[Storage] Support Uniform Bucket Level Access #9021
Conversation
| :params uniform_bucket_level_locked_time: (optional) When the bucket's IAM-only policy was ehabled. This value should normally only be set by the back-end API. | ||
| :type bucket_policy_only_enabled: bool | ||
| :params bucket_policy_only_enabled: (optional) whether the IAM-only policy is enabled for the bucket. |
There was a problem hiding this comment.
Should bucket_policy_only_enabled and bucket_policy_only_locked_time be documented as deprecated?
| bucket_policy_only_enabled=False, | ||
| bucket_policy_only_locked_time=None, | ||
| uniform_bucket_level_access_enabled=False, | ||
| uniform_bucket_level_access_locked_time=None, |
There was a problem hiding this comment.
Ordering should match the order documented above. The constructor probably needs to check for / resolve conflicts between uniform_bucket_level_access_enabled / bucket_policy_only_enabled and uniform_bucket_level_access_locked_time / bucket_policy_only_locked_time first, which would simplify the code setting up data.
| :rtype: :class:`IAMConfiguration` | ||
| :returns: Instance created from resource. | ||
| """ | ||
|
|
| def bucket_policy_only_locked_time(self): | ||
| """Deadline for changing :attr:`bucket_policy_only_enabled` from true to false. | ||
| """Alias for uniform_bucket_level_access.""" | ||
| return self.uniform_bucket_level_access_locked_time() |
There was a problem hiding this comment.
Don't call the property, just return it, e.g.:
| return self.uniform_bucket_level_access_locked_time() | |
| return self.uniform_bucket_level_access_locked_time |
| self.assertFalse(config.bucket_policy_only_enabled) | ||
| self.assertIsNone(config.bucket_policy_only_locked_time) | ||
| self.assertFalse(config.uniform_bucket_level_access_enabled) | ||
| self.assertIsNone(config.uniform_bucket_level_access_locked_time) |
There was a problem hiding this comment.
We need to retain tests for the deprecated properties (which would have exposed the "can't call properties" bugs I noted above).
| self.assertFalse(config.bucket_policy_only_enabled) | ||
| self.assertIsNone(config.bucket_policy_only_locked_time) | ||
| self.assertFalse(config.uniform_bucket_level_access_enabled) | ||
| self.assertIsNone(config.uniform_bucket_level_access_locked_time) |
There was a problem hiding this comment.
We need to retain the assertions about the deprecated properties here.
Also, do we need a separate testcase for a resource which contains only an empty bucketPolicyOnly mapping? I.e., can we guarantee that the back-end won't return such a resource?
| self.assertFalse(config.bucket_policy_only_enabled) | ||
| self.assertIsNone(config.bucket_policy_only_locked_time) | ||
| self.assertFalse(config.uniform_bucket_level_access_enabled) | ||
| self.assertIsNone(config.uniform_bucket_level_access_locked_time) |
There was a problem hiding this comment.
Preserve the assertions about the deprecated properties here, too.
Also, do we need a separate testcase for a resource which contains only a populated bucketPolicyOnly mapping? I.e., can we guarantee that the back-end won't return such a resource?
| self.assertTrue(config.bucket_policy_only_enabled) | ||
| self.assertEqual(config.bucket_policy_only_locked_time, now) | ||
| self.assertTrue(config.uniform_bucket_level_access_enabled) | ||
| self.assertEqual(config.uniform_bucket_level_access_locked_time, now) |
There was a problem hiding this comment.
Preserve the assertions about the deprecated properties here, too.
Also, do we need a separate testcase for a resource which contains only a populated bucketPolicyOnly mapping? I.e., can we guarantee that the back-end won't return such a resource?
| self.assertEqual(config.uniform_bucket_level_access_locked_time, now) | ||
|
|
||
| def test_bucket_policy_only_enabled_setter(self): | ||
| def test_uniform_bucket_level_access_enabled_setter(self): |
There was a problem hiding this comment.
We need to preserve separate test cases for the deprecated properties' setters.
| config.uniform_bucket_level_access_enabled = True | ||
|
|
||
| self.assertTrue(config["bucketPolicyOnly"]["enabled"]) | ||
| self.assertTrue(config["uniformBucketLevelAccess"]["enabled"]) |
There was a problem hiding this comment.
Preserve the assertion about the deprecated prroperty here, too.
|
Hi @tseaver, thank you for reviewing. Moving forward with this, we actually need you to take over this PR, and I will review it. Can you update it with the changes you've suggested, as well as removing the workaround? (That should work now). I'm working on getting you access to the one-pager in case you need that |
|
Superseded by #9475. |
Storage feature request to support the rename of Bucket Policy Only to Uniform Bucket Level Access.