diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java index 5b3c06dab..bfc2cdb09 100644 --- a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java +++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java @@ -3363,6 +3363,16 @@ PostPolicyV4 generateSignedPostPolicyV4( * Acl acl = storage.getAcl(bucketName, new User(userEmail), userProjectOption); * } * + *
Define a policy with a condition and verify it can be read back and decoded equivalently.
+ */
+ @Test
+ public void iamPolicyWithCondition() throws Exception {
+ BucketSourceOption opt = BucketSourceOption.requestedPolicyVersion(3);
+ Policy policy =
+ Policy.newBuilder()
+ .setVersion(3)
+ .setBindings(
+ ImmutableList.of(
+ Binding.newBuilder()
+ .setRole(StorageRoles.legacyBucketReader().toString())
+ .setMembers(ImmutableList.of(projectViewer.strValue()))
+ .build(),
+ Binding.newBuilder()
+ .setRole(StorageRoles.legacyBucketOwner().toString())
+ .setMembers(
+ ImmutableList.of(projectEditor.strValue(), projectOwner.strValue()))
+ .build(),
+ Binding.newBuilder()
+ .setRole(StorageRoles.legacyObjectReader().toString())
+ .setMembers(
+ ImmutableList.of(
+ "serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com"))
+ .setCondition(
+ Condition.newBuilder()
+ .setTitle("Title")
+ .setDescription("Description")
+ .setExpression(
+ "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")")
+ .build())
+ .build()))
+ .build();
+
+ try (TemporaryBucket tempB =
+ TemporaryBucket.newBuilder()
+ .setBucketInfo(
+ // create a bucket with UBLA set to true
+ BucketInfo.newBuilder(generator.randomBucketName())
+ .setIamConfiguration(
+ BucketInfo.IamConfiguration.newBuilder()
+ .setIsUniformBucketLevelAccessEnabled(true)
+ .build())
+ .build())
+ .setStorage(storage)
+ .build()) {
+ BucketInfo bucket = tempB.getBucket();
+ String bucketName = bucket.getName();
+
+ // Set the policy on the bucket
+ Policy setResult =
+ storage.setIamPolicy(
+ bucketName,
+ policy,
+ BucketSourceOption.metagenerationMatch(bucket.getMetageneration()),
+ opt);
+ assertPolicyEqual(policy, setResult);
+
+ Policy actual = storage.getIamPolicy(bucketName, opt);
+ assertPolicyEqual(policy, actual);
+ }
+ }
+
+ @Test
+ public void iamPolicyWithoutCondition() throws Exception {
+ BucketSourceOption opt = BucketSourceOption.requestedPolicyVersion(1);
+ Policy policy =
+ Policy.newBuilder()
+ .setVersion(1)
+ .setBindings(
+ ImmutableMap.of(
+ StorageRoles.legacyBucketOwner(),
+ ImmutableSet.of(projectOwner, projectEditor),
+ StorageRoles.legacyBucketReader(),
+ ImmutableSet.of(projectViewer)))
+ .build();
+
+ try (TemporaryBucket tempB =
+ TemporaryBucket.newBuilder()
+ .setBucketInfo(
+ // create a bucket without UBLA
+ BucketInfo.newBuilder(generator.randomBucketName())
+ .setIamConfiguration(
+ BucketInfo.IamConfiguration.newBuilder()
+ .setIsUniformBucketLevelAccessEnabled(false)
+ .build())
+ .build())
+ .setStorage(storage)
+ .build()) {
+ BucketInfo bucket = tempB.getBucket();
+ String bucketName = bucket.getName();
+
+ // Set the policy on the bucket
+ Policy setResult =
+ storage.setIamPolicy(
+ bucketName,
+ policy,
+ BucketSourceOption.metagenerationMatch(bucket.getMetageneration()),
+ opt);
+ assertPolicyEqual(policy, setResult);
+
+ Policy actual = storage.getIamPolicy(bucketName, opt);
+ assertPolicyEqual(policy, actual);
+ }
+ }
+
+ @Test
+ public void testIamPermissions() {
+ List