Adding auth tests; test commands may change in the future and

refactoring will happen when the commands are final.

tools/dockerfile/grpc_cxx/Dockerfile

@@ -21,4 +21,6 @@ RUN cd /var/local/git/grpc && ls \
   && make interop_client \
   && make interop_server
 
+ADD service_account service_account
+
 CMD ["/var/local/git/grpc/bins/opt/interop_server", "--enable_ssl", "--port=8010"]

tools/gce_setup/grpc_docker.sh

@@ -440,6 +440,55 @@ grpc_cloud_prod_test_args() {
   }
 }
 
+# checks the positional args and assigns them to variables visible in the caller
+#
+# these are the positional args passed to grpc_cloud_prod_test after option flags
+# are removed
+#
+# three args are expected, in order
+# - test_case
+# - host <the gce docker instance on which to run the test>
+# - client to run
+grpc_cloud_prod_auth_test_args() {
+  grpc_gen_test_cmd="grpc_cloud_prod_auth_"
+  [[ -n $1 ]] && {  # test_case
+    test_case=$1
+    grpc_gen_test_cmd+="$1"
+    shift
+  } || {
+    echo "$FUNCNAME: missing arg: test_case" 1>&2
+    return 1
+  }
+
+  [[ -n $1 ]] && {  # host
+    host=$1
+    shift
+  } || {
+    echo "$FUNCNAME: missing arg: host" 1>&2
+    return 1
+  }
+
+  [[ -n $1 ]] && {  # client_type
+    case $1 in
+      cxx|go|java|nodejs|php|python|ruby)
+        grpc_gen_test_cmd+="_gen_$1_cmd"
+        declare -F $grpc_gen_test_cmd >> /dev/null || {
+          echo "-f: test_func for $1 => $grpc_gen_test_cmd is not defined" 1>&2
+          return 2
+        }
+        shift
+        ;;
+      *)
+        echo "bad client_type: $1" 1>&2
+        return 1
+        ;;
+    esac
+  } || {
+    echo "$FUNCNAME: missing arg: client_type" 1>&2
+    return 1
+  }
+}
+
 _grpc_sync_scripts_args() {
   grpc_gce_script_root='tools/gce_setup'
 
@@ -715,6 +764,33 @@ grpc_cloud_prod_test() {
   gcloud compute $project_opt ssh $zone_opt $host --command "$cmd"
 }
 
+grpc_cloud_prod_auth_test() {
+  _grpc_ensure_gcloud_ssh || return 1;
+  # declare vars local so that they don't pollute the shell environment
+  # where they this func is used.
+
+  local grpc_zone grpc_project dry_run  # set by _grpc_set_project_and_zone
+  #  grpc_cloud_prod_test_args
+  local test_case host grpc_gen_test_cmd
+
+  # set the project zone and check that all necessary args are provided
+  _grpc_set_project_and_zone -f grpc_cloud_prod_auth_test_args "$@" || return 1
+  gce_has_instance $grpc_project $host || return 1;
+
+  local test_case_flag=" --test_case=$test_case"
+  cmd=$($grpc_gen_test_cmd $test_case_flag)
+  [[ -n $cmd ]] || return 1
+
+  local project_opt="--project $grpc_project"
+  local zone_opt="--zone $grpc_zone"
+  local ssh_cmd="bash -l -c \"$cmd\""
+  echo "will run:"
+  echo "  $ssh_cmd"
+  echo "on $host"
+  [[ $dry_run == 1 ]] && return 0  # don't run the command on a dry run
+  gcloud compute $project_opt ssh $zone_opt $host --command "$cmd"
+}
+
 # constructs the full dockerized ruby interop test cmd.
 #
 # call-seq:
@@ -837,7 +913,37 @@ grpc_cloud_prod_gen_cxx_cmd() {
     local cmd_prefix="sudo docker run grpc/cxx";
     local test_script="/var/local/git/grpc/bins/opt/interop_client --enable_ssl";
     local gfe_flags=" --use_prod_roots --server_port=443 --server_host=grpc-test.sandbox.google.com --server_host_override=grpc-test.sandbox.google.com"
-    local the_cmd="$cmd_prefix $test_script $gfe_flags $@";
+    local the_cmd="$cmd_prefix $test_script $gfe_flags $added_gfe_flags $@";
+    echo $the_cmd
+}
+
+# constructs the full dockerized cpp interop test cmd.
+#
+#
+# call-seq:
+#   flags= .... # generic flags to include the command
+#   cmd=$($grpc_gen_test_cmd $flags)
+grpc_cloud_prod_auth_service_account_creds_gen_cxx_cmd() {
+    local cmd_prefix="sudo docker run grpc/cxx";
+    local test_script="/var/local/git/grpc/bins/opt/interop_client --enable_ssl";
+    local gfe_flags=" --use_prod_roots --server_port=443 --server_host=grpc-test.sandbox.google.com --server_host_override=grpc-test.sandbox.google.com"
+    local added_gfe_flags=" --service_account_key_file=/service_account/stubbyCloudTestingTest-7dd63462c60c.json --oauth_scope=https://www.googleapis.com/auth/xapi.zoo"
+    local the_cmd="$cmd_prefix $test_script $gfe_flags $added_gfe_flags $@";
+    echo $the_cmd
+}
+
+# constructs the full dockerized cpp interop test cmd.
+#
+#
+# call-seq:
+#   flags= .... # generic flags to include the command
+#   cmd=$($grpc_gen_test_cmd $flags)
+grpc_cloud_prod_auth_compute_engine_creds_gen_cxx_cmd() {
+    local cmd_prefix="sudo docker run grpc/cxx";
+    local test_script="/var/local/git/grpc/bins/opt/interop_client --enable_ssl";
+    local gfe_flags=" --use_prod_roots --server_port=443 --server_host=grpc-test.sandbox.google.com --server_host_override=grpc-test.sandbox.google.com"
+    local added_gfe_flags=" --default_service_account=155450119199-r5aaqa2vqoa9g5mv2m6s3m1l293rlmel@developer.gserviceaccount.com --oauth_scope=https://www.googleapis.com/auth/xapi.zoo"
+    local the_cmd="$cmd_prefix $test_script $gfe_flags $added_gfe_flags $@";
     echo $the_cmd
 }
 

tools/gce_setup/new_grpc_docker_builder.sh

@@ -87,6 +87,7 @@ add_instance() {
   local the_image='container-vm-v20140925'
   local scopes='compute-rw storage-full'
   scopes+=' https://www.googleapis.com/auth/gerritcodereview'
+  scopes+=' https://www.googleapis.com/auth/xapi.zoo'
   gcloud --project $project compute instances create $instance \
     $address_flag \
     --image $the_image \

tools/gce_setup/shared_startup_funcs.sh

@@ -416,6 +416,9 @@ grpc_dockerfile_install() {
   [[ $image_label == "grpc/ruby" ]] && {
     grpc_docker_sync_roots_pem $dockerfile_dir/cacerts || return 1;
   }
+  [[ $image_label == "grpc/cxx" ]] && {
+    grpc_docker_sync_service_account $dockerfile_dir/service_account || return 1;
+  }
 
 
   # TODO(temiola): maybe make cache/no-cache a func option?
@@ -503,3 +506,31 @@ grpc_docker_sync_roots_pem() {
   }
   gsutil cp $src $gcs_certs_path $local_certs_path
 }
+
+# grpc_docker_sync_service_account.
+#
+# Copies the service account from GCS to the target dir
+#
+# call-seq:
+#   grpc_docker_sync_service_account <target_dir>
+grpc_docker_sync_service_account() {
+  local target_dir=$1
+  [[ -n $target_dir ]] || { echo "$FUNCNAME: missing arg: target_dir" >&2; return 1; }
+
+  # determine the admin root; the parent of the dockerfile root,
+  local gs_dockerfile_root=$(load_metadata "attributes/gs_dockerfile_root")
+  [[ -n $gs_dockerfile_root ]] || {
+    echo "$FUNCNAME: missing metadata: gs_dockerfile_root" >&2
+    return 1
+  }
+  local gcs_admin_root=$(dirname $gs_dockerfile_root)
+
+  # cp the file from gsutil to a known local area
+  local gcs_acct_path=$gcs_admin_root/service_account/stubbyCloudTestingTest-7dd63462c60c.json
+  local local_acct_path=$target_dir/stubbyCloudTestingTest-7dd63462c60c.json
+  mkdir -p $target_dir || {
+    echo "$FUNCNAME: could not create dir: $target_dir" 1>&2
+    return 1
+  }
+  gsutil cp $src $gcs_acct_path $local_acct_path
+}