Skip to content

Commit

Permalink
chore: Update integration test project setup instructions. (#592)
Browse files Browse the repository at this point in the history 
* Update integration test project setup instructions.

* mirror Tech Writer review changes

* fix: pencil

* Added service account management note.
  • Loading branch information
@jonathanedey
jonathanedey committed Dec 19, 2023
1 parent a7e9d97 commit 22deeba
Showing 1 changed file with 83 additions and 29 deletions.
112 changes: 83 additions & 29 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,35 +115,89 @@ the integration tests, and only execute the unit tests.

### Integration Testing

A suite of integration tests are available in the Admin SDK source code.
These tests are designed to run against an actual Firebase project. Create a new
project in the [Firebase Console](https://console.firebase.google.com), if you
do not already have one suitable for running the tests against. Then obtain the
following credentials from the project:

1. *Service account certificate*: This can be downloaded as a JSON file from
the "Settings > Service Accounts" tab of the Firebase console. Click
"GENERATE NEW PRIVATE KEY" and copy the file into your Go workspace as
`src/firebase.google.com/go/testdata/integration_cert.json`.
2. *Web API key*: This is displayed in the "Settings > General" tab of the
console. Copy it and save to a new text file. Copy this text file into
your Go workspace as
`src/firebase.google.com/go/testdata/integration_apikey.txt`.

You'll also need to grant your service account the 'Firebase Authentication Admin' role. This is
required to ensure that exported user records contain the password hashes of the user accounts:
1. Go to [Google Cloud Platform Console / IAM & admin](https://console.cloud.google.com/iam-admin).
2. Find your service account in the list, and click the 'pencil' icon to edit it's permissions.
3. Click 'ADD ANOTHER ROLE' and choose 'Firebase Authentication Admin'.
4. Click 'SAVE'.

Some of the integration tests require an
[Identity Platform](https://cloud.google.com/identity-platform/) project with multi-tenancy
[enabled](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy).
An existing Firebase project can be upgraded to an Identity Platform project without losing any
functionality via the
[Identity Platform Marketplace Page](https://console.cloud.google.com/customer-identity). Note that
charges may be incurred for active users beyond the Identity Platform free tier.
Integration tests are executed against a real life Firebase project. If you do not already
have one suitable for running the tests against, you can create a new project in the
[Firebase Console](https://console.firebase.google.com) following the setup guide below.
If you already have a Firebase project, you'll need to obtain credentials to communicate and
authorize access to your Firebase project:


1. Service account certificate: This allows access to your Firebase project through a service account
which is required for all integration tests. This can be downloaded as a JSON file from the
**Settings > Service Accounts** tab of the Firebase console when you click the
**Generate new private key** button. Copy the file into the repo so it's available at
`src/firebase.google.com/go/testdata/integration_cert.json`.
> **Note:** Service accounts should be carefully managed and their keys should never be stored in publicly accessible source code or repositories.

2. Web API key: This allows for Auth sign-in needed for some Authentication and Tenant Management
integration tests. This is displayed in the **Settings > General** tab of the Firebase console
after enabling Authentication as described in the steps below. Copy it and save to a new text
file at `src/firebase.google.com/go/testdata/integration_apikey.txt`.


Set up your Firebase project as follows:


1. Enable Authentication:
1. Go to the Firebase Console, and select **Authentication** from the **Build** menu.
2. Click on **Get Started**.
3. Select **Sign-in method > Add new provider > Email/Password** then enable both the
**Email/Password** and **Email link (passwordless sign-in)** options.


2. Enable Firestore:
1. Go to the Firebase Console, and select **Firestore Database** from the **Build** menu.
2. Click on the **Create database** button. You can choose to set up Firestore either in
the production mode or in the test mode.


3. Enable Realtime Database:
1. Go to the Firebase Console, and select **Realtime Database** from the **Build** menu.
2. Click on the **Create Database** button. You can choose to set up the Realtime Database
either in the locked mode or in the test mode.

> **Note:** Integration tests are not run against the default Realtime Database reference and are
instead run against a database created at `https://{PROJECT_ID}.firebaseio.com`.
This second Realtime Database reference is created in the following steps.

3. In the **Data** tab click on the kebab menu (3 dots) and select **Create Database**.
4. Enter your Project ID (Found in the **General** tab in **Account Settings**) as the
**Realtime Database reference**. Again, you can choose to set up the Realtime Database
either in the locked mode or in the test mode.


4. Enable Storage:
1. Go to the Firebase Console, and select **Storage** from the **Build** menu.
2. Click on the **Get started** button. You can choose to set up Cloud Storage
either in the production mode or in the test mode.


5. Enable the IAM API:
1. Go to the [Google Cloud console](https://console.cloud.google.com)
and make sure your Firebase project is selected.
2. Select **APIs & Services** from the main menu, and click the
**ENABLE APIS AND SERVICES** button.
3. Search for and enable **Identity and Access Management (IAM) API** by Google Enterprise API.


6. Enable Tenant Management:
1. Go to
[Google Cloud console | Identity Platform](https://console.cloud.google.com/customer-identity/)
and if it is not already enabled, click **Enable**.
2. Then
[enable multi-tenancy](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy)
for your project.


7. Ensure your service account has the **Firebase Authentication Admin** role. This is required
to ensure that exported user records contain the password hashes of the user accounts:
1. Go to [Google Cloud console | IAM & admin](https://console.cloud.google.com/iam-admin).
2. Find your service account in the list. If not added click the pencil icon to edit its
permissions.
3. Click **ADD ANOTHER ROLE** and choose **Firebase Authentication Admin**.
4. Click **SAVE**.


Now you can invoke the test suite as follows:

Expand Down

0 comments on commit 22deeba

Please sign in to comment.