Fix failing system tests (googleapis#5832)

crwilcox · theacodes · commit 763d44cde557 · 2018-08-22T11:39:17.000-05:00
diff --git a/storage/nox.py b/storage/nox.py
@@ -90,6 +90,7 @@ def system(session, py):
     session.install('mock', 'pytest', *LOCAL_DEPS)
     session.install('../test_utils/')
     session.install('../pubsub')
+    session.install('../kms')
     session.install('-e', '.')
 
     # Run py.test against the system tests.
diff --git a/storage/tests/system.py b/storage/tests/system.py
@@ -24,6 +24,7 @@
 from google.cloud import exceptions
 from google.cloud import storage
 from google.cloud.storage._helpers import _base64_md5hash
+from google.cloud import kms
 
 from test_utils.retry import RetryErrors
 from test_utils.system import unique_resource_id
@@ -912,7 +913,7 @@ def topic_path(self):
         return 'projects/{}/topics/{}'.format(
             Config.CLIENT.project, self.TOPIC_NAME)
 
-    def _intialize_topic(self):
+    def _initialize_topic(self):
         try:
             from google.cloud.pubsub_v1 import PublisherClient
         except ImportError:
@@ -923,14 +924,13 @@ def _intialize_topic(self):
         binding = policy.bindings.add()
         binding.role = 'roles/pubsub.publisher'
         binding.members.append(
-            'serviceAccount:{}'
-            '@gs-project-accounts.iam.gserviceaccount.com'.format(
-                Config.CLIENT.project))
+            'serviceAccount:{}'.format(
+                Config.CLIENT.get_service_account_email()))
         self.publisher_client.set_iam_policy(self.topic_path, policy)
 
     def setUp(self):
         self.case_buckets_to_delete = []
-        self._intialize_topic()
+        self._initialize_topic()
 
     def tearDown(self):
         retry_429(self.publisher_client.delete_topic)(self.topic_path)
@@ -1054,6 +1054,62 @@ def _kms_key_name(self, key_name=None):
             key_name,
         )
 
+    @classmethod
+    def setUpClass(cls):
+        super(TestKMSIntegration, cls).setUpClass()
+
+    def setUp(self):
+        super(TestKMSIntegration, self).setUp()
+        client = kms.KeyManagementServiceClient()
+
+        # If the keyring doesn't exist create it.
+        name = client.key_ring_path(
+            Config.CLIENT.project,
+            self.bucket.location.lower(),
+            self.KEYRING_NAME)
+
+        try:
+            client.get_key_ring(name)
+        except exceptions.NotFound:
+            parent = client.location_path(
+                Config.CLIENT.project, self.bucket.location.lower())
+            client.create_key_ring(parent, self.KEYRING_NAME, {})
+
+        # Ensure this service account is marked as an owner to the test keyring
+        keyring_location_path = client.key_ring_path(
+            Config.CLIENT.project,
+            self.bucket.location.lower(),
+            self.KEYRING_NAME)
+        service_account = Config.CLIENT.get_service_account_email()
+        policy = {
+            "bindings": [
+                {
+                    "role": "roles/owner",
+                    "members": [
+                        "serviceAccount:" + service_account,
+                    ]
+                }
+            ]
+        }
+
+        client.set_iam_policy(keyring_location_path, policy)
+
+        # Populate the keyring with the keys we use in the tests
+        for keyname in ['gcs-test2', 'gcs-test-alternate',
+                        'explicit-kms-key-name', 'default-kms-key-name',
+                        'override-default-kms-key-name',
+                        'alt-default-kms-key-name']:
+            key_path = client.crypto_key_path(Config.CLIENT.project,
+                                              self.bucket.location.lower(),
+                                              self.KEYRING_NAME,
+                                              keyname)
+            try:
+                client.get_crypto_key(key_path)
+            except exceptions.NotFound:
+                purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
+                key = {'purpose': purpose}
+                client.create_crypto_key(keyring_location_path, keyname, key)
+
     def test_blob_w_explicit_kms_key_name(self):
         BLOB_NAME = 'explicit-kms-key-name'
         file_data = self.FILES['simple']
@@ -1139,7 +1195,7 @@ def test_rewrite_rotate_csek_to_cmek(self):
         kms_key_name = self._kms_key_name()
 
         # We can't verify it, but ideally we would check that the following
-        # URL was resolvable with our credentals
+        # URL was resolvable with our credentials
         # KEY_URL = 'https://cloudkms.googleapis.com/v1/{}'.format(
         #     kms_key_name)
 
