storage: bucket policy only samples (#1976)

* humble beginnings * Verified integration tests and updated README.rst * Updating samples to reflect fixed surface * Use release 1.14.0
GoogleCloudPlatform · Feb 6, 2019 · 6afeca5 · 6afeca5
1 parent 9df6c04
commit 6afeca5
Show file tree

Hide file tree

Showing 6 changed files with 192 additions and 8 deletions.
diff --git a/storage/cloud-client/README.rst b/storage/cloud-client/README.rst
@@ -300,6 +300,39 @@ To run this sample:
 
 
 
+Bucket Policy Only
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+.. image:: https://gstatic.com/cloudssh/images/open-btn.png
+   :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=storage/cloud-client/bucket_policy_only.py,storage/cloud-client/README.rst
+
+
+
+
+To run this sample:
+
+.. code-block:: bash
+
+    $ python bucket_policy_only.py
+
+    usage: bucket_policy_only.py [-h]
+                                 {enable-bucket-policy-only,disable-bucket-policy-only,get-bucket-policy-only}
+                                 ...
+
+    positional arguments:
+      {enable-bucket-policy-only,disable-bucket-policy-only,get-bucket-policy-only}
+        enable-bucket-policy-only
+                            Enable Bucket Policy Only for a bucket
+        disable-bucket-policy-only
+                            Disable Bucket Policy Only for a bucket
+        get-bucket-policy-only
+                            Get Bucket Policy Only for a bucket
+
+    optional arguments:
+      -h, --help            show this help message and exit
+
+
+
 Notification Polling
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 

diff --git a/storage/cloud-client/README.rst.in b/storage/cloud-client/README.rst.in
@@ -4,7 +4,7 @@ product:
   name: Google Cloud Storage
   short_name: Cloud Storage
   url: https://cloud.google.com/storage/docs
-  description: > 
+  description: >
     `Google Cloud Storage`_ allows world-wide storage and retrieval of any
     amount of data at any time.
 
@@ -27,6 +27,9 @@ samples:
 - name: Bucket Lock
   file: bucket_lock.py
   show_help: true
+- name: Bucket Policy Only
+  file: bucket_policy_only.py
+  show_help: true
 - name: Notification Polling
   file: notification_polling.py
   show_help: true

diff --git a/storage/cloud-client/acl_test.py b/storage/cloud-client/acl_test.py
@@ -37,9 +37,9 @@ def test_bucket():
     object_default_acl = google.cloud.storage.acl.DefaultObjectACL(bucket)
     acl.reload()
     object_default_acl.reload()
-    time.sleep(1) # bucket ops rate limited 1 update per second
+    time.sleep(1)  # bucket ops rate limited 1 update per second
     yield bucket
-    time.sleep(1) # bucket ops rate limited 1 update per second
+    time.sleep(1)  # bucket ops rate limited 1 update per second
     acl.save()
     object_default_acl.save()
 
@@ -51,10 +51,10 @@ def test_blob():
     blob = bucket.blob('storage_acl_test_sigil')
     blob.upload_from_string('Hello, is it me you\'re looking for?')
     acl = google.cloud.storage.acl.ObjectACL(blob)
-    acl.reload()
-    time.sleep(1) # bucket ops rate limited 1 update per second
-    yield blob
-    time.sleep(1) # bucket ops rate limited 1 update per second
+    acl.reload()  # bucket ops rate limited 1 update per second
+    time.sleep(1)
+    yield blob  # bucket ops rate limited 1 update per second
+    time.sleep(1)
     acl.save()
 
 

diff --git a/storage/cloud-client/bucket_policy_only.py b/storage/cloud-client/bucket_policy_only.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+# Copyright 2019 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+
+from google.cloud import storage
+
+
+def enable_bucket_policy_only(bucket_name):
+    """Enable Bucket Policy Only for a bucket"""
+    # [START storage_enable_bucket_policy_only]
+    # bucket_name = "my-bucket"
+
+    storage_client = storage.Client()
+    bucket = storage_client.bucket(bucket_name)
+
+    bucket.iam_configuration.bucket_policy_only_enabled = True
+    bucket.patch()
+
+    print('Bucket Policy Only was enabled for {}.'.format(bucket.name))
+    # [END storage_enable_bucket_policy_only]
+
+
+def disable_bucket_policy_only(bucket_name):
+    """Disable Bucket Policy Only for a bucket"""
+    # [START storage_disable_bucket_policy_only]
+    # bucket_name = "my-bucket"
+
+    storage_client = storage.Client()
+    bucket = storage_client.bucket(bucket_name)
+
+    bucket.iam_configuration.bucket_policy_only_enabled = False
+    bucket.patch()
+
+    print('Bucket Policy Only was disabled for {}.'.format(bucket.name))
+    # [END storage_disable_bucket_policy_only]
+
+
+def get_bucket_policy_only(bucket_name):
+    """Get Bucket Policy Only for a bucket"""
+    # [START storage_get_bucket_policy_only]
+    # bucket_name = "my-bucket"
+
+    storage_client = storage.Client()
+    bucket = storage_client.get_bucket(bucket_name)
+    iam_configuration = bucket.iam_configuration
+
+    if iam_configuration.bucket_policy_only_enabled:
+        print('Bucket Policy Only is enabled for {}.'.format(bucket.name))
+        print('Bucket will be locked on {}.'.format(
+            iam_configuration.bucket_policy_only_locked_time))
+    else:
+        print('Bucket Policy Only is disabled for {}.'.format(bucket.name))
+    # [END storage_get_bucket_policy_only]
+
+
+if __name__ == '__main__':
+
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter)
+    subparsers = parser.add_subparsers(dest='command')
+
+    enable_bucket_policy_only_parser = subparsers.add_parser(
+        'enable-bucket-policy-only', help=enable_bucket_policy_only.__doc__)
+    enable_bucket_policy_only_parser.add_argument('bucket_name')
+
+    disable_bucket_policy_only_parser = subparsers.add_parser(
+        'disable-bucket-policy-only', help=disable_bucket_policy_only.__doc__)
+    disable_bucket_policy_only_parser.add_argument('bucket_name')
+
+    get_bucket_policy_only_parser = subparsers.add_parser(
+        'get-bucket-policy-only', help=get_bucket_policy_only.__doc__)
+    get_bucket_policy_only_parser.add_argument('bucket_name')
+
+    args = parser.parse_args()
+
+    if args.command == 'enable-bucket-policy-only':
+        enable_bucket_policy_only(args.bucket_name)
+    elif args.command == 'disable-bucket-policy-only':
+        disable_bucket_policy_only(args.bucket_name)
+    elif args.command == 'get-bucket-policy-only':
+        get_bucket_policy_only(args.bucket_name)
diff --git a/storage/cloud-client/bucket_policy_only_test.py b/storage/cloud-client/bucket_policy_only_test.py
@@ -0,0 +1,52 @@
+# Copyright 2019 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import time
+
+from google.cloud import storage
+
+import pytest
+
+import bucket_policy_only
+
+
+@pytest.fixture()
+def bucket():
+    """Creates a test bucket and deletes it upon completion."""
+    client = storage.Client()
+    bucket_name = 'bucket-policy-only-' + str(int(time.time()))
+    bucket = client.create_bucket(bucket_name)
+    yield bucket
+    bucket.delete(force=True)
+
+
+def test_get_bucket_policy_only(bucket, capsys):
+    bucket_policy_only.get_bucket_policy_only(bucket.name)
+    out, _ = capsys.readouterr()
+    assert 'Bucket Policy Only is disabled for {}.'.format(
+        bucket.name) in out
+
+
+def test_enable_bucket_policy_only(bucket, capsys):
+    bucket_policy_only.enable_bucket_policy_only(bucket.name)
+    out, _ = capsys.readouterr()
+    assert 'Bucket Policy Only was enabled for {}.'.format(
+        bucket.name) in out
+
+
+def test_disable_bucket_policy_only(bucket, capsys):
+    bucket_policy_only.disable_bucket_policy_only(bucket.name)
+    out, _ = capsys.readouterr()
+    assert 'Bucket Policy Only was disabled for {}.'.format(
+        bucket.name) in out
diff --git a/storage/cloud-client/requirements.txt b/storage/cloud-client/requirements.txt
@@ -1,2 +1,2 @@
 google-cloud-pubsub==0.39.1
-google-cloud-storage==1.13.2
+google-cloud-storage==1.14.0