fix: storage samples and tests (GoogleCloudPlatform#1082)

Author: bshaffer

.github/renovate.json renovate.json.github/renovate.json renamed to renovate.json

@@ -40,7 +40,7 @@
  *
  * @return void
  */
-function remove_bucket_conditional_iam_binding($bucketName, $role, $members, $title, $description, $expression)
+function remove_bucket_conditional_iam_binding($bucketName, $role, $title, $description, $expression)
 {
     $storage = new StorageClient();
     $bucket = $storage->bucket($bucketName);
@@ -51,11 +51,11 @@ function remove_bucket_conditional_iam_binding($bucketName, $role, $members, $ti
 
     $key_of_conditional_binding = null;
     foreach ($policy['bindings'] as $key => $binding) {
-        if ($binding['role'] == $role && $binding['condition'] != null) {
+        if ($binding['role'] == $role && isset($binding['condition'])) {
             $condition = $binding['condition'];
             if ($condition['title'] == $title
-                 && $condition['description'] == description
-                 && $condition['expression'] == expression) {
+                 && $condition['description'] == $description
+                 && $condition['expression'] == $expression) {
                 $key_of_conditional_binding = $key;
                 break;
             }
@@ -64,6 +64,9 @@ function remove_bucket_conditional_iam_binding($bucketName, $role, $members, $ti
 
     if ($key_of_conditional_binding != null) {
         unset($policy['bindings'][$key_of_conditional_binding]);
+        // Ensure array keys are sequential, otherwise JSON encodes
+        // the array as an object, which fails when calling the API.
+        $policy['bindings'] = array_values($policy['bindings']);
         $bucket->iam()->setPolicy($policy);
         print('Conditional Binding was removed.' . PHP_EOL);
     } else {

storage/src/remove_bucket_conditional_iam_binding.php

@@ -50,10 +50,18 @@ function remove_bucket_iam_member($bucketName, $role, $member)
             if ($key !== false) {
                 unset($binding['members'][$key]);
 
-                // If the last member is removed from the binding, clean up
-                // the binding.
+                // If the last member is removed from the binding, clean up the
+                // binding.
                 if (count($binding['members']) == 0) {
                     unset($policy['bindings'][$i]);
+                    // Ensure array keys are sequential, otherwise JSON encodes
+                    // the array as an object, which fails when calling the API.
+                    $policy['bindings'] = array_values($policy['bindings']);
+                } else {
+                    // Ensure array keys are sequential, otherwise JSON encodes
+                    // the array as an object, which fails when calling the API.
+                    $binding['members'] = array_values($binding['members']);
+                    $policy['bindings'][$i] = $binding;
                 }
 
                 $iam->setPolicy($policy);

storage/src/remove_bucket_iam_member.php

@@ -318,7 +318,7 @@
             if (!$expression) {
                 throw new InvalidArgumentException('Must provide expression as an option.');
             }
-            remove_bucket_conditional_iam_binding($bucket_name, $role, $title, $description, $expression);
+            remove_bucket_conditional_iam_binding($bucketName, $role, $title, $description, $expression);
         } else {
             view_bucket_iam_members($bucketName);
         }

storage/storage.php

@@ -34,17 +34,18 @@ class IamCommandTest extends TestCase
     protected static $storage;
     protected static $user;
     protected static $bucket;
+    private static $role = 'roles/storage.objectViewer';
     private static $commandFile = __DIR__ . '/../storage.php';
 
     public static function setUpBeforeClass()
     {
         self::$storage = new StorageClient();
         self::$user = self::requireEnv('GOOGLE_IAM_USER');
         self::$bucket = self::requireEnv('GOOGLE_STORAGE_BUCKET');
-        self::cleanUpIam();
+        self::setUpIam();
     }
 
-    private static function cleanUpIam()
+    private static function setUpIam()
     {
         $bucket = self::$storage->bucket(self::$bucket);
 
@@ -59,11 +60,10 @@ private static function cleanUpIam()
         $iam = $bucket->iam();
 
         $policy = $iam->policy(['requestedPolicyVersion' => 3]);
-        $roles = ['roles/storage.objectViewer', 'roles/storage.objectCreator'];
 
         foreach ($policy['bindings'] as $i => $binding) {
             if (
-                in_array($binding['role'], $roles) &&
+                $binding['role'] == self::$role &&
                 in_array(self::$user, $binding['members'])
             ) {
                 unset($policy['bindings'][$i]);
@@ -75,16 +75,15 @@ private static function cleanUpIam()
 
     public function testAddBucketIamMember()
     {
-        $role = 'roles/storage.objectViewer';
         $output = $this->runCommand('iam', [
             'bucket' => self::$bucket,
-            '--role' => $role,
+            '--role' => self::$role,
             '--add-member' => [self::$user],
         ]);
 
         $outputString = sprintf(
             'Added the following member(s) to role %s for bucket %s
-    %s', $role, self::$bucket, self::$user);
+    %s', self::$role, self::$bucket, self::$user);
 
         $this->assertStringContainsString($outputString, $output);
 
@@ -93,7 +92,7 @@ public function testAddBucketIamMember()
             'requestedPolicyVersion' => 3
         ]);
         foreach ($policy['bindings'] as $binding) {
-            if ($binding['role'] == $role) {
+            if ($binding['role'] == self::$role) {
                 $foundRoleMember = in_array(self::$user, $binding['members']);
                 break;
             }
@@ -103,14 +102,13 @@ public function testAddBucketIamMember()
 
     public function testAddBucketConditionalIamBinding()
     {
-        $role = 'roles/storage.objectCreator';
         $title = 'always true';
         $description = 'this condition is always true';
         $expression = '1 < 2';
 
         $output = $this->runCommand('iam', [
             'bucket' => self::$bucket,
-            '--role' => $role,
+            '--role' => self::$role,
             '--add-member' => [self::$user],
             '--title' => $title,
             '--description' => $description,
@@ -124,7 +122,7 @@ public function testAddBucketConditionalIamBinding()
     Title: %s
     Description: %s
     Expression: %s
-', $role, self::$bucket, self::$user, $title, $description, $expression);
+', self::$role, self::$bucket, self::$user, $title, $description, $expression);
 
         $this->assertEquals($outputString, $output);
 
@@ -133,14 +131,16 @@ public function testAddBucketConditionalIamBinding()
             'requestedPolicyVersion' => 3
         ]);
         foreach ($policy['bindings'] as $binding) {
-            if ($binding['role'] == $role) {
-                $foundBinding =
-                    in_array(self::$user, $binding['members']) &&
+            if ($binding['role'] == self::$role) {
+                if (in_array(self::$user, $binding['members']) &&
                     isset($binding['condition']) &&
                     $binding['condition']['title'] == $title &&
                     $binding['condition']['description'] == $description &&
-                    $binding['condition']['expression'] == $expression;
-                break;
+                    $binding['condition']['expression'] == $expression
+                ) {
+                    $foundBinding = true;
+                    break;
+                }
             }
         }
         $this->assertTrue($foundBinding);
@@ -168,7 +168,7 @@ public function testListIamMembers()
         $this->assertRegexp($binding, $output);
 
         $bindingWithCondition = sprintf(
-            'Role: roles/storage.objectCreator
+            'Role: roles/storage.objectViewer
 Members:
   %s
   with condition:
@@ -186,28 +186,30 @@ public function testListIamMembers()
      */
     public function testRemoveBucketIamMember()
     {
-        $role = 'roles/storage.objectViewer';
         $output = $this->runCommand('iam', [
             'bucket' => self::$bucket,
-            '--role' => 'roles/storage.objectViewer',
+            '--role' => self::$role,
             '--remove-member' => self::$user,
         ]);
 
-        $outputString = sprintf(
+        $expected = sprintf(
             'User %s removed from role %s for bucket %s',
             self::$user,
-            $role,
+            self::$role,
             self::$bucket
         );
 
-        $this->assertStringContainsString($outputString, $output);
+        $this->assertStringContainsString($expected, $output);
 
         $foundRoleMember = false;
         $policy = self::$storage->bucket(self::$bucket)->iam()->policy([
             'requestedPolicyVersion' => 3
         ]);
         foreach ($policy['bindings'] as $binding) {
-            if ($binding['role'] == $role) {
+            if (
+                $binding['role'] == self::$role
+                && empty($binding['condition'])
+            ) {
                 $foundRoleMember = in_array(self::$user, $binding['members']);
                 break;
             }
@@ -221,29 +223,32 @@ public function testRemoveBucketIamMember()
      */
     public function testRemoveBucketConditionalIamBinding()
     {
-        $role = 'roles/storage.objectViewer';
         $title = 'always true';
         $description = 'this condition is always true';
         $expression = '1 < 2';
         $output = $this->runCommand('iam', [
             'bucket' => self::$bucket,
-            '--role' => 'roles/storage.objectViewer',
+            '--role' => self::$role,
             '--remove-binding' => true,
             '--title' => $title,
             '--description' => $description,
             '--expression' => $expression
         ]);
 
-        $outputString = sprintf('Conditional Binding was removed.');
-
-        $this->assertStringContainsString($outputString, $output);
+        $this->assertStringContainsString(
+            'Conditional Binding was removed.',
+            $output
+        );
 
         $foundBinding = false;
         $policy = self::$storage->bucket(self::$bucket)->iam()->policy([
             'requestedPolicyVersion' => 3
         ]);
         foreach ($policy['bindings'] as $binding) {
-            if ($binding['role'] == $role && $binding['condition'] != null) {
+            if (
+                $binding['role'] == self::$role
+                && isset($binding['condition'])
+            ) {
                 $condition = $binding['condition'];
                 if ($condition['title'] == $title
                      && $condition['description'] == $description

storage/test/IamCommandTest.php

@@ -18,86 +18,74 @@
 namespace Google\Cloud\Samples\Storage\Tests;
 
 use Google\Cloud\Core\Exception\NotFoundException;
-use Google\Cloud\Samples\Storage\ObjectAclCommand;
 use Google\Cloud\Storage\StorageClient;
+use Google\Cloud\TestUtils\ExecuteCommandTrait;
 use Google\Cloud\TestUtils\TestTrait;
-use Symfony\Component\Console\Tester\CommandTester;
 use PHPUnit\Framework\TestCase;
 
 /**
  * Unit Tests for ObjectAclCommand.
  */
 class ObjectAclCommandTest extends TestCase
 {
-    use TestTrait;
+    use TestTrait, ExecuteCommandTrait;
 
-    protected $commandTester;
-    protected $storage;
+    private static $storage;
+    private static $bucketName;
+    private static $commandFile = __DIR__ . '/../storage.php';
 
-    public function setUp()
+    public static function setUpBeforeClass()
     {
-        $application = require __DIR__ . '/../storage.php';
-        $this->commandTester = new CommandTester($application->get('object-acl'));
-        $this->storage = new StorageClient();
+        self::$storage = new StorageClient();
+        self::$bucketName = sprintf(
+            '%s-legacy',
+            self::requireEnv('GOOGLE_STORAGE_BUCKET')
+        );
     }
 
     public function testObjectAcl()
     {
-        $bucketName = $this->requireEnv('GOOGLE_STORAGE_BUCKET');
         $objectName = $this->requireEnv('GOOGLE_STORAGE_OBJECT');
 
-        $this->commandTester->execute(
-            [
-                'bucket' => $bucketName,
-                'object' => $objectName,
-            ],
-            ['interactive' => false]
-        );
+        $output = $this->runCommand('object-acl', [
+            'bucket' => self::$bucketName,
+            'object' => $objectName,
+        ]);
 
-        $this->expectOutputRegex("/: OWNER/");
+        $this->assertContains(': OWNER', $output);
     }
 
     public function testManageObjectAcl()
     {
-        $bucketName = $this->requireEnv('GOOGLE_STORAGE_BUCKET');
         $objectName = $this->requireEnv('GOOGLE_STORAGE_OBJECT');
 
-        $bucket = $this->storage->bucket($bucketName);
+        $bucket = self::$storage->bucket(self::$bucketName);
         $object = $bucket->object($objectName);
         $acl = $object->acl();
 
-        $this->commandTester->execute(
-            [
-                'bucket' => $bucketName,
-                'object' => $objectName,
-                '--entity' => 'allAuthenticatedUsers',
-                '--create' => true,
-            ],
-            ['interactive' => false]
-        );
+        $output = $this->runCommand('object-acl', [
+            'bucket' => self::$bucketName,
+            'object' => $objectName,
+            '--entity' => 'allAuthenticatedUsers',
+            '--create' => true,
+        ]);
 
         $aclInfo = $acl->get(['entity' => 'allAuthenticatedUsers']);
         $this->assertArrayHasKey('role', $aclInfo);
         $this->assertEquals('READER', $aclInfo['role']);
 
-        $this->commandTester->execute(
-            [
-                'bucket' => $bucketName,
-                'object' => $objectName,
-                '--entity' => 'allAuthenticatedUsers',
-            ],
-            ['interactive' => false]
-        );
+        $output .= $this->runCommand('object-acl', [
+            'bucket' => self::$bucketName,
+            'object' => $objectName,
+            '--entity' => 'allAuthenticatedUsers',
+        ]);
 
-        $this->commandTester->execute(
-            [
-                'bucket' => $bucketName,
-                'object' => $objectName,
-                '--entity' => 'allAuthenticatedUsers',
-                '--delete' => true,
-            ],
-            ['interactive' => false]
-        );
+        $output .= $this->runCommand('object-acl', [
+            'bucket' => self::$bucketName,
+            'object' => $objectName,
+            '--entity' => 'allAuthenticatedUsers',
+            '--delete' => true,
+        ]);
 
         try {
             $acl->get(['entity' => 'allAuthenticatedUsers']);
@@ -106,13 +94,13 @@ public function testManageObjectAcl()
             $this->assertTrue(true);
         }
 
-        $objectUrl = sprintf('gs://%s/%s', $bucketName, $objectName);
+        $objectUrl = sprintf('gs://%s/%s', self::$bucketName, $objectName);
         $outputString = <<<EOF
 Added allAuthenticatedUsers (READER) to $objectUrl ACL
 allAuthenticatedUsers: READER
 Deleted allAuthenticatedUsers from $objectUrl ACL
 
 EOF;
-        $this->expectOutputString($outputString);
+        $this->assertEquals($output, $outputString);
     }
 }