def _RunDevelopmentServer(self,
service_name,
local_port,
additional_gcloud_flags=None):
skaffold_event_port = self.GetPort()
with e2e_base.RefreshTokenAuth() as auth:
gcloud_args = [
'alpha',
'code',
'dev',
'--service-name=' + service_name,
'--image=fake-image-name',
'--stop-cluster',
'--minikube-profile=%s' % self.ClusterName(),
'--skaffold-events-port=%s' % skaffold_event_port,
'--account=%s' % auth.Account(),
]
gcloud_args.append('--local-port=%s' % local_port)
if additional_gcloud_flags:
gcloud_args += additional_gcloud_flags
match_strings = ['Service URL: http://localhost']
with self.ExecuteLegacyScriptAsync(
'gcloud', gcloud_args, match_strings=match_strings,
timeout=450) as process_context:
with TerminateWithSigInt(
process_context.p, timeout=datetime.timedelta(minutes=2)):
yield SkaffoldContext(skaffold_event_port)
def testCreateServiceAccountCredential(self):
refresh_token = e2e_base.RefreshTokenAuth()
local_credential_variable = EnvironmentVariable(
'LOCAL_CREDENTIAL_PATH', _LOCAL_CREDENTIAL_FILE_PATH)
pod_and_services_path = os.path.join(_LOCAL_DEVELOPMENT_DIR,
'pods_and_services.yaml')
with refresh_token as auth, local_credential_variable as _:
command = (
'code export --project {0} --kubernetes-file={1} '
'--skaffold-file={2} --service-account={3} --dockerfile={4}'
).format(auth.Project(), pod_and_services_path,
_SKAFFOLD_FILE_PATH, self.local_account_email,
self.docker_file)
self.Run(command)
self.WriteInput('y')
with open(pod_and_services_path) as pods_and_services_file:
pods_and_services = list(yaml.load_all(pods_and_services_file))
pod_specs = [
spec for spec in pods_and_services if spec['kind'] == 'Deployment'
]
self.assertGreaterEqual(len(pod_specs), 1)
for spec in pod_specs:
env_vars = yaml_helper.GetAll(spec,
path=('spec', 'template', 'spec',
'containers', 'env'))
credential_vars = (
var['value'] for var in env_vars
if var['name'] == 'GOOGLE_APPLICATION_CREDENTIALS')
env_var_path = next(credential_vars, None)
self.assertEqual(
env_var_path, '/etc/local_development_credential/'
'local_development_service_account.json')
secret_specs = [
spec for spec in pods_and_services if spec['kind'] == 'Secret'
]
self.assertEqual(len(secret_specs), 1)
self.assertEqual(secret_specs[0]['metadata']['name'],
'local-development-credential')
def TearDown(self):
with e2e_base.RefreshTokenAuth() as _:
keys = self.Run(
('iam service-accounts keys list '
'--iam-account={0}').format(self.local_account_email))
user_keys = (key for key in keys
if six.text_type(key.keyType) == 'USER_MANAGED')
for key in user_keys:
self.Run(
'iam service-accounts keys delete {0} --iam-account={1}'.
format(key.name, self.local_account_email))
retry.RetryOnException( # IAM policy can't accommodate concurrent changes
f=self.Run,
max_retrials=5,
sleep_ms=500,
exponential_sleep_multiplier=2)(
'projects remove-iam-policy-binding {0} '
'--role roles/editor --member serviceAccount:{1}'.format(
self.Project(), self.local_account_email))
self.Run('iam service-accounts delete {email}'.format(
email=self.local_account_email))
def testClone_RefreshToken(self):
with e2e_base.RefreshTokenAuth() as auth:
self._RunCloneAndAssert(auth.__class__.__name__, auth.Project())
def testNoAuth(self):
with self.assertRaisesRegex(
store.TokenRefreshError,
'There was a problem refreshing your current auth tokens'):
with e2e_base.RefreshTokenAuth('fake-token'):
pass
def testRefreshToken(self):
with e2e_base.RefreshTokenAuth() as auth:
# Make sure activated credentials are usable.
self.Run('compute zones list --project={0}'.format(auth.Project()))
self.AssertOutputContains('us-central1')