def test_bigtable_admins_policy():
service_account_email = Config.CLIENT._credentials.service_account_email
# [START bigtable_admins_policy]
from google.cloud.bigtable import Client
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
client = Client(admin=True)
instance = client.instance(INSTANCE_ID)
instance.reload()
new_policy = Policy()
new_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.service_account(service_account_email)
]
policy_latest = instance.set_iam_policy(new_policy)
policy = policy_latest.bigtable_admins
# [END bigtable_admins_policy]
assert len(policy) > 0
def test_instance_set_iam_policy():
from google.iam.v1 import policy_pb2
from google.cloud.bigtable.policy import Policy
from google.cloud.bigtable.policy import BIGTABLE_ADMIN_ROLE
credentials = _make_credentials()
client = _make_client(project=PROJECT, credentials=credentials, admin=True)
instance = _make_instance(INSTANCE_ID, client)
version = 1
etag = b"etag_v1"
members = ["serviceAccount:[email protected]", "user:[email protected]"]
bindings = [{"role": BIGTABLE_ADMIN_ROLE, "members": sorted(members)}]
iam_policy_pb = policy_pb2.Policy(version=version,
etag=etag,
bindings=bindings)
api = client._instance_admin_client = _make_instance_admin_api()
api.set_iam_policy.return_value = iam_policy_pb
iam_policy = Policy(etag=etag, version=version)
iam_policy[BIGTABLE_ADMIN_ROLE] = [
Policy.user("*****@*****.**"),
Policy.service_account("*****@*****.**"),
]
result = instance.set_iam_policy(iam_policy)
api.set_iam_policy.assert_called_once_with(request={
"resource": instance.name,
"policy": iam_policy_pb
})
assert result.version == version
assert result.etag == etag
admins = result.bigtable_admins
assert len(admins) == len(members)
for found, expected in zip(sorted(admins), sorted(members)):
assert found == expected
def _make_policy(*args, **kw):
from google.cloud.bigtable.policy import Policy
return Policy(*args, **kw)