def test_bigtable_admins_policy(): service_account_email = Config.CLIENT._credentials.service_account_email # [START bigtable_admins_policy] from google.cloud.bigtable import Client from google.cloud.bigtable.policy import Policy from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE client = Client(admin=True) instance = client.instance(INSTANCE_ID) instance.reload() new_policy = Policy() new_policy[BIGTABLE_ADMIN_ROLE] = [ Policy.service_account(service_account_email) ] policy_latest = instance.set_iam_policy(new_policy) policy = policy_latest.bigtable_admins # [END bigtable_admins_policy] assert len(policy) > 0
def test_instance_set_iam_policy(): from google.iam.v1 import policy_pb2 from google.cloud.bigtable.policy import Policy from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE credentials = _make_credentials() client = _make_client(project=PROJECT, credentials=credentials, admin=True) instance = _make_instance(INSTANCE_ID, client) version = 1 etag = b"etag_v1" members = ["serviceAccount:[email protected]", "user:[email protected]"] bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": sorted(members)}] iam_policy_pb = policy_pb2.Policy(version=version, etag=etag, bindings=bindings) api = client._instance_admin_client = _make_instance_admin_api() api.set_iam_policy.return_value = iam_policy_pb iam_policy = Policy(etag=etag, version=version) iam_policy[BIGTABLE_ADMIN_ROLE] = [ Policy.user("*****@*****.**"), Policy.service_account("*****@*****.**"), ] result = instance.set_iam_policy(iam_policy) api.set_iam_policy.assert_called_once_with(request={ "resource": instance.name, "policy": iam_policy_pb }) assert result.version == version assert result.etag == etag admins = result.bigtable_admins assert len(admins) == len(members) for found, expected in zip(sorted(admins), sorted(members)): assert found == expected
def _make_policy(*args, **kw): from google.cloud.bigtable.policy import Policy return Policy(*args, **kw)