Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 176955d

Browse filesBrowse files
author
Jon Wayne Parrott
authored
Add bucket-level IAM samples (GoogleCloudPlatform#919)
* Add bucket-level IAM samples * Address review comments
1 parent 3e28627 commit 176955d
Copy full SHA for 176955d

File tree

Expand file treeCollapse file tree

3 files changed

+142
-2
lines changed
Filter options
Expand file treeCollapse file tree

3 files changed

+142
-2
lines changed

‎storage/cloud-client/iam.py

Copy file name to clipboard
+95Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
#!/usr/bin/env python
2+
3+
# Copyright 2017 Google, Inc.
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
"""This application demonstrates how to get and set IAM policies on Google
18+
Cloud Storage buckets.
19+
20+
For more information, see the documentation at
21+
https://cloud.google.com/storage/docs/access-control/using-iam-permissions.
22+
"""
23+
24+
import argparse
25+
26+
from google.cloud import storage
27+
28+
29+
def view_bucket_iam_members(bucket_name):
30+
storage_client = storage.Client()
31+
bucket = storage_client.bucket(bucket_name)
32+
33+
policy = bucket.get_iam_policy()
34+
35+
for role in policy:
36+
members = policy[role]
37+
print('Role: {}, Members: {}'.format(role, members))
38+
39+
40+
def add_bucket_iam_member(bucket_name, role, member):
41+
storage_client = storage.Client()
42+
bucket = storage_client.bucket(bucket_name)
43+
44+
policy = bucket.get_iam_policy()
45+
46+
policy[role].add(member)
47+
48+
bucket.set_iam_policy(policy)
49+
50+
print('Added {} with role {} to {}.'.format(
51+
member, role, bucket_name))
52+
53+
54+
def remove_bucket_iam_member(bucket_name, role, member):
55+
storage_client = storage.Client()
56+
bucket = storage_client.bucket(bucket_name)
57+
58+
policy = bucket.get_iam_policy()
59+
60+
policy[role].discard(member)
61+
62+
bucket.set_iam_policy(policy)
63+
64+
print('Removed {} with role {} from {}.'.format(
65+
member, role, bucket_name))
66+
67+
68+
if __name__ == '__main__':
69+
parser = argparse.ArgumentParser(
70+
description=__doc__,
71+
formatter_class=argparse.RawDescriptionHelpFormatter)
72+
parser.add_argument('bucket_name', help='Your Cloud Storage bucket name.')
73+
subparsers = parser.add_subparsers(dest='command')
74+
75+
subparsers.add_parser(
76+
'view-bucket-iam-members', help=view_bucket_iam_members.__doc__)
77+
78+
add_member_parser = subparsers.add_parser(
79+
'add-bucket-iam-member', help=add_bucket_iam_member.__doc__)
80+
add_member_parser.add_argument('role')
81+
add_member_parser.add_argument('member')
82+
83+
remove_member_parser = subparsers.add_parser(
84+
'remove-bucket-iam-member', help=remove_bucket_iam_member.__doc__)
85+
remove_member_parser.add_argument('role')
86+
remove_member_parser.add_argument('member')
87+
88+
args = parser.parse_args()
89+
90+
if args.command == 'view-bucket-iam-members':
91+
view_bucket_iam_members(args.bucket_name)
92+
elif args.command == 'add-bucket-iam-member':
93+
add_bucket_iam_member(args.bucket_name, args.role, args.member)
94+
elif args.command == 'remove-bucket-iam-member':
95+
remove_bucket_iam_member(args.bucket_name, args.role, args.member)

‎storage/cloud-client/iam_test.py

Copy file name to clipboard
+45Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# Copyright 2017 Google, Inc.
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
import os
16+
17+
from google.cloud import storage
18+
import pytest
19+
20+
import iam
21+
22+
BUCKET = os.environ['CLOUD_STORAGE_BUCKET']
23+
MEMBER = 'group:dpebot@google.com'
24+
ROLE = 'roles/storage.legacyBucketReader'
25+
26+
27+
@pytest.fixture
28+
def bucket():
29+
yield storage.Client().bucket(BUCKET)
30+
31+
32+
def test_view_bucket_iam_members():
33+
iam.view_bucket_iam_members(BUCKET)
34+
35+
36+
def test_add_bucket_iam_member(bucket):
37+
iam.add_bucket_iam_member(
38+
BUCKET, ROLE, MEMBER)
39+
assert MEMBER in bucket.get_iam_policy()[ROLE]
40+
41+
42+
def test_remove_bucket_iam_member(bucket):
43+
iam.remove_bucket_iam_member(
44+
BUCKET, ROLE, MEMBER)
45+
assert MEMBER not in bucket.get_iam_policy()[ROLE]

‎storage/cloud-client/requirements.txt

Copy file name to clipboard
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
google-cloud-storage==1.0.0
2-
google-cloud-pubsub==0.24.0
1+
google-cloud-storage==1.1.0
2+
google-cloud-pubsub==0.25.0

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.