From 187e98c5e1f4eb7a7d05fcee377fa3777fa1406b Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 6 Feb 2020 03:26:36 -0800 Subject: [PATCH 01/14] Add IAM Conditions support --- .../google/cloud/storage/PolicyHelper.java | 43 ++++-- .../com/google/cloud/storage/Storage.java | 4 + .../cloud/storage/spi/v1/HttpStorageRpc.java | 13 +- .../cloud/storage/spi/v1/StorageRpc.java | 3 +- .../cloud/storage/it/ITStorageTest.java | 129 ++++++++++++++++++ pom.xml | 2 +- 6 files changed, 176 insertions(+), 18 deletions(-) diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java index aa2901ecb..756d592a1 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java @@ -16,10 +16,13 @@ package com.google.cloud.storage; +import com.google.api.services.storage.model.Expr; import com.google.api.services.storage.model.Policy.Bindings; -import com.google.cloud.Identity; import com.google.cloud.Policy; -import com.google.cloud.Role; +import com.google.cloud.Binding; +import com.google.cloud.Condition; +import com.google.common.collect.ImmutableList; + import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -35,29 +38,47 @@ static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy Policy.Builder policyBuilder = Policy.newBuilder(); List bindings = apiPolicy.getBindings(); if (null != bindings && !bindings.isEmpty()) { + ImmutableList.Builder coreBindings = ImmutableList.builder(); for (Bindings binding : bindings) { + Binding.Builder bindingBuilder = Binding.newBuilder(); + bindingBuilder.setRole(binding.getRole()); for (String member : binding.getMembers()) { - policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); + bindingBuilder.addMembers(member); + } + if (null != binding.getCondition()) { + Condition.Builder conditionBuilder = Condition.newBuilder(); + conditionBuilder.setTitle(binding.getCondition().getTitle()); + conditionBuilder.setDescription(binding.getCondition().getDescription()); + conditionBuilder.setExpression(binding.getCondition().getExpression()); + bindingBuilder.setCondition(conditionBuilder.build()); } + coreBindings.add(bindingBuilder.build()); } + policyBuilder.setBindings(coreBindings.build()); } else { throw new IllegalStateException("Missing required bindings."); } - return policyBuilder.setEtag(apiPolicy.getEtag()).build(); + return policyBuilder.setEtag(apiPolicy.getEtag()).setVersion(apiPolicy.getVersion()).build(); } static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy policy) { - List bindings = new ArrayList<>(policy.getBindings().size()); - for (Map.Entry> entry : policy.getBindings().entrySet()) { - List members = new ArrayList<>(entry.getValue().size()); - for (Identity identity : entry.getValue()) { - members.add(identity.strValue()); + List bindings = new ArrayList<>(policy.getBindingsList().size()); + for (Binding binding : policy.getBindingsList()) { + Bindings apiBinding = new Bindings(); + apiBinding.setRole(binding.getRole()); + apiBinding.setMembers(new ArrayList<>(binding.getMembers())); + if (null != binding.getCondition()) { + Expr expr = new Expr(); + expr.setTitle(binding.getCondition().getTitle()); + expr.setDescription(binding.getCondition().getDescription()); + expr.setExpression(binding.getCondition().getExpression()); + apiBinding.setCondition(expr); } - bindings.add(new Bindings().setMembers(members).setRole(entry.getKey().getValue())); + bindings.add(apiBinding); } return new com.google.api.services.storage.model.Policy() .setBindings(bindings) - .setEtag(policy.getEtag()); + .setVersion(policy.getVersion()); } private PolicyHelper() { diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java index 98f304dd8..5a6d61a14 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java @@ -269,6 +269,10 @@ public static BucketSourceOption metagenerationNotMatch(long metageneration) { public static BucketSourceOption userProject(String userProject) { return new BucketSourceOption(StorageRpc.Option.USER_PROJECT, userProject); } + + public static BucketSourceOption requestedPolicyVersion(long version) { + return new BucketSourceOption(StorageRpc.Option.REQUESTED_POLICY_VERSION, version); + } } /** Class for specifying listHmacKeys options */ diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java index afd45ae01..a03714267 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java @@ -1376,11 +1376,14 @@ public Policy getIamPolicy(String bucket, Map options) { Span span = startSpan(HttpStorageRpcSpans.SPAN_NAME_GET_BUCKET_IAM_POLICY); Scope scope = tracer.withSpan(span); try { - return storage - .buckets() - .getIamPolicy(bucket) - .setUserProject(Option.USER_PROJECT.getString(options)) - .execute(); + Storage.Buckets.GetIamPolicy getIamPolicy = storage + .buckets() + .getIamPolicy(bucket) + .setUserProject(Option.USER_PROJECT.getString(options)); + if (null != Option.REQUESTED_POLICY_VERSION.getLong(options)) { + getIamPolicy.setOptionsRequestedPolicyVersion(Option.REQUESTED_POLICY_VERSION.getLong(options).intValue()); + } + return getIamPolicy.execute(); } catch (IOException ex) { span.setStatus(Status.UNKNOWN.withDescription(ex.getMessage())); throw translate(ex); diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/StorageRpc.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/StorageRpc.java index 439d4b175..36c7a5ff1 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/StorageRpc.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/StorageRpc.java @@ -64,7 +64,8 @@ enum Option { USER_PROJECT("userProject"), KMS_KEY_NAME("kmsKeyName"), SERVICE_ACCOUNT_EMAIL("serviceAccount"), - SHOW_DELETED_KEYS("showDeletedKeys"); + SHOW_DELETED_KEYS("showDeletedKeys"), + REQUESTED_POLICY_VERSION("optionsRequestedPolicyVersion"); private final String value; diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index e1788e6b6..5818cd100 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -35,6 +35,7 @@ import com.google.auth.ServiceAccountSigner; import com.google.auth.http.HttpTransportFactory; import com.google.auth.oauth2.GoogleCredentials; +import com.google.cloud.Condition; import com.google.cloud.Identity; import com.google.cloud.Policy; import com.google.cloud.ReadChannel; @@ -102,6 +103,7 @@ import java.net.URLConnection; import java.nio.ByteBuffer; import java.security.Key; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -2329,6 +2331,8 @@ public void testReadCompressedBlob() throws IOException { public void testBucketPolicy() { testBucketPolicyRequesterPays(true); testBucketPolicyRequesterPays(false); + //testBucketPolicyV3RequesterPays(true); + testBucketPolicyV3RequesterPays(false); } private void testBucketPolicyRequesterPays(boolean requesterPays) { @@ -2398,6 +2402,131 @@ private void testBucketPolicyRequesterPays(boolean requesterPays) { bucketOptions)); } + private void testBucketPolicyV3RequesterPays(boolean requesterPays) { + if (requesterPays) { + Bucket remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ID)); + assertNull(remoteBucket.requesterPays()); + remoteBucket = remoteBucket.toBuilder().setRequesterPays(true).build(); + Bucket updatedBucket = storage.update(remoteBucket); + assertTrue(updatedBucket.requesterPays()); + } + // Enable Uniform Bucket-Level Access + storage.update(BucketInfo.newBuilder(BUCKET).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build()); + String projectId = remoteStorageHelper.getOptions().getProjectId(); + + Storage.BucketSourceOption[] bucketOptions = + requesterPays + ? new Storage.BucketSourceOption[] {Storage.BucketSourceOption.requestedPolicyVersion(3), + Storage.BucketSourceOption.userProject(projectId)} + : new Storage.BucketSourceOption[] {Storage.BucketSourceOption.requestedPolicyVersion(3)}; + Identity projectOwner = Identity.projectOwner(projectId); + Identity projectEditor = Identity.projectEditor(projectId); + Identity projectViewer = Identity.projectViewer(projectId); + List bindingsWithoutPublicRead = + ImmutableList.of( + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()) + .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()) + .setMembers(ImmutableList.of(projectViewer.strValue())) + .build() + ); + List bindingsWithPublicRead = + ImmutableList.of( + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()) + .setMembers(ImmutableList.of(projectViewer.strValue())) + .build(), + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()) + .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()) + .setMembers(ImmutableList.of("allUsers")).build() + ); + + List bindingsWithConditionalPolicy = + ImmutableList.of( + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()) + .setMembers(ImmutableList.of(projectViewer.strValue())) + .build(), + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()) + .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), + com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()) + .setMembers(ImmutableList.of("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com")) + .setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()) + .build() + ); + + // Validate getting policy. + Policy currentPolicy = storage.getIamPolicy(BUCKET, bucketOptions); + assertEquals(bindingsWithoutPublicRead, currentPolicy.getBindingsList()); + + // Validate updating policy. + List currentBindings = new ArrayList(currentPolicy.getBindingsList()); + currentBindings.add(com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyObjectReader().getValue()) + .addMembers(Identity.allUsers().strValue()).build()); + Policy updatedPolicy = + storage.setIamPolicy( + BUCKET, + currentPolicy + .toBuilder() + .setBindings(currentBindings) + .build(), + bucketOptions); + assertTrue(bindingsWithPublicRead.size() == updatedPolicy.getBindingsList().size() && bindingsWithPublicRead.containsAll(updatedPolicy.getBindingsList())); + + // Remove a member + List updatedBindings = new ArrayList(updatedPolicy.getBindingsList()); + for (int i = 0; i < updatedBindings.size(); ++i) { + com.google.cloud.Binding binding = updatedBindings.get(i); + if (binding.getRole().equals(StorageRoles.legacyObjectReader().toString())) { + List members = new ArrayList(binding.getMembers()); + members.remove(Identity.allUsers().strValue()); + updatedBindings.set(i, binding.toBuilder().setMembers(members).build()); + break; + } + } + + updatedPolicy.toBuilder().setBindings(updatedBindings); + Policy revertedPolicy = + storage.setIamPolicy( + BUCKET, + updatedPolicy + .toBuilder() + .setBindings(updatedBindings) + .build(), + bucketOptions); + + assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindingsList()); + assertTrue(bindingsWithoutPublicRead.size() == revertedPolicy.getBindingsList().size() && bindingsWithoutPublicRead.containsAll(revertedPolicy.getBindingsList())); + + // Add Conditional Policy + List conditionalBindings = new ArrayList(revertedPolicy.getBindingsList()); + conditionalBindings.add(com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyObjectReader().toString()) + .addMembers("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com") + .setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()) + .build()); + Policy conditionalPolicy = + storage.setIamPolicy( + BUCKET, + currentPolicy + .toBuilder() + .setBindings(conditionalBindings) + .setVersion(3) + .build(), + bucketOptions); + assertTrue(bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() && bindingsWithConditionalPolicy.containsAll(conditionalPolicy.getBindingsList())); + + + // Validate testing permissions. + List expectedPermissions = ImmutableList.of(true, true); + assertEquals( + expectedPermissions, + storage.testIamPermissions( + BUCKET, + ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), + bucketOptions)); + } + @Test public void testUpdateBucketLabel() { Bucket remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ID)); diff --git a/pom.xml b/pom.xml index de0421be9..907342ae5 100644 --- a/pom.xml +++ b/pom.xml @@ -63,7 +63,7 @@ UTF-8 github google-cloud-storage-parent - 1.91.3 + 1.92.3-SNAPSHOT 1.8.1 4.13 1.4.1 From ef9a53d29bb90c0ee873e08d54b3459aabd81c68 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 6 Feb 2020 10:41:19 -0800 Subject: [PATCH 02/14] format --- .../google/cloud/storage/PolicyHelper.java | 5 +- .../cloud/storage/spi/v1/HttpStorageRpc.java | 6 +- .../cloud/storage/it/ITStorageTest.java | 169 ++++++++++-------- 3 files changed, 104 insertions(+), 76 deletions(-) diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java index 756d592a1..41e38582b 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java @@ -18,15 +18,12 @@ import com.google.api.services.storage.model.Expr; import com.google.api.services.storage.model.Policy.Bindings; -import com.google.cloud.Policy; import com.google.cloud.Binding; import com.google.cloud.Condition; +import com.google.cloud.Policy; import com.google.common.collect.ImmutableList; - import java.util.ArrayList; import java.util.List; -import java.util.Map; -import java.util.Set; /** * Helper for converting between the Policy model provided by the API and the Policy model provided diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java index a03714267..af0166733 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java @@ -1376,12 +1376,14 @@ public Policy getIamPolicy(String bucket, Map options) { Span span = startSpan(HttpStorageRpcSpans.SPAN_NAME_GET_BUCKET_IAM_POLICY); Scope scope = tracer.withSpan(span); try { - Storage.Buckets.GetIamPolicy getIamPolicy = storage + Storage.Buckets.GetIamPolicy getIamPolicy = + storage .buckets() .getIamPolicy(bucket) .setUserProject(Option.USER_PROJECT.getString(options)); if (null != Option.REQUESTED_POLICY_VERSION.getLong(options)) { - getIamPolicy.setOptionsRequestedPolicyVersion(Option.REQUESTED_POLICY_VERSION.getLong(options).intValue()); + getIamPolicy.setOptionsRequestedPolicyVersion( + Option.REQUESTED_POLICY_VERSION.getLong(options).intValue()); } return getIamPolicy.execute(); } catch (IOException ex) { diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 5818cd100..0ae74a58c 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2331,7 +2331,7 @@ public void testReadCompressedBlob() throws IOException { public void testBucketPolicy() { testBucketPolicyRequesterPays(true); testBucketPolicyRequesterPays(false); - //testBucketPolicyV3RequesterPays(true); + // testBucketPolicyV3RequesterPays(true); testBucketPolicyV3RequesterPays(false); } @@ -2411,48 +2411,75 @@ private void testBucketPolicyV3RequesterPays(boolean requesterPays) { assertTrue(updatedBucket.requesterPays()); } // Enable Uniform Bucket-Level Access - storage.update(BucketInfo.newBuilder(BUCKET).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build()); + storage.update( + BucketInfo.newBuilder(BUCKET) + .setIamConfiguration( + BucketInfo.IamConfiguration.newBuilder() + .setIsUniformBucketLevelAccessEnabled(true) + .build()) + .build()); String projectId = remoteStorageHelper.getOptions().getProjectId(); Storage.BucketSourceOption[] bucketOptions = - requesterPays - ? new Storage.BucketSourceOption[] {Storage.BucketSourceOption.requestedPolicyVersion(3), - Storage.BucketSourceOption.userProject(projectId)} - : new Storage.BucketSourceOption[] {Storage.BucketSourceOption.requestedPolicyVersion(3)}; + requesterPays + ? new Storage.BucketSourceOption[] { + Storage.BucketSourceOption.requestedPolicyVersion(3), + Storage.BucketSourceOption.userProject(projectId) + } + : new Storage.BucketSourceOption[] { + Storage.BucketSourceOption.requestedPolicyVersion(3) + }; Identity projectOwner = Identity.projectOwner(projectId); Identity projectEditor = Identity.projectEditor(projectId); Identity projectViewer = Identity.projectViewer(projectId); List bindingsWithoutPublicRead = - ImmutableList.of( - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()) - .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()) - .setMembers(ImmutableList.of(projectViewer.strValue())) - .build() - ); + ImmutableList.of( + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyBucketOwner().toString()) + .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())) + .build(), + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyBucketReader().toString()) + .setMembers(ImmutableList.of(projectViewer.strValue())) + .build()); List bindingsWithPublicRead = - ImmutableList.of( - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()) - .setMembers(ImmutableList.of(projectViewer.strValue())) - .build(), - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()) - .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()) - .setMembers(ImmutableList.of("allUsers")).build() - ); + ImmutableList.of( + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyBucketReader().toString()) + .setMembers(ImmutableList.of(projectViewer.strValue())) + .build(), + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyBucketOwner().toString()) + .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())) + .build(), + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyObjectReader().toString()) + .setMembers(ImmutableList.of("allUsers")) + .build()); List bindingsWithConditionalPolicy = - ImmutableList.of( - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()) - .setMembers(ImmutableList.of(projectViewer.strValue())) - .build(), - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()) - .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), - com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()) - .setMembers(ImmutableList.of("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com")) - .setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()) - .build() - ); + ImmutableList.of( + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyBucketReader().toString()) + .setMembers(ImmutableList.of(projectViewer.strValue())) + .build(), + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyBucketOwner().toString()) + .setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())) + .build(), + com.google.cloud.Binding.newBuilder() + .setRole(StorageRoles.legacyObjectReader().toString()) + .setMembers( + ImmutableList.of( + "serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com")) + .setCondition( + Condition.newBuilder() + .setTitle("Title") + .setDescription("Description") + .setExpression( + "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")") + .build()) + .build()); // Validate getting policy. Policy currentPolicy = storage.getIamPolicy(BUCKET, bucketOptions); @@ -2460,18 +2487,17 @@ private void testBucketPolicyV3RequesterPays(boolean requesterPays) { // Validate updating policy. List currentBindings = new ArrayList(currentPolicy.getBindingsList()); - currentBindings.add(com.google.cloud.Binding.newBuilder() + currentBindings.add( + com.google.cloud.Binding.newBuilder() .setRole(StorageRoles.legacyObjectReader().getValue()) - .addMembers(Identity.allUsers().strValue()).build()); + .addMembers(Identity.allUsers().strValue()) + .build()); Policy updatedPolicy = - storage.setIamPolicy( - BUCKET, - currentPolicy - .toBuilder() - .setBindings(currentBindings) - .build(), - bucketOptions); - assertTrue(bindingsWithPublicRead.size() == updatedPolicy.getBindingsList().size() && bindingsWithPublicRead.containsAll(updatedPolicy.getBindingsList())); + storage.setIamPolicy( + BUCKET, currentPolicy.toBuilder().setBindings(currentBindings).build(), bucketOptions); + assertTrue( + bindingsWithPublicRead.size() == updatedPolicy.getBindingsList().size() + && bindingsWithPublicRead.containsAll(updatedPolicy.getBindingsList())); // Remove a member List updatedBindings = new ArrayList(updatedPolicy.getBindingsList()); @@ -2487,44 +2513,47 @@ private void testBucketPolicyV3RequesterPays(boolean requesterPays) { updatedPolicy.toBuilder().setBindings(updatedBindings); Policy revertedPolicy = - storage.setIamPolicy( - BUCKET, - updatedPolicy - .toBuilder() - .setBindings(updatedBindings) - .build(), - bucketOptions); + storage.setIamPolicy( + BUCKET, updatedPolicy.toBuilder().setBindings(updatedBindings).build(), bucketOptions); assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindingsList()); - assertTrue(bindingsWithoutPublicRead.size() == revertedPolicy.getBindingsList().size() && bindingsWithoutPublicRead.containsAll(revertedPolicy.getBindingsList())); + assertTrue( + bindingsWithoutPublicRead.size() == revertedPolicy.getBindingsList().size() + && bindingsWithoutPublicRead.containsAll(revertedPolicy.getBindingsList())); // Add Conditional Policy - List conditionalBindings = new ArrayList(revertedPolicy.getBindingsList()); - conditionalBindings.add(com.google.cloud.Binding.newBuilder() + List conditionalBindings = + new ArrayList(revertedPolicy.getBindingsList()); + conditionalBindings.add( + com.google.cloud.Binding.newBuilder() .setRole(StorageRoles.legacyObjectReader().toString()) - .addMembers("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com") - .setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()) + .addMembers( + "serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com") + .setCondition( + Condition.newBuilder() + .setTitle("Title") + .setDescription("Description") + .setExpression( + "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")") + .build()) .build()); Policy conditionalPolicy = - storage.setIamPolicy( - BUCKET, - currentPolicy - .toBuilder() - .setBindings(conditionalBindings) - .setVersion(3) - .build(), - bucketOptions); - assertTrue(bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() && bindingsWithConditionalPolicy.containsAll(conditionalPolicy.getBindingsList())); - + storage.setIamPolicy( + BUCKET, + currentPolicy.toBuilder().setBindings(conditionalBindings).setVersion(3).build(), + bucketOptions); + assertTrue( + bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() + && bindingsWithConditionalPolicy.containsAll(conditionalPolicy.getBindingsList())); // Validate testing permissions. List expectedPermissions = ImmutableList.of(true, true); assertEquals( - expectedPermissions, - storage.testIamPermissions( - BUCKET, - ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), - bucketOptions)); + expectedPermissions, + storage.testIamPermissions( + BUCKET, + ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), + bucketOptions)); } @Test From f7e160916ffa5a52e699b3096f9dfb94f9f2c66e Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 6 Feb 2020 12:09:26 -0800 Subject: [PATCH 03/14] wip --- .../src/main/java/com/google/cloud/storage/PolicyHelper.java | 1 + 1 file changed, 1 insertion(+) diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java index 41e38582b..4b240b99e 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java @@ -75,6 +75,7 @@ static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy po } return new com.google.api.services.storage.model.Policy() .setBindings(bindings) + .setEtag(policy.getEtag()) .setVersion(policy.getVersion()); } From 1160ad5cd32d8ca486a6f4276deabcece9b426ad Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 6 Feb 2020 12:48:53 -0800 Subject: [PATCH 04/14] set version in mock policies --- .../com/google/cloud/storage/PolicyHelperTest.java | 12 ++++++------ .../com/google/cloud/storage/StorageImplTest.java | 11 ++++++++--- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java index 2e50797e2..9ebdd3a99 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java @@ -55,12 +55,12 @@ public void testEquivalence() { .setRole("roles/storage.objectAdmin"))) .setEtag(ETAG); - Policy actualLibPolicy = PolicyHelper.convertFromApiPolicy(apiPolicy); - com.google.api.services.storage.model.Policy actualApiPolicy = - PolicyHelper.convertToApiPolicy(libPolicy); - - assertEquals(libPolicy, actualLibPolicy); - assertTrue(new ApiPolicyMatcher(apiPolicy).matches(actualApiPolicy)); +// Policy actualLibPolicy = PolicyHelper.convertFromApiPolicy(apiPolicy); +// com.google.api.services.storage.model.Policy actualApiPolicy = +// PolicyHelper.convertToApiPolicy(libPolicy); +// +// assertEquals(libPolicy, actualLibPolicy); +// assertTrue(new ApiPolicyMatcher(apiPolicy).matches(actualApiPolicy)); } @Test(expected = IllegalStateException.class) diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java index 59e1f8d2c..6b4784312 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java @@ -288,6 +288,7 @@ public class StorageImplTest { Identity.user("test1@gmail.com"), Identity.user("test2@gmail.com")) .setEtag(POLICY_ETAG1) + .setVersion(1) .build(); private static final ServiceAccount SERVICE_ACCOUNT = ServiceAccount.of("test@google.com"); @@ -302,7 +303,8 @@ public class StorageImplTest { new Bindings() .setMembers(ImmutableList.of("user:test1@gmail.com", "user:test2@gmail.com")) .setRole("roles/storage.objectAdmin"))) - .setEtag(POLICY_ETAG1); + .setEtag(POLICY_ETAG1) + .setVersion(1); private static final String PRIVATE_KEY_STRING = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoG" @@ -2847,7 +2849,8 @@ public void testSetIamPolicy() { new Bindings() .setMembers(ImmutableList.of("group:test-group@gmail.com")) .setRole("roles/storage.admin"))) - .setEtag(POLICY_ETAG1); + .setEtag(POLICY_ETAG1) + .setVersion(1); // postCommitApiPolicy is identical but for the etag, which has been updated. com.google.api.services.storage.model.Policy postCommitApiPolicy = new com.google.api.services.storage.model.Policy() @@ -2863,7 +2866,8 @@ public void testSetIamPolicy() { new Bindings() .setMembers(ImmutableList.of("group:test-group@gmail.com")) .setRole("roles/storage.admin"))) - .setEtag(POLICY_ETAG2); + .setEtag(POLICY_ETAG2) + .setVersion(1); Policy postCommitLibPolicy = Policy.newBuilder() .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) @@ -2873,6 +2877,7 @@ public void testSetIamPolicy() { Identity.user("test2@gmail.com")) .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .setEtag(POLICY_ETAG2) + .setVersion(1) .build(); EasyMock.expect(storageRpcMock.getIamPolicy(BUCKET_NAME1, EMPTY_RPC_OPTIONS)) From 938c9fe1373d0f5de8a5fca125a6b090f53b9b71 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Tue, 11 Feb 2020 15:04:37 -0800 Subject: [PATCH 05/14] wip --- .../google/cloud/storage/PolicyHelperTest.java | 16 +++++++++------- pom.xml | 2 +- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java index 9ebdd3a99..dd5c0f78a 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java @@ -41,6 +41,7 @@ public void testEquivalence() { Identity.user("test1@gmail.com"), Identity.user("test2@gmail.com")) .setEtag(ETAG) + .setVersion(1) .build(); com.google.api.services.storage.model.Policy apiPolicy = new com.google.api.services.storage.model.Policy() @@ -53,14 +54,15 @@ public void testEquivalence() { .setMembers( ImmutableList.of("user:test1@gmail.com", "user:test2@gmail.com")) .setRole("roles/storage.objectAdmin"))) - .setEtag(ETAG); + .setEtag(ETAG) + .setVersion(1); + + Policy actualLibPolicy = PolicyHelper.convertFromApiPolicy(apiPolicy); + com.google.api.services.storage.model.Policy actualApiPolicy = + PolicyHelper.convertToApiPolicy(libPolicy); -// Policy actualLibPolicy = PolicyHelper.convertFromApiPolicy(apiPolicy); -// com.google.api.services.storage.model.Policy actualApiPolicy = -// PolicyHelper.convertToApiPolicy(libPolicy); -// -// assertEquals(libPolicy, actualLibPolicy); -// assertTrue(new ApiPolicyMatcher(apiPolicy).matches(actualApiPolicy)); + assertEquals(libPolicy, actualLibPolicy); + assertTrue(new ApiPolicyMatcher(apiPolicy).matches(actualApiPolicy)); } @Test(expected = IllegalStateException.class) diff --git a/pom.xml b/pom.xml index 907342ae5..c0e52f1d7 100644 --- a/pom.xml +++ b/pom.xml @@ -82,7 +82,7 @@ com.google.http-client google-http-client-bom - 1.34.1 + 1.34.1-SNAPSHOT pom import From d7a4077d2c087a162a128ef68b177bde85c3abfb Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Wed, 26 Feb 2020 15:13:35 -0800 Subject: [PATCH 06/14] address comments --- .../src/main/java/com/google/cloud/storage/PolicyHelper.java | 2 +- .../test/java/com/google/cloud/storage/it/ITStorageTest.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java index 4b240b99e..bfe849566 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java @@ -64,7 +64,7 @@ static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy po Bindings apiBinding = new Bindings(); apiBinding.setRole(binding.getRole()); apiBinding.setMembers(new ArrayList<>(binding.getMembers())); - if (null != binding.getCondition()) { + if (binding.getCondition() != null) { Expr expr = new Expr(); expr.setTitle(binding.getCondition().getTitle()); expr.setDescription(binding.getCondition().getDescription()); diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 0ae74a58c..be35f8599 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2331,7 +2331,7 @@ public void testReadCompressedBlob() throws IOException { public void testBucketPolicy() { testBucketPolicyRequesterPays(true); testBucketPolicyRequesterPays(false); - // testBucketPolicyV3RequesterPays(true); + testBucketPolicyV3RequesterPays(true); testBucketPolicyV3RequesterPays(false); } @@ -2501,7 +2501,7 @@ private void testBucketPolicyV3RequesterPays(boolean requesterPays) { // Remove a member List updatedBindings = new ArrayList(updatedPolicy.getBindingsList()); - for (int i = 0; i < updatedBindings.size(); ++i) { + for (int i = 0; i < updatedBindings.size(); i++) { com.google.cloud.Binding binding = updatedBindings.get(i); if (binding.getRole().equals(StorageRoles.legacyObjectReader().toString())) { List members = new ArrayList(binding.getMembers()); From 8ad50430dc508c6a5b33008f679547707e399785 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Wed, 26 Feb 2020 15:15:58 -0800 Subject: [PATCH 07/14] fix pom. --- pom.xml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pom.xml b/pom.xml index a1d5551b2..24855ff2b 100644 --- a/pom.xml +++ b/pom.xml @@ -82,11 +82,7 @@ com.google.http-client google-http-client-bom -<<<<<<< HEAD 1.34.1-SNAPSHOT -======= - 1.34.2 ->>>>>>> master pom import From 6284c4032f696595cf53d0d4d828c2822eab8e80 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Wed, 26 Feb 2020 15:16:47 -0800 Subject: [PATCH 08/14] revert http-client-bom --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 24855ff2b..c47603dcb 100644 --- a/pom.xml +++ b/pom.xml @@ -82,7 +82,7 @@ com.google.http-client google-http-client-bom - 1.34.1-SNAPSHOT + 1.34.2 pom import From 7117481c0d1fc913eddcbbe2f6089f3b49d38bfd Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Wed, 26 Feb 2020 22:08:34 -0800 Subject: [PATCH 09/14] address feedback --- .../main/java/com/google/cloud/storage/PolicyHelper.java | 6 ++---- pom.xml | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java index bfe849566..e198d853b 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java @@ -39,10 +39,8 @@ static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy for (Bindings binding : bindings) { Binding.Builder bindingBuilder = Binding.newBuilder(); bindingBuilder.setRole(binding.getRole()); - for (String member : binding.getMembers()) { - bindingBuilder.addMembers(member); - } - if (null != binding.getCondition()) { + bindingBuilder.setMembers(binding.getMembers()); + if (binding.getCondition() != null) { Condition.Builder conditionBuilder = Condition.newBuilder(); conditionBuilder.setTitle(binding.getCondition().getTitle()); conditionBuilder.setDescription(binding.getCondition().getDescription()); diff --git a/pom.xml b/pom.xml index c47603dcb..b80cf54f0 100644 --- a/pom.xml +++ b/pom.xml @@ -63,7 +63,7 @@ UTF-8 github google-cloud-storage-parent - 1.92.3-SNAPSHOT + 1.92.6-SNAPSHOT 1.8.1 4.13 1.4.1 From 8606ab7578ca9ebae455c005a45c2adfd7b7eadc Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 27 Feb 2020 11:39:08 -0800 Subject: [PATCH 10/14] address integration tests feedback --- .../cloud/storage/it/ITStorageTest.java | 105 ++++++++++++------ 1 file changed, 68 insertions(+), 37 deletions(-) diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 2c5774a92..92f171f8a 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2343,28 +2343,16 @@ public void testReadCompressedBlob() throws IOException { } @Test - public void testBucketPolicy() { - testBucketPolicyRequesterPays(true); - testBucketPolicyRequesterPays(false); - testBucketPolicyV3RequesterPays(true); - testBucketPolicyV3RequesterPays(false); - } - - private void testBucketPolicyRequesterPays(boolean requesterPays) { - if (requesterPays) { - Bucket remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ID)); - assertNull(remoteBucket.requesterPays()); - remoteBucket = remoteBucket.toBuilder().setRequesterPays(true).build(); - Bucket updatedBucket = storage.update(remoteBucket); - assertTrue(updatedBucket.requesterPays()); - } + public void testBucketPolicyV1RequesterPays() { + Bucket remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ID)); + assertNull(remoteBucket.requesterPays()); + remoteBucket = remoteBucket.toBuilder().setRequesterPays(true).build(); + Bucket updatedBucket = storage.update(remoteBucket); + assertTrue(updatedBucket.requesterPays()); String projectId = remoteStorageHelper.getOptions().getProjectId(); - Storage.BucketSourceOption[] bucketOptions = - requesterPays - ? new Storage.BucketSourceOption[] {Storage.BucketSourceOption.userProject(projectId)} - : new Storage.BucketSourceOption[] {}; + Storage.BucketSourceOption[] bucketOptions = new Storage.BucketSourceOption[] {Storage.BucketSourceOption.userProject(projectId)}; Identity projectOwner = Identity.projectOwner(projectId); Identity projectEditor = Identity.projectEditor(projectId); Identity projectViewer = Identity.projectViewer(projectId); @@ -2417,14 +2405,65 @@ private void testBucketPolicyRequesterPays(boolean requesterPays) { bucketOptions)); } - private void testBucketPolicyV3RequesterPays(boolean requesterPays) { - if (requesterPays) { - Bucket remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ID)); - assertNull(remoteBucket.requesterPays()); - remoteBucket = remoteBucket.toBuilder().setRequesterPays(true).build(); - Bucket updatedBucket = storage.update(remoteBucket); - assertTrue(updatedBucket.requesterPays()); - } + @Test + public void testBucketPolicyV1() { + String projectId = remoteStorageHelper.getOptions().getProjectId(); + + Storage.BucketSourceOption[] bucketOptions = new Storage.BucketSourceOption[] {}; + Identity projectOwner = Identity.projectOwner(projectId); + Identity projectEditor = Identity.projectEditor(projectId); + Identity projectViewer = Identity.projectViewer(projectId); + Map> bindingsWithoutPublicRead = + ImmutableMap.of( + StorageRoles.legacyBucketOwner(), + new HashSet<>(Arrays.asList(projectOwner, projectEditor)), + StorageRoles.legacyBucketReader(), + (Set) new HashSet<>(Collections.singleton(projectViewer))); + Map> bindingsWithPublicRead = + ImmutableMap.of( + StorageRoles.legacyBucketOwner(), + new HashSet<>(Arrays.asList(projectOwner, projectEditor)), + StorageRoles.legacyBucketReader(), + new HashSet<>(Collections.singleton(projectViewer)), + StorageRoles.legacyObjectReader(), + (Set) new HashSet<>(Collections.singleton(Identity.allUsers()))); + + // Validate getting policy. + Policy currentPolicy = storage.getIamPolicy(BUCKET, bucketOptions); + assertEquals(bindingsWithoutPublicRead, currentPolicy.getBindings()); + + // Validate updating policy. + Policy updatedPolicy = + storage.setIamPolicy( + BUCKET, + currentPolicy + .toBuilder() + .addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) + .build(), + bucketOptions); + assertEquals(bindingsWithPublicRead, updatedPolicy.getBindings()); + Policy revertedPolicy = + storage.setIamPolicy( + BUCKET, + updatedPolicy + .toBuilder() + .removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) + .build(), + bucketOptions); + assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindings()); + + // Validate testing permissions. + List expectedPermissions = ImmutableList.of(true, true); + assertEquals( + expectedPermissions, + storage.testIamPermissions( + BUCKET, + ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), + bucketOptions)); + } + + @Test + public void testBucketPolicyV3() { // Enable Uniform Bucket-Level Access storage.update( BucketInfo.newBuilder(BUCKET) @@ -2435,13 +2474,7 @@ private void testBucketPolicyV3RequesterPays(boolean requesterPays) { .build()); String projectId = remoteStorageHelper.getOptions().getProjectId(); - Storage.BucketSourceOption[] bucketOptions = - requesterPays - ? new Storage.BucketSourceOption[] { - Storage.BucketSourceOption.requestedPolicyVersion(3), - Storage.BucketSourceOption.userProject(projectId) - } - : new Storage.BucketSourceOption[] { + Storage.BucketSourceOption[] bucketOptions = new Storage.BucketSourceOption[] { Storage.BucketSourceOption.requestedPolicyVersion(3) }; Identity projectOwner = Identity.projectOwner(projectId); @@ -2526,7 +2559,6 @@ private void testBucketPolicyV3RequesterPays(boolean requesterPays) { } } - updatedPolicy.toBuilder().setBindings(updatedBindings); Policy revertedPolicy = storage.setIamPolicy( BUCKET, updatedPolicy.toBuilder().setBindings(updatedBindings).build(), bucketOptions); @@ -2554,8 +2586,7 @@ private void testBucketPolicyV3RequesterPays(boolean requesterPays) { .build()); Policy conditionalPolicy = storage.setIamPolicy( - BUCKET, - currentPolicy.toBuilder().setBindings(conditionalBindings).setVersion(3).build(), + BUCKET, revertedPolicy.toBuilder().setBindings(conditionalBindings).setVersion(3).build(), bucketOptions); assertTrue( bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() From 3941f5c2b058bb5d6d7016bfb0413f2aaa1da2b4 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 27 Feb 2020 13:54:14 -0800 Subject: [PATCH 11/14] update core --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 84c793cd7..a041b946c 100644 --- a/pom.xml +++ b/pom.xml @@ -63,7 +63,7 @@ UTF-8 github google-cloud-storage-parent - 1.92.6-SNAPSHOT + 1.93.0 1.8.1 4.13 1.4.1 From 1dd83435b5ceebb89279499185034f4edd818965 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 27 Feb 2020 13:54:52 -0800 Subject: [PATCH 12/14] lint --- .../cloud/storage/it/ITStorageTest.java | 73 ++++++++++--------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 92f171f8a..dad7f3dd7 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2352,7 +2352,8 @@ public void testBucketPolicyV1RequesterPays() { String projectId = remoteStorageHelper.getOptions().getProjectId(); - Storage.BucketSourceOption[] bucketOptions = new Storage.BucketSourceOption[] {Storage.BucketSourceOption.userProject(projectId)}; + Storage.BucketSourceOption[] bucketOptions = + new Storage.BucketSourceOption[] {Storage.BucketSourceOption.userProject(projectId)}; Identity projectOwner = Identity.projectOwner(projectId); Identity projectEditor = Identity.projectEditor(projectId); Identity projectViewer = Identity.projectViewer(projectId); @@ -2414,19 +2415,19 @@ public void testBucketPolicyV1() { Identity projectEditor = Identity.projectEditor(projectId); Identity projectViewer = Identity.projectViewer(projectId); Map> bindingsWithoutPublicRead = - ImmutableMap.of( - StorageRoles.legacyBucketOwner(), - new HashSet<>(Arrays.asList(projectOwner, projectEditor)), - StorageRoles.legacyBucketReader(), - (Set) new HashSet<>(Collections.singleton(projectViewer))); + ImmutableMap.of( + StorageRoles.legacyBucketOwner(), + new HashSet<>(Arrays.asList(projectOwner, projectEditor)), + StorageRoles.legacyBucketReader(), + (Set) new HashSet<>(Collections.singleton(projectViewer))); Map> bindingsWithPublicRead = - ImmutableMap.of( - StorageRoles.legacyBucketOwner(), - new HashSet<>(Arrays.asList(projectOwner, projectEditor)), - StorageRoles.legacyBucketReader(), - new HashSet<>(Collections.singleton(projectViewer)), - StorageRoles.legacyObjectReader(), - (Set) new HashSet<>(Collections.singleton(Identity.allUsers()))); + ImmutableMap.of( + StorageRoles.legacyBucketOwner(), + new HashSet<>(Arrays.asList(projectOwner, projectEditor)), + StorageRoles.legacyBucketReader(), + new HashSet<>(Collections.singleton(projectViewer)), + StorageRoles.legacyObjectReader(), + (Set) new HashSet<>(Collections.singleton(Identity.allUsers()))); // Validate getting policy. Policy currentPolicy = storage.getIamPolicy(BUCKET, bucketOptions); @@ -2434,32 +2435,32 @@ public void testBucketPolicyV1() { // Validate updating policy. Policy updatedPolicy = - storage.setIamPolicy( - BUCKET, - currentPolicy - .toBuilder() - .addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) - .build(), - bucketOptions); + storage.setIamPolicy( + BUCKET, + currentPolicy + .toBuilder() + .addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) + .build(), + bucketOptions); assertEquals(bindingsWithPublicRead, updatedPolicy.getBindings()); Policy revertedPolicy = - storage.setIamPolicy( - BUCKET, - updatedPolicy - .toBuilder() - .removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) - .build(), - bucketOptions); + storage.setIamPolicy( + BUCKET, + updatedPolicy + .toBuilder() + .removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) + .build(), + bucketOptions); assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindings()); // Validate testing permissions. List expectedPermissions = ImmutableList.of(true, true); assertEquals( - expectedPermissions, - storage.testIamPermissions( - BUCKET, - ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), - bucketOptions)); + expectedPermissions, + storage.testIamPermissions( + BUCKET, + ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), + bucketOptions)); } @Test @@ -2474,9 +2475,8 @@ public void testBucketPolicyV3() { .build()); String projectId = remoteStorageHelper.getOptions().getProjectId(); - Storage.BucketSourceOption[] bucketOptions = new Storage.BucketSourceOption[] { - Storage.BucketSourceOption.requestedPolicyVersion(3) - }; + Storage.BucketSourceOption[] bucketOptions = + new Storage.BucketSourceOption[] {Storage.BucketSourceOption.requestedPolicyVersion(3)}; Identity projectOwner = Identity.projectOwner(projectId); Identity projectEditor = Identity.projectEditor(projectId); Identity projectViewer = Identity.projectViewer(projectId); @@ -2586,7 +2586,8 @@ public void testBucketPolicyV3() { .build()); Policy conditionalPolicy = storage.setIamPolicy( - BUCKET, revertedPolicy.toBuilder().setBindings(conditionalBindings).setVersion(3).build(), + BUCKET, + revertedPolicy.toBuilder().setBindings(conditionalBindings).setVersion(3).build(), bucketOptions); assertTrue( bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() From cff4242c62b9001a328ebe080c252b140a1c6f7e Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 27 Feb 2020 20:05:30 -0800 Subject: [PATCH 13/14] clean up ubla --- .../google/cloud/storage/it/ITStorageTest.java | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index dad7f3dd7..84f5eef68 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2593,6 +2593,13 @@ public void testBucketPolicyV3() { bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() && bindingsWithConditionalPolicy.containsAll(conditionalPolicy.getBindingsList())); + // Remove Conditional Policy + conditionalPolicy = + storage.setIamPolicy( + BUCKET, + conditionalPolicy.toBuilder().setBindings(updatedBindings).setVersion(3).build(), + bucketOptions); + // Validate testing permissions. List expectedPermissions = ImmutableList.of(true, true); assertEquals( @@ -2601,6 +2608,15 @@ public void testBucketPolicyV3() { BUCKET, ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), bucketOptions)); + + // Disable Uniform Bucket-Level Access + storage.update( + BucketInfo.newBuilder(BUCKET) + .setIamConfiguration( + BucketInfo.IamConfiguration.newBuilder() + .setIsUniformBucketLevelAccessEnabled(false) + .build()) + .build()); } @Test From 95a17dbffe62efe93f658c42c7d6dbebd140e456 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Thu, 27 Feb 2020 20:09:16 -0800 Subject: [PATCH 14/14] format --- .../cloud/storage/it/ITStorageTest.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 84f5eef68..f9b45c870 100644 --- a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2595,10 +2595,10 @@ public void testBucketPolicyV3() { // Remove Conditional Policy conditionalPolicy = - storage.setIamPolicy( - BUCKET, - conditionalPolicy.toBuilder().setBindings(updatedBindings).setVersion(3).build(), - bucketOptions); + storage.setIamPolicy( + BUCKET, + conditionalPolicy.toBuilder().setBindings(updatedBindings).setVersion(3).build(), + bucketOptions); // Validate testing permissions. List expectedPermissions = ImmutableList.of(true, true); @@ -2611,12 +2611,12 @@ public void testBucketPolicyV3() { // Disable Uniform Bucket-Level Access storage.update( - BucketInfo.newBuilder(BUCKET) - .setIamConfiguration( - BucketInfo.IamConfiguration.newBuilder() - .setIsUniformBucketLevelAccessEnabled(false) - .build()) - .build()); + BucketInfo.newBuilder(BUCKET) + .setIamConfiguration( + BucketInfo.IamConfiguration.newBuilder() + .setIsUniformBucketLevelAccessEnabled(false) + .build()) + .build()); } @Test