googleapis
diff --git a/‎google-cloud-pubsub/src/main/java/com/google/cloud/pubsub/PolicyMarshaller.java‎
Lines changed: 36 additions & 0 deletions b/‎google-cloud-pubsub/src/main/java/com/google/cloud/pubsub/PolicyMarshaller.java‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎google-cloud-pubsub/src/main/java/com/google/cloud/pubsub/PubSub.java‎
Lines changed: 176 additions & 3 deletions b/‎google-cloud-pubsub/src/main/java/com/google/cloud/pubsub/PubSub.java‎
Lines changed: 176 additions & 3 deletions
diff --git a/‎google-cloud-pubsub/src/main/java/com/google/cloud/pubsub/PubSubImpl.java‎
Lines changed: 110 additions & 0 deletions b/‎google-cloud-pubsub/src/main/java/com/google/cloud/pubsub/PubSubImpl.java‎
Lines changed: 110 additions & 0 deletions
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2016 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.pubsub;
+
+import com.google.cloud.Policy;
+
+final class PolicyMarshaller extends Policy.DefaultMarshaller {
+
+  static final PolicyMarshaller INSTANCE = new PolicyMarshaller();
+
+  private PolicyMarshaller() {}
+
+  @Override
+  protected com.google.iam.v1.Policy toPb(Policy policy) {
+    return super.toPb(policy);
+  }
+
+  @Override
+  protected Policy fromPb(com.google.iam.v1.Policy policyPb) {
+    return super.fromPb(policyPb);
+  }
+}
@@ -19,6 +19,7 @@
 import com.google.cloud.AsyncPage;
 import com.google.cloud.GrpcServiceOptions.ExecutorFactory;
 import com.google.cloud.Page;
+import com.google.cloud.Policy;
 import com.google.cloud.Service;
 
 import java.util.Iterator;
@@ -655,7 +656,179 @@ Future<Void> modifyAckDeadlineAsync(String subscription, int deadline, TimeUnit
   Future<Void> modifyAckDeadlineAsync(String subscription, int deadline, TimeUnit unit,
       Iterable<String> ackIds);
 
-  // IAM Policy operations:  getPolicy, replacePolicy, testPermissions
-  // Not sure if ready (docs is not up-to-date)
-  // Looks like policy is per resource (topic or subscription) but not per service?
+  /**
+   * Returns the IAM access control policy for the specified topic. Returns {@code null} if the
+   * topic was not found.
+   *
+   * @throws PubSubException upon failure
+   */
+  Policy getTopicPolicy(String topic);
+
+  /**
+   * Sends a request for getting the IAM access control policy for the specified topic. This method
+   * returns a {@code Future} object to consume the result. {@link Future#get()} returns the
+   * requested policy or {@code null} if the topic was not found.
+   *
+   * @throws PubSubException upon failure
+   */
+  Future<Policy> getTopicPolicyAsync(String topic);
+
+  /**
+   * Sets the IAM access control policy for the specified topic. Replaces any existing policy. This
+   * method returns the new policy.
+   *
+   * <p>It is recommended that you use the read-modify-write pattern. This pattern entails reading
+   * the project's current policy, updating it locally, and then sending the modified policy for
+   * writing. Cloud IAM solves the problem of conflicting processes simultaneously attempting to
+   * modify a policy by using the {@link Policy#etag etag} property. This property is used to
+   * verify whether the policy has changed since the last request. When you make a request with an
+   * etag value, the value in the request is compared with the existing etag value associated with
+   * the policy. The policy is written only if the etag values match. If the etags don't match, a
+   * {@code PubSubException} is thrown, denoting that the server aborted update. If an etag is not
+   * provided, the policy is overwritten blindly.
+   *
+   * @throws PubSubException upon failure
+   */
+  Policy replaceTopicPolicy(String topic, Policy newPolicy);
+
+  /**
+   * Sends a request to set the IAM access control policy for the specified topic. Replaces any
+   * existing policy. This method returns a {@code Future} object to consume the result.
+   * {@link Future#get()} returns the new policy.
+   *
+   * <p>It is recommended that you use the read-modify-write pattern. This pattern entails reading
+   * the project's current policy, updating it locally, and then sending the modified policy for
+   * writing. Cloud IAM solves the problem of conflicting processes simultaneously attempting to
+   * modify a policy by using the {@link Policy#etag etag} property. This property is used to
+   * verify whether the policy has changed since the last request. When you make a request with an
+   * etag value, the value in the request is compared with the existing etag value associated with
+   * the policy. The policy is written only if the etag values match. If the etags don't match,
+   * {@link Future#get()} will throw a {@link java.util.concurrent.ExecutionException} caused by a
+   * {@code PubSubException}, denoting that the server aborted update. If an etag is not provided,
+   * the policy is overwritten blindly.
+   *
+   * @throws PubSubException upon failure
+   */
+  Future<Policy> replaceTopicPolicyAsync(String topic, Policy newPolicy);
+
+  /**
+   * Returns the permissions that a caller has on the specified topic.
+   *
+   * <p>You typically don't call this method if you're using Google Cloud Platform directly to
+   * manage permissions. This method is intended for integration with your proprietary software,
+   * such as a customized graphical user interface. For example, the Cloud Platform Console tests
+   * IAM permissions internally to determine which UI should be available to the logged-in user.
+   *
+   * @return A list of booleans representing whether the caller has the permissions specified (in
+   *     the order of the given permissions)
+   * @throws PubSubException upon failure
+   * @see <a href="https://cloud.google.com/pubsub/docs/access_control#permissions">
+   *     Permissions and Roles</a>
+   */
+  List<Boolean> testTopicPermissions(String topic, List<String> permissions);
+
+  /**
+   * Sends a request to get the permissions that a caller has on the specified topic.
+   *
+   * <p>You typically don't call this method if you're using Google Cloud Platform directly to
+   * manage permissions. This method is intended for integration with your proprietary software,
+   * such as a customized graphical user interface. For example, the Cloud Platform Console tests
+   * IAM permissions internally to determine which UI should be available to the logged-in user.
+   *
+   * @return A {@code Future} object to consume the result. {@link Future#get()} returns a list of
+   *     booleans representing whether the caller has the permissions specified (in the order of the
+   *     given permissions)
+   * @throws PubSubException upon failure
+   * @see <a href="https://cloud.google.com/pubsub/docs/access_control#permissions">
+   *     Permissions and Roles</a>
+   */
+  Future<List<Boolean>> testTopicPermissionsAsync(String topic, List<String> permissions);
+
+  /**
+   * Returns the IAM access control policy for the specified subscription. Returns {@code null} if
+   * the subscription was not found.
+   *
+   * @throws PubSubException upon failure
+   */
+  Policy getSubscriptionPolicy(String subscription);
+
+  /**
+   * Sends a request for getting the IAM access control policy for the specified subscription. This
+   * method returns a {@code Future} object to consume the result. {@link Future#get()} returns the
+   * requested policy or {@code null} if the subscription was not found.
+   *
+   * @throws PubSubException upon failure
+   */
+  Future<Policy> getSubscriptionPolicyAsync(String subscription);
+
+  /**
+   * Sets the IAM access control policy for the specified subscription. Replaces any existing
+   * policy. This method returns the new policy.
+   *
+   * <p>It is recommended that you use the read-modify-write pattern. This pattern entails reading
+   * the project's current policy, updating it locally, and then sending the modified policy for
+   * writing. Cloud IAM solves the problem of conflicting processes simultaneously attempting to
+   * modify a policy by using the {@link Policy#etag etag} property. This property is used to
+   * verify whether the policy has changed since the last request. When you make a request with an
+   * etag value, the value in the request is compared with the existing etag value associated with
+   * the policy. The policy is written only if the etag values match. If the etags don't match, a
+   * {@code PubSubException} is thrown, denoting that the server aborted update. If an etag is not
+   * provided, the policy is overwritten blindly.
+   *
+   * @throws PubSubException upon failure
+   */
+  Policy replaceSubscriptionPolicy(String subscription, Policy newPolicy);
+
+  /**
+   * Sends a request to set the IAM access control policy for the specified subscription. Replaces
+   * any existing policy. This method returns a {@code Future} object to consume the result.
+   * {@link Future#get()} returns the new policy.
+   *
+   * <p>It is recommended that you use the read-modify-write pattern. This pattern entails reading
+   * the project's current policy, updating it locally, and then sending the modified policy for
+   * writing. Cloud IAM solves the problem of conflicting processes simultaneously attempting to
+   * modify a policy by using the {@link Policy#etag etag} property. This property is used to
+   * verify whether the policy has changed since the last request. When you make a request with an
+   * etag value, the value in the request is compared with the existing etag value associated with
+   * the policy. The policy is written only if the etag values match. If the etags don't match,
+   * {@link Future#get()} will throw a {@link java.util.concurrent.ExecutionException} caused by a
+   * {@code PubSubException}, denoting that the server aborted update. If an etag is not provided,
+   * the policy is overwritten blindly.
+   *
+   * @throws PubSubException upon failure
+   */
+  Future<Policy> replaceSubscriptionPolicyAsync(String subscription, Policy newPolicy);
+
+  /**
+   * Returns the permissions that a caller has on the specified subscription. You typically don't
+   * call this method if you're using Google Cloud Platform directly to manage permissions. This
+   * method is intended for integration with your proprietary software, such as a customized
+   * graphical user interface. For example, the Cloud Platform Console tests IAM permissions
+   * internally to determine which UI should be available to the logged-in user.
+   *
+   * @return A list of booleans representing whether the caller has the permissions specified (in
+   *     the order of the given permissions)
+   * @throws PubSubException upon failure
+   * @see <a href="https://cloud.google.com/pubsub/docs/access_control#permissions">
+   *     Permissions and Roles</a>
+   */
+  List<Boolean> testSubscriptionPermissions(String subscription, List<String> permissions);
+
+  /**
+   * Sends a request to get the permissions that a caller has on the specified subscription.
+   *
+   * <p>You typically don't call this method if you're using Google Cloud Platform directly to
+   * manage permissions. This method is intended for integration with your proprietary software,
+   * such as a customized graphical user interface. For example, the Cloud Platform Console tests
+   * IAM permissions internally to determine which UI should be available to the logged-in user.
+   *
+   * @return A {@code Future} object to consume the result. {@link Future#get()} returns a list of
+   *     booleans representing whether the caller has the permissions specified (in the order of the
+   *     given permissions)
+   * @throws PubSubException upon failure
+   * @see <a href="https://cloud.google.com/pubsub/docs/access_control#permissions">
+   *     Permissions and Roles</a>
+   */
+  Future<List<Boolean>> testSubscriptionPermissionsAsync(String subscription,
+      List<String> permissions);
 }
@@ -20,13 +20,15 @@
 import static com.google.cloud.pubsub.PubSub.ListOption.OptionType.PAGE_TOKEN;
 import static com.google.cloud.pubsub.PubSub.PullOption.OptionType.EXECUTOR_FACTORY;
 import static com.google.cloud.pubsub.PubSub.PullOption.OptionType.MAX_QUEUED_CALLBACKS;
+import static com.google.common.base.MoreObjects.firstNonNull;
 import static com.google.common.base.Preconditions.checkArgument;
 
 import com.google.cloud.AsyncPage;
 import com.google.cloud.AsyncPageImpl;
 import com.google.cloud.BaseService;
 import com.google.cloud.Page;
 import com.google.cloud.PageImpl;
+import com.google.cloud.Policy;
 import com.google.cloud.pubsub.spi.PubSubRpc;
 import com.google.cloud.pubsub.spi.PubSubRpc.PullFuture;
 import com.google.cloud.pubsub.spi.v1.PublisherApi;
@@ -35,13 +37,17 @@
 import com.google.common.base.Function;
 import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Iterators;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.Uninterruptibles;
+import com.google.iam.v1.SetIamPolicyRequest;
+import com.google.iam.v1.TestIamPermissionsRequest;
+import com.google.iam.v1.TestIamPermissionsResponse;
 import com.google.protobuf.Empty;
 import com.google.pubsub.v1.AcknowledgeRequest;
 import com.google.pubsub.v1.DeleteSubscriptionRequest;
@@ -65,6 +71,7 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
@@ -95,6 +102,13 @@ public String apply(com.google.pubsub.v1.ReceivedMessage message) {
           return message.getAckId();
         }
       };
+  private static final Function<com.google.iam.v1.Policy, Policy> POLICY_TO_PB_FUNCTION =
+      new Function<com.google.iam.v1.Policy, Policy>() {
+        @Override
+        public Policy apply(com.google.iam.v1.Policy policyPb) {
+          return policyPb == null ? null : PolicyMarshaller.INSTANCE.fromPb(policyPb);
+        }
+      };
 
   PubSubImpl(PubSubOptions options) {
     super(options);
@@ -601,6 +615,102 @@ public Future<Void> modifyAckDeadlineAsync(String subscription, int deadline, Ti
     return transform(rpc.modify(request), EMPTY_TO_VOID_FUNCTION);
   }
 
+  @Override
+  public Policy getTopicPolicy(String topic) {
+    return get(getTopicPolicyAsync(topic));
+  }
+
+  @Override
+  public Future<Policy> getTopicPolicyAsync(String topic) {
+    return transform(rpc.getIamPolicy(PublisherApi.formatTopicName(options().projectId(), topic)),
+        POLICY_TO_PB_FUNCTION);
+  }
+
+  @Override
+  public Policy replaceTopicPolicy(String topic, Policy newPolicy) {
+    return get(replaceTopicPolicyAsync(topic, newPolicy));
+  }
+
+  @Override
+  public Future<Policy> replaceTopicPolicyAsync(String topic, Policy newPolicy) {
+    SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder()
+        .setPolicy(PolicyMarshaller.INSTANCE.toPb(newPolicy))
+        .setResource(PublisherApi.formatTopicName(options().projectId(), topic))
+        .build();
+    return transform(rpc.setIamPolicy(request), POLICY_TO_PB_FUNCTION);
+  }
+
+  @Override
+  public List<Boolean> testTopicPermissions(String topic, final List<String> permissions) {
+    return get(testTopicPermissionsAsync(topic, permissions));
+  }
+
+  @Override
+  public Future<List<Boolean>> testTopicPermissionsAsync(String topic, List<String> permissions) {
+    TestIamPermissionsRequest request = TestIamPermissionsRequest.newBuilder()
+        .setResource(PublisherApi.formatTopicName(options().projectId(), topic))
+        .addAllPermissions(permissions)
+        .build();
+    return transform(rpc.testIamPermissions(request), permissionsFromPbFunction(permissions));
+  }
+
+  @Override
+  public Policy getSubscriptionPolicy(String subscription) {
+    return get(getSubscriptionPolicyAsync(subscription));
+  }
+
+  @Override
+  public Future<Policy> getSubscriptionPolicyAsync(String subscription) {
+    return transform(
+        rpc.getIamPolicy(SubscriberApi.formatSubscriptionName(options().projectId(), subscription)),
+        POLICY_TO_PB_FUNCTION);
+  }
+
+  @Override
+  public Policy replaceSubscriptionPolicy(String subscription, Policy newPolicy) {
+    return get(replaceSubscriptionPolicyAsync(subscription, newPolicy));
+  }
+
+  @Override
+  public Future<Policy> replaceSubscriptionPolicyAsync(String subscription, Policy newPolicy) {
+    SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder()
+        .setPolicy(PolicyMarshaller.INSTANCE.toPb(newPolicy))
+        .setResource(SubscriberApi.formatSubscriptionName(options().projectId(), subscription))
+        .build();
+    return transform(rpc.setIamPolicy(request), POLICY_TO_PB_FUNCTION);
+  }
+
+  @Override
+  public List<Boolean> testSubscriptionPermissions(String subscription, List<String> permissions) {
+    return get(testSubscriptionPermissionsAsync(subscription, permissions));
+  }
+
+  @Override
+  public Future<List<Boolean>> testSubscriptionPermissionsAsync(String subscription,
+      List<String> permissions) {
+    TestIamPermissionsRequest request = TestIamPermissionsRequest.newBuilder()
+        .setResource(SubscriberApi.formatSubscriptionName(options().projectId(), subscription))
+        .addAllPermissions(permissions)
+        .build();
+    return transform(rpc.testIamPermissions(request), permissionsFromPbFunction(permissions));
+  }
+
+  private static Function<TestIamPermissionsResponse, List<Boolean>> permissionsFromPbFunction(
+      final List<String> permissions) {
+    return new Function<TestIamPermissionsResponse, List<Boolean>>() {
+      @Override
+      public List<Boolean> apply(TestIamPermissionsResponse response) {
+        Set<String> permissionsOwned = ImmutableSet.copyOf(
+            firstNonNull(response.getPermissionsList(), ImmutableList.<String>of()));
+        ImmutableList.Builder<Boolean> answer = ImmutableList.builder();
+        for (String permission : permissions) {
+          answer.add(permissionsOwned.contains(permission));
+        }
+        return answer.build();
+      }
+    };
+  }
+
   static <T extends Option.OptionType> Map<Option.OptionType, ?> optionMap(Option... options) {
     Map<Option.OptionType, Object> optionMap = Maps.newHashMap();
     for (Option option : options) {