Search in sources :

Example 1 with Binding

use of org.apache.tapestry5.Binding in project java-functions by googleapis.

the class CloudFunctionsServiceClientTest method setIamPolicyTest.

@Test
public void setIamPolicyTest() throws Exception {
    Policy expectedResponse = Policy.newBuilder().setVersion(351608024).addAllBindings(new ArrayList<Binding>()).setEtag(ByteString.EMPTY).build();
    mockCloudFunctionsService.addResponse(expectedResponse);
    SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder().setResource(CloudFunctionName.of("[PROJECT]", "[LOCATION]", "[FUNCTION]").toString()).setPolicy(Policy.newBuilder().build()).build();
    Policy actualResponse = client.setIamPolicy(request);
    Assert.assertEquals(expectedResponse, actualResponse);
    List<AbstractMessage> actualRequests = mockCloudFunctionsService.getRequests();
    Assert.assertEquals(1, actualRequests.size());
    SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0));
    Assert.assertEquals(request.getResource(), actualRequest.getResource());
    Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy());
    Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used : Policy(com.google.iam.v1.Policy) Binding(com.google.iam.v1.Binding) AbstractMessage(com.google.protobuf.AbstractMessage) SetIamPolicyRequest(com.google.iam.v1.SetIamPolicyRequest) Test(org.junit.Test)

Example 2 with Binding

use of org.apache.tapestry5.Binding in project java-functions by googleapis.

the class CloudFunctionsServiceClientTest method getIamPolicyTest.

@Test
public void getIamPolicyTest() throws Exception {
    Policy expectedResponse = Policy.newBuilder().setVersion(351608024).addAllBindings(new ArrayList<Binding>()).setEtag(ByteString.EMPTY).build();
    mockCloudFunctionsService.addResponse(expectedResponse);
    GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(CloudFunctionName.of("[PROJECT]", "[LOCATION]", "[FUNCTION]").toString()).setOptions(GetPolicyOptions.newBuilder().build()).build();
    Policy actualResponse = client.getIamPolicy(request);
    Assert.assertEquals(expectedResponse, actualResponse);
    List<AbstractMessage> actualRequests = mockCloudFunctionsService.getRequests();
    Assert.assertEquals(1, actualRequests.size());
    GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0));
    Assert.assertEquals(request.getResource(), actualRequest.getResource());
    Assert.assertEquals(request.getOptions(), actualRequest.getOptions());
    Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used : Policy(com.google.iam.v1.Policy) Binding(com.google.iam.v1.Binding) AbstractMessage(com.google.protobuf.AbstractMessage) GetIamPolicyRequest(com.google.iam.v1.GetIamPolicyRequest) Test(org.junit.Test)

Example 3 with Binding

use of org.apache.tapestry5.Binding in project java-storage by googleapis.

the class ITStorageTest method ensureKmsKeyRingIamPermissionsForTests.

private static void ensureKmsKeyRingIamPermissionsForTests(IAMPolicyGrpc.IAMPolicyBlockingStub iamStub, String projectId, String location, String keyRingName) throws StatusRuntimeException {
    ServiceAccount serviceAccount = storage.getServiceAccount(projectId);
    String kmsKeyRingResourcePath = KeyRingName.of(projectId, location, keyRingName).toString();
    Binding binding = Binding.newBuilder().setRole("roles/cloudkms.cryptoKeyEncrypterDecrypter").addMembers("serviceAccount:" + serviceAccount.getEmail()).build();
    com.google.iam.v1.Policy policy = com.google.iam.v1.Policy.newBuilder().addBindings(binding).build();
    SetIamPolicyRequest setIamPolicyRequest = SetIamPolicyRequest.newBuilder().setResource(kmsKeyRingResourcePath).setPolicy(policy).build();
    requestParamsHeader.put(requestParamsKey, "parent=" + kmsKeyRingResourcePath);
    iamStub = MetadataUtils.attachHeaders(iamStub, requestParamsHeader);
    try {
        iamStub.setIamPolicy(setIamPolicyRequest);
    } catch (StatusRuntimeException e) {
        if (log.isLoggable(Level.WARNING)) {
            log.log(Level.WARNING, "Unable to set IAM policy: {0}", e.getMessage());
        }
    }
}
Also used : Binding(com.google.iam.v1.Binding) ServiceAccount(com.google.cloud.storage.ServiceAccount) SetIamPolicyRequest(com.google.iam.v1.SetIamPolicyRequest) StatusRuntimeException(io.grpc.StatusRuntimeException)

Example 4 with Binding

use of org.apache.tapestry5.Binding in project java-storage by googleapis.

the class ITStorageTest method testBucketPolicyV3.

@Test
public void testBucketPolicyV3() {
    // Enable Uniform Bucket-Level Access
    storage.update(BucketInfo.newBuilder(BUCKET).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build());
    String projectId = remoteStorageHelper.getOptions().getProjectId();
    Storage.BucketSourceOption[] bucketOptions = new Storage.BucketSourceOption[] { Storage.BucketSourceOption.requestedPolicyVersion(3) };
    Identity projectOwner = Identity.projectOwner(projectId);
    Identity projectEditor = Identity.projectEditor(projectId);
    Identity projectViewer = Identity.projectViewer(projectId);
    List<com.google.cloud.Binding> bindingsWithoutPublicRead = ImmutableList.of(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build());
    List<com.google.cloud.Binding> bindingsWithPublicRead = ImmutableList.of(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).setMembers(ImmutableList.of("allUsers")).build());
    List<com.google.cloud.Binding> bindingsWithConditionalPolicy = ImmutableList.of(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).setMembers(ImmutableList.of("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com")).setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()).build());
    // Validate getting policy.
    Policy currentPolicy = storage.getIamPolicy(BUCKET, bucketOptions);
    assertEquals(bindingsWithoutPublicRead, currentPolicy.getBindingsList());
    // Validate updating policy.
    List<com.google.cloud.Binding> currentBindings = new ArrayList(currentPolicy.getBindingsList());
    currentBindings.add(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().getValue()).addMembers(Identity.allUsers().strValue()).build());
    Policy updatedPolicy = storage.setIamPolicy(BUCKET, currentPolicy.toBuilder().setBindings(currentBindings).build(), bucketOptions);
    assertTrue(bindingsWithPublicRead.size() == updatedPolicy.getBindingsList().size() && bindingsWithPublicRead.containsAll(updatedPolicy.getBindingsList()));
    // Remove a member
    List<com.google.cloud.Binding> updatedBindings = new ArrayList(updatedPolicy.getBindingsList());
    for (int i = 0; i < updatedBindings.size(); i++) {
        com.google.cloud.Binding binding = updatedBindings.get(i);
        if (binding.getRole().equals(StorageRoles.legacyObjectReader().toString())) {
            List<String> members = new ArrayList(binding.getMembers());
            members.remove(Identity.allUsers().strValue());
            updatedBindings.set(i, binding.toBuilder().setMembers(members).build());
            break;
        }
    }
    Policy revertedPolicy = storage.setIamPolicy(BUCKET, updatedPolicy.toBuilder().setBindings(updatedBindings).build(), bucketOptions);
    assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindingsList());
    assertTrue(bindingsWithoutPublicRead.size() == revertedPolicy.getBindingsList().size() && bindingsWithoutPublicRead.containsAll(revertedPolicy.getBindingsList()));
    // Add Conditional Policy
    List<com.google.cloud.Binding> conditionalBindings = new ArrayList(revertedPolicy.getBindingsList());
    conditionalBindings.add(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).addMembers("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com").setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()).build());
    Policy conditionalPolicy = storage.setIamPolicy(BUCKET, revertedPolicy.toBuilder().setBindings(conditionalBindings).setVersion(3).build(), bucketOptions);
    assertTrue(bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() && bindingsWithConditionalPolicy.containsAll(conditionalPolicy.getBindingsList()));
    // Remove Conditional Policy
    conditionalPolicy = storage.setIamPolicy(BUCKET, conditionalPolicy.toBuilder().setBindings(updatedBindings).setVersion(3).build(), bucketOptions);
    // Validate testing permissions.
    List<Boolean> expectedPermissions = ImmutableList.of(true, true);
    assertEquals(expectedPermissions, storage.testIamPermissions(BUCKET, ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), bucketOptions));
    // Disable Uniform Bucket-Level Access
    storage.update(BucketInfo.newBuilder(BUCKET).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build()).build());
}
Also used : Binding(com.google.iam.v1.Binding) Policy(com.google.cloud.Policy) ArrayList(java.util.ArrayList) Identity(com.google.cloud.Identity) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Test(org.junit.Test)

Example 5 with Binding

use of org.apache.tapestry5.Binding in project java-storage by googleapis.

the class StorageClientTest method getIamPolicyTest2.

@Test
public void getIamPolicyTest2() throws Exception {
    Policy expectedResponse = Policy.newBuilder().setVersion(351608024).addAllBindings(new ArrayList<Binding>()).setEtag(ByteString.EMPTY).build();
    mockStorage.addResponse(expectedResponse);
    String resource = "resource-341064690";
    Policy actualResponse = client.getIamPolicy(resource);
    Assert.assertEquals(expectedResponse, actualResponse);
    List<AbstractMessage> actualRequests = mockStorage.getRequests();
    Assert.assertEquals(1, actualRequests.size());
    GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0));
    Assert.assertEquals(resource, actualRequest.getResource());
    Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used : Policy(com.google.iam.v1.Policy) Binding(com.google.iam.v1.Binding) AbstractMessage(com.google.protobuf.AbstractMessage) ByteString(com.google.protobuf.ByteString) GetIamPolicyRequest(com.google.iam.v1.GetIamPolicyRequest) Test(org.junit.Test)

Aggregations

Binding (com.google.iam.v1.Binding)71 Policy (com.google.iam.v1.Policy)68 Test (org.junit.Test)51 AbstractMessage (com.google.protobuf.AbstractMessage)47 Test (org.testng.annotations.Test)38 Binding (org.apache.tapestry5.Binding)34 ComponentResources (org.apache.tapestry5.ComponentResources)33 SetIamPolicyRequest (com.google.iam.v1.SetIamPolicyRequest)30 Location (org.apache.tapestry5.commons.Location)30 GetIamPolicyRequest (com.google.iam.v1.GetIamPolicyRequest)26 ResourceName (com.google.api.resourcenames.ResourceName)20 ByteString (com.google.protobuf.ByteString)20 TapestryException (org.apache.tapestry5.commons.internal.util.TapestryException)12 InternalComponentResources (org.apache.tapestry5.internal.InternalComponentResources)10 BindingFactory (org.apache.tapestry5.services.BindingFactory)10 Component (org.apache.tapestry5.runtime.Component)8 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)6 KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)6 InternalPropBinding (org.apache.tapestry5.internal.bindings.InternalPropBinding)6 Binding (org.kie.workbench.common.dmn.api.definition.v1_1.Binding)6