Refine search
@Override public boolean equals(Object obj) { if (obj == this) { return true; } if (!(obj instanceof Policy)) { return false; } Policy other = (Policy) obj; return Objects.equals(bindings, other.getBindings()) && Objects.equals(etag, other.getEtag()) && Objects.equals(version, other.getVersion()); }
@Test public void testBindings() { assertTrue(Policy.newBuilder().build().getBindings().isEmpty()); assertEquals(BINDINGS, SIMPLE_POLICY.getBindings()); }
/** Example of removing a member from the Bucket-level IAM */ public Policy removeBucketIamMember(String bucketName, Role role, Identity identity) { // [START remove_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Remove an identity from a Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().removeIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role) == null || !updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Removed %s with role %s from %s\n", identity, role, bucketName); } // [END remove_bucket_iam_member] return updatedPolicy; } }
static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy policy) { List<Bindings> bindings = new ArrayList<>(policy.getBindings().size()); for (Map.Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) { List<String> members = new ArrayList<>(entry.getValue().size()); for (Identity identity : entry.getValue()) { members.add(identity.strValue()); } bindings.add(new Bindings().setMembers(members).setRole(entry.getKey().getValue())); } return new com.google.api.services.storage.model.Policy() .setBindings(bindings) .setEtag(policy.getEtag()); }
@Test public void testBuilder() { assertEquals(BINDINGS, SIMPLE_POLICY.getBindings()); assertEquals(null, SIMPLE_POLICY.getEtag()); assertEquals(0, SIMPLE_POLICY.getVersion()); assertEquals(BINDINGS, FULL_POLICY.getBindings()); assertEquals("etag", FULL_POLICY.getEtag()); assertEquals(1, FULL_POLICY.getVersion()); Map<Role, Set<Identity>> editorBinding = ImmutableMap.<Role, Set<Identity>>builder().put(EDITOR, BINDINGS.get(EDITOR)).build(); Policy policy = FULL_POLICY.toBuilder().setBindings(editorBinding).build(); assertEquals(editorBinding, policy.getBindings()); assertEquals("etag", policy.getEtag()); assertEquals(1, policy.getVersion()); policy = SIMPLE_POLICY.toBuilder().removeRole(EDITOR).build(); assertEquals(ImmutableMap.of(VIEWER, BINDINGS.get(VIEWER)), policy.getBindings()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); policy = policy .toBuilder() assertEquals( ImmutableMap.of(VIEWER, ImmutableSet.of(SERVICE_ACCOUNT, DOMAIN, GROUP)), policy.getBindings()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); policy = Policy.newBuilder()
@Override protected Policy fromPb(com.google.iam.v1.Policy policyPb) { Map<Role, Set<Identity>> bindings = new HashMap<>(); for (com.google.iam.v1.Binding bindingPb : policyPb.getBindingsList()) { bindings.put( Role.of(bindingPb.getRole()), ImmutableSet.copyOf( Lists.transform( bindingPb.getMembersList(), new Function<String, Identity>() { @Override public Identity apply(String s) { return IDENTITY_VALUE_OF_FUNCTION.apply(s); } }))); } return newBuilder() .setBindings(bindings) .setEtag( policyPb.getEtag().isEmpty() ? null : BaseEncoding.base64().encode(policyPb.getEtag().toByteArray())) .setVersion(policyPb.getVersion()) .build(); }
@Test public void testEqualsHashCode() { assertNotNull(FULL_POLICY); Policy emptyPolicy = Policy.newBuilder().build(); Policy anotherPolicy = Policy.newBuilder().build(); assertEquals(emptyPolicy, anotherPolicy); assertEquals(emptyPolicy.hashCode(), anotherPolicy.hashCode()); assertNotEquals(FULL_POLICY, SIMPLE_POLICY); assertNotEquals(FULL_POLICY.hashCode(), SIMPLE_POLICY.hashCode()); Policy copy = SIMPLE_POLICY.toBuilder().build(); assertEquals(SIMPLE_POLICY, copy); assertEquals(SIMPLE_POLICY.hashCode(), copy.hashCode()); }
/** Example of listing the Bucket-Level IAM Roles and Members */ public Policy listBucketIamMembers(String bucketName) { // [START view_bucket_iam_members] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Print Roles and its identities Map<Role, Set<Identity>> policyBindings = policy.getBindings(); for (Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) { System.out.printf("Role: %s Identities: %s\n", entry.getKey(), entry.getValue()); } // [END view_bucket_iam_members] return policy; }
.setEtag(POLICY_ETAG2); Policy postCommitLibPolicy = Policy.newBuilder() .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) .addIdentity( StorageRoles.objectAdmin(), Identity.user("test1@gmail.com"), Identity.user("test2@gmail.com")) .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .setEtag(POLICY_ETAG2) .build(); BUCKET_NAME1, currentPolicy .toBuilder() .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .build());
@Test public void testVersion() { assertEquals(0, SIMPLE_POLICY.getVersion()); assertEquals(1, FULL_POLICY.getVersion()); }
public static void main(String... args) { // Create Resource Manager service object // By default, credentials are inferred from the runtime environment. ResourceManager resourceManager = ResourceManagerOptions.getDefaultInstance().getService(); // Get a project from the server String projectId = "some-project-id"; // Use an existing project's ID Project project = resourceManager.get(projectId); // Get the project's policy Policy policy = project.getPolicy(); // Add a viewer Policy.Builder modifiedPolicy = policy.toBuilder(); Identity newViewer = Identity.user("<insert user's email address here>"); modifiedPolicy.addIdentity(Role.viewer(), newViewer); // Write policy Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build()); // Print policy System.out.printf("Updated policy for %s: %n%s%n", projectId, updatedPolicy); } }
@Test public void testDefaultMarshaller() { DefaultMarshaller marshaller = new DefaultMarshaller(); Policy emptyPolicy = Policy.newBuilder().build(); assertEquals(emptyPolicy, marshaller.fromPb(marshaller.toPb(emptyPolicy))); assertEquals(SIMPLE_POLICY, marshaller.fromPb(marshaller.toPb(SIMPLE_POLICY))); assertEquals(FULL_POLICY, marshaller.fromPb(marshaller.toPb(FULL_POLICY))); com.google.iam.v1.Policy policyPb = com.google.iam.v1.Policy.getDefaultInstance(); Policy policy = marshaller.fromPb(policyPb); assertTrue(policy.getBindings().isEmpty()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); } }
@Test public void testReplacePolicy() { try { RESOURCE_MANAGER.replacePolicy("nonexistent-project", POLICY); fail("Project doesn't exist."); } catch (ResourceManagerException e) { assertEquals(403, e.getCode()); assertTrue(e.getMessage().endsWith("project was not found.")); } RESOURCE_MANAGER.create(PARTIAL_PROJECT); Policy oldPolicy = RESOURCE_MANAGER.getPolicy(PARTIAL_PROJECT.getProjectId()); RESOURCE_MANAGER.replacePolicy(PARTIAL_PROJECT.getProjectId(), POLICY); try { RESOURCE_MANAGER.replacePolicy(PARTIAL_PROJECT.getProjectId(), oldPolicy); fail("Policy with an invalid etag didn't cause error."); } catch (ResourceManagerException e) { assertEquals(409, e.getCode()); assertTrue(e.getMessage().contains("Policy etag mismatch")); } String originalEtag = RESOURCE_MANAGER.getPolicy(PARTIAL_PROJECT.getProjectId()).getEtag(); Policy newPolicy = RESOURCE_MANAGER.replacePolicy(PARTIAL_PROJECT.getProjectId(), POLICY); assertEquals(POLICY.getBindings(), newPolicy.getBindings()); assertNotNull(newPolicy.getEtag()); assertNotEquals(originalEtag, newPolicy.getEtag()); }
static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) { Policy.Builder policyBuilder = Policy.newBuilder(); for (Bindings binding : apiPolicy.getBindings()) { for (String member : binding.getMembers()) { policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); } } return policyBuilder.setEtag(apiPolicy.getEtag()).build(); }
@Override protected com.google.iam.v1.Policy toPb(Policy policy) { com.google.iam.v1.Policy.Builder policyBuilder = com.google.iam.v1.Policy.newBuilder(); List<com.google.iam.v1.Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { com.google.iam.v1.Binding.Builder bindingBuilder = com.google.iam.v1.Binding.newBuilder(); bindingBuilder.setRole(binding.getKey().getValue()); bindingBuilder.addAllMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingBuilder.build()); } policyBuilder.addAllBindings(bindingPbList); if (policy.etag != null) { policyBuilder.setEtag(ByteString.copyFrom(BaseEncoding.base64().decode(policy.etag))); } policyBuilder.setVersion(policy.version); return policyBuilder.build(); } }
@Override protected com.google.api.services.cloudresourcemanager.model.Policy toPb(Policy policy) { com.google.api.services.cloudresourcemanager.model.Policy policyPb = new com.google.api.services.cloudresourcemanager.model.Policy(); List<Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { Binding bindingPb = new Binding(); bindingPb.setRole(binding.getKey().getValue()); bindingPb.setMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingPb); } policyPb.setBindings(bindingPbList); policyPb.setEtag(policy.getEtag()); policyPb.setVersion(policy.getVersion()); return policyPb; } }
static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy policy) { List<Bindings> bindings = new ArrayList<>(policy.getBindings().size()); for (Map.Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) { List<String> members = new ArrayList<>(entry.getValue().size()); for (Identity identity : entry.getValue()) { members.add(identity.strValue()); } bindings.add(new Bindings().setMembers(members).setRole(entry.getKey().getValue())); } return new com.google.api.services.storage.model.Policy() .setBindings(bindings) .setEtag(policy.getEtag()); }
/** Example of adding a member to the Bucket-level IAM */ public Policy addBucketIamMember(String bucketName, Role role, Identity identity) { // [START add_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Add identity to Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().addIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName); } // [END add_bucket_iam_member] return updatedPolicy; }
@Test public void testIllegalPolicies() { try { Policy.newBuilder().addIdentity(null, USER); fail("Null role should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().addIdentity(VIEWER, null, USER); fail("Null identity should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().addIdentity(VIEWER, USER, (Identity[]) null); fail("Null identity should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().setBindings(null); fail("Null bindings map should cause exception."); } catch (NullPointerException ex) { Map<Role, Set<Identity>> bindings = new HashMap<>(); bindings.put(VIEWER, null); Policy.newBuilder().setBindings(bindings); fail("Null set of identities should cause exception."); } catch (NullPointerException ex) { identities.add(null); bindings.put(VIEWER, identities); Policy.newBuilder().setBindings(bindings); fail("Null identity should cause exception."); } catch (IllegalArgumentException ex) {