def testGetDefaultPolicy(self):
self._ExpectSearchOrganizations('domain:example.com',
self.organizations[:1])
self._ExpectListPolicies('organizations/1', self.policies[:1])
result = policies.GetDefaultPolicy()
self.assertEqual(result, '3')
# Try again without expecting another Search/List call to make sure it's
# cached
result = policies.GetDefaultPolicy()
self.assertEqual(result, '3')
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
policy_id = policies.GetDefaultPolicy()
if args.IsSpecified('policy'):
policy_id = args.policy
policy_ref = resources.REGISTRY.Parse(
policy_id, collection='accesscontextmanager.accessPolicies')
perimeters_to_display = [p for p in client.List(policy_ref)]
for p in perimeters_to_display:
# When a Service Perimeter has use_explicit_dry_run_spec set to false, the
# dry-run spec is implicitly the same as the status. In order to clearly
# show the user what exactly is being used as the dry-run spec, we set
# status to None (this list command is only for the dry-run config) and
# copy over the status to the spec when the spec is absent. We also append
# an asterisk to the name to signify that these perimeters are not
# actually identical to what the API returns.
if not p.useExplicitDryRunSpec:
p.spec = p.status
p.name += '*'
p.status = None
print(
'Note: Perimeters marked with \'*\' do not have an explicit `spec`. '
'Instead, their `status` also acts as the `spec`.')
return perimeters_to_display
def testGetDefaultPolicy_ServiceAccount(self, account):
properties.VALUES.core.account.Set(account)
result = policies.GetDefaultPolicy()
self.assertEqual(result, None)
self.AssertLogContains('Unable to resolve domain')
def testGetDefaultPolicy_NoAccount(self):
properties.VALUES.core.account.Set(None)
result = policies.GetDefaultPolicy()
self.assertEqual(result, None)
self.AssertLogContains('account property is not set')
def testGetDefaultPolicy_OrganizationsSearchFails(self):
self._ExpectSearchOrganizations('domain:example.com',
exceptions.HttpError(None, None, None))
result = policies.GetDefaultPolicy()
self.assertEqual(result, None)
self.AssertLogContains('Unable to resolve organization for domain')
def testGetDefaultPolicy_WrongNumberMatchingOrganizations(
self, num, error):
self._ExpectSearchOrganizations('domain:example.com',
self.organizations[:num])
result = policies.GetDefaultPolicy()
self.assertEqual(result, None)
self.AssertLogContains(error)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
policy_id = policies.GetDefaultPolicy()
if args.IsSpecified('policy'):
policy_id = args.policy
policy_ref = resources.REGISTRY.Parse(
policy_id, collection='accesscontextmanager.accessPolicies')
return client.Commit(policy_ref, args.etag)
def testGetDefaultPolicy_PoliciesListFails(self):
self._ExpectSearchOrganizations('domain:example.com',
self.organizations[:1])
self._ExpectListPolicies('organizations/1',
exceptions.HttpError(None, None, None))
result = policies.GetDefaultPolicy()
self.assertEqual(result, None)
self.AssertLogContains('Unable to resolve policy for organization')
def testGetDefaultPolicy_NoCache_NoPolicy(self):
result = policies.GetDefaultPolicy()
self.assertIsNone(result)