Add project role identities to the Identity helper (#1718)

In addition to the standard IAM identities, project membership identities are also supported. For instance, a role can be applied to only the Editors of a project.
googleapis · Mar 9, 2017 · 76d2a71 · 76d2a71
1 parent a32c41a
commit 76d2a71
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 1 deletion.
diff --git a/google-cloud-core/src/main/java/com/google/cloud/Identity.java b/google-cloud-core/src/main/java/com/google/cloud/Identity.java
@@ -78,7 +78,22 @@ public enum Type {
     /**
      * Represents all the users of a Google Apps domain name.
      */
-    DOMAIN
+    DOMAIN,
+
+    /**
+     * Represents owners of a Google Cloud Platform project.
+     */
+    PROJECT_OWNER,
+
+    /**
+     * Represents editors of a Google Cloud Platform project.
+     */
+    PROJECT_EDITOR,
+
+    /**
+     * Represents viewers of a Google Cloud Platform project.
+     */
+    PROJECT_VIEWER
   }
 
   private Identity(Type type, String value) {
@@ -161,6 +176,30 @@ public static Identity group(String email) {
   public static Identity domain(String domain) {
     return new Identity(Type.DOMAIN, checkNotNull(domain));
   }
+
+  /**
+   * Returns a new project owner identity.
+   * @param projectId A Google Cloud Platform project ID. For example, <I>my-sample-project</I>.
+   */
+  public static Identity projectOwner(String projectId) {
+    return new Identity(Type.PROJECT_OWNER, checkNotNull(projectId));
+  }
+
+  /**
+   * Returns a new project editor identity.
+   * @param projectId A Google Cloud Platform project ID. For example, <I>my-sample-project</I>.
+   */
+  public static Identity projectEditor(String projectId) {
+    return new Identity(Type.PROJECT_EDITOR, checkNotNull(projectId));
+  }
+
+  /**
+   * Returns a new project viewer identity.
+   * @param projectId A Google Cloud Platform project ID. For example, <I>my-sample-project</I>.
+   */
+  public static Identity projectViewer(String projectId) {
+    return new Identity(Type.PROJECT_VIEWER, checkNotNull(projectId));
+  }
 
   @Override
   public String toString() {
@@ -199,6 +238,12 @@ public String strValue() {
         return "group:" + value;
       case DOMAIN:
         return "domain:" + value;
+      case PROJECT_OWNER:
+        return "projectOwner:" + value;
+      case PROJECT_EDITOR:
+        return "projectEditor:" + value;
+      case PROJECT_VIEWER:
+        return "projectViewer:" + value;
       default:
         throw new IllegalStateException("Unexpected identity type: " + type);
     }
@@ -224,6 +269,12 @@ public static Identity valueOf(String identityStr) {
         return Identity.group(info[1]);
       case DOMAIN:
         return Identity.domain(info[1]);
+      case PROJECT_OWNER:
+        return Identity.projectOwner(info[1]);
+      case PROJECT_EDITOR:
+        return Identity.projectEditor(info[1]);
+      case PROJECT_VIEWER:
+        return Identity.projectViewer(info[1]);
       default:
         throw new IllegalStateException("Unexpected identity type " + type);
     }

diff --git a/google-cloud-core/src/test/java/com/google/cloud/IdentityTest.java b/google-cloud-core/src/test/java/com/google/cloud/IdentityTest.java
@@ -30,6 +30,9 @@ public class IdentityTest {
       Identity.serviceAccount("service-account@gmail.com");
   private static final Identity GROUP = Identity.group("group@gmail.com");
   private static final Identity DOMAIN = Identity.domain("google.com");
+  private static final Identity PROJECT_OWNER = Identity.projectOwner("my-sample-project");
+  private static final Identity PROJECT_EDITOR = Identity.projectEditor("my-sample-project");
+  private static final Identity PROJECT_VIEWER = Identity.projectViewer("my-sample-project");
 
   @Test
   public void testAllUsers() {
@@ -93,6 +96,39 @@ public void testDomainNullId() {
     Identity.domain(null);
   }
 
+  @Test
+  public void testProjectOwner() {
+    assertEquals(Identity.Type.PROJECT_OWNER, PROJECT_OWNER.getType());
+    assertEquals("my-sample-project", PROJECT_OWNER.getValue());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testProjectOwnerNullId() {
+    Identity.projectOwner(null);
+  }
+
+  @Test
+  public void testProjectEditor() {
+    assertEquals(Identity.Type.PROJECT_EDITOR, PROJECT_EDITOR.getType());
+    assertEquals("my-sample-project", PROJECT_EDITOR.getValue());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testProjectEditorNullId() {
+    Identity.projectEditor(null);
+  }
+
+  @Test
+  public void testProjectViewer() {
+    assertEquals(Identity.Type.PROJECT_VIEWER, PROJECT_VIEWER.getType());
+    assertEquals("my-sample-project", PROJECT_VIEWER.getValue());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testProjectViewerNullId() {
+    Identity.projectViewer(null);
+  }
+
   @Test
   public void testIdentityToAndFromPb() {
     compareIdentities(ALL_USERS, Identity.valueOf(ALL_USERS.strValue()));
@@ -101,6 +137,9 @@ public void testIdentityToAndFromPb() {
     compareIdentities(SERVICE_ACCOUNT, Identity.valueOf(SERVICE_ACCOUNT.strValue()));
     compareIdentities(GROUP, Identity.valueOf(GROUP.strValue()));
     compareIdentities(DOMAIN, Identity.valueOf(DOMAIN.strValue()));
+    compareIdentities(PROJECT_OWNER, Identity.valueOf(PROJECT_OWNER.strValue()));
+    compareIdentities(PROJECT_EDITOR, Identity.valueOf(PROJECT_EDITOR.strValue()));
+    compareIdentities(PROJECT_VIEWER, Identity.valueOf(PROJECT_VIEWER.strValue()));
   }
 
   private void compareIdentities(Identity expected, Identity actual) {