Skip to content

tests(trace): normalize VPCSC configuration in systests #9618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tseaver merged 4 commits into from
Nov 11, 2019
Merged

tests(trace): normalize VPCSC configuration in systests #9618

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e353d5a
tests(trace): do not set VPCSC env vars via nox
tseaver Nov 6, 2019
fd8f85c
tests(trace): normalize VPCSC configuration in systests
tseaver Nov 6, 2019
fc23b4c
fix: typo
tseaver Nov 11, 2019
e47f665
fix: review feedback
tseaver Nov 11, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 2 additions & 10 deletions trace/noxfile.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,19 +121,11 @@ def system(session):
session.install("-e", "../test_utils/")
session.install("-e", ".")

# Additional setup for VPCSC system tests
env = {
"PROJECT_ID": os.environ.get(
"PROJECT_ID"
),
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT": "secure-gcp-test-project-4",
}

# Run py.test against the system tests.
if system_test_exists:
session.run("py.test", "--quiet", system_test_path, env=env, *session.posargs)
session.run("py.test", "--quiet", system_test_path, *session.posargs)
if system_test_folder_exists:
session.run("py.test", "--quiet", system_test_folder_path, env=env, *session.posargs)
session.run("py.test", "--quiet", system_test_folder_path, *session.posargs)


@nox.session(python="3.7")
Expand Down
112 changes: 48 additions & 64 deletions trace/tests/system/gapic/v1/test_system_trace_service_v1_vpcsc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,68 +21,52 @@

from google.api_core import exceptions
from google.cloud import trace_v1
from test_utils.vpcsc_config import vpcsc_config

PROJECT_INSIDE = os.environ.get("PROJECT_ID", None)
PROJECT_OUTSIDE = os.environ.get(
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT", None
)


class TestVPCServiceControlV1(object):
@staticmethod
def _is_rejected(call):
try:
responses = call()
except exceptions.PermissionDenied as e:
return e.message == "Request is prohibited by organization's policy"
except:
return False
return False

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_list_traces(self):
client = trace_v1.TraceServiceClient()

list_inside = lambda: list(client.list_traces(PROJECT_INSIDE))
list_outside = lambda: list(client.list_traces(PROJECT_OUTSIDE))

assert not TestVPCServiceControlV1._is_rejected(list_inside)
assert TestVPCServiceControlV1._is_rejected(list_outside)

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_get_trace(self):
client = trace_v1.TraceServiceClient()

get_inside = lambda: client.get_trace(PROJECT_INSIDE, "")
get_outside = lambda: client.get_trace(PROJECT_OUTSIDE, "")

assert not TestVPCServiceControlV1._is_rejected(get_inside)
assert TestVPCServiceControlV1._is_rejected(get_outside)

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_patch_traces(self):
client = trace_v1.TraceServiceClient()

patch_inside = lambda: client.patch_traces(PROJECT_INSIDE, {})
patch_outside = lambda: client.patch_traces(PROJECT_OUTSIDE, {})

assert not TestVPCServiceControlV1._is_rejected(patch_inside)
assert TestVPCServiceControlV1._is_rejected(patch_outside)
_VPCSC_PROHIBITED_MESSAGE = "Request is prohibited by organization's policy."


@pytest.fixture
def client():
return trace_v1.TraceServiceClient()


@vpcsc_config.skip_unless_inside_vpcsc
def test_list_traces_w_inside(client):
list(client.list_traces(vpcsc_config.project_inside)) # no perms issue


@vpcsc_config.skip_unless_inside_vpcsc
def test_list_traces_w_outside(client):
with pytest.raises(exceptions.PermissionDenied) as exc:
list(client.list_traces(vpcsc_config.project_outside))

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message


@vpcsc_config.skip_unless_inside_vpcsc
def test_get_trace_w_inside(client):
with pytest.raises(exceptions.InvalidArgument):
client.get_trace(vpcsc_config.project_inside, "") # no perms issue


@vpcsc_config.skip_unless_inside_vpcsc
def test_get_trace_w_outside(client):
with pytest.raises(exceptions.PermissionDenied) as exc:
client.get_trace(vpcsc_config.project_outside, "")

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message


@vpcsc_config.skip_unless_inside_vpcsc
def test_patch_traces_w_inside(client):
with pytest.raises(exceptions.InvalidArgument):
client.patch_traces(vpcsc_config.project_inside, {}) # no perms issue


@vpcsc_config.skip_unless_inside_vpcsc
def test_patch_traces_w_ouside(client):
with pytest.raises(exceptions.PermissionDenied) as exc:
client.patch_traces(vpcsc_config.project_outside, {})

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message
59 changes: 23 additions & 36 deletions trace/tests/system/gapic/v2/test_system_trace_service_v2_vpcsc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,40 +21,27 @@

from google.api_core import exceptions
from google.cloud import trace_v2
from test_utils.vpcsc_config import vpcsc_config

PROJECT_INSIDE = os.environ.get("PROJECT_ID", None)
PROJECT_OUTSIDE = os.environ.get(
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT", None
)


class TestVPCServiceControlV2(object):
@staticmethod
def _is_rejected(call):
try:
responses = call()
except exceptions.PermissionDenied as e:
return e.message == "Request is prohibited by organization's policy"
except:
pass
return False

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_batch_write_spans(self):
client = trace_v2.TraceServiceClient()

proejct_inside = client.project_path(PROJECT_INSIDE)
proejct_outside = client.project_path(PROJECT_OUTSIDE)
spans = []

write_inside = lambda: client.batch_write_spans(proejct_inside, spans)
write_outside = lambda: client.batch_write_spans(proejct_outside, spans)

assert not TestVPCServiceControlV2._is_rejected(write_inside)
assert TestVPCServiceControlV2._is_rejected(write_outside)
_VPCSC_PROHIBITED_MESSAGE = "Request is prohibited by organization's policy."


@pytest.fixture
def client():
return trace_v2.TraceServiceClient()


@vpcsc_config.skip_unless_inside_vpcsc
def test_batch_write_spans_w_inside(client):
project_inside = client.project_path(vpcsc_config.project_inside)
client.batch_write_spans(project_inside, []) # no raise


@vpcsc_config.skip_unless_inside_vpcsc
def test_batch_write_spans_w_outside(client):
project_outside = client.project_path(vpcsc_config.project_outside)

with pytest.raises(exceptions.PermissionDenied) as exc:
client.batch_write_spans(project_outside, [])

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message