Skip to content

fix: minimize custom tests used #9538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
m-strzelczyk merged 4 commits into from
Apr 11, 2023
Merged

fix: minimize custom tests used #9538

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
222a0f1
fix: minimize custom tests used
engelke Apr 10, 2023
9b9bc1c
fix: use strings instead of constants
engelke Apr 10, 2023
96e0a98
fix: remove unneeded import
engelke Apr 10, 2023
bf8373a
Fixing lint problem
m-strzelczyk Apr 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
115 changes: 35 additions & 80 deletions iam/api-client/custom_roles_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2016 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -15,55 +15,36 @@
import os
import uuid

import googleapiclient.errors
import pytest

import custom_roles


GCLOUD_PROJECT = os.environ["GOOGLE_CLOUD_PROJECT"]

CUSTOM_ROLE_NAME = "pythonTestCustomRole"
CUSTOM_ROLE_TITLE = "Python Test Custom Role"
CUSTOM_ROLE_DESCRIPTION = "This is a python test custom role"
CUSTOM_ROLE_PERMISSIONS = ["iam.roles.get"]
CUSTOM_ROLE_STAGE = "GA"
CUSTOM_ROLE_EMAIL = (
CUSTOM_ROLE_NAME + "@" + GCLOUD_PROJECT + ".iam.gserviceaccount.com"
)


# A single custom role is created, used for all tests, then deleted, to minimize
# the total number of custom roles in existence. Once a custom role is deleted,
# it can take up to 14 days before it stops counting against the maximum number
# of custom roles allowed.
#
# Since this fixture will throw an exception upon failing to create or delete
# a custom role, there are no separatetests for those activities needed.
@pytest.fixture(scope="module")
def test_custom_role():
# This custom role is reused in read/update tests.
try:
custom_roles.create_role(
CUSTOM_ROLE_NAME,
GCLOUD_PROJECT,
CUSTOM_ROLE_TITLE,
CUSTOM_ROLE_DESCRIPTION,
CUSTOM_ROLE_PERMISSIONS,
CUSTOM_ROLE_STAGE,
)
except googleapiclient.errors.HttpError as e:
if "HttpError 409" not in str(e):
raise e
# Ignore error since we just reuse the same custom role.
print('Re-using the custom role "{}".'.format(CUSTOM_ROLE_NAME))
yield CUSTOM_ROLE_NAME
# we don't delete this custom role for future tests.


@pytest.fixture(scope="function")
def unique_custom_role_name():
UNIQUE_CUSTOM_ROLE_NAME = "pythonTestCustomRole" + str(uuid.uuid1().int)
yield UNIQUE_CUSTOM_ROLE_NAME

# Delete the custom role
try:
custom_roles.delete_role(UNIQUE_CUSTOM_ROLE_NAME, GCLOUD_PROJECT)
except googleapiclient.errors.HttpError:
print("Custom role already deleted.")
def custom_role():
role_name = "pythonTestCustomRole" + str(uuid.uuid4().hex)
custom_roles.create_role(
role_name,
GCLOUD_PROJECT,
"Python Test Custom Role",
"This is a python test custom role",
["iam.roles.get"],
"GA",
)

yield role_name

custom_roles.delete_role(role_name, GCLOUD_PROJECT)


def test_query_testable_permissions(capsys):
Expand All @@ -75,59 +56,33 @@ def test_query_testable_permissions(capsys):
assert "\n" in out


def test_get_role(capsys):
custom_roles.get_role("roles/appengine.appViewer")
def test_list_roles(capsys):
custom_roles.list_roles(GCLOUD_PROJECT)
out, _ = capsys.readouterr()
assert "roles/" in out


def test_create_role(unique_custom_role_name, capsys):
custom_roles.create_role(
unique_custom_role_name,
GCLOUD_PROJECT,
CUSTOM_ROLE_TITLE,
CUSTOM_ROLE_DESCRIPTION,
CUSTOM_ROLE_PERMISSIONS,
CUSTOM_ROLE_STAGE,
)
def test_get_role(capsys):
custom_roles.get_role("roles/appengine.appViewer")
out, _ = capsys.readouterr()
assert "Created role:" in out
assert "roles/" in out


def test_edit_role(test_custom_role, capsys):
def test_edit_role(custom_role, capsys):
custom_roles.edit_role(
test_custom_role,
custom_role,
GCLOUD_PROJECT,
CUSTOM_ROLE_TITLE,
"Python Test Custom Role",
"This is a python test custom role",
"Updated",
CUSTOM_ROLE_PERMISSIONS,
CUSTOM_ROLE_STAGE,
["iam.roles.get"],
"GA",
)
out, _ = capsys.readouterr()
assert "Updated role:" in out


def test_list_roles(capsys):
custom_roles.list_roles(GCLOUD_PROJECT)
out, _ = capsys.readouterr()
assert "roles/" in out


def test_disable_role(test_custom_role, capsys):
custom_roles.disable_role(test_custom_role, GCLOUD_PROJECT)
def test_disable_role(custom_role, capsys):
custom_roles.disable_role(custom_role, GCLOUD_PROJECT)
out, _ = capsys.readouterr()
assert "Disabled role:" in out


def test_delete_role(unique_custom_role_name, capsys):
custom_roles.create_role(
unique_custom_role_name,
GCLOUD_PROJECT,
CUSTOM_ROLE_TITLE,
CUSTOM_ROLE_DESCRIPTION,
CUSTOM_ROLE_PERMISSIONS,
CUSTOM_ROLE_STAGE,
)
custom_roles.delete_role(unique_custom_role_name, GCLOUD_PROJECT)
out, _ = capsys.readouterr()
assert "Deleted role:" in out