def test_test_iam_permissions(self):
from google.cloud.bigtable.client import Client
from google.cloud.bigtable_admin_v2.services.bigtable_table_admin import (
BigtableTableAdminClient,
)
from google.iam.v1 import iam_policy_pb2
credentials = _make_credentials()
client = Client(project=self.PROJECT_ID, credentials=credentials, admin=True)
instance = client.instance(instance_id=self.INSTANCE_ID)
backup = self._make_one(self.BACKUP_ID, instance, cluster_id=self.CLUSTER_ID)
permissions = ["bigtable.backups.create", "bigtable.backups.list"]
response = iam_policy_pb2.TestIamPermissionsResponse(permissions=permissions)
table_api = mock.create_autospec(BigtableTableAdminClient)
table_api.test_iam_permissions.return_value = response
client._table_admin_client = table_api
result = backup.test_iam_permissions(permissions)
self.assertEqual(result, permissions)
table_api.test_iam_permissions.assert_called_once_with(
request={"resource": backup.name, "permissions": permissions}
)
def __init__(self, PROJECT_ID, INSTANCE_ID, TABLE_ID):
self.project_id = PROJECT_ID
self.instance_id = INSTANCE_ID
self.table_id = TABLE_ID
client = Client(project=PROJECT_ID, admin=True)
instance = client.instance(INSTANCE_ID)
table = instance.table(TABLE_ID)
def test_set_iam_policy(self):
from google.cloud.bigtable.client import Client
from google.cloud.bigtable_admin_v2.services.bigtable_table_admin import (
BigtableTableAdminClient, )
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = Client(project=self.PROJECT_ID,
credentials=credentials,
admin=True)
instance = client.instance(instance_id=self.INSTANCE_ID)
backup = self._make_one(self.BACKUP_ID,
instance,
cluster_id=self.CLUSTER_ID)
version = 1
etag = b"etag_v1"
members = [
"serviceAccount:[email protected]", "user:[email protected]"
]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": sorted(members)}]
iam_policy_pb = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
table_api = mock.create_autospec(BigtableTableAdminClient)
client._table_admin_client = table_api
table_api.set_iam_policy.return_value = iam_policy_pb
iam_policy = Policy(etag=etag, version=version)
iam_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**"),
]
result = backup.set_iam_policy(iam_policy)
table_api.set_iam_policy.assert_called_once_with(
request={
"resource": backup.name,
"policy": iam_policy_pb
})
self.assertEqual(result.version, version)
self.assertEqual(result.etag, etag)
admins = result.bigtable_admins
self.assertEqual(len(admins), len(members))
for found, expected in zip(sorted(admins), sorted(members)):
self.assertEqual(found, expected)
def test_backup_get_iam_policy():
from google.cloud.bigtable.client import Client
from google.cloud.bigtable_admin_v2.services.bigtable_table_admin import (
BigtableTableAdminClient, )
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = Client(project=PROJECT_ID, credentials=credentials, admin=True)
instance = client.instance(instance_id=INSTANCE_ID)
backup = _make_backup(BACKUP_ID, instance, cluster_id=CLUSTER_ID)
version = 1
etag = b"etag_v1"
members = ["serviceAccount:[email protected]", "user:[email protected]"]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": members}]
iam_policy = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
table_api = mock.create_autospec(BigtableTableAdminClient)
client._table_admin_client = table_api
table_api.get_iam_policy.return_value = iam_policy
result = backup.get_iam_policy()
table_api.get_iam_policy.assert_called_once_with(
request={"resource": backup.name})
assert result.version == version
assert result.etag == etag
admins = result.bigtable_admins
assert len(admins) == len(members)
for found, expected in zip(sorted(admins), sorted(members)):
assert found == expected
def test_access_with_non_admin_client(self):
client = Client(admin=False)
instance = client.instance(INSTANCE_ID)
table = instance.table(self._table.table_id)
self.assertIsNone(table.read_row("nonesuch"))
def test_access_with_non_admin_client(self):
client = Client(admin=False)
instance = client.instance(INSTANCE_ID)
table = instance.table(self._table.table_id)
self.assertIsNone(table.read_row("nonesuch"))
