def testUpdate(self):
test_project = util.GetTestActiveProject()
test_project_ref = command_lib_util.ParseProject(test_project.projectId)
updated_test_project = util.GetTestActiveProject()
updated_test_project.name = 'Test Project, New and Improved'
self.mock_client.projects.Get.Expect(
self.messages.CloudresourcemanagerProjectsGetRequest(
projectId=test_project.projectId),
test_project)
self.mock_client.projects.Update.Expect(updated_test_project,
updated_test_project)
response = projects_api.Update(
test_project_ref, name=updated_test_project.name)
self.assertEqual(response, updated_test_project)
def testAddIamPolicyBinding(self):
test_project = test_util.GetTestActiveProject()
new_role = 'roles/editor'
new_user = '******'
start_policy = copy.deepcopy(test_util.GetTestIamPolicy())
new_policy = copy.deepcopy(start_policy)
new_policy.bindings[0].members.append(new_user)
new_policy.version = iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
resource_name = test_project.projectId
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
resource=resource_name,
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION))), start_policy)
self.mock_client.projects.SetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsSetIamPolicyRequest(
resource=resource_name,
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=new_policy)), new_policy)
response = self.RunProjects('add-iam-policy-binding',
test_project.projectId,
'--role={0}'.format(new_role),
'--member={0}'.format(new_user))
self.assertEqual(response, new_policy)
def testGetIamPolicyProjectOutput(self):
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION)),
resource=test_project.projectId),
copy.deepcopy(test_util.GetTestIamPolicy()))
self.RunProjects('get-iam-policy', test_project.projectId)
self.AssertOutputEquals("""\
auditConfigs:
- auditLogConfigs:
- logType: ADMIN_READ
service: allServices
bindings:
- members:
- serviceAccount:[email protected]
role: roles/editor
- members:
- user:[email protected]
- user:[email protected]
role: roles/owner
etag: PDwgVW5pcXVlIHZlcnNpb25pbmcgZXRhZyBieXRlZmllbGQgPj4=
""")
def testRemoveIamPolicyBinding(self):
test_project = test_util.GetTestActiveProject()
start_policy = copy.deepcopy(test_util.GetTestIamPolicy())
new_policy = copy.deepcopy(start_policy)
remove_user = '******'
remove_role = 'roles/owner'
# In the test policy the first binding is for editors, second for owners.
new_policy.bindings[1].members.remove(remove_user)
resource_name = test_project.projectId
new_policy.version = iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
resource=resource_name,
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=
iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION))),
start_policy)
self.mock_client.projects.SetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsSetIamPolicyRequest(
resource=resource_name,
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=new_policy)),
new_policy)
response = self.RunProjects(
'remove-iam-policy-binding',
test_project.projectId,
'--role={0}'.format(remove_role),
'--member={0}'.format(remove_user))
self.assertEqual(response, new_policy)
def testBadJsonOrYamlSetIamPolicyProject(self):
temp_file = self.Touch(self.temp_path, 'bad', contents='bad')
with self.assertRaises(exceptions.Error):
self.RunProjects('set-iam-policy',
test_util.GetTestActiveProject().projectId,
temp_file)
def testRoleCompletion(self):
test_project = test_util.GetTestActiveProject()
iam_client = mock.Client(core_apis.GetClientClass('iam', 'v1'))
iam_client.Mock()
self.addCleanup(iam_client.Unmock)
iam_msgs = core_apis.GetMessagesModule('iam', 'v1')
returned_roles = [
iam_msgs.Role(
description='Read access to all resources.',
name='roles/viewer',
title='Viewer',
),
iam_msgs.Role(
description='Read-only access to GCE networking resources.',
name='roles/compute.networkViewer',
title='Compute Network Viewer',
),
]
iam_client.roles.QueryGrantableRoles.Expect(
request=iam_msgs.QueryGrantableRolesRequest(fullResourceName=(
'//cloudresourcemanager.googleapis.com/projects/{0}'.format(
test_project.projectId)),
pageSize=100),
response=iam_msgs.QueryGrantableRolesResponse(
roles=returned_roles),
)
self.RunCompletion(
'projects add-iam-policy-binding {0} --role '.format(
test_project.projectId),
['roles/viewer', 'roles/compute.networkViewer'])
def testBadJsonSetIamPolicyProject(self):
file_path = '/some/bad/path/to/non/existend/file'
with self.assertRaisesRegex(
exceptions.Error,
r'Failed to load YAML from \[{}\]'.format(file_path)):
self.RunProjects('set-iam-policy',
test_util.GetTestActiveProject().projectId,
file_path)
def testDescribeValidProjectBeta(self):
properties.VALUES.core.user_output_enabled.Set(False)
test_project = util.GetTestActiveProject()
self.mock_client.projects.Get.Expect(
self.messages.CloudresourcemanagerProjectsGetRequest(
projectId=test_project.projectId), test_project)
response = self.RunProjectsBeta('describe', test_project.projectId)
self.assertEqual(response, test_project)
def testDeleteValidProjectWithFormat(self):
test_project_id = util.GetTestActiveProject().projectId
self.mock_client.projects.Delete.Expect(
self.messages.CloudresourcemanagerProjectsDeleteRequest(
projectId=test_project_id), self.messages.Empty())
self.WriteInput('y\n')
self.RunProjectsBeta('delete', '--format=default', test_project_id)
self.AssertOutputContains('projectId: {0}'.format(test_project_id))
self.AssertErrContains('Your project will be deleted')
def testUndelete(self):
test_project = util.GetTestActiveProject()
test_project_ref = command_lib_util.ParseProject(test_project.projectId)
self.mock_client.projects.Undelete.Expect(
self.messages.CloudresourcemanagerProjectsUndeleteRequest(
projectId=test_project.projectId),
self.messages.Empty())
response = projects_api.Undelete(test_project_ref)
self.assertEqual(response.projectId, test_project.projectId)
def testListOneProject(self):
test_project = util.GetTestActiveProject()
self.mock_client.projects.List.Expect(
self.messages.CloudresourcemanagerProjectsListRequest(
pageSize=500, filter='lifecycleState:ACTIVE'),
self.messages.ListProjectsResponse(projects=[test_project]))
results_generator = self.RunProjects('list')
results = [x for x in results_generator]
self.assertEqual([test_project], results)
def createProjectWithBothFolderAndOrganizationSpecifiedHelper(
self, run, name):
test_project = util.GetTestActiveProject()
with self.AssertRaisesExceptionMatches(
exceptions.ConflictingArgumentsException,
'arguments not allowed simultaneously: --folder, --organization'):
run('create', test_project.projectId, '--folder', '12345',
'--organization', '2048')
self.AssertOutputEquals('')
def testGetHttpError(self):
test_project = util.GetTestActiveProject()
test_project_ref = command_lib_util.ParseProject(test_project.projectId)
self.mock_client.projects.Get.Expect(
self.messages.CloudresourcemanagerProjectsGetRequest(
projectId=test_project.projectId),
exception=self.HttpError())
with self.assertRaises(exceptions.HttpError):
projects_api.Get(test_project_ref)
def testCreateValidProjectWithNameOutput(self):
test_project = util.GetTestActiveProject()
self._expectCreationCall(test_project)
self._expectServiceEnableCall(test_project.projectId)
self.RunProjects('create', test_project.projectId, '--name',
test_project.name)
self.AssertOutputEquals('')
self.AssertErrEquals(
ProjectsCreateTest._CREATE_STDERR_FMT.format('feisty-catcher-644'))
def testGet(self):
test_project = util.GetTestActiveProject()
test_project_ref = command_lib_util.ParseProject(test_project.projectId)
self.mock_client.projects.Get.Expect(
self.messages.CloudresourcemanagerProjectsGetRequest(
projectId=test_project.projectId),
test_project)
response = projects_api.Get(test_project_ref)
self.assertEqual(response, test_project)
def testUndeleteValidProject(self):
test_project_id = util.GetTestActiveProject().projectId
self.mock_client.projects.Undelete.Expect(
self.messages.CloudresourcemanagerProjectsUndeleteRequest(
projectId=test_project_id), self.messages.Empty())
self.RunProjectsBeta('undelete', test_project_id)
self.AssertOutputEquals('')
self.AssertErrEquals("""\
Restored project [https://cloudresourcemanager.googleapis.com/v1/projects/feisty-catcher-644].
""")
def testListFilterWithLifecycleState(self):
test_project = util.GetTestActiveProject()
self.mock_client.projects.List.Expect(
self.messages.CloudresourcemanagerProjectsListRequest(
pageSize=500,
filter='lifecycleState:DELETE_REQUESTED'),
self.messages.ListProjectsResponse(projects=[test_project]))
results_generator = projects_api.List(
filter='lifecycleState:DELETE_REQUESTED')
results = [x for x in results_generator]
self.assertEqual([test_project], results)
def testNotDeleteValidProject(self):
test_project_id = util.GetTestActiveProject().projectId
self.WriteInput('n\n')
result = self.RunProjectsBeta('delete', test_project_id)
self.assertEqual([], list(result))
self.AssertOutputEquals('')
self.AssertErrContains('Your project will be deleted')
self.AssertErrNotContains("""
You can undo this operation for a limited period by running the command below.
$ gcloud projects undelete {1}
{0}""".format(flags.SHUT_DOWN_PROJECTS, test_project_id))
def testDescribeValidProjectBetaOutput(self):
test_project = util.GetTestActiveProject()
self.mock_client.projects.Get.Expect(
self.messages.CloudresourcemanagerProjectsGetRequest(
projectId=test_project.projectId), test_project)
self.RunProjectsBeta('describe', test_project.projectId)
self.AssertOutputEquals("""\
lifecycleState: ACTIVE
name: My Project 5
projectId: feisty-catcher-644
projectNumber: '925276746377'
""", normalize_space=True)
def testListClientLimit(self):
test_project = util.GetTestActiveProject()
self.StartObjectPatch(filter_rewrite.ListRewriter,
'Rewrite',
return_value=('args.filter', ''))
# Expect server-side default limit of 500, as limit is applied client-side
self.mock_client.projects.List.Expect(
self.messages.CloudresourcemanagerProjectsListRequest(
pageSize=500, filter='lifecycleState:ACTIVE'),
self.messages.ListProjectsResponse(projects=[test_project]))
self.RunProjects('list', '--limit=1')
def testListServerLimit(self):
test_project = util.GetTestActiveProject()
self.StartObjectPatch(filter_rewrite.ListRewriter,
'Rewrite',
return_value=(None, ''))
# Expect server-side limit to be set to 1, per the provided flag
self.mock_client.projects.List.Expect(
self.messages.CloudresourcemanagerProjectsListRequest(
pageSize=1, filter='lifecycleState:ACTIVE'),
self.messages.ListProjectsResponse(projects=[test_project]))
self.RunProjects('list', '--limit=1')
def testDeleteValidProjectWithFormatDisabled(self):
test_project_id = util.GetTestActiveProject().projectId
self.mock_client.projects.Delete.Expect(
self.messages.CloudresourcemanagerProjectsDeleteRequest(
projectId=test_project_id), self.messages.Empty())
self.WriteInput('y\n')
result = self.RunProjectsBeta('delete', '--format=disable',
test_project_id)
self.assertEqual([{
'projectId': 'feisty-catcher-644'
}], resource_projector.MakeSerializable(list(result)))
self.AssertOutputEquals('')
self.AssertErrContains('Your project will be deleted')
def testGetIamPolicyProject(self):
properties.VALUES.core.user_output_enabled.Set(False)
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION)),
resource=test_project.projectId),
copy.deepcopy(test_util.GetTestIamPolicy()))
response = self.RunProjects('get-iam-policy', test_project.projectId)
self.assertEqual(response, test_util.GetTestIamPolicy())
def testTestIamPermissions(self):
requested_permissions = ['storage.buckets.create', 'storage.buckets.delete']
expected_permissions = ['storage.buckets.create']
test_project = util.GetTestActiveProject()
test_project_ref = command_lib_util.ParseProject(test_project.projectId)
self.mock_client.projects.TestIamPermissions.Expect(
self.messages.CloudresourcemanagerProjectsTestIamPermissionsRequest(
resource=test_project_ref.Name(),
testIamPermissionsRequest=self.messages.TestIamPermissionsRequest(
permissions=requested_permissions)),
self.messages.TestIamPermissionsResponse(
permissions=expected_permissions))
response = projects_api.TestIamPermissions(test_project_ref,
requested_permissions)
self.assertEqual(response.permissions, expected_permissions)
def testDeleteValidProject(self):
test_project_id = util.GetTestActiveProject().projectId
self.mock_client.projects.Delete.Expect(
self.messages.CloudresourcemanagerProjectsDeleteRequest(
projectId=test_project_id), self.messages.Empty())
self.WriteInput('y\n')
result = self.RunProjectsBeta('delete', '--format=disable',
test_project_id)
self.assertEqual([{
'projectId': 'feisty-catcher-644'
}], resource_projector.MakeSerializable(list(result)))
self.AssertOutputEquals('')
self.AssertErrContains('Your project will be deleted')
self.AssertErrContains("""
You can undo this operation for a limited period by running the command below.
$ gcloud projects undelete {1}
{0}""".format(flags.SHUT_DOWN_PROJECTS, test_project_id))
def testAuditConfigsPreservedSetIamPolicyProject(self):
start_policy = test_util.GetTestIamPolicy()
new_policy = test_util.GetTestIamPolicy(clear_fields=['auditConfigs'])
json = encoding.MessageToJson(new_policy)
temp_file = self.Touch(self.temp_path, 'good.json', contents=json)
# set the expected version to 3
new_policy.version = iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.SetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsSetIamPolicyRequest(
resource=test_project.projectId,
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=new_policy, updateMask='bindings,etag')),
start_policy)
response = self.RunProjects('set-iam-policy', test_project.projectId,
temp_file)
self.assertEqual(response, start_policy)
def testListCommandFilter(self):
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION)),
resource=test_project.projectId),
copy.deepcopy(test_util.GetTestIamPolicy()))
command = [
'get-iam-policy',
test_project.projectId,
'--flatten=bindings[].members',
'--filter=bindings.role:roles/owner',
'--format=table[no-heading](bindings.members:sort=1)',
]
self.RunProjects(*command)
self.AssertOutputEquals(
'user:[email protected]\nuser:[email protected]\n')
def testBindingWithoutConditionPolicyWithCondition_CannotPrompt(self):
self.StartPatch(
'googlecloudsdk.core.console.console_io.CanPrompt', return_value=False)
test_project = test_util.GetTestActiveProject()
start_policy = copy.deepcopy(self.test_iam_policy_with_condition)
remove_user = '******'
remove_role = 'roles/non-primitive'
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
resource=test_project.projectId,
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=
iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION))),
start_policy)
with self.AssertRaisesExceptionRegexp(
iam_util.IamPolicyBindingIncompleteError,
'.*Removing a binding without specifying a condition from a policy.*'):
self.RunProjects('remove-iam-policy-binding', test_project.projectId,
'--role={0}'.format(remove_role),
'--member={0}'.format(remove_user))
def testPromptForCondition_CannotPrompt(self):
self.StartPatch('googlecloudsdk.core.console.console_io.CanPrompt',
return_value=False)
test_project = test_util.GetTestActiveProject()
new_role = 'roles/another-non-primitive'
new_user = '******'
start_policy = self.test_iam_policy_with_condition
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
resource=test_project.projectId,
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION))), start_policy)
with self.AssertRaisesExceptionRegexp(
iam_util.IamPolicyBindingIncompleteError,
'.*Adding a binding without specifying a condition to a policy.*'
):
self.RunProjects('add-iam-policy-binding', test_project.projectId,
'--role={0}'.format(new_role),
'--member={0}'.format(new_user))
def testDeleteFails400(self):
exception = http_error.MakeDetailedHttpError(
url='https://cloudresourcemanager.googleapis.com/v1/projects/p123',
reason='FAILED_PRECONDITION',
message='Precondition check failed.',
details=[{
'@type':
'type.googleapis.com/google.rpc.PreconditionFailure',
'violations': [{
'type':
'LIEN',
'subject':
'liens/p123-l4c552089-e37c-4db7-bfee-cfaf268f1038',
'description':
('A lien to prevent deletion was placed on the'
' project by [buck]. Remove the lien to allow'
' deletion.')
}]
}])
test_project_id = util.GetTestActiveProject().projectId
self.mock_client.projects.Delete.Expect(
self.messages.CloudresourcemanagerProjectsDeleteRequest(
projectId=test_project_id),
exception=exception)
self.WriteInput('y\n')
with self.assertRaises(api_exceptions.HttpException):
self.RunProjects('delete', test_project_id)
self.AssertErrContains("""\
ERROR: (gcloud.projects.delete) FAILED_PRECONDITION: Precondition check failed.
- '@type': type.googleapis.com/google.rpc.PreconditionFailure
violations:
- description: A lien to prevent deletion was placed on the project by [buck]. Remove
the lien to allow deletion.
subject: liens/p123-l4c552089-e37c-4db7-bfee-cfaf268f1038
type: LIEN
""",
normalize_space=True)
