def test_fully_qualifed_service_account_name(self): service_account_email = cloud_auth._get_service_account_email( self.project_id, self.service_account_name) expected_fully_qualifed_name = 'projects/{}/serviceAccounts/{}'.format( self.project_id, service_account_email) actual_fully_qualifed_name = cloud_auth._get_service_account_name( self.project_id, self.service_account_name) self.assertEqual(expected_fully_qualifed_name, actual_fully_qualifed_name)
def test_service_account_email(self): """Test that service account email is returned.""" expected_name = '{}@{}.iam.gserviceaccount.com'.format( self.service_account_name, self.project_id) name = cloud_auth._get_service_account_email(self.project_id, self.service_account_name) self.assertEqual(name, expected_name)
def test_set_service_account_role(self, get_resource_manager_client): """Test that role is added to service account.""" policy = { 'version': 1, 'etag': 'AABBCC', 'bindings': [{ 'role': 'roles/owner', 'members': ['*****@*****.**'] }] } manage_projects_client = get_resource_manager_client.return_value.projects (manage_projects_client.return_value.getIamPolicy.return_value.execute .return_value) = policy cloud_auth.set_service_account_role(self.project_id, self.service_account_name, self.role_name) expected_policy = { 'version': 1, 'etag': 'AABBCC', 'bindings': [{ 'role': 'roles/owner', 'members': ['*****@*****.**'], }, { 'role': f'roles/{self.role_name}', 'members': [ 'serviceAccount:' + cloud_auth._get_service_account_email( self.project_id, self.service_account_name) ], }] } manage_projects_client.return_value.setIamPolicy.assert_called_once_with( body={'policy': expected_policy}, resource=self.project_id)