Testing WIF authentication

Open-ET · Aug 21, 2024 · b75db98 · b75db98
1 parent 501e438
commit b75db98
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -30,8 +30,17 @@ jobs:
         flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
         # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
         flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+    - name: 'Authenticate to Google Cloud'
+      id: 'auth'
+      uses: 'google-github-actions/auth@v2'
+      with:
+        create_credentials_file: true
+        workload_identity_provider: 'projects/470570065811/locations/global/workloadIdentityPools/gitaction-pool/providers/gitaction-provider'
+        service_account: 'github-actions@openet.iam.gserviceaccount.com'
+    #- name: Set up Cloud SDK
+    #  uses: google-github-actions/setup-gcloud@v2
     - name: Test with pytest
-      env:
-        EE_PRIVATE_KEY_B64: ${{ secrets.EE_PRIVATE_KEY_B64 }}
+      #env:
+      #  EE_PRIVATE_KEY_B64: ${{ secrets.EE_PRIVATE_KEY_B64 }}
       run: |
         python -m pytest
diff --git a/openet/core/tests/conftest.py b/openet/core/tests/conftest.py
@@ -13,13 +13,13 @@ def test_init():
     logging.getLogger('googleapiclient').setLevel(logging.ERROR)
     logging.debug('Test Setup')
 
-    # For GitHub Actions authenticate using private key environment variable
-    if "ACTION_EE_TOKEN" in os.environ:
-        # ACTION_EE_TOKEN = os.getenv('ACTION_EE_TOKEN')
-        # credentials = google.oauth2.credentials.Credentials(ACTION_EE_TOKEN)
-        # ee.Initialize(credentials)
-        ee.Initialize(google.oauth2.credentials.Credentials(os.getenv('ACTION_EE_TOKEN')))
-    elif 'EE_PRIVATE_KEY_B64' in os.environ:
+    # # For GitHub Actions authenticate using private key environment variable
+    # if "ACTION_EE_TOKEN" in os.environ:
+    #     # ACTION_EE_TOKEN = os.getenv('ACTION_EE_TOKEN')
+    #     # credentials = google.oauth2.credentials.Credentials(ACTION_EE_TOKEN)
+    #     # ee.Initialize(credentials)
+    #     ee.Initialize(google.oauth2.credentials.Credentials(os.getenv('ACTION_EE_TOKEN')))
+    if 'EE_PRIVATE_KEY_B64' in os.environ:
         print('Writing privatekey.json from environmental variable ...')
         content = base64.b64decode(os.environ['EE_PRIVATE_KEY_B64']).decode('ascii')
         EE_KEY_FILE = 'privatekey.json'