From 3a97ae10587c21d34cf495447a3f9c3e9b9093da Mon Sep 17 00:00:00 2001 From: Ajay Kannan Date: Mon, 21 Mar 2016 17:47:54 -0700 Subject: [PATCH 1/2] Make role and permission strings to allow for service-specific values --- .../snippets/ModifyPolicy.java | 4 +- .../google/gcloud/resourcemanager/Policy.java | 123 +++++------------- .../gcloud/resourcemanager/Project.java | 22 +++- .../resourcemanager/ResourceManager.java | 51 +++----- .../resourcemanager/ResourceManagerImpl.java | 15 +-- .../testing/LocalResourceManagerHelper.java | 14 +- .../LocalResourceManagerHelperTest.java | 7 - .../gcloud/resourcemanager/PolicyTest.java | 29 ++--- .../gcloud/resourcemanager/ProjectTest.java | 19 +-- .../ResourceManagerImplTest.java | 23 ++-- .../resourcemanager/SerializationTest.java | 6 +- 11 files changed, 108 insertions(+), 205 deletions(-) diff --git a/gcloud-java-examples/src/main/java/com/google/gcloud/examples/resourcemanager/snippets/ModifyPolicy.java b/gcloud-java-examples/src/main/java/com/google/gcloud/examples/resourcemanager/snippets/ModifyPolicy.java index 478765a9ecf4..f97adf5b0916 100644 --- a/gcloud-java-examples/src/main/java/com/google/gcloud/examples/resourcemanager/snippets/ModifyPolicy.java +++ b/gcloud-java-examples/src/main/java/com/google/gcloud/examples/resourcemanager/snippets/ModifyPolicy.java @@ -24,7 +24,7 @@ import com.google.gcloud.Identity; import com.google.gcloud.resourcemanager.Policy; -import com.google.gcloud.resourcemanager.Policy.Role; +import com.google.gcloud.resourcemanager.Policy.ProjectRole; import com.google.gcloud.resourcemanager.Project; import com.google.gcloud.resourcemanager.ResourceManager; import com.google.gcloud.resourcemanager.ResourceManagerOptions; @@ -49,7 +49,7 @@ public static void main(String... args) { // Add a viewer Policy.Builder modifiedPolicy = policy.toBuilder(); Identity newViewer = Identity.user(""); - modifiedPolicy.addIdentity(Role.viewer(), newViewer); + modifiedPolicy.addIdentity(ProjectRole.VIEWER.value(), newViewer); // Write policy Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build()); diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java index 6399b52b3c04..884f474bed59 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java @@ -23,13 +23,11 @@ import com.google.gcloud.IamPolicy; import com.google.gcloud.Identity; -import java.io.Serializable; import java.util.ArrayList; import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; -import java.util.Objects; import java.util.Set; /** @@ -42,120 +40,63 @@ * * @see Policy */ -public class Policy extends IamPolicy { +public class Policy extends IamPolicy { private static final long serialVersionUID = -5573557282693961850L; /** - * Represents legacy roles in an IAM Policy. + * The project-level roles in an IAM policy. This enum is not an exhaustive list of all roles + * you can use in an IAM policy. You can also use service-specific roles (e.g. + * roles/pubsub.editor). See the Supported Cloud Platform Services page for links + * to service-specific roles. + * + * @see Supported Cloud + * Platform Services */ - public static class Role implements Serializable { + public enum ProjectRole { /** - * The recognized roles in a Project's IAM policy. + * Permissions for read-only actions that preserve state. */ - public enum Type { - - /** - * Permissions for read-only actions that preserve state. - */ - VIEWER, - - /** - * All viewer permissions and permissions for actions that modify state. - */ - EDITOR, - - /** - * All editor permissions and permissions for the following actions: - *
    - *
  • Manage access control for a resource. - *
  • Set up billing (for a project). - *
- */ - OWNER - } - - private static final long serialVersionUID = 2421978909244287488L; - - private final String value; - private final Type type; - - private Role(String value, Type type) { - this.value = value; - this.type = type; - } - - String value() { - return value; - } + VIEWER("roles/viewer"), /** - * Returns the type of role (editor, owner, or viewer). Returns {@code null} if the role type - * is unrecognized. + * All viewer permissions and permissions for actions that modify state. */ - public Type type() { - return type; - } + EDITOR("roles/editor"), /** - * Returns a {@code Role} of type {@link Type#VIEWER VIEWER}. + * All editor permissions and permissions for the following actions: + *
    + *
  • Manage access control for a resource. + *
  • Set up billing (for a project). + *
*/ - public static Role viewer() { - return new Role("roles/viewer", Type.VIEWER); - } + OWNER("roles/owner"); - /** - * Returns a {@code Role} of type {@link Type#EDITOR EDITOR}. - */ - public static Role editor() { - return new Role("roles/editor", Type.EDITOR); + String value; + + private ProjectRole(String value) { + this.value = value; } /** - * Returns a {@code Role} of type {@link Type#OWNER OWNER}. + * Returns the string value associated with the role. */ - public static Role owner() { - return new Role("roles/owner", Type.OWNER); - } - - static Role rawRole(String roleStr) { - return new Role(roleStr, null); - } - - static Role fromStr(String roleStr) { - try { - Type type = Type.valueOf(roleStr.split("/")[1].toUpperCase()); - return new Role(roleStr, type); - } catch (Exception ex) { - return new Role(roleStr, null); - } - } - - @Override - public final int hashCode() { - return Objects.hash(value, type); - } - - @Override - public final boolean equals(Object obj) { - if (!(obj instanceof Role)) { - return false; - } - Role other = (Role) obj; - return Objects.equals(value, other.value()) && Objects.equals(type, other.type()); + public String value() { + return value; } } /** * Builder for an IAM Policy. */ - public static class Builder extends IamPolicy.Builder { + public static class Builder extends IamPolicy.Builder { private Builder() {} @VisibleForTesting - Builder(Map> bindings, String etag, Integer version) { + Builder(Map> bindings, String etag, Integer version) { bindings(bindings).etag(etag).version(version); } @@ -188,10 +129,10 @@ com.google.api.services.cloudresourcemanager.model.Policy toPb() { new com.google.api.services.cloudresourcemanager.model.Policy(); List bindingPbList = new LinkedList<>(); - for (Map.Entry> binding : bindings().entrySet()) { + for (Map.Entry> binding : bindings().entrySet()) { com.google.api.services.cloudresourcemanager.model.Binding bindingPb = new com.google.api.services.cloudresourcemanager.model.Binding(); - bindingPb.setRole(binding.getKey().value()); + bindingPb.setRole(binding.getKey()); bindingPb.setMembers( Lists.transform( new ArrayList<>(binding.getValue()), @@ -211,11 +152,11 @@ public String apply(Identity identity) { static Policy fromPb( com.google.api.services.cloudresourcemanager.model.Policy policyPb) { - Map> bindings = new HashMap<>(); + Map> bindings = new HashMap<>(); for (com.google.api.services.cloudresourcemanager.model.Binding bindingPb : policyPb.getBindings()) { bindings.put( - Role.fromStr(bindingPb.getRole()), + bindingPb.getRole(), ImmutableSet.copyOf( Lists.transform( bindingPb.getMembers(), diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java index 8c6a0eacd44f..de5e6c336af4 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java @@ -18,8 +18,6 @@ import static com.google.common.base.Preconditions.checkNotNull; -import com.google.gcloud.resourcemanager.ResourceManager.Permission; - import java.io.IOException; import java.io.ObjectInputStream; import java.util.List; @@ -235,7 +233,9 @@ public Policy replacePolicy(Policy newPolicy) { * if you're using Google Cloud Platform directly to manage permissions. This method is intended * for integration with your proprietary software, such as a customized graphical user interface. * For example, the Cloud Platform Console tests IAM permissions internally to determine which UI - * should be available to the logged-in user. + * should be available to the logged-in user. Each service that supports IAM lists the possible + * permissions; see the Supported Cloud Platform services page below for links to these + * lists. * * @return a list of booleans representing whether the caller has the permissions specified (in * the order of the given permissions) @@ -243,8 +243,11 @@ public Policy replacePolicy(Policy newPolicy) { * @see * Resource Manager testIamPermissions + * @see Supported Cloud Platform + * Services */ - List testPermissions(List permissions) { + List testPermissions(List permissions) { return resourceManager.testPermissions(projectId(), permissions); } @@ -253,7 +256,9 @@ List testPermissions(List permissions) { * if you're using Google Cloud Platform directly to manage permissions. This method is intended * for integration with your proprietary software, such as a customized graphical user interface. * For example, the Cloud Platform Console tests IAM permissions internally to determine which UI - * should be available to the logged-in user. + * should be available to the logged-in user. Each service that supports IAM lists the possible + * permissions; see the Supported Cloud Platform services page below for links to these + * lists. * * @return a list of booleans representing whether the caller has the permissions specified (in * the order of the given permissions) @@ -261,9 +266,12 @@ List testPermissions(List permissions) { * @see * Resource Manager testIamPermissions + * @see Supported Cloud Platform + * Services */ - List testPermissions(Permission first, Permission... others) { - return resourceManager.testPermissions(projectId(), first, others); + List testPermissions(String firstPermission, String... otherPermissions) { + return resourceManager.testPermissions(projectId(), firstPermission, otherPermissions); } @Override diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java index f14d47f2a676..708bd711b477 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java @@ -169,38 +169,6 @@ public static ProjectListOption fields(ProjectField... fields) { } } - /** - * The permissions associated with a Google Cloud project. These values can be used when calling - * {@link #testPermissions}. - * - * @see - * Project-level roles - */ - enum Permission { - DELETE("delete"), - GET("get"), - GET_POLICY("getIamPolicy"), - REPLACE("update"), - REPLACE_POLICY("setIamPolicy"), - UNDELETE("undelete"); - - private static final String PREFIX = "resourcemanager.projects."; - - private final String value; - - Permission(String suffix) { - this.value = PREFIX + suffix; - } - - /** - * Returns the string representation of the permission. - */ - public String value() { - return value; - } - } - /** * Creates a new project. * @@ -358,7 +326,9 @@ public String value() { * this method if you're using Google Cloud Platform directly to manage permissions. This method * is intended for integration with your proprietary software, such as a customized graphical user * interface. For example, the Cloud Platform Console tests IAM permissions internally to - * determine which UI should be available to the logged-in user. + * determine which UI should be available to the logged-in user. Each service that supports IAM + * lists the possible permissions; see the Supported Cloud Platform services page below for + * links to these lists. * * @return A list of booleans representing whether the caller has the permissions specified (in * the order of the given permissions) @@ -366,15 +336,20 @@ public String value() { * @see * Resource Manager testIamPermissions + * @see Supported Cloud Platform + * Services */ - List testPermissions(String projectId, List permissions); + List testPermissions(String projectId, List permissions); /** * Returns the permissions that a caller has on the specified project. You typically don't call * this method if you're using Google Cloud Platform directly to manage permissions. This method * is intended for integration with your proprietary software, such as a customized graphical user * interface. For example, the Cloud Platform Console tests IAM permissions internally to - * determine which UI should be available to the logged-in user. + * determine which UI should be available to the logged-in user. Each service that supports IAM + * lists the possible permissions; see the Supported Cloud Platform services page below for + * links to these lists. * * @return A list of booleans representing whether the caller has the permissions specified (in * the order of the given permissions) @@ -382,6 +357,10 @@ public String value() { * @see * Resource Manager testIamPermissions + * @see Supported Cloud Platform + * Services */ - List testPermissions(String projectId, Permission first, Permission... others); + List testPermissions( + String projectId, String firstPermission, String... otherPermissions); } diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java index d9911b911f0b..5526918bc1eb 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java @@ -216,19 +216,13 @@ public com.google.api.services.cloudresourcemanager.model.Policy call() { } @Override - public List testPermissions(final String projectId, final List permissions) { + public List testPermissions(final String projectId, final List permissions) { try { return runWithRetries( new Callable>() { @Override public List call() { - return resourceManagerRpc.testPermissions(projectId, - Lists.transform(permissions, new Function() { - @Override - public String apply(Permission permission) { - return permission.value(); - } - })); + return resourceManagerRpc.testPermissions(projectId, permissions); } }, options().retryParams(), EXCEPTION_HANDLER); } catch (RetryHelperException ex) { @@ -237,8 +231,9 @@ public String apply(Permission permission) { } @Override - public List testPermissions(String projectId, Permission first, Permission... others) { - return testPermissions(projectId, Lists.asList(first, others)); + public List testPermissions( + String projectId, String firstPermission, String... otherPermissions) { + return testPermissions(projectId, Lists.asList(firstPermission, otherPermissions)); } private Map optionMap(Option... options) { diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/testing/LocalResourceManagerHelper.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/testing/LocalResourceManagerHelper.java index 8ddca18b6261..4d466e55a897 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/testing/LocalResourceManagerHelper.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/testing/LocalResourceManagerHelper.java @@ -18,7 +18,6 @@ import com.google.common.collect.ImmutableSet; import com.google.common.io.ByteStreams; import com.google.gcloud.AuthCredentials; -import com.google.gcloud.resourcemanager.ResourceManager.Permission; import com.google.gcloud.resourcemanager.ResourceManagerOptions; import com.sun.net.httpserver.Headers; @@ -38,7 +37,6 @@ import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Random; @@ -66,7 +64,8 @@ *
  • IAM policies are set to an empty policy with version 0 (only legacy roles supported) upon * project creation. The actual service will not have an empty list of bindings and may also * set your version to 1. - *
  • There is no input validation for the policy provided when replacing a policy. + *
  • There is no input validation for the policy provided when replacing a policy or calling + * testIamPermissions. *
  • In this mock, projects never move from the DELETE_REQUESTED lifecycle state to * DELETE_IN_PROGRESS without an explicit call to the utility method * {@link #changeLifecycleState}. Similarly, a project is never completely removed without an @@ -89,12 +88,8 @@ public class LocalResourceManagerHelper { private static final Pattern LIST_FIELDS_PATTERN = Pattern.compile("(.*?)projects\\((.*?)\\)(.*?)"); private static final String[] NO_FIELDS = {}; - private static final Set PERMISSIONS = new HashSet<>(); static { - for (Permission permission : Permission.values()) { - PERMISSIONS.add(permission.value()); - } try { BASE_CONTEXT = new URI(CONTEXT); } catch (URISyntaxException e) { @@ -635,11 +630,6 @@ synchronized Response testPermissions(String projectId, List permissions if (!projects.containsKey(projectId)) { return Error.PERMISSION_DENIED.response("Project " + projectId + " not found."); } - for (String p : permissions) { - if (!PERMISSIONS.contains(p)) { - return Error.INVALID_ARGUMENT.response("Invalid permission: " + p); - } - } try { return new Response(HTTP_OK, jsonFactory.toString(new TestIamPermissionsResponse().setPermissions(permissions))); diff --git a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/LocalResourceManagerHelperTest.java b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/LocalResourceManagerHelperTest.java index 829094816664..75df0ef9e3ae 100644 --- a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/LocalResourceManagerHelperTest.java +++ b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/LocalResourceManagerHelperTest.java @@ -676,13 +676,6 @@ public void testTestPermissions() { assertEquals("Project nonexistent-project not found.", e.getMessage()); } rpc.create(PARTIAL_PROJECT); - try { - rpc.testPermissions(PARTIAL_PROJECT.getProjectId(), ImmutableList.of("get")); - fail("Invalid permission."); - } catch (ResourceManagerException e) { - assertEquals(400, e.code()); - assertEquals("Invalid permission: get", e.getMessage()); - } assertEquals(ImmutableList.of(true), rpc.testPermissions(PARTIAL_PROJECT.getProjectId(), permissions)); } diff --git a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/PolicyTest.java b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/PolicyTest.java index 7315b9f92565..04826dd9540f 100644 --- a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/PolicyTest.java +++ b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/PolicyTest.java @@ -18,12 +18,9 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertNull; -import com.google.common.collect.ImmutableSet; import com.google.gcloud.Identity; -import com.google.gcloud.resourcemanager.Policy.Role; -import com.google.gcloud.resourcemanager.Policy.Role.Type; +import com.google.gcloud.resourcemanager.Policy.ProjectRole; import org.junit.Test; @@ -37,10 +34,10 @@ public class PolicyTest { private static final Identity GROUP = Identity.group("group@gmail.com"); private static final Identity DOMAIN = Identity.domain("google.com"); private static final Policy SIMPLE_POLICY = Policy.builder() - .addIdentity(Role.owner(), USER) - .addIdentity(Role.viewer(), ALL_USERS) - .addIdentity(Role.editor(), ALL_AUTH_USERS, DOMAIN) - .addIdentity(Role.rawRole("some-role"), SERVICE_ACCOUNT, GROUP) + .addIdentity(ProjectRole.OWNER.value(), USER) + .addIdentity(ProjectRole.VIEWER.value(), ALL_USERS) + .addIdentity(ProjectRole.EDITOR.value(), ALL_AUTH_USERS, DOMAIN) + .addIdentity("roles/some-role", SERVICE_ACCOUNT, GROUP) .build(); private static final Policy FULL_POLICY = new Policy.Builder(SIMPLE_POLICY.bindings(), "etag", 1).build(); @@ -57,21 +54,13 @@ public void testPolicyToAndFromPb() { assertEquals(SIMPLE_POLICY, Policy.fromPb(SIMPLE_POLICY.toPb())); } - @Test - public void testRoleType() { - assertEquals(Type.OWNER, Role.owner().type()); - assertEquals(Type.EDITOR, Role.editor().type()); - assertEquals(Type.VIEWER, Role.viewer().type()); - assertNull(Role.rawRole("raw-role").type()); - } - @Test public void testEquals() { Policy copy = Policy.builder() - .addIdentity(Role.owner(), USER) - .addIdentity(Role.viewer(), ALL_USERS) - .addIdentity(Role.editor(), ALL_AUTH_USERS, DOMAIN) - .addIdentity(Role.rawRole("some-role"), SERVICE_ACCOUNT, GROUP) + .addIdentity(ProjectRole.OWNER.value(), USER) + .addIdentity(ProjectRole.VIEWER.value(), ALL_USERS) + .addIdentity(ProjectRole.EDITOR.value(), ALL_AUTH_USERS, DOMAIN) + .addIdentity("roles/some-role", SERVICE_ACCOUNT, GROUP) .build(); assertEquals(SIMPLE_POLICY, copy); assertNotEquals(SIMPLE_POLICY, FULL_POLICY); diff --git a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java index 53b37111b705..acce6f84c680 100644 --- a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java +++ b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java @@ -27,11 +27,9 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; import com.google.gcloud.Identity; -import com.google.gcloud.resourcemanager.Policy.Role; +import com.google.gcloud.resourcemanager.Policy.ProjectRole; import com.google.gcloud.resourcemanager.ProjectInfo.ResourceId; -import com.google.gcloud.resourcemanager.ResourceManager.Permission; import org.junit.After; import org.junit.Before; @@ -58,8 +56,8 @@ public class ProjectTest { private static final Identity SERVICE_ACCOUNT = Identity.serviceAccount("service-account@gmail.com"); private static final Policy POLICY = Policy.builder() - .addIdentity(Role.owner(), USER) - .addIdentity(Role.editor(), SERVICE_ACCOUNT) + .addIdentity(ProjectRole.OWNER.value(), USER) + .addIdentity(ProjectRole.EDITOR.value(), SERVICE_ACCOUNT) .build(); private ResourceManager serviceMockReturnsOptions = createStrictMock(ResourceManager.class); @@ -239,16 +237,19 @@ public void testReplacePolicy() { @Test public void testTestPermissions() { List response = ImmutableList.of(true, true); + String getPermission = "resourcemanager.projects.get"; + String deletePermission = "resourcemanager.projects.delete"; expect(resourceManager.options()).andReturn(mockOptions).times(1); - expect(resourceManager.testPermissions(PROJECT_ID, Permission.GET, Permission.DELETE)) + expect(resourceManager.testPermissions(PROJECT_ID, getPermission, deletePermission)) .andReturn(response); expect(resourceManager.testPermissions( - PROJECT_ID, ImmutableList.of(Permission.GET, Permission.DELETE))).andReturn(response); + PROJECT_ID, ImmutableList.of(getPermission, deletePermission))) + .andReturn(response); replay(resourceManager); initializeProject(); - assertEquals(response, project.testPermissions(Permission.GET, Permission.DELETE)); + assertEquals(response, project.testPermissions(getPermission, deletePermission)); assertEquals( - response, project.testPermissions(ImmutableList.of(Permission.GET, Permission.DELETE))); + response, project.testPermissions(ImmutableList.of(getPermission, deletePermission))); } private void compareProjects(Project expected, Project value) { diff --git a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java index 9cb9bfcba02f..2525039e9c0d 100644 --- a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java +++ b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java @@ -29,9 +29,8 @@ import com.google.common.collect.ImmutableMap; import com.google.gcloud.Identity; import com.google.gcloud.Page; -import com.google.gcloud.resourcemanager.Policy.Role; +import com.google.gcloud.resourcemanager.Policy.ProjectRole; import com.google.gcloud.resourcemanager.ProjectInfo.ResourceId; -import com.google.gcloud.resourcemanager.ResourceManager.Permission; import com.google.gcloud.resourcemanager.ResourceManager.ProjectField; import com.google.gcloud.resourcemanager.ResourceManager.ProjectGetOption; import com.google.gcloud.resourcemanager.ResourceManager.ProjectListOption; @@ -71,10 +70,12 @@ public class ResourceManagerImplTest { .parent(PARENT) .build(); private static final Map EMPTY_RPC_OPTIONS = ImmutableMap.of(); - private static final Policy POLICY = Policy.builder() - .addIdentity(Role.owner(), Identity.user("me@gmail.com")) - .addIdentity(Role.editor(), Identity.serviceAccount("serviceaccount@gmail.com")) - .build(); + private static final Policy POLICY = + Policy.builder() + .addIdentity(ProjectRole.OWNER.value(), Identity.user("me@gmail.com")) + .addIdentity( + ProjectRole.EDITOR.value(), Identity.serviceAccount("serviceaccount@gmail.com")) + .build(); @Rule public ExpectedException thrown = ExpectedException.none(); @@ -369,7 +370,7 @@ public void testReplacePolicy() { @Test public void testTestPermissions() { - List permissions = ImmutableList.of(Permission.GET); + List permissions = ImmutableList.of("resourcemanager.projects.get"); try { RESOURCE_MANAGER.testPermissions("nonexistent-project", permissions); fail("Nonexistent project"); @@ -380,8 +381,12 @@ public void testTestPermissions() { RESOURCE_MANAGER.create(PARTIAL_PROJECT); assertEquals(ImmutableList.of(true), RESOURCE_MANAGER.testPermissions(PARTIAL_PROJECT.projectId(), permissions)); - assertEquals(ImmutableList.of(true, true), RESOURCE_MANAGER.testPermissions( - PARTIAL_PROJECT.projectId(), Permission.DELETE, Permission.GET)); + assertEquals( + ImmutableList.of(true, true), + RESOURCE_MANAGER.testPermissions( + PARTIAL_PROJECT.projectId(), + "resourcemanager.projects.delete", + "resourcemanager.projects.get")); } @Test diff --git a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/SerializationTest.java b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/SerializationTest.java index 1c0b9c68c86d..4bc1bcede195 100644 --- a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/SerializationTest.java +++ b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/SerializationTest.java @@ -21,6 +21,7 @@ import com.google.gcloud.Identity; import com.google.gcloud.PageImpl; import com.google.gcloud.Restorable; +import com.google.gcloud.resourcemanager.Policy.ProjectRole; import java.io.Serializable; import java.util.Collections; @@ -45,8 +46,9 @@ public class SerializationTest extends BaseSerializationTest { ResourceManager.ProjectGetOption.fields(ResourceManager.ProjectField.NAME); private static final ResourceManager.ProjectListOption PROJECT_LIST_OPTION = ResourceManager.ProjectListOption.filter("name:*"); - private static final Policy POLICY = - Policy.builder().addIdentity(Policy.Role.viewer(), Identity.user("abc@gmail.com")).build(); + private static final Policy POLICY = Policy.builder() + .addIdentity(ProjectRole.VIEWER.value(), Identity.user("abc@gmail.com")) + .build(); private static final ResourceManagerException RESOURCE_MANAGER_EXCEPTION = new ResourceManagerException(42, "message"); From 52bf6c1001716cd5f2145ff3be40631d542cd200 Mon Sep 17 00:00:00 2001 From: Ajay Kannan Date: Mon, 21 Mar 2016 19:51:37 -0700 Subject: [PATCH 2/2] remove varargs for testPermissions and other minor fixes --- .../google/gcloud/resourcemanager/Policy.java | 4 ++-- .../gcloud/resourcemanager/Project.java | 23 ------------------- .../resourcemanager/ResourceManager.java | 22 ------------------ .../resourcemanager/ResourceManagerImpl.java | 7 ------ .../gcloud/resourcemanager/ProjectTest.java | 3 --- .../ResourceManagerImplTest.java | 6 ----- 6 files changed, 2 insertions(+), 63 deletions(-) diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java index 884f474bed59..219d74262319 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Policy.java @@ -47,7 +47,7 @@ public class Policy extends IamPolicy { /** * The project-level roles in an IAM policy. This enum is not an exhaustive list of all roles * you can use in an IAM policy. You can also use service-specific roles (e.g. - * roles/pubsub.editor). See the Supported Cloud Platform Services page for links + * "roles/pubsub.editor"). See the Supported Cloud Platform Services page for links * to service-specific roles. * * @see Supported Cloud @@ -74,7 +74,7 @@ public enum ProjectRole { */ OWNER("roles/owner"); - String value; + private final String value; private ProjectRole(String value) { this.value = value; diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java index de5e6c336af4..bf9cf0e01a6d 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/Project.java @@ -251,29 +251,6 @@ List testPermissions(List permissions) { return resourceManager.testPermissions(projectId(), permissions); } - /** - * Returns the permissions that a caller has on this project. You typically don't call this method - * if you're using Google Cloud Platform directly to manage permissions. This method is intended - * for integration with your proprietary software, such as a customized graphical user interface. - * For example, the Cloud Platform Console tests IAM permissions internally to determine which UI - * should be available to the logged-in user. Each service that supports IAM lists the possible - * permissions; see the Supported Cloud Platform services page below for links to these - * lists. - * - * @return a list of booleans representing whether the caller has the permissions specified (in - * the order of the given permissions) - * @throws ResourceManagerException upon failure - * @see - * Resource Manager testIamPermissions - * @see Supported Cloud Platform - * Services - */ - List testPermissions(String firstPermission, String... otherPermissions) { - return resourceManager.testPermissions(projectId(), firstPermission, otherPermissions); - } - @Override public Builder toBuilder() { return new Builder(this); diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java index 708bd711b477..70eeb9c8eb50 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManager.java @@ -341,26 +341,4 @@ public static ProjectListOption fields(ProjectField... fields) { * Services */ List testPermissions(String projectId, List permissions); - - /** - * Returns the permissions that a caller has on the specified project. You typically don't call - * this method if you're using Google Cloud Platform directly to manage permissions. This method - * is intended for integration with your proprietary software, such as a customized graphical user - * interface. For example, the Cloud Platform Console tests IAM permissions internally to - * determine which UI should be available to the logged-in user. Each service that supports IAM - * lists the possible permissions; see the Supported Cloud Platform services page below for - * links to these lists. - * - * @return A list of booleans representing whether the caller has the permissions specified (in - * the order of the given permissions) - * @throws ResourceManagerException upon failure - * @see - * Resource Manager testIamPermissions - * @see Supported Cloud Platform - * Services - */ - List testPermissions( - String projectId, String firstPermission, String... otherPermissions); } diff --git a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java index 5526918bc1eb..e4663cb74cb9 100644 --- a/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java +++ b/gcloud-java-resourcemanager/src/main/java/com/google/gcloud/resourcemanager/ResourceManagerImpl.java @@ -23,7 +23,6 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Iterables; -import com.google.common.collect.Lists; import com.google.common.collect.Maps; import com.google.gcloud.BaseService; import com.google.gcloud.Page; @@ -230,12 +229,6 @@ public List call() { } } - @Override - public List testPermissions( - String projectId, String firstPermission, String... otherPermissions) { - return testPermissions(projectId, Lists.asList(firstPermission, otherPermissions)); - } - private Map optionMap(Option... options) { Map temp = Maps.newEnumMap(ResourceManagerRpc.Option.class); for (Option option : options) { diff --git a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java index acce6f84c680..0f4c205dde17 100644 --- a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java +++ b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ProjectTest.java @@ -240,14 +240,11 @@ public void testTestPermissions() { String getPermission = "resourcemanager.projects.get"; String deletePermission = "resourcemanager.projects.delete"; expect(resourceManager.options()).andReturn(mockOptions).times(1); - expect(resourceManager.testPermissions(PROJECT_ID, getPermission, deletePermission)) - .andReturn(response); expect(resourceManager.testPermissions( PROJECT_ID, ImmutableList.of(getPermission, deletePermission))) .andReturn(response); replay(resourceManager); initializeProject(); - assertEquals(response, project.testPermissions(getPermission, deletePermission)); assertEquals( response, project.testPermissions(ImmutableList.of(getPermission, deletePermission))); } diff --git a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java index 2525039e9c0d..7d52901aa372 100644 --- a/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java +++ b/gcloud-java-resourcemanager/src/test/java/com/google/gcloud/resourcemanager/ResourceManagerImplTest.java @@ -381,12 +381,6 @@ public void testTestPermissions() { RESOURCE_MANAGER.create(PARTIAL_PROJECT); assertEquals(ImmutableList.of(true), RESOURCE_MANAGER.testPermissions(PARTIAL_PROJECT.projectId(), permissions)); - assertEquals( - ImmutableList.of(true, true), - RESOURCE_MANAGER.testPermissions( - PARTIAL_PROJECT.projectId(), - "resourcemanager.projects.delete", - "resourcemanager.projects.get")); } @Test