Add factory methods for primitive roles, other minor fixes

mziccard · mziccard · commit 462910ed161b · 2016-09-05T16:14:16.000+02:00
diff --git a/google-cloud-core/src/main/java/com/google/cloud/Policy.java b/google-cloud-core/src/main/java/com/google/cloud/Policy.java
@@ -24,6 +24,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
+import com.google.common.io.BaseEncoding;
 import com.google.protobuf.ByteString;
 
 import java.io.Serializable;
@@ -39,10 +40,10 @@
 import java.util.Set;
 
 /**
- * Base class for Identity and Access Management (IAM) policies. IAM policies are used to specify
- * access settings for Cloud Platform resources. A policy is a map of bindings. A binding assigns
- * a set of identities to a role, where the identities can be user accounts, Google groups, Google
- * domains, and service accounts. A role is a named list of permissions defined by IAM.
+ * Class for Identity and Access Management (IAM) policies. IAM policies are used to specify access
+ * settings for Cloud Platform resources. A policy is a map of bindings. A binding assigns a set of
+ * identities to a role, where the identities can be user accounts, Google groups, Google domains,
+ * and service accounts. A role is a named list of permissions defined by IAM.
  *
  * @see <a href="https://cloud.google.com/iam/reference/rest/v1/Policy">Policy</a>
  */
@@ -88,7 +89,8 @@ protected Policy fromPb(com.google.iam.v1.Policy policyPb) {
       }
       return builder()
           .bindings(bindings)
-          .etag(policyPb.getEtag().size() == 0 ? null : policyPb.getEtag().toStringUtf8())
+          .etag(policyPb.getEtag().isEmpty() ? null
+              : BaseEncoding.base64().encode(policyPb.getEtag().toByteArray()))
           .version(policyPb.getVersion())
           .build();
     }
@@ -106,7 +108,7 @@ protected com.google.iam.v1.Policy toPb(Policy policy) {
       }
       policyBuilder.addAllBindings(bindingPbList);
       if (policy.etag != null) {
-        policyBuilder.setEtag(ByteString.copyFromUtf8(policy.etag));
+        policyBuilder.setEtag(ByteString.copyFrom(BaseEncoding.base64().decode(policy.etag)));
       }
       policyBuilder.setVersion(policy.version);
       return policyBuilder.build();
@@ -250,14 +252,14 @@ public Builder toBuilder() {
   }
 
   /**
-   * The map of bindings that comprises the policy.
+   * Returns the map of bindings that comprises the policy.
    */
   public Map<Role, Set<Identity>> bindings() {
     return bindings;
   }
 
   /**
-   * The policy's etag.
+   * Returns the policy's etag.
    *
    * <p>Etags are used for optimistic concurrency control as a way to help prevent simultaneous
    * updates of a policy from overwriting each other. It is strongly suggested that systems make
@@ -272,8 +274,8 @@ public String etag() {
   }
 
   /**
-   * Sets the version of the policy. The default version is 0, meaning only the "owner", "editor",
-   * and "viewer" roles are permitted. If the version is 1, you may also use other roles.
+   * Returns the version of the policy. The default version is 0, meaning only the "owner",
+   * "editor", and "viewer" roles are permitted. If the version is 1, you may also use other roles.
    */
   public int version() {
     return version;
diff --git a/google-cloud-core/src/main/java/com/google/cloud/Role.java b/google-cloud-core/src/main/java/com/google/cloud/Role.java
@@ -27,6 +27,7 @@
  *
  * @see <a href="https://cloud.google.com/iam/docs/viewing-grantable-roles">Viewing the Grantable
  *     Roles on Resources</a>
+ * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a>
  */
 public final class Role implements Serializable {
 
@@ -47,6 +48,36 @@ public String value() {
     return value;
   }
 
+  /**
+   * Returns the viewer role. Encapsulates the permission for read-only actions that preserve state
+   * of a resource.
+   *
+   * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a>
+   */
+  public static Role viewer() {
+    return of("viewer");
+  }
+
+  /**
+   * Returns the editor role. Encapsulates all viewer's permissions and permissions for actions that
+   * modify the state of a resource.
+   *
+   * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a>
+   */
+  public static Role editor() {
+    return of("editor");
+  }
+
+  /**
+   * Returns the owner role. Encapsulates all editor's permissions and permissions to manage access
+   * control for a resource or manage the billing options for a project.
+   *
+   * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a>
+   */
+  public static Role owner() {
+    return of("owner");
+  }
+
   /**
    * Returns a new role given its string value.
    *
diff --git a/google-cloud-core/src/test/java/com/google/cloud/PolicyTest.java b/google-cloud-core/src/test/java/com/google/cloud/PolicyTest.java
@@ -43,9 +43,9 @@ public class PolicyTest {
       Identity.serviceAccount("service-account@gmail.com");
   private static final Identity GROUP = Identity.group("group@gmail.com");
   private static final Identity DOMAIN = Identity.domain("google.com");
-  private static final Role VIEWER = Role.of("viewer");
-  private static final Role EDITOR = Role.of("editor");
-  private static final Role OWNER = Role.of("owner");
+  private static final Role VIEWER = Role.viewer();
+  private static final Role EDITOR = Role.editor();
+  private static final Role OWNER = Role.owner();
   private static final Map<Role, ImmutableSet<Identity>> BINDINGS = ImmutableMap.of(
       VIEWER,
       ImmutableSet.of(USER, SERVICE_ACCOUNT, ALL_USERS),
diff --git a/google-cloud-core/src/test/java/com/google/cloud/RoleTest.java b/google-cloud-core/src/test/java/com/google/cloud/RoleTest.java
@@ -36,6 +36,21 @@ public void testOf() {
     compareRoles(OWNER, Role.of("roles/owner"));
   }
 
+  @Test
+  public void testViewer() {
+    assertEquals("roles/viewer", Role.viewer().value());
+  }
+
+  @Test
+  public void testEditor() {
+    assertEquals("roles/editor", Role.editor().value());
+  }
+
+  @Test
+  public void testOwner() {
+    assertEquals("roles/owner", Role.owner().value());
+  }
+
   @Test(expected = NullPointerException.class)
   public void testOfNullValue() {
     Role.of(null);
diff --git a/google-cloud-core/src/test/java/com/google/cloud/SerializationTest.java b/google-cloud-core/src/test/java/com/google/cloud/SerializationTest.java
@@ -39,7 +39,7 @@ public class SerializationTest extends BaseSerializationTest {
   private static final SigningException SIGNING_EXCEPTION =
       new SigningException("message", BASE_SERVICE_EXCEPTION);
   private static final RetryParams RETRY_PARAMS = RetryParams.defaultInstance();
-  private static final Role SOME_ROLE = Role.of("viewer");
+  private static final Role SOME_ROLE = Role.viewer();
   private static final Policy SOME_IAM_POLICY = Policy.builder().build();
   private static final WaitForOption CHECKING_PERIOD =
       WaitForOption.checkEvery(42, TimeUnit.SECONDS);
diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/resourcemanager/snippets/ModifyPolicy.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/resourcemanager/snippets/ModifyPolicy.java
@@ -49,7 +49,7 @@ public static void main(String... args) {
     // Add a viewer
     Policy.Builder modifiedPolicy = policy.toBuilder();
     Identity newViewer = Identity.user("<insert user's email address here>");
-    modifiedPolicy.addIdentity(Role.of("roles/viewer"), newViewer);
+    modifiedPolicy.addIdentity(Role.viewer(), newViewer);
 
     // Write policy
     Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build());
diff --git a/google-cloud-resourcemanager/README.md b/google-cloud-resourcemanager/README.md
@@ -186,7 +186,7 @@ Policy policy = project.getPolicy();
 // Add a viewer
 Policy.Builder modifiedPolicy = policy.toBuilder();
 Identity newViewer = Identity.user("<insert user's email address here>");
-modifiedPolicy.addIdentity(Role.of("roles/viewer"), newViewer);
+modifiedPolicy.addIdentity(Role.viewer(), newViewer);
 
 // Write policy
 Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build());
diff --git a/google-cloud-resourcemanager/src/main/java/com/google/cloud/resourcemanager/PolicyMarshaller.java b/google-cloud-resourcemanager/src/main/java/com/google/cloud/resourcemanager/PolicyMarshaller.java
@@ -38,7 +38,7 @@ final class PolicyMarshaller
 
   private PolicyMarshaller() {}
 
-  private static class Builder extends com.google.cloud.Policy.Builder {
+  private static class Builder extends Policy.Builder {
 
     private Builder(Map<Role, Set<Identity>> bindings, String etag, Integer version) {
       bindings(bindings);
diff --git a/google-cloud-resourcemanager/src/main/java/com/google/cloud/resourcemanager/ResourceManager.java b/google-cloud-resourcemanager/src/main/java/com/google/cloud/resourcemanager/ResourceManager.java
@@ -303,7 +303,7 @@ public static ProjectListOption fields(ProjectField... fields) {
    * <pre> {@code
    * Policy currentPolicy = resourceManager.getPolicy("my-project-id");
    * Policy modifiedPolicy = current.toBuilder()
-   *     .removeIdentity(Role.of("roles/viewer"), Identity.user("user@gmail.com"))
+   *     .removeIdentity(Role.viewer(), Identity.user("user@gmail.com"))
    *     .build();
    * Policy newPolicy = resourceManager.replacePolicy("my-project-id", modified);
    * }
diff --git a/google-cloud-resourcemanager/src/test/java/com/google/cloud/resourcemanager/PolicyMarshallerTest.java b/google-cloud-resourcemanager/src/test/java/com/google/cloud/resourcemanager/PolicyMarshallerTest.java
@@ -35,9 +35,9 @@ public class PolicyMarshallerTest {
       Identity.serviceAccount("service-account@gmail.com");
   private static final Identity GROUP = Identity.group("group@gmail.com");
   private static final Identity DOMAIN = Identity.domain("google.com");
-  private static final Role VIEWER = Role.of("viewer");
-  private static final Role EDITOR = Role.of("editor");
-  private static final Role OWNER = Role.of("owner");
+  private static final Role VIEWER = Role.viewer();
+  private static final Role EDITOR = Role.editor();
+  private static final Role OWNER = Role.owner();
   private static final Role SOME_ROLE = Role.of("roles/some-role");
   private static final Policy SIMPLE_POLICY = Policy.builder()
       .addIdentity(OWNER, USER)
diff --git a/google-cloud-resourcemanager/src/test/java/com/google/cloud/resourcemanager/ProjectTest.java b/google-cloud-resourcemanager/src/test/java/com/google/cloud/resourcemanager/ProjectTest.java
@@ -57,8 +57,8 @@ public class ProjectTest {
   private static final Identity SERVICE_ACCOUNT =
       Identity.serviceAccount("service-account@gmail.com");
   private static final Policy POLICY = Policy.builder()
-      .addIdentity(Role.of("roles/owner"), USER)
-      .addIdentity(Role.of("roles/editor"), SERVICE_ACCOUNT)
+      .addIdentity(Role.owner(), USER)
+      .addIdentity(Role.editor(), SERVICE_ACCOUNT)
       .build();
 
   private ResourceManager serviceMockReturnsOptions = createStrictMock(ResourceManager.class);
diff --git a/google-cloud-resourcemanager/src/test/java/com/google/cloud/resourcemanager/ResourceManagerImplTest.java b/google-cloud-resourcemanager/src/test/java/com/google/cloud/resourcemanager/ResourceManagerImplTest.java
@@ -72,8 +72,8 @@ public class ResourceManagerImplTest {
       .build();
   private static final Map<ResourceManagerRpc.Option, ?> EMPTY_RPC_OPTIONS = ImmutableMap.of();
   private static final Policy POLICY = Policy.builder()
-      .addIdentity(Role.of("roles/owner"), Identity.user("me@gmail.com"))
-      .addIdentity(Role.of("roles/editor"), Identity.serviceAccount("serviceaccount@gmail.com"))
+      .addIdentity(Role.owner(), Identity.user("me@gmail.com"))
+      .addIdentity(Role.editor(), Identity.serviceAccount("serviceaccount@gmail.com"))
       .build();
 
   @Rule
