@Override public boolean equals(Object obj) { if (obj == this) { return true; } if (!(obj instanceof Policy)) { return false; } Policy other = (Policy) obj; return Objects.equals(bindings, other.getBindings()) && Objects.equals(etag, other.getEtag()) && Objects.equals(version, other.getVersion()); }
/** Example of listing the Bucket-Level IAM Roles and Members */ public Policy listBucketIamMembers(String bucketName) { // [START view_bucket_iam_members] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Print Roles and its identities Map<Role, Set<Identity>> policyBindings = policy.getBindings(); for (Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) { System.out.printf("Role: %s Identities: %s\n", entry.getKey(), entry.getValue()); } // [END view_bucket_iam_members] return policy; }
static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy policy) { List<Bindings> bindings = new ArrayList<>(policy.getBindings().size()); for (Map.Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) { List<String> members = new ArrayList<>(entry.getValue().size()); for (Identity identity : entry.getValue()) { members.add(identity.strValue()); } bindings.add(new Bindings().setMembers(members).setRole(entry.getKey().getValue())); } return new com.google.api.services.storage.model.Policy() .setBindings(bindings) .setEtag(policy.getEtag()); }
/** Example of removing a member from the Bucket-level IAM */ public Policy removeBucketIamMember(String bucketName, Role role, Identity identity) { // [START remove_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Remove an identity from a Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().removeIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role) == null || !updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Removed %s with role %s from %s\n", identity, role, bucketName); } // [END remove_bucket_iam_member] return updatedPolicy; } }
@Override protected com.google.iam.v1.Policy toPb(Policy policy) { com.google.iam.v1.Policy.Builder policyBuilder = com.google.iam.v1.Policy.newBuilder(); List<com.google.iam.v1.Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { com.google.iam.v1.Binding.Builder bindingBuilder = com.google.iam.v1.Binding.newBuilder(); bindingBuilder.setRole(binding.getKey().getValue()); bindingBuilder.addAllMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingBuilder.build()); } policyBuilder.addAllBindings(bindingPbList); if (policy.etag != null) { policyBuilder.setEtag(ByteString.copyFrom(BaseEncoding.base64().decode(policy.etag))); } policyBuilder.setVersion(policy.version); return policyBuilder.build(); } }
/** Example of adding a member to the Bucket-level IAM */ public Policy addBucketIamMember(String bucketName, Role role, Identity identity) { // [START add_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Add identity to Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().addIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName); } // [END add_bucket_iam_member] return updatedPolicy; }
@Override protected com.google.api.services.cloudresourcemanager.model.Policy toPb(Policy policy) { com.google.api.services.cloudresourcemanager.model.Policy policyPb = new com.google.api.services.cloudresourcemanager.model.Policy(); List<Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { Binding bindingPb = new Binding(); bindingPb.setRole(binding.getKey().getValue()); bindingPb.setMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingPb); } policyPb.setBindings(bindingPbList); policyPb.setEtag(policy.getEtag()); policyPb.setVersion(policy.getVersion()); return policyPb; } }
@Test public void testBindings() { assertTrue(Policy.newBuilder().build().getBindings().isEmpty()); assertEquals(BINDINGS, SIMPLE_POLICY.getBindings()); }
@Test public void testGetPolicy() { assertNull(RESOURCE_MANAGER.getPolicy(COMPLETE_PROJECT.getProjectId())); RESOURCE_MANAGER.create(COMPLETE_PROJECT); RESOURCE_MANAGER.replacePolicy(COMPLETE_PROJECT.getProjectId(), POLICY); Policy retrieved = RESOURCE_MANAGER.getPolicy(COMPLETE_PROJECT.getProjectId()); assertEquals(POLICY.getBindings(), retrieved.getBindings()); assertNotNull(retrieved.getEtag()); assertEquals(0, retrieved.getVersion()); }
@Test public void testBuilder() { assertEquals(BINDINGS, SIMPLE_POLICY.getBindings()); assertEquals(null, SIMPLE_POLICY.getEtag()); assertEquals(0, SIMPLE_POLICY.getVersion()); assertEquals(BINDINGS, FULL_POLICY.getBindings()); assertEquals("etag", FULL_POLICY.getEtag()); assertEquals(1, FULL_POLICY.getVersion()); ImmutableMap.<Role, Set<Identity>>builder().put(EDITOR, BINDINGS.get(EDITOR)).build(); Policy policy = FULL_POLICY.toBuilder().setBindings(editorBinding).build(); assertEquals(editorBinding, policy.getBindings()); assertEquals("etag", policy.getEtag()); assertEquals(1, policy.getVersion()); policy = SIMPLE_POLICY.toBuilder().removeRole(EDITOR).build(); assertEquals(ImmutableMap.of(VIEWER, BINDINGS.get(VIEWER)), policy.getBindings()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); assertEquals( ImmutableMap.of(VIEWER, ImmutableSet.of(SERVICE_ACCOUNT, DOMAIN, GROUP)), policy.getBindings()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); .build(); assertEquals( ImmutableMap.of(OWNER, ImmutableSet.of(USER, SERVICE_ACCOUNT)), policy.getBindings()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion());
assertEquals(bindingsWithoutPublicRead, currentPolicy.getBindings()); .build(), bucketOptions); assertEquals(bindingsWithPublicRead, updatedPolicy.getBindings()); Policy revertedPolicy = storage.setIamPolicy( .build(), bucketOptions); assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindings());
@Test public void testToAndFromPb() { assertEquals( FULL_POLICY, PolicyMarshaller.INSTANCE.fromPb(PolicyMarshaller.INSTANCE.toPb(FULL_POLICY))); assertEquals( SIMPLE_POLICY, PolicyMarshaller.INSTANCE.fromPb(PolicyMarshaller.INSTANCE.toPb(SIMPLE_POLICY))); com.google.api.services.cloudresourcemanager.model.Policy policyPb = new com.google.api.services.cloudresourcemanager.model.Policy(); Policy policy = PolicyMarshaller.INSTANCE.fromPb(policyPb); assertTrue(policy.getBindings().isEmpty()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); } }
@Test public void testReplacePolicy() { try { RESOURCE_MANAGER.replacePolicy("nonexistent-project", POLICY); fail("Project doesn't exist."); } catch (ResourceManagerException e) { assertEquals(403, e.getCode()); assertTrue(e.getMessage().endsWith("project was not found.")); } RESOURCE_MANAGER.create(PARTIAL_PROJECT); Policy oldPolicy = RESOURCE_MANAGER.getPolicy(PARTIAL_PROJECT.getProjectId()); RESOURCE_MANAGER.replacePolicy(PARTIAL_PROJECT.getProjectId(), POLICY); try { RESOURCE_MANAGER.replacePolicy(PARTIAL_PROJECT.getProjectId(), oldPolicy); fail("Policy with an invalid etag didn't cause error."); } catch (ResourceManagerException e) { assertEquals(409, e.getCode()); assertTrue(e.getMessage().contains("Policy etag mismatch")); } String originalEtag = RESOURCE_MANAGER.getPolicy(PARTIAL_PROJECT.getProjectId()).getEtag(); Policy newPolicy = RESOURCE_MANAGER.replacePolicy(PARTIAL_PROJECT.getProjectId(), POLICY); assertEquals(POLICY.getBindings(), newPolicy.getBindings()); assertNotNull(newPolicy.getEtag()); assertNotEquals(originalEtag, newPolicy.getEtag()); }
@Test public void testDefaultMarshaller() { DefaultMarshaller marshaller = new DefaultMarshaller(); Policy emptyPolicy = Policy.newBuilder().build(); assertEquals(emptyPolicy, marshaller.fromPb(marshaller.toPb(emptyPolicy))); assertEquals(SIMPLE_POLICY, marshaller.fromPb(marshaller.toPb(SIMPLE_POLICY))); assertEquals(FULL_POLICY, marshaller.fromPb(marshaller.toPb(FULL_POLICY))); com.google.iam.v1.Policy policyPb = com.google.iam.v1.Policy.getDefaultInstance(); Policy policy = marshaller.fromPb(policyPb); assertTrue(policy.getBindings().isEmpty()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); } }
@Override public boolean equals(Object obj) { if (obj == this) { return true; } if (!(obj instanceof Policy)) { return false; } Policy other = (Policy) obj; return Objects.equals(bindings, other.getBindings()) && Objects.equals(etag, other.getEtag()) && Objects.equals(version, other.getVersion()); }
static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy policy) { List<Bindings> bindings = new ArrayList<>(policy.getBindings().size()); for (Map.Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) { List<String> members = new ArrayList<>(entry.getValue().size()); for (Identity identity : entry.getValue()) { members.add(identity.strValue()); } bindings.add(new Bindings().setMembers(members).setRole(entry.getKey().getValue())); } return new com.google.api.services.storage.model.Policy() .setBindings(bindings) .setEtag(policy.getEtag()); }
@Override protected com.google.iam.v1.Policy toPb(Policy policy) { com.google.iam.v1.Policy.Builder policyBuilder = com.google.iam.v1.Policy.newBuilder(); List<com.google.iam.v1.Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { com.google.iam.v1.Binding.Builder bindingBuilder = com.google.iam.v1.Binding.newBuilder(); bindingBuilder.setRole(binding.getKey().getValue()); bindingBuilder.addAllMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingBuilder.build()); } policyBuilder.addAllBindings(bindingPbList); if (policy.etag != null) { policyBuilder.setEtag(ByteString.copyFrom(BaseEncoding.base64().decode(policy.etag))); } policyBuilder.setVersion(policy.version); return policyBuilder.build(); } }