def test_fully_qualifed_service_account_name(self):
service_account_email = cloud_auth._get_service_account_email(
self.project_id, self.service_account_name)
expected_fully_qualifed_name = 'projects/{}/serviceAccounts/{}'.format(
self.project_id, service_account_email)
actual_fully_qualifed_name = cloud_auth._get_service_account_name(
self.project_id, self.service_account_name)
self.assertEqual(expected_fully_qualifed_name, actual_fully_qualifed_name)
def test_service_account_email(self):
"""Test that service account email is returned."""
expected_name = '{}@{}.iam.gserviceaccount.com'.format(
self.service_account_name, self.project_id)
name = cloud_auth._get_service_account_email(self.project_id,
self.service_account_name)
self.assertEqual(name, expected_name)
def test_set_service_account_role(self, get_resource_manager_client):
"""Test that role is added to service account."""
policy = {
'version': 1,
'etag': 'AABBCC',
'bindings': [{
'role': 'roles/owner',
'members': ['*****@*****.**']
}]
}
manage_projects_client = get_resource_manager_client.return_value.projects
(manage_projects_client.return_value.getIamPolicy.return_value.execute
.return_value) = policy
cloud_auth.set_service_account_role(self.project_id,
self.service_account_name,
self.role_name)
expected_policy = {
'version':
1,
'etag':
'AABBCC',
'bindings': [{
'role': 'roles/owner',
'members': ['*****@*****.**'],
}, {
'role':
f'roles/{self.role_name}',
'members': [
'serviceAccount:' + cloud_auth._get_service_account_email(
self.project_id, self.service_account_name)
],
}]
}
manage_projects_client.return_value.setIamPolicy.assert_called_once_with(
body={'policy': expected_policy}, resource=self.project_id)
