Example 1 with CreateRoleRequest
use of com.google.api.services.iam.v1.model.CreateRoleRequest in project terra-cloud-resource-lib by DataBiosphere.
the class IamCowTest method createGetListPatchDeleteRoles.
@Test
public void createGetListPatchDeleteRoles() throws Exception {
IamCow iam = defaultIam();
String resourceName = "projects/" + reusableProject.getProjectId();
String roleId = "myCustomRoleId";
Role createdRole = iam.projects().roles().create(resourceName, new CreateRoleRequest().setRole(roleWithSinglePermission()).setRoleId(roleId)).execute();
// Retry 6 times to make sure get after create works.
List<Role> listResult = null;
for (int retryNum = 0; retryNum < 6; retryNum++) {
listResult = iam.projects().roles().list(resourceName).execute().getRoles();
if (listResult != null) {
break;
}
Thread.sleep(3000);
}
Role retrievedResult = iam.projects().roles().get(createdRole.getName()).execute();
assertThat(retrievedResult, Matchers.equalTo(createdRole));
// By default, enumerate does not include the list of included permissions.
Role basicEnumerateResult = new Role().setEtag(createdRole.getEtag()).setName(createdRole.getName());
assertThat(listResult, Matchers.contains(basicEnumerateResult));
// Alternatively, we can fetch the full view.
List<Role> fullListResult = iam.projects().roles().list(resourceName).setView("FULL").execute().getRoles();
assertThat(fullListResult, Matchers.contains(createdRole));
Role patchRole = new Role().setIncludedPermissions(Collections.singletonList("iam.roles.delete"));
Role modifiedRole = iam.projects().roles().patch(createdRole.getName(), patchRole).execute();
// Sleep for 3s to make get after patch works.
Thread.sleep(3000);
retrievedResult = iam.projects().roles().get(modifiedRole.getName()).execute();
assertThat(retrievedResult, Matchers.equalTo(modifiedRole));
iam.projects().roles().delete(modifiedRole.getName()).execute();
// Sleep for 3s to make get after delete works.
Thread.sleep(3000);
// Note that roles take 7 days to truly delete, but will be marked as "deleted" sooner.
assertTrue(iam.projects().roles().get(modifiedRole.getName()).execute().getDeleted());
}
Also used :
Role(com.google.api.services.iam.v1.model.Role)
CreateRoleRequest(com.google.api.services.iam.v1.model.CreateRoleRequest)
Test(org.junit.jupiter.api.Test)
Example 2 with CreateRoleRequest
use of com.google.api.services.iam.v1.model.CreateRoleRequest in project terra-cloud-resource-lib by DataBiosphere.
the class IamCowTest method createRoleSerialize.
@Test
public void createRoleSerialize() throws Exception {
IamCow.Projects.Roles.Create create = defaultIam().projects().roles().create("projects/my-project", new CreateRoleRequest().setRoleId("roleId").setRole(roleWithSinglePermission()));
assertEquals("{\"parent\":\"projects/my-project\",\"content\":{\"role\":{\"includedPermissions\":[\"iam.roles.create\"]},\"roleId\":\"roleId\"}}", create.serialize().toString());
}
Also used :
CreateRoleRequest(com.google.api.services.iam.v1.model.CreateRoleRequest)
Test(org.junit.jupiter.api.Test)
Example 3 with CreateRoleRequest
use of com.google.api.services.iam.v1.model.CreateRoleRequest in project terra-workspace-manager by DataBiosphere.
the class CreateCustomGcpRolesStep method createCustomRole.
/**
* Utility for creating custom roles in GCP from WSM's CustomGcpIamRole objects. These roles will
* be defined at the project level in the specified by projectId.
*/
private void createCustomRole(CustomGcpIamRole customRole, String projectId) throws RetryException {
try {
Role gcpRole = new Role().setIncludedPermissions(customRole.getIncludedPermissions()).setTitle(customRole.getRoleName());
CreateRoleRequest request = new CreateRoleRequest().setRole(gcpRole).setRoleId(customRole.getRoleName());
logger.debug("Creating role {} with permissions {} in project {}", customRole.getRoleName(), customRole.getIncludedPermissions(), projectId);
iamCow.projects().roles().create("projects/" + projectId, request).execute();
} catch (GoogleJsonResponseException googleEx) {
// of role names must be due to duplicate step execution.
if (googleEx.getStatusCode() != HttpStatus.CONFLICT.value()) {
throw new RetryException(googleEx);
}
} catch (IOException e) {
// Retry on IO exceptions thrown by CRL.
throw new RetryException(e);
}
}
Also used :
CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole)
Role(com.google.api.services.iam.v1.model.Role)
GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException)
CreateRoleRequest(com.google.api.services.iam.v1.model.CreateRoleRequest)
IOException(java.io.IOException)
RetryException(bio.terra.stairway.exception.RetryException)
Aggregations
CreateRoleRequest (com.google.api.services.iam.v1.model.CreateRoleRequest)3
Role (com.google.api.services.iam.v1.model.Role)2
Test (org.junit.jupiter.api.Test)2
RetryException (bio.terra.stairway.exception.RetryException)1
CustomGcpIamRole (bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole)1
GoogleJsonResponseException (com.google.api.client.googleapis.json.GoogleJsonResponseException)1
IOException (java.io.IOException)1
