DEV Community

Discussion on: Using Secrets in Google Cloud Functions

View post

Replies for: I am using Google's Cloud Build (cloud.google.com/cloud-build) as a CI/CD tool for my cloud function written in Python (cloud.google.com/functions/...

 
di profile image
Dustin Ingram

Which step is failing here, the test step or the deploy step?

Can you include the test that is testing the function in question?

Thread Thread
 
smurfolan profile image
smurfolan • Edited

The step which fails is the one which executes pytest: dev-to-uploads.s3.amazonaws.com/i/...

I also tested without this step and it gets successfully deployed and the project id is available in a "production" situation. Maybe I will have to mock/stub the code for my tests.

Thread Thread
 
di profile image
Dustin Ingram

Yes, so this is happening in your tests? You'll need to monkeypatch project_id like I mentioned in my original reply.

If you can include the test that's failing I can try to show you how to do that.

Also it's a lot easier for me to help if you share actual text and not screenshots!

Thread Thread
 
smurfolan profile image
smurfolan

My main.py looks like this:

import os
from google.cloud import secretmanager
import logging

client = secretmanager.SecretManagerServiceClient()
secret_name = "my-secret"
project_id = os.environ.get('GCP_PROJECT')
resource_name = "projects/{}/secrets/{}/versions/latest".format(project_id, secret_name)
response = client.access_secret_version(resource_name)
secret_string = response.payload.data.decode('UTF-8')

def new_measures_handler(data, context):
    """Background Cloud Function to be triggered by Cloud Storage.
    Args:
         event (dict): The dictionary with data specific to this type of event.
         context (google.cloud.functions.Context): The Cloud Functions
         event metadata.
    """
    logging.info(secret_string)
    print('File: {}.'.format(data['name']))

and if I deploy it like this on GCP it works as expected. Google Cloud Build builds the function and deploys it. Project and respectively project secret can be accessed. But, when I uncomment my test step in .yaml and it gets executed on Google Cloud Build

steps:
- name: 'docker.io/library/python'
  args: ['pip3','install', '-r', 'requirements.txt', '--user']
#- name: 'docker.io/library/python'
#  args: ['python3','/builder/home/.local/bin/pytest', '.']
- name: 'gcr.io/cloud-builders/gcloud'
  args: ['functions', 'deploy', 'new_measures_handler', '--runtime', 'python37', '--trigger-resource', 'gcp-etl-prod-bucket', '--trigger-event', 'google.storage.object.finalize']

I start getting the error. As you say, I need to mock it somehow. This is how my current test looks like:


def test_print(capsys):
    # arrange
    name = 'test'
    data = {'name': name}

    # act
    main.new_measures_handler(data, None)
    out, err = capsys.readouterr()

    #assert
    assert out == 'File: {}.\n'.format(name)
Thread Thread
 
di profile image
Dustin Ingram

OK, so your test should monkeypatch the environment like this:

def test_print(capsys, monkeypatch):
    monkeypatch.setenv('GCP_PROJECT', 'some-project-id')
    ....

You'll probably need to monkeypatch secretmanager.SecretManagerServiceClient as well.