DEV Community 👩‍💻👨‍💻

Discussion on: Using Secrets in Google Cloud Functions

di profile image
Dustin Ingram Author

Which step is failing here, the test step or the deploy step?

Can you include the test that is testing the function in question?

Thread Thread
smurfolan profile image
smurfolan • Edited on

The step which fails is the one which executes pytest:

I also tested without this step and it gets successfully deployed and the project id is available in a "production" situation. Maybe I will have to mock/stub the code for my tests.

Thread Thread
di profile image
Dustin Ingram Author

Yes, so this is happening in your tests? You'll need to monkeypatch project_id like I mentioned in my original reply.

If you can include the test that's failing I can try to show you how to do that.

Also it's a lot easier for me to help if you share actual text and not screenshots!

Thread Thread
smurfolan profile image

My looks like this:

import os
from import secretmanager
import logging

client = secretmanager.SecretManagerServiceClient()
secret_name = "my-secret"
project_id = os.environ.get('GCP_PROJECT')
resource_name = "projects/{}/secrets/{}/versions/latest".format(project_id, secret_name)
response = client.access_secret_version(resource_name)
secret_string ='UTF-8')

def new_measures_handler(data, context):
    """Background Cloud Function to be triggered by Cloud Storage.
         event (dict): The dictionary with data specific to this type of event.
         context ( The Cloud Functions
         event metadata.
    print('File: {}.'.format(data['name']))

and if I deploy it like this on GCP it works as expected. Google Cloud Build builds the function and deploys it. Project and respectively project secret can be accessed. But, when I uncomment my test step in .yaml and it gets executed on Google Cloud Build

- name: ''
  args: ['pip3','install', '-r', 'requirements.txt', '--user']
#- name: ''
#  args: ['python3','/builder/home/.local/bin/pytest', '.']
- name: ''
  args: ['functions', 'deploy', 'new_measures_handler', '--runtime', 'python37', '--trigger-resource', 'gcp-etl-prod-bucket', '--trigger-event', '']

I start getting the error. As you say, I need to mock it somehow. This is how my current test looks like:

def test_print(capsys):
    # arrange
    name = 'test'
    data = {'name': name}

    # act
    main.new_measures_handler(data, None)
    out, err = capsys.readouterr()

    assert out == 'File: {}.\n'.format(name)
Thread Thread
di profile image
Dustin Ingram Author

OK, so your test should monkeypatch the environment like this:

def test_print(capsys, monkeypatch):
    monkeypatch.setenv('GCP_PROJECT', 'some-project-id')

You'll probably need to monkeypatch secretmanager.SecretManagerServiceClient as well.