Merge pull request #3854 from stanley-cheung/php_add_auth_interop_tests

PHP: add remaining auth interop tests

2 files changed, 128 insertions, 47 deletions

diff --git a/src/php/tests/interop/interop_client.php b/src/php/tests/interop/interop_client.php
index 1f903053a7..6670ef3ab9 100755
--- a/src/php/tests/interop/interop_client.php
+++ b/src/php/tests/interop/interop_client.php
@@ -36,6 +36,9 @@ require 'empty.php';
 require 'message_set.php';
 require 'messages.php';
 require 'test.php';
+use Google\Auth\CredentialsLoader;
+use Google\Auth\ApplicationDefaultCredentials;
+use GuzzleHttp\ClientInterface;
 
 /**
  * Assertion function that always exits with an error code if the assertion is
@@ -52,7 +55,6 @@ function hardAssert($value, $error_message) {
 
 /**
  * Run the empty_unary test.
- * Passes when run against the Node server as of 2015-04-30
  * @param $stub Stub object that has service methods
  */
 function emptyUnary($stub) {
@@ -63,7 +65,6 @@ function emptyUnary($stub) {
 
 /**
  * Run the large_unary test.
- * Passes when run against the C++/Node server as of 2015-04-30
  * @param $stub Stub object that has service methods
  */
 function largeUnary($stub) {
@@ -76,7 +77,8 @@ function largeUnary($stub) {
  * @param $fillUsername boolean whether to fill result with username
  * @param $fillOauthScope boolean whether to fill result with oauth scope
  */
-function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false) {
+function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false,
+                           $metadata = array()) {
   $request_len = 271828;
   $response_len = 314159;
 
@@ -90,7 +92,7 @@ function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false
   $request->setFillUsername($fillUsername);
   $request->setFillOauthScope($fillOauthScope);
 
-  list($result, $status) = $stub->UnaryCall($request)->wait();
+  list($result, $status) = $stub->UnaryCall($request, $metadata)->wait();
   hardAssert($status->code === Grpc\STATUS_OK, 'Call did not complete successfully');
   hardAssert($result !== null, 'Call returned a null response');
   $payload = $result->getPayload();
@@ -105,7 +107,6 @@ function performLargeUnary($stub, $fillUsername = false, $fillOauthScope = false
 
 /**
  * Run the service account credentials auth test.
- * Passes when run against the cloud server as of 2015-04-30
  * @param $stub Stub object that has service methods
  * @param $args array command line args
  */
@@ -114,7 +115,7 @@ function serviceAccountCreds($stub, $args) {
     throw new Exception('Missing oauth scope');
   }
   $jsonKey = json_decode(
-      file_get_contents(getenv(Google\Auth\CredentialsLoader::ENV_VAR)),
+      file_get_contents(getenv(CredentialsLoader::ENV_VAR)),
       true);
   $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true);
   hardAssert($result->getUsername() == $jsonKey['client_email'],
@@ -143,13 +144,12 @@ function computeEngineCreds($stub, $args) {
 
 /**
  * Run the jwt token credentials auth test.
- * Passes when run against the cloud server as of 2015-05-12
  * @param $stub Stub object that has service methods
  * @param $args array command line args
  */
 function jwtTokenCreds($stub, $args) {
   $jsonKey = json_decode(
-      file_get_contents(getenv(Google\Auth\CredentialsLoader::ENV_VAR)),
+      file_get_contents(getenv(CredentialsLoader::ENV_VAR)),
       true);
   $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true);
   hardAssert($result->getUsername() == $jsonKey['client_email'],
@@ -157,8 +157,44 @@ function jwtTokenCreds($stub, $args) {
 }
 
 /**
+ * Run the oauth2_auth_token auth test.
+ * @param $stub Stub object that has service methods
+ * @param $args array command line args
+ */
+function oauth2AuthToken($stub, $args) {
+  $jsonKey = json_decode(
+      file_get_contents(getenv(CredentialsLoader::ENV_VAR)),
+      true);
+  $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true);
+  hardAssert($result->getUsername() == $jsonKey['client_email'],
+             'invalid email returned');
+}
+
+/**
+ * Run the per_rpc_creds auth test.
+ * @param $stub Stub object that has service methods
+ * @param $args array command line args
+ */
+function perRpcCreds($stub, $args) {
+  $jsonKey = json_decode(
+      file_get_contents(getenv(CredentialsLoader::ENV_VAR)),
+      true);
+  $auth_credentials = ApplicationDefaultCredentials::getCredentials(
+      $args['oauth_scope']
+  );
+  $token = $auth_credentials->fetchAuthToken();
+  $metadata = array(CredentialsLoader::AUTH_METADATA_KEY =>
+                    array(sprintf("%s %s",
+                                  $token['token_type'],
+                                  $token['access_token'])));
+  $result = performLargeUnary($stub, $fillUsername=true, $fillOauthScope=true,
+                              $metadata);
+  hardAssert($result->getUsername() == $jsonKey['client_email'],
+             'invalid email returned');
+}
+
+/**
  * Run the client_streaming test.
- * Passes when run against the Node server as of 2015-04-30
  * @param $stub Stub object that has service methods
  */
 function clientStreaming($stub) {
@@ -185,7 +221,6 @@ function clientStreaming($stub) {
 
 /**
  * Run the server_streaming test.
- * Passes when run against the Node server as of 2015-04-30
  * @param $stub Stub object that has service methods.
  */
 function serverStreaming($stub) {
@@ -216,7 +251,6 @@ function serverStreaming($stub) {
 
 /**
  * Run the ping_pong test.
- * Passes when run against the Node server as of 2015-04-30
  * @param $stub Stub object that has service methods.
  */
 function pingPong($stub) {
@@ -252,7 +286,6 @@ function pingPong($stub) {
 
 /**
  * Run the empty_stream test.
- * Passes when run against the Node server as of 2015-10-09
  * @param $stub Stub object that has service methods.
  */
 function emptyStream($stub) {
@@ -265,7 +298,6 @@ function emptyStream($stub) {
 
 /**
  * Run the cancel_after_begin test.
- * Passes when run against the Node server as of 2015-08-28
  * @param $stub Stub object that has service methods.
  */
 function cancelAfterBegin($stub) {
@@ -278,7 +310,6 @@ function cancelAfterBegin($stub) {
 
 /**
  * Run the cancel_after_first_response test.
- * Passes when run against the Node server as of 2015-04-30
  * @param $stub Stub object that has service methods.
  */
 function cancelAfterFirstResponse($stub) {
@@ -319,12 +350,17 @@ function timeoutOnSleepingServer($stub) {
 }
 
 $args = getopt('', array('server_host:', 'server_port:', 'test_case:',
+                         'use_tls::', 'use_test_ca::',
                          'server_host_override:', 'oauth_scope:',
                          'default_service_account:'));
-if (!array_key_exists('server_host', $args) ||
-    !array_key_exists('server_port', $args) ||
-    !array_key_exists('test_case', $args)) {
-  throw new Exception('Missing argument');
+if (!array_key_exists('server_host', $args)) {
+  throw new Exception('Missing argument: --server_host is required');
+}
+if (!array_key_exists('server_port', $args)) {
+  throw new Exception('Missing argument: --server_port is required');
+}
+if (!array_key_exists('test_case', $args)) {
+  throw new Exception('Missing argument: --test_case is required');
 }
 
 if ($args['server_port'] == 443) {
@@ -333,41 +369,76 @@ if ($args['server_port'] == 443) {
   $server_address = $args['server_host'] . ':' . $args['server_port'];
 }
 
-if (!array_key_exists('server_host_override', $args)) {
-  $args['server_host_override'] = 'foo.test.google.fr';
+$test_case = $args['test_case'];
+
+$host_override = 'foo.test.google.fr';
+if (array_key_exists('server_host_override', $args)) {
+  $host_override = $args['server_host_override'];
+}
+
+$use_tls = false;
+if (array_key_exists('use_tls', $args) &&
+    $args['use_tls'] != 'false') {
+  $use_tls = true;
 }
 
-$ssl_cert_file = getenv('SSL_CERT_FILE');
-if (!$ssl_cert_file) {
-  $ssl_cert_file = dirname(__FILE__) . '/../data/ca.pem';
+$use_test_ca = false;
+if (array_key_exists('use_test_ca', $args) &&
+    $args['use_test_ca'] != 'false') {
+  $use_test_ca = true;
 }
 
-$credentials = Grpc\Credentials::createSsl(file_get_contents($ssl_cert_file));
+$opts = [];
 
-$opts = [
-    'grpc.ssl_target_name_override' => $args['server_host_override'],
-    'credentials' => $credentials,
-         ];
+if ($use_tls) {
+  if ($use_test_ca) {
+    $ssl_cert_file = dirname(__FILE__) . '/../data/ca.pem';
+  } else {
+    $ssl_cert_file = getenv('SSL_CERT_FILE');
+  }
+  $ssl_credentials = Grpc\Credentials::createSsl(
+      file_get_contents($ssl_cert_file));
+  $opts['credentials'] = $ssl_credentials;
+  $opts['grpc.ssl_target_name_override'] = $host_override;
+}
 
-if (in_array($args['test_case'], array(
-      'service_account_creds',
-      'compute_engine_creds',
-      'jwt_token_creds'))) {
-  if ($args['test_case'] == 'jwt_token_creds') {
-    $auth = Google\Auth\ApplicationDefaultCredentials::getCredentials();
+if (in_array($test_case, array('service_account_creds',
+    'compute_engine_creds', 'jwt_token_creds'))) {
+  if ($test_case == 'jwt_token_creds') {
+    $auth_credentials = ApplicationDefaultCredentials::getCredentials();
   } else {
-    $auth = Google\Auth\ApplicationDefaultCredentials::getCredentials(
-      $args['oauth_scope']);
+    $auth_credentials = ApplicationDefaultCredentials::getCredentials(
+      $args['oauth_scope']
+    );
   }
-  $opts['update_metadata'] = $auth->getUpdateMetadataFunc();
+  $opts['update_metadata'] = $auth_credentials->getUpdateMetadataFunc();
+}
+
+if ($test_case == 'oauth2_auth_token') {
+  $auth_credentials = ApplicationDefaultCredentials::getCredentials(
+      $args['oauth_scope']
+  );
+  $token = $auth_credentials->fetchAuthToken();
+  $update_metadata =
+      function($metadata,
+               $authUri = null,
+               ClientInterface $client = null) use ($token) {
+        $metadata_copy = $metadata;
+        $metadata_copy[CredentialsLoader::AUTH_METADATA_KEY] =
+            array(sprintf("%s %s",
+                          $token['token_type'],
+                          $token['access_token']));
+        return $metadata_copy;
+      };
+  $opts['update_metadata'] = $update_metadata;
 }
 
 $stub = new grpc\testing\TestServiceClient($server_address, $opts);
 
 echo "Connecting to $server_address\n";
-echo "Running test case $args[test_case]\n";
+echo "Running test case $test_case\n";
 
-switch ($args['test_case']) {
+switch ($test_case) {
   case 'empty_unary':
     emptyUnary($stub);
     break;
@@ -404,7 +475,13 @@ switch ($args['test_case']) {
   case 'jwt_token_creds':
     jwtTokenCreds($stub, $args);
     break;
+  case 'oauth2_auth_token':
+    oauth2AuthToken($stub, $args);
+    break;
+  case 'per_rpc_creds':
+    perRpcCreds($stub, $args);
+    break;
   default:
-    echo "Unsupported test case $args[test_case]\n";
+    echo "Unsupported test case $test_case\n";
     exit(1);
 }
diff --git a/tools/run_tests/run_interop_tests.py b/tools/run_tests/run_interop_tests.py
index 1814ba1abc..a4b6a747ed 100755
--- a/tools/run_tests/run_interop_tests.py
+++ b/tools/run_tests/run_interop_tests.py
@@ -220,17 +220,20 @@ class PHPLanguage:
 
   def cloud_to_prod_args(self):
     return (self.client_cmdline_base + _CLOUD_TO_PROD_BASE_ARGS +
-            ['--use_tls'])
+            ['--use_tls=true'])
 
   def cloud_to_cloud_args(self):
     return (self.client_cmdline_base + _CLOUD_TO_CLOUD_BASE_ARGS +
-            ['--use_tls', '--use_test_ca'])
+            ['--use_tls=true', '--use_test_ca=true'])
 
   def cloud_to_prod_env(self):
     return _SSL_CERT_ENV
 
   def global_env(self):
-    return {}
+    # need to manually copy to each jenkins machine if we run into github
+    # rate limit when running `composer install`
+    return {"BUILD_INTEROP_DOCKER_EXTRA_ARGS":
+            "-v /var/local/.composer/auth.json:/root/.composer/auth.json:ro"}
 
   def __str__(self):
     return 'php'
@@ -472,15 +475,16 @@ def server_jobspec(language, docker_image):
 
 def build_interop_image_jobspec(language, tag=None):
   """Creates jobspec for building interop docker image for a language"""
+  environ = language.global_env()
   if not tag:
     tag = 'grpc_interop_%s:%s' % (language.safename, uuid.uuid4())
-  env = {'INTEROP_IMAGE': tag,
-         'BASE_NAME': 'grpc_interop_%s' % language.safename}
+  environ['INTEROP_IMAGE'] = tag
+  environ['BASE_NAME'] = 'grpc_interop_%s' % language.safename
   if not args.travis:
-    env['TTY_FLAG'] = '-t'
+    environ['TTY_FLAG'] = '-t'
   build_job = jobset.JobSpec(
           cmdline=['tools/jenkins/build_interop_image.sh'],
-          environ=env,
+          environ=environ,
           shortname="build_docker_%s" % (language),
           timeout_seconds=30*60)
   build_job.tag = tag