@Test public void testIdentityToAndFromPb() { compareIdentities(ALL_USERS, Identity.valueOf(ALL_USERS.strValue())); compareIdentities(ALL_AUTH_USERS, Identity.valueOf(ALL_AUTH_USERS.strValue())); compareIdentities(USER, Identity.valueOf(USER.strValue())); compareIdentities(SERVICE_ACCOUNT, Identity.valueOf(SERVICE_ACCOUNT.strValue())); compareIdentities(GROUP, Identity.valueOf(GROUP.strValue())); compareIdentities(DOMAIN, Identity.valueOf(DOMAIN.strValue())); compareIdentities(PROJECT_OWNER, Identity.valueOf(PROJECT_OWNER.strValue())); compareIdentities(PROJECT_EDITOR, Identity.valueOf(PROJECT_EDITOR.strValue())); compareIdentities(PROJECT_VIEWER, Identity.valueOf(PROJECT_VIEWER.strValue())); }
/** * Returns a new identity representing anyone who is authenticated with a Google account or a * service account. */ public static Identity allAuthenticatedUsers() { return new Identity(Type.ALL_AUTHENTICATED_USERS, null); }
/** * Converts a string to an {@code Identity}. Used primarily for converting protobuf-generated * policy identities to {@code Identity} objects. */ public static Identity valueOf(String identityStr) { String[] info = identityStr.split(":"); Type type = Type.valueOf(CaseFormat.LOWER_CAMEL.to(CaseFormat.UPPER_UNDERSCORE, info[0])); switch (type) { case ALL_USERS: return Identity.allUsers(); case ALL_AUTHENTICATED_USERS: return Identity.allAuthenticatedUsers(); case USER: return Identity.user(info[1]); case SERVICE_ACCOUNT: return Identity.serviceAccount(info[1]); case GROUP: return Identity.group(info[1]); case DOMAIN: return Identity.domain(info[1]); default: throw new IllegalStateException("Unexpected identity type " + type); } } }
Policy postCommitLibPolicy = Policy.newBuilder() .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) .addIdentity( StorageRoles.objectAdmin(), Identity.user("test1@gmail.com"), Identity.user("test2@gmail.com")) .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .setEtag(POLICY_ETAG2) .build(); currentPolicy .toBuilder() .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .build()); assertEquals(updatedPolicy, postCommitLibPolicy);
@Override public Identity apply(String identityPb) { return Identity.valueOf(identityPb); } };
@Override public String apply(Identity identity) { return identity.strValue(); } };
@Test(expected = NullPointerException.class) public void testUserNullEmail() { Identity.user(null); }
? new Storage.BucketSourceOption[] {Storage.BucketSourceOption.userProject(projectId)} : new Storage.BucketSourceOption[] {}; Identity projectOwner = Identity.projectOwner(projectId); Identity projectEditor = Identity.projectEditor(projectId); Identity projectViewer = Identity.projectViewer(projectId); Map<com.google.cloud.Role, Set<Identity>> bindingsWithoutPublicRead = ImmutableMap.of( new HashSet<>(Collections.singleton(projectViewer)), StorageRoles.legacyObjectReader(), (Set<Identity>) new HashSet<>(Collections.singleton(Identity.allUsers()))); currentPolicy .toBuilder() .addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) .build(), bucketOptions); updatedPolicy .toBuilder() .removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) .build(), bucketOptions);
/** Example of replacing a topic policy. */ public Policy replaceTopicPolicy(String topicId) throws Exception { // [START pubsub_set_topic_policy] try (TopicAdminClient topicAdminClient = TopicAdminClient.create()) { String topicName = ProjectTopicName.format(projectId, topicId); Policy policy = topicAdminClient.getIamPolicy(topicName); // add role -> members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // create updated policy Policy updatedPolicy = Policy.newBuilder(policy).addBindings(binding).build(); updatedPolicy = topicAdminClient.setIamPolicy(topicName, updatedPolicy); return updatedPolicy; } // [END pubsub_set_topic_policy] }
@Test(expected = NullPointerException.class) public void testGroupNullEmail() { Identity.group(null); }
@Test(expected = NullPointerException.class) public void testDomainNullId() { Identity.domain(null); }
@Test(expected = IllegalArgumentException.class) public void testValueOfThreePart() { Identity.valueOf("a:b:c"); }
@Override public String toString() { return strValue(); }
public static void main(String... args) { // Create Resource Manager service object // By default, credentials are inferred from the runtime environment. ResourceManager resourceManager = ResourceManagerOptions.getDefaultInstance().getService(); // Get a project from the server String projectId = "some-project-id"; // Use an existing project's ID Project project = resourceManager.get(projectId); // Get the project's policy Policy policy = project.getPolicy(); // Add a viewer Policy.Builder modifiedPolicy = policy.toBuilder(); Identity newViewer = Identity.user("<insert user's email address here>"); modifiedPolicy.addIdentity(Role.viewer(), newViewer); // Write policy Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build()); // Print policy System.out.printf("Updated policy for %s: %n%s%n", projectId, updatedPolicy); } }
/** Example of replacing a subscription policy. */ public Policy replaceSubscriptionPolicy(String subscriptionId) throws Exception { // [START pubsub_set_subscription_policy] try (SubscriptionAdminClient subscriptionAdminClient = SubscriptionAdminClient.create()) { ProjectSubscriptionName subscriptionName = ProjectSubscriptionName.of(projectId, subscriptionId); Policy policy = subscriptionAdminClient.getIamPolicy(subscriptionName.toString()); // Create a role => members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // Update policy Policy updatedPolicy = policy.toBuilder().addBindings(binding).build(); updatedPolicy = subscriptionAdminClient.setIamPolicy(subscriptionName.toString(), updatedPolicy); return updatedPolicy; } // [END pubsub_set_subscription_policy] }
@Test(expected = IllegalArgumentException.class) public void testValueOfEmpty() { Identity.valueOf(""); }