From 8bbe5b89c0e95ebc179f6e5194b2c61d6634ee89 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Wed, 27 May 2020 23:45:51 -0700 Subject: [PATCH] chore: re-order methodst (#11) --- .../services/registration_service/client.py | 138 +++++++++++++----- scripts/fixup_keywords.py | 2 +- synth.metadata | 2 +- .../test_registration_service.py | 67 +++++---- 4 files changed, 139 insertions(+), 70 deletions(-) diff --git a/google/cloud/servicedirectory_v1beta1/services/registration_service/client.py b/google/cloud/servicedirectory_v1beta1/services/registration_service/client.py index c6177106..24c06ee7 100644 --- a/google/cloud/servicedirectory_v1beta1/services/registration_service/client.py +++ b/google/cloud/servicedirectory_v1beta1/services/registration_service/client.py @@ -150,6 +150,22 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): from_service_account_json = from_service_account_file + @staticmethod + def service_path(project: str, location: str, namespace: str, service: str) -> str: + """Return a fully-qualified service string.""" + return "projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}".format( + project=project, location=location, namespace=namespace, service=service + ) + + @staticmethod + def parse_service_path(path: str) -> Dict[str, str]: + """Parse a service path into its component segments.""" + m = re.match( + r"^projects/(?P.+?)/locations/(?P.+?)/namespaces/(?P.+?)/services/(?P.+?)$", + path, + ) + return m.groupdict() if m else {} + @staticmethod def endpoint_path( project: str, location: str, namespace: str, service: str, endpoint: str @@ -172,22 +188,6 @@ def parse_endpoint_path(path: str) -> Dict[str, str]: ) return m.groupdict() if m else {} - @staticmethod - def service_path(project: str, location: str, namespace: str, service: str) -> str: - """Return a fully-qualified service string.""" - return "projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}".format( - project=project, location=location, namespace=namespace, service=service - ) - - @staticmethod - def parse_service_path(path: str) -> Dict[str, str]: - """Parse a service path into its component segments.""" - m = re.match( - r"^projects/(?P.+?)/locations/(?P.+?)/namespaces/(?P.+?)/services/(?P.+?)$", - path, - ) - return m.groupdict() if m else {} - @staticmethod def namespace_path(project: str, location: str, namespace: str) -> str: """Return a fully-qualified namespace string.""" @@ -1444,36 +1444,67 @@ def get_iam_policy( It is used to specify access control policies for Cloud Platform resources. - A ``Policy`` consists of a list of ``bindings``. A - ``Binding`` binds a list of ``members`` to a ``role``, - where the members can be user accounts, Google groups, - Google domains, and service accounts. A ``role`` is a - named list of permissions defined by IAM. + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members`` to a single + ``role``. Members can be user accounts, service + accounts, Google groups, and domains (such as G Suite). + A ``role`` is a named list of permissions (defined by + IAM or configured by users). A ``binding`` can + optionally specify a ``condition``, which is a logic + expression that further constrains the role binding + based on attributes about the request and/or target + resource. - **Example** + **JSON Example** :: { "bindings": [ { - "role": "roles/owner", + "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", - "serviceAccount:my-other-app@appspot.gserviceaccount.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { - "role": "roles/viewer", - "members": ["user:sean@example.com"] + "role": "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", + } } ] } + **YAML Example** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + For a description of IAM and its features, see the `IAM - developer's guide `__. + developer's + guide `__. """ # Create or coerce a protobuf request object. @@ -1525,36 +1556,67 @@ def set_iam_policy( It is used to specify access control policies for Cloud Platform resources. - A ``Policy`` consists of a list of ``bindings``. A - ``Binding`` binds a list of ``members`` to a ``role``, - where the members can be user accounts, Google groups, - Google domains, and service accounts. A ``role`` is a - named list of permissions defined by IAM. + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members`` to a single + ``role``. Members can be user accounts, service + accounts, Google groups, and domains (such as G Suite). + A ``role`` is a named list of permissions (defined by + IAM or configured by users). A ``binding`` can + optionally specify a ``condition``, which is a logic + expression that further constrains the role binding + based on attributes about the request and/or target + resource. - **Example** + **JSON Example** :: { "bindings": [ { - "role": "roles/owner", + "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", - "serviceAccount:my-other-app@appspot.gserviceaccount.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { - "role": "roles/viewer", - "members": ["user:sean@example.com"] + "role": "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", + } } ] } + **YAML Example** + + :: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + For a description of IAM and its features, see the `IAM - developer's guide `__. + developer's + guide `__. """ # Create or coerce a protobuf request object. diff --git a/scripts/fixup_keywords.py b/scripts/fixup_keywords.py index efa2d35b..cfd0f676 100644 --- a/scripts/fixup_keywords.py +++ b/scripts/fixup_keywords.py @@ -47,7 +47,7 @@ class servicedirectoryCallTransformer(cst.CSTTransformer): 'delete_namespace': ('name', ), 'delete_service': ('name', ), 'get_endpoint': ('name', ), - 'get_iam_policy': ('resource', ), + 'get_iam_policy': ('resource', 'options', ), 'get_namespace': ('name', ), 'get_service': ('name', ), 'list_endpoints': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), diff --git a/synth.metadata b/synth.metadata index 2e76c672..a957e5e1 100644 --- a/synth.metadata +++ b/synth.metadata @@ -4,7 +4,7 @@ "git": { "name": ".", "remote": "https://github.com/googleapis/python-service-directory.git", - "sha": "f00742670168646d1028ef740e574e244316a76c" + "sha": "6f15919759b7aff0da589b8e4c62bba17a43003e" } }, { diff --git a/tests/unit/servicedirectory_v1beta1/test_registration_service.py b/tests/unit/servicedirectory_v1beta1/test_registration_service.py index fd58e4cc..56a58ac2 100644 --- a/tests/unit/servicedirectory_v1beta1/test_registration_service.py +++ b/tests/unit/servicedirectory_v1beta1/test_registration_service.py @@ -40,9 +40,11 @@ from google.cloud.servicedirectory_v1beta1.types import service from google.cloud.servicedirectory_v1beta1.types import service as gcs_service from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore +from google.iam.v1 import options_pb2 as options # type: ignore from google.iam.v1 import policy_pb2 as policy # type: ignore from google.oauth2 import service_account from google.protobuf import field_mask_pb2 as field_mask # type: ignore +from google.type import expr_pb2 as expr # type: ignore def client_cert_source_callback(): @@ -1454,7 +1456,12 @@ def test_get_iam_policy_from_dict(): # Designate an appropriate return value for the call. call.return_value = policy.Policy() - response = client.get_iam_policy(request={"resource": "resource_value"}) + response = client.get_iam_policy( + request={ + "resource": "resource_value", + "options": options.GetPolicyOptions(requested_policy_version=2598), + } + ) call.assert_called() @@ -1721,6 +1728,35 @@ def test_registration_service_grpc_transport_channel_mtls_with_adc( assert transport.grpc_channel == mock_grpc_channel +def test_service_path(): + project = "squid" + location = "clam" + namespace = "whelk" + service = "octopus" + + expected = "projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}".format( + project=project, location=location, namespace=namespace, service=service + ) + actual = RegistrationServiceClient.service_path( + project, location, namespace, service + ) + assert expected == actual + + +def test_parse_service_path(): + expected = { + "project": "oyster", + "location": "nudibranch", + "namespace": "cuttlefish", + "service": "mussel", + } + path = RegistrationServiceClient.service_path(**expected) + + # Check that the path construction is reversible. + actual = RegistrationServiceClient.parse_service_path(path) + assert expected == actual + + def test_endpoint_path(): project = "squid" location = "clam" @@ -1756,35 +1792,6 @@ def test_parse_endpoint_path(): assert expected == actual -def test_service_path(): - project = "squid" - location = "clam" - namespace = "whelk" - service = "octopus" - - expected = "projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}".format( - project=project, location=location, namespace=namespace, service=service - ) - actual = RegistrationServiceClient.service_path( - project, location, namespace, service - ) - assert expected == actual - - -def test_parse_service_path(): - expected = { - "project": "oyster", - "location": "nudibranch", - "namespace": "cuttlefish", - "service": "mussel", - } - path = RegistrationServiceClient.service_path(**expected) - - # Check that the path construction is reversible. - actual = RegistrationServiceClient.parse_service_path(path) - assert expected == actual - - def test_namespace_path(): project = "squid" location = "clam"