From 536c2cad814b8fa8cd346a3d7bd5f6b9889c4a6f Mon Sep 17 00:00:00 2001
From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com>
Date: Tue, 23 Mar 2021 13:16:34 -0600
Subject: [PATCH] fix: save empty IAM policy bindings (#155)

---
 google/api_core/iam.py |  5 ++++-
 tests/unit/test_iam.py | 18 +++++++++++++-----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/google/api_core/iam.py b/google/api_core/iam.py
index f1309360..d83cbf35 100644
--- a/google/api_core/iam.py
+++ b/google/api_core/iam.py
@@ -136,7 +136,10 @@ def __getitem__(self, key):
         for b in self._bindings:
             if b["role"] == key:
                 return b["members"]
-        return set()
+        # binding does not yet exist, create one
+        new_binding = {"role": key, "members": set()}
+        self._bindings.append(new_binding)
+        return new_binding["members"]
 
     def __setitem__(self, key, value):
         self.__check_version__()
diff --git a/tests/unit/test_iam.py b/tests/unit/test_iam.py
index 896e10de..f9771f0f 100644
--- a/tests/unit/test_iam.py
+++ b/tests/unit/test_iam.py
@@ -32,11 +32,11 @@ def test_ctor_defaults(self):
         policy = self._make_one()
         assert policy.etag is None
         assert policy.version is None
+        assert len(policy) == 0
+        assert dict(policy) == {}
         assert policy.owners == empty
         assert policy.editors == empty
         assert policy.viewers == empty
-        assert len(policy) == 0
-        assert dict(policy) == {}
 
     def test_ctor_explicit(self):
         VERSION = 1
@@ -45,16 +45,24 @@ def test_ctor_explicit(self):
         policy = self._make_one(ETAG, VERSION)
         assert policy.etag == ETAG
         assert policy.version == VERSION
+        assert len(policy) == 0
+        assert dict(policy) == {}
         assert policy.owners == empty
         assert policy.editors == empty
         assert policy.viewers == empty
-        assert len(policy) == 0
-        assert dict(policy) == {}
 
     def test___getitem___miss(self):
         policy = self._make_one()
         assert policy["nonesuch"] == set()
 
+    def test__getitem___and_set(self):
+        from google.api_core.iam import OWNER_ROLE
+        policy = self._make_one()
+
+        # get the policy using the getter and then modify it
+        policy[OWNER_ROLE].add("user:phred@example.com")
+        assert dict(policy) == {OWNER_ROLE: {"user:phred@example.com"}}
+
     def test___getitem___version3(self):
         policy = self._make_one("DEADBEEF", 3)
         with pytest.raises(InvalidOperationException, match=_DICT_ACCESS_MSG):
@@ -293,10 +301,10 @@ def test_from_api_repr_only_etag(self):
         policy = klass.from_api_repr(RESOURCE)
         assert policy.etag == "ACAB"
         assert policy.version is None
+        assert dict(policy) == {}
         assert policy.owners == empty
         assert policy.editors == empty
         assert policy.viewers == empty
-        assert dict(policy) == {}
 
     def test_from_api_repr_complete(self):
         from google.api_core.iam import OWNER_ROLE, EDITOR_ROLE, VIEWER_ROLE