From fb99a2e8306079562628ba6cff8eb9023391d0fe Mon Sep 17 00:00:00 2001
From: Tres Seaver <tseaver@palladion.com>
Date: Mon, 14 Jun 2021 12:22:33 -0400
Subject: [PATCH 1/2] tests: pre-scrub old HMAC keys before testing creation

Avoids hitting 5-key-per-service-account quota.

Closes #334.
---
 tests/system/test_system.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/system/test_system.py b/tests/system/test_system.py
index ce89beb59..fd0adeb5b 100644
--- a/tests/system/test_system.py
+++ b/tests/system/test_system.py
@@ -35,6 +35,7 @@
 from google.cloud.storage._helpers import _base64_md5hash
 from google.cloud.storage.bucket import LifecycleRuleDelete
 from google.cloud.storage.bucket import LifecycleRuleSetStorageClass
+from google.cloud import _helpers
 from google.cloud import kms
 from google import resumable_media
 import google.auth
@@ -155,6 +156,18 @@ def test_hmac_key_crud(self):
 
         before_keys = set(Config.CLIENT.list_hmac_keys())
 
+        now = datetime.datetime.utcnow().replace(tzinfo=_helpers.UTC)
+        yesterday = now - datetime.timedelta(days=1)
+
+        # Delete any HMAC keys older than a day.
+        for before_key in list(before_keys):
+            if before_key.time_created < yesterday:
+                if before_key.state != HMACKeyMetadata.INACTIVE_STATE:
+                    before_key.state = HMACKeyMetadata.INACTIVE_STATE
+                    before_key.update()
+                before_key.delete()
+                before_keys.remove(before_key)
+
         metadata, secret = Config.CLIENT.create_hmac_key(email)
         self.case_hmac_keys_to_delete.append(metadata)
 

From c07995d0d1b9e747f3afb0f9c8c32f8abaa71c4a Mon Sep 17 00:00:00 2001
From: Tres Seaver <tseaver@palladion.com>
Date: Mon, 21 Jun 2021 12:21:35 -0400
Subject: [PATCH 2/2] tests: make HMAC key pre-scrub a fixture

Addresses review comment.
---
 tests/system/test_system.py | 40 ++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/tests/system/test_system.py b/tests/system/test_system.py
index fd0adeb5b..6fbaa02c2 100644
--- a/tests/system/test_system.py
+++ b/tests/system/test_system.py
@@ -27,6 +27,7 @@
 import mock
 
 import requests
+import pytest
 import six
 
 from google.cloud import exceptions
@@ -148,25 +149,33 @@ def test_get_service_account_email(self):
 
         self.assertTrue(any(match for match in matches if match is not None))
 
-    def test_hmac_key_crud(self):
+    @staticmethod
+    def _get_before_hmac_keys(client):
         from google.cloud.storage.hmac_key import HMACKeyMetadata
 
-        credentials = Config.CLIENT._credentials
-        email = credentials.service_account_email
-
-        before_keys = set(Config.CLIENT.list_hmac_keys())
+        before_hmac_keys = set(client.list_hmac_keys())
 
         now = datetime.datetime.utcnow().replace(tzinfo=_helpers.UTC)
         yesterday = now - datetime.timedelta(days=1)
 
         # Delete any HMAC keys older than a day.
-        for before_key in list(before_keys):
-            if before_key.time_created < yesterday:
-                if before_key.state != HMACKeyMetadata.INACTIVE_STATE:
-                    before_key.state = HMACKeyMetadata.INACTIVE_STATE
-                    before_key.update()
-                before_key.delete()
-                before_keys.remove(before_key)
+        for hmac_key in list(before_hmac_keys):
+            if hmac_key.time_created < yesterday:
+                if hmac_key.state != HMACKeyMetadata.INACTIVE_STATE:
+                    hmac_key.state = HMACKeyMetadata.INACTIVE_STATE
+                    hmac_key.update()
+                hmac_key.delete()
+                before_hmac_keys.remove(hmac_key)
+
+        return before_hmac_keys
+
+    def test_hmac_key_crud(self):
+        from google.cloud.storage.hmac_key import HMACKeyMetadata
+
+        credentials = Config.CLIENT._credentials
+        email = credentials.service_account_email
+
+        before_hmac_keys = self._get_before_hmac_keys(Config.CLIENT)
 
         metadata, secret = Config.CLIENT.create_hmac_key(email)
         self.case_hmac_keys_to_delete.append(metadata)
@@ -174,9 +183,9 @@ def test_hmac_key_crud(self):
         self.assertIsInstance(secret, six.text_type)
         self.assertEqual(len(secret), 40)
 
-        after_keys = set(Config.CLIENT.list_hmac_keys())
-        self.assertFalse(metadata in before_keys)
-        self.assertTrue(metadata in after_keys)
+        after_hmac_keys = set(Config.CLIENT.list_hmac_keys())
+        self.assertFalse(metadata in before_hmac_keys)
+        self.assertTrue(metadata in after_hmac_keys)
 
         another = HMACKeyMetadata(Config.CLIENT)
 
@@ -322,7 +331,6 @@ def test_bucket_update_labels(self):
         self.assertEqual(bucket.labels, {})
 
     def test_get_set_iam_policy(self):
-        import pytest
         from google.cloud.storage.iam import STORAGE_OBJECT_VIEWER_ROLE
         from google.api_core.exceptions import BadRequest, PreconditionFailed