diff --git a/tools/integration_tests/managed_folders/admin_permissions_test.go b/tools/integration_tests/managed_folders/admin_permissions_test.go index 12c95e71dff..e7dec066886 100644 --- a/tools/integration_tests/managed_folders/admin_permissions_test.go +++ b/tools/integration_tests/managed_folders/admin_permissions_test.go @@ -54,6 +54,7 @@ type managedFoldersAdminPermission struct { func (s *managedFoldersAdminPermission) SetupSuite() { setup.MountGCSFuseWithGivenMountWithConfigFunc(testEnv.cfg, s.flags, testEnv.mountFunc) setup.SetMntDir(testEnv.mountDir) + testEnv.testDirPath = setup.SetupTestDirectory(TestDirForManagedFolderTest) } func (s *managedFoldersAdminPermission) TearDownSuite() { @@ -61,27 +62,18 @@ func (s *managedFoldersAdminPermission) TearDownSuite() { } func (s *managedFoldersAdminPermission) SetupTest() { - testEnv.testDirPath = setup.SetupTestDirectory(TestDirForManagedFolderTest) - createDirectoryStructureForNonEmptyManagedFolders(testEnv.ctx, testEnv.storageClient, testEnv.controlClient, s.T()) - if s.managedFoldersPermission != "nil" { + managedFolderRecreated := createDirectoryStructureForNonEmptyManagedFolders(testEnv.ctx, testEnv.storageClient, testEnv.controlClient, s.T()) + + if s.managedFoldersPermission != "nil" && managedFolderRecreated { providePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder1), testEnv.serviceAccount, s.managedFoldersPermission, s.T()) providePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder2), testEnv.serviceAccount, s.managedFoldersPermission, s.T()) - // Waiting for 60 seconds for policy changes to propagate. This values we kept based on our experiments. + // Wait for policy propagation only when folders were recreated and IAM was reapplied. time.Sleep(60 * time.Second) } } func (s *managedFoldersAdminPermission) TearDownTest() { setup.SaveGCSFuseLogFileInCaseOfFailure(s.T()) - // Due to bucket view permissions, it prevents cleaning resources outside managed folders. So we are cleaning managed folders resources only. - if s.bucketPermission == ViewPermission { - revokePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder1), testEnv.serviceAccount, s.managedFoldersPermission, s.T()) - setup.CleanUpDir(path.Join(setup.MntDir(), TestDirForManagedFolderTest, ManagedFolder1)) - revokePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder2), testEnv.serviceAccount, s.managedFoldersPermission, s.T()) - setup.CleanUpDir(path.Join(setup.MntDir(), TestDirForManagedFolderTest, ManagedFolder2)) - return - } - setup.CleanUpDir(path.Join(setup.MntDir(), TestDirForManagedFolderTest)) } //////////////////////////////////////////////////////////////////////// @@ -128,6 +120,11 @@ func (s *managedFoldersAdminPermission) TestCopyObjectWithInManagedFolder() { testDirPath := path.Join(testEnv.testDirPath, ManagedFolder1) srcCopyFile := path.Join(testDirPath, FileInNonEmptyManagedFoldersTest) destCopyFile := path.Join(testDirPath, DestFile) + defer func() { + if err := os.RemoveAll(destCopyFile); err != nil { + log.Printf("failed to remove scratch copy file: %v", err) + } + }() err := operations.CopyFile(srcCopyFile, destCopyFile) if err != nil { @@ -143,6 +140,11 @@ func (s *managedFoldersAdminPermission) TestCopyObjectWithInManagedFolder() { func (s *managedFoldersAdminPermission) TestCopyManagedFolder() { srcDirPath := path.Join(testEnv.testDirPath, ManagedFolder1) destDirPath := path.Join(testEnv.testDirPath, DestFolder) + defer func() { + if err := os.RemoveAll(destDirPath); err != nil { + log.Printf("failed to remove scratch copy folder: %v", err) + } + }() err := operations.CopyDir(srcDirPath, destDirPath) @@ -160,6 +162,11 @@ func (s *managedFoldersAdminPermission) TestMoveObjectWithInManagedFolder() { testDirPath := path.Join(testEnv.testDirPath, ManagedFolder1) srcMoveFile := path.Join(testDirPath, FileInNonEmptyManagedFoldersTest) destMoveFile := path.Join(testDirPath, DestFile) + defer func() { + if err := os.RemoveAll(destMoveFile); err != nil { + log.Printf("failed to remove scratch move file: %v", err) + } + }() err := operations.Move(srcMoveFile, destMoveFile) if err != nil { @@ -179,6 +186,11 @@ func (s *managedFoldersAdminPermission) TestMoveObjectWithInManagedFolder() { func (s *managedFoldersAdminPermission) TestMoveManagedFolder() { srcDirPath := path.Join(testEnv.testDirPath, ManagedFolder1) destDirPath := path.Join(testEnv.testDirPath, DestFolder) + defer func() { + if err := os.RemoveAll(destDirPath); err != nil { + log.Printf("failed to remove scratch move folder: %v", err) + } + }() err := operations.Move(srcDirPath, destDirPath) @@ -223,7 +235,21 @@ func TestManagedFolders_FolderAdminPermission(t *testing.T) { creds_tests.ApplyPermissionToServiceAccount(testEnv.ctx, testEnv.storageClient, testEnv.serviceAccount, ViewPermission, setup.TestBucket()) } ts.managedFoldersPermission = permissions[i][1] + + if ts.managedFoldersPermission != "nil" { + providePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder1), testEnv.serviceAccount, ts.managedFoldersPermission, t) + providePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder2), testEnv.serviceAccount, ts.managedFoldersPermission, t) + // Wait once per permission scenario for initial policy propagation. + time.Sleep(60 * time.Second) + } + suite.Run(t, ts) + + if ts.managedFoldersPermission != "nil" { + revokePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder1), testEnv.serviceAccount, ts.managedFoldersPermission, t) + revokePermissionToManagedFolder(testEnv.bucket, path.Join(testEnv.testDir, ManagedFolder2), testEnv.serviceAccount, ts.managedFoldersPermission, t) + } + if ts.bucketPermission == ViewPermission { creds_tests.RevokePermission(testEnv.ctx, testEnv.storageClient, testEnv.serviceAccount, ViewPermission, setup.TestBucket()) } diff --git a/tools/integration_tests/managed_folders/test_helper.go b/tools/integration_tests/managed_folders/test_helper.go index ebf01c4139e..70a184a22df 100644 --- a/tools/integration_tests/managed_folders/test_helper.go +++ b/tools/integration_tests/managed_folders/test_helper.go @@ -103,7 +103,7 @@ func revokePermissionToManagedFolder(bucket, managedFolderPath, serviceAccount, } } -func createDirectoryStructureForNonEmptyManagedFolders(ctx context.Context, storageClient *storage.Client, controlClient *control.StorageControlClient, t *testing.T) { +func createDirectoryStructureForNonEmptyManagedFolders(ctx context.Context, storageClient *storage.Client, controlClient *control.StorageControlClient, t *testing.T) bool { // testBucket/NonEmptyManagedFoldersTest/managedFolder1 // testBucket/NonEmptyManagedFoldersTest/managedFolder1/testFile // testBucket/NonEmptyManagedFoldersTest/managedFolder2 @@ -122,12 +122,14 @@ func createDirectoryStructureForNonEmptyManagedFolders(ctx context.Context, stor managedFolder2 := path.Join(testDir, ManagedFolder2) simulatedFolderNonEmptyManagedFoldersTest := path.Join(testDir, SimulatedFolderNonEmptyManagedFoldersTest) - client.CreateManagedFoldersInBucket(ctx, controlClient, path.Join(testDir, ManagedFolder1), bucket) + managedFolder1Recreated := client.CreateManagedFoldersInBucket(ctx, controlClient, path.Join(testDir, ManagedFolder1), bucket) client.CopyFileInBucket(ctx, storageClient, path.Join("/tmp", FileInNonEmptyManagedFoldersTest), path.Join(managedFolder1, FileInNonEmptyManagedFoldersTest), bucket) - client.CreateManagedFoldersInBucket(ctx, controlClient, path.Join(testDir, ManagedFolder2), bucket) + managedFolder2Recreated := client.CreateManagedFoldersInBucket(ctx, controlClient, path.Join(testDir, ManagedFolder2), bucket) client.CopyFileInBucket(ctx, storageClient, path.Join("/tmp", FileInNonEmptyManagedFoldersTest), path.Join(managedFolder2, FileInNonEmptyManagedFoldersTest), bucket) client.CopyFileInBucket(ctx, storageClient, path.Join("/tmp", FileInNonEmptyManagedFoldersTest), path.Join(simulatedFolderNonEmptyManagedFoldersTest, FileInNonEmptyManagedFoldersTest), bucket) client.CopyFileInBucket(ctx, storageClient, path.Join("/tmp", FileInNonEmptyManagedFoldersTest), path.Join(testDir, FileInNonEmptyManagedFoldersTest), bucket) + + return managedFolder1Recreated || managedFolder2Recreated } func cleanup(ctx context.Context, storageClient *storage.Client, controlClient *control.StorageControlClient, bucket, testDir, serviceAccount, iam_role string, t *testing.T) { diff --git a/tools/integration_tests/util/client/control_client.go b/tools/integration_tests/util/client/control_client.go index bbfd1a82db4..b22b6535623 100644 --- a/tools/integration_tests/util/client/control_client.go +++ b/tools/integration_tests/util/client/control_client.go @@ -32,6 +32,7 @@ import ( "github.com/googlecloudplatform/gcsfuse/v3/internal/storage" "github.com/googlecloudplatform/gcsfuse/v3/tools/integration_tests/util/setup" "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" ) func storageControlClientRetryOptions() []gax.CallOption { @@ -96,16 +97,20 @@ func DeleteManagedFoldersInBucket(ctx context.Context, client *control.StorageCo } } -func CreateManagedFoldersInBucket(ctx context.Context, client *control.StorageControlClient, managedFolderPath, bucket string) { +func CreateManagedFoldersInBucket(ctx context.Context, client *control.StorageControlClient, managedFolderPath, bucket string) bool { mf := &controlpb.ManagedFolder{} req := &controlpb.CreateManagedFolderRequest{ Parent: fmt.Sprintf("projects/_/buckets/%v", bucket), ManagedFolder: mf, ManagedFolderId: managedFolderPath, } - if _, err := client.CreateManagedFolder(ctx, req); err != nil && !strings.Contains(err.Error(), "The specified managed folder already exists") { + if _, err := client.CreateManagedFolder(ctx, req); err != nil { + if status.Code(err) == codes.AlreadyExists || strings.Contains(err.Error(), "The specified managed folder already exists") { + return false + } log.Fatalf("Error while creating managed folder: %v", err) } + return true } func CreateFolderInBucket(ctx context.Context, client *control.StorageControlClient, folderPath string) (*controlpb.Folder, error) {