Skip to content

Commit 13973f1

Browse files
author
Frank Natividad
committed
Adding Bucket-level IAM snippets in google-cloud-examples
1 parent aaf3517 commit 13973f1

2 files changed

Lines changed: 164 additions & 0 deletions

File tree

google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/BucketIamSnippets.java

Lines changed: 112 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,112 @@
1+
/*
2+
* Copyright 2017 Google Inc. All Rights Reserved.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
/*
18+
* EDITING INSTRUCTIONS
19+
* This file is referenced in Storage's javadoc. Any change to this file should be reflected in
20+
* Storage's javadoc.
21+
*/
22+
23+
package com.google.cloud.examples.storage.snippets;
24+
25+
import com.google.cloud.Identity;
26+
import com.google.cloud.Policy;
27+
import com.google.cloud.Role;
28+
import com.google.cloud.storage.Storage;
29+
import com.google.cloud.storage.StorageException;
30+
import com.google.cloud.storage.StorageOptions;
31+
import com.google.cloud.storage.StorageRoles;
32+
33+
import java.util.Map;
34+
import java.util.Set;
35+
36+
/**
37+
* This class contains Bucket-level IAM snippets for the {@link Storage} interface.
38+
*/
39+
public class BucketIamSnippets {
40+
41+
private final Storage storage;
42+
43+
public BucketIamSnippets(Storage storage) {
44+
this.storage = storage;
45+
}
46+
47+
/**
48+
* Example of listing the Bucket-Level IAM Roles and Members
49+
*/
50+
51+
public Policy listBucketIamMembers(String bucketName) {
52+
// [START view_bucket_iam_members]
53+
// Initialize a Cloud Storage client
54+
Storage storage = StorageOptions.getDefaultInstance().getService();
55+
56+
// Get IAM Policy for a bucket
57+
Policy policy = storage.getIamPolicy(bucketName);
58+
59+
// Print Roles and its identities
60+
Map<Role, Set<Identity>> policyBindings = policy.getBindings();
61+
for(Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) {
62+
System.out.printf("Role: %s", entry.getKey());
63+
System.out.printf(" Identities: %s\n", entry.getValue());
64+
}
65+
// [END view_bucket_iam_members]
66+
return policy;
67+
}
68+
69+
/**
70+
* Example of adding a member to the Bucket-level IAM
71+
*/
72+
73+
public void addBucketIamMember(String bucketName, Role role, Identity identity) {
74+
// [START add_bucket_iam_member]
75+
// Initialize a Cloud Storage client
76+
Storage storage = StorageOptions.getDefaultInstance().getService();
77+
78+
// Get IAM Policy for a bucket
79+
Policy policy = storage.getIamPolicy(bucketName);
80+
81+
// Add identity to Bucket-level IAM role
82+
Policy updatedPolicy = policy.toBuilder().addIdentity(role, identity).build();
83+
84+
// Update the bucket IAM Policy
85+
storage.setIamPolicy(bucketName, updatedPolicy);
86+
87+
System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName);
88+
// [END add_bucket_iam_member]
89+
}
90+
91+
/**
92+
* Example of removing a member from the Bucket-level IAM
93+
*/
94+
95+
public void removeBucketIamMember(String bucketName, Role role, Identity identity) {
96+
// [START remove_bucket_iam_member]
97+
// Initialize a Cloud Storage client
98+
Storage storage = StorageOptions.getDefaultInstance().getService();
99+
100+
// Get IAM Policy for a bucket
101+
Policy policy = storage.getIamPolicy(bucketName);
102+
103+
// Remove identity from Bucket-level IAM role
104+
Policy updatedPolicy = policy.toBuilder().removeIdentity(role, identity).build();
105+
106+
// Update the bucket IAM Policy
107+
storage.setIamPolicy(bucketName, updatedPolicy);
108+
109+
System.out.printf("Removed %s with role %s from %s\n", identity, role, bucketName);
110+
// [END remove_bucket_iam_member]
111+
}
112+
}

google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITBucketSnippets.java

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,13 +21,16 @@
2121
import static org.junit.Assert.assertNull;
2222
import static org.junit.Assert.assertTrue;
2323

24+
import com.google.cloud.Identity;
25+
import com.google.cloud.Policy;
2426
import com.google.cloud.storage.Acl;
2527
import com.google.cloud.storage.Acl.Role;
2628
import com.google.cloud.storage.Blob;
2729
import com.google.cloud.storage.Bucket;
2830
import com.google.cloud.storage.BucketInfo;
2931
import com.google.cloud.storage.Storage;
3032
import com.google.cloud.storage.StorageException;
33+
import com.google.cloud.storage.StorageRoles;
3134
import com.google.cloud.storage.testing.RemoteStorageHelper;
3235
import com.google.common.collect.Sets;
3336

@@ -49,13 +52,15 @@ public class ITBucketSnippets {
4952

5053
private static final Logger log = Logger.getLogger(ITBucketSnippets.class.getName());
5154
private static final String BUCKET = RemoteStorageHelper.generateBucketName();
55+
private static final String USER_EMAIL = "[email protected]";
5256
private static final String BLOB1 = "blob1";
5357
private static final String BLOB2 = "blob2";
5458
private static final String BLOB3 = "blob3";
5559
private static final String BLOB4 = "blob4";
5660

5761
private static Storage storage;
5862
private static BucketSnippets bucketSnippets;
63+
private static BucketIamSnippets bucketIamSnippets;
5964

6065
@Rule
6166
public ExpectedException thrown = ExpectedException.none();
@@ -68,6 +73,7 @@ public static void beforeClass() {
6873
RemoteStorageHelper helper = RemoteStorageHelper.create();
6974
storage = helper.getOptions().getService();
7075
bucketSnippets = new BucketSnippets(storage.create(BucketInfo.of(BUCKET)));
76+
bucketIamSnippets = new BucketIamSnippets(storage);
7177
}
7278

7379
@AfterClass
@@ -133,4 +139,50 @@ public void testBucket() throws InterruptedException {
133139
thrown.expect(StorageException.class);
134140
assertTrue(bucketSnippets.delete());
135141
}
142+
143+
@Test
144+
public void testListBucketIamMembers() {
145+
// Test an added Bucket-level IAM member is listed
146+
Policy policy = storage.getIamPolicy(BUCKET);
147+
storage.setIamPolicy(BUCKET, policy.toBuilder().removeRole(StorageRoles.admin()).build());
148+
policy = storage.getIamPolicy(BUCKET);
149+
assertNull(policy.getBindings().get(StorageRoles.admin()));
150+
storage.setIamPolicy(BUCKET, policy.toBuilder().addIdentity(StorageRoles.admin(),
151+
Identity.user(USER_EMAIL)).build());
152+
policy = storage.getIamPolicy(BUCKET);
153+
assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL)));
154+
Policy snippetPolicy = bucketIamSnippets.listBucketIamMembers(BUCKET);
155+
assertTrue(snippetPolicy.getBindings().get(StorageRoles.admin()).
156+
contains(Identity.user(USER_EMAIL)));
157+
}
158+
159+
@Test
160+
public void testAddBucketIamMemeber() {
161+
// Test a member is added to Bucket-level IAM
162+
Policy policy = storage.getIamPolicy(BUCKET);
163+
storage.setIamPolicy(BUCKET, policy.toBuilder().removeRole(StorageRoles.admin()).build());
164+
policy = storage.getIamPolicy(BUCKET);
165+
assertNull(policy.getBindings().get(StorageRoles.admin()));
166+
bucketIamSnippets.addBucketIamMember(BUCKET, StorageRoles.admin(), Identity.user(USER_EMAIL));
167+
policy = storage.getIamPolicy(BUCKET);
168+
assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL)));
169+
}
170+
171+
@Test
172+
public void testRemoveBucketIamMember() {
173+
// Test a member is removed from Bucket-level IAM
174+
Policy policy = storage.getIamPolicy(BUCKET);
175+
storage.setIamPolicy(BUCKET, policy.toBuilder().removeRole(StorageRoles.admin()).build());
176+
policy = storage.getIamPolicy(BUCKET);
177+
assertNull(policy.getBindings().get(StorageRoles.admin()));
178+
policy = policy.toBuilder().addIdentity(StorageRoles.admin(),
179+
Identity.user(USER_EMAIL)).build();
180+
storage.setIamPolicy(BUCKET, policy);
181+
policy = storage.getIamPolicy(BUCKET);
182+
assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL)));
183+
bucketIamSnippets.removeBucketIamMember(BUCKET, StorageRoles.admin(),
184+
Identity.user(USER_EMAIL));
185+
policy = storage.getIamPolicy(BUCKET);
186+
assertNull(policy.getBindings().get(StorageRoles.admin()));
187+
}
136188
}

0 commit comments

Comments
 (0)