ci: sample build in Cloud Build (#2444)

* ci: sample build in Cloud Build * empty commit to trigger Cloud Build * adding the service account email * ci: test CI * domain:google.com Following googleapis/java-pubsub#1943 * service account * format * using the samples@ account * ci: test CI * empty commit to trigger Cloud Build after b/329758593 * project number as env var * Available binding identities * sample id * stop introducing a new env var for Kokoro * chore: switch kms keys to point to new project keys * lint * remove unnecessary ; * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Sydney Munro <[email protected]> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
googleapis · Mar 27, 2024 · 7c86ad0 · 7c86ad0
1 parent e1fb857
commit 7c86ad0
Show file tree

Hide file tree

Showing 7 changed files with 85 additions and 14 deletions.
diff --git a/.cloudbuild/samples_build.yaml b/.cloudbuild/samples_build.yaml
@@ -0,0 +1,35 @@
+steps:
+- name: gcr.io/cloud-devrel-public-resources/java8
+  entrypoint: ls
+  args: [
+    '-alt',
+  ]
+- name: gcr.io/cloud-devrel-public-resources/java8
+  entrypoint: curl
+  args: [
+    '--header',
+    'Metadata-Flavor: Google',
+    'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email'
+  ]
+- name: gcr.io/cloud-devrel-public-resources/java8
+  entrypoint: pwd
+- name: gcr.io/cloud-devrel-public-resources/java8
+  entrypoint: bash
+  args: [
+    '.kokoro/build.sh'
+  ]
+  env:
+  - 'JOB_TYPE=samples'
+  - 'GOOGLE_CLOUD_PROJECT=cloud-java-ci-sample'
+  - 'GOOGLE_CLOUD_PROJECT_NUMBER=615621127317'
+  - 'IT_SERVICE_ACCOUNT_EMAIL=samples@cloud-java-ci-sample.iam.gserviceaccount.com'
+- name: gcr.io/cloud-devrel-public-resources/java8
+  entrypoint: echo
+  args: [
+    'Sample job succeeded',
+  ]
+timeout: 3600s
+options:
+  defaultLogsBucketBehavior: REGIONAL_USER_OWNED_BUCKET
+
+
diff --git a/samples/snippets/src/test/java/com/example/storage/ITBucketSnippets.java b/samples/snippets/src/test/java/com/example/storage/ITBucketSnippets.java
@@ -112,8 +112,8 @@ public class ITBucketSnippets {
   private static final String BUCKET = RemoteStorageHelper.generateBucketName();
   private static final String PROJECT_ID = System.getenv("GOOGLE_CLOUD_PROJECT");
   private static final String KMS_KEY_NAME =
-      "projects/java-docs-samples-testing/locations/us/keyRings/"
-          + "jds_test_kms_key_ring/cryptoKeys/gcs_kms_key_one";
+      "projects/cloud-java-ci-sample/locations/us/keyRings/"
+          + "gcs_test_kms_key_ring/cryptoKeys/gcs_kms_key_one";
   private static final RetrySettings RETRY_SETTINGS =
       RetrySettings.newBuilder()
           .setInitialRetryDelay(Duration.ofSeconds(2))
@@ -465,8 +465,8 @@ public void deleteBucketDefaultKmsKey() throws Throwable {
         .get(BUCKET)
         .toBuilder()
         .setDefaultKmsKeyName(
-            "projects/java-docs-samples-testing/locations/us/keyRings/"
-                + "jds_test_kms_key_ring/cryptoKeys/gcs_kms_key_one")
+            "projects/cloud-java-ci-sample/locations/us/keyRings/"
+                + "gcs_test_kms_key_ring/cryptoKeys/gcs_kms_key_one")
         .build()
         .update();
     TestUtils.retryAssert(

diff --git a/samples/snippets/src/test/java/com/example/storage/ITObjectSnippets.java b/samples/snippets/src/test/java/com/example/storage/ITObjectSnippets.java
@@ -97,8 +97,8 @@ public class ITObjectSnippets {
   private static final byte[] CONTENT = STRING_CONTENT.getBytes(UTF_8);
   private static final String PROJECT_ID = System.getenv("GOOGLE_CLOUD_PROJECT");
   private static final String KMS_KEY_NAME =
-      "projects/java-docs-samples-testing/locations/us/keyRings/"
-          + "jds_test_kms_key_ring/cryptoKeys/gcs_kms_key_one";
+      "projects/cloud-java-ci-sample/locations/us/keyRings/"
+          + "gcs_test_kms_key_ring/cryptoKeys/gcs_kms_key_one";
 
   private static Storage storage;
 

diff --git a/...snippets/src/test/java/com/example/storage/bucket/CreateBucketPubSubNotificationTest.java b/...snippets/src/test/java/com/example/storage/bucket/CreateBucketPubSubNotificationTest.java
@@ -40,6 +40,8 @@ public class CreateBucketPubSubNotificationTest extends TestBase {
       Notification.PayloadFormat.JSON_API_V1.JSON_API_V1;
   private static final Map<String, String> CUSTOM_ATTRIBUTES = ImmutableMap.of("label1", "value1");
   private static final String PROJECT = System.getenv("GOOGLE_CLOUD_PROJECT");
+  private static final String PROJECT_NUMBER = System.getenv("GOOGLE_CLOUD_PROJECT_NUMBER");
+
   private static final String ID = UUID.randomUUID().toString().substring(0, 8);
   private static final String TOPIC =
       String.format("projects/%s/topics/new-topic-create-%s", PROJECT, ID);
@@ -57,8 +59,15 @@ public static void configureTopicAdminClient() throws IOException {
       GetIamPolicyRequest getIamPolicyRequest =
           GetIamPolicyRequest.newBuilder().setResource(TOPIC).build();
       com.google.iam.v1.Policy policy = topicAdminClient.getIamPolicy(getIamPolicyRequest);
-      Binding binding =
-          Binding.newBuilder().setRole("roles/owner").addMembers("allAuthenticatedUsers").build();
+      // For available bindings identities, see
+      // https://cloud.google.com/iam/docs/overview#concepts_related_identity
+      String member =
+          PROJECT_NUMBER != null
+              ? "serviceAccount:service-"
+                  + PROJECT_NUMBER
+                  + "@gs-project-accounts.iam.gserviceaccount.com"
+              : "allAuthenticatedUsers";
+      Binding binding = Binding.newBuilder().setRole("roles/owner").addMembers(member).build();
       SetIamPolicyRequest setIamPolicyRequest =
           SetIamPolicyRequest.newBuilder()
               .setResource(TOPIC)

diff --git a/...snippets/src/test/java/com/example/storage/bucket/DeleteBucketPubSubNotificationTest.java b/...snippets/src/test/java/com/example/storage/bucket/DeleteBucketPubSubNotificationTest.java
@@ -44,6 +44,8 @@ public class DeleteBucketPubSubNotificationTest extends TestBase {
       Notification.PayloadFormat.JSON_API_V1.JSON_API_V1;
   private static final Map<String, String> CUSTOM_ATTRIBUTES = ImmutableMap.of("label1", "value1");
   private static final String PROJECT = System.getenv("GOOGLE_CLOUD_PROJECT");
+  private static final String PROJECT_NUMBER = System.getenv("GOOGLE_CLOUD_PROJECT_NUMBER");
+
   private static final String ID = UUID.randomUUID().toString().substring(0, 8);
   private static final String TOPIC =
       String.format("projects/%s/topics/new-topic-delete-%s", PROJECT, ID);
@@ -62,8 +64,15 @@ public static void configureTopicAdminClient() throws IOException {
       GetIamPolicyRequest getIamPolicyRequest =
           GetIamPolicyRequest.newBuilder().setResource(TOPIC).build();
       com.google.iam.v1.Policy policy = topicAdminClient.getIamPolicy(getIamPolicyRequest);
-      Binding binding =
-          Binding.newBuilder().setRole("roles/owner").addMembers("allAuthenticatedUsers").build();
+      // For available bindings identities, see
+      // https://cloud.google.com/iam/docs/overview#concepts_related_identity
+      String member =
+          PROJECT_NUMBER != null
+              ? "serviceAccount:service-"
+                  + PROJECT_NUMBER
+                  + "@gs-project-accounts.iam.gserviceaccount.com"
+              : "allAuthenticatedUsers";
+      Binding binding = Binding.newBuilder().setRole("roles/owner").addMembers(member).build();
       SetIamPolicyRequest setIamPolicyRequest =
           SetIamPolicyRequest.newBuilder()
               .setResource(TOPIC)

diff --git a/samples/snippets/src/test/java/com/example/storage/bucket/ListPubSubNotificationsTest.java b/samples/snippets/src/test/java/com/example/storage/bucket/ListPubSubNotificationsTest.java
@@ -44,6 +44,8 @@ public class ListPubSubNotificationsTest extends TestBase {
       Notification.PayloadFormat.JSON_API_V1.JSON_API_V1;
   private static final Map<String, String> CUSTOM_ATTRIBUTES = ImmutableMap.of("label1", "value1");
   private static final String PROJECT = System.getenv("GOOGLE_CLOUD_PROJECT");
+  private static final String PROJECT_NUMBER = System.getenv("GOOGLE_CLOUD_PROJECT_NUMBER");
+
   private static final String ID = UUID.randomUUID().toString().substring(0, 8);
   private static final String TOPIC =
       String.format("projects/%s/topics/new-topic-list-%s", PROJECT, ID);
@@ -57,8 +59,15 @@ public static void configureTopicAdminClient() throws IOException {
       GetIamPolicyRequest getIamPolicyRequest =
           GetIamPolicyRequest.newBuilder().setResource(TOPIC).build();
       com.google.iam.v1.Policy policy = topicAdminClient.getIamPolicy(getIamPolicyRequest);
-      Binding binding =
-          Binding.newBuilder().setRole("roles/owner").addMembers("allAuthenticatedUsers").build();
+      // For available bindings identities, see
+      // https://cloud.google.com/iam/docs/overview#concepts_related_identity
+      String member =
+          PROJECT_NUMBER != null
+              ? "serviceAccount:service-"
+                  + PROJECT_NUMBER
+                  + "@gs-project-accounts.iam.gserviceaccount.com"
+              : "allAuthenticatedUsers";
+      Binding binding = Binding.newBuilder().setRole("roles/owner").addMembers(member).build();
       SetIamPolicyRequest setIamPolicyRequest =
           SetIamPolicyRequest.newBuilder()
               .setResource(TOPIC)

diff --git a/samples/snippets/src/test/java/com/example/storage/bucket/PrintPubSubNotificationTest.java b/samples/snippets/src/test/java/com/example/storage/bucket/PrintPubSubNotificationTest.java
@@ -40,6 +40,8 @@ public class PrintPubSubNotificationTest extends TestBase {
       Notification.PayloadFormat.JSON_API_V1.JSON_API_V1;
   private static final Map<String, String> CUSTOM_ATTRIBUTES = ImmutableMap.of("label1", "value1");
   private static final String PROJECT = System.getenv("GOOGLE_CLOUD_PROJECT");
+  private static final String PROJECT_NUMBER = System.getenv("GOOGLE_CLOUD_PROJECT_NUMBER");
+
   private static final String ID = UUID.randomUUID().toString().substring(0, 8);
   private static final String TOPIC =
       String.format("projects/%s/topics/new-topic-print-%s", PROJECT, ID);
@@ -53,8 +55,15 @@ public static void configureTopicAdminClient() throws IOException {
       GetIamPolicyRequest getIamPolicyRequest =
           GetIamPolicyRequest.newBuilder().setResource(TOPIC).build();
       com.google.iam.v1.Policy policy = topicAdminClient.getIamPolicy(getIamPolicyRequest);
-      Binding binding =
-          Binding.newBuilder().setRole("roles/owner").addMembers("allAuthenticatedUsers").build();
+      // For available bindings identities, see
+      // https://cloud.google.com/iam/docs/overview#concepts_related_identity
+      String member =
+          PROJECT_NUMBER != null
+              ? "serviceAccount:service-"
+                  + PROJECT_NUMBER
+                  + "@gs-project-accounts.iam.gserviceaccount.com"
+              : "allAuthenticatedUsers";
+      Binding binding = Binding.newBuilder().setRole("roles/owner").addMembers(member).build();
       SetIamPolicyRequest setIamPolicyRequest =
           SetIamPolicyRequest.newBuilder()
               .setResource(TOPIC)