Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Storage] Add support for UniformBucketLevelAccess #5899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JesseLovelace merged 16 commits into from
Nov 4, 2019
Merged

[Storage] Add support for UniformBucketLevelAccess #5899

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
6de8bed
Add support UniformBucketLevelAccess
Jul 26, 2019
6b585b3
Fix casing for ubla.
Jul 26, 2019
9c9ec21
BPO -> UBLA samples
Jul 26, 2019
81994f0
Add workaround until backend is fixed
Jul 27, 2019
1bc4827
Fix lint
Jul 27, 2019
34e0b8b
Fix lint issues in snippets
Jul 27, 2019
2e8c059
Update bpo unit tests
Jul 29, 2019
8a6c2bf
Update bpo unit tests
Jul 29, 2019
63f7729
Merge branch 'ubla' of github.com:googleapis/google-cloud-java into ubla
JesseLovelace Oct 17, 2019
641bfe4
Merge branch 'ubla' of github.com:googleapis/google-cloud-java into ubla
JesseLovelace Oct 17, 2019
f6108b7
Merge branch 'ubla' of github.com:googleapis/google-cloud-java into ubla
JesseLovelace Oct 17, 2019
4daa09c
Merge branch 'master' into ubla
JesseLovelace Oct 17, 2019
d4366d5
Merge branch 'ubla' of github.com:googleapis/google-cloud-java into ubla
JesseLovelace Oct 17, 2019
4190a14
Merge branch 'ubla' of github.com:googleapis/google-cloud-java into ubla
JesseLovelace Oct 18, 2019
a3b136d
Merge branch 'ubla' of github.com:googleapis/google-cloud-java into ubla
JesseLovelace Oct 18, 2019
eecf8f2
Merge branch 'ubla' of github.com:googleapis/google-cloud-java into ubla
JesseLovelace Oct 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
105 changes: 68 additions & 37 deletions ...cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,13 +102,14 @@ public com.google.api.services.storage.model.Bucket apply(BucketInfo bucketInfo)
/**
* The Bucket's IAM Configuration.
*
* @see <a href="https://cloud.google.com/storage/docs/bucket-policy-only">Bucket Policy Only</a>
* @see <a href="https://cloud.google.com/storage/docs/uniform-bucket-level-access">uniform
* bucket-level access</a>
*/
public static class IamConfiguration implements Serializable {
private static final long serialVersionUID = -8671736104909424616L;

private Boolean isBucketPolicyOnlyEnabled;
private Long bucketPolicyOnlyLockedTime;
private Boolean isUniformBucketLevelAccessEnabled;
private Long uniformBucketLevelAccessLockedTime;

@Override
public boolean equals(Object o) {
Expand All @@ -122,12 +123,12 @@ public boolean equals(Object o) {

@Override
public int hashCode() {
return Objects.hash(isBucketPolicyOnlyEnabled, bucketPolicyOnlyLockedTime);
return Objects.hash(isUniformBucketLevelAccessEnabled, uniformBucketLevelAccessLockedTime);
}

private IamConfiguration(Builder builder) {
this.isBucketPolicyOnlyEnabled = builder.isBucketPolicyOnlyEnabled;
this.bucketPolicyOnlyLockedTime = builder.bucketPolicyOnlyLockedTime;
this.isUniformBucketLevelAccessEnabled = builder.isUniformBucketLevelAccessEnabled;
this.uniformBucketLevelAccessLockedTime = builder.uniformBucketLevelAccessLockedTime;
}

public static Builder newBuilder() {
Expand All @@ -136,69 +137,99 @@ public static Builder newBuilder() {

public Builder toBuilder() {
Builder builder = new Builder();
builder.isBucketPolicyOnlyEnabled = isBucketPolicyOnlyEnabled;
builder.bucketPolicyOnlyLockedTime = bucketPolicyOnlyLockedTime;
builder.isUniformBucketLevelAccessEnabled = isUniformBucketLevelAccessEnabled;
builder.uniformBucketLevelAccessLockedTime = uniformBucketLevelAccessLockedTime;
return builder;
}

/** Deprecated in favor of isUniformBucketLevelAccessEnabled(). */
@Deprecated
public Boolean isBucketPolicyOnlyEnabled() {
return isBucketPolicyOnlyEnabled;
return isUniformBucketLevelAccessEnabled;
}

/** Deprecated in favor of uniformBucketLevelAccessLockedTime(). */
@Deprecated
public Long getBucketPolicyOnlyLockedTime() {
return bucketPolicyOnlyLockedTime;
return uniformBucketLevelAccessLockedTime;
}

public Boolean isUniformBucketLevelAccessEnabled() {
return isUniformBucketLevelAccessEnabled;
}

public Long getUniformBucketLevelAccessLockedTime() {
return uniformBucketLevelAccessLockedTime;
}

Bucket.IamConfiguration toPb() {
Bucket.IamConfiguration iamConfiguration = new Bucket.IamConfiguration();

Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly =
new Bucket.IamConfiguration.BucketPolicyOnly();
bucketPolicyOnly.setEnabled(isBucketPolicyOnlyEnabled);
bucketPolicyOnly.setLockedTime(
bucketPolicyOnlyLockedTime == null ? null : new DateTime(bucketPolicyOnlyLockedTime));
Bucket.IamConfiguration.UniformBucketLevelAccess uniformBucketLevelAccess =
new Bucket.IamConfiguration.UniformBucketLevelAccess();
uniformBucketLevelAccess.setEnabled(isUniformBucketLevelAccessEnabled);
uniformBucketLevelAccess.setLockedTime(
uniformBucketLevelAccessLockedTime == null
? null
: new DateTime(uniformBucketLevelAccessLockedTime));

iamConfiguration.setUniformBucketLevelAccess(uniformBucketLevelAccess);

iamConfiguration.setBucketPolicyOnly(bucketPolicyOnly);
return iamConfiguration;
}

static IamConfiguration fromPb(Bucket.IamConfiguration iamConfiguration) {
Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly =
iamConfiguration.getBucketPolicyOnly();
DateTime lockedTime = bucketPolicyOnly.getLockedTime();
Bucket.IamConfiguration.UniformBucketLevelAccess uniformBucketLevelAccess =
iamConfiguration.getUniformBucketLevelAccess();
DateTime lockedTime = uniformBucketLevelAccess.getLockedTime();

return newBuilder()
.setIsBucketPolicyOnlyEnabled(bucketPolicyOnly.getEnabled())
.setBucketPolicyOnlyLockedTime(lockedTime == null ? null : lockedTime.getValue())
.setIsUniformBucketLevelAccessEnabled(uniformBucketLevelAccess.getEnabled())
.setUniformBucketLevelAccessLockedTime(lockedTime == null ? null : lockedTime.getValue())
.build();
}

/** Builder for {@code IamConfiguration} */
public static class Builder {
private Boolean isBucketPolicyOnlyEnabled;
private Long bucketPolicyOnlyLockedTime;
private Boolean isUniformBucketLevelAccessEnabled;
private Long uniformBucketLevelAccessLockedTime;

/** Deprecated in favor of setIsUniformBucketLevelAccessEnabled(). */
@Deprecated
public Builder setIsBucketPolicyOnlyEnabled(Boolean isBucketPolicyOnlyEnabled) {
this.isUniformBucketLevelAccessEnabled = isBucketPolicyOnlyEnabled;
return this;
}

/** Deprecated in favor of setUniformBucketLevelAccessLockedTime(). */
@Deprecated
Builder setBucketPolicyOnlyLockedTime(Long bucketPolicyOnlyLockedTime) {
this.uniformBucketLevelAccessLockedTime = bucketPolicyOnlyLockedTime;
return this;
}

/**
* Sets whether BucketPolicyOnly is enabled for this bucket. When this is enabled, access to
* the bucket will be configured through IAM, and legacy ACL policies will not work. When this
* is first enabled, {@code bucketPolicyOnly.lockedTime} will be set by the API automatically.
* This field can then be disabled until the time specified, after which it will become
* immutable and calls to change it will fail. If this is enabled, calls to access legacy ACL
* information will fail.
* Sets whether uniform bucket-level access is enabled for this bucket. When this is enabled,
* access to the bucket will be configured through IAM, and legacy ACL policies will not work.
* When this is first enabled, {@code uniformBucketLevelAccess.lockedTime} will be set by the
* API automatically. This field can then be disabled until the time specified, after which it
* will become immutable and calls to change it will fail. If this is enabled, calls to access
* legacy ACL information will fail.
*/
public Builder setIsBucketPolicyOnlyEnabled(Boolean isBucketPolicyOnlyEnabled) {
this.isBucketPolicyOnlyEnabled = isBucketPolicyOnlyEnabled;
public Builder setIsUniformBucketLevelAccessEnabled(
Boolean isUniformBucketLevelAccessEnabled) {
this.isUniformBucketLevelAccessEnabled = isUniformBucketLevelAccessEnabled;
return this;
}

/**
* Sets the deadline for switching {@code bucketPolicyOnly.enabled} back to false. After this
* time passes, calls to do so will fail. This is package-private, since in general this field
* should never be set by a user--it's automatically set by the backend when {@code enabled}
* is set to true.
* Sets the deadline for switching {@code uniformBucketLevelAccess.enabled} back to false.
* After this time passes, calls to do so will fail. This is package-private, since in general
* this field should never be set by a user--it's automatically set by the backend when {@code
* enabled} is set to true.
*/
Builder setBucketPolicyOnlyLockedTime(Long bucketPolicyOnlyLockedTime) {
this.bucketPolicyOnlyLockedTime = bucketPolicyOnlyLockedTime;
Builder setUniformBucketLevelAccessLockedTime(Long uniformBucketLevelAccessLockedTime) {
this.uniformBucketLevelAccessLockedTime = uniformBucketLevelAccessLockedTime;
return this;
}

Expand Down
12 changes: 6 additions & 6 deletions ...d-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,8 @@ public class BucketInfoTest {
private static final String INDEX_PAGE = "index.html";
private static final BucketInfo.IamConfiguration IAM_CONFIGURATION =
BucketInfo.IamConfiguration.newBuilder()
.setIsBucketPolicyOnlyEnabled(true)
.setBucketPolicyOnlyLockedTime(System.currentTimeMillis())
.setIsUniformBucketLevelAccessEnabled(true)
.setUniformBucketLevelAccessLockedTime(System.currentTimeMillis())
.build();
private static final BucketInfo.Logging LOGGING =
BucketInfo.Logging.newBuilder()
Expand Down Expand Up @@ -272,13 +272,13 @@ public void testLifecycleRules() {
public void testIamConfiguration() {
Bucket.IamConfiguration iamConfiguration =
BucketInfo.IamConfiguration.newBuilder()
.setIsBucketPolicyOnlyEnabled(true)
.setBucketPolicyOnlyLockedTime(System.currentTimeMillis())
.setIsUniformBucketLevelAccessEnabled(true)
.setUniformBucketLevelAccessLockedTime(System.currentTimeMillis())
.build()
.toPb();

assertEquals(Boolean.TRUE, iamConfiguration.getBucketPolicyOnly().getEnabled());
assertNotNull(iamConfiguration.getBucketPolicyOnly().getLockedTime());
assertEquals(Boolean.TRUE, iamConfiguration.getUniformBucketLevelAccess().getEnabled());
assertNotNull(iamConfiguration.getUniformBucketLevelAccess().getLockedTime());
}

@Test
Expand Down
96 changes: 91 additions & 5 deletions ...clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2597,21 +2597,22 @@ public void testGetServiceAccount() {

@Test
public void testBucketWithBucketPolicyOnlyEnabled() throws Exception {
String bpoBucket = RemoteStorageHelper.generateBucketName();
String bucket = RemoteStorageHelper.generateBucketName();
try {
storage.create(
Bucket.newBuilder(bpoBucket)
Bucket.newBuilder(bucket)
.setIamConfiguration(
BucketInfo.IamConfiguration.newBuilder()
.setIsBucketPolicyOnlyEnabled(true)
.build())
.build());

Bucket remoteBucket =
storage.get(bpoBucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION));
storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION));

assertTrue(remoteBucket.getIamConfiguration().isBucketPolicyOnlyEnabled());
assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime());

try {
remoteBucket.listAcls();
fail("StorageException was expected.");
Expand All @@ -2625,7 +2626,41 @@ public void testBucketWithBucketPolicyOnlyEnabled() throws Exception {
// Expected: Listing legacy ACLs should fail on a BPO enabled bucket
}
} finally {
RemoteStorageHelper.forceDelete(storage, bpoBucket, 1, TimeUnit.MINUTES);
RemoteStorageHelper.forceDelete(storage, bucket, 1, TimeUnit.MINUTES);
}
}

@Test
public void testBucketWithUniformBucketLevelAccessEnabled() throws Exception {
String bucket = RemoteStorageHelper.generateBucketName();
try {
storage.create(
Bucket.newBuilder(bucket)
.setIamConfiguration(
BucketInfo.IamConfiguration.newBuilder()
.setIsUniformBucketLevelAccessEnabled(true)
.build())
.build());

Bucket remoteBucket =
storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION));

assertTrue(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled());
assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime());
try {
remoteBucket.listAcls();
fail("StorageException was expected.");
} catch (StorageException e) {
// Expected: Listing legacy ACLs should fail on a BPO enabled bucket
}
try {
remoteBucket.listDefaultAcls();
fail("StorageException was expected");
} catch (StorageException e) {
// Expected: Listing legacy ACLs should fail on a BPO enabled bucket
}
} finally {
RemoteStorageHelper.forceDelete(storage, bucket, 1, TimeUnit.MINUTES);
}
}

Expand All @@ -2652,7 +2687,7 @@ public void testEnableAndDisableBucketPolicyOnlyOnExistingBucket() throws Except
assertTrue(remoteBucket.getIamConfiguration().isBucketPolicyOnlyEnabled());
assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime());

bucket
remoteBucket
.toBuilder()
.setIamConfiguration(
bpoEnabledIamConfiguration.toBuilder().setIsBucketPolicyOnlyEnabled(false).build())
Expand All @@ -2675,6 +2710,57 @@ public void testEnableAndDisableBucketPolicyOnlyOnExistingBucket() throws Except
}
}

@Test
public void testEnableAndDisableUniformBucketLevelAccessOnExistingBucket() throws Exception {
String bpoBucket = RemoteStorageHelper.generateBucketName();
try {
BucketInfo.IamConfiguration ublaDisabledIamConfiguration =
BucketInfo.IamConfiguration.newBuilder()
.setIsUniformBucketLevelAccessEnabled(false)
.build();
Bucket bucket =
storage.create(
Bucket.newBuilder(bpoBucket)
.setIamConfiguration(ublaDisabledIamConfiguration)
.setAcl(ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER)))
.setDefaultAcl(
ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER)))
.build());

bucket
.toBuilder()
.setIamConfiguration(
ublaDisabledIamConfiguration
.toBuilder()
.setIsUniformBucketLevelAccessEnabled(true)
.build())
.build()
.update();

Bucket remoteBucket =
storage.get(bpoBucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION));

assertTrue(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled());
assertNotNull(remoteBucket.getIamConfiguration().getUniformBucketLevelAccessLockedTime());

remoteBucket.toBuilder().setIamConfiguration(ublaDisabledIamConfiguration).build().update();

remoteBucket =
storage.get(
bpoBucket,
Storage.BucketGetOption.fields(
BucketField.IAMCONFIGURATION, BucketField.ACL, BucketField.DEFAULT_OBJECT_ACL));

assertFalse(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled());
assertEquals(User.ofAllAuthenticatedUsers(), remoteBucket.getDefaultAcl().get(0).getEntity());
assertEquals(Role.READER, remoteBucket.getDefaultAcl().get(0).getRole());
assertEquals(User.ofAllAuthenticatedUsers(), remoteBucket.getAcl().get(0).getEntity());
assertEquals(Role.READER, remoteBucket.getAcl().get(0).getRole());
} finally {
RemoteStorageHelper.forceDelete(storage, bpoBucket, 1, TimeUnit.MINUTES);
}
}

@Test
public void testUploadUsingSignedURL() throws Exception {
String blobName = "test-signed-url-upload";
Expand Down
Loading