-
Notifications
You must be signed in to change notification settings - Fork 438
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RFC: Adds removePolicy to Iam Policy Builder (#480)
* Adds removePolicy to Iam Policy Builder * adds snippet test
- Loading branch information
Showing
3 changed files
with
144 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -123,6 +123,53 @@ public function addBinding($role, array $members) | |
| return $this; | ||
| } | ||
|
|
||
| /** | ||
| * Remove a binding from the policy. | ||
| * | ||
| * Example: | ||
| * ``` | ||
| * $builder->setBindings([ | ||
| * [ | ||
| * 'role' => 'roles/admin', | ||
| * 'members' => [ | ||
| * 'user:[email protected]', | ||
| * 'user2:[email protected]' | ||
| * ] | ||
| * ] | ||
| * ]); | ||
| * $builder->removeBinding('roles/admin', [ 'user:[email protected]' ]); | ||
| * ``` | ||
| * | ||
| * @param string $role A valid role for the service | ||
| * @param array $members An array of members to remove from the role | ||
| * @return PolicyBuilder | ||
| * @throws InvalidArgumentException | ||
| */ | ||
| public function removeBinding($role, array $members) | ||
| { | ||
| $bindings = $this->bindings; | ||
| foreach ((array) $bindings as $i => $binding) { | ||
| if ($binding['role'] == $role) { | ||
| $newMembers = array_diff($binding['members'], $members); | ||
| if (count($newMembers) != count($binding['members']) - count($members)) { | ||
| throw new InvalidArgumentException('One or more role-members were not found.'); | ||
| } | ||
| if (empty($newMembers)) { | ||
| unset($bindings[$i]); | ||
| $bindings = array_values($bindings); | ||
| } else { | ||
| $binding['members'] = array_values($newMembers); | ||
| $bindings[$i] = $binding; | ||
| } | ||
| $this->bindings = $bindings; | ||
|
|
||
| return $this; | ||
| } | ||
| } | ||
|
|
||
| throw new InvalidArgumentException('The role was not found.'); | ||
| } | ||
|
|
||
| /** | ||
| * Update the etag on the policy. | ||
| * | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -62,6 +62,16 @@ public function testAddBindings() | |
| $this->assertEquals('user:[email protected]', $this->pb->result()['bindings'][0]['members'][0]); | ||
| } | ||
|
|
||
| public function testRemoveBinding() | ||
| { | ||
| $snippet = $this->snippetFromMethod(PolicyBuilder::class, 'removeBinding'); | ||
| $snippet->addLocal('builder', $this->pb); | ||
|
|
||
| $res = $snippet->invoke(); | ||
| $this->assertEquals('roles/admin', $this->pb->result()['bindings'][0]['role']); | ||
| $this->assertEquals('user2:[email protected]', $this->pb->result()['bindings'][0]['members'][0]); | ||
| } | ||
|
|
||
| public function testSetEtag() | ||
| { | ||
| $snippet = $this->snippetFromMethod(PolicyBuilder::class, 'setEtag'); | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -137,4 +137,91 @@ public function testConstructWithExistingPolicy() | |
|
|
||
| $this->assertEquals($policy, $result); | ||
| } | ||
|
|
||
| public function testRemoveBinding() | ||
| { | ||
| $policy = [ | ||
| 'bindings' => [ | ||
| [ | ||
| 'role' => 'test', | ||
| 'members' => [ | ||
| 'user:[email protected]', | ||
| 'user2:[email protected]' | ||
| ] | ||
| ] | ||
| ] | ||
| ]; | ||
|
|
||
| $builder = new PolicyBuilder($policy); | ||
| $builder->removeBinding('test', ['user:[email protected]']); | ||
|
|
||
| $this->assertEquals('user2:[email protected]', $builder->result()['bindings'][0]['members'][0]); | ||
| } | ||
|
|
||
| public function testRemoveBindingAndRole() | ||
| { | ||
| $policy = [ | ||
| 'bindings' => [ | ||
| [ | ||
| 'role' => 'test', | ||
| 'members' => [ | ||
| 'user:[email protected]', | ||
| ] | ||
| ], | ||
| [ | ||
| 'role' => 'test2', | ||
| 'members' => [ | ||
| 'user2:[email protected]' | ||
| ] | ||
| ] | ||
| ] | ||
| ]; | ||
|
|
||
| $builder = new PolicyBuilder($policy); | ||
| $builder->removeBinding('test', ['user:[email protected]']); | ||
|
|
||
| $this->assertEquals('user2:[email protected]', $builder->result()['bindings'][0]['members'][0]); | ||
| } | ||
|
|
||
| /** | ||
| * @expectedException InvalidArgumentException | ||
| * @expectedExceptionMessage One or more role-members were not found. | ||
| */ | ||
| public function testRemoveBindingInvalidMemberThrowsException() | ||
| { | ||
| $policy = [ | ||
| 'bindings' => [ | ||
| [ | ||
| 'role' => 'test', | ||
| 'members' => [ | ||
| 'user:[email protected]', | ||
| ] | ||
| ], | ||
| ] | ||
| ]; | ||
|
|
||
| $builder = new PolicyBuilder($policy); | ||
| $builder->removeBinding('test', ['user2:[email protected]']); | ||
| } | ||
|
|
||
| /** | ||
| * @expectedException InvalidArgumentException | ||
| * @expectedExceptionMessage The role was not found. | ||
| */ | ||
| public function testRemoveBindingInvalidRoleThrowsException() | ||
| { | ||
| $policy = [ | ||
| 'bindings' => [ | ||
| [ | ||
| 'role' => 'test', | ||
| 'members' => [ | ||
| 'user:[email protected]', | ||
| ] | ||
| ], | ||
| ] | ||
| ]; | ||
|
|
||
| $builder = new PolicyBuilder($policy); | ||
| $builder->removeBinding('test2', ['user:[email protected]']); | ||
| } | ||
| } | ||