diff --git a/Storage/tests/System/RequesterPaysTest.php b/Storage/tests/System/RequesterPaysTest.php index 748652aa3935..9211e7567b48 100644 --- a/Storage/tests/System/RequesterPaysTest.php +++ b/Storage/tests/System/RequesterPaysTest.php @@ -31,11 +31,14 @@ */ class RequesterPaysTest extends StorageTestCase { - private $keyFilePath; - private $requesterPaysClient; - private $requesterProject; - private $keyfileUser; - + private static $requesterKeyFile; + private static $requesterProject; + private static $requesterEmail; + private static $ownerKeyFile; + private static $ownerEmail; + private static $ownerProject; + + private static $requesterClient; private static $bucketName; private static $ownerBucketInstance; private static $object1; @@ -43,19 +46,36 @@ class RequesterPaysTest extends StorageTestCase private static $content; private static $topic; private static $notificationId; - private static $iamsetup = false; public static function setupBeforeClass() { parent::setupBeforeClass(); - $client = self::$client; + $requesterKeyFilePath = getenv('GOOGLE_CLOUD_PHP_TESTS_WHITELIST_KEY_PATH'); + $ownerKeyFilePath = getenv('GOOGLE_CLOUD_PHP_TESTS_KEY_PATH'); + + self::$requesterKeyFile = json_decode(file_get_contents($requesterKeyFilePath), true); + self::$requesterEmail = self::$requesterKeyFile['client_email']; + self::$requesterProject = self::$requesterKeyFile['project_id']; + + self::$ownerKeyFile = json_decode(file_get_contents($ownerKeyFilePath), true); + self::$ownerEmail = self::$ownerKeyFile['client_email']; + self::$ownerProject = self::$ownerKeyFile['project_id']; self::$bucketName = uniqid(self::TESTING_PREFIX); + + $client = self::$client; + + // Owner bucket instance is a bucket class with requester pays turned on + // and authenticated with the credentials of the user owning the bucket. self::$ownerBucketInstance = self::createBucket($client, self::$bucketName, [ 'billing' => ['requesterPays' => true] ]); + self::$requesterClient = new StorageClient([ + 'keyFile' => self::$requesterKeyFile + ]); + self::$topic = self::$pubsubClient->createTopic(uniqid(self::TESTING_PREFIX)); self::$deletionQueue->add(self::$topic); @@ -67,52 +87,34 @@ public static function setupBeforeClass() self::$object2 = self::$ownerBucketInstance->upload(self::$content, [ 'name' => uniqid(self::TESTING_PREFIX) ]); - } - - public function setUp() - { - $this->keyFilePath = getenv('GOOGLE_CLOUD_PHP_TESTS_WHITELIST_KEY_PATH'); - - $keyfile = json_decode(file_get_contents(getenv('GOOGLE_CLOUD_PHP_TESTS_WHITELIST_KEY_PATH')), true); - $this->keyfileUser = $keyfile['client_email']; - - $this->requesterPaysClient = new StorageClient([ - 'keyFile' => $keyfile - ]); - $parentKeyfile = json_decode(file_get_contents(getenv('GOOGLE_CLOUD_PHP_TESTS_KEY_PATH')), true); - $keyfile = json_decode(file_get_contents($this->keyFilePath), true); - $this->requesterProject = $keyfile['project_id']; - - if (!self::$iamsetup) { - // set bucket policy - $p = self::$ownerBucketInstance->iam()->policy(); - $p['bindings'][] = [ - 'role' => 'roles/storage.admin', - 'members' => [ - 'serviceAccount:' . $keyfile['client_email'] - ] - ]; - $p['bindings'][] = [ - 'role' => 'roles/storage.objectAdmin', - 'members' => [ - 'serviceAccount:' . $keyfile['client_email'] - ] - ]; - self::$ownerBucketInstance->iam()->setPolicy($p); - - // set topic policy - $p = self::$topic->iam()->policy(); - $p['bindings'][] = [ - 'role' => 'roles/pubsub.publisher', - 'members' => [ - 'serviceAccount:'. $parentKeyfile['project_id'] .'@gs-project-accounts.iam.gserviceaccount.com' - ] - ]; - self::$topic->iam()->setPolicy($p); - - self::$iamsetup = true; - } + // set bucket policy + $p = self::$ownerBucketInstance->iam()->policy(); + $p['bindings'][] = [ + 'role' => 'roles/storage.admin', + 'members' => [ + 'serviceAccount:' . self::$requesterEmail, + 'serviceAccount:'. self::$ownerEmail + ] + ]; + $p['bindings'][] = [ + 'role' => 'roles/storage.objectAdmin', + 'members' => [ + 'serviceAccount:' . self::$requesterEmail, + 'serviceAccount:'. self::$ownerEmail + ] + ]; + self::$ownerBucketInstance->iam()->setPolicy($p); + + // set topic policy + $p = self::$topic->iam()->policy(); + $p['bindings'][] = [ + 'role' => 'roles/pubsub.publisher', + 'members' => [ + 'serviceAccount:'. self::$ownerProject .'@gs-project-accounts.iam.gserviceaccount.com', + ] + ]; + self::$topic->iam()->setPolicy($p); } public function testBucketSettings() @@ -154,7 +156,7 @@ public function testBucketSettings() */ public function testRequesterPaysMethodsWithoutUserProject(callable $call) { - $bucket = $this->requesterPaysClient->bucket(self::$bucketName); + $bucket = self::$requesterClient->bucket(self::$bucketName); $object = $bucket->object(self::$object1->name()); $call($bucket, $object); @@ -163,12 +165,12 @@ public function testRequesterPaysMethodsWithoutUserProject(callable $call) /** * @dataProvider requesterPaysMethods */ - public function testRequesterPaysWithUserProject(callable $call) + public function testRequesterPaysMethodsWithUserProject(callable $call) { - $bucket = $this->requesterPaysClient->bucket(self::$bucketName, $this->requesterProject); + $bucket = self::$requesterClient->bucket(self::$bucketName, true); $object = $bucket->object(self::$object1->name()); - $this->assertEquals($this->requesterProject, $object->identity()['userProject']); + $this->assertEquals(self::$requesterProject, $object->identity()['userProject']); $call($bucket, $object); } @@ -178,164 +180,179 @@ public function requesterPaysMethods() $this->setup(); return [ - [ + 'add-acl' => [ function (Bucket $bucket) { $acl = $bucket->acl(); - $acl->add('user-'. $this->keyfileUser, Acl::ROLE_READER); + $acl->add('user-'. self::$requesterEmail, Acl::ROLE_READER); } - ], [ + ], + 'get-acl' => [ function (Bucket $bucket) { $acl = $bucket->acl(); - $item = $acl->get(['entity' => 'user-'. $this->keyfileUser]); + $item = $acl->get(['entity' => 'user-'. self::$requesterEmail]); } - ], [ + ], + 'update-acl' => [ function (Bucket $bucket) { $acl = $bucket->acl(); - $acl->update('user-'. $this->keyfileUser, Acl::ROLE_OWNER); + $acl->update('user-'. self::$requesterEmail, Acl::ROLE_OWNER); } - ], [ + ], + 'delete-acl' => [ function (Bucket $bucket) { $acl = $bucket->acl(); - $acl->delete('user-'. $this->keyfileUser); + $acl->delete('user-'. self::$requesterEmail); } - ], [ + ], + 'add-default-acl' => [ function (Bucket $bucket) { $acl = $bucket->defaultAcl(); - $acl->add('user-'. $this->keyfileUser, Acl::ROLE_READER); + $acl->add('user-'. self::$requesterEmail, Acl::ROLE_READER); } - ], [ + ], + 'get-default-acl' => [ function (Bucket $bucket) { $acl = $bucket->defaultAcl(); - $item = $acl->get(['entity' => 'user-'. $this->keyfileUser]); + $item = $acl->get(['entity' => 'user-'. self::$requesterEmail]); } - ], [ + ], + 'update-default-acl' => [ function (Bucket $bucket) { $acl = $bucket->defaultAcl(); - $acl->update('user-'. $this->keyfileUser, Acl::ROLE_OWNER); + $acl->update('user-'. self::$requesterEmail, Acl::ROLE_OWNER); } - ], [ + ], + 'delete-default-acl' => [ function (Bucket $bucket) { $acl = $bucket->defaultAcl(); - $acl->delete('user-'. $this->keyfileUser); + $acl->delete('user-'. self::$requesterEmail); } - ], [ + ], + 'bucket-exists' => [ function (Bucket $bucket) { $bucket->exists(); }, - ], [ + ], + 'bucket-upload' => [ function (Bucket $bucket) { $bucket->upload(self::$content, [ 'name' => uniqid(self::TESTING_PREFIX) ]); }, - ], [ - function (Bucket $bucket) { - $bucket->getResumableUploader(self::$content, [ - 'name' => uniqid(self::TESTING_PREFIX) - ])->upload(); - }, - ], [ - function (Bucket $bucket) { - $bucket->getStreamableUploader(self::$content, [ - 'name' => uniqid(self::TESTING_PREFIX) - ])->upload(); - }, - ], [ + ], + 'bucket-objects' => [ function (Bucket $bucket) { iterator_to_array($bucket->objects()); }, - ], [ + ], + 'bucket-update' => [ function (Bucket $bucket) { $bucket->update([]); }, - ], [ + ], + 'bucket-compose' => [ function (Bucket $bucket) { $bucket->compose([self::$object1, self::$object2], uniqid(self::TESTING_PREFIX), [ 'metadata' => ['contentType' => 'text/plain'] ]); }, - ], [ + ], + 'bucket-reload' => [ function (Bucket $bucket) { $bucket->reload(); } - ], [ + ], + 'notification-create' => [ function (Bucket $bucket) { self::$notificationId = $bucket->createNotification(self::$topic)->info()['id']; } - ], [ + ], + 'notification-get' => [ function (Bucket $bucket) { $bucket->notifications()->current(); } - ], [ + ], + 'notification-reload' => [ function (Bucket $bucket) { $bucket->notification(self::$notificationId)->reload(); } - ], [ + ], + 'object-acl-add' => [ function (Bucket $bucket, StorageObject $object) { $acl = $object->acl(); - $acl->add('user-'. $this->keyfileUser, Acl::ROLE_READER); + $acl->add('user-'. self::$requesterEmail, Acl::ROLE_READER); } - ], [ + ], + 'object-acl-get' => [ function (Bucket $bucket, StorageObject $object) { $acl = $object->acl(); - $item = $acl->get(['entity' => 'user-'. $this->keyfileUser]); + $item = $acl->get(['entity' => 'user-'. self::$requesterEmail]); } - ], [ + ], + 'object-acl-update' => [ function (Bucket $bucket, StorageObject $object) { $acl = $object->acl(); - $acl->update('user-'. $this->keyfileUser, Acl::ROLE_OWNER); + $acl->update('user-'. self::$requesterEmail, Acl::ROLE_OWNER); } - ], [ + ], + 'object-acl-delete' => [ function (Bucket $bucket, StorageObject $object) { $acl = $object->acl(); - $acl->delete('user-'. $this->keyfileUser); + $acl->delete('user-'. self::$requesterEmail); } - ], [ + ], + 'object-exists' => [ function (Bucket $bucket, StorageObject $object) { $object->exists(); } - ], [ + ], + 'object-update' => [ function (Bucket $bucket, StorageObject $object) { $object->update([]); } - ], [ + ], + 'object-copy' => [ function (Bucket $bucket, StorageObject $object) { $object->copy($bucket); } - ], [ + ], + 'object-rewrite' => [ function (Bucket $bucket, StorageObject $object) { $object->rewrite($bucket); } - ], [ + ], + 'object-download-string' => [ function (Bucket $bucket, StorageObject $object) { $object->downloadAsString(); } - ], [ + ], + 'object-download-file' => [ function (Bucket $bucket, StorageObject $object) { $object->downloadToFile('php://temp'); } - ], [ + ], + 'object-download-stream' => [ function (Bucket $bucket, StorageObject $object) { $object->downloadAsStream(); } - ], [ + ], + 'object-reload' => [ function (Bucket $bucket, StorageObject $object) { $object->reload(); } - ], [ + ], + 'bucket-iam-get' => [ function (Bucket $bucket, StorageObject $object) { $bucket->iam()->policy(); } - ], [ + ], + 'bucket-iam-set' => [ function (Bucket $bucket, StorageObject $object) { $p = $bucket->iam()->policy(); $bucket->iam()->setPolicy($p); } - ], [ - function (Bucket $bucket, StorageObject $object) { - $bucket->iam()->testPermissions(['storage.objects.create', 'storage.objects.delete']); - } - ], [ + ], + 'bucket-iam-reload' => [ function (Bucket $bucket, StorageObject $object) { $bucket->iam()->reload(); } @@ -343,14 +360,53 @@ function (Bucket $bucket, StorageObject $object) { ]; } + /** + * @dataProvider uploadMethods + * @expectedException Google\Cloud\Core\Exception\GoogleException + */ + public function testUploadMethodsWithoutUserProject(callable $call) + { + $bucket = self::$requesterClient->bucket(self::$bucketName); + $call($bucket); + } + + /** + * @dataProvider uploadMethods + */ + public function testUploadMethodsWithUserProject(callable $call) + { + $bucket = self::$requesterClient->bucket(self::$bucketName, true); + $call($bucket); + } + + public function uploadMethods() + { + return [ + 'resumable-upload' => [ + function (Bucket $bucket) { + $bucket->getResumableUploader(self::$content, [ + 'name' => uniqid(self::TESTING_PREFIX) + ])->upload(); + }, + ], + 'streamable-upload' => [ + function (Bucket $bucket) { + $bucket->getStreamableUploader(self::$content, [ + 'name' => uniqid(self::TESTING_PREFIX) + ])->upload(); + }, + ], + ]; + } + public function testDeleteNotification() { - $bucket = $this->requesterPaysClient->bucket(self::$bucketName, $this->requesterProject); + $bucket = self::$requesterClient->bucket(self::$bucketName, self::$requesterProject); $bucket->notification(self::$notificationId)->delete(); // test that the userProject is right through the object (since no access on bucket). $object = $bucket->object(self::$object1->name()); - $this->assertEquals($this->requesterProject, $object->identity()['userProject']); + $this->assertEquals(self::$requesterProject, $object->identity()['userProject']); } /** @@ -358,7 +414,7 @@ public function testDeleteNotification() */ public function testDeleteNotificationFails() { - $bucket = $this->requesterPaysClient->bucket(self::$bucketName); + $bucket = self::$requesterClient->bucket(self::$bucketName); $bucket->notification(self::$notificationId)->delete(); } }