oauth2_response, &sync); + + gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); + while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); + + grpc_pollset_shutdown(&sync.pollset, do_nothing, NULL); + grpc_pollset_destroy(&sync.pollset); + return sync.token; +} diff --git a/test/core/security/oauth2_utils.h b/test/core/security/oauth2_utils.h new file mode 100644 index 00000000000..8082351b8a0 --- /dev/null +++ b/test/core/security/oauth2_utils.h @@ -0,0 +1,51 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H +#define GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H + +#include "src/core/security/credentials.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Fetch oauth2 access token with a credentials object. Does not take ownership. + Returns NULL on a failure. The caller should call gpr_free on the token. */ +char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds); + +#ifdef __cplusplus +} +#endif + +#endif /* GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H */ diff --git a/test/cpp/interop/client.cc b/test/cpp/interop/client.cc index 96149c5e756..1f1e6c13067 100644 --- a/test/cpp/interop/client.cc +++ b/test/cpp/interop/client.cc @@ -68,6 +68,7 @@ DEFINE_string(test_case, "large_unary", "service_account_creds : large_unary with service_account auth; " "compute_engine_creds: large_unary with compute engine auth; " "jwt_token_creds: large_unary with JWT token auth; " + "oauth2_auth_token: raw oauth2 access token auth; " "all : all of above."); DEFINE_string(default_service_account, "", "Email of GCE default service account"); @@ -113,6 +114,9 @@ int main(int argc, char** argv) { } else if (FLAGS_test_case == "jwt_token_creds") { grpc::string json_key = GetServiceAccountJsonKey(); client.DoJwtTokenCreds(json_key); + } else if (FLAGS_test_case == "oauth2_auth_token") { + grpc::string json_key = GetServiceAccountJsonKey(); + client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope); } else if (FLAGS_test_case == "all") { client.DoEmpty(); client.DoLargeUnary(); @@ -128,6 +132,7 @@ int main(int argc, char** argv) { grpc::string json_key = GetServiceAccountJsonKey(); client.DoServiceAccountCreds(json_key, FLAGS_oauth_scope); client.DoJwtTokenCreds(json_key); + client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope); } // compute_engine_creds only runs in GCE. } else { @@ -136,8 +141,8 @@ int main(int argc, char** argv) { "Unsupported test case %s. Valid options are all|empty_unary|" "large_unary|client_streaming|server_streaming|half_duplex|ping_pong|" "cancel_after_begin|cancel_after_first_response|" - "timeout_on_sleeping_server|" - "service_account_creds|compute_engine_creds|jwt_token_creds", + "timeout_on_sleeping_server|service_account_creds|compute_engine_creds|" + "jwt_token_creds|oauth2_auth_token", FLAGS_test_case.c_str()); ret = 1; } diff --git a/test/cpp/interop/client_helper.cc b/test/cpp/interop/client_helper.cc index 09fd1c8913f..48b1b2e864f 100644 --- a/test/cpp/interop/client_helper.cc +++ b/test/cpp/interop/client_helper.cc @@ -40,6 +40,7 @@ #include #include +#include #include #include #include @@ -47,6 +48,8 @@ #include #include #include +#include "src/cpp/client/secure_credentials.h" +#include "test/core/security/oauth2_utils.h" #include "test/cpp/util/create_test_channel.h" DECLARE_bool(enable_ssl); @@ -62,6 +65,16 @@ DECLARE_string(oauth_scope); namespace grpc { namespace testing { +namespace { +std::shared_ptr CreateServiceAccountCredentials() { + GPR_ASSERT(FLAGS_enable_ssl); + grpc::string json_key = GetServiceAccountJsonKey(); + std::chrono::seconds token_lifetime = std::chrono::hours(1); + return ServiceAccountCredentials(json_key, FLAGS_oauth_scope, + token_lifetime.count()); +} +} // namespace + grpc::string GetServiceAccountJsonKey() { static grpc::string json_key; if (json_key.empty()) { @@ -73,6 +86,20 @@ grpc::string GetServiceAccountJsonKey() { return json_key; } +grpc::string GetOauth2AccessToken() { + std::shared_ptr creds = CreateServiceAccountCredentials(); + SecureCredentials* secure_creds = + dynamic_cast(creds.get()); + GPR_ASSERT(secure_creds != nullptr); + grpc_credentials* c_creds = secure_creds->GetRawCreds(); + char* token = grpc_test_fetch_oauth2_token_with_credentials(c_creds); + GPR_ASSERT(token != nullptr); + gpr_log(GPR_INFO, "Get raw oauth2 access token: %s", token); + grpc::string access_token(token + sizeof("Bearer ") - 1); + gpr_free(token); + return access_token; +} + std::shared_ptr CreateChannelForTestCase( const grpc::string& test_case) { GPR_ASSERT(FLAGS_server_port); @@ -82,12 +109,7 @@ std::shared_ptr CreateChannelForTestCase( FLAGS_server_port); if (test_case == "service_account_creds") { - std::shared_ptr creds; - GPR_ASSERT(FLAGS_enable_ssl); - grpc::string json_key = GetServiceAccountJsonKey(); - std::chrono::seconds token_lifetime = std::chrono::hours(1); - creds = ServiceAccountCredentials(json_key, FLAGS_oauth_scope, - token_lifetime.count()); + std::shared_ptr creds = CreateServiceAccountCredentials(); return CreateTestChannel(host_port, FLAGS_server_host_override, FLAGS_enable_ssl, FLAGS_use_prod_roots, creds); } else if (test_case == "compute_engine_creds") { @@ -104,6 +126,11 @@ std::shared_ptr CreateChannelForTestCase( creds = JWTCredentials(json_key, token_lifetime.count()); return CreateTestChannel(host_port, FLAGS_server_host_override, FLAGS_enable_ssl, FLAGS_use_prod_roots, creds); + } else if (test_case == "oauth2_auth_token") { + grpc::string raw_token = GetOauth2AccessToken(); + std::shared_ptr creds = AccessTokenCredentials(raw_token); + return CreateTestChannel(host_port, FLAGS_server_host_override, + FLAGS_enable_ssl, FLAGS_use_prod_roots, creds); } else { return CreateTestChannel(host_port, FLAGS_server_host_override, FLAGS_enable_ssl, FLAGS_use_prod_roots); diff --git a/test/cpp/interop/client_helper.h b/test/cpp/interop/client_helper.h index 897f974026f..c4361bb9dec 100644 --- a/test/cpp/interop/client_helper.h +++ b/test/cpp/interop/client_helper.h @@ -44,6 +44,8 @@ namespace testing { grpc::string GetServiceAccountJsonKey(); +grpc::string GetOauth2AccessToken(); + std::shared_ptr CreateChannelForTestCase( const grpc::string& test_case); diff --git a/test/cpp/interop/interop_client.cc b/test/cpp/interop/interop_client.cc index d88eff759c8..30056e26ab2 100644 --- a/test/cpp/interop/interop_client.cc +++ b/test/cpp/interop/interop_client.cc @@ -143,6 +143,23 @@ void InteropClient::DoServiceAccountCreds(const grpc::string& username, gpr_log(GPR_INFO, "Large unary with service account creds done."); } +void InteropClient::DoOauth2AuthToken(const grpc::string& username, + const grpc::string& oauth_scope) { + gpr_log(GPR_INFO, + "Sending a large unary rpc with raw oauth2 access token ..."); + SimpleRequest request; + SimpleResponse response; + request.set_fill_username(true); + request.set_fill_oauth_scope(true); + PerformLargeUnary(&request, &response); + GPR_ASSERT(!response.username().empty()); + GPR_ASSERT(!response.oauth_scope().empty()); + GPR_ASSERT(username.find(response.username()) != grpc::string::npos); + const char* oauth_scope_str = response.oauth_scope().c_str(); + GPR_ASSERT(oauth_scope.find(oauth_scope_str) != grpc::string::npos); + gpr_log(GPR_INFO, "Large unary with oauth2 access token done."); +} + void InteropClient::DoJwtTokenCreds(const grpc::string& username) { gpr_log(GPR_INFO, "Sending a large unary rpc with JWT token credentials ..."); SimpleRequest request; diff --git a/test/cpp/interop/interop_client.h b/test/cpp/interop/interop_client.h index d02e583d94a..67eecd9cccb 100644 --- a/test/cpp/interop/interop_client.h +++ b/test/cpp/interop/interop_client.h @@ -68,6 +68,9 @@ class InteropClient { // username is a string containing the user email void DoServiceAccountCreds(const grpc::string& username, const grpc::string& oauth_scope); + // username is a string containing the user email + void DoOauth2AuthToken(const grpc::string& username, + const grpc::string& oauth_scope); private: void PerformLargeUnary(SimpleRequest* request, SimpleResponse* response); diff --git a/tools/run_tests/sources_and_headers.json b/tools/run_tests/sources_and_headers.json index 1fc5c20fe49..2a180df7c06 100644 --- a/tools/run_tests/sources_and_headers.json +++ b/tools/run_tests/sources_and_headers.json @@ -9096,6 +9096,7 @@ "test/core/end2end/cq_verifier.h", "test/core/end2end/data/ssl_test_data.h", "test/core/iomgr/endpoint_tests.h", + "test/core/security/oauth2_utils.h", "test/core/util/grpc_profiler.h", "test/core/util/parse_hexstring.h", "test/core/util/port.h", @@ -9112,6 +9113,8 @@ "test/core/end2end/data/test_root_cert.c", "test/core/iomgr/endpoint_tests.c", "test/core/iomgr/endpoint_tests.h", + "test/core/security/oauth2_utils.c", + "test/core/security/oauth2_utils.h", "test/core/util/grpc_profiler.c", "test/core/util/grpc_profiler.h", "test/core/util/parse_hexstring.c", @@ -9132,6 +9135,7 @@ "headers": [ "test/core/end2end/cq_verifier.h", "test/core/iomgr/endpoint_tests.h", + "test/core/security/oauth2_utils.h", "test/core/util/grpc_profiler.h", "test/core/util/parse_hexstring.h", "test/core/util/port.h", @@ -9144,6 +9148,8 @@ "test/core/end2end/cq_verifier.h", "test/core/iomgr/endpoint_tests.c", "test/core/iomgr/endpoint_tests.h", + "test/core/security/oauth2_utils.c", + "test/core/security/oauth2_utils.h", "test/core/util/grpc_profiler.c", "test/core/util/grpc_profiler.h", "test/core/util/parse_hexstring.c", diff --git a/vsprojects/grpc_test_util/grpc_test_util.vcxproj b/vsprojects/grpc_test_util/grpc_test_util.vcxproj index f250d0a632b..3f16c2217c3 100644 --- a/vsprojects/grpc_test_util/grpc_test_util.vcxproj +++ b/vsprojects/grpc_test_util/grpc_test_util.vcxproj @@ -149,6 +149,7 @@ + @@ -165,6 +166,8 @@ + +