Skip to content

Commit af5976f

Browse files
author
Takashi Matsuo
authored
testing: use default service account (#4128)
1 parent a8f87a6 commit af5976f

File tree

3 files changed

+29
-19
lines changed

3 files changed

+29
-19
lines changed

.kokoro/tests/run_tests.sh

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -55,13 +55,20 @@ fi
5555
# quota related errors. I think we can avoid this by changing the
5656
# order of tests to execute (e.g. reverse order for py-3.8
5757
# build). Currently there's no easy way to do that with btlr, so we
58-
# temporarily wait few minutes to avoid quota issue for py-3.8
59-
# presubmit build.
60-
if [[ "${RUN_TESTS_SESSION}" == "py-3.8" ]] \
61-
&& [[ "${KOKORO_JOB_NAME}" == *presubmit ]]; then
62-
echo -n "Detected py-3.8 presubmit build,"
63-
echo "Wait few minutes to avoid quota issues."
64-
sleep 5m
58+
# temporarily wait few minutes to avoid quota issue for some
59+
# presubmit builds.
60+
if [[ "${KOKORO_JOB_NAME}" == *presubmit ]] \
61+
&& [[ -z "${DIFF_FROM:-}" ]]; then
62+
if [[ "${RUN_TESTS_SESSION}" == "py-3.7" ]]; then
63+
echo -n "Detected py-3.7 presubmit full build,"
64+
echo "Wait 5 minutes to avoid quota issues."
65+
sleep 5m
66+
fi
67+
if [[ "${RUN_TESTS_SESSION}" == "py-3.8" ]]; then
68+
echo -n "Detected py-3.8 presubmit full build,"
69+
echo "Wait 10 minutes to avoid quota issues."
70+
sleep 10m
71+
fi
6572
fi
6673

6774
if [[ -z "${PROJECT_ROOT:-}" ]]; then
@@ -76,11 +83,9 @@ export PATH="${HOME}/.local/bin:${PATH}"
7683
# install nox for testing
7784
pip install --user -q nox
7885

79-
# Use secrets acessor service account to get secrets.
80-
if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then
81-
gcloud auth activate-service-account \
82-
--key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \
83-
--project="cloud-devrel-kokoro-resources"
86+
# On kokoro, we should be able to use the default service account. We
87+
# need to somehow bootstrap the secrets on other CI systems.
88+
if [[ "${TRAMPOLINE_CI}" == "kokoro" ]]; then
8489
# This script will create 3 files:
8590
# - testing/test-env.sh
8691
# - testing/service-account.json

.kokoro/trampoline_v2.sh

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -133,27 +133,29 @@ if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
133133
# descriptive env var for indicating it's on CI.
134134
RUNNING_IN_CI="true"
135135
TRAMPOLINE_CI="kokoro"
136+
# We should be able to use the default service account.
137+
log_yellow "Configuring Container Registry access"
138+
gcloud auth list
139+
gcloud auth configure-docker --quiet
136140
fi
137141

138142
# Configure the service account for pulling the docker image.
139-
if [[ "${TRAMPOLINE_CI:-}" == "kokoro" ]]; then
140-
# Now we're re-using the trampoline service account.
141-
# Potentially we can pass down this key into Docker for
142-
# bootstrapping secret.
143-
SERVICE_ACCOUNT_KEY_FILE="${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json"
143+
if [[ -n "${TRAMPOLINE_SERVICE_ACCOUNT:-}" ]]; then
144144

145145
mkdir -p "${tmpdir}/gcloud"
146146
gcloud_config_dir="${tmpdir}/gcloud"
147147

148148
log_yellow "Using isolated gcloud config: ${gcloud_config_dir}."
149149
export CLOUDSDK_CONFIG="${gcloud_config_dir}"
150150

151-
log_yellow "Using ${SERVICE_ACCOUNT_KEY_FILE} for authentication."
151+
log_yellow "Using ${TRAMPOLINE_SERVICE_ACCOUNT} for authentication."
152152
gcloud auth activate-service-account \
153-
--key-file "${SERVICE_ACCOUNT_KEY_FILE}"
153+
--key-file "${TRAMPOLINE_SERVICE_ACCOUNT}"
154+
log_yellow "Configuring Container Registry access"
154155
gcloud auth configure-docker --quiet
155156
fi
156157

158+
157159
log_yellow "Changing to the project root: ${PROJECT_ROOT}."
158160
cd "${PROJECT_ROOT}"
159161

scripts/decrypt-secrets.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,13 @@ fi
3232
PROJECT_ID="${SECRET_MANAGER_PROJECT:-cloud-devrel-kokoro-resources}"
3333

3434
gcloud secrets versions access latest --secret="python-docs-samples-test-env" \
35+
--project="${PROJECT_ID}" \
3536
> testing/test-env.sh
3637
gcloud secrets versions access latest \
3738
--secret="python-docs-samples-service-account" \
39+
--project="${PROJECT_ID}" \
3840
> testing/service-account.json
3941
gcloud secrets versions access latest \
4042
--secret="python-docs-samples-client-secrets" \
43+
--project="${PROJECT_ID}" \
4144
> testing/client-secrets.json

0 commit comments

Comments
 (0)