Skip to content

Commit

Permalink
Make known roles constants.
Browse files Browse the repository at this point in the history 
Addresses:
#1640 (comment)
  • Loading branch information
@tseaver
tseaver committed Mar 22, 2016
1 parent 2a52215 commit ebf5051
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 12 deletions.
16 changes: 10 additions & 6 deletions gcloud/pubsub/iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@
# limitations under the License.
"""PubSub API IAM policy definitions"""

_OWNER_ROLE = 'roles/owner'
_WRITER_ROLE = 'roles/writer'
_READER_ROLE = 'roles/reader'


class Policy(object):
"""Combined IAM Policy / Bindings.
Expand Down Expand Up @@ -116,11 +120,11 @@ def from_api_repr(cls, resource):
for binding in resource.get('bindings', ()):
role = binding['role']
members = set(binding['members'])
if role == 'roles/owner':
if role == _OWNER_ROLE:
policy.owners = members
elif role == 'roles/writer':
elif role == _WRITER_ROLE:
policy.writers = members
elif role == 'roles/reader':
elif role == _READER_ROLE:
policy.readers = members
else:
raise ValueError('Unknown role: %s' % (role,))
Expand All @@ -144,15 +148,15 @@ def to_api_repr(self):

if self.owners:
bindings.append(
{'role': 'roles/owner', 'members': sorted(self.owners)})
{'role': _OWNER_ROLE, 'members': sorted(self.owners)})

if self.writers:
bindings.append(
{'role': 'roles/writer', 'members': sorted(self.writers)})
{'role': _WRITER_ROLE, 'members': sorted(self.writers)})

if self.readers:
bindings.append(
{'role': 'roles/reader', 'members': sorted(self.readers)})
{'role': _READER_ROLE, 'members': sorted(self.readers)})

if bindings:
resource['bindings'] = bindings
Expand Down
14 changes: 8 additions & 6 deletions gcloud/pubsub/test_iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ def test_from_api_repr_only_etag(self):
self.assertEqual(list(policy.readers), [])

def test_from_api_repr_complete(self):
from gcloud.pubsub.iam import _OWNER_ROLE, _WRITER_ROLE, _READER_ROLE
OWNER1 = 'user:phred@example.com'
OWNER2 = 'group:cloud-logs@google.com'
WRITER1 = 'domain:google.com'
Expand All @@ -97,9 +98,9 @@ def test_from_api_repr_complete(self):
'etag': 'DEADBEEF',
'version': 17,
'bindings': [
{'role': 'roles/owner', 'members': [OWNER1, OWNER2]},
{'role': 'roles/writer', 'members': [WRITER1, WRITER2]},
{'role': 'roles/reader', 'members': [READER1, READER2]},
{'role': _OWNER_ROLE, 'members': [OWNER1, OWNER2]},
{'role': _WRITER_ROLE, 'members': [WRITER1, WRITER2]},
{'role': _READER_ROLE, 'members': [READER1, READER2]},
],
}
klass = self._getTargetClass()
Expand Down Expand Up @@ -133,6 +134,7 @@ def test_to_api_repr_only_etag(self):
self.assertEqual(policy.to_api_repr(), {'etag': 'DEADBEEF'})

def test_to_api_repr_full(self):
from gcloud.pubsub.iam import _OWNER_ROLE, _WRITER_ROLE, _READER_ROLE
OWNER1 = 'group:cloud-logs@google.com'
OWNER2 = 'user:phred@example.com'
WRITER1 = 'domain:google.com'
Expand All @@ -143,9 +145,9 @@ def test_to_api_repr_full(self):
'etag': 'DEADBEEF',
'version': 17,
'bindings': [
{'role': 'roles/owner', 'members': [OWNER1, OWNER2]},
{'role': 'roles/writer', 'members': [WRITER1, WRITER2]},
{'role': 'roles/reader', 'members': [READER1, READER2]},
{'role': _OWNER_ROLE, 'members': [OWNER1, OWNER2]},
{'role': _WRITER_ROLE, 'members': [WRITER1, WRITER2]},
{'role': _READER_ROLE, 'members': [READER1, READER2]},
],
}
policy = self._makeOne('DEADBEEF', 17)
Expand Down

0 comments on commit ebf5051

Please sign in to comment.