def test_instance_get_iam_policy_w_requested_policy_version():
from google.iam.v1 import policy_pb2, options_pb2
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = _make_client(project=PROJECT, credentials=credentials, admin=True)
instance = _make_instance(INSTANCE_ID, client)
version = 1
etag = b"etag_v1"
members = ["serviceAccount:[email protected]", "user:[email protected]"]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": members}]
iam_policy = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
api = client._instance_admin_client = _make_instance_admin_api()
api.get_iam_policy.return_value = iam_policy
result = instance.get_iam_policy(requested_policy_version=3)
assert result.version == version
assert result.etag == etag
admins = result.bigtable_admins
assert len(admins) == len(members)
for found, expected in zip(sorted(admins), sorted(members)):
assert found == expected
api.get_iam_policy.assert_called_once_with(
request={
"resource": instance.name,
"options_": options_pb2.GetPolicyOptions(
requested_policy_version=3),
})
def get_iam_policy(self, requested_policy_version=None):
"""Gets the access control policy for an instance resource.
For example:
.. literalinclude:: snippets.py
:start-after: [START bigtable_api_get_iam_policy]
:end-before: [END bigtable_api_get_iam_policy]
:dedent: 4
:type requested_policy_version: int or ``NoneType``
:param requested_policy_version: Optional. The version of IAM policies to request.
If a policy with a condition is requested without
setting this, the server will return an error.
This must be set to a value of 3 to retrieve IAM
policies containing conditions. This is to prevent
client code that isn't aware of IAM conditions from
interpreting and modifying policies incorrectly.
The service might return a policy with version lower
than the one that was requested, based on the
feature syntax in the policy fetched.
:rtype: :class:`google.cloud.bigtable.policy.Policy`
:returns: The current IAM policy of this instance
"""
args = {"resource": self.name}
if requested_policy_version is not None:
args["options_"] = options_pb2.GetPolicyOptions(
requested_policy_version=requested_policy_version)
instance_admin_client = self._client.instance_admin_client
resp = instance_admin_client.get_iam_policy(request=args)
return Policy.from_pb(resp)
def test_get_iam_policy_from_dict():
client = CloudBillingClient(credentials=credentials.AnonymousCredentials())
# Mock the actual call within the gRPC stub, and fake the request.
with mock.patch.object(type(client._transport.get_iam_policy),
"__call__") as call:
# Designate an appropriate return value for the call.
call.return_value = policy.Policy()
response = client.get_iam_policy(
request={
"resource": "resource_value",
"options": options.GetPolicyOptions(
requested_policy_version=2598),
})
call.assert_called()
def test_get_iam_policy_w_requested_policy_version(self):
from google.cloud.bigtable_admin_v2.services.bigtable_instance_admin import (
BigtableInstanceAdminClient, )
from google.iam.v1 import policy_pb2, options_pb2
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = self._make_client(project=self.PROJECT,
credentials=credentials,
admin=True)
instance = self._make_one(self.INSTANCE_ID, client)
version = 1
etag = b"etag_v1"
members = [
"serviceAccount:[email protected]", "user:[email protected]"
]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": members}]
iam_policy = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
# Patch the stub used by the API method.
instance_api = mock.create_autospec(BigtableInstanceAdminClient)
client._instance_admin_client = instance_api
instance_api.get_iam_policy.return_value = iam_policy
# Perform the method and check the result.
result = instance.get_iam_policy(requested_policy_version=3)
instance_api.get_iam_policy.assert_called_once_with(
request={
"resource":
instance.name,
"options_":
options_pb2.GetPolicyOptions(requested_policy_version=3),
})
self.assertEqual(result.version, version)
self.assertEqual(result.etag, etag)
admins = result.bigtable_admins
self.assertEqual(len(admins), len(members))
for found, expected in zip(sorted(admins), sorted(members)):
self.assertEqual(found, expected)
