Merge pull request #1782 from tseaver/1687-1743-pubsub-iam_system_tests

Avoid get / set of IAM policy if current account doesn't have permission
googleapis · May 11, 2016 · 096b5f6 · 096b5f6
2 parents 22634ab + 6c8b259
commit 096b5f6
Showing 1 changed file with 13 additions and 8 deletions.
diff --git a/system_tests/pubsub.py b/system_tests/pubsub.py
@@ -180,6 +180,7 @@ def _maybe_emulator_skip(self):
             self.skipTest('IAM not supported by Pub/Sub emulator')
 
     def test_topic_iam_policy(self):
+        from gcloud.pubsub.iam import PUBSUB_TOPICS_GET_IAM_POLICY
         self._maybe_emulator_skip()
         topic_name = 'test-topic-iam-policy-topic' + unique_resource_id('-')
         topic = Config.CLIENT.topic(topic_name)
@@ -190,12 +191,14 @@ def test_topic_iam_policy(self):
             count -= 1
         self.assertTrue(topic.exists())
         self.to_delete.append(topic)
-        policy = topic.get_iam_policy()
-        policy.viewers.add(policy.user('jjg@google.com'))
-        new_policy = topic.set_iam_policy(policy)
-        self.assertEqual(new_policy.viewers, policy.viewers)
+        if topic.check_iam_permissions([PUBSUB_TOPICS_GET_IAM_POLICY]):
+            policy = topic.get_iam_policy()
+            policy.viewers.add(policy.user('jjg@google.com'))
+            new_policy = topic.set_iam_policy(policy)
+            self.assertEqual(new_policy.viewers, policy.viewers)
 
     def test_subscription_iam_policy(self):
+        from gcloud.pubsub.iam import PUBSUB_SUBSCRIPTIONS_GET_IAM_POLICY
         self._maybe_emulator_skip()
         topic_name = 'test-sub-iam-policy-topic' + unique_resource_id('-')
         topic = Config.CLIENT.topic(topic_name)
@@ -215,10 +218,12 @@ def test_subscription_iam_policy(self):
             count -= 1
         self.assertTrue(subscription.exists())
         self.to_delete.insert(0, subscription)
-        policy = subscription.get_iam_policy()
-        policy.viewers.add(policy.user('jjg@google.com'))
-        new_policy = subscription.set_iam_policy(policy)
-        self.assertEqual(new_policy.viewers, policy.viewers)
+        if subscription.check_iam_permissions(
+                [PUBSUB_SUBSCRIPTIONS_GET_IAM_POLICY]):
+            policy = subscription.get_iam_policy()
+            policy.viewers.add(policy.user('jjg@google.com'))
+            new_policy = subscription.set_iam_policy(policy)
+            self.assertEqual(new_policy.viewers, policy.viewers)
 
     def test_fetch_delete_subscription_w_deleted_topic(self):
         TO_DELETE = 'delete-me' + unique_resource_id('-')