test: different integration tests have different restrictions on KMS …

…key location (#4184)
googleapis · May 27, 2021 · 8a28ff6 · 8a28ff6
1 parent 71c0469
commit 8a28ff6
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -136,6 +136,9 @@ As part of the setup that follows, the following variables will be configured:
 - `GCLOUD_TESTS_GOLANG_KEYRING`: The full name of the keyring for the tests,
 in the form
 "projects/P/locations/L/keyRings/R". The creation of this is described below.
+- `GCLOUD_TESTS_BIGTABLE_KEYRING`: The full name of the keyring for the bigtable tests,
+in the form
+"projects/P/locations/L/keyRings/R". The creation of this is described below. Expected to be single region.
 - `GCLOUD_TESTS_GOLANG_ZONE`: Compute Engine zone.
 
 Install the [gcloud command-line tool][gcloudcli] to your machine and use it to
@@ -172,6 +175,7 @@ $ gcloud beta spanner instances create go-integration-test --config regional-us-
 
 $ export MY_KEYRING=some-keyring-name
 $ export MY_LOCATION=global
+$ export MY_SINGLE_LOCATION=us-central1
 # Creates a KMS keyring, in the same location as the default location for your
 # project's buckets.
 $ gcloud kms keyrings create $MY_KEYRING --location $MY_LOCATION
@@ -182,10 +186,15 @@ $ gcloud kms keys create key2 --keyring $MY_KEYRING --location $MY_LOCATION --pu
 $ export GCLOUD_TESTS_GOLANG_KEYRING=projects/$GCLOUD_TESTS_GOLANG_PROJECT_ID/locations/$MY_LOCATION/keyRings/$MY_KEYRING
 # Authorizes Google Cloud Storage to encrypt and decrypt using key1.
 $ gsutil kms authorize -p $GCLOUD_TESTS_GOLANG_PROJECT_ID -k $GCLOUD_TESTS_GOLANG_KEYRING/cryptoKeys/key1
+
+# Create KMS Key in one region for Bigtable
+$ gcloud kms keys create key1 --keyring $MY_KEYRING --location $MY_SINGLE_LOCATION --purpose encryption
+# Sets the GCLOUD_TESTS_BIGTABLE_KEYRING environment variable.
+$ export GCLOUD_TESTS_BIGTABLE_KEYRING=projects/$GCLOUD_TESTS_GOLANG_PROJECT_ID/locations/$MY_SINGLE_LOCATION/keyRings/$MY_KEYRING
 # Authorizes Google Cloud Bigtable to encrypt and decrypt using key1
 $ gcloud kms keys add-iam-policy-binding key1 \
     --keyring $MY_KEYRING \
-    --location $MY_LOCATION \
+    --location $MY_SINGLE_LOCATION \
     --role roles/cloudkms.cryptoKeyEncrypterDecrypter \
     --member "${GCLOUD_TESTS_GOLANG_PROJECT_ID}@${GCLOUD_TESTS_GOLANG_PROJECT_ID}.iam.gserviceaccount.com" \
     --project $GCLOUD_TESTS_GOLANG_PROJECT_ID

diff --git a/internal/kokoro/continuous.sh b/internal/kokoro/continuous.sh
@@ -34,12 +34,13 @@ export GCLOUD_TESTS_GOLANG_KEY=$GOOGLE_APPLICATION_CREDENTIALS
 export GCLOUD_TESTS_GOLANG_FIRESTORE_PROJECT_ID=gcloud-golang-firestore-tests
 export GCLOUD_TESTS_GOLANG_FIRESTORE_KEY=$KOKORO_KEYSTORE_DIR/72523_go_firestore_integration_service_account
 export GCLOUD_TESTS_API_KEY=`cat $KOKORO_KEYSTORE_DIR/72523_go_gcloud_tests_api_key`
-export GCLOUD_TESTS_GOLANG_KEYRING=projects/dulcet-port-762/locations/us-central1/keyRings/go-integration-test
+export GCLOUD_TESTS_GOLANG_KEYRING=projects/dulcet-port-762/locations/us/keyRings/go-integration-test
 export GCLOUD_TESTS_GOLANG_PROFILER_ZONE="us-west1-b"
 
 # Bigtable integration tests expect an existing instance and cluster
 #  ❯ cbt createinstance gcloud-bt-it-tests-instance "Bigtable IT Instance" \
 #    gcloud-bt-it-tests-cluster us-west1-b 1 SSD
+export GCLOUD_TESTS_BIGTABLE_KEYRING=projects/dulcet-port-762/locations/us-central1/keyRings/go-integration-test
 export GCLOUD_TESTS_BIGTABLE_CLUSTER="gcloud-bt-it-tests-cluster"
 export GCLOUD_TESTS_BIGTABLE_INSTANCE="gcloud-bt-it-tests-instance"