Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 49802f1

Browse filesBrowse files
gguussandrewsg
gguuss
authored and
andrewsg
committed
Adds IAM examples for Python. (GoogleCloudPlatform#1318)
1 parent 07591bc commit 49802f1
Copy full SHA for 49802f1

File tree

Expand file treeCollapse file tree

2 files changed

+118
-22
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+118
-22
lines changed

‎iot/api-client/manager/manager.py

Copy file name to clipboardExpand all lines: iot/api-client/manager/manager.py
+87-22Lines changed: 87 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -422,6 +422,42 @@ def get_config_versions(
422422
return configs
423423

424424

425+
def get_iam_permissions(
426+
service_account_json, project_id, cloud_region, registry_id):
427+
"""Retrieves IAM permissions for the given registry."""
428+
client = get_client(service_account_json)
429+
registry_path = 'projects/{}/locations/{}/registries/{}'.format(
430+
project_id, cloud_region, registry_id)
431+
432+
policy = client.projects().locations().registries().getIamPolicy(
433+
resource=registry_path, body={}).execute()
434+
435+
return policy
436+
437+
438+
def set_iam_permissions(
439+
service_account_json, project_id, cloud_region, registry_id, role,
440+
member):
441+
"""Retrieves IAM permissions for the given registry."""
442+
client = get_client(service_account_json)
443+
444+
registry_path = 'projects/{}/locations/{}/registries/{}'.format(
445+
project_id, cloud_region, registry_id)
446+
body = {
447+
"policy":
448+
{
449+
"bindings":
450+
[{
451+
"members": [member],
452+
"role": role
453+
}]
454+
}
455+
}
456+
457+
return client.projects().locations().registries().setIamPolicy(
458+
resource=registry_path, body=body).execute()
459+
460+
425461
def parse_command_line_args():
426462
"""Parse command line arguments."""
427463
default_registry = 'cloudiot_device_manager_example_registry_{}'.format(
@@ -473,6 +509,14 @@ def parse_command_line_args():
473509
'--version',
474510
default=None,
475511
help='Version number for setting device configuration.')
512+
parser.add_argument(
513+
'--member',
514+
default=None,
515+
help='Member used for IAM commands.')
516+
parser.add_argument(
517+
'--role',
518+
default=None,
519+
help='Role used for IAM commands.')
476520

477521
# Command subparser
478522
command = parser.add_subparsers(dest='command')
@@ -485,14 +529,16 @@ def parse_command_line_args():
485529
command.add_parser('delete-device', help=delete_device.__doc__)
486530
command.add_parser('delete-registry', help=delete_registry.__doc__)
487531
command.add_parser('get', help=get_device.__doc__)
532+
command.add_parser('get-config-versions', help=get_config_versions.__doc__)
533+
command.add_parser('get-iam-permissions', help=get_iam_permissions.__doc__)
488534
command.add_parser('get-registry', help=get_registry.__doc__)
489535
command.add_parser('get-state', help=get_state.__doc__)
490536
command.add_parser('list', help=list_devices.__doc__)
491537
command.add_parser('list-registries', help=list_registries.__doc__)
492538
command.add_parser('patch-es256', help=patch_es256_auth.__doc__)
493539
command.add_parser('patch-rs256', help=patch_rsa256_auth.__doc__)
494540
command.add_parser('set-config', help=patch_rsa256_auth.__doc__)
495-
command.add_parser('get-config-versions', help=get_config_versions.__doc__)
541+
command.add_parser('set-iam-permissions', help=set_iam_permissions.__doc__)
496542

497543
return parser.parse_args()
498544

@@ -525,15 +571,45 @@ def run_create(args):
525571
create_iot_topic(args.project_id, args.pubsub_topic)
526572

527573

574+
def run_get(args):
575+
if args.command == 'get':
576+
get_device(
577+
args.service_account_json, args.project_id,
578+
args.cloud_region, args.registry_id, args.device_id)
579+
580+
elif args.command == 'get-config-versions':
581+
get_device(
582+
args.service_account_json, args.project_id,
583+
args.cloud_region, args.registry_id, args.device_id)
584+
585+
elif args.command == 'get-state':
586+
get_state(
587+
args.service_account_json, args.project_id,
588+
args.cloud_region, args.registry_id, args.device_id)
589+
590+
elif args.command == 'get-iam-permissions':
591+
print(get_iam_permissions(
592+
args.service_account_json, args.project_id,
593+
args.cloud_region, args.registry_id))
594+
595+
elif args.command == 'get-registry':
596+
print(get_registry(
597+
args.service_account_json, args.project_id,
598+
args.cloud_region, args.registry_id))
599+
600+
528601
def run_command(args):
529602
"""Calls the program using the specified command."""
530603
if args.project_id is None:
531604
print('You must specify a project ID or set the environment variable.')
532605
return
533606

534-
if args.command.startswith('create'):
607+
elif args.command.startswith('create'):
535608
run_create(args)
536609

610+
elif args.command.startswith('get'):
611+
run_get(args)
612+
537613
elif args.command == 'delete-device':
538614
delete_device(
539615
args.service_account_json, args.project_id,
@@ -544,21 +620,6 @@ def run_command(args):
544620
args.service_account_json, args.project_id,
545621
args.cloud_region, args.registry_id)
546622

547-
elif args.command == 'get':
548-
get_device(
549-
args.service_account_json, args.project_id,
550-
args.cloud_region, args.registry_id, args.device_id)
551-
552-
elif args.command == 'get-state':
553-
get_state(
554-
args.service_account_json, args.project_id,
555-
args.cloud_region, args.registry_id, args.device_id)
556-
557-
elif args.command == 'get-registry':
558-
print(get_registry(
559-
args.service_account_json, args.project_id,
560-
args.cloud_region, args.registry_id))
561-
562623
elif args.command == 'list':
563624
list_devices(
564625
args.service_account_json, args.project_id,
@@ -585,6 +646,15 @@ def run_command(args):
585646
args.cloud_region, args.registry_id, args.device_id,
586647
args.rsa_certificate_file)
587648

649+
elif args.command == 'set-iam-permissions':
650+
if (args.member is None):
651+
sys.exit('Error: specify --member')
652+
if (args.role is None):
653+
sys.exit('Error: specify --role')
654+
set_iam_permissions(
655+
args.service_account_json, args.project_id,
656+
args.cloud_region, args.registry_id, args.role, args.member)
657+
588658
elif args.command == 'set-config':
589659
if (args.config is None):
590660
sys.exit('Error: specify --config')
@@ -595,11 +665,6 @@ def run_command(args):
595665
args.cloud_region, args.registry_id, args.device_id,
596666
args.version, args.config)
597667

598-
elif args.command == 'get-config-versions':
599-
get_device(
600-
args.service_account_json, args.project_id,
601-
args.cloud_region, args.registry_id, args.device_id)
602-
603668

604669
def main():
605670
args = parse_command_line_args()

‎iot/api-client/manager/manager_test.py

Copy file name to clipboardExpand all lines: iot/api-client/manager/manager_test.py
+31Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,37 @@ def test_create_delete_registry(test_topic, capsys):
6363
service_account_json, project_id, cloud_region, registry_id)
6464

6565

66+
def test_get_iam_permissions(test_topic, capsys):
67+
manager.open_registry(
68+
service_account_json, project_id, cloud_region, pubsub_topic,
69+
registry_id)
70+
71+
manager.list_devices(
72+
service_account_json, project_id, cloud_region, registry_id)
73+
74+
# Test getting IAM permissions
75+
print(manager.get_iam_permissions(
76+
service_account_json, project_id, cloud_region, registry_id))
77+
78+
# Test setting IAM permissions
79+
MEMBER = "group:dpebot@google.com"
80+
ROLE = "roles/viewer"
81+
print(manager.set_iam_permissions(
82+
service_account_json, project_id, cloud_region, registry_id,
83+
ROLE, MEMBER))
84+
85+
out, _ = capsys.readouterr()
86+
87+
# Check that create / list worked
88+
assert 'Created registry' in out
89+
assert 'eventNotificationConfig' in out
90+
assert 'etag' in out
91+
92+
# Clean up
93+
manager.delete_registry(
94+
service_account_json, project_id, cloud_region, registry_id)
95+
96+
6697
def test_add_delete_unauth_device(test_topic, capsys):
6798
device_id = device_id_template.format('UNAUTH')
6899
manager.open_registry(

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.