def test_instance_get_iam_policy_w_requested_policy_version(): from google.iam.v1 import policy_pb2, options_pb2 from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE credentials = _make_credentials() client = _make_client(project=PROJECT, credentials=credentials, admin=True) instance = _make_instance(INSTANCE_ID, client) version = 1 etag = b"etag_v1" members = ["serviceAccount:[email protected]", "user:[email protected]"] bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": members}] iam_policy = policy_pb2.Policy(version=version, etag=etag, bindings=bindings) api = client._instance_admin_client = _make_instance_admin_api() api.get_iam_policy.return_value = iam_policy result = instance.get_iam_policy(requested_policy_version=3) assert result.version == version assert result.etag == etag admins = result.bigtable_admins assert len(admins) == len(members) for found, expected in zip(sorted(admins), sorted(members)): assert found == expected api.get_iam_policy.assert_called_once_with( request={ "resource": instance.name, "options_": options_pb2.GetPolicyOptions( requested_policy_version=3), })
def get_iam_policy(self, requested_policy_version=None): """Gets the access control policy for an instance resource. For example: .. literalinclude:: snippets.py :start-after: [START bigtable_api_get_iam_policy] :end-before: [END bigtable_api_get_iam_policy] :dedent: 4 :type requested_policy_version: int or ``NoneType`` :param requested_policy_version: Optional. The version of IAM policies to request. If a policy with a condition is requested without setting this, the server will return an error. This must be set to a value of 3 to retrieve IAM policies containing conditions. This is to prevent client code that isn't aware of IAM conditions from interpreting and modifying policies incorrectly. The service might return a policy with version lower than the one that was requested, based on the feature syntax in the policy fetched. :rtype: :class:`google.cloud.bigtable.policy.Policy` :returns: The current IAM policy of this instance """ args = {"resource": self.name} if requested_policy_version is not None: args["options_"] = options_pb2.GetPolicyOptions( requested_policy_version=requested_policy_version) instance_admin_client = self._client.instance_admin_client resp = instance_admin_client.get_iam_policy(request=args) return Policy.from_pb(resp)
def test_get_iam_policy_from_dict(): client = CloudBillingClient(credentials=credentials.AnonymousCredentials()) # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.get_iam_policy), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = policy.Policy() response = client.get_iam_policy( request={ "resource": "resource_value", "options": options.GetPolicyOptions( requested_policy_version=2598), }) call.assert_called()
def test_get_iam_policy_w_requested_policy_version(self): from google.cloud.bigtable_admin_v2.services.bigtable_instance_admin import ( BigtableInstanceAdminClient, ) from google.iam.v1 import policy_pb2, options_pb2 from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE credentials = _make_credentials() client = self._make_client(project=self.PROJECT, credentials=credentials, admin=True) instance = self._make_one(self.INSTANCE_ID, client) version = 1 etag = b"etag_v1" members = [ "serviceAccount:[email protected]", "user:[email protected]" ] bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": members}] iam_policy = policy_pb2.Policy(version=version, etag=etag, bindings=bindings) # Patch the stub used by the API method. instance_api = mock.create_autospec(BigtableInstanceAdminClient) client._instance_admin_client = instance_api instance_api.get_iam_policy.return_value = iam_policy # Perform the method and check the result. result = instance.get_iam_policy(requested_policy_version=3) instance_api.get_iam_policy.assert_called_once_with( request={ "resource": instance.name, "options_": options_pb2.GetPolicyOptions(requested_policy_version=3), }) self.assertEqual(result.version, version) self.assertEqual(result.etag, etag) admins = result.bigtable_admins self.assertEqual(len(admins), len(members)) for found, expected in zip(sorted(admins), sorted(members)): self.assertEqual(found, expected)