def testGetIamPolicyProject(self):
properties.VALUES.core.user_output_enabled.Set(False)
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION)),
resource=test_project.projectId),
copy.deepcopy(test_util.GetTestIamPolicy()))
response = self.RunProjects('get-iam-policy', test_project.projectId)
self.assertEqual(response, test_util.GetTestIamPolicy())
def testRemoveIamPolicyBinding(self):
test_project = test_util.GetTestActiveProject()
start_policy = copy.deepcopy(test_util.GetTestIamPolicy())
new_policy = copy.deepcopy(start_policy)
remove_user = '******'
remove_role = 'roles/owner'
# In the test policy the first binding is for editors, second for owners.
new_policy.bindings[1].members.remove(remove_user)
resource_name = test_project.projectId
new_policy.version = iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
resource=resource_name,
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=
iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION))),
start_policy)
self.mock_client.projects.SetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsSetIamPolicyRequest(
resource=resource_name,
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=new_policy)),
new_policy)
response = self.RunProjects(
'remove-iam-policy-binding',
test_project.projectId,
'--role={0}'.format(remove_role),
'--member={0}'.format(remove_user))
self.assertEqual(response, new_policy)
def testAddIamPolicyBinding(self):
test_project = test_util.GetTestActiveProject()
new_role = 'roles/editor'
new_user = '******'
start_policy = copy.deepcopy(test_util.GetTestIamPolicy())
new_policy = copy.deepcopy(start_policy)
new_policy.bindings[0].members.append(new_user)
new_policy.version = iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
resource_name = test_project.projectId
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
resource=resource_name,
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION))), start_policy)
self.mock_client.projects.SetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsSetIamPolicyRequest(
resource=resource_name,
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=new_policy)), new_policy)
response = self.RunProjects('add-iam-policy-binding',
test_project.projectId,
'--role={0}'.format(new_role),
'--member={0}'.format(new_user))
self.assertEqual(response, new_policy)
def testGetIamPolicyProjectOutput(self):
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION)),
resource=test_project.projectId),
copy.deepcopy(test_util.GetTestIamPolicy()))
self.RunProjects('get-iam-policy', test_project.projectId)
self.AssertOutputEquals("""\
auditConfigs:
- auditLogConfigs:
- logType: ADMIN_READ
service: allServices
bindings:
- members:
- serviceAccount:[email protected]
role: roles/editor
- members:
- user:[email protected]
- user:[email protected]
role: roles/owner
etag: PDwgVW5pcXVlIHZlcnNpb25pbmcgZXRhZyBieXRlZmllbGQgPj4=
""")
def testAuditConfigsPreservedSetIamPolicyProject(self):
start_policy = test_util.GetTestIamPolicy()
new_policy = test_util.GetTestIamPolicy(clear_fields=['auditConfigs'])
json = encoding.MessageToJson(new_policy)
temp_file = self.Touch(self.temp_path, 'good.json', contents=json)
# set the expected version to 3
new_policy.version = iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.SetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsSetIamPolicyRequest(
resource=test_project.projectId,
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=new_policy, updateMask='bindings,etag')),
start_policy)
response = self.RunProjects('set-iam-policy', test_project.projectId,
temp_file)
self.assertEqual(response, start_policy)
def testListCommandFilter(self):
test_project = test_util.GetTestActiveProject()
self.mock_client.projects.GetIamPolicy.Expect(
self.messages.CloudresourcemanagerProjectsGetIamPolicyRequest(
getIamPolicyRequest=self.messages.GetIamPolicyRequest(
options=self.messages.GetPolicyOptions(
requestedPolicyVersion=iam_util.
MAX_LIBRARY_IAM_SUPPORTED_VERSION)),
resource=test_project.projectId),
copy.deepcopy(test_util.GetTestIamPolicy()))
command = [
'get-iam-policy',
test_project.projectId,
'--flatten=bindings[].members',
'--filter=bindings.role:roles/owner',
'--format=table[no-heading](bindings.members:sort=1)',
]
self.RunProjects(*command)
self.AssertOutputEquals(
'user:[email protected]\nuser:[email protected]\n')