Skip to content

Commit

Permalink
[batch] Use the test and test-dev GSAs in test_batch not CI (#13562)
Browse files Browse the repository at this point in the history 
See relevant discussion
[here](https://hail.zulipchat.com/#narrow/stream/127527-team/topic/CI.20Deploy.20Failure/near/389266274)
  • Loading branch information
@daniel-goldstein
daniel-goldstein authored Sep 6, 2023
1 parent dc1f086 commit 4d0379b
Show file tree
Hide file tree
Showing 6 changed files with 72 additions and 55 deletions.
2 changes: 1 addition & 1 deletion batch/batch/globals.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

BATCH_FORMAT_VERSION = 7
STATUS_FORMAT_VERSION = 5
INSTANCE_VERSION = 25
INSTANCE_VERSION = 26

MAX_PERSISTENT_SSD_SIZE_GIB = 64 * 1024
RESERVED_STORAGE_GB_PER_CORE = 5
2 changes: 1 addition & 1 deletion batch/test/billing_projects.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ def get_billing_project_prefix():

async def delete_all_test_billing_projects():
billing_project_prefix = get_billing_project_prefix()
bc = await BatchClient.create('', token_file=os.environ['HAIL_TEST_DEV_TOKEN_FILE'])
bc = await BatchClient.create('', cloud_credentials_file=os.environ['HAIL_TEST_DEV_GSA_KEY_FILE'])
try:
for project in await bc.list_billing_projects():
if project['billing_project'].startswith(billing_project_prefix):
Expand Down
5 changes: 3 additions & 2 deletions batch/test/test_accounts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ async def make_client() -> AsyncGenerator[Callable[[str], Awaitable[BatchClient]
_bcs = []

async def factory(project: str):
bc = await BatchClient.create(project, token_file=os.environ['HAIL_TEST_TOKEN_FILE'])
bc = await BatchClient.create(project, cloud_credentials_file=os.environ['HAIL_TEST_GSA_KEY_FILE'])
_bcs.append(bc)
return bc

Expand All @@ -36,7 +36,8 @@ async def factory(project: str):
@pytest.fixture
async def dev_client() -> AsyncGenerator[BatchClient, Any]:
bc = await BatchClient.create(
'billing-project-not-needed-but-required-by-BatchClient', token_file=os.environ['HAIL_TEST_DEV_TOKEN_FILE']
'billing-project-not-needed-but-required-by-BatchClient',
cloud_credentials_file=os.environ['HAIL_TEST_DEV_GSA_KEY_FILE'],
)
yield bc
await bc.close()
Expand Down
102 changes: 55 additions & 47 deletions build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1088,6 +1088,7 @@ steps:
export HAIL_TEST_GCS_BUCKET={{ global.hail_test_gcs_bucket }}
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export HAIL_TEST_S3_BUCKET=hail-test-dy5rg
export AWS_SHARED_CREDENTIALS_FILE=/test-aws-key/credentials
Expand Down Expand Up @@ -1213,6 +1214,7 @@ steps:
# The test should use the test credentials, not CI's credentials
sed -i 's/gsa-key/test-gsa-key/g' ${SPARK_HOME}/conf/core-site.xml
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export HAIL_QUERY_N_CORES=2
export OMP_NUM_THREADS=2
Expand Down Expand Up @@ -1646,6 +1648,8 @@ steps:
valueFrom: hailgenetics_hailtop_image.image
script: |
set -ex
export GOOGLE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
{% if default_ns.name == "default" %}
Expand All @@ -1658,10 +1662,10 @@ steps:
{{ code.username }} {{ code.login_id }}
{% endif %}
secrets:
- name: test-dev-tokens
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
mountPath: /test-dev-gsa-key
dependsOn:
- default_ns
- hailgenetics_hailtop_image
Expand Down Expand Up @@ -1747,6 +1751,8 @@ steps:
valueFrom: hail_dev_image.image
script: |
set -ex
export GOOGLE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
python3 -m pytest \
Expand All @@ -1760,10 +1766,10 @@ steps:
--timeout=120 \
/io/monitoring/test
secrets:
- name: test-dev-tokens
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
mountPath: /test-dev-gsa-key
timeout: 300
inputs:
- from: /repo/monitoring/test
Expand All @@ -1787,6 +1793,9 @@ steps:
script: |
set -ex
# Or else hailctl will try to authenticate as CI
unset HAIL_IDENTITY_PROVIDER_JSON
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export HAIL_DEPLOY_CONFIG_FILE=/deploy-config/deploy-config.json
Expand Down Expand Up @@ -1846,6 +1855,9 @@ steps:
script: |
set -ex
# Or else hailctl will try to authenticate as CI
unset HAIL_IDENTITY_PROVIDER_JSON
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export HAIL_DEPLOY_CONFIG_FILE=/deploy-config/deploy-config.json
Expand Down Expand Up @@ -2293,6 +2305,8 @@ steps:
script: |
set -ex
export GOOGLE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
{% for user in code.get("developers", []) %}
{% if user['username'] != 'test-dev' %}
Expand All @@ -2304,10 +2318,10 @@ steps:
{% endif %}
{% endfor %}
secrets:
- name: test-dev-tokens
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
mountPath: /test-dev-gsa-key
scopes:
- dev
- test
Expand Down Expand Up @@ -2417,10 +2431,6 @@ steps:
namespace:
valueFrom: default_ns.name
mountPath: /test-gsa-key
- name: test-tokens
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
dependsOn:
- default_ns
- merge_code
Expand Down Expand Up @@ -2501,10 +2511,6 @@ steps:
namespace:
valueFrom: default_ns.name
mountPath: /test-gsa-key
- name: test-tokens
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
- name: auth-oauth2-client-secret
namespace:
valueFrom: default_ns.name
Expand Down Expand Up @@ -2604,6 +2610,14 @@ steps:
valueFrom: batch_image.image
script: |
set -ex
# Use the test identity's credentials instead of CI's
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export HAIL_TEST_GSA_KEY_FILE=/test-gsa-key/key.json
export HAIL_TEST_DEV_GSA_KEY_FILE=/test-dev-gsa-key/key.json
export HAIL_GSA_KEY_FILE=/test-gsa-key/key.json
export CI_UTILS_IMAGE={{ ci_utils_image.image }}
export HAIL_CURL_IMAGE={{ curl_image.image }}
Expand All @@ -2615,8 +2629,6 @@ steps:
export DOCKER_ROOT_IMAGE="{{ global.docker_root_image }}"
export HAIL_GENETICS_HAILTOP_IMAGE="{{ hailgenetics_hailtop_image.image }}"
export HAIL_GENETICS_HAIL_IMAGE="{{ hailgenetics_hail_image.image }}"
export HAIL_TEST_TOKEN_FILE=/user-tokens/tokens.json
export HAIL_TEST_DEV_TOKEN_FILE=/dev-tokens/tokens.json
export HAIL_TOKEN="{{ token }}"
export HAIL_CLOUD="{{ global.cloud }}"
export HAIL_DOMAIN="{{ global.domain }}"
Expand Down Expand Up @@ -2645,18 +2657,14 @@ steps:
port: 5000
timeout: 1500
secrets:
- name: test-tokens
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
- name: test-dev-tokens
namespace:
valueFrom: default_ns.name
mountPath: /dev-tokens
- name: test-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /test-gsa-key
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /test-dev-gsa-key
dependsOn:
- create_deploy_config
- create_accounts
Expand All @@ -2682,7 +2690,9 @@ steps:
set -ex
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export DOCKER_ROOT_IMAGE="{{ global.docker_root_image }}"
export HAIL_TEST_DEV_TOKEN_FILE=/dev-tokens/tokens.json
export GOOGLE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export HAIL_TEST_DEV_GSA_KEY_FILE=/test-dev-gsa-key/key.json
export HAIL_TOKEN="{{ test_batch.token }}"
cd /io/test
python3 -c '
Expand All @@ -2694,10 +2704,10 @@ steps:
- from: /repo/batch/test
to: /io/test
secrets:
- name: test-dev-tokens
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /dev-tokens
mountPath: /test-dev-gsa-key
alwaysRun: true
dependsOn:
- create_deploy_config
Expand Down Expand Up @@ -2829,6 +2839,8 @@ steps:
script: |
set -ex
export ORGANIZATION=hail-ci-test
export GOOGLE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export REPO_NAME=ci-test-"{{ create_ci_test_repo.token }}"
export NAMESPACE="{{ default_ns.name }}"
Expand All @@ -2842,10 +2854,10 @@ steps:
--durations=50 \
/io/ci/test
secrets:
- name: test-dev-tokens
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
mountPath: /test-dev-gsa-key
timeout: 5400
inputs:
- from: /repo/ci/test
Expand Down Expand Up @@ -2876,6 +2888,7 @@ steps:
export HAIL_CLOUD={{ global.cloud }}
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export DOCKER_ROOT_IMAGE="{{ global.docker_root_image }}"
export HAIL_GENETICS_HAIL_IMAGE="{{ hailgenetics_hail_image.image }}"
export HAIL_GENETICS_HAILTOP_IMAGE="{{ hailgenetics_hailtop_image.image }}"
Expand All @@ -2900,10 +2913,6 @@ steps:
to: /io/hailtop
timeout: 1200
secrets:
- name: test-tokens
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
- name: test-gsa-key
namespace:
valueFrom: default_ns.name
Expand Down Expand Up @@ -3050,6 +3059,7 @@ steps:
set -ex
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
cd /io/hailtop/batch
hailctl config set batch/billing_project test
hailctl config set batch/remote_tmpdir {{ global.test_storage_uri }}/test_batch_docs/{{ token }}/
Expand All @@ -3067,10 +3077,6 @@ steps:
--timeout=120 \
--ignore=docs/conf.py
secrets:
- name: test-tokens
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
- name: test-gsa-key
namespace:
valueFrom: default_ns.name
Expand Down Expand Up @@ -3455,16 +3461,18 @@ steps:
valueFrom: hailgenetics_hailtop_image.image
script: |
set -ex
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
hailctl curl {{ default_ns.name }} www / \
-vvv \
-fsSL \
--retry 3 \
--retry-delay 5
secrets:
- name: test-tokens
- name: test-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
mountPath: /test-gsa-key
dependsOn:
- default_ns
- create_accounts
Expand Down Expand Up @@ -3515,10 +3523,6 @@ steps:
- from: /repo/hail/testng-fs.xml
to: /io/testng-fs.xml
secrets:
- name: test-tokens
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
- name: test-gsa-key
namespace:
valueFrom: default_ns.name
Expand Down Expand Up @@ -3586,6 +3590,8 @@ steps:
valueFrom: hailgenetics_hailtop_image.image
script: |
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export GOOGLE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
cat >cancel_all_running_test_batches.py <<'EOF'
from hailtop.batch_client.aioclient import BatchClient
Expand All @@ -3607,10 +3613,10 @@ steps:
python3 cancel_all_running_test_batches.py
secrets:
- name: test-dev-tokens
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
mountPath: /test-dev-gsa-key
alwaysRun: true
timeout: 300
dependsOn:
Expand All @@ -3632,6 +3638,8 @@ steps:
image:
valueFrom: hail_dev_image.image
script: |
export GOOGLE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-dev-gsa-key/key.json
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
export DOCKER_PREFIX="{{ global.docker_prefix }}"
export DOCKER_ROOT_IMAGE="{{ global.docker_root_image }}"
Expand All @@ -3652,10 +3660,10 @@ steps:
to: /io/test
timeout: 300
secrets:
- name: test-dev-tokens
- name: test-dev-gsa-key
namespace:
valueFrom: default_ns.name
mountPath: /user-tokens
mountPath: /test-dev-gsa-key
scopes:
- test
- dev
Expand Down
Loading

0 comments on commit 4d0379b

Please sign in to comment.