Merge pull request #35 from GoogleCloudPlatform/jlm/pubsub-iam

Add IAM samples to pubsub.

Author: remi Taylor

.rubocop.yml

@@ -71,6 +71,8 @@ Style/NumericLiterals:
   Enabled: false
 Style/SpaceAroundOperators:
   Enabled: false
+Style/AccessorMethodName:
+  Enabled: false
 Metrics/ClassLength:
   Enabled: false
 Style/EmptyElse:

pubsub/Gemfile.lock

@@ -1,41 +1,29 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (4.2.6)
-      i18n (~> 0.7)
-      json (~> 1.7, >= 1.7.7)
-      minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
-      tzinfo (~> 1.1)
     addressable (2.4.0)
     ast (2.2.0)
-    autoparse (0.3.3)
-      addressable (>= 2.3.1)
-      extlib (>= 0.9.15)
-      multi_json (>= 1.0.0)
     diff-lcs (1.2.5)
     digest-crc (0.4.1)
-    extlib (0.9.16)
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    gcloud (0.11.0)
+    gcloud (0.12.1)
       digest-crc (~> 0.4)
-      google-api-client (~> 0.8.3)
+      google-api-client (~> 0.9.11)
       google-protobuf (= 3.0.0.alpha.5.0.5.1)
-      grpc (~> 0.13.1)
-      mime-types (~> 2.4)
+      grpc (= 1.0.0.pre1)
+      mime-types (>= 2.4, < 4.0)
       zonefile (~> 1.04)
-    google-api-client (0.8.6)
-      activesupport (>= 3.2)
+    google-api-client (0.9.11)
       addressable (~> 2.3)
-      autoparse (~> 0.3)
-      extlib (~> 0.9)
-      faraday (~> 0.9)
-      googleauth (~> 0.3)
-      launchy (~> 2.4)
-      multi_json (~> 1.10)
-      retriable (~> 1.4)
-      signet (~> 0.6)
+      googleauth (~> 0.5)
+      httpclient (~> 2.7)
+      hurley (~> 0.1)
+      memoist (~> 0.11)
+      mime-types (>= 1.6)
+      representable (~> 2.3.0)
+      retriable (~> 2.0)
+      thor (~> 0.19)
     google-protobuf (3.0.0.alpha.5.0.5.1)
     googleauth (0.5.1)
       faraday (~> 0.9)
@@ -45,21 +33,20 @@ GEM
       multi_json (~> 1.11)
       os (~> 0.9)
       signet (~> 0.7)
-    grpc (0.13.1)
+    grpc (1.0.0.pre1)
       google-protobuf (~> 3.0.0.alpha.5.0.3)
       googleauth (~> 0.5.1)
-    i18n (0.7.0)
-    json (1.8.3)
+    httpclient (2.8.0)
+    hurley (0.2)
     jwt (1.5.4)
-    launchy (2.4.3)
-      addressable (~> 2.3)
     little-plugger (1.1.4)
     logging (2.1.0)
       little-plugger (~> 1.1)
       multi_json (~> 1.10)
     memoist (0.14.0)
-    mime-types (2.99.2)
-    minitest (5.9.0)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
     multi_json (1.12.1)
     multipart-post (2.0.0)
     os (0.9.6)
@@ -73,7 +60,9 @@ GEM
       rack (>= 1.0)
     rainbow (2.1.0)
     rake (10.5.0)
-    retriable (1.4.1)
+    representable (2.3.0)
+      uber (~> 0.0.7)
+    retriable (2.1.0)
     rspec (3.4.0)
       rspec-core (~> 3.4.0)
       rspec-expectations (~> 3.4.0)
@@ -102,10 +91,9 @@ GEM
       rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
-    thread_safe (0.3.5)
+    thor (0.19.1)
     tilt (2.0.2)
-    tzinfo (1.2.2)
-      thread_safe (~> 0.1)
+    uber (0.0.15)
     zonefile (1.04)
 
 PLATFORMS

pubsub/sample.rb

@@ -19,31 +19,31 @@
 pubsub = gcloud.pubsub
 # [END create_pubsub_client]
 
-# [START create_topic]
 def create_topic
+  # [START create_topic]
   gcloud = Gcloud.new "my-gcp-project-id"
   pubsub = gcloud.pubsub
 
   topic = pubsub.create_topic "my-topic"
 
   puts "Topic created #{topic.name}"
+  # [END create_topic]
 end
-# [END create_topic]
 
-# [START create_subscription]
 def create_subscription
+  # [START create_subscription]
   gcloud = Gcloud.new "my-gcp-project-id"
   pubsub = gcloud.pubsub
   topic = pubsub.topic "my-topic"
 
   subscription = topic.subscribe "my-subscription"
 
   puts "Subscription created #{subscription.name}"
+  # [END create_subscription]
 end
-# [END create_subscription]
 
-# [START create_push_subscription]
 def create_push_subscription
+  # [START create_push_subscription]
   gcloud = Gcloud.new "my-gcp-project-id"
   pubsub = gcloud.pubsub
   topic = pubsub.topic "my-topic"
@@ -54,21 +54,21 @@ def create_push_subscription
   )
 
   puts "Push subscription created #{subscription.name}"
+  # [END create_push_subscription]
 end
-# [END create_push_subscription]
 
-# [START publish_message]
 def publish_message
+  # [START publish_message]
   gcloud = Gcloud.new "my-gcp-project-id"
   pubsub = gcloud.pubsub
   topic  = pubsub.topic "my-topic"
 
   topic.publish "A Message"
+  # [END publish_message]
 end
-# [END publish_message]
 
-# [START pull_messages]
 def pull_messages
+  # [START pull_messages]
   gcloud = Gcloud.new "my-gcp-project-id"
   pubsub = gcloud.pubsub
   subscription = pubsub.subscription "my-subscription"
@@ -78,11 +78,11 @@ def pull_messages
     puts message.data
     message.acknowledge!
   end
+  # [END pull_messages]
 end
-# [END pull_messages]
 
-# [START list_topics]
 def list_topics
+  # [START list_topics]
   gcloud = Gcloud.new "my-gcp-project-id"
   pubsub = gcloud.pubsub
   topics = pubsub.topics
@@ -91,11 +91,11 @@ def list_topics
   topics.each do |topic|
     puts topic.name
   end
+  # [END list_topics]
 end
-# [END list_topics]
 
-# [START list_subscriptions]
 def list_subscriptions
+  # [START list_subscriptions]
   gcloud = Gcloud.new "my-gcp-project-id"
   pubsub = gcloud.pubsub
   subscriptions = pubsub.subscriptions
@@ -104,5 +104,91 @@ def list_subscriptions
   subscriptions.each do |subscription|
     puts subscription.name
   end
+  # [END list_subscriptions]
+end
+
+def get_topic_policy
+  # [START get_topic_policy]
+  gcloud = Gcloud.new "my-gcp-project-id"
+  pubsub = gcloud.pubsub
+  topic = pubsub.topic "my-topic"
+
+  policy = topic.policy
+
+  puts "Topic policy:"
+  puts policy.roles
+  # [END get_topic_policy]
+end
+
+def get_subscription_policy
+  # [START get_subscription_policy]
+  gcloud = Gcloud.new "my-gcp-project-id"
+  pubsub = gcloud.pubsub
+  subscription = pubsub.subscription "my-subscription"
+
+  policy = subscription.policy
+
+  puts "Subscription policy:"
+  puts policy.roles
+  # [END get_subscription_policy]
+end
+
+def set_subscription_policy
+  # [START set_subscription_policy]
+  gcloud = Gcloud.new "my-gcp-project-id"
+  pubsub = gcloud.pubsub
+  subscription = pubsub.subscription "my-subscription"
+
+  policy = subscription.policy do |p|
+    p.add "roles/pubsub.subscriber",
+          "serviceAccount:account-name@other-project.iam.gserviceaccount.com"
+  end
+
+  puts subscription.policy.roles
+  # [END set_subscription_policy]
+end
+
+def set_topic_policy
+  # [START set_topic_policy]
+  gcloud = Gcloud.new "my-gcp-project-id"
+  pubsub = gcloud.pubsub
+  topic = pubsub.topic "my-topic"
+
+  policy = topic.policy do |p|
+    p.add "roles/pubsub.publisher",
+          "serviceAccount:account-name@other-project.iam.gserviceaccount.com"
+  end
+
+  puts topic.policy.roles
+  # [END set_topic_policy]
+end
+
+def test_subscription_permissions
+  # [START test_subscription_permissions]
+  gcloud = Gcloud.new "my-gcp-project-id"
+  pubsub = gcloud.pubsub
+  subscription = pubsub.subscription "my-subscription"
+
+  permissions = subscription.test_permissions "pubsub.subscriptions.consume",
+                                              "pubsub.subscriptions.update"
+
+  puts permissions.include? "pubsub.subscriptions.consume"
+  puts permissions.include? "pubsub.subscriptions.update"
+  # [END test_subscription_permissions]
+end
+
+def test_topic_permissions
+  # [START test_topic_permissions]
+  gcloud = Gcloud.new "my-gcp-project-id"
+  pubsub = gcloud.pubsub
+  topic = pubsub.topic "my-topic"
+
+  permissions = topic.test_permissions "pubsub.topics.attachSubscription",
+                                       "pubsub.topics.publish",
+                                       "pubsub.topics.update"
+
+  puts permissions.include? "pubsub.topics.attachSubscription"
+  puts permissions.include? "pubsub.topics.publish"
+  puts permissions.include? "pubsub.topics.update"
+  # [END test_topic_permissions]
 end
-# [END list_subscriptions]

pubsub/spec/sample_spec.rb

@@ -18,6 +18,9 @@
 describe "Pub/Sub sample" do
   TOPIC_NAME = "my-topic"
   SUBSCRIPTION_NAME = "my-subscription"
+  SERVICE_ACCOUNT =
+    "serviceAccount:test-account@#{ENV['GOOGLE_PROJECT_ID']}"\
+    ".iam.gserviceaccount.com"
 
   before :all do
     @gcloud = Gcloud.new ENV["GOOGLE_PROJECT_ID"]
@@ -141,6 +144,74 @@ def expect_with_retry attempts: 5
     end
   end
 
+  it "gets topic policy" do
+    @pubsub.create_topic TOPIC_NAME
+
+    expect { get_topic_policy }.to output(/{}/).to_stdout
+  end
+
+  it "gets subscription policy" do
+    @pubsub.create_subscription(
+      TOPIC_NAME,
+      SUBSCRIPTION_NAME,
+      autocreate: true
+    )
+
+    expect { get_subscription_policy }.to output(/{}/).to_stdout
+  end
+
+  it "sets topic policy" do
+    @pubsub.create_topic TOPIC_NAME
+
+    expect_any_instance_of(Gcloud::Pubsub::Policy).to \
+      receive(:add).with(
+        "roles/pubsub.publisher",
+        "serviceAccount:account-name@other-project.iam.gserviceaccount.com"
+      ).and_wrap_original do |m|
+        m.call "roles/pubsub.publisher", SERVICE_ACCOUNT
+      end
+
+    expect { set_topic_policy }.to output(/roles/).to_stdout
+
+    expect(@pubsub.topic(TOPIC_NAME).policy.roles).to \
+      include("roles/pubsub.publisher" => [SERVICE_ACCOUNT])
+  end
+
+  it "sets subscription policy" do
+    @pubsub.create_subscription(
+      TOPIC_NAME,
+      SUBSCRIPTION_NAME,
+      autocreate: true
+    )
+
+    expect_any_instance_of(Gcloud::Pubsub::Policy).to \
+      receive(:add).with(
+        "roles/pubsub.subscriber",
+        "serviceAccount:account-name@other-project.iam.gserviceaccount.com"
+      ).and_wrap_original do |m|
+        m.call "roles/pubsub.subscriber", SERVICE_ACCOUNT
+      end
+
+    expect { set_subscription_policy }.to output(/roles/).to_stdout
+
+    expect(@pubsub.subscription(SUBSCRIPTION_NAME).policy.roles).to \
+      include("roles/pubsub.subscriber" => [SERVICE_ACCOUNT])
+  end
+
+  it "tests topic permissions" do
+    @pubsub.create_topic TOPIC_NAME
+    expect { test_topic_permissions }.to output(/true\ntrue/).to_stdout
+  end
+
+  it "tests subscription permissions" do
+    @pubsub.create_subscription(
+      TOPIC_NAME,
+      SUBSCRIPTION_NAME,
+      autocreate: true
+    )
+    expect { test_subscription_permissions }.to output(/true\ntrue/).to_stdout
+  end
+
   after :all do
     cleanup!
   end