Skip to content

Commit

Permalink
tests(trace): normalize VPCSC configuration in systests (#9618)
Browse files Browse the repository at this point in the history
Toward #9580.
  • Loading branch information
tseaver authored Nov 11, 2019
1 parent ce04e30 commit ef309fc
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 110 deletions.
12 changes: 2 additions & 10 deletions trace/noxfile.py
Original file line number Diff line number Diff line change
Expand Up @@ -121,19 +121,11 @@ def system(session):
session.install("-e", "../test_utils/")
session.install("-e", ".")

# Additional setup for VPCSC system tests
env = {
"PROJECT_ID": os.environ.get(
"PROJECT_ID"
),
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT": "secure-gcp-test-project-4",
}

# Run py.test against the system tests.
if system_test_exists:
session.run("py.test", "--quiet", system_test_path, env=env, *session.posargs)
session.run("py.test", "--quiet", system_test_path, *session.posargs)
if system_test_folder_exists:
session.run("py.test", "--quiet", system_test_folder_path, env=env, *session.posargs)
session.run("py.test", "--quiet", system_test_folder_path, *session.posargs)


@nox.session(python="3.7")
Expand Down
112 changes: 48 additions & 64 deletions trace/tests/system/gapic/v1/test_system_trace_service_v1_vpcsc.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,68 +21,52 @@

from google.api_core import exceptions
from google.cloud import trace_v1
from test_utils.vpcsc_config import vpcsc_config

PROJECT_INSIDE = os.environ.get("PROJECT_ID", None)
PROJECT_OUTSIDE = os.environ.get(
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT", None
)


class TestVPCServiceControlV1(object):
@staticmethod
def _is_rejected(call):
try:
responses = call()
except exceptions.PermissionDenied as e:
return e.message == "Request is prohibited by organization's policy"
except:
return False
return False

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_list_traces(self):
client = trace_v1.TraceServiceClient()

list_inside = lambda: list(client.list_traces(PROJECT_INSIDE))
list_outside = lambda: list(client.list_traces(PROJECT_OUTSIDE))

assert not TestVPCServiceControlV1._is_rejected(list_inside)
assert TestVPCServiceControlV1._is_rejected(list_outside)

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_get_trace(self):
client = trace_v1.TraceServiceClient()

get_inside = lambda: client.get_trace(PROJECT_INSIDE, "")
get_outside = lambda: client.get_trace(PROJECT_OUTSIDE, "")

assert not TestVPCServiceControlV1._is_rejected(get_inside)
assert TestVPCServiceControlV1._is_rejected(get_outside)

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_patch_traces(self):
client = trace_v1.TraceServiceClient()

patch_inside = lambda: client.patch_traces(PROJECT_INSIDE, {})
patch_outside = lambda: client.patch_traces(PROJECT_OUTSIDE, {})

assert not TestVPCServiceControlV1._is_rejected(patch_inside)
assert TestVPCServiceControlV1._is_rejected(patch_outside)
_VPCSC_PROHIBITED_MESSAGE = "Request is prohibited by organization's policy."


@pytest.fixture
def client():
return trace_v1.TraceServiceClient()


@vpcsc_config.skip_unless_inside_vpcsc
def test_list_traces_w_inside(client):
list(client.list_traces(vpcsc_config.project_inside)) # no perms issue


@vpcsc_config.skip_unless_inside_vpcsc
def test_list_traces_w_outside(client):
with pytest.raises(exceptions.PermissionDenied) as exc:
list(client.list_traces(vpcsc_config.project_outside))

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message


@vpcsc_config.skip_unless_inside_vpcsc
def test_get_trace_w_inside(client):
with pytest.raises(exceptions.InvalidArgument):
client.get_trace(vpcsc_config.project_inside, "") # no perms issue


@vpcsc_config.skip_unless_inside_vpcsc
def test_get_trace_w_outside(client):
with pytest.raises(exceptions.PermissionDenied) as exc:
client.get_trace(vpcsc_config.project_outside, "")

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message


@vpcsc_config.skip_unless_inside_vpcsc
def test_patch_traces_w_inside(client):
with pytest.raises(exceptions.InvalidArgument):
client.patch_traces(vpcsc_config.project_inside, {}) # no perms issue


@vpcsc_config.skip_unless_inside_vpcsc
def test_patch_traces_w_ouside(client):
with pytest.raises(exceptions.PermissionDenied) as exc:
client.patch_traces(vpcsc_config.project_outside, {})

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message
59 changes: 23 additions & 36 deletions trace/tests/system/gapic/v2/test_system_trace_service_v2_vpcsc.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,40 +21,27 @@

from google.api_core import exceptions
from google.cloud import trace_v2
from test_utils.vpcsc_config import vpcsc_config

PROJECT_INSIDE = os.environ.get("PROJECT_ID", None)
PROJECT_OUTSIDE = os.environ.get(
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT", None
)


class TestVPCServiceControlV2(object):
@staticmethod
def _is_rejected(call):
try:
responses = call()
except exceptions.PermissionDenied as e:
return e.message == "Request is prohibited by organization's policy"
except:
pass
return False

@pytest.mark.skipif(
PROJECT_INSIDE is None, reason="Missing environment variable: PROJECT_ID"
)
@pytest.mark.skipif(
PROJECT_OUTSIDE is None,
reason="Missing environment variable: GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT",
)
def test_batch_write_spans(self):
client = trace_v2.TraceServiceClient()

proejct_inside = client.project_path(PROJECT_INSIDE)
proejct_outside = client.project_path(PROJECT_OUTSIDE)
spans = []

write_inside = lambda: client.batch_write_spans(proejct_inside, spans)
write_outside = lambda: client.batch_write_spans(proejct_outside, spans)

assert not TestVPCServiceControlV2._is_rejected(write_inside)
assert TestVPCServiceControlV2._is_rejected(write_outside)
_VPCSC_PROHIBITED_MESSAGE = "Request is prohibited by organization's policy."


@pytest.fixture
def client():
return trace_v2.TraceServiceClient()


@vpcsc_config.skip_unless_inside_vpcsc
def test_batch_write_spans_w_inside(client):
project_inside = client.project_path(vpcsc_config.project_inside)
client.batch_write_spans(project_inside, []) # no raise


@vpcsc_config.skip_unless_inside_vpcsc
def test_batch_write_spans_w_outside(client):
project_outside = client.project_path(vpcsc_config.project_outside)

with pytest.raises(exceptions.PermissionDenied) as exc:
client.batch_write_spans(project_outside, [])

assert _VPCSC_PROHIBITED_MESSAGE in exc.value.message

0 comments on commit ef309fc

Please sign in to comment.