def test_merge_with_different_owner_policy(self):
"""Test output of the function when there is an existing but different
owner IAM policy in the properties"""
env = {'project_number': '123'}
properties = {
'iam-policy': {
'bindings': [{
'role': 'roles/owner',
'members': ['user:[email protected]']
}]
}
}
expected = {
'bindings': [{
'role':
'roles/owner',
'members': [
'user:[email protected]',
('serviceAccount:123@cloudservices'
'.gserviceaccount.com')
]
}]
}
actual_iam_policies = (
p.MergeCallingServiceAccountWithOwnerPermissinsIntoBindings(
env, properties))
self.assertEqual(expected, actual_iam_policies)
def test_merge_with_missing_bindings_but_other_key_present(self):
""""Test the function when there are no bindings in the iam policy block
but some other unknown key exists"""
env = {'project_number': '123'}
properties = {
'iam-policy': {
'foobar': {
'strangekey': 1
}
}
}
expected = {
'foobar': {
'strangekey': 1
},
'bindings': [
{
'role': 'roles/owner',
'members': [('serviceAccount:123@cloudservices'
'.gserviceaccount.com')]
}
]
}
actual_iam_policies = (
p.MergeCallingServiceAccountWithOwnerPermissinsIntoBindings(
env, properties))
self.assertEqual(expected, actual_iam_policies)
def test_merge_no_iam_policies(self):
"""Test output of the function when there are no IAM policies in the
properties"""
env = {'project_number': '123'}
properties = {}
expected = {
'bindings': [{
'role':
'roles/owner',
'members':
['serviceAccount:[email protected]']
}]
}
actual_iam_policies = (
p.MergeCallingServiceAccountWithOwnerPermissinsIntoBindings(
env, properties))
self.assertEqual(expected, actual_iam_policies)