Search in sources :

Example 1 with CreateRoleRequest

use of com.google.api.services.iam.v1.model.CreateRoleRequest in project terra-cloud-resource-lib by DataBiosphere.

the class IamCowTest method createGetListPatchDeleteRoles.

@Test
public void createGetListPatchDeleteRoles() throws Exception {
    IamCow iam = defaultIam();
    String resourceName = "projects/" + reusableProject.getProjectId();
    String roleId = "myCustomRoleId";
    Role createdRole = iam.projects().roles().create(resourceName, new CreateRoleRequest().setRole(roleWithSinglePermission()).setRoleId(roleId)).execute();
    // Retry 6 times to make sure get after create works.
    List<Role> listResult = null;
    for (int retryNum = 0; retryNum < 6; retryNum++) {
        listResult = iam.projects().roles().list(resourceName).execute().getRoles();
        if (listResult != null) {
            break;
        }
        Thread.sleep(3000);
    }
    Role retrievedResult = iam.projects().roles().get(createdRole.getName()).execute();
    assertThat(retrievedResult, Matchers.equalTo(createdRole));
    // By default, enumerate does not include the list of included permissions.
    Role basicEnumerateResult = new Role().setEtag(createdRole.getEtag()).setName(createdRole.getName());
    assertThat(listResult, Matchers.contains(basicEnumerateResult));
    // Alternatively, we can fetch the full view.
    List<Role> fullListResult = iam.projects().roles().list(resourceName).setView("FULL").execute().getRoles();
    assertThat(fullListResult, Matchers.contains(createdRole));
    Role patchRole = new Role().setIncludedPermissions(Collections.singletonList("iam.roles.delete"));
    Role modifiedRole = iam.projects().roles().patch(createdRole.getName(), patchRole).execute();
    // Sleep for 3s to make get after patch works.
    Thread.sleep(3000);
    retrievedResult = iam.projects().roles().get(modifiedRole.getName()).execute();
    assertThat(retrievedResult, Matchers.equalTo(modifiedRole));
    iam.projects().roles().delete(modifiedRole.getName()).execute();
    // Sleep for 3s to make get after delete works.
    Thread.sleep(3000);
    // Note that roles take 7 days to truly delete, but will be marked as "deleted" sooner.
    assertTrue(iam.projects().roles().get(modifiedRole.getName()).execute().getDeleted());
}
Also used : Role(com.google.api.services.iam.v1.model.Role) CreateRoleRequest(com.google.api.services.iam.v1.model.CreateRoleRequest) Test(org.junit.jupiter.api.Test)

Example 2 with CreateRoleRequest

use of com.google.api.services.iam.v1.model.CreateRoleRequest in project terra-cloud-resource-lib by DataBiosphere.

the class IamCowTest method createRoleSerialize.

@Test
public void createRoleSerialize() throws Exception {
    IamCow.Projects.Roles.Create create = defaultIam().projects().roles().create("projects/my-project", new CreateRoleRequest().setRoleId("roleId").setRole(roleWithSinglePermission()));
    assertEquals("{\"parent\":\"projects/my-project\",\"content\":{\"role\":{\"includedPermissions\":[\"iam.roles.create\"]},\"roleId\":\"roleId\"}}", create.serialize().toString());
}
Also used : CreateRoleRequest(com.google.api.services.iam.v1.model.CreateRoleRequest) Test(org.junit.jupiter.api.Test)

Example 3 with CreateRoleRequest

use of com.google.api.services.iam.v1.model.CreateRoleRequest in project terra-workspace-manager by DataBiosphere.

the class CreateCustomGcpRolesStep method createCustomRole.

/**
 * Utility for creating custom roles in GCP from WSM's CustomGcpIamRole objects. These roles will
 * be defined at the project level in the specified by projectId.
 */
private void createCustomRole(CustomGcpIamRole customRole, String projectId) throws RetryException {
    try {
        Role gcpRole = new Role().setIncludedPermissions(customRole.getIncludedPermissions()).setTitle(customRole.getRoleName());
        CreateRoleRequest request = new CreateRoleRequest().setRole(gcpRole).setRoleId(customRole.getRoleName());
        logger.debug("Creating role {} with permissions {} in project {}", customRole.getRoleName(), customRole.getIncludedPermissions(), projectId);
        iamCow.projects().roles().create("projects/" + projectId, request).execute();
    } catch (GoogleJsonResponseException googleEx) {
        // of role names must be due to duplicate step execution.
        if (googleEx.getStatusCode() != HttpStatus.CONFLICT.value()) {
            throw new RetryException(googleEx);
        }
    } catch (IOException e) {
        // Retry on IO exceptions thrown by CRL.
        throw new RetryException(e);
    }
}
Also used : CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole) Role(com.google.api.services.iam.v1.model.Role) GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException) CreateRoleRequest(com.google.api.services.iam.v1.model.CreateRoleRequest) IOException(java.io.IOException) RetryException(bio.terra.stairway.exception.RetryException)

Aggregations

CreateRoleRequest (com.google.api.services.iam.v1.model.CreateRoleRequest)3 Role (com.google.api.services.iam.v1.model.Role)2 Test (org.junit.jupiter.api.Test)2 RetryException (bio.terra.stairway.exception.RetryException)1 CustomGcpIamRole (bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole)1 GoogleJsonResponseException (com.google.api.client.googleapis.json.GoogleJsonResponseException)1 IOException (java.io.IOException)1