Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Pub/Sub IAM methods and tests #1231

Merged
merged 2 commits into from
Sep 9, 2016
Merged

Add support for Pub/Sub IAM methods and tests #1231

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e2ddc4b
Add support for Pub/Sub IAM methods and tests
mziccard Sep 8, 2016
c2a7027
Add IAM methods to PubSubExample
mziccard Sep 8, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
192 changes: 191 additions & 1 deletion google-cloud-examples/src/main/java/com/google/cloud/examples/pubsub/PubSubExample.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@

package com.google.cloud.examples.pubsub;

import com.google.cloud.Identity;
import com.google.cloud.Policy;
import com.google.cloud.Role;
import com.google.cloud.pubsub.Message;
import com.google.cloud.pubsub.PubSub;
import com.google.cloud.pubsub.PubSub.MessageProcessor;
Expand Down Expand Up @@ -61,7 +64,13 @@
* delete topic <topic>
* delete subscription <subscription>
* info topic <topic>
* info subscription <subscription>"}</pre>
* info subscription <subscription>
* get-policy topic <resourceName>
* get-policy subscription <resourceName>
* add-identity topic <resourceName> <role> <identity>
* add-identity subscription <resourceName> <role> <identity>
* test-permissions topic <resourceName> <permission>+
* test-permissions subscription <resourceName> <permission>+"}</pre>
*
* <p>The first parameter is an optional {@code project_id} (logged-in project will be used if not
* supplied). Second parameter is a Pub/Sub operation and can be used to demonstrate its usage. For
Expand All @@ -76,6 +85,9 @@ public class PubSubExample {
private static final Map<String, PubSubAction> LIST_ACTIONS = new HashMap<>();
private static final Map<String, PubSubAction> DELETE_ACTIONS = new HashMap<>();
private static final Map<String, PubSubAction> PULL_ACTIONS = new HashMap<>();
private static final Map<String, PubSubAction> GET_IAM_ACTIONS = new HashMap<>();
private static final Map<String, PubSubAction> REPLACE_IAM_ACTIONS = new HashMap<>();
private static final Map<String, PubSubAction> TEST_IAM_ACTIONS = new HashMap<>();
private static final Map<String, PubSubAction> ACTIONS = new HashMap<>();

private abstract static class PubSubAction<T> {
Expand Down Expand Up @@ -627,6 +639,175 @@ public String params() {
}
}

private abstract static class GetPolicyAction extends PubSubAction<String> {
@Override
String parse(String... args) throws Exception {
String message;
if (args.length == 1) {
return args[0];
} else if (args.length > 1) {
message = "Too many arguments.";
} else {
message = "Missing required resource name";
}
throw new IllegalArgumentException(message);
}

@Override
public String params() {
return "<resourceName>";
}
}

/**
* This class demonstrates how to get the IAM policy of a topic.
*
* @see <a href="https://cloud.google.com/pubsub/docs/access_control">Access Control</a>
*/
private static class GetTopicPolicyAction extends GetPolicyAction {
@Override
public void run(PubSub pubsub, String topic) throws Exception {
Policy policy = pubsub.getTopicPolicy(topic);
System.out.printf("Policy for topic %s%n", topic);
System.out.println(policy);
}
}

/**
* This class demonstrates how to get the IAM policy of a subscription.
*
* @see <a href="https://cloud.google.com/pubsub/docs/access_control">Access Control</a>
*/
private static class GetSubscriptionPolicyAction extends GetPolicyAction {
@Override
public void run(PubSub pubsub, String subscription) throws Exception {
Policy policy = pubsub.getSubscriptionPolicy(subscription);
System.out.printf("Policy for subscription %s%n", subscription);
System.out.println(policy);
}
}

private abstract static class AddIdentityAction
extends PubSubAction<Tuple<String, Tuple<Role, Identity>>> {
@Override
Tuple<String, Tuple<Role, Identity>> parse(String... args) throws Exception {
String message;
if (args.length == 3) {
String resourceName = args[0];
Role role = Role.of(args[1]);
Identity identity = Identity.valueOf(args[2]);
return Tuple.of(resourceName, Tuple.of(role, identity));
} else if (args.length > 2) {
message = "Too many arguments.";
} else {
message = "Missing required resource name, role and identity";
}
throw new IllegalArgumentException(message);
}

@Override
public String params() {
return "<resourceName> <role> <identity>";
}
}

/**
* This class demonstrates how to add an identity to a certain role in a topic's IAM policy.
*
* @see <a href="https://cloud.google.com/pubsub/docs/access_control">Access Control</a>
*/
private static class AddIdentityTopicAction extends AddIdentityAction {
@Override
public void run(PubSub pubsub, Tuple<String, Tuple<Role, Identity>> param) throws Exception {
String topic = param.x();
Tuple<Role, Identity> roleAndIdentity = param.y();
Role role = roleAndIdentity.x();
Identity identity = roleAndIdentity.y();
Policy policy = pubsub.getTopicPolicy(topic);
policy = pubsub.replaceTopicPolicy(topic,
policy.toBuilder().addIdentity(role, identity).build());
System.out.printf("Added role %s to identity %s for topic %s%n", role, identity, topic);
System.out.println(policy);
}
}

/**
* This class demonstrates how to add an identity to a certain role in a subscription's IAM
* policy.
*
* @see <a href="https://cloud.google.com/pubsub/docs/access_control">Access Control</a>
*/
private static class AddIdentitySubscriptionAction extends AddIdentityAction {
@Override
public void run(PubSub pubsub, Tuple<String, Tuple<Role, Identity>> param) throws Exception {
String subscription = param.x();
Tuple<Role, Identity> roleAndIdentity = param.y();
Role role = roleAndIdentity.x();
Identity identity = roleAndIdentity.y();
Policy policy = pubsub.getSubscriptionPolicy(subscription);
policy = pubsub.replaceSubscriptionPolicy(subscription,
policy.toBuilder().addIdentity(role, identity).build());
System.out.printf("Added role %s to identity %s for subscription %s%n", role, identity,
subscription);
System.out.println(policy);
}
}

private abstract static class TestPermissionsAction
extends PubSubAction<Tuple<String, List<String>>> {
@Override
Tuple<String, List<String>> parse(String... args) throws Exception {
if (args.length >= 2) {
String resourceName = args[0];
return Tuple.of(resourceName, Arrays.asList(Arrays.copyOfRange(args, 1, args.length)));
}
throw new IllegalArgumentException("Missing required resource name and permissions");
}

@Override
public String params() {
return "<resourceName> <permission>+";
}
}

/**
* This class demonstrates how to test whether the caller has the provided permissions on a topic.
*
* @see <a href="https://cloud.google.com/pubsub/docs/access_control">Access Control</a>
*/
private static class TestTopicPermissionsAction extends TestPermissionsAction {
@Override
public void run(PubSub pubsub, Tuple<String, List<String>> param) throws Exception {
String topic = param.x();
List<String> permissions = param.y();
List<Boolean> booleanPermissions = pubsub.testTopicPermissions(topic, permissions);
System.out.printf("Caller permissions on topic %s%n", topic);
for (int i = 0; i < permissions.size(); i++) {
System.out.printf("%s: %b%n", permissions.get(i), booleanPermissions.get(i));
}
}
}

/**
* This class demonstrates how to test whether the caller has the provided permissions on a
* subscription.
*
* @see <a href="https://cloud.google.com/pubsub/docs/access_control">Access Control</a>
*/
private static class TestSubscriptionPermissionsAction extends TestPermissionsAction {
@Override
public void run(PubSub pubsub, Tuple<String, List<String>> param) throws Exception {
String subscription = param.x();
List<String> permissions = param.y();
List<Boolean> booleanPermissions =
pubsub.testSubscriptionPermissions(subscription, permissions);
System.out.printf("Caller permissions on subscription %s%n", subscription);
for (int i = 0; i < permissions.size(); i++) {
System.out.printf("%s: %b%n", permissions.get(i), booleanPermissions.get(i));
}
}
}

static {
CREATE_ACTIONS.put("topic", new CreateTopicAction());
CREATE_ACTIONS.put("subscription", new CreateSubscriptionAction());
Expand All @@ -638,11 +819,20 @@ public String params() {
DELETE_ACTIONS.put("subscription", new DeleteSubscriptionAction());
PULL_ACTIONS.put("async", new PullAsyncAction());
PULL_ACTIONS.put("sync", new PullSyncAction());
GET_IAM_ACTIONS.put("topic", new GetTopicPolicyAction());
GET_IAM_ACTIONS.put("subscription", new GetSubscriptionPolicyAction());
REPLACE_IAM_ACTIONS.put("topic", new AddIdentityTopicAction());
REPLACE_IAM_ACTIONS.put("subscription", new AddIdentitySubscriptionAction());
TEST_IAM_ACTIONS.put("topic", new TestTopicPermissionsAction());
TEST_IAM_ACTIONS.put("subscription", new TestSubscriptionPermissionsAction());
ACTIONS.put("create", new ParentAction(CREATE_ACTIONS));
ACTIONS.put("info", new ParentAction(INFO_ACTIONS));
ACTIONS.put("list", new ParentAction(LIST_ACTIONS));
ACTIONS.put("delete", new ParentAction(DELETE_ACTIONS));
ACTIONS.put("pull", new ParentAction(PULL_ACTIONS));
ACTIONS.put("get-policy", new ParentAction(GET_IAM_ACTIONS));
ACTIONS.put("add-identity", new ParentAction(REPLACE_IAM_ACTIONS));
ACTIONS.put("test-permissions", new ParentAction(TEST_IAM_ACTIONS));
ACTIONS.put("publish", new PublishMessagesAction());
ACTIONS.put("replace-push-config", new ReplacePushConfigAction());
ACTIONS.put("ack", new AckMessagesAction());
Expand Down
36 changes: 36 additions & 0 deletions google-cloud-pubsub/src/main/java/com/google/cloud/pubsub/PolicyMarshaller.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
/*
* Copyright 2016 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.google.cloud.pubsub;

import com.google.cloud.Policy;

final class PolicyMarshaller extends Policy.DefaultMarshaller {

static final PolicyMarshaller INSTANCE = new PolicyMarshaller();

private PolicyMarshaller() {}

@Override
protected com.google.iam.v1.Policy toPb(Policy policy) {
return super.toPb(policy);
}

@Override
protected Policy fromPb(com.google.iam.v1.Policy policyPb) {
return super.fromPb(policyPb);
}
}
Loading