Adds a compute engine auth GCE interop test

- also fixes the service_account test assertions

src/ruby/bin/interop/interop_client.rb

@@ -56,6 +56,8 @@ require 'test/cpp/interop/empty'
 
 require 'signet/ssl_config'
 
+include Google::RPC::Auth
+
 # loads the certificates used to access the test server securely.
 def load_test_certs
   this_dir = File.expand_path(File.dirname(__FILE__))
@@ -67,46 +69,53 @@ end
 # loads the certificates used to access the test server securely.
 def load_prod_cert
   fail 'could not find a production cert' if ENV['SSL_CERT_FILE'].nil?
-  p "loading prod certs from #{ENV['SSL_CERT_FILE']}"
+  logger.info("loading prod certs from #{ENV['SSL_CERT_FILE']}")
   File.open(ENV['SSL_CERT_FILE']).read
 end
 
-# creates a Credentials from the test certificates.
+# creates SSL Credentials from the test certificates.
 def test_creds
   certs = load_test_certs
   GRPC::Core::Credentials.new(certs[0])
 end
 
-RX_CERT = /-----BEGIN CERTIFICATE-----\n.*?-----END CERTIFICATE-----\n/m
-
-# creates a Credentials from the production certificates.
+# creates SSL Credentials from the production certificates.
 def prod_creds
   cert_text = load_prod_cert
   GRPC::Core::Credentials.new(cert_text)
 end
 
+# creates the SSL Credentials.
+def ssl_creds(use_test_ca)
+  return test_creds if use_test_ca
+  prod_creds
+end
+
 # creates a test stub that accesses host:port securely.
 def create_stub(opts)
   address = "#{opts.host}:#{opts.port}"
   if opts.secure
-    creds = nil
-    if opts.use_test_ca
-      creds = test_creds
-    else
-      creds = prod_creds
-    end
-
     stub_opts = {
-      :creds => creds,
+      :creds => ssl_creds(opts.use_test_ca),
       GRPC::Core::Channel::SSL_TARGET => opts.host_override
     }
 
-    # Allow service account updates if specified
-    unless opts.oauth_scope.nil?
-      cred_clz = Google::RPC::Auth::ServiceAccountCredentials
-      json_key_io = StringIO.new(File.read(opts.oauth_key_file))
-      auth_creds = cred_clz.new(opts.oauth_scope, json_key_io)
-      stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply))
+    # Add service account creds if specified
+    if %w(all service_account_creds).include?(opts.test_case)
+      unless opts.oauth_scope.nil?
+        fd = StringIO.new(File.read(opts.oauth_key_file))
+        logger.info("loading oauth certs from #{opts.oauth_key_file}")
+        auth_creds = ServiceAccountCredentials.new(opts.oauth_scope, fd)
+        stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply))
+      end
+    end
+
+    # Add compute engine creds if specified
+    if %w(all compute_engine_creds).include?(opts.test_case)
+      unless opts.oauth_scope.nil?
+        auth_creds = GCECredentials.new
+        stub_opts[:update_metadata] = lambda(&auth_creds.method(:apply))
+      end
     end
 
     logger.info("... connecting securely to #{address}")
@@ -166,10 +175,10 @@ class NamedTests
   include Grpc::Testing::PayloadType
   attr_accessor :assertions # required by Minitest::Assertions
 
-  def initialize(stub, opts)
+  def initialize(stub, args)
     @assertions = 0  # required by Minitest::Assertions
     @stub = stub
-    @opts = opts
+    @args = args
   end
 
   def empty_unary
@@ -185,18 +194,30 @@ class NamedTests
 
   def service_account_creds
     # ignore this test if the oauth options are not set
-    if @opts.oauth_scope.nil? || @opts.oauth_key_file.nil?
+    if @args.oauth_scope.nil? || @args.oauth_key_file.nil?
       p 'NOT RUN: service_account_creds; no service_account settings'
     end
-    json_key = File.read(@opts.oauth_key_file)
+    json_key = File.read(@args.oauth_key_file)
     wanted_email = MultiJson.load(json_key)['client_email']
-    resp = perform_large_unary
-    assert_equal(@opts.oauth_scope, resp.oauth_scope,
-                 'service_account_creds: incorrect oauth_scope')
-    assert_equal(wanted_email, resp.username)
+    resp = perform_large_unary(fill_username: true,
+                               fill_oauth_scope: true)
+    assert_equal(wanted_email, resp.username,
+                 'service_account_creds: incorrect username')
+    assert(@args.oauth_scope.include?(resp.oauth_scope),
+           'service_account_creds: incorrect oauth_scope')
     p 'OK: service_account_creds'
   end
 
+  def compute_engine_creds
+    resp = perform_large_unary(fill_username: true,
+                               fill_oauth_scope: true)
+    assert(@args.oauth_scope.include?(resp.oauth_scope),
+           'service_account_creds: incorrect oauth_scope')
+    assert_equal(@args.default_service_account, resp.username,
+                 'service_account_creds: incorrect username')
+    p 'OK: compute_engine_creds'
+  end
+
   def client_streaming
     msg_sizes = [27_182, 8, 1828, 45_904]
     wanted_aggregate_size = 74_922
@@ -264,66 +285,65 @@ class NamedTests
   end
 end
 
-Options = Struct.new(:oauth_scope, :oauth_key_file, :secure, :host,
-                     :host_override, :port, :test_case, :use_test_ca)
+# Args is used to hold the command line info.
+Args = Struct.new(:default_service_account, :host, :host_override,
+                  :oauth_scope, :oauth_key_file, :port, :secure, :test_case,
+                  :use_test_ca)
 
 # validates the the command line options, returning them as a Hash.
-def parse_options
-  options = Options.new
-  options.host_override = 'foo.test.google.com'
+def parse_args
+  args = Args.new
+  args.host_override = 'foo.test.google.com'
   OptionParser.new do |opts|
-    opts.banner = 'Usage: --server_host <server_host> --server_port server_port'
     opts.on('--oauth_scope scope',
-            'Scope for OAuth tokens') do |v|
-      options['oauth_scope'] = v
-    end
+            'Scope for OAuth tokens') { |v| args['oauth_scope'] = v }
     opts.on('--server_host SERVER_HOST', 'server hostname') do |v|
-      options['host'] = v
+      args['host'] = v
+    end
+    opts.on('--default_service_account email_address',
+            'email address of the default service account') do |v|
+      args['default_service_account'] = v
     end
     opts.on('--service_account_key_file PATH',
             'Path to the service account json key file') do |v|
-      options['oauth_key_file'] = v
+      args['oauth_key_file'] = v
     end
     opts.on('--server_host_override HOST_OVERRIDE',
             'override host via a HTTP header') do |v|
-      options['host_override'] = v
-    end
-    opts.on('--server_port SERVER_PORT', 'server port') do |v|
-      options['port'] = v
+      args['host_override'] = v
     end
+    opts.on('--server_port SERVER_PORT', 'server port') { |v| args['port'] = v }
     # instance_methods(false) gives only the methods defined in that class
     test_cases = NamedTests.instance_methods(false).map(&:to_s)
     test_case_list = test_cases.join(',')
     opts.on('--test_case CODE', test_cases, {}, 'select a test_case',
-            "  (#{test_case_list})") do |v|
-      options['test_case'] = v
-    end
+            "  (#{test_case_list})") { |v| args['test_case'] = v }
     opts.on('-s', '--use_tls', 'require a secure connection?') do |v|
-      options['secure'] = v
+      args['secure'] = v
     end
     opts.on('-t', '--use_test_ca',
             'if secure, use the test certificate?') do |v|
-      options['use_test_ca'] = v
+      args['use_test_ca'] = v
     end
   end.parse!
-  _check_options(options)
+  _check_args(args)
 end
 
-def _check_options(opts)
-  %w(host port test_case).each do |arg|
-    if opts[arg].nil?
+def _check_args(args)
+  %w(host port test_case).each do |a|
+    if args[a].nil?
       fail(OptionParser::MissingArgument, "please specify --#{arg}")
     end
   end
-  if opts['oauth_key_file'].nil? ^ opts['oauth_scope'].nil?
+  if args['oauth_key_file'].nil? ^ args['oauth_scope'].nil?
     fail(OptionParser::MissingArgument,
          'please specify both of --service_account_key_file and --oauth_scope')
   end
-  opts
+  args
 end
 
 def main
-  opts = parse_options
+  opts = parse_args
   stub = create_stub(opts)
   NamedTests.new(stub, opts).method(opts['test_case']).call
 end