8000 Add bucket-level IAM samples (#919) · bradfriedman/python-docs-samples@176955d · GitHub
[go: up one dir, main page]
Skip to content

Commit 176955d

Browse files
author
Jon Wayne Parrott
authored
Add bucket-level IAM samples (GoogleCloudPlatform#919)
* Add bucket-level IAM samples * Address review comments
1 parent 3e28627 commit 176955d

File tree

3 files changed

+142
-2
lines changed

3 files changed

+142
-2
lines changed

storage/cloud-client/iam.py

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
#!/usr/bin/env python
2+
3+
# Copyright 2017 Google, Inc.
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
"""This application demonstrates how to get and set IAM policies on Google
18+
Cloud Storage buckets.
19+
20+
For more information, see the documentation at
21+
https://cloud.google.com/storage/docs/access-control/using-iam-permissions.
22+
"""
23+
24+
import argparse
25+
26+
from google.cloud import storage
27+
28+
29+
def view_bucket_iam_members(bucket_name):
30+
storage_client = storage.Client()
31+
bucket = storage_client.bucket(bucket_name)
32+
33+
policy = bucket.get_iam_policy()
34+
35+
for role in policy:
36+
members = policy[role]
37+
print('Role: {}, Members: {}'.format(role, members))
38+
39+
40+
def add_bucket_iam_member(bucket_name, role, member):
41+
storage_client = storage.Client()
42+
bucket = storage_client.bucket(bucket_name)
43+
44+
policy = bucket.get_iam_policy()
45+
46+
policy[role].add(member)
47+
48+
bucket.set_iam_policy(policy)
49+
50+
print('Added {} with role {} to {}.'.format(
51+
member, role, bucket_name))
52+
53+
54+
def remove_bucket_iam_member(bucket_name, role, member):
55+
storage_client = storage.Client()
56+
bucket = storage_client.bucket(bucket_name)
57+
58+
policy = bucket.get_iam_policy()
59+
60+
policy[role].discard(member)
61+
62+
bucket.set_iam_policy(policy)
63+
64+
print('Removed {} with role {} from {}.'.format(
65+
member, role, bucket_name))
66+
67+
68+
if __name__ == '__main__':
69+
parser = argparse.ArgumentParser(
70+
description=__doc__,
71+
formatter_class=argparse.RawDescriptionHelpFormatter)
72+
parser.add_argument('bucket_name', help='Your Cloud Storage bucket name.')
73+
subparsers = parser.add_subparsers(dest='command')
74+
75+
subparsers.add_parser(
76+
'view-bucket-iam-members', help=view_bucket_iam_members.__doc__)
77+
78+
add_member_parser = subparsers.add_parser(
79+
'add-bucket-iam-member', help=add_bucket_iam_member.__doc__)
80+
add_member_parser.add_argument('role')
81+
add_member_parser.add_argument('member')
82+
83+
remove_member_parser = subparsers.add_parser(
84+
'remove-bucket-iam-member', help=remove_bucket_iam_member.__doc__)
85+
remove_member_parser.add_argument('role')
86+
remove_member_parser.add_argument('member')
87+
88+
args = parser.parse_args()
89+
90+
if args.command == 'view-bucket-iam-members':
91+
view_bucket_iam_members(args.bucket_name)
92+
elif args.command == 'add-bucket-iam-member':
93+
add_bucket_iam_member(args.bucket_name, args.role, args.member)
94+
elif args.command == 'remove-bucket-iam-member':
95+
remove_bucket_iam_member(args.bucket_name, args.role, args.member)

storage/cloud-client/iam_test.py

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# Copyright 2017 Google, Inc.
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
import os
16+
17+
from google.cloud import storage
18+
import pytest
19+
20+
import iam
21+
22+
BUCKET = os.environ['CLOUD_STORAGE_BUCKET']
23+
MEMBER = 'group:dpebot@google.com'
24+
ROLE = 'roles/storage.legacyBucketReader'
25+
26+
27+
@pytest.fixture
28+
def bucket():
29+
yield storage.Client().bucket(BUCKET)
30+
31+
32+
def test_view_bucket_iam_members():
33+
iam.view_bucket_iam_members(BUCKET)
34+
35+
36+
def test_add_bucket_iam_member(bucket):
37+
iam.add_bucket_iam_member(
38+
BUCKET, ROLE, MEMBER)
39+
assert MEMBER in bucket.get_iam_policy()[ROLE]
40+
41+
42+
def test_remove_bucket_iam_member(bucket):
43+
iam.remove_bucket_iam_member(
44+
BUCKET, ROLE, MEMBER)
45+
assert MEMBER not in bucket.get_iam_policy()[ROLE]

storage/cloud-client/requirements.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
google-cloud-storage==1.0.0
2-
google-cloud-pubsub==0.24.0
1+
google-cloud-storage==1.1.0
2+
google-cloud-pubsub==0.25.0

0 commit comments

Comments
 (0)
2A62
0