def test_build_valid_subresources(self):
self.http = HttpMock(datafile('iam.json'), {'status': '200'})
client = build_subresource('iam.roles', 'v1', http=self.http)
self.assertTrue(client)
self.assertIsInstance(client, Resource)
client = build_subresource('iam.projects.roles', 'v1', http=self.http)
self.assertTrue(client)
self.assertIsInstance(client, Resource)
def ancestry(self):
if self._ancestry:
return self._ancestry
# attempt to fill in the resource's ancestry
# if the target project has the cloudresourcemanager api disabled, this will fail
# if the resource_data doesn't include the project_id (ex: with storage buckets) this will also fail
try:
resource_manager_projects = build_subresource(
'cloudresourcemanager.projects', 'v1', **self._client_kwargs)
resp = resource_manager_projects.getAncestry(
projectId=self.project_id).execute()
# Reformat getAncestry response to be a list of resource names
self._ancestry = [
f"//cloudresourcemanager.googleapis.com/{ancestor['resourceId']['type']}s/{ancestor['resourceId']['id']}"
for ancestor in resp.get('ancestor')
]
except Exception:
# This call is best-effort. Any failures should be caught
pass
return self._ancestry
def __init__(self, resource_data, **kwargs):
full_resource_path = "{}.{}".format(self.service_name,
self.resource_path)
self.service = build_subresource(full_resource_path, self.version,
**kwargs)
# Store the extra kwargs in case we need to create new clients
self.kwargs = kwargs
# Support original update method until we can deprecate it
self.update = self.remediate
# If we are a property of a resource, also get the resource we're
# associated with
if self.is_property():
# Build resource data for the parent
parent_data = resource_data.copy()
parent_type = resource_data['resource_type'].rsplit('.', 1)[0]
parent_data['resource_type'] = parent_type
self.parent_resource = GoogleAPIResource.factory(
parent_data, **kwargs)
self.resource_data = resource_data
self._ancestry = None
def __init__(self, resource_data, **kwargs):
full_resource_path = "{}.{}".format(self.service_name,
self.resource_path)
self.service = build_subresource(full_resource_path, self.version,
**kwargs)
self.resource_data = resource_data
def scenario(request):
'''Generate an iam test scenario
A test scenario consists of the client to use and a resource to
operate on.
This generates scenarios for pubsub and cloudresourcemanager,
since one requires GET for getIamPolicy and the other uses POST.
'''
if request.param == 'pubsub':
client = build_subresource('pubsub.projects.topics', 'v1')
topic = client.create(
name='projects/%s/topics/gapich-test-%s' % (
project_id,
test_time,
),
body={},
).execute()
kwargs = {'resource': topic['name']}
yield (client, 'roles/viewer', kwargs)
client.delete(topic=topic['name']).execute()
elif request.param == 'cloudresourcemanager':
client = build_subresource('cloudresourcemanager.projects', 'v1beta1')
kwargs = {'resource': project_id}
yield (client, 'roles/viewer', kwargs)
elif request.param == 'storage':
client = build_subresource('storage.buckets', 'v1')
bucket = client.insert(project=project_id,
body={
'name': 'gapich-test-{}'.format(test_time)
}).execute()
kwargs = {'bucket': bucket['name']}
yield (client, 'roles/storage.objectViewer', kwargs)
client.delete(bucket=bucket['name'])
def service(self):
if self._service is None:
full_resource_path = "{}.{}".format(self.service_name,
self.resource_path)
self._service = build_subresource(full_resource_path, self.version,
**self._client_kwargs)
return self._service
def member():
client = build_subresource('iam.projects.serviceAccounts', 'v1')
svcacct = client.create(
name='projects/%s' % project_id,
body={
'accountId': 'gapich-test-%s' % test_time
},
).execute()
yield 'serviceAccount:%s' % svcacct['email']
client.delete(name=svcacct['name']).execute()
def __init__(self, resource_data, **kwargs):
full_resource_path = "{}.{}".format(self.service_name,
self.resource_path)
self.service = build_subresource(full_resource_path, self.version,
**kwargs)
# If we are a property of a resource, also get the resource we're
# associated with
if self.is_property():
# Build resource data for the parent
parent_data = resource_data.copy()
parent_type = resource_data['resource_type'].rsplit('.', 1)[0]
parent_data['resource_type'] = parent_type
self.parent_resource = GoogleAPIResource.factory(
parent_data, **kwargs)
self.resource_data = resource_data
def ancestry(self):
if self._ancestry:
return self._ancestry
# attempt to fill in the resource's ancestry
# if the target project has the cloudresourcemanager api disabled, this will fail
try:
global resource_manager_projects
if resource_manager_projects is None:
resource_manager_projects = build_subresource(
'cloudresourcemanager.projects', 'v1', **self.kwargs)
self._ancestry = resource_manager_projects.getAncestry(
projectId=self.resource_data['project_id']).execute()
except Exception:
# This call is best-effort. Any failures should be caught
pass
return self._ancestry
def test_build_nonexistent_subresource(self):
self.http = HttpMock(datafile('iam.json'), {'status': '200'})
with self.assertRaises(AttributeError):
build_subresource('iam.bogus_subresource', 'v1', http=self.http)