def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response ) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = spanner_admin_instance_v1.InstanceAdminClient() # Setup Request resource = client.instance_path("[PROJECT]", "[INSTANCE]") permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions ) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = publisher_client.PublisherClient() # Setup Request resource = "resource-341064690" permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_iam_permissions(self, resource, permissions, options=None): """ Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Example: >>> from google.cloud.gapic.pubsub.v1 import subscriber_client >>> client = subscriber_client.SubscriberClient() >>> resource = client.subscription_path('[PROJECT]', '[SUBSCRIPTION]') >>> permissions = [] >>> response = client.test_iam_permissions(resource, permissions) Args: resource (string): REQUIRED: The resource for which the policy detail is being requested. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. permissions (list[string]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview <https://cloud.google.com/iam/docs/overview#permissions>`_. options (:class:`google.gax.CallOptions`): Overrides the default settings for this call, e.g, timeout, retries etc. Returns: A :class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse` instance. Raises: :exc:`google.gax.errors.GaxError` if the RPC is aborted. :exc:`ValueError` if the parameters are invalid. """ # Create the request object. request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) return self._test_iam_permissions(request, options)
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = kms_v1.KeyManagementServiceClient() # Setup Request resource = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = datacatalog_v1beta1.DataCatalogClient() # Setup Request resource = client.tag_template_path("[PROJECT]", "[LOCATION]", "[TAG_TEMPLATE]") permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_iam_permissions(self, resource, permissions, options=None): """ Tests the specified permissions against the IAM access control policy for a ``ServiceAccount``. Example: >>> from google.cloud.gapic.iam_admin.v1 import iam_api >>> api = iam_api.IAMApi() >>> resource = api.service_account_path('[PROJECT]', '[SERVICE_ACCOUNT]') >>> permissions = [] >>> response = api.test_iam_permissions(resource, permissions) Args: resource (string): REQUIRED: The resource for which the policy detail is being requested. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. permissions (list[string]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview <https://cloud.google.com/iam/docs/overview#permissions>`_. options (:class:`google.gax.CallOptions`): Overrides the default settings for this call, e.g, timeout, retries etc. Returns: A :class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse` instance. Raises: :exc:`google.gax.errors.GaxError` if the RPC is aborted. :exc:`ValueError` if the parameters are invalid. """ request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) return self._test_iam_permissions(request, options)
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response ) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = securitycenter_v1.SecurityCenterClient() # Setup Request resource = client.source_path("[ORGANIZATION]", "[SOURCE]") permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions ) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self, mock_create_stub): # Mock gRPC layer grpc_stub = mock.Mock() mock_create_stub.return_value = grpc_stub client = subscriber_client.SubscriberClient() # Mock request resource = client.subscription_path('[PROJECT]', '[SUBSCRIPTION]') permissions = [] # Mock response expected_response = iam_policy_pb2.TestIamPermissionsResponse() grpc_stub.TestIamPermissions.return_value = expected_response response = client.test_iam_permissions(resource, permissions) self.assertEqual(expected_response, response) grpc_stub.TestIamPermissions.assert_called_once() args, kwargs = grpc_stub.TestIamPermissions.call_args self.assertEqual(len(args), 2) self.assertEqual(len(kwargs), 1) self.assertIn('metadata', kwargs) actual_request = args[0] expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) self.assertEqual(expected_request, actual_request)
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch('google.api_core.grpc_helpers.create_channel') with patch as create_channel: create_channel.return_value = channel client = tasks_v2beta2.CloudTasksClient() # Setup Request resource = client.queue_path('[PROJECT]', '[LOCATION]', '[QUEUE]') permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(transport: str = "grpc"): client = CloudBillingClient(credentials=credentials.AnonymousCredentials(), transport=transport) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. request = iam_policy.TestIamPermissionsRequest() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.test_iam_permissions), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = iam_policy.TestIamPermissionsResponse( permissions=["permissions_value"]) response = client.test_iam_permissions(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] assert args[0] == request # Establish that the response is the type that we expect. assert isinstance(response, iam_policy.TestIamPermissionsResponse) assert response.permissions == ["permissions_value"]
def test_test_iam_permissions(self): from google.cloud.bigtable_admin_v2.gapic import ( bigtable_instance_admin_client) from google.iam.v1 import iam_policy_pb2 credentials = _make_credentials() client = self._make_client(project=self.PROJECT, credentials=credentials, admin=True) instance = self._make_one(self.INSTANCE_ID, client) permissions = ["bigtable.tables.create", "bigtable.clusters.create"] expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=instance.name, permissions=permissions) # Patch the stub used by the API method. channel = ChannelStub(responses=[expected_request]) instance_api = ( bigtable_instance_admin_client.BigtableInstanceAdminClient( channel=channel)) client._instance_admin_client = instance_api result = instance.test_iam_permissions(permissions) actual_request = channel.requests[0][1] self.assertEqual(actual_request, expected_request) self.assertEqual(result, permissions)
def test_test_iam_permissions(self, mock_create_stub): # Mock gRPC layer grpc_stub = mock.Mock() mock_create_stub.return_value = grpc_stub client = spanner_admin_database_v1.DatabaseAdminClient() # Mock request resource = client.database_path('[PROJECT]', '[INSTANCE]', '[DATABASE]') permissions = [] # Mock response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) grpc_stub.TestIamPermissions.return_value = expected_response response = client.test_iam_permissions(resource, permissions) self.assertEqual(expected_response, response) grpc_stub.TestIamPermissions.assert_called_once() args, kwargs = grpc_stub.TestIamPermissions.call_args self.assertEqual(len(args), 2) self.assertEqual(len(kwargs), 1) self.assertIn('metadata', kwargs) actual_request = args[0] expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) self.assertEqual(expected_request, actual_request)
def test_iam_permissions(self, resource, permissions, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ Returns permissions that the caller has on the specified database resource. Attempting this RPC on a non-existent Cloud Spanner database will result in a NOT_FOUND error if the user has ``spanner.databases.list`` permission on the containing Cloud Spanner instance. Otherwise returns an empty set of permissions. Example: >>> from google.cloud import spanner_admin_database_v1 >>> >>> client = spanner_admin_database_v1.DatabaseAdminClient() >>> >>> resource = client.database_path('[PROJECT]', '[INSTANCE]', '[DATABASE]') >>> permissions = [] >>> >>> response = client.test_iam_permissions(resource, permissions) Args: resource (str): REQUIRED: The resource for which the policy detail is being requested. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview <https://cloud.google.com/iam/docs/overview#permissions>`_. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. Returns: A :class:`~google.cloud.spanner_admin_database_v1.types.TestIamPermissionsResponse` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions, ) return self._test_iam_permissions(request, retry=retry, timeout=timeout, metadata=metadata)
def test_iam_permissions( self, request: iam_policy_pb2.TestIamPermissionsRequest = None, *, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> iam_policy_pb2.TestIamPermissionsResponse: r"""Tests the specified IAM permissions against the IAM access control policy for a function. If the function does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Args: request (:class:`~.iam_policy_pb2.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: ~.iam_policy_pb2.TestIamPermissionsResponse: Response message for ``TestIamPermissions`` method. """ # Create or coerce a protobuf request object. # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. if isinstance(request, dict): request = iam_policy_pb2.TestIamPermissionsRequest(**request) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = gapic_v1.method.wrap_method( self._transport.test_iam_permissions, default_timeout=None, client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + (gapic_v1.routing_header.to_grpc_metadata( (("resource", request.resource), )), ) # Send the request. response = rpc( request, retry=retry, timeout=timeout, metadata=metadata, ) # Done; return the response. return response
async def test_iam_permissions( self, request: iam_policy.TestIamPermissionsRequest = None, *, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> iam_policy.TestIamPermissionsResponse: r"""Returns the permissions that a caller has on the specified taxonomy or policy tag. Args: request (:class:`~.iam_policy.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: ~.iam_policy.TestIamPermissionsResponse: Response message for ``TestIamPermissions`` method. """ # Create or coerce a protobuf request object. # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. if isinstance(request, dict): request = iam_policy.TestIamPermissionsRequest(**request) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = gapic_v1.method_async.wrap_method( self._client._transport.test_iam_permissions, default_timeout=None, client_info=_client_info, ) # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + (gapic_v1.routing_header.to_grpc_metadata( (("resource", request.resource), )), ) # Send the request. response = await rpc( request, retry=retry, timeout=timeout, metadata=metadata, ) # Done; return the response. return response
def test_test_iam_permissions_flattened_error(): client = CloudBillingClient(credentials=credentials.AnonymousCredentials()) # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): client.test_iam_permissions( iam_policy.TestIamPermissionsRequest(), resource="resource_value", permissions=["permissions_value"], )
def sample_test_iam_permissions(): # Create a client client = bigquery_connection_v1.ConnectionServiceClient() # Initialize request argument(s) request = iam_policy_pb2.TestIamPermissionsRequest( resource="resource_value", permissions=['permissions_value_1', 'permissions_value_2'], ) # Make the request response = client.test_iam_permissions(request=request) # Handle the response print(response)
async def sample_test_iam_permissions(): # Create a client client = spanner_admin_instance_v1.InstanceAdminAsyncClient() # Initialize request argument(s) request = iam_policy_pb2.TestIamPermissionsRequest( resource="resource_value", permissions=['permissions_value_1', 'permissions_value_2'], ) # Make the request response = await client.test_iam_permissions(request=request) # Handle the response print(response)
async def sample_test_iam_permissions(): # Create a client client = secretmanager_v1.SecretManagerServiceAsyncClient() # Initialize request argument(s) request = iam_policy_pb2.TestIamPermissionsRequest( resource="resource_value", permissions=['permissions_value_1', 'permissions_value_2'], ) # Make the request response = await client.test_iam_permissions(request=request) # Handle the response print(response)
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = datacatalog_v1beta1.PolicyTagManagerClient() response = client.test_iam_permissions() assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest() actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_iam_permissions(self, resource, permissions, options=None): """ Returns permissions that the caller has on the specified database resource. Attempting this RPC on a non-existent Cloud Spanner database will result in a NOT_FOUND error if the user has ``spanner.databases.list`` permission on the containing Cloud Spanner instance. Otherwise returns an empty set of permissions. Example: >>> from google.cloud import spanner_admin_database_v1 >>> >>> client = spanner_admin_database_v1.DatabaseAdminClient() >>> >>> resource = client.database_path('[PROJECT]', '[INSTANCE]', '[DATABASE]') >>> permissions = [] >>> >>> response = client.test_iam_permissions(resource, permissions) Args: resource (str): REQUIRED: The resource for which the policy detail is being requested. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview <https://cloud.google.com/iam/docs/overview#permissions>`_. options (~google.gax.CallOptions): Overrides the default settings for this call, e.g, timeout, retries etc. Returns: A :class:`~google.cloud.spanner_admin_database_v1.types.TestIamPermissionsResponse` instance. Raises: :exc:`google.gax.errors.GaxError` if the RPC is aborted. :exc:`ValueError` if the parameters are invalid. """ request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) return self._test_iam_permissions(request, options)
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = subscriber_client.SubscriberClient(channel=channel) # Setup Request resource = client.subscription_path('[PROJECT]', '[SUBSCRIPTION]') permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = securitycenter_v1beta1.SecurityCenterClient(channel=channel) # Setup Request resource = client.source_path('[ORGANIZATION]', '[SOURCE]') permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = bigtable_admin_v2.BigtableInstanceAdminClient(channel=channel) # Setup Request resource = client.instance_path('[PROJECT]', '[INSTANCE]') permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = tasks_v2beta3.CloudTasksClient(channel=channel) # Setup Request resource = client.queue_path('[PROJECT]', '[LOCATION]', '[QUEUE]') permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = kms_v1.KeyManagementServiceClient(channel=channel) # Setup Request resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_test_iam_permissions(self): # Setup Expected Response expected_response = {} expected_response = iam_policy_pb2.TestIamPermissionsResponse( **expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = iot_v1.DeviceManagerClient(channel=channel) # Setup Request resource = client.registry_path('[PROJECT]', '[LOCATION]', '[REGISTRY]') permissions = [] response = client.test_iam_permissions(resource, permissions) assert expected_response == response assert len(channel.requests) == 1 expected_request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) actual_request = channel.requests[0][1] assert expected_request == actual_request
async def test_iam_permissions( self, request: iam_policy.TestIamPermissionsRequest = None, *, resource: str = None, permissions: Sequence[str] = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> iam_policy.TestIamPermissionsResponse: r"""Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a ``NOT_FOUND`` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. Args: request (:class:`~.iam_policy.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. resource (:class:`str`): REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. permissions (:class:`Sequence[str]`): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview <https://cloud.google.com/iam/docs/overview#permissions>`__. This corresponds to the ``permissions`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: ~.iam_policy.TestIamPermissionsResponse: Response message for ``TestIamPermissions`` method. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([resource, permissions]) if request is not None and has_flattened_params: raise ValueError("If the `request` argument is set, then none of " "the individual field arguments should be set.") # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. if isinstance(request, dict): request = iam_policy.TestIamPermissionsRequest(**request) elif not request: request = iam_policy.TestIamPermissionsRequest( resource=resource, permissions=permissions, ) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = gapic_v1.method_async.wrap_method( self._client._transport.test_iam_permissions, default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + (gapic_v1.routing_header.to_grpc_metadata( (("resource", request.resource), )), ) # Send the request. response = await rpc( request, retry=retry, timeout=timeout, metadata=metadata, ) # Done; return the response. return response
def test_iam_permissions(self, resource, permissions, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT\_FOUND error. Example: >>> from google.cloud import pubsub_v1 >>> >>> client = pubsub_v1.PublisherClient() >>> >>> resource = client.topic_path('[PROJECT]', '[TOPIC]') >>> >>> # TODO: Initialize `permissions`: >>> permissions = [] >>> >>> response = client.test_iam_permissions(resource, permissions) Args: resource (str): REQUIRED: The resource for which the policy detail is being requested. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview <https://cloud.google.com/iam/docs/overview#permissions>`__. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata that is provided to the method. Returns: A :class:`~google.cloud.pubsub_v1.types.TestIamPermissionsResponse` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ # Wrap the transport method to add retry and timeout logic. if 'test_iam_permissions' not in self._inner_api_calls: self._inner_api_calls[ 'test_iam_permissions'] = google.api_core.gapic_v1.method.wrap_method( self.transport.test_iam_permissions, default_retry=self._method_configs['TestIamPermissions']. retry, default_timeout=self._method_configs['TestIamPermissions']. timeout, client_info=self._client_info, ) request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions, ) return self._inner_api_calls['test_iam_permissions'](request, retry=retry, timeout=timeout, metadata=metadata)
def test_iam_permissions( self, resource, permissions, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None, ): """ Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT\_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. Example: >>> from google.cloud import pubsub_v1 >>> >>> client = pubsub_v1.PublisherClient() >>> >>> resource = client.topic_path('[PROJECT]', '[TOPIC]') >>> >>> # TODO: Initialize `permissions`: >>> permissions = [] >>> >>> response = client.test_iam_permissions(resource, permissions) Args: resource (str): REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see `IAM Overview <https://cloud.google.com/iam/docs/overview#permissions>`__. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata that is provided to the method. Returns: A :class:`~google.cloud.pubsub_v1.types.TestIamPermissionsResponse` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ # Wrap the transport method to add retry and timeout logic. if "test_iam_permissions" not in self._inner_api_calls: self._inner_api_calls[ "test_iam_permissions"] = google.api_core.gapic_v1.method.wrap_method( self.transport.test_iam_permissions, default_retry=self._method_configs["TestIamPermissions"]. retry, default_timeout=self._method_configs["TestIamPermissions"]. timeout, client_info=self._client_info, ) request = iam_policy_pb2.TestIamPermissionsRequest( resource=resource, permissions=permissions) if metadata is None: metadata = [] metadata = list(metadata) try: routing_header = [("resource", resource)] except AttributeError: pass else: routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( routing_header) metadata.append(routing_metadata) return self._inner_api_calls["test_iam_permissions"](request, retry=retry, timeout=timeout, metadata=metadata)