DEV Community 👩‍💻👨‍💻

Discussion on: Using Secrets in Google Cloud Functions

smurfolan profile image
smurfolan • Edited on

The step which fails is the one which executes pytest:

I also tested without this step and it gets successfully deployed and the project id is available in a "production" situation. Maybe I will have to mock/stub the code for my tests.

Thread Thread
di profile image
Dustin Ingram Author

Yes, so this is happening in your tests? You'll need to monkeypatch project_id like I mentioned in my original reply.

If you can include the test that's failing I can try to show you how to do that.

Also it's a lot easier for me to help if you share actual text and not screenshots!

Thread Thread
smurfolan profile image

My looks like this:

import os
from import secretmanager
import logging

client = secretmanager.SecretManagerServiceClient()
secret_name = "my-secret"
project_id = os.environ.get('GCP_PROJECT')
resource_name = "projects/{}/secrets/{}/versions/latest".format(project_id, secret_name)
response = client.access_secret_version(resource_name)
secret_string ='UTF-8')

def new_measures_handler(data, context):
    """Background Cloud Function to be triggered by Cloud Storage.
         event (dict): The dictionary with data specific to this type of event.
         context ( The Cloud Functions
         event metadata.
    print('File: {}.'.format(data['name']))

and if I deploy it like this on GCP it works as expected. Google Cloud Build builds the function and deploys it. Project and respectively project secret can be accessed. But, when I uncomment my test step in .yaml and it gets executed on Google Cloud Build

- name: ''
  args: ['pip3','install', '-r', 'requirements.txt', '--user']
#- name: ''
#  args: ['python3','/builder/home/.local/bin/pytest', '.']
- name: ''
  args: ['functions', 'deploy', 'new_measures_handler', '--runtime', 'python37', '--trigger-resource', 'gcp-etl-prod-bucket', '--trigger-event', '']

I start getting the error. As you say, I need to mock it somehow. This is how my current test looks like:

def test_print(capsys):
    # arrange
    name = 'test'
    data = {'name': name}

    # act
    main.new_measures_handler(data, None)
    out, err = capsys.readouterr()

    assert out == 'File: {}.\n'.format(name)
Thread Thread
di profile image
Dustin Ingram Author

OK, so your test should monkeypatch the environment like this:

def test_print(capsys, monkeypatch):
    monkeypatch.setenv('GCP_PROJECT', 'some-project-id')

You'll probably need to monkeypatch secretmanager.SecretManagerServiceClient as well.