From 9cae580877947652f6a3edcfd4ec1a043556f4df Mon Sep 17 00:00:00 2001 From: Tim Emiola Date: Mon, 26 Jan 2015 19:05:16 -0800 Subject: [PATCH 1/6] Added the use_tls flag toggle connecting securely --- src/ruby/bin/interop/interop_client.rb | 25 +++++++++++++++++-------- src/ruby/bin/interop/interop_server.rb | 20 +++++++++++++++----- 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/ruby/bin/interop/interop_client.rb b/src/ruby/bin/interop/interop_client.rb index 0ea7f376bea..a23d8067f59 100755 --- a/src/ruby/bin/interop/interop_client.rb +++ b/src/ruby/bin/interop/interop_client.rb @@ -69,14 +69,19 @@ def test_creds end # creates a test stub that accesses host:port securely. -def create_stub(host, port) +def create_stub(host, port, is_secure) address = "#{host}:#{port}" - stub_opts = { - :creds => test_creds, - GRPC::Core::Channel::SSL_TARGET => 'foo.test.google.com' - } - logger.info("... connecting securely to #{address}") - Grpc::Testing::TestService::Stub.new(address, **stub_opts) + if is_secure + stub_opts = { + :creds => test_creds, + GRPC::Core::Channel::SSL_TARGET => 'foo.test.google.com' + } + logger.info("... connecting securely to #{address}") + Grpc::Testing::TestService::Stub.new(address, **stub_opts) + else + logger.info("... connecting insecurely to #{address}") + Grpc::Testing::TestService::Stub.new(address) + end end # produces a string of null chars (\0) of length l. @@ -216,6 +221,7 @@ end # validates the the command line options, returning them as a Hash. def parse_options options = { + 'secure' => false, 'server_host' => nil, 'server_port' => nil, 'test_case' => nil @@ -235,6 +241,9 @@ def parse_options " (#{test_case_list})") do |v| options['test_case'] = v end + opts.on('-u', '--use_tls', 'access using test creds') do |v| + options['secure'] = v + end end.parse! %w(server_host server_port test_case).each do |arg| @@ -247,7 +256,7 @@ end def main opts = parse_options - stub = create_stub(opts['server_host'], opts['server_port']) + stub = create_stub(opts['server_host'], opts['server_port'], opts['secure']) NamedTests.new(stub).method(opts['test_case']).call end diff --git a/src/ruby/bin/interop/interop_server.rb b/src/ruby/bin/interop/interop_server.rb index 83212823f62..441f609713e 100755 --- a/src/ruby/bin/interop/interop_server.rb +++ b/src/ruby/bin/interop/interop_server.rb @@ -154,13 +154,18 @@ end # validates the the command line options, returning them as a Hash. def parse_options options = { - 'port' => nil + 'port' => nil, + 'secure' => false } OptionParser.new do |opts| opts.banner = 'Usage: --port port' opts.on('--port PORT', 'server port') do |v| options['port'] = v end + opts.on('-u', '--use_tls', 'access using test creds') do |v| + options['secure'] = v + end + end.parse! if options['port'].nil? @@ -172,10 +177,15 @@ end def main opts = parse_options host = "0.0.0.0:#{opts['port']}" - s = GRPC::RpcServer.new(creds: test_server_creds) - s.add_http2_port(host, true) - logger.info("... running securely on #{host}") - + if opts['secure'] + s = GRPC::RpcServer.new(creds: test_server_creds) + s.add_http2_port(host, true) + logger.info("... running securely on #{host}") + else + s = GRPC::RpcServer.new + s.add_http2_port(host) + logger.info("... running insecurely on #{host}") + end s.handle(TestTarget) s.run end From 965dda629e53166f8c7edbd634c4110d1cd13bdb Mon Sep 17 00:00:00 2001 From: Tim Emiola Date: Mon, 26 Jan 2015 19:06:51 -0800 Subject: [PATCH 2/6] Removes the test state tracking, that's available on Jenkins --- src/ruby/bin/interop/interop_client.rb | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/src/ruby/bin/interop/interop_client.rb b/src/ruby/bin/interop/interop_client.rb index a23d8067f59..702db0d22fa 100755 --- a/src/ruby/bin/interop/interop_client.rb +++ b/src/ruby/bin/interop/interop_client.rb @@ -138,20 +138,12 @@ class NamedTests @stub = stub end - # TESTING - # PASSED - # FAIL - # ruby server: fails protobuf-ruby can't pass an empty message def empty_unary resp = @stub.empty_call(Empty.new) assert resp.is_a?(Empty), 'empty_unary: invalid response' p 'OK: empty_unary' end - # TESTING - # PASSED - # ruby server - # FAILED def large_unary req_size, wanted_response_size = 271_828, 314_159 payload = Payload.new(type: :COMPRESSABLE, body: nulls(req_size)) @@ -168,10 +160,6 @@ class NamedTests p 'OK: large_unary' end - # TESTING: - # PASSED - # ruby server - # FAILED def client_streaming msg_sizes = [27_182, 8, 1828, 45_904] wanted_aggregate_size = 74_922 @@ -185,10 +173,6 @@ class NamedTests p 'OK: client_streaming' end - # TESTING: - # PASSED - # ruby server - # FAILED def server_streaming msg_sizes = [31_415, 9, 2653, 58_979] response_spec = msg_sizes.map { |s| ResponseParameters.new(size: s) } @@ -205,10 +189,6 @@ class NamedTests p 'OK: server_streaming' end - # TESTING: - # PASSED - # ruby server - # FAILED def ping_pong msg_sizes = [[27_182, 31_415], [8, 9], [1828, 2653], [45_904, 58_979]] ppp = PingPongPlayer.new(msg_sizes) From 4eecb5da1ad1431ce5dcef2a8767d25e7b79c8c9 Mon Sep 17 00:00:00 2001 From: Tim Emiola Date: Mon, 26 Jan 2015 19:22:43 -0800 Subject: [PATCH 3/6] Adds a flag for running all the tests --- src/ruby/bin/interop/interop_client.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/ruby/bin/interop/interop_client.rb b/src/ruby/bin/interop/interop_client.rb index 702db0d22fa..4c9c24be155 100755 --- a/src/ruby/bin/interop/interop_client.rb +++ b/src/ruby/bin/interop/interop_client.rb @@ -196,6 +196,15 @@ class NamedTests resps.each { |r| ppp.queue.push(r) } p 'OK: ping_pong' end + + def all + all_methods = NamedTests.instance_methods(false).map(&:to_s) + all_methods.each do |m| + next if m == 'all' or m.start_with?('assert') + p "TESTCASE: #{m}" + self.method(m).call + end + end end # validates the the command line options, returning them as a Hash. From 6e1f10d7579fe97c6b19e8cb5a16668ce3afb0a2 Mon Sep 17 00:00:00 2001 From: Tim Emiola Date: Mon, 26 Jan 2015 19:54:13 -0800 Subject: [PATCH 4/6] Adds a dependency on signet. It's to be used for auth, but for now it sslconfig module is required --- src/ruby/grpc.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ruby/grpc.gemspec b/src/ruby/grpc.gemspec index 450362f5a82..ffd084dc912 100755 --- a/src/ruby/grpc.gemspec +++ b/src/ruby/grpc.gemspec @@ -22,6 +22,7 @@ Gem::Specification.new do |s| s.add_dependency 'xray' s.add_dependency 'logging', '~> 1.8' s.add_dependency 'google-protobuf', '~> 3.0.0alpha.1.1' + s.add_dependency 'signet', '~> 0.5.1' s.add_dependency 'minitest', '~> 5.4' # reqd for interop tests s.add_development_dependency 'bundler', '~> 1.7' From 2854ad7aa4db1e7df4a386cac5c3946d6b15de90 Mon Sep 17 00:00:00 2001 From: Tim Emiola Date: Mon, 26 Jan 2015 19:55:12 -0800 Subject: [PATCH 5/6] Adds support for overriding the server host name during SSL --- src/ruby/bin/interop/interop_client.rb | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/ruby/bin/interop/interop_client.rb b/src/ruby/bin/interop/interop_client.rb index 4c9c24be155..c5e87a7ba2d 100755 --- a/src/ruby/bin/interop/interop_client.rb +++ b/src/ruby/bin/interop/interop_client.rb @@ -69,12 +69,12 @@ def test_creds end # creates a test stub that accesses host:port securely. -def create_stub(host, port, is_secure) +def create_stub(host, port, is_secure, host_override) address = "#{host}:#{port}" if is_secure stub_opts = { :creds => test_creds, - GRPC::Core::Channel::SSL_TARGET => 'foo.test.google.com' + GRPC::Core::Channel::SSL_TARGET => host_override } logger.info("... connecting securely to #{address}") Grpc::Testing::TestService::Stub.new(address, **stub_opts) @@ -212,6 +212,7 @@ def parse_options options = { 'secure' => false, 'server_host' => nil, + 'server_host_override' => nil, 'server_port' => nil, 'test_case' => nil } @@ -220,6 +221,10 @@ def parse_options opts.on('--server_host SERVER_HOST', 'server hostname') do |v| options['server_host'] = v end + opts.on('--server_host_override HOST_OVERRIDE', + 'override host via a HTTP header') do |v| + options['server_host_override'] = v + end opts.on('--server_port SERVER_PORT', 'server port') do |v| options['server_port'] = v end @@ -240,12 +245,16 @@ def parse_options fail(OptionParser::MissingArgument, "please specify --#{arg}") end end + if options['server_host_override'].nil? + options['server_host_override'] = options['server_host'] + end options end def main opts = parse_options - stub = create_stub(opts['server_host'], opts['server_port'], opts['secure']) + stub = create_stub(opts['server_host'], opts['server_port'], opts['secure'], + opts['server_host_override']) NamedTests.new(stub).method(opts['test_case']).call end From 426167c88e2711b9afb58ee48d63dc3ed18712a7 Mon Sep 17 00:00:00 2001 From: Tim Emiola Date: Mon, 26 Jan 2015 22:22:37 -0800 Subject: [PATCH 6/6] Allows production certificates to be specified --- src/ruby/bin/interop/interop_client.rb | 52 +++++++++++++++++++++----- src/ruby/bin/interop/interop_server.rb | 3 +- 2 files changed, 43 insertions(+), 12 deletions(-) diff --git a/src/ruby/bin/interop/interop_client.rb b/src/ruby/bin/interop/interop_client.rb index c5e87a7ba2d..86739b7b670 100755 --- a/src/ruby/bin/interop/interop_client.rb +++ b/src/ruby/bin/interop/interop_client.rb @@ -54,6 +54,8 @@ require 'test/cpp/interop/test_services' require 'test/cpp/interop/messages' require 'test/cpp/interop/empty' +require 'signet/ssl_config' + # loads the certificates used to access the test server securely. def load_test_certs this_dir = File.expand_path(File.dirname(__FILE__)) @@ -62,18 +64,41 @@ def load_test_certs files.map { |f| File.open(File.join(data_dir, f)).read } end +# loads the certificates used to access the test server securely. +def load_prod_cert + fail 'could not find a production cert' if ENV['SSL_CERT_FILE'].nil? + p "loading prod certs from #{ENV['SSL_CERT_FILE']}" + File.open(ENV['SSL_CERT_FILE']).read +end + # creates a Credentials from the test certificates. def test_creds certs = load_test_certs GRPC::Core::Credentials.new(certs[0]) end +RX_CERT = /-----BEGIN CERTIFICATE-----\n.*?-----END CERTIFICATE-----\n/m + + +# creates a Credentials from the production certificates. +def prod_creds + cert_text = load_prod_cert + GRPC::Core::Credentials.new(cert_text) +end + # creates a test stub that accesses host:port securely. -def create_stub(host, port, is_secure, host_override) +def create_stub(host, port, is_secure, host_override, use_test_ca) address = "#{host}:#{port}" if is_secure + creds = nil + if use_test_ca + creds = test_creds + else + creds = prod_creds + end + stub_opts = { - :creds => test_creds, + :creds => creds, GRPC::Core::Channel::SSL_TARGET => host_override } logger.info("... connecting securely to #{address}") @@ -200,9 +225,9 @@ class NamedTests def all all_methods = NamedTests.instance_methods(false).map(&:to_s) all_methods.each do |m| - next if m == 'all' or m.start_with?('assert') + next if m == 'all' || m.start_with?('assert') p "TESTCASE: #{m}" - self.method(m).call + method(m).call end end end @@ -235,26 +260,33 @@ def parse_options " (#{test_case_list})") do |v| options['test_case'] = v end - opts.on('-u', '--use_tls', 'access using test creds') do |v| + opts.on('-s', '--use_tls', 'require a secure connection?') do |v| options['secure'] = v end + opts.on('-t', '--use_test_ca', + 'if secure, use the test certificate?') do |v| + options['use_test_ca'] = v + end end.parse! + _check_options(options) +end +def _check_options(opts) %w(server_host server_port test_case).each do |arg| - if options[arg].nil? + if opts[arg].nil? fail(OptionParser::MissingArgument, "please specify --#{arg}") end end - if options['server_host_override'].nil? - options['server_host_override'] = options['server_host'] + if opts['server_host_override'].nil? + opts['server_host_override'] = opts['server_host'] end - options + opts end def main opts = parse_options stub = create_stub(opts['server_host'], opts['server_port'], opts['secure'], - opts['server_host_override']) + opts['server_host_override'], opts['use_test_ca']) NamedTests.new(stub).method(opts['test_case']).call end diff --git a/src/ruby/bin/interop/interop_server.rb b/src/ruby/bin/interop/interop_server.rb index 441f609713e..cc4d2608795 100755 --- a/src/ruby/bin/interop/interop_server.rb +++ b/src/ruby/bin/interop/interop_server.rb @@ -162,10 +162,9 @@ def parse_options opts.on('--port PORT', 'server port') do |v| options['port'] = v end - opts.on('-u', '--use_tls', 'access using test creds') do |v| + opts.on('-s', '--use_tls', 'require a secure connection?') do |v| options['secure'] = v end - end.parse! if options['port'].nil?