def test_bigtable_set_iam_policy_then_get_iam_policy():
service_account_email = Config.CLIENT._credentials.service_account_email
# [START bigtable_set_iam_policy]
from google.cloud.bigtable import Client
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
instance.reload()
new_policy = Policy()
new_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.service_account(service_account_email)
]
policy_latest = instance.set_iam_policy(new_policy)
# [END bigtable_set_iam_policy]
assert len(policy_latest.bigtable_admins) > 0
# [START bigtable_get_iam_policy]
from google.cloud.bigtable import Client
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
policy = instance.get_iam_policy()
# [END bigtable_get_iam_policy]
assert len(policy.bigtable_admins) > 0
def test_set_iam_policy(self):
from google.cloud.bigtable_admin_v2.gapic import (
bigtable_instance_admin_client)
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = self._make_client(project=self.PROJECT,
credentials=credentials,
admin=True)
instance = self._make_one(self.INSTANCE_ID, client)
version = 1
etag = b'etag_v1'
members = [
'serviceAccount:[email protected]',
'user:[email protected]',
]
bindings = [{'role': BIGTABLE_ADMIN_ROLE, 'members': members}]
iam_policy_pb = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
# Patch the stub used by the API method.
instance_api = mock.create_autospec(
bigtable_instance_admin_client.BigtableInstanceAdminClient)
instance_api.set_iam_policy.return_value = iam_policy_pb
client._instance_admin_client = instance_api
# Perform the method and check the result.
iam_policy = Policy(etag=etag, version=version)
iam_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**"),
]
result = instance.set_iam_policy(iam_policy)
instance_api.set_iam_policy.assert_called_once_with(
resource=instance.name,
policy={
'version': version,
'etag': etag,
'bindings': bindings,
},
)
self.assertEqual(result.version, version)
self.assertEqual(result.etag, etag)
admins = result.bigtable_admins
self.assertEqual(len(admins), len(members))
for found, expected in zip(sorted(admins), sorted(members)):
self.assertEqual(found, expected)
def test_set_iam_policy(self):
from google.cloud.bigtable.client import Client
from google.cloud.bigtable_admin_v2.services.bigtable_table_admin import (
BigtableTableAdminClient, )
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = Client(project=self.PROJECT_ID,
credentials=credentials,
admin=True)
instance = client.instance(instance_id=self.INSTANCE_ID)
backup = self._make_one(self.BACKUP_ID,
instance,
cluster_id=self.CLUSTER_ID)
version = 1
etag = b"etag_v1"
members = [
"serviceAccount:[email protected]", "user:[email protected]"
]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": sorted(members)}]
iam_policy_pb = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
table_api = mock.create_autospec(BigtableTableAdminClient)
client._table_admin_client = table_api
table_api.set_iam_policy.return_value = iam_policy_pb
iam_policy = Policy(etag=etag, version=version)
iam_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**"),
]
result = backup.set_iam_policy(iam_policy)
table_api.set_iam_policy.assert_called_once_with(
request={
"resource": backup.name,
"policy": iam_policy_pb
})
self.assertEqual(result.version, version)
self.assertEqual(result.etag, etag)
admins = result.bigtable_admins
self.assertEqual(len(admins), len(members))
for found, expected in zip(sorted(admins), sorted(members)):
self.assertEqual(found, expected)
def get_iam_policy(self, requested_policy_version=None):
"""Gets the access control policy for an instance resource.
For example:
.. literalinclude:: snippets.py
:start-after: [START bigtable_get_iam_policy]
:end-before: [END bigtable_get_iam_policy]
:type requested_policy_version: int or ``NoneType``
:param requested_policy_version: Optional. The version of IAM policies to request.
If a policy with a condition is requested without
setting this, the server will return an error.
This must be set to a value of 3 to retrieve IAM
policies containing conditions. This is to prevent
client code that isn't aware of IAM conditions from
interpreting and modifying policies incorrectly.
The service might return a policy with version lower
than the one that was requested, based on the
feature syntax in the policy fetched.
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance
"""
args = {"resource": self.name}
if requested_policy_version is not None:
args["options_"] = options_pb2.GetPolicyOptions(
requested_policy_version=requested_policy_version)
instance_admin_client = self._client.instance_admin_client
resp = instance_admin_client.get_iam_policy(**args)
return Policy.from_pb(resp)
def set_iam_policy(self, policy):
"""Sets the access control policy on an instance resource. Replaces any
existing policy.
For more information about policy, please see documentation of
class `google.cloud.bigtable.policy.Policy`
For example:
.. literalinclude:: snippets.py
:start-after: [START bigtable_api_set_iam_policy]
:end-before: [END bigtable_api_set_iam_policy]
:dedent: 4
:type policy: :class:`google.cloud.bigtable.policy.Policy`
:param policy: A new IAM policy to replace the current IAM policy
of this instance
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance.
"""
instance_admin_client = self._client.instance_admin_client
resp = instance_admin_client.set_iam_policy(request={
"resource": self.name,
"policy": policy.to_pb()
})
return Policy.from_pb(resp)
def test_policy_from_pb_w_non_empty():
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
from google.cloud.bigtable.policy import Policy
ETAG = b"ETAG"
VERSION = 1
members = ["serviceAccount:[email protected]", "user:[email protected]"]
empty = frozenset()
message = policy_pb2.Policy(
etag=ETAG,
version=VERSION,
bindings=[{
"role": BIGTABLE_ADMIN_ROLE,
"members": members
}],
)
policy = Policy.from_pb(message)
assert policy.etag == ETAG
assert policy.version == VERSION
assert policy.bigtable_admins == set(members)
assert policy.bigtable_readers == empty
assert policy.bigtable_users == empty
assert policy.bigtable_viewers == empty
assert len(policy) == 1
assert dict(policy) == {BIGTABLE_ADMIN_ROLE: set(members)}
def set_iam_policy(self, policy):
"""Sets the access control policy on an instance resource. Replaces any
existing policy.
For more information about policy, please see documentation of
class `google.cloud.bigtable.policy.Policy`
For example:
.. literalinclude:: snippets.py
:start-after: [START bigtable_set_iam_policy]
:end-before: [END bigtable_set_iam_policy]
:type policy: :class:`google.cloud.bigtable.policy.Policy`
:param policy: A new IAM policy to replace the current IAM policy
of this instance
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance.
"""
instance_admin_client = self._client.instance_admin_client
resp = instance_admin_client.set_iam_policy(
resource=self.name, policy=policy.to_pb()
)
return Policy.from_pb(resp)
def test_set_iam_policy(self):
self._skip_if_emulated("Method not implemented in bigtable emulator")
temp_table_id = "test-set-iam-policy-table"
temp_table = Config.INSTANCE_DATA.table(temp_table_id)
temp_table.create()
self.tables_to_delete.append(temp_table)
new_policy = Policy()
service_account_email = Config.CLIENT._credentials.service_account_email
new_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.service_account(service_account_email)
]
policy_latest = temp_table.set_iam_policy(new_policy).to_api_repr()
self.assertEqual(policy_latest["bindings"][0]["role"], "roles/bigtable.admin")
self.assertIn(service_account_email, policy_latest["bindings"][0]["members"][0])
def test_bigtable_set_iam_policy_then_get_iam_policy():
# [START bigtable_set_iam_policy]
from google.cloud.bigtable import Client
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
# [END bigtable_set_iam_policy]
service_account_email = Config.CLIENT._credentials.service_account_email
# [START bigtable_set_iam_policy]
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
instance.reload()
new_policy = Policy()
new_policy[BIGTABLE_ADMIN_ROLE] = [Policy.service_account(service_account_email)]
policy_latest = instance.set_iam_policy(new_policy)
# [END bigtable_set_iam_policy]
assert len(policy_latest.bigtable_admins) > 0
# [START bigtable_get_iam_policy]
from google.cloud.bigtable import Client
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
policy = instance.get_iam_policy()
# [END bigtable_get_iam_policy]
assert len(policy.bigtable_admins) > 0
def set_iam_policy(self, policy):
"""Sets the access control policy on an instance resource. Replaces any
existing policy.
For more information about policy, please see documentation of
class `google.cloud.bigtable.policy.Policy`
.. code-block:: python
from google.cloud.bigtable.client import Client
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
client = Client(admin=True)
instance = client.instance('[INSTANCE_ID]')
ins_policy = instance.get_iam_policy()
ins_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**")]
policy_latest = instance.set_iam_policy()
print (policy_latest.bigtable_admins)
:type policy: :class:`google.cloud.bigtable.policy.Policy`
:param policy: A new IAM policy to replace the current IAM policy
of this instance
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance.
"""
instance_admin_client = self._client._instance_admin_client
resp = instance_admin_client.set_iam_policy(
resource=self.name, policy=policy.to_api_repr())
return Policy.from_api_repr(self._to_dict_from_policy_pb(resp))
def test_set_iam_policy(self):
from google.cloud.bigtable_admin_v2.gapic import (
bigtable_instance_admin_client)
from google.iam.v1 import iam_policy_pb2
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = self._make_client(project=self.PROJECT,
credentials=credentials, admin=True)
instance = self._make_one(self.INSTANCE_ID, client)
version = 1
etag = b'etag_v1'
bindings = [{'role': BIGTABLE_ADMIN_ROLE,
'members': ['serviceAccount:[email protected]',
'user:[email protected]']}]
expected_request_policy = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
expected_request = iam_policy_pb2.SetIamPolicyRequest(
resource=instance.name,
policy=expected_request_policy
)
# Patch the stub used by the API method.
channel = ChannelStub(responses=[expected_request_policy])
instance_api = (
bigtable_instance_admin_client.BigtableInstanceAdminClient(
channel=channel))
client._instance_admin_client = instance_api
# Perform the method and check the result.
policy_request = Policy(etag=etag, version=version)
policy_request[BIGTABLE_ADMIN_ROLE] = [Policy.user("*****@*****.**"),
Policy.service_account(
"*****@*****.**")]
result = instance.set_iam_policy(policy_request)
actual_request = channel.requests[0][1]
self.assertEqual(actual_request, expected_request)
self.assertEqual(result.bigtable_admins,
policy_request.bigtable_admins)
def test_bigtable_set_iam_policy():
# [START bigtable_set_iam_policy]
from google.cloud.bigtable import Client
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
instance.reload()
ins_policy = Policy()
ins_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**")]
policy_latest = instance.set_iam_policy(ins_policy)
# [END bigtable_set_iam_policy]
assert len(policy_latest.bigtable_admins) is not 0
def get_iam_policy(self):
"""Gets the IAM access control policy for this backup.
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this backup.
"""
table_api = self._instance._client.table_admin_client
response = table_api.get_iam_policy(request={"resource": self.name})
return Policy.from_pb(response)
def test_set_iam_policy(self):
from google.cloud.bigtable_admin_v2.gapic import bigtable_instance_admin_client
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = self._make_client(
project=self.PROJECT, credentials=credentials, admin=True
)
instance = self._make_one(self.INSTANCE_ID, client)
version = 1
etag = b"etag_v1"
members = ["serviceAccount:[email protected]", "user:[email protected]"]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": members}]
iam_policy_pb = policy_pb2.Policy(version=version, etag=etag, bindings=bindings)
# Patch the stub used by the API method.
instance_api = mock.create_autospec(
bigtable_instance_admin_client.BigtableInstanceAdminClient
)
instance_api.set_iam_policy.return_value = iam_policy_pb
client._instance_admin_client = instance_api
# Perform the method and check the result.
iam_policy = Policy(etag=etag, version=version)
iam_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**"),
]
result = instance.set_iam_policy(iam_policy)
instance_api.set_iam_policy.assert_called_once_with(
resource=instance.name,
policy={"version": version, "etag": etag, "bindings": bindings},
)
self.assertEqual(result.version, version)
self.assertEqual(result.etag, etag)
admins = result.bigtable_admins
self.assertEqual(len(admins), len(members))
for found, expected in zip(sorted(admins), sorted(members)):
self.assertEqual(found, expected)
def test_table_set_iam_policy(service_account, data_instance_populated,
tables_to_delete, skip_on_emulator):
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
from google.cloud.bigtable.policy import Policy
temp_table_id = "test-set-iam-policy-table"
temp_table = data_instance_populated.table(temp_table_id)
temp_table.create()
tables_to_delete.append(temp_table)
new_policy = Policy()
service_account_email = service_account.service_account_email
new_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.service_account(service_account_email)
]
policy_latest = temp_table.set_iam_policy(new_policy).to_api_repr()
assert policy_latest["bindings"][0]["role"] == BIGTABLE_ADMIN_ROLE
assert service_account_email in policy_latest["bindings"][0]["members"][0]
def test_instance_set_iam_policy():
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = _make_client(project=PROJECT, credentials=credentials, admin=True)
instance = _make_instance(INSTANCE_ID, client)
version = 1
etag = b"etag_v1"
members = ["serviceAccount:[email protected]", "user:[email protected]"]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": sorted(members)}]
iam_policy_pb = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
api = client._instance_admin_client = _make_instance_admin_api()
api.set_iam_policy.return_value = iam_policy_pb
iam_policy = Policy(etag=etag, version=version)
iam_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**"),
]
result = instance.set_iam_policy(iam_policy)
api.set_iam_policy.assert_called_once_with(request={
"resource": instance.name,
"policy": iam_policy_pb
})
assert result.version == version
assert result.etag == etag
admins = result.bigtable_admins
assert len(admins) == len(members)
for found, expected in zip(sorted(admins), sorted(members)):
assert found == expected
def get_iam_policy(self):
"""Gets the access control policy for an instance resource.
For example:
.. literalinclude:: snippets.py
:start-after: [START bigtable_get_iam_policy]
:end-before: [END bigtable_get_iam_policy]
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance
"""
instance_admin_client = self._client.instance_admin_client
resp = instance_admin_client.get_iam_policy(resource=self.name)
return Policy.from_pb(resp)
def test_policy_from_pb_w_empty():
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
empty = frozenset()
message = policy_pb2.Policy()
policy = Policy.from_pb(message)
assert policy.etag == b""
assert policy.version == 0
assert policy.bigtable_admins == empty
assert policy.bigtable_readers == empty
assert policy.bigtable_users == empty
assert policy.bigtable_viewers == empty
assert len(policy) == 0
assert dict(policy) == {}
def test_policy_from_api_repr_wo_etag():
from google.cloud.bigtable.policy import Policy
VERSION = 1
empty = frozenset()
resource = {"version": VERSION}
policy = Policy.from_api_repr(resource)
assert policy.etag is None
assert policy.version == VERSION
assert policy.bigtable_admins == empty
assert policy.bigtable_readers == empty
assert policy.bigtable_users == empty
assert policy.bigtable_viewers == empty
assert len(policy) == 0
assert dict(policy) == {}
def test_bigtable_viewers_policy():
# [START bigtable_viewers_policy]
from google.cloud.bigtable import Client
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_VIEWER_ROLE
# [END bigtable_viewers_policy]
service_account_email = Config.CLIENT._credentials.service_account_email
# [START bigtable_viewers_policy]
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
instance.reload()
new_policy = Policy()
new_policy[BIGTABLE_VIEWER_ROLE] = [
Policy.service_account(service_account_email)
]
policy_latest = instance.set_iam_policy(new_policy)
policy = policy_latest.bigtable_viewers
# [END bigtable_viewers_policy]
assert len(policy) > 0
def get_iam_policy(self):
"""Gets the access control policy for an instance resource.
For example:
.. literalinclude:: snippets.py
:start-after: [START bigtable_get_iam_policy]
:end-before: [END bigtable_get_iam_policy]
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance
"""
instance_admin_client = self._client.instance_admin_client
resp = instance_admin_client.get_iam_policy(resource=self.name)
return Policy.from_pb(resp)
def test_policy_from_api_repr_w_etag():
import base64
from google.cloud.bigtable.policy import Policy
ETAG = b"ETAG"
empty = frozenset()
resource = {"etag": base64.b64encode(ETAG).decode("ascii")}
policy = Policy.from_api_repr(resource)
assert policy.etag == ETAG
assert policy.version is None
assert policy.bigtable_admins == empty
assert policy.bigtable_readers == empty
assert policy.bigtable_users == empty
assert policy.bigtable_viewers == empty
assert len(policy) == 0
assert dict(policy) == {}
def set_iam_policy(self, policy):
"""Sets the IAM access control policy for this backup. Replaces any
existing policy.
For more information about policy, please see documentation of
class `google.cloud.bigtable.policy.Policy`
:type policy: :class:`google.cloud.bigtable.policy.Policy`
:param policy: A new IAM policy to replace the current IAM policy
of this backup.
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this backup.
"""
table_api = self._instance._client.table_admin_client
response = table_api.set_iam_policy(resource=self.name,
policy=policy.to_pb())
return Policy.from_pb(response)
def test_bigtable_viewers_policy():
service_account_email = Config.CLIENT._credentials.service_account_email
# [START bigtable_viewers_policy]
from google.cloud.bigtable import Client
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_VIEWER_ROLE
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
instance.reload()
new_policy = Policy()
new_policy[BIGTABLE_VIEWER_ROLE] = [Policy.service_account(service_account_email)]
policy_latest = instance.set_iam_policy(new_policy)
policy = policy_latest.bigtable_viewers
# [END bigtable_viewers_policy]
assert len(policy) > 0
def get_iam_policy(self):
"""Gets the access control policy for an instance resource.
.. code-block:: python
from google.cloud.bigtable.client import Client
from google.cloud.bigtable.policy import Policy
client = Client(admin=True)
instance = client.instance('[INSTANCE_ID]')
policy_latest = instance.get_iam_policy()
print (policy_latest.bigtable_viewers)
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance
"""
instance_admin_client = self._client._instance_admin_client
resp = instance_admin_client.get_iam_policy(resource=self.name)
return Policy.from_api_repr(self._to_dict_from_policy_pb(resp))
def test_policy_from_pb_w_condition():
import pytest
from google.iam.v1 import policy_pb2
from google.api_core.iam import InvalidOperationException, _DICT_ACCESS_MSG
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
from google.cloud.bigtable.policy import Policy
ETAG = b"ETAG"
VERSION = 3
members = ["serviceAccount:[email protected]", "user:[email protected]"]
BINDINGS = [{
"role": BIGTABLE_ADMIN_ROLE,
"members": members,
"condition": {
"title": "request_time",
"description": "Requests made before 2021-01-01T00:00:00Z",
"expression": 'request.time < timestamp("2021-01-01T00:00:00Z")',
},
}]
message = policy_pb2.Policy(
etag=ETAG,
version=VERSION,
bindings=BINDINGS,
)
policy = Policy.from_pb(message)
assert policy.etag == ETAG
assert policy.version == VERSION
assert policy.bindings[0]["role"] == BIGTABLE_ADMIN_ROLE
assert policy.bindings[0]["members"] == set(members)
assert policy.bindings[0]["condition"] == BINDINGS[0]["condition"]
with pytest.raises(InvalidOperationException, match=_DICT_ACCESS_MSG):
policy.bigtable_admins
with pytest.raises(InvalidOperationException, match=_DICT_ACCESS_MSG):
policy.bigtable_readers
with pytest.raises(InvalidOperationException, match=_DICT_ACCESS_MSG):
policy.bigtable_users
with pytest.raises(InvalidOperationException, match=_DICT_ACCESS_MSG):
policy.bigtable_viewers
with pytest.raises(InvalidOperationException, match=_DICT_ACCESS_MSG):
len(policy)
def set_iam_policy(self, policy):
"""Sets the IAM access control policy for this table. Replaces any
existing policy.
For more information about policy, please see documentation of
class `google.cloud.bigtable.policy.Policy`
For example:
.. literalinclude:: snippets_table.py
:start-after: [START bigtable_table_set_iam_policy]
:end-before: [END bigtable_table_set_iam_policy]
:type policy: :class:`google.cloud.bigtable.policy.Policy`
:param policy: A new IAM policy to replace the current IAM policy
of this table.
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this table.
"""
table_client = self._instance._client.table_admin_client
resp = table_client.set_iam_policy(resource=self.name, policy=policy.to_pb())
return Policy.from_pb(resp)
def _make_policy(*args, **kw):
from google.cloud.bigtable.policy import Policy
return Policy(*args, **kw)
