def Run(self, args):
with endpoint_util.MlEndpointOverrides(region=args.region):
condition = iam_util.ValidateAndExtractCondition(args)
iam_util.ValidateMutexConditionAndPrimitiveRoles(
condition, args.role)
return models_util.AddIamPolicyBindingWithCondition(
models.ModelsClient(), args.model, args.member, args.role,
condition)
def testValidateMutexConditionAndPrimitiveRoles_Error(self):
condition = {'expression': 'expr', 'title': 'title'}
role = 'roles/editor'
with self.AssertRaisesExceptionRegexp(
iam_util.IamPolicyBindingInvalidError,
'Binding with a condition and a primitive role is not allowed. '
'Primitive roles are `roles/editor`, `roles/owner`, '
'and `roles/viewer`.'):
iam_util.ValidateMutexConditionAndPrimitiveRoles(condition, role)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
with endpoint_util.MlEndpointOverrides(region=args.region):
condition = iam_util.ValidateAndExtractCondition(args)
iam_util.ValidateMutexConditionAndPrimitiveRoles(
condition, args.role)
return models_util.RemoveIamPolicyBindingWithCondition(
models.ModelsClient(), args.model, args.member, args.role,
condition)
def testValidateMutexConditionAndPrimitiveRoles(self, condition, role):
iam_util.ValidateMutexConditionAndPrimitiveRoles(condition, role)
