Merge pull request #2008 from frankyn/storage-iam-snippets

lesv · web-flow · commit f44ac0d1ed31 · 2017-04-28T17:16:18.000-07:00
[Storage] Bucket-level IAM Samples
diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/BucketIamSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/BucketIamSnippets.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2017 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.examples.storage.snippets;
+
+import com.google.cloud.Identity;
+import com.google.cloud.Policy;
+import com.google.cloud.Role;
+import com.google.cloud.storage.Storage;
+import com.google.cloud.storage.StorageOptions;
+
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * This class contains Bucket-level IAM snippets for the {@link Storage} interface.
+ */
+public class BucketIamSnippets {
+
+  /**
+   * Example of listing the Bucket-Level IAM Roles and Members
+   */
+  public Policy listBucketIamMembers(String bucketName) {
+    // [START view_bucket_iam_members]
+    // Initialize a Cloud Storage client
+    Storage storage = StorageOptions.getDefaultInstance().getService();
+
+    // Get IAM Policy for a bucket
+    Policy policy = storage.getIamPolicy(bucketName);
+
+    // Print Roles and its identities
+    Map<Role, Set<Identity>> policyBindings = policy.getBindings();
+    for(Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) {
+        System.out.printf("Role: %s Identities: %s\n", entry.getKey(), entry.getValue());
+    }
+    // [END view_bucket_iam_members]
+    return policy;
+  }
+
+  /**
+   * Example of adding a member to the Bucket-level IAM
+   */
+  public Policy addBucketIamMember(String bucketName, Role role, Identity identity) {
+    // [START add_bucket_iam_member]
+    // Initialize a Cloud Storage client
+    Storage storage = StorageOptions.getDefaultInstance().getService();
+
+    // Get IAM Policy for a bucket
+    Policy policy = storage.getIamPolicy(bucketName);
+
+    // Add identity to Bucket-level IAM role
+    Policy updatedPolicy = storage.setIamPolicy(bucketName,
+        policy.toBuilder().addIdentity(role, identity).build());
+
+    if (updatedPolicy.getBindings().get(role).contains(identity)) {
+      System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName);
+    }
+    // [END add_bucket_iam_member]
+    return updatedPolicy;
+  }
+
+  /**
+   * Example of removing a member from the Bucket-level IAM
+   */
+  public Policy removeBucketIamMember(String bucketName, Role role, Identity identity) {
+    // [START remove_bucket_iam_member]
+    // Initialize a Cloud Storage client
+    Storage storage = StorageOptions.getDefaultInstance().getService();
+
+    // Get IAM Policy for a bucket
+    Policy policy = storage.getIamPolicy(bucketName);
+
+    // Remove an identity from a Bucket-level IAM role
+    Policy updatedPolicy = storage.setIamPolicy(bucketName,
+        policy.toBuilder().removeIdentity(role, identity).build());
+
+    if (updatedPolicy.getBindings().get(role) == null ||
+        !updatedPolicy.getBindings().get(role).contains(identity)) {
+      System.out.printf("Removed %s with role %s from %s\n", identity, role, bucketName);
+    }
+    // [END remove_bucket_iam_member]
+    return updatedPolicy;
+  }
+}
diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITBucketSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITBucketSnippets.java
@@ -21,13 +21,16 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
+import com.google.cloud.Identity;
+import com.google.cloud.Policy;
 import com.google.cloud.storage.Acl;
 import com.google.cloud.storage.Acl.Role;
 import com.google.cloud.storage.Blob;
 import com.google.cloud.storage.Bucket;
 import com.google.cloud.storage.BucketInfo;
 import com.google.cloud.storage.Storage;
 import com.google.cloud.storage.StorageException;
+import com.google.cloud.storage.StorageRoles;
 import com.google.cloud.storage.testing.RemoteStorageHelper;
 import com.google.common.collect.Sets;
 
@@ -49,13 +52,15 @@ public class ITBucketSnippets {
 
   private static final Logger log = Logger.getLogger(ITBucketSnippets.class.getName());
   private static final String BUCKET = RemoteStorageHelper.generateBucketName();
+  private static final String USER_EMAIL = "test@test.com";
   private static final String BLOB1 = "blob1";
   private static final String BLOB2 = "blob2";
   private static final String BLOB3 = "blob3";
   private static final String BLOB4 = "blob4";
 
   private static Storage storage;
   private static BucketSnippets bucketSnippets;
+  private static BucketIamSnippets bucketIamSnippets;
 
   @Rule
   public ExpectedException thrown = ExpectedException.none();
@@ -68,6 +73,7 @@ public static void beforeClass() {
     RemoteStorageHelper helper = RemoteStorageHelper.create();
     storage = helper.getOptions().getService();
     bucketSnippets = new BucketSnippets(storage.create(BucketInfo.of(BUCKET)));
+    bucketIamSnippets = new BucketIamSnippets();
   }
 
   @AfterClass
@@ -133,4 +139,47 @@ public void testBucket() throws InterruptedException {
     thrown.expect(StorageException.class);
     assertTrue(bucketSnippets.delete());
   }
+
+  @Test
+  public void testListBucketIamMembers() {
+    // Test an added Bucket-level IAM member is listed 
+    Policy policy = storage.getIamPolicy(BUCKET);
+    policy = storage.setIamPolicy(BUCKET,
+        policy.toBuilder().removeRole(StorageRoles.admin()).build());
+    assertNull(policy.getBindings().get(StorageRoles.admin()));
+    policy = storage.setIamPolicy(BUCKET, policy.toBuilder().addIdentity(StorageRoles.admin(),
+        Identity.user(USER_EMAIL)).build());
+    assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL)));
+    Policy snippetPolicy = bucketIamSnippets.listBucketIamMembers(BUCKET);
+    assertTrue(snippetPolicy.getBindings().get(StorageRoles.admin()).
+        contains(Identity.user(USER_EMAIL))); 
+  }
+
+  @Test
+  public void testAddBucketIamMemeber() {
+    // Test a member is added to Bucket-level IAM
+    Policy policy = storage.getIamPolicy(BUCKET);
+    policy = storage.setIamPolicy(BUCKET,
+        policy.toBuilder().removeRole(StorageRoles.admin()).build());
+    assertNull(policy.getBindings().get(StorageRoles.admin()));
+    Policy snippetPolicy = bucketIamSnippets.addBucketIamMember(BUCKET, StorageRoles.admin(),
+        Identity.user(USER_EMAIL));
+    assertTrue(snippetPolicy.getBindings().get(StorageRoles.admin()).
+        contains(Identity.user(USER_EMAIL)));
+  }
+
+  @Test
+  public void testRemoveBucketIamMember() {
+    // Test a member is removed from Bucket-level IAM
+    Policy policy = storage.getIamPolicy(BUCKET);
+    policy = storage.setIamPolicy(BUCKET,
+        policy.toBuilder().removeRole(StorageRoles.admin()).build());
+    assertNull(policy.getBindings().get(StorageRoles.admin()));
+    policy = storage.setIamPolicy(BUCKET, policy.toBuilder().addIdentity(StorageRoles.admin(),
+        Identity.user(USER_EMAIL)).build());
+    assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL)));
+    Policy snippetPolicy = bucketIamSnippets.removeBucketIamMember(BUCKET, StorageRoles.admin(),
+        Identity.user(USER_EMAIL));
+    assertNull(snippetPolicy.getBindings().get(StorageRoles.admin()));
+  }
 }
