def _RunDevelopmentServer(self, service_name, local_port, additional_gcloud_flags=None): skaffold_event_port = self.GetPort() with e2e_base.RefreshTokenAuth() as auth: gcloud_args = [ 'alpha', 'code', 'dev', '--service-name=' + service_name, '--image=fake-image-name', '--stop-cluster', '--minikube-profile=%s' % self.ClusterName(), '--skaffold-events-port=%s' % skaffold_event_port, '--account=%s' % auth.Account(), ] gcloud_args.append('--local-port=%s' % local_port) if additional_gcloud_flags: gcloud_args += additional_gcloud_flags match_strings = ['Service URL: http://localhost'] with self.ExecuteLegacyScriptAsync( 'gcloud', gcloud_args, match_strings=match_strings, timeout=450) as process_context: with TerminateWithSigInt( process_context.p, timeout=datetime.timedelta(minutes=2)): yield SkaffoldContext(skaffold_event_port)
def testCreateServiceAccountCredential(self): refresh_token = e2e_base.RefreshTokenAuth() local_credential_variable = EnvironmentVariable( 'LOCAL_CREDENTIAL_PATH', _LOCAL_CREDENTIAL_FILE_PATH) pod_and_services_path = os.path.join(_LOCAL_DEVELOPMENT_DIR, 'pods_and_services.yaml') with refresh_token as auth, local_credential_variable as _: command = ( 'code export --project {0} --kubernetes-file={1} ' '--skaffold-file={2} --service-account={3} --dockerfile={4}' ).format(auth.Project(), pod_and_services_path, _SKAFFOLD_FILE_PATH, self.local_account_email, self.docker_file) self.Run(command) self.WriteInput('y') with open(pod_and_services_path) as pods_and_services_file: pods_and_services = list(yaml.load_all(pods_and_services_file)) pod_specs = [ spec for spec in pods_and_services if spec['kind'] == 'Deployment' ] self.assertGreaterEqual(len(pod_specs), 1) for spec in pod_specs: env_vars = yaml_helper.GetAll(spec, path=('spec', 'template', 'spec', 'containers', 'env')) credential_vars = ( var['value'] for var in env_vars if var['name'] == 'GOOGLE_APPLICATION_CREDENTIALS') env_var_path = next(credential_vars, None) self.assertEqual( env_var_path, '/etc/local_development_credential/' 'local_development_service_account.json') secret_specs = [ spec for spec in pods_and_services if spec['kind'] == 'Secret' ] self.assertEqual(len(secret_specs), 1) self.assertEqual(secret_specs[0]['metadata']['name'], 'local-development-credential')
def TearDown(self): with e2e_base.RefreshTokenAuth() as _: keys = self.Run( ('iam service-accounts keys list ' '--iam-account={0}').format(self.local_account_email)) user_keys = (key for key in keys if six.text_type(key.keyType) == 'USER_MANAGED') for key in user_keys: self.Run( 'iam service-accounts keys delete {0} --iam-account={1}'. format(key.name, self.local_account_email)) retry.RetryOnException( # IAM policy can't accommodate concurrent changes f=self.Run, max_retrials=5, sleep_ms=500, exponential_sleep_multiplier=2)( 'projects remove-iam-policy-binding {0} ' '--role roles/editor --member serviceAccount:{1}'.format( self.Project(), self.local_account_email)) self.Run('iam service-accounts delete {email}'.format( email=self.local_account_email))
def testClone_RefreshToken(self): with e2e_base.RefreshTokenAuth() as auth: self._RunCloneAndAssert(auth.__class__.__name__, auth.Project())
def testNoAuth(self): with self.assertRaisesRegex( store.TokenRefreshError, 'There was a problem refreshing your current auth tokens'): with e2e_base.RefreshTokenAuth('fake-token'): pass
def testRefreshToken(self): with e2e_base.RefreshTokenAuth() as auth: # Make sure activated credentials are usable. self.Run('compute zones list --project={0}'.format(auth.Project())) self.AssertOutputContains('us-central1')