From 9c5f15a2533d85bee93470d46ce34c57c7e34115 Mon Sep 17 00:00:00 2001 From: Cathy Ouyang Date: Wed, 4 Aug 2021 15:48:49 -0700 Subject: [PATCH 1/3] fix: update test email for acl tests. previous email was deleted in the project --- storage/cloud-client/acl_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/cloud-client/acl_test.py b/storage/cloud-client/acl_test.py index c715d8742ae..41bf6ef9e94 100644 --- a/storage/cloud-client/acl_test.py +++ b/storage/cloud-client/acl_test.py @@ -34,7 +34,7 @@ # Typically we'd use a @example.com address, but GCS requires a real Google # account. TEST_EMAIL = ( - "google-auth-system-tests" + "jenkins-and-travis" "@python-docs-samples-tests.iam.gserviceaccount.com" ) From b3e59067c44e9dacf5053de36b6565acb1ffd514 Mon Sep 17 00:00:00 2001 From: Cathy Ouyang Date: Wed, 4 Aug 2021 18:04:31 -0700 Subject: [PATCH 2/3] update to service account without project editor owner permissions --- storage/cloud-client/acl_test.py | 7 ++----- storage/cloud-client/noxfile_config.py | 1 + 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/storage/cloud-client/acl_test.py b/storage/cloud-client/acl_test.py index 41bf6ef9e94..e55261763db 100644 --- a/storage/cloud-client/acl_test.py +++ b/storage/cloud-client/acl_test.py @@ -32,11 +32,8 @@ import storage_remove_file_owner # Typically we'd use a @example.com address, but GCS requires a real Google -# account. -TEST_EMAIL = ( - "jenkins-and-travis" - "@python-docs-samples-tests.iam.gserviceaccount.com" -) +# account. Retrieve a service account email with storage admin permissions. +TEST_EMAIL = os.environ["ACL_TEST_EMAIL"] @pytest.fixture(scope="module") diff --git a/storage/cloud-client/noxfile_config.py b/storage/cloud-client/noxfile_config.py index ebd479f7e4f..98c09f18458 100644 --- a/storage/cloud-client/noxfile_config.py +++ b/storage/cloud-client/noxfile_config.py @@ -77,6 +77,7 @@ def get_cloud_kms_key(): 'envs': { 'HMAC_KEY_TEST_SERVICE_ACCOUNT': get_service_account_email(), 'CLOUD_KMS_KEY': get_cloud_kms_key(), + 'ACL_TEST_EMAIL': get_service_account_email(), # Some tests can not use multiple projects because of several reasons: # 1. The new projects is enforced to have the # 'constraints/iam.disableServiceAccountKeyCreation' policy. From e3d3a3becc14a4d5b86bb90700e258f6134e35d3 Mon Sep 17 00:00:00 2001 From: Cathy Ouyang Date: Wed, 4 Aug 2021 18:23:55 -0700 Subject: [PATCH 3/3] update test email to avoid creating new service accounts --- storage/cloud-client/acl_test.py | 5 ++++- storage/cloud-client/noxfile_config.py | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/storage/cloud-client/acl_test.py b/storage/cloud-client/acl_test.py index e55261763db..0fcc21c324d 100644 --- a/storage/cloud-client/acl_test.py +++ b/storage/cloud-client/acl_test.py @@ -33,7 +33,10 @@ # Typically we'd use a @example.com address, but GCS requires a real Google # account. Retrieve a service account email with storage admin permissions. -TEST_EMAIL = os.environ["ACL_TEST_EMAIL"] +TEST_EMAIL = ( + "py38-storage-test" + "@python-docs-samples-tests.iam.gserviceaccount.com" +) @pytest.fixture(scope="module") diff --git a/storage/cloud-client/noxfile_config.py b/storage/cloud-client/noxfile_config.py index 98c09f18458..ebd479f7e4f 100644 --- a/storage/cloud-client/noxfile_config.py +++ b/storage/cloud-client/noxfile_config.py @@ -77,7 +77,6 @@ def get_cloud_kms_key(): 'envs': { 'HMAC_KEY_TEST_SERVICE_ACCOUNT': get_service_account_email(), 'CLOUD_KMS_KEY': get_cloud_kms_key(), - 'ACL_TEST_EMAIL': get_service_account_email(), # Some tests can not use multiple projects because of several reasons: # 1. The new projects is enforced to have the # 'constraints/iam.disableServiceAccountKeyCreation' policy.