def test_binding_merge_members_different_role(self):
"""Original binding remains same if other's role is different."""
binding1 = {
'role':
'roles/owner',
'members': [
'user:[email protected]',
'serviceAccount:[email protected]',
]
}
binding2 = {
'role': 'roles/viewer',
'members': [
'user:[email protected]',
]
}
expected_binding = {
'role':
'roles/owner',
'members': [
'user:[email protected]',
'serviceAccount:[email protected]',
]
}
iam_binding1 = IamPolicyBinding.create_from(binding1)
iam_binding2 = IamPolicyBinding.create_from(binding2)
iam_binding1.merge_members(iam_binding2)
expected_binding = IamPolicyBinding.create_from(expected_binding)
self.assertEqual(expected_binding, iam_binding1)
def test_binding_merge_members_same_role_mixed_members(self):
binding1 = {
'role':
'roles/viewer',
'members': [
'user:[email protected]',
'serviceAccount:[email protected]',
]
}
binding2 = {
'role':
'roles/viewer',
'members': [
'user:[email protected]',
'serviceAccount:[email protected]',
]
}
expected_binding = {
'role':
'roles/viewer',
'members': [
'user:[email protected]',
'serviceAccount:[email protected]',
'user:[email protected]',
]
}
iam_binding1 = IamPolicyBinding.create_from(binding1)
iam_binding2 = IamPolicyBinding.create_from(binding2)
iam_binding1.merge_members(iam_binding2)
expected_binding = IamPolicyBinding.create_from(expected_binding)
self.assertEqual(expected_binding, iam_binding1)
def test_binding_create_from_is_correct(self):
"""Test that the IamPolicyBinding create is correct."""
# test role, members, role name pattern
binding = {'role': 'roles/viewer', 'members': self.test_members}
iam_binding = IamPolicyBinding.create_from(binding)
self.assertEqual(binding['role'], iam_binding.role_name)
self.assertEqual(binding['members'],
_get_member_list(iam_binding.members))
self.assertEqual('^roles\/viewer$', iam_binding.role_pattern.pattern)
# test roles glob
binding2 = {'role': 'roles/*', 'members': self.test_members}
iam_binding2 = IamPolicyBinding.create_from(binding2)
self.assertEqual('^roles\/.*$', iam_binding2.role_pattern.pattern)
def test_binding_merge_members_other_type_different_raises(self):
"""Test that merging raises exception if `other`is not of same type."""
with self.assertRaises(InvalidIamPolicyBindingError):
binding = {
'role':
'roles/viewer',
'members': [
'user:[email protected]',
'serviceAccount:[email protected]',
]
}
iam_binding = IamPolicyBinding.create_from(binding)
iam_binding.merge_members([1, 2, 4])
def test_binding_missing_members_raises(self):
"""Test that a binding with no members raises an exception."""
with self.assertRaises(InvalidIamPolicyBindingError):
IamPolicyBinding('roles/fake', [])
def test_binding_missing_role_raises(self):
"""Test that a binding with no role raises an exception."""
with self.assertRaises(InvalidIamPolicyBindingError):
IamPolicyBinding(None, ['*'])