Skip to content

Commit 49802f1

Browse files
gguussandrewsg
gguuss
authored and
andrewsg
committed
Adds IAM examples for Python. (GoogleCloudPlatform#1318)
1 parent 07591bc commit 49802f1

File tree

2 files changed

+118
-22
lines changed

2 files changed

+118
-22
lines changed

iot/api-client/manager/manager.py

+87-22
Original file line numberDiff line numberDiff line change
@@ -422,6 +422,42 @@ def get_config_versions(
422422
return configs
423423

424424

425+
def get_iam_permissions(
426+
service_account_json, project_id, cloud_region, registry_id):
427+
"""Retrieves IAM permissions for the given registry."""
428+
client = get_client(service_account_json)
429+
registry_path = 'projects/{}/locations/{}/registries/{}'.format(
430+
project_id, cloud_region, registry_id)
431+
432+
policy = client.projects().locations().registries().getIamPolicy(
433+
resource=registry_path, body={}).execute()
434+
435+
return policy
436+
437+
438+
def set_iam_permissions(
439+
service_account_json, project_id, cloud_region, registry_id, role,
440+
member):
441+
"""Retrieves IAM permissions for the given registry."""
442+
client = get_client(service_account_json)
443+
444+
registry_path = 'projects/{}/locations/{}/registries/{}'.format(
445+
project_id, cloud_region, registry_id)
446+
body = {
447+
"policy":
448+
{
449+
"bindings":
450+
[{
451+
"members": [member],
452+
"role": role
453+
}]
454+
}
455+
}
456+
457+
return client.projects().locations().registries().setIamPolicy(
458+
resource=registry_path, body=body).execute()
459+
460+
425461
def parse_command_line_args():
426462
"""Parse command line arguments."""
427463
default_registry = 'cloudiot_device_manager_example_registry_{}'.format(
@@ -473,6 +509,14 @@ def parse_command_line_args():
473509
'--version',
474510
default=None,
475511
help='Version number for setting device configuration.')
512+
parser.add_argument(
513+
'--member',
514+
default=None,
515+
help='Member used for IAM commands.')
516+
parser.add_argument(
517+
'--role',
518+
default=None,
519+
help='Role used for IAM commands.')
476520

477521
# Command subparser
478522
command = parser.add_subparsers(dest='command')
@@ -485,14 +529,16 @@ def parse_command_line_args():
485529
command.add_parser('delete-device', help=delete_device.__doc__)
486530
command.add_parser('delete-registry', help=delete_registry.__doc__)
487531
command.add_parser('get', help=get_device.__doc__)
532+
command.add_parser('get-config-versions', help=get_config_versions.__doc__)
533+
command.add_parser('get-iam-permissions', help=get_iam_permissions.__doc__)
488534
command.add_parser('get-registry', help=get_registry.__doc__)
489535
command.add_parser('get-state', help=get_state.__doc__)
490536
command.add_parser('list', help=list_devices.__doc__)
491537
command.add_parser('list-registries', help=list_registries.__doc__)
492538
command.add_parser('patch-es256', help=patch_es256_auth.__doc__)
493539
command.add_parser('patch-rs256', help=patch_rsa256_auth.__doc__)
494540
command.add_parser('set-config', help=patch_rsa256_auth.__doc__)
495-
command.add_parser('get-config-versions', help=get_config_versions.__doc__)
541+
command.add_parser('set-iam-permissions', help=set_iam_permissions.__doc__)
496542

497543
return parser.parse_args()
498544

@@ -525,15 +571,45 @@ def run_create(args):
525571
create_iot_topic(args.project_id, args.pubsub_topic)
526572

527573

574+
def run_get(args):
575+
if args.command == 'get':
576+
get_device(
577+
args.service_account_json, args.project_id,
578+
args.cloud_region, args.registry_id, args.device_id)
579+
580+
elif args.command == 'get-config-versions':
581+
get_device(
582+
args.service_account_json, args.project_id,
583+
args.cloud_region, args.registry_id, args.device_id)
584+
585+
elif args.command == 'get-state':
586+
get_state(
587+
args.service_account_json, args.project_id,
588+
args.cloud_region, args.registry_id, args.device_id)
589+
590+
elif args.command == 'get-iam-permissions':
591+
print(get_iam_permissions(
592+
args.service_account_json, args.project_id,
593+
args.cloud_region, args.registry_id))
594+
595+
elif args.command == 'get-registry':
596+
print(get_registry(
597+
args.service_account_json, args.project_id,
598+
args.cloud_region, args.registry_id))
599+
600+
528601
def run_command(args):
529602
"""Calls the program using the specified command."""
530603
if args.project_id is None:
531604
print('You must specify a project ID or set the environment variable.')
532605
return
533606

534-
if args.command.startswith('create'):
607+
elif args.command.startswith('create'):
535608
run_create(args)
536609

610+
elif args.command.startswith('get'):
611+
run_get(args)
612+
537613
elif args.command == 'delete-device':
538614
delete_device(
539615
args.service_account_json, args.project_id,
@@ -544,21 +620,6 @@ def run_command(args):
544620
args.service_account_json, args.project_id,
545621
args.cloud_region, args.registry_id)
546622

547-
elif args.command == 'get':
548-
get_device(
549-
args.service_account_json, args.project_id,
550-
args.cloud_region, args.registry_id, args.device_id)
551-
552-
elif args.command == 'get-state':
553-
get_state(
554-
args.service_account_json, args.project_id,
555-
args.cloud_region, args.registry_id, args.device_id)
556-
557-
elif args.command == 'get-registry':
558-
print(get_registry(
559-
args.service_account_json, args.project_id,
560-
args.cloud_region, args.registry_id))
561-
562623
elif args.command == 'list':
563624
list_devices(
564625
args.service_account_json, args.project_id,
@@ -585,6 +646,15 @@ def run_command(args):
585646
args.cloud_region, args.registry_id, args.device_id,
586647
args.rsa_certificate_file)
587648

649+
elif args.command == 'set-iam-permissions':
650+
if (args.member is None):
651+
sys.exit('Error: specify --member')
652+
if (args.role is None):
653+
sys.exit('Error: specify --role')
654+
set_iam_permissions(
655+
args.service_account_json, args.project_id,
656+
args.cloud_region, args.registry_id, args.role, args.member)
657+
588658
elif args.command == 'set-config':
589659
if (args.config is None):
590660
sys.exit('Error: specify --config')
@@ -595,11 +665,6 @@ def run_command(args):
595665
args.cloud_region, args.registry_id, args.device_id,
596666
args.version, args.config)
597667

598-
elif args.command == 'get-config-versions':
599-
get_device(
600-
args.service_account_json, args.project_id,
601-
args.cloud_region, args.registry_id, args.device_id)
602-
603668

604669
def main():
605670
args = parse_command_line_args()

iot/api-client/manager/manager_test.py

+31
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,37 @@ def test_create_delete_registry(test_topic, capsys):
6363
service_account_json, project_id, cloud_region, registry_id)
6464

6565

66+
def test_get_iam_permissions(test_topic, capsys):
67+
manager.open_registry(
68+
service_account_json, project_id, cloud_region, pubsub_topic,
69+
registry_id)
70+
71+
manager.list_devices(
72+
service_account_json, project_id, cloud_region, registry_id)
73+
74+
# Test getting IAM permissions
75+
print(manager.get_iam_permissions(
76+
service_account_json, project_id, cloud_region, registry_id))
77+
78+
# Test setting IAM permissions
79+
MEMBER = "group:dpebot@google.com"
80+
ROLE = "roles/viewer"
81+
print(manager.set_iam_permissions(
82+
service_account_json, project_id, cloud_region, registry_id,
83+
ROLE, MEMBER))
84+
85+
out, _ = capsys.readouterr()
86+
87+
# Check that create / list worked
88+
assert 'Created registry' in out
89+
assert 'eventNotificationConfig' in out
90+
assert 'etag' in out
91+
92+
# Clean up
93+
manager.delete_registry(
94+
service_account_json, project_id, cloud_region, registry_id)
95+
96+
6697
def test_add_delete_unauth_device(test_topic, capsys):
6798
device_id = device_id_template.format('UNAUTH')
6899
manager.open_registry(

0 commit comments

Comments
 (0)