/** * Grants the following permissions: * * <ul> * <li>storage.objects.* * </ul> */ public static Role objectAdmin() { return Role.of("roles/storage.objectAdmin"); }
/** * Returns the editor role. Encapsulates all viewer's permissions and permissions for actions that * modify the state of a resource. * * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a> */ public static Role editor() { return of("editor"); }
/** * Returns the owner role. Encapsulates all editor's permissions and permissions to manage access * control for a resource or manage the billing options for a project. * * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a> */ public static Role owner() { return of("owner"); }
/** * Grants the following permissions: * * <ul> * <li>storage.objects.create * </ul> */ public static Role objectCreator() { return Role.of("roles/storage.objectCreator"); }
/** * Grants the following permissions: * * <ul> * <li>storage.buckets.get * <li>storage.objects.list * </ul> */ public static Role legacyBucketReader() { return Role.of("roles/storage.legacyBucketReader"); }
/** * Returns the viewer role. Encapsulates the permission for read-only actions that preserve state * of a resource. * * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a> */ public static Role viewer() { return of("viewer"); }
/** * Grants the following permissions: * * <ul> * <li>storage.objects.get * </ul> */ public static Role legacyObjectReader() { return Role.of("roles/storage.legacyObjectReader"); }
/** * Grants the following permissions: * * <ul> * <li>storage.buckets.* * <li>storage.objects.* * </ul> */ public static Role admin() { return Role.of("roles/storage.admin"); }
/** * Grants the following permissions: * * <ul> * <li>storage.objects.list * <li>storage.objects.get * </ul> */ public static Role objectViewer() { return Role.of("roles/storage.objectViewer"); }
/** * Grants the following permissions: * * <ul> * <li>storage.buckets.get * <li>storage.objects.list * <li>storage.objects.create * <li>storage.objects.delete * </ul> */ public static Role legacyBucketWriter() { return Role.of("roles/storage.legacyBucketWriter"); }
/** * Grants the following permissions: * * <ul> * <li>storage.objects.get * <li>storage.objects.update * <li>storage.objects.getIamPolicy * <li>storage.objects.setIamPolicy * </ul> */ public static Role legacyObjectOwner() { return Role.of("roles/storage.legacyObjectOwner"); }
/** * Grants the following permissions: * * <ul> * <li>storage.buckets.get * <li>storage.buckets.update * <li>storage.buckets.setIamPolicy * <li>storage.buckets.getIamPolicy * <li>storage.objects.list * <li>storage.objects.create * <li>storage.objects.delete * </ul> */ public static Role legacyBucketOwner() { return Role.of("roles/storage.legacyBucketOwner"); }
@Test(expected = NullPointerException.class) public void testOfNullValue() { Role.of(null); }
@Override protected Policy fromPb(com.google.iam.v1.Policy policyPb) { Map<Role, Set<Identity>> bindings = new HashMap<>(); for (com.google.iam.v1.Binding bindingPb : policyPb.getBindingsList()) { bindings.put( Role.of(bindingPb.getRole()), ImmutableSet.copyOf( Lists.transform( bindingPb.getMembersList(), new Function<String, Identity>() { @Override public Identity apply(String s) { return IDENTITY_VALUE_OF_FUNCTION.apply(s); } }))); } return newBuilder() .setBindings(bindings) .setEtag( policyPb.getEtag().isEmpty() ? null : BaseEncoding.base64().encode(policyPb.getEtag().toByteArray())) .setVersion(policyPb.getVersion()) .build(); }
@Override protected Policy fromPb(com.google.api.services.cloudresourcemanager.model.Policy policyPb) { Map<Role, Set<Identity>> bindings = new HashMap<>(); if (policyPb.getBindings() != null) { for (Binding bindingPb : policyPb.getBindings()) { bindings.put( Role.of(bindingPb.getRole()), ImmutableSet.copyOf( Lists.transform( bindingPb.getMembers(), new Function<String, Identity>() { @Override public Identity apply(String s) { return IDENTITY_VALUE_OF_FUNCTION.apply(s); } }))); } } return new Builder(bindings, policyPb.getEtag(), policyPb.getVersion()).build(); }
@Test public void testOf() { assertThat(VIEWER.getValue()).isEqualTo("roles/viewer"); assertThat(EDITOR.getValue()).isEqualTo("roles/editor"); assertThat(OWNER.getValue()).isEqualTo("roles/owner"); compareRoles(VIEWER, Role.of("roles/viewer")); compareRoles(EDITOR, Role.of("roles/editor")); compareRoles(OWNER, Role.of("roles/owner")); String customRole = "projects/foo/roles/bar"; assertThat(Role.of(customRole).getValue()).isEqualTo(customRole); }
static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) { Policy.Builder policyBuilder = Policy.newBuilder(); for (Bindings binding : apiPolicy.getBindings()) { for (String member : binding.getMembers()) { policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); } } return policyBuilder.setEtag(apiPolicy.getEtag()).build(); }
@Test public void testGetIamPolicy() { // Setup com.google.iam.v1.GetIamPolicyRequest expectedRequest = com.google.iam.v1.GetIamPolicyRequest.newBuilder() .setResource(NameUtil.formatInstanceName(PROJECT_ID, INSTANCE_ID)) .build(); com.google.iam.v1.Policy expectedResponse = com.google.iam.v1.Policy.newBuilder() .addBindings( com.google.iam.v1.Binding.newBuilder() .setRole("roles/bigtable.user") .addMembers("user:someone@example.com")) .setEtag(ByteString.copyFromUtf8("my-etag")) .build(); Mockito.when(mockGetIamPolicyCallable.futureCall(expectedRequest)) .thenReturn(ApiFutures.immediateFuture(expectedResponse)); // Execute Policy actualResult = adminClient.getIamPolicy(INSTANCE_ID); // Verify assertThat(actualResult) .isEqualTo( Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .setEtag(BaseEncoding.base64().encode("my-etag".getBytes())) .build()); }
INSTANCE_ID, Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .build()); .isEqualTo( Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .setEtag(BaseEncoding.base64().encode("my-etag".getBytes())) .build());
/** * Returns the owner role. Encapsulates all editor's permissions and permissions to manage access * control for a resource or manage the billing options for a project. * * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a> */ public static Role owner() { return of("owner"); }