[Storage] Bucket-level IAM Samples#2008
Conversation
googlebot
added
the
cla: yes
frankyn
added
api: storage
|
Changes Unknown when pulling 6ec2d3c on frankyn:storage-iam-snippets into ** on GoogleCloudPlatform:master**. |
| /** | ||
| * Example of listing the Bucket-Level IAM Roles and Members | ||
| */ | ||
|
|
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| Map<Role, Set<Identity>> policyBindings = policy.getBindings(); | ||
| for(Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) { | ||
| System.out.printf("Role: %s", entry.getKey()); | ||
| System.out.printf(" Identities: %s\n", entry.getValue()); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| // Update the bucket IAM Policy | ||
| storage.setIamPolicy(bucketName, updatedPolicy); | ||
|
|
||
| System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| /* | ||
| * EDITING INSTRUCTIONS | ||
| * This file is referenced in Storage's javadoc. Any change to this file should be reflected in | ||
| * Storage's javadoc. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
Thanks @shinfan! I have updated my PR to reflect your comments. PTAL |
|
Changes Unknown when pulling b21740b on frankyn:storage-iam-snippets into ** on GoogleCloudPlatform:master**. |
frankyn
force-pushed
the
storage-iam-snippets
branch
from
b3753a3 to
873b8ff
Compare
|
Changes Unknown when pulling 873b8ff on frankyn:storage-iam-snippets into ** on GoogleCloudPlatform:master**. |
|
Changes Unknown when pulling 8b49ff9 on frankyn:storage-iam-snippets into ** on GoogleCloudPlatform:master**. |
|
@shinfan do I need to wait for Garrett's LGTM as well or can I merge? |
|
@garrettjonesgoogle Do you wanna take another look? |
|
Adding @lesv for final review |
lesv
left a comment
lesv
left a comment
There was a problem hiding this comment.
The snippets are good, but you might wish to return updatedPolicy for the last two.
You might run into propagation issues with this, so your tests should be a bit less brittle.
| System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName); | ||
| } | ||
| // [END add_bucket_iam_member] | ||
| } |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| System.out.printf("Removed %s with role %s from %s\n", identity, role, bucketName); | ||
| } | ||
| // [END remove_bucket_iam_member] | ||
| } |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| @Test | ||
| public void testAddBucketIamMemeber() { | ||
| // Test a member is added to Bucket-level IAM | ||
| Policy policy = storage.getIamPolicy(BUCKET); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
|
||
| @Test | ||
| public void testRemoveBucketIamMember() { | ||
| // Test a member is removed from Bucket-level IAM |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| @Test | ||
| public void testListBucketIamMembers() { | ||
| // Test an added Bucket-level IAM member is listed | ||
| Policy policy = storage.getIamPolicy(BUCKET); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| assertNull(policy.getBindings().get(StorageRoles.admin())); | ||
| storage.setIamPolicy(BUCKET, policy.toBuilder().addIdentity(StorageRoles.admin(), | ||
| Identity.user(USER_EMAIL)).build()); | ||
| policy = storage.getIamPolicy(BUCKET); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
Changes Unknown when pulling 00555f3 on frankyn:storage-iam-snippets into ** on GoogleCloudPlatform:master**. |
|
Thanks @lesv, I have applied changes. PTAL |
lesv
left a comment
lesv
left a comment
There was a problem hiding this comment.
Sorry I wasn't thinking expressively yesterday.
What I would do is:
- In your create bucket, I would add several policies, so all of them are done.
- I would test myAddBucketIAM first
- Then I run myRemoveBucketIAMMember final.
- I would test myListBucketIAM.
Use lots of email addresses, not just one. Deal with the fact that you might not see yours.
You have a good chance to see the initial add's (setup) by the time you do your list. (but no guarantee).
The key point is Eventual Consistency -- I think it's a part of everything we deal with.
| Identity.user(USER_EMAIL)).build()); | ||
| assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL))); | ||
| Policy snippetPolicy = bucketIamSnippets.listBucketIamMembers(BUCKET); | ||
| assertTrue(snippetPolicy.getBindings().get(StorageRoles.admin()). |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| Policy policy = storage.getIamPolicy(BUCKET); | ||
| policy = storage.setIamPolicy(BUCKET, | ||
| policy.toBuilder().removeRole(StorageRoles.admin()).build()); | ||
| assertNull(policy.getBindings().get(StorageRoles.admin())); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| assertNull(policy.getBindings().get(StorageRoles.admin())); | ||
| policy = storage.setIamPolicy(BUCKET, policy.toBuilder().addIdentity(StorageRoles.admin(), | ||
| Identity.user(USER_EMAIL)).build()); | ||
| assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL))); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| Policy policy = storage.getIamPolicy(BUCKET); | ||
| policy = storage.setIamPolicy(BUCKET, | ||
| policy.toBuilder().removeRole(StorageRoles.admin()).build()); | ||
| assertNull(policy.getBindings().get(StorageRoles.admin())); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| Policy policy = storage.getIamPolicy(BUCKET); | ||
| policy = storage.setIamPolicy(BUCKET, | ||
| policy.toBuilder().removeRole(StorageRoles.admin()).build()); | ||
| assertNull(policy.getBindings().get(StorageRoles.admin())); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| assertNull(policy.getBindings().get(StorageRoles.admin())); | ||
| policy = storage.setIamPolicy(BUCKET, policy.toBuilder().addIdentity(StorageRoles.admin(), | ||
| Identity.user(USER_EMAIL)).build()); | ||
| assertTrue(policy.getBindings().get(StorageRoles.admin()).contains(Identity.user(USER_EMAIL))); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
I'm going to improve several of the tests by hand, then approve this PR as Frank had something come up and this needs to be published on Monday. |
lesv
left a comment
lesv
left a comment
There was a problem hiding this comment.
I think these might be more brittle than I'd like, but for now, it's working. I'll ask Frank to update later.
🤖 I have created a release *beep* *boop* --- ### Updating meta-information for bleeding-edge SNAPSHOT release. --- This PR was generated with [Release Please](https://togithub.com/googleapis/release-please). See [documentation](https://togithub.com/googleapis/release-please#release-please).
🤖 I have created a release *beep* *boop* --- ### Updating meta-information for bleeding-edge SNAPSHOT release. --- This PR was generated with [Release Please](https://togithub.com/googleapis/release-please). See [documentation](https://togithub.com/googleapis/release-please#release-please).
…e to v3.30.7 (#2008) Co-authored-by: Tom Andersen <[email protected]>
6 participants
Hi Garrett,
PR Summary:
This pull request will add the following samples to google-cloud-examples:
view_bucket_iam_members-- list bucket-level iam roles and their membersadd_bucket_iam_member-- add a bucket-level iam memberremove_bucket_iam_member-- remove a bucket-level iam memberI copied the existing file
BucketSnippets.javato keep consistency, and because ACL and Bucket-level IAM have a conflicting class namecom.google.cloud.storage.Acl.Roleandcom.google.cloud.Role.What additional work do I need to include in this PR to satisfy this line "This file is referenced in Storage's javadoc. Any change to this file should be reflected in Storage's javadoc.".?
Thank you!