Merge branch 'master' of github.com:grpc/grpc into credentials_naming_and_cleanup
diff --git a/include/grpc++/credentials.h b/include/grpc++/credentials.h
index d623bce..ce5a9e0 100644
--- a/include/grpc++/credentials.h
+++ b/include/grpc++/credentials.h
@@ -94,17 +94,7 @@
const SslCredentialsOptions& options);
// Builds credentials for use when running in GCE
-std::shared_ptr<Credentials> ComputeEngineCredentials();
-
-// Builds service account credentials.
-// json_key is the JSON key string containing the client's private key.
-// scope is a space-delimited list of the requested permissions.
-// token_lifetime_seconds is the lifetime in seconds of each token acquired
-// through this service account credentials. It should be positive and should
-// not exceed grpc_max_auth_token_lifetime or will be cropped to this value.
-std::shared_ptr<Credentials> ServiceAccountCredentials(
- const grpc::string& json_key, const grpc::string& scope,
- long token_lifetime_seconds);
+std::shared_ptr<Credentials> GoogleComputeEngineCredentials();
// Builds Service Account JWT Access credentials.
// json_key is the JSON key string containing the client's private key.
@@ -117,7 +107,7 @@
// Builds refresh token credentials.
// json_refresh_token is the JSON string containing the refresh token along
// with a client_id and client_secret.
-std::shared_ptr<Credentials> RefreshTokenCredentials(
+std::shared_ptr<Credentials> GoogleRefreshTokenCredentials(
const grpc::string& json_refresh_token);
// Builds access token credentials.
@@ -127,7 +117,7 @@
const grpc::string& access_token);
// Builds IAM credentials.
-std::shared_ptr<Credentials> IAMCredentials(
+std::shared_ptr<Credentials> GoogleIAMCredentials(
const grpc::string& authorization_token,
const grpc::string& authority_selector);
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 6ee6933..049ab3c 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -97,26 +97,13 @@
grpc_credentials *creds2,
void *reserved);
-/* Creates a compute engine credentials object.
+/* Creates a compute engine credentials object for connecting to Google.
WARNING: Do NOT use this credentials to connect to a non-google service as
this could result in an oauth2 token leak. */
-grpc_credentials *grpc_compute_engine_credentials_create(void *reserved);
+grpc_credentials *grpc_google_compute_engine_credentials_create(void *reserved);
extern const gpr_timespec grpc_max_auth_token_lifetime;
-/* Creates a service account credentials object. May return NULL if the input is
- invalid.
- WARNING: Do NOT use this credentials to connect to a non-google service as
- this could result in an oauth2 token leak.
- - json_key is the JSON key string containing the client's private key.
- - scope is a space-delimited list of the requested permissions.
- - token_lifetime is the lifetime of each token acquired through this service
- account credentials. It should not exceed grpc_max_auth_token_lifetime
- or will be cropped to this value. */
-grpc_credentials *grpc_service_account_credentials_create(
- const char *json_key, const char *scope, gpr_timespec token_lifetime,
- void *reserved);
-
/* Creates a JWT credentials object. May return NULL if the input is invalid.
- json_key is the JSON key string containing the client's private key.
- token_lifetime is the lifetime of each Json Web Token (JWT) created with
@@ -125,13 +112,13 @@
grpc_credentials *grpc_service_account_jwt_access_credentials_create(
const char *json_key, gpr_timespec token_lifetime, void *reserved);
-/* Creates an Oauth2 Refresh Token credentials object. May return NULL if the
- input is invalid.
+/* Creates an Oauth2 Refresh Token credentials object for connecting to Google.
+ May return NULL if the input is invalid.
WARNING: Do NOT use this credentials to connect to a non-google service as
this could result in an oauth2 token leak.
- json_refresh_token is the JSON string containing the refresh token itself
along with a client_id and client_secret. */
-grpc_credentials *grpc_refresh_token_credentials_create(
+grpc_credentials *grpc_google_refresh_token_credentials_create(
const char *json_refresh_token, void *reserved);
/* Creates an Oauth2 Access Token credentials with an access token that was
@@ -139,10 +126,10 @@
grpc_credentials *grpc_access_token_credentials_create(
const char *access_token, void *reserved);
-/* Creates an IAM credentials object. */
-grpc_credentials *grpc_iam_credentials_create(const char *authorization_token,
- const char *authority_selector,
- void *reserved);
+/* Creates an IAM credentials object for connecting to Google. */
+grpc_credentials *grpc_google_iam_credentials_create(
+ const char *authorization_token, const char *authority_selector,
+ void *reserved);
/* --- Secure channel creation. --- */
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index 362d5f4..1c665f1 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -618,7 +618,7 @@
grpc_httpcli_context_init(&c->httpcli_context);
}
-/* -- ComputeEngine credentials. -- */
+/* -- GoogleComputeEngine credentials. -- */
static grpc_credentials_vtable compute_engine_vtable = {
oauth2_token_fetcher_destroy, oauth2_token_fetcher_has_request_metadata,
@@ -640,7 +640,8 @@
metadata_req);
}
-grpc_credentials *grpc_compute_engine_credentials_create(void *reserved) {
+grpc_credentials *grpc_google_compute_engine_credentials_create(
+ void *reserved) {
grpc_oauth2_token_fetcher_credentials *c =
gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials));
GPR_ASSERT(reserved == NULL);
@@ -649,81 +650,11 @@
return &c->base;
}
-/* -- ServiceAccount credentials. -- */
-
-static void service_account_destroy(grpc_credentials *creds) {
- grpc_service_account_credentials *c =
- (grpc_service_account_credentials *)creds;
- if (c->scope != NULL) gpr_free(c->scope);
- grpc_auth_json_key_destruct(&c->key);
- oauth2_token_fetcher_destroy(&c->base.base);
-}
-
-static grpc_credentials_vtable service_account_vtable = {
- service_account_destroy, oauth2_token_fetcher_has_request_metadata,
- oauth2_token_fetcher_has_request_metadata_only,
- oauth2_token_fetcher_get_request_metadata, NULL};
-
-static void service_account_fetch_oauth2(
- grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
- grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
- grpc_service_account_credentials *c =
- (grpc_service_account_credentials *)metadata_req->creds;
- grpc_httpcli_header header = {"Content-Type",
- "application/x-www-form-urlencoded"};
- grpc_httpcli_request request;
- char *body = NULL;
- char *jwt = grpc_jwt_encode_and_sign(&c->key, GRPC_JWT_OAUTH2_AUDIENCE,
- c->token_lifetime, c->scope);
- if (jwt == NULL) {
- grpc_httpcli_response response;
- memset(&response, 0, sizeof(grpc_httpcli_response));
- response.status = 400; /* Invalid request. */
- gpr_log(GPR_ERROR, "Could not create signed jwt.");
- /* Do not even send the request, just call the response callback. */
- response_cb(metadata_req, &response);
- return;
- }
- gpr_asprintf(&body, "%s%s", GRPC_SERVICE_ACCOUNT_POST_BODY_PREFIX, jwt);
- memset(&request, 0, sizeof(grpc_httpcli_request));
- request.host = GRPC_GOOGLE_OAUTH2_SERVICE_HOST;
- request.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
- request.hdr_count = 1;
- request.hdrs = &header;
- request.handshaker = &grpc_httpcli_ssl;
- grpc_httpcli_post(httpcli_context, pollset, &request, body, strlen(body),
- deadline, response_cb, metadata_req);
- gpr_free(body);
- gpr_free(jwt);
-}
-
-grpc_credentials *grpc_service_account_credentials_create(
- const char *json_key, const char *scope, gpr_timespec token_lifetime,
- void *reserved) {
- grpc_service_account_credentials *c;
- grpc_auth_json_key key = grpc_auth_json_key_create_from_string(json_key);
- GPR_ASSERT(reserved == NULL);
- if (scope == NULL || (strlen(scope) == 0) ||
- !grpc_auth_json_key_is_valid(&key)) {
- gpr_log(GPR_ERROR,
- "Invalid input for service account credentials creation");
- return NULL;
- }
- c = gpr_malloc(sizeof(grpc_service_account_credentials));
- memset(c, 0, sizeof(grpc_service_account_credentials));
- init_oauth2_token_fetcher(&c->base, service_account_fetch_oauth2);
- c->base.base.vtable = &service_account_vtable;
- c->scope = gpr_strdup(scope);
- c->key = key;
- c->token_lifetime = token_lifetime;
- return &c->base.base;
-}
-
-/* -- RefreshToken credentials. -- */
+/* -- GoogleRefreshToken credentials. -- */
static void refresh_token_destroy(grpc_credentials *creds) {
- grpc_refresh_token_credentials *c = (grpc_refresh_token_credentials *)creds;
+ grpc_google_refresh_token_credentials *c =
+ (grpc_google_refresh_token_credentials *)creds;
grpc_auth_refresh_token_destruct(&c->refresh_token);
oauth2_token_fetcher_destroy(&c->base.base);
}
@@ -737,8 +668,8 @@
grpc_credentials_metadata_request *metadata_req,
grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
- grpc_refresh_token_credentials *c =
- (grpc_refresh_token_credentials *)metadata_req->creds;
+ grpc_google_refresh_token_credentials *c =
+ (grpc_google_refresh_token_credentials *)metadata_req->creds;
grpc_httpcli_header header = {"Content-Type",
"application/x-www-form-urlencoded"};
grpc_httpcli_request request;
@@ -757,22 +688,23 @@
gpr_free(body);
}
-grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token(
+grpc_credentials *
+grpc_refresh_token_credentials_create_from_auth_refresh_token(
grpc_auth_refresh_token refresh_token) {
- grpc_refresh_token_credentials *c;
+ grpc_google_refresh_token_credentials *c;
if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation");
return NULL;
}
- c = gpr_malloc(sizeof(grpc_refresh_token_credentials));
- memset(c, 0, sizeof(grpc_refresh_token_credentials));
+ c = gpr_malloc(sizeof(grpc_google_refresh_token_credentials));
+ memset(c, 0, sizeof(grpc_google_refresh_token_credentials));
init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2);
c->base.base.vtable = &refresh_token_vtable;
c->refresh_token = refresh_token;
return &c->base.base;
}
-grpc_credentials *grpc_refresh_token_credentials_create(
+grpc_credentials *grpc_google_refresh_token_credentials_create(
const char *json_refresh_token, void *reserved) {
GPR_ASSERT(reserved == NULL);
return grpc_refresh_token_credentials_create_from_auth_refresh_token(
@@ -1194,7 +1126,7 @@
/* -- IAM credentials. -- */
static void iam_destroy(grpc_credentials *creds) {
- grpc_iam_credentials *c = (grpc_iam_credentials *)creds;
+ grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
grpc_credentials_md_store_unref(c->iam_md);
gpr_free(c);
}
@@ -1210,7 +1142,7 @@
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
- grpc_iam_credentials *c = (grpc_iam_credentials *)creds;
+ grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
cb(user_data, c->iam_md->entries, c->iam_md->num_entries,
GRPC_CREDENTIALS_OK);
}
@@ -1219,15 +1151,14 @@
iam_destroy, iam_has_request_metadata, iam_has_request_metadata_only,
iam_get_request_metadata, NULL};
-grpc_credentials *grpc_iam_credentials_create(const char *token,
- const char *authority_selector,
- void *reserved) {
- grpc_iam_credentials *c;
+grpc_credentials *grpc_google_iam_credentials_create(
+ const char *token, const char *authority_selector, void *reserved) {
+ grpc_google_iam_credentials *c;
GPR_ASSERT(reserved == NULL);
GPR_ASSERT(token != NULL);
GPR_ASSERT(authority_selector != NULL);
- c = gpr_malloc(sizeof(grpc_iam_credentials));
- memset(c, 0, sizeof(grpc_iam_credentials));
+ c = gpr_malloc(sizeof(grpc_google_iam_credentials));
+ memset(c, 0, sizeof(grpc_google_iam_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_IAM;
c->base.vtable = &iam_vtable;
gpr_ref_init(&c->base.refcount, 1);
diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h
index 29cd1ac..d9bd53a 100644
--- a/src/core/security/credentials.h
+++ b/src/core/security/credentials.h
@@ -277,21 +277,12 @@
grpc_fetch_oauth2_func fetch_func;
} grpc_oauth2_token_fetcher_credentials;
-/* -- ServiceAccount credentials. -- */
-
-typedef struct {
- grpc_oauth2_token_fetcher_credentials base;
- grpc_auth_json_key key;
- char *scope;
- gpr_timespec token_lifetime;
-} grpc_service_account_credentials;
-
-/* -- RefreshToken credentials. -- */
+/* -- GoogleRefreshToken credentials. -- */
typedef struct {
grpc_oauth2_token_fetcher_credentials base;
grpc_auth_refresh_token refresh_token;
-} grpc_refresh_token_credentials;
+} grpc_google_refresh_token_credentials;
/* -- Oauth2 Access Token credentials. -- */
@@ -308,12 +299,12 @@
int is_async;
} grpc_md_only_test_credentials;
-/* -- IAM credentials. -- */
+/* -- GoogleIAM credentials. -- */
typedef struct {
grpc_credentials base;
grpc_credentials_md_store *iam_md;
-} grpc_iam_credentials;
+} grpc_google_iam_credentials;
/* -- Composite credentials. -- */
diff --git a/src/core/security/google_default_credentials.c b/src/core/security/google_default_credentials.c
index f9aa518..874dd59 100644
--- a/src/core/security/google_default_credentials.c
+++ b/src/core/security/google_default_credentials.c
@@ -194,7 +194,7 @@
int need_compute_engine_creds = is_stack_running_on_compute_engine();
compute_engine_detection_done = 1;
if (need_compute_engine_creds) {
- result = grpc_compute_engine_credentials_create(NULL);
+ result = grpc_google_compute_engine_credentials_create(NULL);
}
}
diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc
index e064246..2260f6d 100644
--- a/src/cpp/client/secure_credentials.cc
+++ b/src/cpp/client/secure_credentials.cc
@@ -81,26 +81,10 @@
}
// Builds credentials for use when running in GCE
-std::shared_ptr<Credentials> ComputeEngineCredentials() {
+std::shared_ptr<Credentials> GoogleComputeEngineCredentials() {
GrpcLibrary init; // To call grpc_init().
- return WrapCredentials(grpc_compute_engine_credentials_create(nullptr));
-}
-
-// Builds service account credentials.
-std::shared_ptr<Credentials> ServiceAccountCredentials(
- const grpc::string& json_key, const grpc::string& scope,
- long token_lifetime_seconds) {
- GrpcLibrary init; // To call grpc_init().
- if (token_lifetime_seconds <= 0) {
- gpr_log(GPR_ERROR,
- "Trying to create ServiceAccountCredentials "
- "with non-positive lifetime");
- return WrapCredentials(nullptr);
- }
- gpr_timespec lifetime =
- gpr_time_from_seconds(token_lifetime_seconds, GPR_TIMESPAN);
- return WrapCredentials(grpc_service_account_credentials_create(
- json_key.c_str(), scope.c_str(), lifetime, nullptr));
+ return WrapCredentials(
+ grpc_google_compute_engine_credentials_create(nullptr));
}
// Builds JWT credentials.
@@ -119,10 +103,10 @@
}
// Builds refresh token credentials.
-std::shared_ptr<Credentials> RefreshTokenCredentials(
+std::shared_ptr<Credentials> GoogleRefreshTokenCredentials(
const grpc::string& json_refresh_token) {
GrpcLibrary init; // To call grpc_init().
- return WrapCredentials(grpc_refresh_token_credentials_create(
+ return WrapCredentials(grpc_google_refresh_token_credentials_create(
json_refresh_token.c_str(), nullptr));
}
@@ -135,11 +119,11 @@
}
// Builds IAM credentials.
-std::shared_ptr<Credentials> IAMCredentials(
+std::shared_ptr<Credentials> GoogleIAMCredentials(
const grpc::string& authorization_token,
const grpc::string& authority_selector) {
GrpcLibrary init; // To call grpc_init().
- return WrapCredentials(grpc_iam_credentials_create(
+ return WrapCredentials(grpc_google_iam_credentials_create(
authorization_token.c_str(), authority_selector.c_str(), nullptr));
}
diff --git a/src/node/ext/credentials.cc b/src/node/ext/credentials.cc
index 85a823a..c3b04dc 100644
--- a/src/node/ext/credentials.cc
+++ b/src/node/ext/credentials.cc
@@ -186,7 +186,7 @@
NAN_METHOD(Credentials::CreateGce) {
NanScope();
- grpc_credentials *creds = grpc_compute_engine_credentials_create(NULL);
+ grpc_credentials *creds = grpc_google_compute_engine_credentials_create(NULL);
if (creds == NULL) {
NanReturnNull();
}
@@ -204,7 +204,7 @@
NanUtf8String auth_token(args[0]);
NanUtf8String auth_selector(args[1]);
grpc_credentials *creds =
- grpc_iam_credentials_create(*auth_token, *auth_selector, NULL);
+ grpc_google_iam_credentials_create(*auth_token, *auth_selector, NULL);
if (creds == NULL) {
NanReturnNull();
}
diff --git a/src/php/ext/grpc/credentials.c b/src/php/ext/grpc/credentials.c
index 0eba660..8e3b7ff 100644
--- a/src/php/ext/grpc/credentials.c
+++ b/src/php/ext/grpc/credentials.c
@@ -170,7 +170,7 @@
* @return Credentials The new GCE credentials object
*/
PHP_METHOD(Credentials, createGce) {
- grpc_credentials *creds = grpc_compute_engine_credentials_create(NULL);
+ grpc_credentials *creds = grpc_google_compute_engine_credentials_create(NULL);
zval *creds_object = grpc_php_wrap_credentials(creds);
RETURN_DESTROY_ZVAL(creds_object);
}
diff --git a/src/python/grpcio/grpc/_adapter/_c/types.h b/src/python/grpcio/grpc/_adapter/_c/types.h
index f6ff957..ec0687a 100644
--- a/src/python/grpcio/grpc/_adapter/_c/types.h
+++ b/src/python/grpcio/grpc/_adapter/_c/types.h
@@ -57,8 +57,6 @@
PyTypeObject *type, PyObject *args, PyObject *kwargs);
ClientCredentials *pygrpc_ClientCredentials_compute_engine(
PyTypeObject *type, PyObject *ignored);
-ClientCredentials *pygrpc_ClientCredentials_service_account(
- PyTypeObject *type, PyObject *args, PyObject *kwargs);
ClientCredentials *pygrpc_ClientCredentials_jwt(
PyTypeObject *type, PyObject *args, PyObject *kwargs);
ClientCredentials *pygrpc_ClientCredentials_refresh_token(
diff --git a/src/python/grpcio/grpc/_adapter/_c/types/client_credentials.c b/src/python/grpcio/grpc/_adapter/_c/types/client_credentials.c
index 36fd207..90652b7 100644
--- a/src/python/grpcio/grpc/_adapter/_c/types/client_credentials.c
+++ b/src/python/grpcio/grpc/_adapter/_c/types/client_credentials.c
@@ -48,8 +48,6 @@
METH_CLASS|METH_KEYWORDS, ""},
{"compute_engine", (PyCFunction)pygrpc_ClientCredentials_compute_engine,
METH_CLASS|METH_NOARGS, ""},
- {"service_account", (PyCFunction)pygrpc_ClientCredentials_service_account,
- METH_CLASS|METH_KEYWORDS, ""},
{"jwt", (PyCFunction)pygrpc_ClientCredentials_jwt,
METH_CLASS|METH_KEYWORDS, ""},
{"refresh_token", (PyCFunction)pygrpc_ClientCredentials_refresh_token,
@@ -173,7 +171,7 @@
ClientCredentials *pygrpc_ClientCredentials_compute_engine(
PyTypeObject *type, PyObject *ignored) {
ClientCredentials *self = (ClientCredentials *)type->tp_alloc(type, 0);
- self->c_creds = grpc_compute_engine_credentials_create(NULL);
+ self->c_creds = grpc_google_compute_engine_credentials_create(NULL);
if (!self->c_creds) {
Py_DECREF(self);
PyErr_SetString(PyExc_RuntimeError,
@@ -183,29 +181,6 @@
return self;
}
-ClientCredentials *pygrpc_ClientCredentials_service_account(
- PyTypeObject *type, PyObject *args, PyObject *kwargs) {
- ClientCredentials *self;
- const char *json_key;
- const char *scope;
- double lifetime;
- static char *keywords[] = {"json_key", "scope", "token_lifetime", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ssd:service_account", keywords,
- &json_key, &scope, &lifetime)) {
- return NULL;
- }
- self = (ClientCredentials *)type->tp_alloc(type, 0);
- self->c_creds = grpc_service_account_credentials_create(
- json_key, scope, pygrpc_cast_double_to_gpr_timespec(lifetime), NULL);
- if (!self->c_creds) {
- Py_DECREF(self);
- PyErr_SetString(PyExc_RuntimeError,
- "couldn't create service account credentials");
- return NULL;
- }
- return self;
-}
-
/* TODO: Rename this credentials to something like service_account_jwt_access */
ClientCredentials *pygrpc_ClientCredentials_jwt(
PyTypeObject *type, PyObject *args, PyObject *kwargs) {
@@ -239,7 +214,7 @@
}
self = (ClientCredentials *)type->tp_alloc(type, 0);
self->c_creds =
- grpc_refresh_token_credentials_create(json_refresh_token, NULL);
+ grpc_google_refresh_token_credentials_create(json_refresh_token, NULL);
if (!self->c_creds) {
Py_DECREF(self);
PyErr_SetString(PyExc_RuntimeError,
@@ -260,8 +235,8 @@
return NULL;
}
self = (ClientCredentials *)type->tp_alloc(type, 0);
- self->c_creds = grpc_iam_credentials_create(authorization_token,
- authority_selector, NULL);
+ self->c_creds = grpc_google_iam_credentials_create(authorization_token,
+ authority_selector, NULL);
if (!self->c_creds) {
Py_DECREF(self);
PyErr_SetString(PyExc_RuntimeError, "couldn't create IAM credentials");
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx
index 2d74702..dc40a7a 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx
@@ -106,26 +106,6 @@
credentials.c_credentials = grpc.grpc_compute_engine_credentials_create()
return credentials
-def client_credentials_service_account(
- json_key, scope, records.Timespec token_lifetime not None):
- if isinstance(json_key, bytes):
- pass
- elif isinstance(json_key, basestring):
- json_key = json_key.encode()
- else:
- raise TypeError("expected json_key to be str or bytes")
- if isinstance(scope, bytes):
- pass
- elif isinstance(scope, basestring):
- scope = scope.encode()
- else:
- raise TypeError("expected scope to be str or bytes")
- cdef ClientCredentials credentials = ClientCredentials()
- credentials.c_credentials = grpc.grpc_service_account_credentials_create(
- json_key, scope, token_lifetime.c_time)
- credentials.references.extend([json_key, scope])
- return credentials
-
#TODO rename to something like client_credentials_service_account_jwt_access.
def client_credentials_jwt(json_key, records.Timespec token_lifetime not None):
if isinstance(json_key, bytes):
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd
index c793774..8b46972 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd
@@ -311,8 +311,6 @@
grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
grpc_credentials *creds2)
grpc_credentials *grpc_compute_engine_credentials_create()
- grpc_credentials *grpc_service_account_credentials_create(
- const char *json_key, const char *scope, gpr_timespec token_lifetime)
grpc_credentials *grpc_service_account_jwt_access_credentials_create(const char *json_key,
gpr_timespec token_lifetime)
grpc_credentials *grpc_refresh_token_credentials_create(
diff --git a/src/python/grpcio/grpc/_cython/adapter_low.py b/src/python/grpcio/grpc/_cython/adapter_low.py
index 2bb468e..4f24da3 100644
--- a/src/python/grpcio/grpc/_cython/adapter_low.py
+++ b/src/python/grpcio/grpc/_cython/adapter_low.py
@@ -60,10 +60,6 @@
raise NotImplementedError()
@staticmethod
- def service_account():
- raise NotImplementedError()
-
- @staticmethod
def jwt():
raise NotImplementedError()
diff --git a/src/python/grpcio_test/grpc_interop/methods.py b/src/python/grpcio_test/grpc_interop/methods.py
index 642458e..52b800a 100644
--- a/src/python/grpcio_test/grpc_interop/methods.py
+++ b/src/python/grpcio_test/grpc_interop/methods.py
@@ -346,20 +346,6 @@
response.username))
-def _service_account_creds(stub, args):
- json_key_filename = os.environ[
- oauth2client_client.GOOGLE_APPLICATION_CREDENTIALS]
- wanted_email = json.load(open(json_key_filename, 'rb'))['client_email']
- response = _large_unary_common_behavior(stub, True, True)
- if wanted_email != response.username:
- raise ValueError(
- 'expected username %s, got %s' % (wanted_email, response.username))
- if args.oauth_scope.find(response.oauth_scope) == -1:
- raise ValueError(
- 'expected to find oauth scope "%s" in received "%s"' %
- (response.oauth_scope, args.oauth_scope))
-
-
def _oauth2_auth_token(stub, args):
json_key_filename = os.environ[
oauth2client_client.GOOGLE_APPLICATION_CREDENTIALS]
@@ -383,7 +369,6 @@
CANCEL_AFTER_BEGIN = 'cancel_after_begin'
CANCEL_AFTER_FIRST_RESPONSE = 'cancel_after_first_response'
COMPUTE_ENGINE_CREDS = 'compute_engine_creds'
- SERVICE_ACCOUNT_CREDS = 'service_account_creds'
OAUTH2_AUTH_TOKEN = 'oauth2_auth_token'
TIMEOUT_ON_SLEEPING_SERVER = 'timeout_on_sleeping_server'
@@ -406,8 +391,6 @@
_timeout_on_sleeping_server(stub)
elif self is TestCase.COMPUTE_ENGINE_CREDS:
_compute_engine_creds(stub, args)
- elif self is TestCase.SERVICE_ACCOUNT_CREDS:
- _service_account_creds(stub, args)
elif self is TestCase.OAUTH2_AUTH_TOKEN:
_oauth2_auth_token(stub, args)
else:
diff --git a/src/ruby/ext/grpc/rb_credentials.c b/src/ruby/ext/grpc/rb_credentials.c
index ac3804d..ae757f6 100644
--- a/src/ruby/ext/grpc/rb_credentials.c
+++ b/src/ruby/ext/grpc/rb_credentials.c
@@ -154,7 +154,7 @@
Creates the default credential instances. */
static VALUE grpc_rb_compute_engine_credentials_create(VALUE cls) {
grpc_rb_credentials *wrapper = ALLOC(grpc_rb_credentials);
- wrapper->wrapped = grpc_compute_engine_credentials_create(NULL);
+ wrapper->wrapped = grpc_google_compute_engine_credentials_create(NULL);
if (wrapper->wrapped == NULL) {
rb_raise(rb_eRuntimeError,
"could not create composite engine credentials, not sure why");
diff --git a/test/core/end2end/tests/request_response_with_payload_and_call_creds.c b/test/core/end2end/tests/request_response_with_payload_and_call_creds.c
index 48dd0aa..75c5bba 100644
--- a/test/core/end2end/tests/request_response_with_payload_and_call_creds.c
+++ b/test/core/end2end/tests/request_response_with_payload_and_call_creds.c
@@ -190,7 +190,7 @@
c = grpc_channel_create_call(f.client, NULL, GRPC_PROPAGATE_DEFAULTS, f.cq,
"/foo", "foo.test.google.fr", deadline, NULL);
GPR_ASSERT(c);
- creds = grpc_iam_credentials_create(iam_token, iam_selector, NULL);
+ creds = grpc_google_iam_credentials_create(iam_token, iam_selector, NULL);
GPR_ASSERT(creds != NULL);
GPR_ASSERT(grpc_call_set_credentials(c, creds) == GRPC_CALL_OK);
switch (mode) {
@@ -198,8 +198,8 @@
break;
case OVERRIDE:
grpc_credentials_release(creds);
- creds = grpc_iam_credentials_create(overridden_iam_token,
- overridden_iam_selector, NULL);
+ creds = grpc_google_iam_credentials_create(overridden_iam_token,
+ overridden_iam_selector, NULL);
GPR_ASSERT(creds != NULL);
GPR_ASSERT(grpc_call_set_credentials(c, creds) == GRPC_CALL_OK);
break;
@@ -421,7 +421,7 @@
"/foo", "foo.test.google.fr", deadline, NULL);
GPR_ASSERT(c);
- creds = grpc_iam_credentials_create(iam_token, iam_selector, NULL);
+ creds = grpc_google_iam_credentials_create(iam_token, iam_selector, NULL);
GPR_ASSERT(creds != NULL);
GPR_ASSERT(grpc_call_set_credentials(c, creds) == GRPC_CALL_OK);
grpc_credentials_release(creds);
diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c
index 880fc5d..97ebaa0 100644
--- a/test/core/security/credentials_test.c
+++ b/test/core/security/credentials_test.c
@@ -50,8 +50,8 @@
#include <openssl/rsa.h>
-static const char test_iam_authorization_token[] = "blahblahblhahb";
-static const char test_iam_authority_selector[] = "respectmyauthoritah";
+static const char test_google_iam_authorization_token[] = "blahblahblhahb";
+static const char test_google_iam_authority_selector[] = "respectmyauthoritah";
static const char test_oauth2_bearer_token[] =
"Bearer blaaslkdjfaslkdfasdsfasf";
static const char test_root_cert[] = "I am the root!";
@@ -315,25 +315,29 @@
}
}
-static void check_iam_metadata(void *user_data, grpc_credentials_md *md_elems,
- size_t num_md, grpc_credentials_status status) {
+static void check_google_iam_metadata(void *user_data,
+ grpc_credentials_md *md_elems,
+ size_t num_md,
+ grpc_credentials_status status) {
grpc_credentials *c = (grpc_credentials *)user_data;
- expected_md emd[] = {
- {GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, test_iam_authorization_token},
- {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, test_iam_authority_selector}};
+ expected_md emd[] = {{GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
+ test_google_iam_authorization_token},
+ {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
+ test_google_iam_authority_selector}};
GPR_ASSERT(status == GRPC_CREDENTIALS_OK);
GPR_ASSERT(num_md == 2);
check_metadata(emd, md_elems, num_md);
grpc_credentials_unref(c);
}
-static void test_iam_creds(void) {
- grpc_credentials *creds = grpc_iam_credentials_create(
- test_iam_authorization_token, test_iam_authority_selector, NULL);
+static void test_google_iam_creds(void) {
+ grpc_credentials *creds = grpc_google_iam_credentials_create(
+ test_google_iam_authorization_token, test_google_iam_authority_selector,
+ NULL);
GPR_ASSERT(grpc_credentials_has_request_metadata(creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds));
grpc_credentials_get_request_metadata(creds, NULL, test_service_url,
- check_iam_metadata, creds);
+ check_google_iam_metadata, creds);
}
static void check_access_token_metadata(void *user_data,
@@ -406,21 +410,23 @@
grpc_credentials_unref(fake_transport_security_creds);
}
-static void check_ssl_oauth2_iam_composite_metadata(
+static void check_ssl_oauth2_google_iam_composite_metadata(
void *user_data, grpc_credentials_md *md_elems, size_t num_md,
grpc_credentials_status status) {
grpc_credentials *c = (grpc_credentials *)user_data;
expected_md emd[] = {
{GRPC_AUTHORIZATION_METADATA_KEY, test_oauth2_bearer_token},
- {GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, test_iam_authorization_token},
- {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, test_iam_authority_selector}};
+ {GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
+ test_google_iam_authorization_token},
+ {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
+ test_google_iam_authority_selector}};
GPR_ASSERT(status == GRPC_CREDENTIALS_OK);
GPR_ASSERT(num_md == 3);
check_metadata(emd, md_elems, num_md);
grpc_credentials_unref(c);
}
-static void test_ssl_oauth2_iam_composite_creds(void) {
+static void test_ssl_oauth2_google_iam_composite_creds(void) {
grpc_credentials *ssl_creds =
grpc_ssl_credentials_create(test_root_cert, NULL, NULL);
const grpc_credentials_array *creds_array;
@@ -428,14 +434,15 @@
"Authorization", test_oauth2_bearer_token, 0);
grpc_credentials *aux_creds =
grpc_composite_credentials_create(ssl_creds, oauth2_creds, NULL);
- grpc_credentials *iam_creds = grpc_iam_credentials_create(
- test_iam_authorization_token, test_iam_authority_selector, NULL);
+ grpc_credentials *google_iam_creds = grpc_google_iam_credentials_create(
+ test_google_iam_authorization_token, test_google_iam_authority_selector,
+ NULL);
grpc_credentials *composite_creds =
- grpc_composite_credentials_create(aux_creds, iam_creds, NULL);
+ grpc_composite_credentials_create(aux_creds, google_iam_creds, NULL);
grpc_credentials_unref(ssl_creds);
grpc_credentials_unref(oauth2_creds);
grpc_credentials_unref(aux_creds);
- grpc_credentials_unref(iam_creds);
+ grpc_credentials_unref(google_iam_creds);
GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) ==
0);
GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds));
@@ -448,9 +455,9 @@
GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
GPR_ASSERT(strcmp(creds_array->creds_array[2]->type,
GRPC_CREDENTIALS_TYPE_IAM) == 0);
- grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url,
- check_ssl_oauth2_iam_composite_metadata,
- composite_creds);
+ grpc_credentials_get_request_metadata(
+ composite_creds, NULL, test_service_url,
+ check_ssl_oauth2_google_iam_composite_metadata, composite_creds);
}
static void on_oauth2_creds_get_metadata_success(
@@ -524,7 +531,7 @@
static void test_compute_engine_creds_success(void) {
grpc_credentials *compute_engine_creds =
- grpc_compute_engine_credentials_create(NULL);
+ grpc_google_compute_engine_credentials_create(NULL);
GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(compute_engine_creds));
@@ -548,7 +555,7 @@
static void test_compute_engine_creds_failure(void) {
grpc_credentials *compute_engine_creds =
- grpc_compute_engine_credentials_create(NULL);
+ grpc_google_compute_engine_credentials_create(NULL);
grpc_httpcli_set_override(compute_engine_httpcli_get_failure_override,
httpcli_post_should_not_be_called);
GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds));
@@ -605,7 +612,8 @@
static void test_refresh_token_creds_success(void) {
grpc_credentials *refresh_token_creds =
- grpc_refresh_token_credentials_create(test_refresh_token_str, NULL);
+ grpc_google_refresh_token_credentials_create(test_refresh_token_str,
+ NULL);
GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds));
@@ -629,7 +637,8 @@
static void test_refresh_token_creds_failure(void) {
grpc_credentials *refresh_token_creds =
- grpc_refresh_token_credentials_create(test_refresh_token_str, NULL);
+ grpc_google_refresh_token_credentials_create(test_refresh_token_str,
+ NULL);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
refresh_token_httpcli_post_failure);
GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
@@ -686,119 +695,6 @@
GPR_ASSERT("grpc_jwt_encode_and_sign should not be called" == NULL);
}
-static void validate_service_account_http_request(
- const grpc_httpcli_request *request, const char *body, size_t body_size) {
- /* The content of the assertion is tested extensively in json_token_test. */
- char *expected_body = NULL;
- GPR_ASSERT(body != NULL);
- GPR_ASSERT(body_size != 0);
- gpr_asprintf(&expected_body, "%s%s", GRPC_SERVICE_ACCOUNT_POST_BODY_PREFIX,
- test_signed_jwt);
- GPR_ASSERT(strlen(expected_body) == body_size);
- GPR_ASSERT(memcmp(expected_body, body, body_size) == 0);
- gpr_free(expected_body);
- GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl);
- GPR_ASSERT(strcmp(request->host, GRPC_GOOGLE_OAUTH2_SERVICE_HOST) == 0);
- GPR_ASSERT(strcmp(request->path, GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH) == 0);
- GPR_ASSERT(request->hdr_count == 1);
- GPR_ASSERT(strcmp(request->hdrs[0].key, "Content-Type") == 0);
- GPR_ASSERT(
- strcmp(request->hdrs[0].value, "application/x-www-form-urlencoded") == 0);
-}
-
-static int service_account_httpcli_post_success(
- const grpc_httpcli_request *request, const char *body, size_t body_size,
- gpr_timespec deadline, grpc_httpcli_response_cb on_response,
- void *user_data) {
- grpc_httpcli_response response =
- http_response(200, valid_oauth2_json_response);
- validate_service_account_http_request(request, body, body_size);
- on_response(user_data, &response);
- return 1;
-}
-
-static int service_account_httpcli_post_failure(
- const grpc_httpcli_request *request, const char *body, size_t body_size,
- gpr_timespec deadline, grpc_httpcli_response_cb on_response,
- void *user_data) {
- grpc_httpcli_response response = http_response(403, "Not Authorized.");
- validate_service_account_http_request(request, body, body_size);
- on_response(user_data, &response);
- return 1;
-}
-
-static void test_service_account_creds_success(void) {
- char *json_key_string = test_json_key_str();
- grpc_credentials *service_account_creds =
- grpc_service_account_credentials_create(json_key_string, test_scope,
- grpc_max_auth_token_lifetime, NULL);
- GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
- GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));
-
- /* First request: http get should be called. */
- grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
- grpc_httpcli_set_override(httpcli_get_should_not_be_called,
- service_account_httpcli_post_success);
- grpc_credentials_get_request_metadata(
- service_account_creds, NULL, test_service_url,
- on_oauth2_creds_get_metadata_success, (void *)test_user_data);
-
- /* Second request: the cached token should be served directly. */
- grpc_jwt_encode_and_sign_set_override(
- encode_and_sign_jwt_should_not_be_called);
- grpc_httpcli_set_override(httpcli_get_should_not_be_called,
- httpcli_post_should_not_be_called);
- grpc_credentials_get_request_metadata(
- service_account_creds, NULL, test_service_url,
- on_oauth2_creds_get_metadata_success, (void *)test_user_data);
-
- gpr_free(json_key_string);
- grpc_credentials_unref(service_account_creds);
- grpc_jwt_encode_and_sign_set_override(NULL);
- grpc_httpcli_set_override(NULL, NULL);
-}
-
-static void test_service_account_creds_http_failure(void) {
- char *json_key_string = test_json_key_str();
- grpc_credentials *service_account_creds =
- grpc_service_account_credentials_create(
- json_key_string, test_scope, grpc_max_auth_token_lifetime, NULL);
- GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
- GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));
-
- grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
- grpc_httpcli_set_override(httpcli_get_should_not_be_called,
- service_account_httpcli_post_failure);
- grpc_credentials_get_request_metadata(
- service_account_creds, NULL, test_service_url,
- on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
-
- gpr_free(json_key_string);
- grpc_credentials_unref(service_account_creds);
- grpc_httpcli_set_override(NULL, NULL);
-}
-
-static void test_service_account_creds_signing_failure(void) {
- char *json_key_string = test_json_key_str();
- grpc_credentials *service_account_creds =
- grpc_service_account_credentials_create(
- json_key_string, test_scope, grpc_max_auth_token_lifetime, NULL);
- GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
- GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));
-
- grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure);
- grpc_httpcli_set_override(httpcli_get_should_not_be_called,
- httpcli_post_should_not_be_called);
- grpc_credentials_get_request_metadata(
- service_account_creds, NULL, test_service_url,
- on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
-
- gpr_free(json_key_string);
- grpc_credentials_unref(service_account_creds);
- grpc_httpcli_set_override(NULL, NULL);
- grpc_jwt_encode_and_sign_set_override(NULL);
-}
-
static void on_jwt_creds_get_metadata_success(void *user_data,
grpc_credentials_md *md_elems,
size_t num_md,
@@ -922,14 +818,14 @@
}
static void test_google_default_creds_access_token(void) {
- grpc_refresh_token_credentials *refresh;
+ grpc_google_refresh_token_credentials *refresh;
grpc_credentials *creds;
grpc_flush_cached_google_default_credentials();
set_google_default_creds_env_var_with_file_contents(
"refresh_token_google_default_creds", test_refresh_token_str);
creds = grpc_google_default_credentials_create();
GPR_ASSERT(creds != NULL);
- refresh = (grpc_refresh_token_credentials *)composite_inner_creds(
+ refresh = (grpc_google_refresh_token_credentials *)composite_inner_creds(
creds, GRPC_CREDENTIALS_TYPE_OAUTH2);
GPR_ASSERT(strcmp(refresh->refresh_token.client_id,
"32555999999.apps.googleusercontent.com") == 0);
@@ -952,17 +848,14 @@
test_oauth2_token_fetcher_creds_parsing_missing_token();
test_oauth2_token_fetcher_creds_parsing_missing_token_type();
test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime();
- test_iam_creds();
+ test_google_iam_creds();
test_access_token_creds();
test_ssl_oauth2_composite_creds();
- test_ssl_oauth2_iam_composite_creds();
+ test_ssl_oauth2_google_iam_composite_creds();
test_compute_engine_creds_success();
test_compute_engine_creds_failure();
test_refresh_token_creds_success();
test_refresh_token_creds_failure();
- test_service_account_creds_success();
- test_service_account_creds_http_failure();
- test_service_account_creds_signing_failure();
test_jwt_creds_success();
test_jwt_creds_signing_failure();
test_google_default_creds_auth_key();
diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c
index 7354a9f..764d8da 100644
--- a/test/core/security/fetch_oauth2.c
+++ b/test/core/security/fetch_oauth2.c
@@ -46,19 +46,6 @@
#include "src/core/support/file.h"
#include "test/core/security/oauth2_utils.h"
-static grpc_credentials *create_service_account_creds(
- const char *json_key_file_path, const char *scope) {
- int success;
- gpr_slice json_key = gpr_load_file(json_key_file_path, 1, &success);
- if (!success) {
- gpr_log(GPR_ERROR, "Could not read file %s.", json_key_file_path);
- exit(1);
- }
- return grpc_service_account_credentials_create(
- (const char *)GPR_SLICE_START_PTR(json_key), scope,
- grpc_max_auth_token_lifetime, NULL);
-}
-
static grpc_credentials *create_refresh_token_creds(
const char *json_refresh_token_file_path) {
int success;
@@ -68,7 +55,7 @@
gpr_log(GPR_ERROR, "Could not read file %s.", json_refresh_token_file_path);
exit(1);
}
- return grpc_refresh_token_credentials_create(
+ return grpc_google_refresh_token_credentials_create(
(const char *)GPR_SLICE_START_PTR(refresh_token), NULL);
}
@@ -80,18 +67,9 @@
int use_gce = 0;
char *scope = NULL;
gpr_cmdline *cl = gpr_cmdline_create("fetch_oauth2");
- gpr_cmdline_add_string(cl, "json_key",
- "File path of the json key. Mutually exclusive with "
- "--json_refresh_token.",
- &json_key_file_path);
gpr_cmdline_add_string(cl, "json_refresh_token",
- "File path of the json refresh token. Mutually "
- "exclusive with --json_key.",
+ "File path of the json refresh token.",
&json_refresh_token_file_path);
- gpr_cmdline_add_string(cl, "scope",
- "Space delimited permissions. Only used for "
- "--json_key, ignored otherwise.",
- &scope);
gpr_cmdline_add_flag(
cl, "gce",
"Get a token from the GCE metadata server (only works in GCE).",
@@ -112,7 +90,7 @@
"Ignoring json key and scope to get a token from the GCE "
"metadata server.");
}
- creds = grpc_compute_engine_credentials_create(NULL);
+ creds = grpc_google_compute_engine_credentials_create(NULL);
if (creds == NULL) {
gpr_log(GPR_ERROR, "Could not create gce credentials.");
exit(1);
@@ -127,23 +105,8 @@
exit(1);
}
} else {
- if (json_key_file_path == NULL) {
- gpr_log(GPR_ERROR, "Missing --json_key option.");
- exit(1);
- }
- if (scope == NULL) {
- gpr_log(GPR_ERROR, "Missing --scope option.");
- exit(1);
- }
-
- creds = create_service_account_creds(json_key_file_path, scope);
- if (creds == NULL) {
- gpr_log(GPR_ERROR,
- "Could not create service account creds. %s does probably not "
- "contain a valid json key.",
- json_key_file_path);
- exit(1);
- }
+ gpr_log(GPR_ERROR, "Missing --gce or --json_refresh_token option.");
+ exit(1);
}
GPR_ASSERT(creds != NULL);
diff --git a/test/cpp/client/credentials_test.cc b/test/cpp/client/credentials_test.cc
index 6fb24d7..18fcffe 100644
--- a/test/cpp/client/credentials_test.cc
+++ b/test/cpp/client/credentials_test.cc
@@ -45,8 +45,8 @@
protected:
};
-TEST_F(CredentialsTest, InvalidServiceAccountCreds) {
- std::shared_ptr<Credentials> bad1 = ServiceAccountCredentials("", "", 1);
+TEST_F(CredentialsTest, InvalidGoogleRefreshToken) {
+ std::shared_ptr<Credentials> bad1 = GoogleRefreshTokenCredentials("");
EXPECT_EQ(static_cast<Credentials*>(nullptr), bad1.get());
}
diff --git a/test/cpp/end2end/end2end_test.cc b/test/cpp/end2end/end2end_test.cc
index 37a6e69..5e2332c 100644
--- a/test/cpp/end2end/end2end_test.cc
+++ b/test/cpp/end2end/end2end_test.cc
@@ -562,7 +562,7 @@
// rpc and stream should fail on bad credentials.
TEST_F(End2endTest, BadCredentials) {
- std::shared_ptr<Credentials> bad_creds = ServiceAccountCredentials("", "", 1);
+ std::shared_ptr<Credentials> bad_creds = GoogleRefreshTokenCredentials("");
EXPECT_EQ(static_cast<Credentials*>(nullptr), bad_creds.get());
std::shared_ptr<Channel> channel =
CreateChannel(server_address_.str(), bad_creds);
@@ -743,7 +743,7 @@
EchoResponse response;
ClientContext context;
std::shared_ptr<Credentials> creds =
- IAMCredentials("fake_token", "fake_selector");
+ GoogleIAMCredentials("fake_token", "fake_selector");
context.set_credentials(creds);
request.set_message("Hello");
request.mutable_param()->set_echo_metadata(true);
@@ -780,10 +780,10 @@
EchoResponse response;
ClientContext context;
std::shared_ptr<Credentials> creds1 =
- IAMCredentials("fake_token1", "fake_selector1");
+ GoogleIAMCredentials("fake_token1", "fake_selector1");
context.set_credentials(creds1);
std::shared_ptr<Credentials> creds2 =
- IAMCredentials("fake_token2", "fake_selector2");
+ GoogleIAMCredentials("fake_token2", "fake_selector2");
context.set_credentials(creds2);
request.set_message("Hello");
request.mutable_param()->set_echo_metadata(true);
diff --git a/test/cpp/interop/client.cc b/test/cpp/interop/client.cc
index cb52321..20fe1c5 100644
--- a/test/cpp/interop/client.cc
+++ b/test/cpp/interop/client.cc
@@ -68,7 +68,6 @@
"cancel_after_begin : cancel stream after starting it; "
"cancel_after_first_response: cancel on first response; "
"timeout_on_sleeping_server: deadline exceeds on stream; "
- "service_account_creds : large_unary with service_account auth; "
"compute_engine_creds: large_unary with compute engine auth; "
"jwt_token_creds: large_unary with JWT token auth; "
"oauth2_auth_token: raw oauth2 access token auth; "
@@ -114,9 +113,6 @@
client.DoCancelAfterFirstResponse();
} else if (FLAGS_test_case == "timeout_on_sleeping_server") {
client.DoTimeoutOnSleepingServer();
- } else if (FLAGS_test_case == "service_account_creds") {
- grpc::string json_key = GetServiceAccountJsonKey();
- client.DoServiceAccountCreds(json_key, FLAGS_oauth_scope);
} else if (FLAGS_test_case == "compute_engine_creds") {
client.DoComputeEngineCreds(FLAGS_default_service_account,
FLAGS_oauth_scope);
@@ -146,7 +142,6 @@
// service_account_creds and jwt_token_creds can only run with ssl.
if (FLAGS_enable_ssl) {
grpc::string json_key = GetServiceAccountJsonKey();
- client.DoServiceAccountCreds(json_key, FLAGS_oauth_scope);
client.DoJwtTokenCreds(json_key);
client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope);
client.DoPerRpcCreds(json_key, FLAGS_oauth_scope);
@@ -159,8 +154,7 @@
"large_unary|large_compressed_unary|client_streaming|server_streaming|"
"server_compressed_streaming|half_duplex|ping_pong|cancel_after_begin|"
"cancel_after_first_response|timeout_on_sleeping_server|"
- "service_account_creds|compute_engine_creds|jwt_token_creds|"
- "oauth2_auth_token|per_rpc_creds",
+ "compute_engine_creds|jwt_token_creds|oauth2_auth_token|per_rpc_creds",
FLAGS_test_case.c_str());
ret = 1;
}
diff --git a/test/cpp/interop/client_helper.cc b/test/cpp/interop/client_helper.cc
index abc14ae..7093463 100644
--- a/test/cpp/interop/client_helper.cc
+++ b/test/cpp/interop/client_helper.cc
@@ -64,16 +64,6 @@
namespace grpc {
namespace testing {
-namespace {
-std::shared_ptr<Credentials> CreateServiceAccountCredentials() {
- GPR_ASSERT(FLAGS_enable_ssl);
- grpc::string json_key = GetServiceAccountJsonKey();
- std::chrono::seconds token_lifetime = std::chrono::hours(1);
- return ServiceAccountCredentials(json_key, FLAGS_oauth_scope,
- token_lifetime.count());
-}
-} // namespace
-
grpc::string GetServiceAccountJsonKey() {
static grpc::string json_key;
if (json_key.empty()) {
@@ -86,7 +76,7 @@
}
grpc::string GetOauth2AccessToken() {
- std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials();
+ std::shared_ptr<Credentials> creds = GoogleComputeEngineCredentials();
SecureCredentials* secure_creds =
dynamic_cast<SecureCredentials*>(creds.get());
GPR_ASSERT(secure_creds != nullptr);
@@ -107,14 +97,10 @@
snprintf(host_port, host_port_buf_size, "%s:%d", FLAGS_server_host.c_str(),
FLAGS_server_port);
- if (test_case == "service_account_creds") {
- std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials();
- return CreateTestChannel(host_port, FLAGS_server_host_override,
- FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
- } else if (test_case == "compute_engine_creds") {
+ if (test_case == "compute_engine_creds") {
std::shared_ptr<Credentials> creds;
GPR_ASSERT(FLAGS_enable_ssl);
- creds = ComputeEngineCredentials();
+ creds = GoogleComputeEngineCredentials();
return CreateTestChannel(host_port, FLAGS_server_host_override,
FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
} else if (test_case == "jwt_token_creds") {
diff --git a/test/cpp/interop/interop_client.cc b/test/cpp/interop/interop_client.cc
index ca13cdc..73d1a14 100644
--- a/test/cpp/interop/interop_client.cc
+++ b/test/cpp/interop/interop_client.cc
@@ -179,24 +179,6 @@
gpr_log(GPR_INFO, "Large unary with compute engine creds done.");
}
-void InteropClient::DoServiceAccountCreds(const grpc::string& username,
- const grpc::string& oauth_scope) {
- gpr_log(GPR_INFO,
- "Sending a large unary rpc with service account credentials ...");
- SimpleRequest request;
- SimpleResponse response;
- request.set_fill_username(true);
- request.set_fill_oauth_scope(true);
- request.set_response_type(PayloadType::COMPRESSABLE);
- PerformLargeUnary(&request, &response);
- GPR_ASSERT(!response.username().empty());
- GPR_ASSERT(!response.oauth_scope().empty());
- GPR_ASSERT(username.find(response.username()) != grpc::string::npos);
- const char* oauth_scope_str = response.oauth_scope().c_str();
- GPR_ASSERT(oauth_scope.find(oauth_scope_str) != grpc::string::npos);
- gpr_log(GPR_INFO, "Large unary with service account creds done.");
-}
-
void InteropClient::DoOauth2AuthToken(const grpc::string& username,
const grpc::string& oauth_scope) {
gpr_log(GPR_INFO,
diff --git a/test/cpp/interop/interop_client.h b/test/cpp/interop/interop_client.h
index 5e26cc8..5a085c4 100644
--- a/test/cpp/interop/interop_client.h
+++ b/test/cpp/interop/interop_client.h
@@ -69,9 +69,6 @@
void DoComputeEngineCreds(const grpc::string& default_service_account,
const grpc::string& oauth_scope);
// username is a string containing the user email
- void DoServiceAccountCreds(const grpc::string& username,
- const grpc::string& oauth_scope);
- // username is a string containing the user email
void DoOauth2AuthToken(const grpc::string& username,
const grpc::string& oauth_scope);
// username is a string containing the user email