Add Identity Access Management (IAM) to the Storage API by rybosome · Pull Request #1812 · googleapis/google-cloud-java

rybosome · 2017-03-24T22:38:43Z

Adds support for bucket-level IAM (currently in limited alpha). More information
about IAM in Google Cloud Storage can be found at
https://cloud.google.com/storage/docs/access-control/iam

Adds support for bucket-level IAM (currently in limited alpha). More information about IAM in Google Cloud Storage can be found at https://cloud.google.com/storage/docs/access-control/iam

garrettjonesgoogle · 2017-03-25T00:27:48Z

@neozwu could you do a first pass on this PR?

neozwu

StorageIT test failed with "invalid argument" error on my machine. Otherwise, LGTM.

Sign in to view

+          StorageRoles.legacyObjectReader(), newHashSet(Identity.allUsers()));
+
+    // Validate getting policy.
+    Policy currentPolicy = storage.getPolicy(BUCKET);


garrettjonesgoogle · 2017-04-04T14:32:09Z

@michaelbausor could you take a look too?

Sign in to view

    }
  }
-
+  


Sign in to view

+
+  @Override
+  public int compare(Policy p1, Policy p2) {
+    int etagComparison = p1.getEtag().compareTo(p2.getEtag());


Sign in to view

+      Set<String> p1Members = entry.getValue();
+      Set<String> p2Members = map2.get(role);
+      if (p2Members == null) {
+        return -1;


Sign in to view

+import com.google.api.services.storage.model.Policy.Bindings;
+import com.google.common.collect.ImmutableList;
+
+public class ApiPolicyComparatorTest {


Rather than relying on a Comparator which doesn't fully implement the Comparable spec, instead implement a custom EasyMock matcher for verifying that API policies are equivalent in test code.

coveralls · 2017-04-04T23:29:18Z

Changes Unknown when pulling 8eabb85 on rybosome:storage-iam into ** on GoogleCloudPlatform:storage-iam**.

rybosome · 2017-04-06T18:24:52Z

@michaelbausor This is ready for another pass.

Sign in to view

+      }
+    }
+
+


Sign in to view

+ * Matches two {@link Policy} instances, which may have lists of {@link Bindings} that are not in
+ * the same order but which are still logically equivalent.
+ */
+public class ApiPolicyMatcher implements IArgumentMatcher {


rybosome · 2017-04-06T23:37:21Z

@michaelbausor Took your suggestion, now ready for review.

coveralls · 2017-04-06T23:54:56Z

Changes Unknown when pulling 9b5ce8c on rybosome:storage-iam into ** on GoogleCloudPlatform:storage-iam**.

michaelbausor · 2017-04-07T22:03:44Z

LGTM

) Adds support for bucket-level IAM (currently in limited alpha). More information about IAM in Google Cloud Storage can be found at https://cloud.google.com/storage/docs/access-control/iam

@test

* updating 'PubSubExample' to latest api (#1808) * updating pubsub sample to latest api * Pubsub update (#1818) * Update GAPIC layer * Manual updates to support pubsub changes * Update spi classes (#1817) * Update README.md (#1825) [ci skip] * Add DURABLE_REDUCED_AVAILABILITY storage class (#1834) Otherwise we crash when servers return this value. * logging: make flush wait for writes (#1815) This PR still isn't completely correct, since it does not force any RPC to immediately be issued. However, flush should now correctly wait for RPCs representing prior calls to publish to complete and any failures to be reported to ErrorManager before returning. * use new PartitionKey implementation (#1841) bumping gax version to 0.8.0 for the new implementation. reflects googleapis/gapic-generator#1153 . * Release 0.11.0 * Updating version in README files. [ci skip] * Update version to 0.11.1-SNAPSHOT (#1843) * Added a missing @test annotation (#1842) * pubsub: make Subscriber use ApiService (#1824) Fixes #1761. * SPI: Adding @experimentalapi back to logging client classes (#1844) * Bumping NL, Translate to beta (#1848) * Release 0.11.1 * Updating version in README files. [ci skip] * Update version to 0.11.2-SNAPSHOT (#1852) * pubsub: remove obsolete doc references (#1823) This PR removes references to the deprecated code of the docs. The emulator section is rewritten. Fixes #1789. * adding functions to manage life cycle of resources in ITComputeTest (#1768) *adding functions to ITComputeTest, in order to make sure resources created during tests can be properly deleted even if tests fail or become timed out. * refactor and incorporate feedbacks * implement `add` function with compile-time type checking * add `remove` method to remove a resource from managed resources * use Id's as handles to resources * fix copyright header * rename class name * modify remove function, pass delete function to each add method * address comments * Add Speech v1. (#1858) * Make logging overrides the default channel provider (#1820) * Added more unit tests for SessionPool (#1862) * Rename Translate title to Translation [ci skip] (#1867) * Release 0.11.2 * Updating version in README files. [ci skip] * Update pom.xml version to 0.11.3-SNAPSHOT (#1870) * pubsub: acquire FlowController before releasing (#1831) * Revert "pubsub: acquire FlowController before releasing (#1831)" (#1872) This reverts commit 3717ac6. This change brings up another serious bug. If the number of messages we pull in one RPC is greater than the number size of the semaphore, we deadlock forever. Will redo this later. * pubsub: make deprecated methods package-private (#1861) add back mistakenly deleted test Fixes #1828. * pubsub: rename newBuilder to defaultBuilder (#1873) Fixes #1853. * GAE (Flex_Java/Flex_Custom/Flex_Compat/Std_Java8), GCE, GKE testing app for gcj (#1859) Appengine tests for #1752 * Replace a constant of type Set with ImmutableSet (#1876) * Language v1beta2 Release (#1878) * Language v1beta2 Release * Language v1 update * Regenerating SPI: use setEndpoint (#1879) Reflects googleapis/gapic-generator#1172. Updates #1835. * remove last use of setPort/setServiceAddress (#1880) Fixes #1835. * new code snippet for push subscription + cleanup of deprecated snippets (#1875) * cleaning up PubSubExample adding snippet for creating a subscription with a push endpoint * updating start, end tags for snippets, adding async pull snippet tag * Release 0.12.0 * Updating version in README files. [ci skip] * Update version to 0.12.1-SNAPSHOT (#1886) * Update version of google-auth-java to 0.6.1 (#1888) * Update version of google-auth-java to 0.6.1 Latest version of google-auth-java contains a fix for auth token refresh failures. * Remove harcoded auth dependencies * Don't use `UrlFetchTransport` in App Engine Flex environment (#1893) * Don't use `UrlFetchTransport` in App Engine Flex environment #1492 * Add annotations to specify GCP launch stage (#1889) The Google Cloud Platform launch stage (https://cloud.google.com/terms/launch-stages) is a signifier of the level of access and support that can be expected of a particular feature. These annotations will be used to clearly demarcate features as being in a state other than General Availability to help set user expectations accordingly. * Add Identity Access Management (IAM) to the Storage API (#1812) Adds support for bucket-level IAM (currently in limited alpha). More information about IAM in Google Cloud Storage can be found at https://cloud.google.com/storage/docs/access-control/iam

) Adds support for bucket-level IAM (currently in limited alpha). More information about IAM in Google Cloud Storage can be found at https://cloud.google.com/storage/docs/access-control/iam

Adds support for bucket-level IAM (currently in limited alpha). More information about IAM in Google Cloud Storage can be found at https://cloud.google.com/storage/docs/access-control/iam

…fig to include desired changes (#1812) * samples: schema evolution * samples: schema evolution * Format fixes * Fix documentation for field. * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Add back in working asserts * Formatting fixes * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Version/delete fixes * samples: schema evolution * samples: schema evolution * Format fixes * Fix documentation for field. * Add back in working asserts * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Formatting fixes * Version/delete fixes * samples: Schema evolution (#1499) * samples: schema evolution * samples: schema evolution * Format fixes * Fix documentation for field. * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Add back in working asserts * Formatting fixes * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Version/delete fixes * samples: schema evolution * samples: schema evolution * Format fixes * Fix documentation for field. * Add back in working asserts * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Formatting fixes * Version/delete fixes --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> * Minor fixes for comments * samples: Schema evolution (#1499) * samples: schema evolution * samples: schema evolution * Format fixes * Fix documentation for field. * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Add back in working asserts * Formatting fixes * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Version/delete fixes * samples: schema evolution * samples: schema evolution * Format fixes * Fix documentation for field. * Add back in working asserts * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Formatting fixes * Version/delete fixes --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> * Fix rollback example * Formatting * Formatting and wording fixes * Add new schemas to test directory * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Samples: Fix exception handling * fix: Set x-goog-request-params for streaming pull request * Revert "fix: Set x-goog-request-params for streaming pull request" This reverts commit 3185a3e9d48680d75cc70745f7ea0048d726556b. * Revert "Revert "fix: Set x-goog-request-params for streaming pull request"" This reverts commit 3b1f4d9c0751a8fa676159842208b4213d764ee6. * Thread example * Add examples for limited and unlimited exeuctors * Add back missing semicolon * Revert changes to original async example * Revert changes to original async example * Add examples of different threading models * Make variables final to conform to style. * Fix catches * Fix ids * Fix naming * Set blunderbuss config to auto-assign issues and PRs * Revert "Merge pull request #1 from kamalaboulhosn/ML_experiments" This reverts commit 81bff5b74ff32fb572174a14d4f57ee7c8eee8e3, reversing changes made to c3a572560f74fa8e10b7f354352bdd736e6f58aa. * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * Revert "🦉 Updates from OwlBot post-processor" This reverts commit 52d6e34e0ea1c9d67813f74fcda8d3b0252ccbe3. * chore: add blunderbuss config to owlbot exclusion list * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

* test: switch tracing end-to-end tests to nightly jobs. * env vars set in github should begin with `GITHUB_` * testing. * remove print stmt and fix up.

Add Identity Access Management (IAM) to the Storage API

127bb6f

Adds support for bucket-level IAM (currently in limited alpha). More information about IAM in Google Cloud Storage can be found at https://cloud.google.com/storage/docs/access-control/iam

googlebot added the cla: yes This human has signed the Contributor License Agreement. label Mar 24, 2017

garrettjonesgoogle requested a review from neozwu March 25, 2017 00:27

neozwu reviewed Mar 31, 2017

View reviewed changes

garrettjonesgoogle assigned michaelbausor and unassigned michaelbausor Apr 4, 2017

garrettjonesgoogle requested a review from michaelbausor April 4, 2017 14:31

michaelbausor reviewed Apr 4, 2017

View reviewed changes

rybosome added 2 commits April 4, 2017 16:09

Use a custom EasyMock matcher for API policies

6bd0ac0

Rather than relying on a Comparator which doesn't fully implement the Comparable spec, instead implement a custom EasyMock matcher for verifying that API policies are equivalent in test code.

Remove extraneous space

8eabb85

michaelbausor reviewed Apr 6, 2017

View reviewed changes

Move ApiPolicyMatcher to the test package

9b5ce8c

michaelbausor merged commit 5346813 into googleapis:storage-iam Apr 7, 2017

rybosome deleted the storage-iam branch April 7, 2017 22:52

chingor13 pushed a commit that referenced this pull request Feb 24, 2026

chore: Restore the testing requirements in README (#1812)

b910dad

chingor13 pushed a commit that referenced this pull request Mar 12, 2026

chore: Restore the testing requirements in README (#1812)

8c002ab

Conversation

rybosome commented Mar 24, 2017

Uh oh!

garrettjonesgoogle commented Mar 25, 2017

Uh oh!

neozwu left a comment

Choose a reason for hiding this comment

Uh oh!

This comment was marked as spam.

Uh oh!

This comment was marked as spam.

Uh oh!

This comment was marked as spam.

Uh oh!

garrettjonesgoogle commented Apr 4, 2017

Uh oh!

This comment was marked as spam.

Uh oh!

This comment was marked as spam.

Uh oh!

This comment was marked as spam.

Uh oh!

This comment was marked as spam.

Uh oh!

coveralls commented Apr 4, 2017

Uh oh!

rybosome commented Apr 6, 2017

Uh oh!

This comment was marked as spam.

Uh oh!

This comment was marked as spam.

Uh oh!

rybosome commented Apr 6, 2017

Uh oh!

coveralls commented Apr 6, 2017

Uh oh!

michaelbausor commented Apr 7, 2017

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants