def set_iam_policy(self, policy, client=None):
"""Update the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions/setIamPolicy
Example:
.. literalinclude:: pubsub_snippets.py
:start-after: [START subscription_set_iam_policy]
:end-before: [END subscription_set_iam_policy]
:type policy: :class:`gcloud.pubsub.iam.Policy`
:param policy: the new policy, typically fetched via
:meth:`get_iam_policy` and updated in place.
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: updated policy created from the resource returned by the
``setIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resource = policy.to_api_repr()
resp = api.set_iam_policy(self.full_name, resource)
return Policy.from_api_repr(resp)
def test_set_iam_policy_w_alternate_client(self):
from gcloud.pubsub.iam import Policy
RESPONSE = {'etag': 'ACAB'}
PROJECT = 'PROJECT'
TOPIC_NAME = 'topic_name'
SUB_NAME = 'sub_name'
PATH = 'projects/%s/subscriptions/%s:setIamPolicy' % (PROJECT,
SUB_NAME)
conn1 = _Connection()
conn2 = _Connection(RESPONSE)
CLIENT1 = _Client(project=PROJECT, connection=conn1)
CLIENT2 = _Client(project=PROJECT, connection=conn2)
topic = _Topic(TOPIC_NAME, client=CLIENT1)
subscription = self._makeOne(SUB_NAME, topic)
policy = Policy()
new_policy = subscription.set_iam_policy(policy, client=CLIENT2)
self.assertEqual(new_policy.etag, 'ACAB')
self.assertEqual(new_policy.version, None)
self.assertEqual(sorted(new_policy.owners), [])
self.assertEqual(sorted(new_policy.editors), [])
self.assertEqual(sorted(new_policy.viewers), [])
self.assertEqual(len(conn1._requested), 0)
self.assertEqual(len(conn2._requested), 1)
req = conn2._requested[0]
self.assertEqual(req['method'], 'POST')
self.assertEqual(req['path'], '/%s' % PATH)
self.assertEqual(req['data'], {'policy': {}})
def set_iam_policy(self, policy, client=None):
"""Update the IAM policy for the topic.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.topics/setIamPolicy
Example:
.. literalinclude:: pubsub_snippets.py
:start-after: [START topic_set_iam_policy]
:end-before: [END topic_set_iam_policy]
:type policy: :class:`gcloud.pubsub.iam.Policy`
:param policy: the new policy, typically fetched via
:meth:`get_iam_policy` and updated in place.
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current batch.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: updated policy created from the resource returned by the
``setIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resource = policy.to_api_repr()
resp = api.set_iam_policy(self.full_name, resource)
return Policy.from_api_repr(resp)
def set_iam_policy(self, policy, client=None):
"""Update the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions/setIamPolicy
:type policy: :class:`gcloud.pubsub.iam.Policy`
:param policy: the new policy, typically fetched via
:meth:`get_iam_policy` and updated in place.
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: updated policy created from the resource returned by the
``setIamPolicy`` API request.
"""
client = self._require_client(client)
path = '%s:setIamPolicy' % (self.path,)
resource = policy.to_api_repr()
wrapped = {'policy': resource}
resp = client.connection.api_request(
method='POST', path=path, data=wrapped)
return Policy.from_api_repr(resp)
def set_iam_policy(self, policy, client=None):
"""Update the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions/setIamPolicy
:type policy: :class:`gcloud.pubsub.iam.Policy`
:param policy: the new policy, typically fetched via
:meth:`get_iam_policy` and updated in place.
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: updated policy created from the resource returned by the
``setIamPolicy`` API request.
"""
client = self._require_client(client)
path = '%s:setIamPolicy' % (self.path, )
resource = policy.to_api_repr()
wrapped = {'policy': resource}
resp = client.connection.api_request(method='POST',
path=path,
data=wrapped)
return Policy.from_api_repr(resp)
def test_set_iam_policy_w_alternate_client(self):
from gcloud.pubsub.iam import Policy
RESPONSE = {'etag': 'ACAB'}
PATH = '/%s:setIamPolicy' % (self.SUB_PATH,)
conn1 = _Connection()
conn2 = _Connection(RESPONSE)
client1 = _Client(project=self.PROJECT, connection=conn1)
client2 = _Client(project=self.PROJECT, connection=conn2)
topic = _Topic(self.TOPIC_NAME, client=client1)
subscription = self._makeOne(self.SUB_NAME, topic)
policy = Policy()
new_policy = subscription.set_iam_policy(policy, client=client2)
self.assertEqual(new_policy.etag, 'ACAB')
self.assertEqual(new_policy.version, None)
self.assertEqual(sorted(new_policy.owners), [])
self.assertEqual(sorted(new_policy.editors), [])
self.assertEqual(sorted(new_policy.viewers), [])
self.assertEqual(len(conn1._requested), 0)
self.assertEqual(len(conn2._requested), 1)
req = conn2._requested[0]
self.assertEqual(req['method'], 'POST')
self.assertEqual(req['path'], PATH)
self.assertEqual(req['data'], {'policy': {}})
def test_set_iam_policy_w_bound_client(self):
from gcloud.pubsub.iam import OWNER_ROLE, EDITOR_ROLE, VIEWER_ROLE
from gcloud.pubsub.iam import Policy
OWNER1 = 'group:[email protected]'
OWNER2 = 'user:[email protected]'
EDITOR1 = 'domain:google.com'
EDITOR2 = 'user:[email protected]'
VIEWER1 = 'serviceAccount:[email protected]'
VIEWER2 = 'user:[email protected]'
POLICY = {
'etag':
'DEADBEEF',
'version':
17,
'bindings': [
{
'role': OWNER_ROLE,
'members': [OWNER1, OWNER2]
},
{
'role': EDITOR_ROLE,
'members': [EDITOR1, EDITOR2]
},
{
'role': VIEWER_ROLE,
'members': [VIEWER1, VIEWER2]
},
],
}
RESPONSE = POLICY.copy()
RESPONSE['etag'] = 'ABACABAF'
RESPONSE['version'] = 18
client = _Client(project=self.PROJECT)
api = client.iam_policy_api = _FauxIAMPolicy()
api._set_iam_policy_response = RESPONSE
topic = _Topic(self.TOPIC_NAME, client=client)
subscription = self._makeOne(self.SUB_NAME, topic)
policy = Policy('DEADBEEF', 17)
policy.owners.add(OWNER1)
policy.owners.add(OWNER2)
policy.editors.add(EDITOR1)
policy.editors.add(EDITOR2)
policy.viewers.add(VIEWER1)
policy.viewers.add(VIEWER2)
new_policy = subscription.set_iam_policy(policy)
self.assertEqual(new_policy.etag, 'ABACABAF')
self.assertEqual(new_policy.version, 18)
self.assertEqual(sorted(new_policy.owners), [OWNER1, OWNER2])
self.assertEqual(sorted(new_policy.editors), [EDITOR1, EDITOR2])
self.assertEqual(sorted(new_policy.viewers), [VIEWER1, VIEWER2])
self.assertEqual(api._set_iam_policy, (self.SUB_PATH, POLICY))
def test_set_iam_policy_w_bound_client(self):
from gcloud.pubsub.iam import OWNER_ROLE, EDITOR_ROLE, VIEWER_ROLE
from gcloud.pubsub.iam import Policy
OWNER1 = 'group:[email protected]'
OWNER2 = 'user:[email protected]'
EDITOR1 = 'domain:google.com'
EDITOR2 = 'user:[email protected]'
VIEWER1 = 'serviceAccount:[email protected]'
VIEWER2 = 'user:[email protected]'
POLICY = {
'etag': 'DEADBEEF',
'version': 17,
'bindings': [
{'role': OWNER_ROLE, 'members': [OWNER1, OWNER2]},
{'role': EDITOR_ROLE, 'members': [EDITOR1, EDITOR2]},
{'role': VIEWER_ROLE, 'members': [VIEWER1, VIEWER2]},
],
}
RESPONSE = POLICY.copy()
RESPONSE['etag'] = 'ABACABAF'
RESPONSE['version'] = 18
PATH = '/%s:setIamPolicy' % (self.SUB_PATH,)
conn = _Connection(RESPONSE)
client = _Client(project=self.PROJECT, connection=conn)
topic = _Topic(self.TOPIC_NAME, client=client)
subscription = self._makeOne(self.SUB_NAME, topic)
policy = Policy('DEADBEEF', 17)
policy.owners.add(OWNER1)
policy.owners.add(OWNER2)
policy.editors.add(EDITOR1)
policy.editors.add(EDITOR2)
policy.viewers.add(VIEWER1)
policy.viewers.add(VIEWER2)
new_policy = subscription.set_iam_policy(policy)
self.assertEqual(new_policy.etag, 'ABACABAF')
self.assertEqual(new_policy.version, 18)
self.assertEqual(sorted(new_policy.owners), [OWNER1, OWNER2])
self.assertEqual(sorted(new_policy.editors), [EDITOR1, EDITOR2])
self.assertEqual(sorted(new_policy.viewers), [VIEWER1, VIEWER2])
self.assertEqual(len(conn._requested), 1)
req = conn._requested[0]
self.assertEqual(req['method'], 'POST')
self.assertEqual(req['path'], PATH)
self.assertEqual(req['data'], {'policy': POLICY})
def get_iam_policy(self, client=None):
"""Fetch the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions/getIamPolicy
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: policy created from the resource returned by the
``getIamPolicy`` API request.
"""
client = self._require_client(client)
path = '%s:getIamPolicy' % (self.path,)
resp = client.connection.api_request(method='GET', path=path)
return Policy.from_api_repr(resp)
def get_iam_policy(self, client=None):
"""Fetch the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions/getIamPolicy
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: policy created from the resource returned by the
``getIamPolicy`` API request.
"""
client = self._require_client(client)
path = '%s:getIamPolicy' % (self.path, )
resp = client.connection.api_request(method='GET', path=path)
return Policy.from_api_repr(resp)
def get_iam_policy(self, client=None):
"""Fetch the IAM policy for the topic.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.topics/getIamPolicy
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current batch.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: policy created from the resource returned by the
``getIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resp = api.get_iam_policy(self.full_name)
return Policy.from_api_repr(resp)
def test_set_iam_policy_w_alternate_client(self):
from gcloud.pubsub.iam import Policy
RESPONSE = {'etag': 'ACAB'}
client1 = _Client(project=self.PROJECT)
client2 = _Client(project=self.PROJECT)
api = client2.iam_policy_api = _FauxIAMPolicy()
api._set_iam_policy_response = RESPONSE
topic = _Topic(self.TOPIC_NAME, client=client1)
subscription = self._makeOne(self.SUB_NAME, topic)
policy = Policy()
new_policy = subscription.set_iam_policy(policy, client=client2)
self.assertEqual(new_policy.etag, 'ACAB')
self.assertEqual(new_policy.version, None)
self.assertEqual(sorted(new_policy.owners), [])
self.assertEqual(sorted(new_policy.editors), [])
self.assertEqual(sorted(new_policy.viewers), [])
self.assertEqual(api._set_iam_policy, (self.SUB_PATH, {}))
def set_iam_policy(self, policy, client=None):
"""Update the IAM policy for the topic.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.topics/setIamPolicy
:type policy: :class:`gcloud.pubsub.iam.Policy`
:param policy: the new policy, typically fetched via
:meth:`get_iam_policy` and updated in place.
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current batch.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: updated policy created from the resource returned by the
``setIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resource = policy.to_api_repr()
resp = api.set_iam_policy(self.full_name, resource)
return Policy.from_api_repr(resp)
def get_iam_policy(self, client=None):
"""Fetch the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions/getIamPolicy
Example:
.. literalinclude:: pubsub_snippets.py
:start-after: [START subscription_get_iam_policy]
:end-before: [END subscription_get_iam_policy]
:type client: :class:`gcloud.pubsub.client.Client` or ``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`gcloud.pubsub.iam.Policy`
:returns: policy created from the resource returned by the
``getIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resp = api.get_iam_policy(self.full_name)
return Policy.from_api_repr(resp)
