@@ -131,37 +131,48 @@ def test_object_csek_to_cmek(test_blob):
131131 assert cmek_blob .download_as_bytes (), test_blob_content
132132
133133
134- def test_bucket_encryption_enforcement_config (capsys ):
134+ @pytest .fixture (scope = "module" )
135+ def enforcement_bucket ():
135136 bucket_name = f"test_encryption_enforcement_{ uuid .uuid4 ().hex }
137+ yield bucket_name
136138
139+ storage_client = storage .Client ()
137140 try :
138- # Create
139- storage_set_bucket_encryption_enforcement_config .set_bucket_encryption_enforcement_config (bucket_name )
140- out , _ = capsys .readouterr ()
141- assert f"Created bucket { bucket_name } in out
142-
143- # Get
144- storage_get_bucket_encryption_enforcement_config .get_bucket_encryption_enforcement_config (bucket_name )
145- out , _ = capsys .readouterr ()
146- assert f"Encryption Enforcement Config for bucket { bucket_name } in out
147- assert "Customer-managed encryption enforcement config restriction mode: NotRestricted" in out
148- assert "Customer-supplied encryption enforcement config restriction mode: FullyRestricted" in out
149- assert "Google-managed encryption enforcement config restriction mode: FullyRestricted" in out
150-
151- # Update
152- storage_update_encryption_enforcement_config .update_encryption_enforcement_config (bucket_name )
153- out , _ = capsys .readouterr ()
154- assert f"Encryption enforcement policy updated for bucket { bucket_name } in out
155-
156- # Get after update
157- storage_get_bucket_encryption_enforcement_config .get_bucket_encryption_enforcement_config (bucket_name )
158- out , _ = capsys .readouterr ()
159- assert "Customer-managed encryption enforcement config restriction mode: NotRestricted" in out
160- assert "Customer-supplied encryption enforcement config restriction mode: None" in out
161- assert "Google-managed encryption enforcement config restriction mode: FullyRestricted" in out
162-
163- finally :
164- try :
165- storage .Client ().get_bucket (bucket_name ).delete (force = True )
166- except Exception :
167- pass
141+ bucket = storage_client .get_bucket (bucket_name )
142+ bucket .delete (force = True )
143+ except Exception :
144+ pass
145+
146+
147+ def test_set_bucket_encryption_enforcement_config (enforcement_bucket ):
148+ storage_set_bucket_encryption_enforcement_config .set_bucket_encryption_enforcement_config (
149+ enforcement_bucket
150+ )
151+
152+ storage_client = storage .Client ()
153+ bucket = storage_client .get_bucket (enforcement_bucket )
154+
155+ assert bucket .google_managed_encryption_enforcement_config .restriction_mode == "FullyRestricted"
156+ assert bucket .customer_managed_encryption_enforcement_config .restriction_mode == "NotRestricted"
157+ assert bucket .customer_supplied_encryption_enforcement_config .restriction_mode == "FullyRestricted"
158+
159+
160+ def test_get_bucket_encryption_enforcement_config (enforcement_bucket ):
161+ # This just exercises the get snippet. If it crashes, the test fails.
162+ # The assertions on the state were done in the set test.
163+ storage_get_bucket_encryption_enforcement_config .get_bucket_encryption_enforcement_config (
164+ enforcement_bucket
165+ )
166+
167+
168+ def test_update_encryption_enforcement_config (enforcement_bucket ):
169+ storage_update_encryption_enforcement_config .update_encryption_enforcement_config (
170+ enforcement_bucket
171+ )
172+
173+ storage_client = storage .Client ()
174+ bucket = storage_client .get_bucket (enforcement_bucket )
175+
176+ assert bucket .google_managed_encryption_enforcement_config .restriction_mode == "FullyRestricted"
177+ assert bucket .customer_managed_encryption_enforcement_config .restriction_mode == "NotRestricted"
178+ assert bucket .customer_supplied_encryption_enforcement_config is None
![google-labs-jules[bot]](https://avatars.githubusercontent.com/in/842251?v=4&size=40){kind=avatar}
0 commit comments