def test_test_iam_permissions(self): from google.cloud.bigtable.client import Client from google.cloud.bigtable_admin_v2.services.bigtable_table_admin import ( BigtableTableAdminClient, ) from google.iam.v1 import iam_policy_pb2 credentials = _make_credentials() client = Client(project=self.PROJECT_ID, credentials=credentials, admin=True) instance = client.instance(instance_id=self.INSTANCE_ID) backup = self._make_one(self.BACKUP_ID, instance, cluster_id=self.CLUSTER_ID) permissions = ["bigtable.backups.create", "bigtable.backups.list"] response = iam_policy_pb2.TestIamPermissionsResponse(permissions=permissions) table_api = mock.create_autospec(BigtableTableAdminClient) table_api.test_iam_permissions.return_value = response client._table_admin_client = table_api result = backup.test_iam_permissions(permissions) self.assertEqual(result, permissions) table_api.test_iam_permissions.assert_called_once_with( request={"resource": backup.name, "permissions": permissions} )
def __init__(self, PROJECT_ID, INSTANCE_ID, TABLE_ID): self.project_id = PROJECT_ID self.instance_id = INSTANCE_ID self.table_id = TABLE_ID client = Client(project=PROJECT_ID, admin=True) instance = client.instance(INSTANCE_ID) table = instance.table(TABLE_ID)
def test_set_iam_policy(self): from google.cloud.bigtable.client import Client from google.cloud.bigtable_admin_v2.services.bigtable_table_admin import ( BigtableTableAdminClient, ) from google.iam.v1 import policy_pb2 from google.cloud.bigtable.policy import Policy from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE credentials = _make_credentials() client = Client(project=self.PROJECT_ID, credentials=credentials, admin=True) instance = client.instance(instance_id=self.INSTANCE_ID) backup = self._make_one(self.BACKUP_ID, instance, cluster_id=self.CLUSTER_ID) version = 1 etag = b"etag_v1" members = [ "serviceAccount:[email protected]", "user:[email protected]" ] bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": sorted(members)}] iam_policy_pb = policy_pb2.Policy(version=version, etag=etag, bindings=bindings) table_api = mock.create_autospec(BigtableTableAdminClient) client._table_admin_client = table_api table_api.set_iam_policy.return_value = iam_policy_pb iam_policy = Policy(etag=etag, version=version) iam_policy[BIGTABLE_ADMIN_ROLE] = [ Policy.user("*****@*****.**"), Policy.service_account("*****@*****.**"), ] result = backup.set_iam_policy(iam_policy) table_api.set_iam_policy.assert_called_once_with( request={ "resource": backup.name, "policy": iam_policy_pb }) self.assertEqual(result.version, version) self.assertEqual(result.etag, etag) admins = result.bigtable_admins self.assertEqual(len(admins), len(members)) for found, expected in zip(sorted(admins), sorted(members)): self.assertEqual(found, expected)
def test_backup_get_iam_policy(): from google.cloud.bigtable.client import Client from google.cloud.bigtable_admin_v2.services.bigtable_table_admin import ( BigtableTableAdminClient, ) from google.iam.v1 import policy_pb2 from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE credentials = _make_credentials() client = Client(project=PROJECT_ID, credentials=credentials, admin=True) instance = client.instance(instance_id=INSTANCE_ID) backup = _make_backup(BACKUP_ID, instance, cluster_id=CLUSTER_ID) version = 1 etag = b"etag_v1" members = ["serviceAccount:[email protected]", "user:[email protected]"] bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": members}] iam_policy = policy_pb2.Policy(version=version, etag=etag, bindings=bindings) table_api = mock.create_autospec(BigtableTableAdminClient) client._table_admin_client = table_api table_api.get_iam_policy.return_value = iam_policy result = backup.get_iam_policy() table_api.get_iam_policy.assert_called_once_with( request={"resource": backup.name}) assert result.version == version assert result.etag == etag admins = result.bigtable_admins assert len(admins) == len(members) for found, expected in zip(sorted(admins), sorted(members)): assert found == expected
def test_access_with_non_admin_client(self): client = Client(admin=False) instance = client.instance(INSTANCE_ID) table = instance.table(self._table.table_id) self.assertIsNone(table.read_row("nonesuch"))