Skip to content

Commit 1f1806b

Browse files
qian-longsduskis
qian-long
authored and
sduskis
committed
---
yaml --- r: 20703 b: refs/heads/autosynth-iamcredentials c: e77f4c1 h: refs/heads/master i: 20701: e33963a 20699: 9a79766 20695: f1bf883 20687: 707b796 20671: eb60639
1 parent dbe7866 commit 1f1806b

2 files changed

Lines changed: 175 additions & 1 deletion

File tree

  • [refs]
  • branches/autosynth-iamcredentials/google-cloud-clients/google-cloud-spanner/src/test/java/com/google/cloud/spanner/it

[refs]

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ refs/heads/pubsub-ordering-keys: 858d4e986a0ba48e08f00d42f51cbdecb175f5d6
162162
refs/tags/v0.75.0: c3673089ae09a897c1b4cf7dfe167fe4f8ab32fb
163163
refs/tags/v0.76.0: 395b016826d3ddf9cb8b34919636df15a4dbd032
164164
refs/tags/v0.77.0: 28a85a77883ccf5d48f297fd0ef3b3dca6ce01f0
165-
refs/heads/autosynth-iamcredentials: 4e4ce6c2dfd83a4d528b3c6283da33e74baab1fd
165+
refs/heads/autosynth-iamcredentials: e77f4c15ce46bce508dcbfe85578ef3010b0496d
166166
refs/heads/release-google-cloud-java-v0.78.0: fae5e980779cf0173a152636b278015b9f60ee55
167167
refs/heads/release-google-cloud-java-v0.81.0: 0352cd0dd11f4fd1fbd1ff16e7a96beaccc7b475
168168
refs/heads/release-google-cloud-java-v0.81.1-SNAPSHOT: 5a74ccb1f12506a3b67b65521881298fde20bd6f

branches/autosynth-iamcredentials/google-cloud-clients/google-cloud-spanner/src/test/java/com/google/cloud/spanner/it/ITVPCNegativeTest.java

Lines changed: 174 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,174 @@
1+
/*
2+
* Copyright 2019 Google LLC
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package com.google.cloud.spanner.it;
18+
19+
import static com.google.common.truth.Truth.assertThat;
20+
import static org.junit.Assert.assertEquals;
21+
import static org.junit.Assert.assertTrue;
22+
import static org.junit.Assert.fail;
23+
import static org.junit.Assume.assumeTrue;
24+
25+
import com.google.cloud.spanner.DatabaseAdminClient;
26+
import com.google.cloud.spanner.DatabaseClient;
27+
import com.google.cloud.spanner.DatabaseId;
28+
import com.google.cloud.spanner.ErrorCode;
29+
import com.google.cloud.spanner.InstanceAdminClient;
30+
import com.google.cloud.spanner.InstanceId;
31+
import com.google.cloud.spanner.IntegrationTest;
32+
import com.google.cloud.spanner.KeySet;
33+
import com.google.cloud.spanner.Options;
34+
import com.google.cloud.spanner.SessionPoolOptions;
35+
import com.google.cloud.spanner.Spanner;
36+
import com.google.cloud.spanner.SpannerException;
37+
import com.google.cloud.spanner.SpannerOptions;
38+
import java.util.Arrays;
39+
import org.junit.After;
40+
import org.junit.Before;
41+
import org.junit.BeforeClass;
42+
import org.junit.Test;
43+
import org.junit.experimental.categories.Category;
44+
import org.junit.runner.RunWith;
45+
import org.junit.runners.JUnit4;
46+
47+
/** Integration tests for VPC-SC */
48+
@Category(IntegrationTest.class)
49+
@RunWith(JUnit4.class)
50+
public class ITVPCNegativeTest {
51+
private static final String IN_VPCSC_TEST = System.getenv("GOOGLE_CLOUD_TESTS_IN_VPCSC");
52+
private static final String OUTSIDE_VPC_PROJECT =
53+
System.getenv("GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT");
54+
55+
private Spanner spanner;
56+
private InstanceAdminClient instanceAdminClient;
57+
private DatabaseAdminClient databaseAdminClient;
58+
private DatabaseClient databaseClient;
59+
60+
@BeforeClass
61+
public static void setUpClass() {
62+
assumeTrue(
63+
"To run tests, GOOGLE_CLOUD_TESTS_IN_VPCSC environment variable needs to be set to True",
64+
IN_VPCSC_TEST != null && IN_VPCSC_TEST.equalsIgnoreCase("true"));
65+
assertTrue(
66+
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT environment variable needs "
67+
+ "to be set to a GCP project that is outside the VPC perimeter",
68+
OUTSIDE_VPC_PROJECT != null && OUTSIDE_VPC_PROJECT != "");
69+
}
70+
71+
@Before
72+
public void setUp() {
73+
InstanceId instanceId = InstanceId.of(OUTSIDE_VPC_PROJECT, "nonexistent-instance");
74+
SpannerOptions options =
75+
SpannerOptions.newBuilder()
76+
.setProjectId(instanceId.getProject())
77+
.setSessionPoolOption(
78+
SessionPoolOptions.newBuilder()
79+
// Do not eagerly create sessions since they will fail outside the VPC.
80+
.setMinSessions(0)
81+
// Client shouldn't block if sessions cannot be created
82+
.setFailIfPoolExhausted()
83+
.build())
84+
.build();
85+
spanner = options.getService();
86+
instanceAdminClient = spanner.getInstanceAdminClient();
87+
databaseAdminClient = spanner.getDatabaseAdminClient();
88+
databaseClient =
89+
spanner.getDatabaseClient(
90+
DatabaseId.of(OUTSIDE_VPC_PROJECT, "nonexistent-instance", "nonexistent-database"));
91+
}
92+
93+
@After
94+
public void tearDown() {
95+
spanner.close();
96+
}
97+
98+
private void checkExceptionForVPCError(SpannerException e) {
99+
assertEquals(ErrorCode.PERMISSION_DENIED, e.getErrorCode());
100+
assertThat(e.getMessage()).contains("Request is prohibited by organization's policy");
101+
}
102+
103+
@Test
104+
public void deniedListInstanceConfigs() {
105+
try {
106+
instanceAdminClient.listInstanceConfigs();
107+
fail("Expected PERMISSION_DENIED SpannerException");
108+
} catch (SpannerException e) {
109+
checkExceptionForVPCError(e);
110+
}
111+
}
112+
113+
@Test
114+
public void deniedGetInstanceConfig() {
115+
try {
116+
instanceAdminClient.getInstanceConfig("nonexistent-configs");
117+
fail("Expected PERMISSION_DENIED SpannerException");
118+
} catch (SpannerException e) {
119+
checkExceptionForVPCError(e);
120+
}
121+
}
122+
123+
@Test
124+
public void deniedListInstances() {
125+
try {
126+
instanceAdminClient.listInstances();
127+
fail("Expected PERMISSION_DENIED SpannerException");
128+
} catch (SpannerException e) {
129+
checkExceptionForVPCError(e);
130+
}
131+
}
132+
133+
@Test
134+
public void deniedGetInstance() {
135+
try {
136+
instanceAdminClient.getInstance("non-existent");
137+
fail("Expected PERMISSION_DENIED SpannerException");
138+
} catch (SpannerException e) {
139+
checkExceptionForVPCError(e);
140+
}
141+
}
142+
143+
@Test
144+
public void deniedListDatabases() {
145+
try {
146+
databaseAdminClient.listDatabases("nonexistent-instance", Options.pageSize(1));
147+
fail("Expected PERMISSION_DENIED SpannerException");
148+
} catch (SpannerException e) {
149+
checkExceptionForVPCError(e);
150+
}
151+
}
152+
153+
@Test
154+
public void deniedGetDatabase() {
155+
try {
156+
databaseAdminClient.getDatabase("nonexistent-instance", "nonexistent-database");
157+
fail("Expected PERMISSION_DENIED SpannerException");
158+
} catch (SpannerException e) {
159+
checkExceptionForVPCError(e);
160+
}
161+
}
162+
163+
@Test
164+
public void deniedRead() {
165+
try {
166+
// Tests that the initial create session request returns a permission denied.
167+
databaseClient
168+
.singleUse()
169+
.read("nonexistent-table", KeySet.all(), Arrays.asList("nonexistent-col"));
170+
} catch (SpannerException e) {
171+
checkExceptionForVPCError(e);
172+
}
173+
}
174+
}

0 commit comments

Comments
 (0)