Skip to content

feat(iam): add utility class for ServiceAccount test #10058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conversation

alarconesparza
Copy link
Contributor

@alarconesparza alarconesparza commented Apr 4, 2025

Description

Fixes #10041

Checklist

  • I have followed Sample Format Guide
  • pom.xml parent set to latest shared-configuration
  • Appropriate changes to README are included in PR
  • These samples need a new API enabled in testing projects to pass (let us know which ones)
  • These samples need a new/updated env vars in testing projects set to pass (let us know which ones)
  • Tests pass: mvn clean verify required
  • Lint passes: mvn -P lint checkstyle:check required
  • Static Analysis: mvn -P lint clean compile pmd:cpd-check spotbugs:check advisory only
  • This sample adds a new sample directory, and I updated the CODEOWNERS file with the codeowners for this sample
  • This sample adds a new Product API, and I updated the Blunderbuss issue/PR auto-assigner with the codeowners for this sample
  • Please merge this PR for me once it is approved

@product-auto-label product-auto-label bot added api: iam Issues related to the Identity and Access Management API. samples Issues that are directly related to samples. labels Apr 4, 2025
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @alarconesparza, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request introduces a utility class named Util.java to assist with testing the IAM Service Account functionality. It includes methods for creating, disabling, and deleting service accounts and their keys, as well as methods for retrieving service account information. The utility class aims to simplify the setup and teardown processes for integration tests related to IAM service accounts.

Highlights

  • Utility Class Creation: A new utility class Util.java is created to encapsulate common operations for managing IAM Service Accounts during testing.
  • Service Account Management: The utility class provides methods for creating, disabling, and deleting service accounts, streamlining the testing process.
  • Service Account Key Management: The utility class includes methods for creating, disabling, deleting, listing, and retrieving service account keys.
  • Awaiting Creation: The utility class includes methods to await service account and service account key creation, to ensure tests don't start before the resources are available.

Changelog

Click here to see the changelog
  • iam/snippets/src/test/java/Util.java
    • Created a new utility class Util.java.
    • Added methods for creating service accounts (setUpTest_createServiceAccount).
    • Added methods for disabling service accounts (setUpTest_disableSertviceAccount).
    • Added methods for deleting service accounts (tearDownTest_deleteServiceAccount).
    • Added methods for listing service accounts (test_listServiceAccounts).
    • Added methods for getting service account details (test_getServiceAccount).
    • Added methods for creating service account keys (setUpTest_createServiceAccountKey).
    • Added methods for disabling service account keys (setUpTest_disableServiceAccountKey).
    • Added methods for deleting service account keys (tearDownTest_deleteServiceAccountKey).
    • Added methods for listing service account keys (test_listServiceAccountKeys).
    • Added methods for getting service account key details (test_getServiceAccountKey).
    • Added methods to await service account and service account key creation (awaitForServiceAccountCreation, awaitForServiceAccountKeyCreation).
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in issue comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.


A key is made,
Accounts managed with new code,
Tests now run smooth.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request introduces a utility class for ServiceAccount testing, which is a helpful addition. The code appears to be well-structured and addresses the intended functionality. However, there are a few areas that could be improved for clarity and efficiency.

Summary of Findings

  • Naming Consistency: Inconsistent naming of methods (e.g., setUpTest_createServiceAccount vs. test_listServiceAccounts). Consider standardizing the naming convention for better readability.
  • Redundant String Formatting: Multiple instances of string formatting for email and account names. Consider creating a utility method to handle this to avoid redundancy and potential errors.
  • Exception Handling in Await Methods: The awaitForServiceAccountCreation and awaitForServiceAccountKeyCreation methods catch Exception broadly. It would be better to catch specific exceptions to handle them appropriately.

Merge Readiness

The pull request is almost ready for merging. Addressing the naming inconsistencies, redundant string formatting, and exception handling would improve the code quality and maintainability. I am unable to directly approve this pull request, and recommend that others review and approve this code before merging.

Comment on lines 161 to 177
private static void awaitForServiceAccountCreation(String projectId, String serviceAccountName)
throws InterruptedException {
boolean isAccountCreated = false;
long time = 1000;
long timeLimit = 60000;
while (!isAccountCreated) {
try {
test_getServiceAccount(projectId, serviceAccountName);
isAccountCreated = true;
} catch (Exception e) {
Thread.sleep(time);
time *= 2;
if (time > timeLimit) {
break;
}
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Catching Exception is too broad. It's better to catch specific exceptions like IOException or InterruptedException and handle them appropriately. Also, consider logging the exception to provide more context when the await fails.

      } catch (IOException | InterruptedException e) {
        Thread.sleep(time);
        time *= 2;
        if (time > timeLimit) {
          // Log the exception here
          break;
        }
      }

Comment on lines +180 to +197
private static void awaitForServiceAccountKeyCreation(
String projectId, String serviceAccountName, String serviceAccountKeyId)
throws InterruptedException {
boolean isAccountCreated = false;
long time = 1000;
long timeLimit = 60000;
while (!isAccountCreated) {
try {
test_getServiceAccountKey(projectId, serviceAccountName, serviceAccountKeyId);
isAccountCreated = true;
} catch (Exception e) {
if (time > timeLimit) {
break;
}
Thread.sleep(time);
time *= 2;
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Similar to awaitForServiceAccountCreation, catching Exception is too broad here. Catch specific exceptions and log them for better error handling.

      } catch (IOException | InterruptedException e) {
        if (time > timeLimit) {
          // Log the exception here
          break;
        }
        Thread.sleep(time);
        time *= 2;
      }

return serviceAccount;
}

public static void setUpTest_disableSertviceAccount(String projectId, String serviceAccountName)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Typo in method name: setUpTest_disableSertviceAccount. Should be setUpTest_disableServiceAccount.

Suggested change
public static void setUpTest_disableSertviceAccount(String projectId, String serviceAccountName)
public static void setUpTest_disableServiceAccount(String projectId, String serviceAccountName)
throws IOException {

Comment on lines +118 to +120
public static String getServiceAccountKeyIdFromKey(ServiceAccountKey key) {
return key.getName().substring(key.getName().lastIndexOf("/") + 1).trim();
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Consider adding a null check for the key parameter to avoid a potential NullPointerException if key is null.

Suggested change
public static String getServiceAccountKeyIdFromKey(ServiceAccountKey key) {
return key.getName().substring(key.getName().lastIndexOf("/") + 1).trim();
}
public static String getServiceAccountKeyIdFromKey(ServiceAccountKey key) {
return key != null ? key.getName().substring(key.getName().lastIndexOf("/") + 1).trim() : null;
}

Stop reusing resources from other tests.
Use Util functions to set up and tear down resources.
@alarconesparza alarconesparza added kokoro:run Add this label to force Kokoro to re-run the tests. kokoro:force-run Add this label to force Kokoro to re-run the tests. and removed kokoro:run Add this label to force Kokoro to re-run the tests. labels Apr 7, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 7, 2025
@alarconesparza alarconesparza added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 7, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 7, 2025
@alarconesparza alarconesparza added kokoro:run Add this label to force Kokoro to re-run the tests. kokoro:force-run Add this label to force Kokoro to re-run the tests. and removed kokoro:run Add this label to force Kokoro to re-run the tests. labels Apr 8, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 8, 2025
@alarconesparza alarconesparza added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 9, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 9, 2025
@alarconesparza alarconesparza marked this pull request as ready for review April 10, 2025 22:18
@alarconesparza alarconesparza requested review from yoshi-approver and a team as code owners April 10, 2025 22:18
Copy link
Contributor

@telpirion telpirion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I understand what might be happening here. These samples, I suspect, intend to swap out the environment's ADC with a service account created by the sample. However, the client libraries can't find the ADC because they aren't saved to disk (perhaps?).

@telpirion
Copy link
Contributor

Follow-up: the code here looks correct as written. I suspect that there's something more causing the build failures.

Copy link
Contributor

@minherz minherz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not finish reviewing all code changes in all tests. Given the tendency in changes that I see, please extrapolate the remarks to the rest of the changed files.

@alarconesparza alarconesparza added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@alarconesparza alarconesparza added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@telpirion
Copy link
Contributor

@minherz the samples under test are about SA management. That's why these tests create and delete SAs outside of our testing infra. Does that answer some of your concerns?

@alarconesparza alarconesparza added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@alarconesparza alarconesparza added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 16, 2025
@alarconesparza alarconesparza marked this pull request as ready for review April 28, 2025 23:22
@alarconesparza
Copy link
Contributor Author

@gemini review

Copy link
Contributor

I have reviewed the code again after the latest changes. I focused on correctness, efficiency, maintainability, and security, and I have not found any issues. The code looks good to me.

I also reviewed the changes with respect to the Sample Format Guide and have not found any issues.

Thanks for your contribution!

Copy link
Contributor

@telpirion telpirion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alarconesparza I'm sorry that it's taken so long for me to get back to this! Thank you SO much for all your hard work. This is truly excellent.

Copy link
Contributor

@minherz minherz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR does not look like adding an utility class but a full rewriting of tests.
Distribution tests across tens of test files should be explained.
Currently it seems to produce a lot of code duplication and to complicate the maintenance.

Please, avoid using stdout for test assertions. Output is usually ambiguous and hard to validate that leads to false positives due to small changes in source code.

Comment on lines +54 to +57
public void beforeTest() {
bout = new ByteArrayOutputStream();
System.setOut(new PrintStream(bout));

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is recommended to avoid capturing stdout for test validation due to high risk of ambiguity that invalidates test assertions

Comment on lines +55 to +56
bout = new ByteArrayOutputStream();
System.setOut(new PrintStream(bout));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

Comment on lines +55 to +56
bout = new ByteArrayOutputStream();
System.setOut(new PrintStream(bout));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

Comment on lines +57 to +58
bout = new ByteArrayOutputStream();
System.setOut(new PrintStream(bout));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

Comment on lines +56 to +57
bout = new ByteArrayOutputStream();
System.setOut(new PrintStream(bout));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

util class looks to have a replica of the code in the SA code samples. What is a value of having this file?

@iennae iennae merged commit add7429 into GoogleCloudPlatform:main May 15, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: iam Issues related to the Identity and Access Management API. samples Issues that are directly related to samples.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

IAM: ServiceAccountTests.java needs refactoring
5 participants