def set_iam_policy(self, policy, client=None):
"""Update the IAM policy for the topic.
See:
https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics/setIamPolicy
Example:
.. literalinclude:: pubsub_snippets.py
:start-after: [START topic_set_iam_policy]
:end-before: [END topic_set_iam_policy]
:type policy: :class:`google.cloud.pubsub.iam.Policy`
:param policy: the new policy, typically fetched via
:meth:`get_iam_policy` and updated in place.
:type client: :class:`~google.cloud.pubsub.client.Client` or
``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current batch.
:rtype: :class:`google.cloud.pubsub.iam.Policy`
:returns: updated policy created from the resource returned by the
``setIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resource = policy.to_api_repr()
resp = api.set_iam_policy(self.full_name, resource)
return Policy.from_api_repr(resp)
def set_iam_policy(self, policy, client=None):
"""Update the IAM policy for the topic.
See:
https://cloud.google.com/pubsub/reference/rest/v1/projects.topics/setIamPolicy
Example:
.. literalinclude:: pubsub_snippets.py
:start-after: [START topic_set_iam_policy]
:end-before: [END topic_set_iam_policy]
:type policy: :class:`google.cloud.pubsub.iam.Policy`
:param policy: the new policy, typically fetched via
:meth:`get_iam_policy` and updated in place.
:type client: :class:`~google.cloud.pubsub.client.Client` or
``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current batch.
:rtype: :class:`google.cloud.pubsub.iam.Policy`
:returns: updated policy created from the resource returned by the
``setIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resource = policy.to_api_repr()
resp = api.set_iam_policy(self.full_name, resource)
return Policy.from_api_repr(resp)
def get_iam_policy(self, client=None):
"""Fetch the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/getIamPolicy
Example:
.. literalinclude:: pubsub_snippets.py
:start-after: [START subscription_get_iam_policy]
:end-before: [END subscription_get_iam_policy]
:type client: :class:`~google.cloud.pubsub.client.Client` or
``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`google.cloud.pubsub.iam.Policy`
:returns: policy created from the resource returned by the
``getIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resp = api.get_iam_policy(self.full_name)
return Policy.from_api_repr(resp)
def get_iam_policy(self, client=None):
"""Fetch the IAM policy for the subscription.
See:
https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions/getIamPolicy
Example:
.. literalinclude:: pubsub_snippets.py
:start-after: [START subscription_get_iam_policy]
:end-before: [END subscription_get_iam_policy]
:type client: :class:`~google.cloud.pubsub.client.Client` or
``NoneType``
:param client: the client to use. If not passed, falls back to the
``client`` stored on the current subscription's topic.
:rtype: :class:`google.cloud.pubsub.iam.Policy`
:returns: policy created from the resource returned by the
``getIamPolicy`` API request.
"""
client = self._require_client(client)
api = client.iam_policy_api
resp = api.get_iam_policy(self.full_name)
return Policy.from_api_repr(resp)
def test_set_iam_policy_w_bound_client(self):
from google.cloud.pubsub.iam import Policy
from google.cloud.pubsub.iam import (
PUBSUB_ADMIN_ROLE,
PUBSUB_EDITOR_ROLE,
PUBSUB_VIEWER_ROLE,
PUBSUB_PUBLISHER_ROLE,
PUBSUB_SUBSCRIBER_ROLE,
)
OWNER1 = 'group:[email protected]'
OWNER2 = 'user:[email protected]'
EDITOR1 = 'domain:google.com'
EDITOR2 = 'user:[email protected]'
VIEWER1 = 'serviceAccount:[email protected]'
VIEWER2 = 'user:[email protected]'
PUBLISHER = 'user:[email protected]'
SUBSCRIBER = 'serviceAccount:[email protected]'
POLICY = {
'etag': 'DEADBEEF',
'version': 17,
'bindings': [
{'role': PUBSUB_ADMIN_ROLE, 'members': [OWNER1, OWNER2]},
{'role': PUBSUB_EDITOR_ROLE, 'members': [EDITOR1, EDITOR2]},
{'role': PUBSUB_VIEWER_ROLE, 'members': [VIEWER1, VIEWER2]},
{'role': PUBSUB_PUBLISHER_ROLE, 'members': [PUBLISHER]},
{'role': PUBSUB_SUBSCRIBER_ROLE, 'members': [SUBSCRIBER]},
],
}
RESPONSE = POLICY.copy()
RESPONSE['etag'] = 'ABACABAF'
RESPONSE['version'] = 18
client = _Client(project=self.PROJECT)
api = client.iam_policy_api = _FauxIAMPolicy()
api._set_iam_policy_response = RESPONSE
topic = _Topic(self.TOPIC_NAME, client=client)
subscription = self._make_one(self.SUB_NAME, topic)
policy = Policy('DEADBEEF', 17)
policy.owners.add(OWNER1)
policy.owners.add(OWNER2)
policy.editors.add(EDITOR1)
policy.editors.add(EDITOR2)
policy.viewers.add(VIEWER1)
policy.viewers.add(VIEWER2)
policy.publishers.add(PUBLISHER)
policy.subscribers.add(SUBSCRIBER)
new_policy = subscription.set_iam_policy(policy)
self.assertEqual(new_policy.etag, 'ABACABAF')
self.assertEqual(new_policy.version, 18)
self.assertEqual(sorted(new_policy.owners), [OWNER1, OWNER2])
self.assertEqual(sorted(new_policy.editors), [EDITOR1, EDITOR2])
self.assertEqual(sorted(new_policy.viewers), [VIEWER1, VIEWER2])
self.assertEqual(sorted(new_policy.publishers), [PUBLISHER])
self.assertEqual(sorted(new_policy.subscribers), [SUBSCRIBER])
self.assertEqual(api._set_iam_policy, (self.SUB_PATH, POLICY))
def test_set_iam_policy_w_alternate_client(self):
from google.cloud.pubsub.iam import Policy
RESPONSE = {'etag': 'ACAB'}
client1 = _Client(project=self.PROJECT)
client2 = _Client(project=self.PROJECT)
api = client2.iam_policy_api = _FauxIAMPolicy()
api._set_iam_policy_response = RESPONSE
topic = _Topic(self.TOPIC_NAME, client=client1)
subscription = self._makeOne(self.SUB_NAME, topic)
policy = Policy()
new_policy = subscription.set_iam_policy(policy, client=client2)
self.assertEqual(new_policy.etag, 'ACAB')
self.assertEqual(new_policy.version, None)
self.assertEqual(sorted(new_policy.owners), [])
self.assertEqual(sorted(new_policy.editors), [])
self.assertEqual(sorted(new_policy.viewers), [])
self.assertEqual(api._set_iam_policy, (self.SUB_PATH, {}))
def test_set_iam_policy_w_bound_client(self):
import operator
from google.cloud.pubsub.iam import Policy
from google.cloud.pubsub.iam import (
OWNER_ROLE,
EDITOR_ROLE,
VIEWER_ROLE,
PUBSUB_PUBLISHER_ROLE,
PUBSUB_SUBSCRIBER_ROLE,
)
OWNER1 = 'group:[email protected]'
OWNER2 = 'user:[email protected]'
EDITOR1 = 'domain:google.com'
EDITOR2 = 'user:[email protected]'
VIEWER1 = 'serviceAccount:[email protected]'
VIEWER2 = 'user:[email protected]'
PUBLISHER = 'user:[email protected]'
SUBSCRIBER = 'serviceAccount:[email protected]'
POLICY = {
'etag': 'DEADBEEF',
'version': 17,
'bindings': [
{'role': OWNER_ROLE,
'members': [OWNER1, OWNER2]},
{'role': EDITOR_ROLE,
'members': [EDITOR1, EDITOR2]},
{'role': VIEWER_ROLE,
'members': [VIEWER1, VIEWER2]},
{'role': PUBSUB_PUBLISHER_ROLE,
'members': [PUBLISHER]},
{'role': PUBSUB_SUBSCRIBER_ROLE,
'members': [SUBSCRIBER]},
],
}
RESPONSE = POLICY.copy()
RESPONSE['etag'] = 'ABACABAF'
RESPONSE['version'] = 18
client = _Client(project=self.PROJECT)
api = client.iam_policy_api = _FauxIAMPolicy()
api._set_iam_policy_response = RESPONSE
topic = self._make_one(self.TOPIC_NAME, client=client)
policy = Policy('DEADBEEF', 17)
policy.owners = [OWNER1, OWNER2]
policy.editors = [EDITOR1, EDITOR2]
policy.viewers = [VIEWER1, VIEWER2]
policy.publishers = [PUBLISHER]
policy.subscribers = [SUBSCRIBER]
new_policy = topic.set_iam_policy(policy)
self.assertEqual(new_policy.etag, 'ABACABAF')
self.assertEqual(new_policy.version, 18)
self.assertEqual(sorted(new_policy.owners), [OWNER1, OWNER2])
self.assertEqual(sorted(new_policy.editors), [EDITOR1, EDITOR2])
self.assertEqual(sorted(new_policy.viewers), [VIEWER1, VIEWER2])
self.assertEqual(sorted(new_policy.publishers), [PUBLISHER])
self.assertEqual(sorted(new_policy.subscribers), [SUBSCRIBER])
self.assertEqual(len(api._set_iam_policy), 2)
self.assertEqual(api._set_iam_policy[0], self.TOPIC_PATH)
resource = api._set_iam_policy[1]
self.assertEqual(resource['etag'], POLICY['etag'])
self.assertEqual(resource['version'], POLICY['version'])
key = operator.itemgetter('role')
self.assertEqual(
sorted(resource['bindings'], key=key),
sorted(POLICY['bindings'], key=key))