def test_merge_with_different_owner_policy(self): """Test output of the function when there is an existing but different owner IAM policy in the properties""" env = {'project_number': '123'} properties = { 'iam-policy': { 'bindings': [{ 'role': 'roles/owner', 'members': ['user:[email protected]'] }] } } expected = { 'bindings': [{ 'role': 'roles/owner', 'members': [ 'user:[email protected]', ('serviceAccount:123@cloudservices' '.gserviceaccount.com') ] }] } actual_iam_policies = ( p.MergeCallingServiceAccountWithOwnerPermissinsIntoBindings( env, properties)) self.assertEqual(expected, actual_iam_policies)
def test_merge_with_missing_bindings_but_other_key_present(self): """"Test the function when there are no bindings in the iam policy block but some other unknown key exists""" env = {'project_number': '123'} properties = { 'iam-policy': { 'foobar': { 'strangekey': 1 } } } expected = { 'foobar': { 'strangekey': 1 }, 'bindings': [ { 'role': 'roles/owner', 'members': [('serviceAccount:123@cloudservices' '.gserviceaccount.com')] } ] } actual_iam_policies = ( p.MergeCallingServiceAccountWithOwnerPermissinsIntoBindings( env, properties)) self.assertEqual(expected, actual_iam_policies)
def test_merge_no_iam_policies(self): """Test output of the function when there are no IAM policies in the properties""" env = {'project_number': '123'} properties = {} expected = { 'bindings': [{ 'role': 'roles/owner', 'members': ['serviceAccount:[email protected]'] }] } actual_iam_policies = ( p.MergeCallingServiceAccountWithOwnerPermissinsIntoBindings( env, properties)) self.assertEqual(expected, actual_iam_policies)