def RunIamCheck(self, project_id): project_ref = project_util.ParseProject(project_id) result = projects_api.TestIamPermissions(project_ref, REQUIRED_PERMISSIONS) granted_permissions = result.permissions if set(REQUIRED_PERMISSIONS) != set(granted_permissions): raise Exception("caller doesn't have sufficient permission.")
def RunIamCheck(self, project_id): project_ref = project_util.ParseProject(project_id) result = projects_api.TestIamPermissions(project_ref, REQUIRED_PERMISSIONS) granted_permissions = result.permissions if set(REQUIRED_PERMISSIONS) != set(granted_permissions): raise memberships_errors.InsufficientPermissionsError()
def _AdcHasGivenPermissionOnProjectHelper(project_ref, permissions): cred_file_override_old = properties.VALUES.auth.credential_file_override.Get() try: properties.VALUES.auth.credential_file_override.Set(config.ADCFilePath()) granted_permissions = projects_api.TestIamPermissions( project_ref, permissions).permissions return set(permissions) == set(granted_permissions) finally: properties.VALUES.auth.credential_file_override.Set(cred_file_override_old)
def testTestIamPermissions(self): requested_permissions = ['storage.buckets.create', 'storage.buckets.delete'] expected_permissions = ['storage.buckets.create'] test_project = util.GetTestActiveProject() test_project_ref = command_lib_util.ParseProject(test_project.projectId) self.mock_client.projects.TestIamPermissions.Expect( self.messages.CloudresourcemanagerProjectsTestIamPermissionsRequest( resource=test_project_ref.Name(), testIamPermissionsRequest=self.messages.TestIamPermissionsRequest( permissions=requested_permissions)), self.messages.TestIamPermissionsResponse( permissions=expected_permissions)) response = projects_api.TestIamPermissions(test_project_ref, requested_permissions) self.assertEqual(response.permissions, expected_permissions)
def CheckCreateCertificateAuthorityPermissions(project_ref, kms_key_ref): """Ensures that the current user has the required permissions to create a CA. Args: project_ref: The project where the new CA will be created. kms_key_ref: The KMS key that will be used by the CA. Raises: InsufficientPermissionException: If the user is missing permissions. """ _CheckAllPermissions( projects_api.TestIamPermissions( project_ref, _CA_CREATE_PERMISSIONS_ON_PROJECT).permissions, _CA_CREATE_PERMISSIONS_ON_PROJECT, 'project') _CheckAllPermissions( kms_iam.TestCryptoKeyIamPermissions( kms_key_ref, _CA_CREATE_PERMISSIONS_ON_KEY).permissions, _CA_CREATE_PERMISSIONS_ON_KEY, 'KMS key')
def TestRedirectionIAMPermission(project): """Tests the user has the storage.buckets.update IAM permission on the project.""" project_ref = project_util.ParseProject(project) result = projects_api.TestIamPermissions(project_ref, REDIRECT_PERMISSIONS) return set(REDIRECT_PERMISSIONS) == set(result.permissions)