Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC: Adds removePolicy to Iam Policy Builder #480

Merged
merged 2 commits into from
May 12, 2017
Merged

RFC: Adds removePolicy to Iam Policy Builder #480

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7e681a1
Adds removePolicy to Iam Policy Builder
bshaffer May 6, 2017
d5dc51f
adds snippet test
bshaffer May 8, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions src/Core/Iam/PolicyBuilder.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,53 @@ public function addBinding($role, array $members)
return $this;
}

/**
* Remove a binding from the policy.
*
* Example:
* ```
* $builder->setBindings([
* [
* 'role' => 'roles/admin',
* 'members' => [
* 'user:[email protected]',
* 'user2:[email protected]'
* ]
* ]
* ]);
* $builder->removeBinding('roles/admin', [ 'user:[email protected]' ]);
* ```
*
* @param string $role A valid role for the service
* @param array $members An array of members to remove from the role
* @return PolicyBuilder
* @throws InvalidArgumentException
*/
public function removeBinding($role, array $members)
{
$bindings = $this->bindings;
foreach ((array) $bindings as $i => $binding) {
if ($binding['role'] == $role) {
$newMembers = array_diff($binding['members'], $members);
if (count($newMembers) != count($binding['members']) - count($members)) {
throw new InvalidArgumentException('One or more role-members were not found.');
}
if (empty($newMembers)) {
unset($bindings[$i]);
$bindings = array_values($bindings);
} else {
$binding['members'] = array_values($newMembers);
$bindings[$i] = $binding;
}
$this->bindings = $bindings;

return $this;
}
}

throw new InvalidArgumentException('The role was not found.');
}

/**
* Update the etag on the policy.
*
Expand Down
10 changes: 10 additions & 0 deletions tests/snippets/Core/Iam/PolicyBuilderTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,16 @@ public function testAddBindings()
$this->assertEquals('user:[email protected]', $this->pb->result()['bindings'][0]['members'][0]);
}

public function testRemoveBinding()
{
$snippet = $this->snippetFromMethod(PolicyBuilder::class, 'removeBinding');
$snippet->addLocal('builder', $this->pb);

$res = $snippet->invoke();
$this->assertEquals('roles/admin', $this->pb->result()['bindings'][0]['role']);
$this->assertEquals('user2:[email protected]', $this->pb->result()['bindings'][0]['members'][0]);
}

public function testSetEtag()
{
$snippet = $this->snippetFromMethod(PolicyBuilder::class, 'setEtag');
Expand Down
87 changes: 87 additions & 0 deletions tests/unit/Core/Iam/PolicyBuilderTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,4 +137,91 @@ public function testConstructWithExistingPolicy()

$this->assertEquals($policy, $result);
}

public function testRemoveBinding()
{
$policy = [
'bindings' => [
[
'role' => 'test',
'members' => [
'user:[email protected]',
'user2:[email protected]'
]
]
]
];

$builder = new PolicyBuilder($policy);
$builder->removeBinding('test', ['user:[email protected]']);

$this->assertEquals('user2:[email protected]', $builder->result()['bindings'][0]['members'][0]);
}

public function testRemoveBindingAndRole()
{
$policy = [
'bindings' => [
[
'role' => 'test',
'members' => [
'user:[email protected]',
]
],
[
'role' => 'test2',
'members' => [
'user2:[email protected]'
]
]
]
];

$builder = new PolicyBuilder($policy);
$builder->removeBinding('test', ['user:[email protected]']);

$this->assertEquals('user2:[email protected]', $builder->result()['bindings'][0]['members'][0]);
}

/**
* @expectedException InvalidArgumentException
* @expectedExceptionMessage One or more role-members were not found.
*/
public function testRemoveBindingInvalidMemberThrowsException()
{
$policy = [
'bindings' => [
[
'role' => 'test',
'members' => [
'user:[email protected]',
]
],
]
];

$builder = new PolicyBuilder($policy);
$builder->removeBinding('test', ['user2:[email protected]']);
}

/**
* @expectedException InvalidArgumentException
* @expectedExceptionMessage The role was not found.
*/
public function testRemoveBindingInvalidRoleThrowsException()
{
$policy = [
'bindings' => [
[
'role' => 'test',
'members' => [
'user:[email protected]',
]
],
]
];

$builder = new PolicyBuilder($policy);
$builder->removeBinding('test2', ['user:[email protected]']);
}
}