Skip to content

Commit 73b3f62

Browse files
qian-longsduskis
qian-long
authored and
sduskis
committed
---
yaml --- r: 14945 b: refs/heads/autosynth-automl c: e77f4c1 h: refs/heads/master i: 14943: b9c5e9b
1 parent aad1011 commit 73b3f62

2 files changed

Lines changed: 175 additions & 1 deletion

File tree

[refs]

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ refs/heads/spanner: b01127f885b4611bf1852abb0ce481eeb7fcc131
123123
refs/tags/v0.68.0: 9cc799fcf68c82ab431d425fefa58ef615ce8e5b
124124
refs/tags/v0.69.0: 78f67a29e8b9c46ba01de566a2eae0fd1c03edea
125125
refs/heads/autosynth-asset: cd8251de8c40e239ad24dcf9ed93ea2708a3eed5
126-
refs/heads/autosynth-automl: 4e4ce6c2dfd83a4d528b3c6283da33e74baab1fd
126+
refs/heads/autosynth-automl: e77f4c15ce46bce508dcbfe85578ef3010b0496d
127127
refs/heads/autosynth-bigquerydatatransfer: 2a9f3938237f85a8919602d74011326580ff387f
128128
refs/heads/autosynth-bigquerystorage: 99aee05df348f39d98b6fb23c292006f1d2a6c28
129129
refs/heads/autosynth-bigtable: fa0d1de9e264d7ecac8a3abc3de7a8364cfaf427

branches/autosynth-automl/google-cloud-clients/google-cloud-spanner/src/test/java/com/google/cloud/spanner/it/ITVPCNegativeTest.java

Lines changed: 174 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,174 @@
1+
/*
2+
* Copyright 2019 Google LLC
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package com.google.cloud.spanner.it;
18+
19+
import static com.google.common.truth.Truth.assertThat;
20+
import static org.junit.Assert.assertEquals;
21+
import static org.junit.Assert.assertTrue;
22+
import static org.junit.Assert.fail;
23+
import static org.junit.Assume.assumeTrue;
24+
25+
import com.google.cloud.spanner.DatabaseAdminClient;
26+
import com.google.cloud.spanner.DatabaseClient;
27+
import com.google.cloud.spanner.DatabaseId;
28+
import com.google.cloud.spanner.ErrorCode;
29+
import com.google.cloud.spanner.InstanceAdminClient;
30+
import com.google.cloud.spanner.InstanceId;
31+
import com.google.cloud.spanner.IntegrationTest;
32+
import com.google.cloud.spanner.KeySet;
33+
import com.google.cloud.spanner.Options;
34+
import com.google.cloud.spanner.SessionPoolOptions;
35+
import com.google.cloud.spanner.Spanner;
36+
import com.google.cloud.spanner.SpannerException;
37+
import com.google.cloud.spanner.SpannerOptions;
38+
import java.util.Arrays;
39+
import org.junit.After;
40+
import org.junit.Before;
41+
import org.junit.BeforeClass;
42+
import org.junit.Test;
43+
import org.junit.experimental.categories.Category;
44+
import org.junit.runner.RunWith;
45+
import org.junit.runners.JUnit4;
46+
47+
/** Integration tests for VPC-SC */
48+
@Category(IntegrationTest.class)
49+
@RunWith(JUnit4.class)
50+
public class ITVPCNegativeTest {
51+
private static final String IN_VPCSC_TEST = System.getenv("GOOGLE_CLOUD_TESTS_IN_VPCSC");
52+
private static final String OUTSIDE_VPC_PROJECT =
53+
System.getenv("GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT");
54+
55+
private Spanner spanner;
56+
private InstanceAdminClient instanceAdminClient;
57+
private DatabaseAdminClient databaseAdminClient;
58+
private DatabaseClient databaseClient;
59+
60+
@BeforeClass
61+
public static void setUpClass() {
62+
assumeTrue(
63+
"To run tests, GOOGLE_CLOUD_TESTS_IN_VPCSC environment variable needs to be set to True",
64+
IN_VPCSC_TEST != null && IN_VPCSC_TEST.equalsIgnoreCase("true"));
65+
assertTrue(
66+
"GOOGLE_CLOUD_TESTS_VPCSC_OUTSIDE_PERIMETER_PROJECT environment variable needs "
67+
+ "to be set to a GCP project that is outside the VPC perimeter",
68+
OUTSIDE_VPC_PROJECT != null && OUTSIDE_VPC_PROJECT != "");
69+
}
70+
71+
@Before
72+
public void setUp() {
73+
InstanceId instanceId = InstanceId.of(OUTSIDE_VPC_PROJECT, "nonexistent-instance");
74+
SpannerOptions options =
75+
SpannerOptions.newBuilder()
76+
.setProjectId(instanceId.getProject())
77+
.setSessionPoolOption(
78+
SessionPoolOptions.newBuilder()
79+
// Do not eagerly create sessions since they will fail outside the VPC.
80+
.setMinSessions(0)
81+
// Client shouldn't block if sessions cannot be created
82+
.setFailIfPoolExhausted()
83+
.build())
84+
.build();
85+
spanner = options.getService();
86+
instanceAdminClient = spanner.getInstanceAdminClient();
87+
databaseAdminClient = spanner.getDatabaseAdminClient();
88+
databaseClient =
89+
spanner.getDatabaseClient(
90+
DatabaseId.of(OUTSIDE_VPC_PROJECT, "nonexistent-instance", "nonexistent-database"));
91+
}
92+
93+
@After
94+
public void tearDown() {
95+
spanner.close();
96+
}
97+
98+
private void checkExceptionForVPCError(SpannerException e) {
99+
assertEquals(ErrorCode.PERMISSION_DENIED, e.getErrorCode());
100+
assertThat(e.getMessage()).contains("Request is prohibited by organization's policy");
101+
}
102+
103+
@Test
104+
public void deniedListInstanceConfigs() {
105+
try {
106+
instanceAdminClient.listInstanceConfigs();
107+
fail("Expected PERMISSION_DENIED SpannerException");
108+
} catch (SpannerException e) {
109+
checkExceptionForVPCError(e);
110+
}
111+
}
112+
113+
@Test
114+
public void deniedGetInstanceConfig() {
115+
try {
116+
instanceAdminClient.getInstanceConfig("nonexistent-configs");
117+
fail("Expected PERMISSION_DENIED SpannerException");
118+
} catch (SpannerException e) {
119+
checkExceptionForVPCError(e);
120+
}
121+
}
122+
123+
@Test
124+
public void deniedListInstances() {
125+
try {
126+
instanceAdminClient.listInstances();
127+
fail("Expected PERMISSION_DENIED SpannerException");
128+
} catch (SpannerException e) {
129+
checkExceptionForVPCError(e);
130+
}
131+
}
132+
133+
@Test
134+
public void deniedGetInstance() {
135+
try {
136+
instanceAdminClient.getInstance("non-existent");
137+
fail("Expected PERMISSION_DENIED SpannerException");
138+
} catch (SpannerException e) {
139+
checkExceptionForVPCError(e);
140+
}
141+
}
142+
143+
@Test
144+
public void deniedListDatabases() {
145+
try {
146+
databaseAdminClient.listDatabases("nonexistent-instance", Options.pageSize(1));
147+
fail("Expected PERMISSION_DENIED SpannerException");
148+
} catch (SpannerException e) {
149+
checkExceptionForVPCError(e);
150+
}
151+
}
152+
153+
@Test
154+
public void deniedGetDatabase() {
155+
try {
156+
databaseAdminClient.getDatabase("nonexistent-instance", "nonexistent-database");
157+
fail("Expected PERMISSION_DENIED SpannerException");
158+
} catch (SpannerException e) {
159+
checkExceptionForVPCError(e);
160+
}
161+
}
162+
163+
@Test
164+
public void deniedRead() {
165+
try {
166+
// Tests that the initial create session request returns a permission denied.
167+
databaseClient
168+
.singleUse()
169+
.read("nonexistent-table", KeySet.all(), Arrays.asList("nonexistent-col"));
170+
} catch (SpannerException e) {
171+
checkExceptionForVPCError(e);
172+
}
173+
}
174+
}

0 commit comments

Comments
 (0)