Add oauth2_auth_token test case in interop test

8 files changed, 212 insertions, 48 deletions

diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c
index 767f724b62..64c4dde5d9 100644
--- a/test/core/security/fetch_oauth2.c
+++ b/test/core/security/fetch_oauth2.c
@@ -44,35 +44,7 @@
 
 #include "src/core/security/credentials.h"
 #include "src/core/support/file.h"
-
-typedef struct {
-  grpc_pollset pollset;
-  int is_done;
-} synchronizer;
-
-static void on_oauth2_response(void *user_data,
-                               grpc_credentials_md *md_elems,
-                               size_t num_md, grpc_credentials_status status) {
-  synchronizer *sync = user_data;
-  char *token;
-  gpr_slice token_slice;
-  if (status == GRPC_CREDENTIALS_ERROR) {
-    gpr_log(GPR_ERROR, "Fetching token failed.");
-  } else {
-    GPR_ASSERT(num_md == 1);
-    token_slice = md_elems[0].value;
-    token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1);
-    memcpy(token, GPR_SLICE_START_PTR(token_slice),
-           GPR_SLICE_LENGTH(token_slice));
-    token[GPR_SLICE_LENGTH(token_slice)] = '\0';
-    printf("Got token: %s.\n", token);
-    gpr_free(token);
-  }
-  gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset));
-  sync->is_done = 1;
-  grpc_pollset_kick(&sync->pollset);
-  gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset));
-}
+#include "test/core/security/oauth2_utils.h"
 
 static grpc_credentials *create_service_account_creds(
     const char *json_key_file_path, const char *scope) {
@@ -101,10 +73,10 @@ static grpc_credentials *create_refresh_token_creds(
 }
 
 int main(int argc, char **argv) {
-  synchronizer sync;
   grpc_credentials *creds = NULL;
   char *json_key_file_path = NULL;
   char *json_refresh_token_file_path = NULL;
+  char *token = NULL;
   int use_gce = 0;
   char *scope = NULL;
   gpr_cmdline *cl = gpr_cmdline_create("fetch_oauth2");
@@ -175,16 +147,11 @@ int main(int argc, char **argv) {
   }
   GPR_ASSERT(creds != NULL);
 
-  grpc_pollset_init(&sync.pollset);
-  sync.is_done = 0;
-
-  grpc_credentials_get_request_metadata(creds, &sync.pollset, "", on_oauth2_response, &sync);
-
-  gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
-  while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future);
-  gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));
-
-  grpc_pollset_destroy(&sync.pollset);
+  token = grpc_test_fetch_oauth2_token_with_credentials(creds);
+  if (token != NULL) {
+    printf("Got token: %s.\n", token);
+    gpr_free(token);
+  }
   grpc_credentials_release(creds);
   gpr_cmdline_destroy(cl);
   grpc_shutdown();
diff --git a/test/core/security/oauth2_utils.c b/test/core/security/oauth2_utils.c
new file mode 100644
index 0000000000..7196d4778d
--- /dev/null
+++ b/test/core/security/oauth2_utils.c
@@ -0,0 +1,92 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "test/core/security/oauth2_utils.h"
+
+#include <string.h>
+
+#include <grpc/grpc.h>
+#include <grpc/grpc_security.h>
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/slice.h>
+#include <grpc/support/sync.h>
+
+#include "src/core/security/credentials.h"
+
+typedef struct {
+  grpc_pollset pollset;
+  int is_done;
+  char *token;
+} synchronizer;
+
+static void on_oauth2_response(void *user_data, grpc_credentials_md *md_elems,
+                               size_t num_md, grpc_credentials_status status) {
+  synchronizer *sync = user_data;
+  char *token = NULL;
+  gpr_slice token_slice;
+  if (status == GRPC_CREDENTIALS_ERROR) {
+    gpr_log(GPR_ERROR, "Fetching token failed.");
+  } else {
+    GPR_ASSERT(num_md == 1);
+    token_slice = md_elems[0].value;
+    token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1);
+    memcpy(token, GPR_SLICE_START_PTR(token_slice),
+           GPR_SLICE_LENGTH(token_slice));
+    token[GPR_SLICE_LENGTH(token_slice)] = '\0';
+  }
+  gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset));
+  sync->is_done = 1;
+  sync->token = token;
+  grpc_pollset_kick(&sync->pollset);
+  gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset));
+}
+
+static void do_nothing(void *unused) {}
+
+char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds) {
+  synchronizer sync;
+  grpc_pollset_init(&sync.pollset);
+  sync.is_done = 0;
+
+  grpc_credentials_get_request_metadata(creds, &sync.pollset, "",
+                                        on_oauth2_response, &sync);
+
+  gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
+  while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future);
+  gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));
+
+  grpc_pollset_shutdown(&sync.pollset, do_nothing, NULL);
+  grpc_pollset_destroy(&sync.pollset);
+  return sync.token;
+}
diff --git a/test/core/security/oauth2_utils.h b/test/core/security/oauth2_utils.h
new file mode 100644
index 0000000000..8082351b8a
--- /dev/null
+++ b/test/core/security/oauth2_utils.h
@@ -0,0 +1,51 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
+#define GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
+
+#include "src/core/security/credentials.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Fetch oauth2 access token with a credentials object. Does not take ownership.
+   Returns NULL on a failure. The caller should call gpr_free on the token. */
+char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H */
diff --git a/test/cpp/interop/client.cc b/test/cpp/interop/client.cc
index 96149c5e75..1f1e6c1306 100644
--- a/test/cpp/interop/client.cc
+++ b/test/cpp/interop/client.cc
@@ -68,6 +68,7 @@ DEFINE_string(test_case, "large_unary",
               "service_account_creds : large_unary with service_account auth; "
               "compute_engine_creds: large_unary with compute engine auth; "
               "jwt_token_creds: large_unary with JWT token auth; "
+              "oauth2_auth_token: raw oauth2 access token auth; "
               "all : all of above.");
 DEFINE_string(default_service_account, "",
               "Email of GCE default service account");
@@ -113,6 +114,9 @@ int main(int argc, char** argv) {
   } else if (FLAGS_test_case == "jwt_token_creds") {
     grpc::string json_key = GetServiceAccountJsonKey();
     client.DoJwtTokenCreds(json_key);
+  } else if (FLAGS_test_case == "oauth2_auth_token") {
+    grpc::string json_key = GetServiceAccountJsonKey();
+    client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope);
   } else if (FLAGS_test_case == "all") {
     client.DoEmpty();
     client.DoLargeUnary();
@@ -128,6 +132,7 @@ int main(int argc, char** argv) {
       grpc::string json_key = GetServiceAccountJsonKey();
       client.DoServiceAccountCreds(json_key, FLAGS_oauth_scope);
       client.DoJwtTokenCreds(json_key);
+      client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope);
     }
     // compute_engine_creds only runs in GCE.
   } else {
@@ -136,8 +141,8 @@ int main(int argc, char** argv) {
         "Unsupported test case %s. Valid options are all|empty_unary|"
         "large_unary|client_streaming|server_streaming|half_duplex|ping_pong|"
         "cancel_after_begin|cancel_after_first_response|"
-        "timeout_on_sleeping_server|"
-        "service_account_creds|compute_engine_creds|jwt_token_creds",
+        "timeout_on_sleeping_server|service_account_creds|compute_engine_creds|"
+        "jwt_token_creds|oauth2_auth_token",
         FLAGS_test_case.c_str());
     ret = 1;
   }
diff --git a/test/cpp/interop/client_helper.cc b/test/cpp/interop/client_helper.cc
index 09fd1c8913..48b1b2e864 100644
--- a/test/cpp/interop/client_helper.cc
+++ b/test/cpp/interop/client_helper.cc
@@ -40,6 +40,7 @@
 #include <unistd.h>
 
 #include <grpc/grpc.h>
+#include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 #include <gflags/gflags.h>
 #include <grpc++/channel_arguments.h>
@@ -47,6 +48,8 @@
 #include <grpc++/create_channel.h>
 #include <grpc++/credentials.h>
 #include <grpc++/stream.h>
+#include "src/cpp/client/secure_credentials.h"
+#include "test/core/security/oauth2_utils.h"
 #include "test/cpp/util/create_test_channel.h"
 
 DECLARE_bool(enable_ssl);
@@ -62,6 +65,16 @@ DECLARE_string(oauth_scope);
 namespace grpc {
 namespace testing {
 
+namespace {
+std::shared_ptr<Credentials> CreateServiceAccountCredentials() {
+  GPR_ASSERT(FLAGS_enable_ssl);
+  grpc::string json_key = GetServiceAccountJsonKey();
+  std::chrono::seconds token_lifetime = std::chrono::hours(1);
+  return ServiceAccountCredentials(json_key, FLAGS_oauth_scope,
+                                   token_lifetime.count());
+}
+}  // namespace
+
 grpc::string GetServiceAccountJsonKey() {
   static grpc::string json_key;
   if (json_key.empty()) {
@@ -73,6 +86,20 @@ grpc::string GetServiceAccountJsonKey() {
   return json_key;
 }
 
+grpc::string GetOauth2AccessToken() {
+  std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials();
+  SecureCredentials* secure_creds =
+      dynamic_cast<SecureCredentials*>(creds.get());
+  GPR_ASSERT(secure_creds != nullptr);
+  grpc_credentials* c_creds = secure_creds->GetRawCreds();
+  char* token = grpc_test_fetch_oauth2_token_with_credentials(c_creds);
+  GPR_ASSERT(token != nullptr);
+  gpr_log(GPR_INFO, "Get raw oauth2 access token: %s", token);
+  grpc::string access_token(token + sizeof("Bearer ") - 1);
+  gpr_free(token);
+  return access_token;
+}
+
 std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
     const grpc::string& test_case) {
   GPR_ASSERT(FLAGS_server_port);
@@ -82,12 +109,7 @@ std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
            FLAGS_server_port);
 
   if (test_case == "service_account_creds") {
-    std::shared_ptr<Credentials> creds;
-    GPR_ASSERT(FLAGS_enable_ssl);
-    grpc::string json_key = GetServiceAccountJsonKey();
-    std::chrono::seconds token_lifetime = std::chrono::hours(1);
-    creds = ServiceAccountCredentials(json_key, FLAGS_oauth_scope,
-                                      token_lifetime.count());
+    std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials();
     return CreateTestChannel(host_port, FLAGS_server_host_override,
                              FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
   } else if (test_case == "compute_engine_creds") {
@@ -104,6 +126,11 @@ std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
     creds = JWTCredentials(json_key, token_lifetime.count());
     return CreateTestChannel(host_port, FLAGS_server_host_override,
                              FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
+  } else if (test_case == "oauth2_auth_token") {
+    grpc::string raw_token = GetOauth2AccessToken();
+    std::shared_ptr<Credentials> creds = AccessTokenCredentials(raw_token);
+    return CreateTestChannel(host_port, FLAGS_server_host_override,
+                             FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
   } else {
     return CreateTestChannel(host_port, FLAGS_server_host_override,
                              FLAGS_enable_ssl, FLAGS_use_prod_roots);
diff --git a/test/cpp/interop/client_helper.h b/test/cpp/interop/client_helper.h
index 897f974026..c4361bb9de 100644
--- a/test/cpp/interop/client_helper.h
+++ b/test/cpp/interop/client_helper.h
@@ -44,6 +44,8 @@ namespace testing {
 
 grpc::string GetServiceAccountJsonKey();
 
+grpc::string GetOauth2AccessToken();
+
 std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
     const grpc::string& test_case);
 
diff --git a/test/cpp/interop/interop_client.cc b/test/cpp/interop/interop_client.cc
index d88eff759c..30056e26ab 100644
--- a/test/cpp/interop/interop_client.cc
+++ b/test/cpp/interop/interop_client.cc
@@ -143,6 +143,23 @@ void InteropClient::DoServiceAccountCreds(const grpc::string& username,
   gpr_log(GPR_INFO, "Large unary with service account creds done.");
 }
 
+void InteropClient::DoOauth2AuthToken(const grpc::string& username,
+                                      const grpc::string& oauth_scope) {
+  gpr_log(GPR_INFO,
+          "Sending a large unary rpc with raw oauth2 access token ...");
+  SimpleRequest request;
+  SimpleResponse response;
+  request.set_fill_username(true);
+  request.set_fill_oauth_scope(true);
+  PerformLargeUnary(&request, &response);
+  GPR_ASSERT(!response.username().empty());
+  GPR_ASSERT(!response.oauth_scope().empty());
+  GPR_ASSERT(username.find(response.username()) != grpc::string::npos);
+  const char* oauth_scope_str = response.oauth_scope().c_str();
+  GPR_ASSERT(oauth_scope.find(oauth_scope_str) != grpc::string::npos);
+  gpr_log(GPR_INFO, "Large unary with oauth2 access token done.");
+}
+
 void InteropClient::DoJwtTokenCreds(const grpc::string& username) {
   gpr_log(GPR_INFO, "Sending a large unary rpc with JWT token credentials ...");
   SimpleRequest request;
diff --git a/test/cpp/interop/interop_client.h b/test/cpp/interop/interop_client.h
index d02e583d94..67eecd9ccc 100644
--- a/test/cpp/interop/interop_client.h
+++ b/test/cpp/interop/interop_client.h
@@ -68,6 +68,9 @@ class InteropClient {
   // username is a string containing the user email
   void DoServiceAccountCreds(const grpc::string& username,
                              const grpc::string& oauth_scope);
+  // username is a string containing the user email
+  void DoOauth2AuthToken(const grpc::string& username,
+                         const grpc::string& oauth_scope);
 
  private:
   void PerformLargeUnary(SimpleRequest* request, SimpleResponse* response);