Skip to content

[iam] fix: reduce flakiness #3293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tmatsuo merged 3 commits into from
Apr 8, 2020
Merged

[iam] fix: reduce flakiness #3293

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
14baca8
[iam] fix: reduce flakiness
Apr 7, 2020
fa49d4f
Merge branch 'master' into fix-iam2
Apr 7, 2020
84239c1
Merge branch 'master' into fix-iam2
Apr 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 35 additions & 15 deletions iam/api-client/access_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,10 @@

import os
import pytest
import random
import uuid

from googleapiclient import errors
from retrying import retry

import access
import service_accounts
Expand All @@ -26,11 +29,16 @@
GCP_ROLE = "roles/owner"


def retry_if_conflict(exception):
return (isinstance(exception, errors.HttpError)
and 'There were concurrent policy changes' in str(exception))


@pytest.fixture(scope="module")
def test_member():
# section to create service account to test policy updates.
rand = str(random.randint(0, 1000))
name = "python-test-" + rand
# we use the first portion of uuid4 because full version is too long.
name = "python-test-" + str(uuid.uuid4()).split('-')[0]
email = name + "@" + GCLOUD_PROJECT + ".iam.gserviceaccount.com"
member = "serviceAccount:" + email
service_accounts.create_service_account(
Expand All @@ -50,24 +58,36 @@ def test_get_policy(capsys):


def test_modify_policy_add_role(test_member, capsys):
policy = access.get_policy(GCLOUD_PROJECT, version=3)
access.modify_policy_add_role(policy, GCLOUD_PROJECT, test_member)
out, _ = capsys.readouterr()
assert u"etag" in out
@retry(wait_exponential_multiplier=1000, wait_exponential_max=10000,
stop_max_attempt_number=5, retry_on_exception=retry_if_conflict)
def test_call():
policy = access.get_policy(GCLOUD_PROJECT, version=3)
access.modify_policy_add_role(policy, GCLOUD_PROJECT, test_member)
out, _ = capsys.readouterr()
assert u"etag" in out
test_call()


def test_modify_policy_remove_member(test_member, capsys):
policy = access.get_policy(GCLOUD_PROJECT, version=3)
access.modify_policy_remove_member(policy, GCP_ROLE, test_member)
out, _ = capsys.readouterr()
assert "iam.gserviceaccount.com" in out
@retry(wait_exponential_multiplier=1000, wait_exponential_max=10000,
stop_max_attempt_number=5, retry_on_exception=retry_if_conflict)
def test_call():
policy = access.get_policy(GCLOUD_PROJECT, version=3)
access.modify_policy_remove_member(policy, GCP_ROLE, test_member)
out, _ = capsys.readouterr()
assert "iam.gserviceaccount.com" in out
test_call()


def test_set_policy(capsys):
policy = access.get_policy(GCLOUD_PROJECT, version=3)
access.set_policy(GCLOUD_PROJECT, policy)
out, _ = capsys.readouterr()
assert u"etag" in out
@retry(wait_exponential_multiplier=1000, wait_exponential_max=10000,
stop_max_attempt_number=5, retry_on_exception=retry_if_conflict)
def test_call():
policy = access.get_policy(GCLOUD_PROJECT, version=3)
access.set_policy(GCLOUD_PROJECT, policy)
out, _ = capsys.readouterr()
assert u"etag" in out
test_call()


def test_permissions(capsys):
Expand Down
1 change: 1 addition & 0 deletions iam/api-client/requirements-test.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
pytest==5.3.2
gcp-devrel-py-tools==0.0.15
retrying==1.3.3