diff options
author | Tim Emiola <temiola@google.com> | 2015-01-31 02:01:33 -0800 |
---|---|---|
committer | Tim Emiola <temiola@google.com> | 2015-01-31 18:22:48 -0800 |
commit | 8c750f44f4f4e350717c76203de30389dc4641ec (patch) | |
tree | af07087b45410aa9e13e73122e5a136a64930ed3 | |
parent | 2e2085693bb76625d02aa8050e6c4e98d43eaf28 (diff) |
Adds a compute engine auth GCE interop test
- also fixes the service_account test assertions
-rwxr-xr-x | src/ruby/bin/interop/interop_client.rb | 128 |
1 files changed, 74 insertions, 54 deletions
diff --git a/src/ruby/bin/interop/interop_client.rb b/src/ruby/bin/interop/interop_client.rb index de90590db3..321da36d14 100755 --- a/src/ruby/bin/interop/interop_client.rb +++ b/src/ruby/bin/interop/interop_client.rb @@ -56,6 +56,8 @@ require 'test/cpp/interop/empty' require 'signet/ssl_config' +include Google::RPC::Auth + # loads the certificates used to access the test server securely. def load_test_certs this_dir = File.expand_path(File.dirname(__FILE__)) @@ -67,46 +69,53 @@ end # loads the certificates used to access the test server securely. def load_prod_cert fail 'could not find a production cert' if ENV['SSL_CERT_FILE'].nil? - p "loading prod certs from #{ENV['SSL_CERT_FILE']}" + logger.info("loading prod certs from #{ENV['SSL_CERT_FILE']}") File.open(ENV['SSL_CERT_FILE']).read end -# creates a Credentials from the test certificates. +# creates SSL Credentials from the test certificates. def test_creds certs = load_test_certs GRPC::Core::Credentials.new(certs[0]) end -RX_CERT = /-----BEGIN CERTIFICATE-----\n.*?-----END CERTIFICATE-----\n/m - -# creates a Credentials from the production certificates. +# creates SSL Credentials from the production certificates. def prod_creds cert_text = load_prod_cert GRPC::Core::Credentials.new(cert_text) end +# creates the SSL Credentials. +def ssl_creds(use_test_ca) + return test_creds if use_test_ca + prod_creds +end + # creates a test stub that accesses host:port securely. def create_stub(opts) address = "#{opts.host}:#{opts.port}" if opts.secure - creds = nil - if opts.use_test_ca - creds = test_creds - else - creds = prod_creds - end - stub_opts = { - :creds => creds, + :creds => ssl_creds(opts.use_test_ca), GRPC::Core::Channel::SSL_TARGET => opts.host_override } - # Allow service account updates if specified - unless opts.oauth_scope.nil? - cred_clz = Google::RPC::Auth::ServiceAccountCredentials - json_key_io = StringIO.new(File.read(opts.oauth_key_file)) - auth_creds = cred_clz.new(opts.oauth_scope, json_key_io) - stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply)) + # Add service account creds if specified + if %w(all service_account_creds).include?(opts.test_case) + unless opts.oauth_scope.nil? + fd = StringIO.new(File.read(opts.oauth_key_file)) + logger.info("loading oauth certs from #{opts.oauth_key_file}") + auth_creds = ServiceAccountCredentials.new(opts.oauth_scope, fd) + stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply)) + end + end + + # Add compute engine creds if specified + if %w(all compute_engine_creds).include?(opts.test_case) + unless opts.oauth_scope.nil? + auth_creds = GCECredentials.new + stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply)) + end end logger.info("... connecting securely to #{address}") @@ -166,10 +175,10 @@ class NamedTests include Grpc::Testing::PayloadType attr_accessor :assertions # required by Minitest::Assertions - def initialize(stub, opts) + def initialize(stub, args) @assertions = 0 # required by Minitest::Assertions @stub = stub - @opts = opts + @args = args end def empty_unary @@ -185,18 +194,30 @@ class NamedTests def service_account_creds # ignore this test if the oauth options are not set - if @opts.oauth_scope.nil? || @opts.oauth_key_file.nil? + if @args.oauth_scope.nil? || @args.oauth_key_file.nil? p 'NOT RUN: service_account_creds; no service_account settings' end - json_key = File.read(@opts.oauth_key_file) + json_key = File.read(@args.oauth_key_file) wanted_email = MultiJson.load(json_key)['client_email'] - resp = perform_large_unary - assert_equal(@opts.oauth_scope, resp.oauth_scope, - 'service_account_creds: incorrect oauth_scope') - assert_equal(wanted_email, resp.username) + resp = perform_large_unary(fill_username: true, + fill_oauth_scope: true) + assert_equal(wanted_email, resp.username, + 'service_account_creds: incorrect username') + assert(@args.oauth_scope.include?(resp.oauth_scope), + 'service_account_creds: incorrect oauth_scope') p 'OK: service_account_creds' end + def compute_engine_creds + resp = perform_large_unary(fill_username: true, + fill_oauth_scope: true) + assert(@args.oauth_scope.include?(resp.oauth_scope), + 'service_account_creds: incorrect oauth_scope') + assert_equal(@args.default_service_account, resp.username, + 'service_account_creds: incorrect username') + p 'OK: compute_engine_creds' + end + def client_streaming msg_sizes = [27_182, 8, 1828, 45_904] wanted_aggregate_size = 74_922 @@ -264,66 +285,65 @@ class NamedTests end end -Options = Struct.new(:oauth_scope, :oauth_key_file, :secure, :host, - :host_override, :port, :test_case, :use_test_ca) +# Args is used to hold the command line info. +Args = Struct.new(:default_service_account, :host, :host_override, + :oauth_scope, :oauth_key_file, :port, :secure, :test_case, + :use_test_ca) # validates the the command line options, returning them as a Hash. -def parse_options - options = Options.new - options.host_override = 'foo.test.google.com' +def parse_args + args = Args.new + args.host_override = 'foo.test.google.com' OptionParser.new do |opts| - opts.banner = 'Usage: --server_host <server_host> --server_port server_port' opts.on('--oauth_scope scope', - 'Scope for OAuth tokens') do |v| - options['oauth_scope'] = v - end + 'Scope for OAuth tokens') { |v| args['oauth_scope'] = v } opts.on('--server_host SERVER_HOST', 'server hostname') do |v| - options['host'] = v + args['host'] = v + end + opts.on('--default_service_account email_address', + 'email address of the default service account') do |v| + args['default_service_account'] = v end opts.on('--service_account_key_file PATH', 'Path to the service account json key file') do |v| - options['oauth_key_file'] = v + args['oauth_key_file'] = v end opts.on('--server_host_override HOST_OVERRIDE', 'override host via a HTTP header') do |v| - options['host_override'] = v - end - opts.on('--server_port SERVER_PORT', 'server port') do |v| - options['port'] = v + args['host_override'] = v end + opts.on('--server_port SERVER_PORT', 'server port') { |v| args['port'] = v } # instance_methods(false) gives only the methods defined in that class test_cases = NamedTests.instance_methods(false).map(&:to_s) test_case_list = test_cases.join(',') opts.on('--test_case CODE', test_cases, {}, 'select a test_case', - " (#{test_case_list})") do |v| - options['test_case'] = v - end + " (#{test_case_list})") { |v| args['test_case'] = v } opts.on('-s', '--use_tls', 'require a secure connection?') do |v| - options['secure'] = v + args['secure'] = v end opts.on('-t', '--use_test_ca', 'if secure, use the test certificate?') do |v| - options['use_test_ca'] = v + args['use_test_ca'] = v end end.parse! - _check_options(options) + _check_args(args) end -def _check_options(opts) - %w(host port test_case).each do |arg| - if opts[arg].nil? +def _check_args(args) + %w(host port test_case).each do |a| + if args[a].nil? fail(OptionParser::MissingArgument, "please specify --#{arg}") end end - if opts['oauth_key_file'].nil? ^ opts['oauth_scope'].nil? + if args['oauth_key_file'].nil? ^ args['oauth_scope'].nil? fail(OptionParser::MissingArgument, 'please specify both of --service_account_key_file and --oauth_scope') end - opts + args end def main - opts = parse_options + opts = parse_args stub = create_stub(opts) NamedTests.new(stub, opts).method(opts['test_case']).call end |