Refine search
@Test public void testBuilder() { assertEquals(BINDINGS, SIMPLE_POLICY.getBindings()); assertEquals(null, SIMPLE_POLICY.getEtag()); assertEquals(0, SIMPLE_POLICY.getVersion()); Map<Role, Set<Identity>> editorBinding = ImmutableMap.<Role, Set<Identity>>builder().put(EDITOR, BINDINGS.get(EDITOR)).build(); Policy policy = FULL_POLICY.toBuilder().setBindings(editorBinding).build(); policy = SIMPLE_POLICY.toBuilder().removeRole(EDITOR).build(); .removeIdentity(VIEWER, USER, ALL_USERS) .addIdentity(VIEWER, DOMAIN, GROUP) .build(); assertEquals( ImmutableMap.of(VIEWER, ImmutableSet.of(SERVICE_ACCOUNT, DOMAIN, GROUP)), .removeIdentity(VIEWER, USER) .addIdentity(OWNER, USER, SERVICE_ACCOUNT) .addIdentity(EDITOR, GROUP) .removeIdentity(EDITOR, GROUP) .build();
@Override protected Policy fromPb(com.google.iam.v1.Policy policyPb) { Map<Role, Set<Identity>> bindings = new HashMap<>(); for (com.google.iam.v1.Binding bindingPb : policyPb.getBindingsList()) { bindings.put( Role.of(bindingPb.getRole()), ImmutableSet.copyOf( Lists.transform( bindingPb.getMembersList(), new Function<String, Identity>() { @Override public Identity apply(String s) { return IDENTITY_VALUE_OF_FUNCTION.apply(s); } }))); } return newBuilder() .setBindings(bindings) .setEtag( policyPb.getEtag().isEmpty() ? null : BaseEncoding.base64().encode(policyPb.getEtag().toByteArray())) .setVersion(policyPb.getVersion()) .build(); }
/** Example of removing a member from the Bucket-level IAM */ public Policy removeBucketIamMember(String bucketName, Role role, Identity identity) { // [START remove_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Remove an identity from a Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().removeIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role) == null || !updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Removed %s with role %s from %s\n", identity, role, bucketName); } // [END remove_bucket_iam_member] return updatedPolicy; } }
@Test public void testBindings() { assertTrue(Policy.newBuilder().build().getBindings().isEmpty()); assertEquals(BINDINGS, SIMPLE_POLICY.getBindings()); }
@Test public void testEqualsHashCode() { assertNotNull(FULL_POLICY); Policy emptyPolicy = Policy.newBuilder().build(); Policy anotherPolicy = Policy.newBuilder().build(); assertEquals(emptyPolicy, anotherPolicy); assertEquals(emptyPolicy.hashCode(), anotherPolicy.hashCode()); assertNotEquals(FULL_POLICY, SIMPLE_POLICY); assertNotEquals(FULL_POLICY.hashCode(), SIMPLE_POLICY.hashCode()); Policy copy = SIMPLE_POLICY.toBuilder().build(); assertEquals(SIMPLE_POLICY, copy); assertEquals(SIMPLE_POLICY.hashCode(), copy.hashCode()); }
.setEtag(POLICY_ETAG2); Policy postCommitLibPolicy = Policy.newBuilder() .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) .addIdentity( StorageRoles.objectAdmin(), Identity.user("test1@gmail.com"), Identity.user("test2@gmail.com")) .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .setEtag(POLICY_ETAG2) .build(); BUCKET_NAME1, currentPolicy .toBuilder() .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .build()); assertEquals(updatedPolicy, postCommitLibPolicy);
public static void main(String... args) { // Create Resource Manager service object // By default, credentials are inferred from the runtime environment. ResourceManager resourceManager = ResourceManagerOptions.getDefaultInstance().getService(); // Get a project from the server String projectId = "some-project-id"; // Use an existing project's ID Project project = resourceManager.get(projectId); // Get the project's policy Policy policy = project.getPolicy(); // Add a viewer Policy.Builder modifiedPolicy = policy.toBuilder(); Identity newViewer = Identity.user("<insert user's email address here>"); modifiedPolicy.addIdentity(Role.viewer(), newViewer); // Write policy Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build()); // Print policy System.out.printf("Updated policy for %s: %n%s%n", projectId, updatedPolicy); } }
@InternalApi("This class should only be extended within google-cloud-java") protected Builder(Policy policy) { setBindings(policy.bindings); setEtag(policy.etag); setVersion(policy.version); }
/** Returns a builder for {@code Policy} objects. */ public static Builder newBuilder() { return new Builder(); } }
/** Returns a builder containing the properties of this IAM Policy. */ public Builder toBuilder() { return new Builder(this); }
/** Returns a builder containing the properties of this IAM Policy. */ public Builder toBuilder() { return new Builder(this); }
@InternalApi("This class should only be extended within google-cloud-java") protected Builder(Policy policy) { setBindings(policy.bindings); setEtag(policy.etag); setVersion(policy.version); }
/** Returns a builder for {@code Policy} objects. */ public static Builder newBuilder() { return new Builder(); } }
/** Example of adding a member to the Bucket-level IAM */ public Policy addBucketIamMember(String bucketName, Role role, Identity identity) { // [START add_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Add identity to Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().addIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName); } // [END add_bucket_iam_member] return updatedPolicy; }
@Test public void testDefaultMarshaller() { DefaultMarshaller marshaller = new DefaultMarshaller(); Policy emptyPolicy = Policy.newBuilder().build(); assertEquals(emptyPolicy, marshaller.fromPb(marshaller.toPb(emptyPolicy))); assertEquals(SIMPLE_POLICY, marshaller.fromPb(marshaller.toPb(SIMPLE_POLICY))); assertEquals(FULL_POLICY, marshaller.fromPb(marshaller.toPb(FULL_POLICY))); com.google.iam.v1.Policy policyPb = com.google.iam.v1.Policy.getDefaultInstance(); Policy policy = marshaller.fromPb(policyPb); assertTrue(policy.getBindings().isEmpty()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); } }
assertEquals(bindingsWithoutPublicRead, currentPolicy.getBindings()); BUCKET, currentPolicy .toBuilder() .addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) .build(), bucketOptions); assertEquals(bindingsWithPublicRead, updatedPolicy.getBindings()); Policy revertedPolicy = storage.setIamPolicy( updatedPolicy .toBuilder() .removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) .build(), bucketOptions); assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindings());
@Test public void testIllegalPolicies() { try { Policy.newBuilder().addIdentity(null, USER); fail("Null role should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().addIdentity(VIEWER, null, USER); fail("Null identity should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().addIdentity(VIEWER, USER, (Identity[]) null); fail("Null identity should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().setBindings(null); fail("Null bindings map should cause exception."); } catch (NullPointerException ex) { Map<Role, Set<Identity>> bindings = new HashMap<>(); bindings.put(VIEWER, null); Policy.newBuilder().setBindings(bindings); fail("Null set of identities should cause exception."); } catch (NullPointerException ex) { identities.add(null); bindings.put(VIEWER, identities); Policy.newBuilder().setBindings(bindings); fail("Null identity should cause exception."); } catch (IllegalArgumentException ex) {
static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) { Policy.Builder policyBuilder = Policy.newBuilder(); for (Bindings binding : apiPolicy.getBindings()) { for (String member : binding.getMembers()) { policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); } } return policyBuilder.setEtag(apiPolicy.getEtag()).build(); }
@Test public void testGetIamPolicy() { // Setup com.google.iam.v1.GetIamPolicyRequest expectedRequest = com.google.iam.v1.GetIamPolicyRequest.newBuilder() .setResource(NameUtil.formatInstanceName(PROJECT_ID, INSTANCE_ID)) .build(); com.google.iam.v1.Policy expectedResponse = com.google.iam.v1.Policy.newBuilder() .addBindings( com.google.iam.v1.Binding.newBuilder() .setRole("roles/bigtable.user") .addMembers("user:someone@example.com")) .setEtag(ByteString.copyFromUtf8("my-etag")) .build(); Mockito.when(mockGetIamPolicyCallable.futureCall(expectedRequest)) .thenReturn(ApiFutures.immediateFuture(expectedResponse)); // Execute Policy actualResult = adminClient.getIamPolicy(INSTANCE_ID); // Verify assertThat(actualResult) .isEqualTo( Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .setEtag(BaseEncoding.base64().encode("my-etag".getBytes())) .build()); }
adminClient.setIamPolicy( INSTANCE_ID, Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .build()); Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .setEtag(BaseEncoding.base64().encode("my-etag".getBytes())) .build());