Implement Table-level IAM Policy controls. by alexoneill · Pull Request #6293 · googleapis/google-cloud-java · GitHub
Skip to content

Implement Table-level IAM Policy controls.#6293

Merged
kolea2 merged 6 commits into
googleapis:masterfrom
alexoneill:TableLevelIam
Sep 27, 2019
Merged

Implement Table-level IAM Policy controls.#6293
kolea2 merged 6 commits into
googleapis:masterfrom
alexoneill:TableLevelIam

Conversation

@alexoneill

@alexoneill alexoneill commented Sep 18, 2019

Copy link
Copy Markdown
Contributor

No description provided.

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Sep 18, 2019
@codecov

codecov Bot commented Sep 18, 2019
edited
Loading

Copy link
Copy Markdown

@kolea2 kolea2 added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Sep 23, 2019
@kolea2 kolea2 removed the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Sep 26, 2019
@kolea2

kolea2 commented Sep 26, 2019

Copy link
Copy Markdown
Contributor

LGTM, will merge unless @igorbernstein2 has any additional comments

@kolea2 kolea2 merged commit bec495f into googleapis:master Sep 27, 2019
@rahulKQL

rahulKQL commented Sep 27, 2019

Copy link
Copy Markdown
Contributor

@kolea2, @igorbernstein2 Sorry for pointing this now, But I think these methods are available in BigtableInstanceAdminClient already

google-cloud-java/google-cloud-clients/google-cloud-bigtable/src/main/java/com/google/cloud/bigtable/admin/v2/BigtableInstanceAdminClient.java

Lines 1077 to 1304 in 8177abd

/**
* Gets the IAM access control policy for the specified instance.
*
* <p>Sample code:
*
* <pre>{@code
* Policy policy = client.getIamPolicy("my-instance");
* for(Map.Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) {
* System.out.printf("Role: %s Identities: %s\n", entry.getKey(), entry.getValue());
* }
* }</pre>
*
* @see <a
* href="https://cloud.google.com/bigtable/docs/access-control#iam-management-instance">Instance-level
* IAM management</a>
*/
@SuppressWarnings("WeakerAccess")
public Policy getIamPolicy(String instanceId) {
return ApiExceptions.callAndTranslateApiException(getIamPolicyAsync(instanceId));
}
/**
* Asynchronously gets the IAM access control policy for the specified instance.
*
* <p>Sample code:
*
* <pre>{@code
* ApiFuture<Policy> policyFuture = client.getIamPolicyAsync("my-instance");
*
* ApiFutures.addCallback(policyFuture,
* new ApiFutureCallback<Policy>() {
* public void onSuccess(Policy policy) {
* for (Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) {
* System.out.printf("Role: %s Identities: %s\n", entry.getKey(), entry.getValue());
* }
* }
*
* public void onFailure(Throwable t) {
* t.printStackTrace();
* }
* },
* MoreExecutors.directExecutor());
* }</pre>
*
* @see <a
* href="https://cloud.google.com/bigtable/docs/access-control#iam-management-instance">Instance-level
* IAM management</a>
*/
@SuppressWarnings("WeakerAccess")
public ApiFuture<Policy> getIamPolicyAsync(String instanceId) {
String name = NameUtil.formatInstanceName(projectId, instanceId);
GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(name).build();
final IamPolicyMarshaller marshaller = new IamPolicyMarshaller();
return ApiFutures.transform(
stub.getIamPolicyCallable().futureCall(request),
new ApiFunction<com.google.iam.v1.Policy, Policy>() {
@Override
public Policy apply(com.google.iam.v1.Policy proto) {
return marshaller.fromPb(proto);
}
},
MoreExecutors.directExecutor());
}
/**
* Replaces the IAM policy associated with the specified instance.
*
* <p>Sample code:
*
* <pre>{@code
* Policy newPolicy = client.setIamPolicy("my-instance",
* Policy.newBuilder()
* .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com"))
* .addIdentity(Role.of("bigtable.admin"), Identity.group("admins@example.com"))
* .build());
* }</pre>
*
* @see <a
* href="https://cloud.google.com/bigtable/docs/access-control#iam-management-instance">Instance-level
* IAM management</a>
*/
@SuppressWarnings("WeakerAccess")
public Policy setIamPolicy(String instanceId, Policy policy) {
return ApiExceptions.callAndTranslateApiException(setIamPolicyAsync(instanceId, policy));
}
/**
* Asynchronously replaces the IAM policy associated with the specified instance.
*
* <p>Sample code:
*
* <pre>{@code
* ApiFuture<Policy> newPolicyFuture = client.setIamPolicyAsync("my-instance",
* Policy.newBuilder()
* .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com"))
* .addIdentity(Role.of("bigtable.admin"), Identity.group("admins@example.com"))
* .build());
*
* ApiFutures.addCallback(policyFuture,
* new ApiFutureCallback<Policy>() {
* public void onSuccess(Policy policy) {
* for (Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) {
* System.out.printf("Role: %s Identities: %s\n", entry.getKey(), entry.getValue());
* }
* }
*
* public void onFailure(Throwable t) {
* t.printStackTrace();
* }
* },
* MoreExecutors.directExecutor());
* }</pre>
*
* @see <a
* href="https://cloud.google.com/bigtable/docs/access-control#iam-management-instance">Instance-level
* IAM management</a>
*/
@SuppressWarnings("WeakerAccess")
public ApiFuture<Policy> setIamPolicyAsync(String instanceId, Policy policy) {
String name = NameUtil.formatInstanceName(projectId, instanceId);
final IamPolicyMarshaller marshaller = new IamPolicyMarshaller();
SetIamPolicyRequest request =
SetIamPolicyRequest.newBuilder()
.setResource(name)
.setPolicy(marshaller.toPb(policy))
.build();
return ApiFutures.transform(
stub.setIamPolicyCallable().futureCall(request),
new ApiFunction<com.google.iam.v1.Policy, Policy>() {
@Override
public Policy apply(com.google.iam.v1.Policy proto) {
return marshaller.fromPb(proto);
}
},
MoreExecutors.directExecutor());
}
/**
* Tests whether the caller has the given permissions for the specified instance. Returns a subset
* of the specified permissions that the caller has.
*
* <p>Sample code:
*
* <pre>{@code
* List<String> grantedPermissions = client.testIamPermission("my-instance",
* "bigtable.tables.readRows", "bigtable.tables.mutateRows");
* }</pre>
*
* System.out.println("Has read access: " +
* grantedPermissions.contains("bigtable.tables.readRows")); System.out.println("Has write access:
* " + grantedPermissions.contains("bigtable.tables.mutateRows"));
*
* @see <a href="https://cloud.google.com/bigtable/docs/access-control#permissions">Cloud Bigtable
* permissions</a>
*/
@SuppressWarnings({"WeakerAccess"})
public List<String> testIamPermission(String instanceId, String... permissions) {
return ApiExceptions.callAndTranslateApiException(
testIamPermissionAsync(instanceId, permissions));
}
/**
* Asynchronously tests whether the caller has the given permissions for the specified instance.
* Returns a subset of the specified permissions that the caller has.
*
* <p>Sample code:
*
* <pre>{@code
* ApiFuture<List<String>> grantedPermissionsFuture = client.testIamPermissionAsync("my-instance",
* "bigtable.tables.readRows", "bigtable.tables.mutateRows");
*
* ApiFutures.addCallback(grantedPermissionsFuture,
* new ApiFutureCallback<List<String>>() {
* public void onSuccess(List<String> grantedPermissions) {
* System.out.println("Has read access: " + grantedPermissions.contains("bigtable.tables.readRows"));
* System.out.println("Has write access: " + grantedPermissions.contains("bigtable.tables.mutateRows"));
* }
*
* public void onFailure(Throwable t) {
* t.printStackTrace();
* }
* },
* MoreExecutors.directExecutor());
* }</pre>
*
* @see <a href="https://cloud.google.com/bigtable/docs/access-control#permissions">Cloud Bigtable
* permissions</a>
*/
@SuppressWarnings({"WeakerAccess"})
public ApiFuture<List<String>> testIamPermissionAsync(String instanceId, String... permissions) {
TestIamPermissionsRequest request =
TestIamPermissionsRequest.newBuilder()
.setResource(NameUtil.formatInstanceName(projectId, instanceId))
.addAllPermissions(Arrays.asList(permissions))
.build();
return ApiFutures.transform(
stub.testIamPermissionsCallable().futureCall(request),
new ApiFunction<TestIamPermissionsResponse, List<String>>() {
@Override
public List<String> apply(TestIamPermissionsResponse input) {
return input.getPermissionsList();
}
},
MoreExecutors.directExecutor());
}
/**
* Simple adapter to expose {@link DefaultMarshaller} to this class. It enables this client to
* convert to/from IAM wrappers and protobufs.
*/
private static class IamPolicyMarshaller extends DefaultMarshaller {
@Override
public Policy fromPb(com.google.iam.v1.Policy policyPb) {
return super.fromPb(policyPb);
}
@Override
public com.google.iam.v1.Policy toPb(Policy policy) {
return super.toPb(policy);
}
}
}

I might have missed checking the open PRs till now.

@igorbernstein2

igorbernstein2 commented Sep 30, 2019

Copy link
Copy Markdown
Contributor

@chingor13 chingor13 mentioned this pull request Oct 2, 2019
Merged
@codyoss codyoss mentioned this pull request Nov 6, 2019
Closed
This was referenced Nov 15, 2019
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@kolea2 kolea2 kolea2 approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@alexoneill @kolea2 @rahulKQL @igorbernstein2 @googlebot