test: fix S3 cross-account failure assertion error (aws-deadline#475)

Signed-off-by: Bian <[email protected]>
leongdl · Oct 16, 2024 · 56859e3 · 56859e3
1 parent 62f7412
commit 56859e3
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 15 deletions.
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -167,7 +167,7 @@ Notes:
 * If you are adding/changing code related to the Job Attachments' file-upload interactions with S3, then if you have a second
   AWS account then we request that you also ensure that the tests marked with the `pytest.mark.cross_account` marker also pass.
   If you don't have a second account, then don't worry about it. These tests will run in our CI. To run these tests:
-  1. Create an S3 bucket in the same region as your testing resources but in your second AWS Account.
+  1. Create an S3 bucket in the same region as your testing resources but in your second AWS Account. If the bucket doesn't exist, you may see S3 PermanentRedirect error.
   2. Set the access policy of that S3 bucket to allow your first AWS Account to perform all operations on the bucket. Do
      NOT open the bucket up to the world for reading/writing!
   3. `export INTEG_TEST_JA_CROSS_ACCOUNT_BUCKET=<your-bucket-name-in-the-second-account>`

diff --git a/test/integ/cli/test_cli_attachment.py b/test/integ/cli/test_cli_attachment.py
@@ -91,7 +91,9 @@ def job_attachment_resources(self, deploy_job_attachment_resources: JobAttachmen
 
         yield deploy_job_attachment_resources
 
-    def test_attachment_s3_cross_account_access_denied(self, temp_dir):
+    @pytest.mark.cross_account
+    @pytest.mark.integ
+    def test_attachment_s3_cross_account_access_denied(self, external_bucket, temp_dir):
         # Given
         file_name: str = f"{hash_data(temp_dir.encode('utf-8'), HashAlgorithm.XXH128)}_output"
         manifest_path: str = os.path.join(temp_dir, file_name)
@@ -120,14 +122,14 @@ def test_attachment_s3_cross_account_access_denied(self, temp_dir):
                 "--profile",
                 "default",
                 "--s3-root-uri",
-                "s3://cross-account-bucket/test",
+                f"s3://{external_bucket}/test",
             ],
         )
         assert (
             result.exit_code != 0
         ), f"Expecting cross-account s3 access to fail but not, CLI output {result.output}"
         assert "deadline.job_attachments.exceptions.JobAttachmentsS3ClientError" in result.output
-        assert "Error uploading file" in result.output
+        assert "HTTP Status Code: 403, Access denied." in result.output
 
         result = runner.invoke(
             main,
@@ -139,15 +141,16 @@ def test_attachment_s3_cross_account_access_denied(self, temp_dir):
                 "--profile",
                 "default",
                 "--s3-root-uri",
-                "s3://cross-account-bucket/test",
+                f"s3://{external_bucket}/test",
             ],
         )
         assert (
             result.exit_code != 0
         ), f"Expecting cross-account s3 access to fail but not, CLI output {result.output}"
         assert "deadline.job_attachments.exceptions.JobAttachmentsS3ClientError" in result.output
-        assert "Error downloading file" in result.output
+        assert "HTTP Status Code: 403, Forbidden or Access denied." in result.output
 
+    @pytest.mark.integ
     @pytest.mark.parametrize("manifest_case_key", MOCK_MANIFEST_CASE.keys())
     def test_attachment_basic_flow(self, temp_dir, job_attachment_resources, manifest_case_key):
 
@@ -213,6 +216,7 @@ def test_attachment_basic_flow(self, temp_dir, job_attachment_resources, manifes
         asset_files = os.listdir(os.path.join(os.getcwd(), file_name, "files"))
         assert len(asset_files) == 1
 
+    @pytest.mark.integ
     @pytest.mark.parametrize("manifest_case_key", MOCK_MANIFEST_CASE.keys())
     def test_attachment_path_mapping_flow(
         self, temp_dir, job_attachment_resources, manifest_case_key

diff --git a/test/integ/conftest.py b/test/integ/conftest.py
@@ -0,0 +1,12 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+import os
+import pytest
+
+
+@pytest.fixture()
+def external_bucket() -> str:
+    """
+    Return a bucket that all developers and test accounts have access to, but isn't in the testers account.
+    """
+    return os.environ.get("INTEG_TEST_JA_CROSS_ACCOUNT_BUCKET", "job-attachment-bucket-snipe-test")
diff --git a/test/integ/deadline_job_attachments/conftest.py b/test/integ/deadline_job_attachments/conftest.py
@@ -1,7 +1,6 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
 import getpass
-import os
 import json
 import sys
 import pytest
@@ -94,13 +93,5 @@ def default_job_template_one_task_one_step() -> str:
     )
 
 
-@pytest.fixture()
-def external_bucket() -> str:
-    """
-    Return a bucket that all developers and test accounts have access to, but isn't in the testers account.
-    """
-    return os.environ.get("INTEG_TEST_JA_CROSS_ACCOUNT_BUCKET", "job-attachment-bucket-snipe-test")
-
-
 def is_windows_non_admin():
     return sys.platform == "win32" and getpass.getuser() != "Administrator"