Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(IAM Policy Management): add support for v2/policies #184

Merged
merged 4 commits into from
Jan 25, 2023
Merged

feat(IAM Policy Management): add support for v2/policies #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2164dc3
feat(IAM Policy Management): add support for v2/policies
swcolley Dec 7, 2022
c141a12
Merge branch 'main' into v2-policies
padamstx Jan 24, 2023
fa920d0
fix(IAM Policy Management): update time-based condition example and p…
swcolley Jan 24, 2023
416a082
Merge branch 'v2-policies' of https://github.com/IBM/platform-service…
swcolley Jan 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
236 changes: 217 additions & 19 deletions examples/test_iam_policy_management_v1_examples.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,15 +144,15 @@ def test_get_policy_example(self):
pytest.fail(str(e))

@needscredentials
def test_update_policy_example(self):
def test_replace_policy_example(self):
"""
update_policy request example
replace_policy request example
"""
try:
global example_updated_policy_etag

print('\nupdate_policy() result:')
# begin-update_policy
print('\nreplace_policy() result:')
# begin-replace_policy

policy_subjects = PolicySubject(attributes=[SubjectAttribute(name='iam_id', value=example_user_id)])
account_id_resource_attribute = ResourceAttribute(name='accountId', value=example_account_id)
Expand All @@ -163,7 +163,7 @@ def test_update_policy_example(self):
)
updated_policy_roles = PolicyRole(role_id='crn:v1:bluemix:public:iam::::role:Editor')

response = iam_policy_management_service.update_policy(
response = iam_policy_management_service.replace_policy(
type='access',
policy_id=example_policy_id,
if_match=example_policy_etag,
Expand All @@ -175,30 +175,30 @@ def test_update_policy_example(self):

print(json.dumps(policy, indent=2))

# end-update_policy
# end-replace_policy

example_updated_policy_etag = response.get_headers().get("Etag")

except ApiException as e:
pytest.fail(str(e))

@needscredentials
def test_patch_policy_example(self):
def test_update_policy_state_example(self):
"""
patch_policy request example
update_policy_state request example
"""
try:

print('\npatch_policy() result:')
# begin-patch_policy
print('\nupdate_policy_state() result:')
# begin-update_policy_state

policy = iam_policy_management_service.patch_policy(
policy = iam_policy_management_service.update_policy_state(
policy_id=example_policy_id, if_match=example_updated_policy_etag, state='active'
).get_result()

print(json.dumps(policy, indent=2))

# end-patch_policy
# end-update_policy_state

except ApiException as e:
pytest.fail(str(e))
Expand Down Expand Up @@ -243,6 +243,201 @@ def test_delete_policy_example(self):
except ApiException as e:
pytest.fail(str(e))

@needscredentials
def test_create_v2_policy_example(self):
"""
create_v2_policy request example
"""
try:
global example_policy_id

print('\ncreate_v2_policy() result:')
# begin-create_v2_policy

policy_subject = V2PolicySubject(
attributes=[V2PolicySubjectAttribute(key='iam_id', value=example_user_id, operator='stringEquals')]
)
policy_role = PolicyRole(role_id='crn:v1:bluemix:public:iam::::role:Viewer')
account_id_resource_attribute = V2PolicyResourceAttribute(
key='accountId', value=example_account_id, operator='stringEquals'
)
service_name_resource_attribute = V2PolicyResourceAttribute(
key='serviceType', value='service', operator='stringEquals'
)
policy_resource_tag = V2PolicyResourceTag(key='project', value='prototype', operator='stringEquals')
policy_resource = V2PolicyResource(
attributes=[account_id_resource_attribute, service_name_resource_attribute], tags=[policy_resource_tag]
)
policy_control = Control(grant=V2PolicyGrant(roles=[policy_role]))
policy_rule = V2PolicyRuleRuleWithConditions(
operator='and',
conditions=[
RuleAttribute(
key='{{environment.attributes.day_of_week}}',
operator='dayOfWeekAnyOf',
value=['1+00:00', '2+00:00', '3+00:00', '4+00:00', '5+00:00'],
),
RuleAttribute(
key='{{environment.attributes.current_time}}',
operator='timeGreaterThanOrEquals',
value='09:00:00+00:00',
),
RuleAttribute(
key='{{environment.attributes.current_time}}',
operator='timeLessThanOrEquals',
value='17:00:00+00:00',
),
],
)
policy_pattern = 'time-based-conditions:weekly:custom-hours'

policy = iam_policy_management_service.create_v2_policy(
type='access',
subject=policy_subject,
control=policy_control,
resource=policy_resource,
rule=policy_rule,
pattern=policy_pattern,
).get_result()

print(json.dumps(policy, indent=2))

# end-create_v2_policy

example_policy_id = policy['id']

except ApiException as e:
pytest.fail(str(e))

@needscredentials
def test_get_v2_policy_example(self):
"""
get_v2_policy request example
"""
try:
global example_policy_etag

print('\nget_v2_policy() result:')
# begin-get_v2_policy

response = iam_policy_management_service.get_v2_policy(id=example_policy_id)
policy = response.get_result()

print(json.dumps(policy, indent=2))

# end-get_v2_policy

example_policy_etag = response.get_headers().get("Etag")

except ApiException as e:
pytest.fail(str(e))

@needscredentials
def test_replace_v2_policy_example(self):
"""
replace_v2_policy request example
"""
try:

print('\nreplace_v2_policy() result:')
# begin-replace_v2_policy

policy_subject = V2PolicySubject(
attributes=[V2PolicySubjectAttribute(key='iam_id', value=example_user_id, operator='stringEquals')]
)
updated_policy_role = PolicyRole(role_id='crn:v1:bluemix:public:iam::::role:Editor')
account_id_resource_attribute = V2PolicyResourceAttribute(
key='accountId', value=example_account_id, operator='stringEquals'
)
service_name_resource_attribute = V2PolicyResourceAttribute(
key='serviceType', value='service', operator='stringEquals'
)
policy_resource_tag = V2PolicyResourceTag(key='project', value='prototype', operator='stringEquals')
policy_resource = PolicyResource(
attributes=[account_id_resource_attribute, service_name_resource_attribute], tags=[policy_resource_tag]
)
policy_control = Control(grant=V2PolicyGrant(roles=[updated_policy_role]))
policy_rule = V2PolicyRuleRuleWithConditions(
operator='and',
conditions=[
RuleAttribute(
key='{{environment.attributes.day_of_week}}',
operator='dayOfWeekAnyOf',
value=['1+00:00', '2+00:00', '3+00:00', '4+00:00', '5+00:00'],
),
RuleAttribute(
key='{{environment.attributes.current_time}}',
operator='timeGreaterThanOrEquals',
value='09:00:00+00:00',
),
RuleAttribute(
key='{{environment.attributes.current_time}}',
operator='timeLessThanOrEquals',
value='17:00:00+00:00',
),
],
)
policy_pattern = 'time-based-conditions:weekly:custom-hours'

response = iam_policy_management_service.replace_v2_policy(
type='access',
id=example_policy_id,
if_match=example_policy_etag,
subject=policy_subject,
control=policy_control,
resource=policy_resource,
rule=policy_rule,
pattern=policy_pattern,
)
policy = response.get_result()

print(json.dumps(policy, indent=2))

# end-replace_v2_policy

except ApiException as e:
pytest.fail(str(e))

@needscredentials
def test_list_v2_policies_example(self):
"""
list_v2_policies request example
"""
try:

print('\nlist_v2_policies() result:')
# begin-list_v2_policies

policy_list = iam_policy_management_service.list_v2_policies(
account_id=example_account_id, iam_id=example_user_id, format='include_last_permit'
).get_result()

print(json.dumps(policy_list, indent=2))

# end-list_v2_policies

except ApiException as e:
pytest.fail(str(e))

@needscredentials
def test_delete_v2_policy_example(self):
"""
delete_v2_policy request example
"""
try:

print('\ndelete_v2_policy() result:')
# begin-delete_v2_policy

response = iam_policy_management_service.delete_v2_policy(id=example_policy_id).get_result()

print(json.dumps(response, indent=2))

# end-delete_v2_policy

except ApiException as e:
pytest.fail(str(e))

@needscredentials
def test_create_role_example(self):
"""
Expand Down Expand Up @@ -295,23 +490,26 @@ def test_get_role_example(self):
pytest.fail(str(e))

@needscredentials
def test_update_role_example(self):
def test_replace_role_example(self):
"""
update_role request example
replace_role request example
"""
try:

print('\nupdate_role() result:')
# begin-update_role
print('\nreplace_role() result:')
# begin-replace_role

updated_role_actions = ['iam-groups.groups.read', 'iam-groups.groups.list']
custom_role = iam_policy_management_service.update_role(
role_id=example_custom_role_id, if_match=example_custom_role_etag, actions=updated_role_actions
custom_role = iam_policy_management_service.replace_role(
role_id=example_custom_role_id,
if_match=example_custom_role_etag,
actions=updated_role_actions,
display_name='IAM Groups read access',
).get_result()

print(json.dumps(custom_role, indent=2))

# end-update_role
# end-replace_role

except ApiException as e:
pytest.fail(str(e))
Expand Down
Loading