| #!/usr/bin/env python |
| """ |
| This is a helper script for making pRPC API calls during local development. |
| |
| Usage examples: |
| |
| To test an anonymous request to your own local monorail server: |
| 1. Run 'make serve' in another shell |
| 2. `./api/test_call monorail.Projects ListComponents |
| '{"project_name": "monorail", "include_admin_info": true}'` |
| |
| To test a signed in request to your own local monorail server: |
| 1. Run 'make serve' in another shell |
| 2. `./api/test_call monorail.Projects ListComponents |
| '{"project_name": "monorail", "include_admin_info": true}' |
| --test_account=test@example.com` |
| Note that test account email address must always end in @example.com. |
| |
| To test an anonymous request to your monorail staging server: |
| 1. Deploy your staging server version, e.g., 12345-76697e9-tainted-jrobbins. |
| 2. Visit your staging server in a new incognito window and view source |
| to find the XSRF token for the anonymous user in JS var CS_env['token']. |
| 3. `./api/test_call monorail.Projects ListComponents |
| '{"project_name": "monorail", "include_admin_info": true}' |
| --host=12345-76697e9-tainted-jrobbins-dot-monorail-staging.appspot.com |
| --xsrf-token='THE_ANON_TOKEN'` |
| |
| To test a signed-in request to your monorail staging server using |
| the client_id for monorail-staging and your own account: |
| 1. Make sure that you have a role in the monorail-staging project. |
| 2. Have your account allowlisted by email address. |
| 3. Download the monorail-staging app credientials via |
| `gcloud --project=monorail-staging auth login`. |
| 4. `./api/test_call monorail.Projects ListComponents |
| '{"project_name": "monorail", "include_admin_info": true}' |
| --host=12345-76697e9-tainted-jrobbins-dot-monorail-staging.appspot.com |
| --use-app-credentials` |
| |
| To test a signed-in request to your monorail staging server using |
| a service account client secrets file that you download: |
| (Note: This is not recommended for prod because downloading secrets |
| is a bad practice.) |
| 1. Create a service account via the Cloud Console for any project. |
| Choose "IAM & Admin" > "Service accounts". |
| Press "+ Create Service Account". |
| Fill in the form and submit it to save a service account .json file |
| to your local disk. Keep this file private. |
| 2. File an issue on /p/monorail to allowlist your client_id and/or |
| client_email. Or, author a CL yourself to add it to the allowlist. |
| 3. `./api/test_call monorail.Projects ListComponents |
| '{"project_name": "monorail", "include_admin_info": true}' |
| --host=12345-76697e9-tainted-jrobbins-dot-monorail-staging.appspot.com |
| --service-account=FILENAME_OF_SERVICE_ACCOUNT_JSON_FILE` |
| """ |
| |
| import argparse |
| import errno |
| import json |
| import logging |
| import sys |
| |
| |
| import httplib2 |
| from oauth2client.client import GoogleCredentials |
| |
| |
| URL_BASE = 'http://localhost:8080/prpc/' |
| OAUTH_SCOPE = 'https://www.googleapis.com/auth/userinfo.email' |
| |
| def make_http(args): |
| """Return an httplib2.Http object, with or without oauth.""" |
| http = httplib2.Http() |
| credentials = None |
| if args.use_app_credentials: |
| credentials = GoogleCredentials.get_application_default() |
| if args.service_account: |
| credentials = GoogleCredentials.from_stream(args.service_account) |
| logging.debug('Will request as user %r', credentials.service_account_email) |
| |
| if credentials: |
| credentials = credentials.create_scoped([OAUTH_SCOPE]) |
| logging.debug('Will request as client %r', credentials.client_id) |
| if not args.host: |
| print(('[ERROR] OAuth on localhost will always see user ' |
| 'example@example.com, so we do not support that.\n' |
| 'Instead, add --server=YOUR_STAGING_SERVER, ' |
| 'or use --test_account=USER@example.com.')) |
| sys.exit(1) |
| |
| http = credentials.authorize(http) |
| |
| return http |
| |
| def make_call(service, method, json_body, args): |
| """Call the server and print the response contents.""" |
| body = json.loads(json_body) |
| |
| url_base = URL_BASE |
| if args.host: |
| url_base = 'https://%s/prpc/' % args.host |
| url = '%s%s/%s' % (url_base, service, method) |
| logging.debug('Request URL: %s', url) |
| |
| http = make_http(args) |
| headers = { |
| 'Content-Type': 'application/json', |
| 'Accept': 'application/json', |
| } |
| if args.test_account: |
| headers['x-test-account'] = args.test_account |
| if args.xsrf_token: |
| headers['x-xsrf-token'] = args.xsrf_token |
| body = json.dumps(body) |
| |
| logging.debug('Body: %r' % body) |
| try: |
| response, contents = http.request( |
| url, method='POST', body=body, headers=headers) |
| logging.info('Received response: %s', contents) |
| except httplib2.HttpLib2Error as e: |
| if hasattr(e.reason, 'errno') and e.reason.errno == errno.ECONNREFUSED: |
| print('[Error] Could not reach server. Is it running?') |
| else: |
| raise e |
| |
| |
| if __name__ == '__main__': |
| parser = argparse.ArgumentParser(description='Process some integers.') |
| parser.add_argument('service', help='pRPC service name.') |
| parser.add_argument('method', help='pRPC method name.') |
| parser.add_argument('json_body', help='pRPC HTTP body in valid JSON.') |
| parser.add_argument('--test-account', |
| help='Test account to use, in the form of an email.') |
| parser.add_argument('--xsrf-token', help='Custom XSRF token.') |
| parser.add_argument('--host', help='remote server FQDN.') |
| parser.add_argument( |
| '--use-app-credentials', |
| help='Use credentials of a GAE app that you are signed into via gcloud.', |
| action='store_true') |
| parser.add_argument( |
| '--service-account', help='Service account credentials JSON file name.') |
| parser.add_argument('-v', '--verbose', action='store_true') |
| args = parser.parse_args() |
| |
| if args.verbose: |
| log_level = logging.DEBUG |
| else: |
| log_level = logging.INFO |
| logging.basicConfig(format='%(levelname)s: %(message)s', level=log_level) |
| |
| make_call(args.service, args.method, args.json_body, args) |