fix: add preconditions and retry config support to ACL patch operationss (googleapis#586)

cojenco · cojenco · commit a644136dea2c · 2021-09-14T20:23:46.000-07:00
* add preconditions and retry config support to ACL patch operations

* update existing unit tests

* add unit tests

* add preconditions and retry config to bucket make public/private

* add preconditions and retry config to blob make public/private

* update docstrings

* add system tests acl with metegeneration match

* revise to use permitted group email
diff --git a/tests/system/test_blob.py b/tests/system/test_blob.py
@@ -373,6 +373,41 @@ def test_blob_acl_w_user_project(
     assert not acl.has_entity("allUsers")
 
 
+def test_blob_acl_w_metageneration_match(
+    shared_bucket, blobs_to_delete, file_data, service_account,
+):
+    wrong_metageneration_number = 9
+    wrong_generation_number = 6
+
+    blob = shared_bucket.blob("FilePatchACL")
+    info = file_data["simple"]
+    blob.upload_from_filename(info["path"])
+    blobs_to_delete.append(blob)
+
+    # Exercise blob ACL with metageneration/generation match
+    acl = blob.acl
+    blob.reload()
+
+    with pytest.raises(exceptions.PreconditionFailed):
+        acl.save_predefined(
+            "publicRead", if_metageneration_match=wrong_metageneration_number
+        )
+        assert "READER" not in acl.all().get_roles()
+
+    acl.save_predefined("publicRead", if_metageneration_match=blob.metageneration)
+    assert "READER" in acl.all().get_roles()
+
+    blob.reload()
+    del acl.entities["allUsers"]
+
+    with pytest.raises(exceptions.PreconditionFailed):
+        acl.save(if_generation_match=wrong_generation_number)
+        assert acl.has_entity("allUsers")
+
+    acl.save(if_generation_match=blob.generation)
+    assert not acl.has_entity("allUsers")
+
+
 def test_blob_acl_upload_predefined(
     shared_bucket, blobs_to_delete, file_data, service_account,
 ):
diff --git a/tests/system/test_bucket.py b/tests/system/test_bucket.py
@@ -246,6 +246,42 @@ def test_bucket_acls_iam_w_user_project(
     with_user_project.set_iam_policy(policy)
 
 
+def test_bucket_acls_w_metageneration_match(storage_client, buckets_to_delete):
+    wrong_metageneration_number = 9
+    bucket_name = _helpers.unique_name("acl-w-metageneration-match")
+    bucket = _helpers.retry_429_503(storage_client.create_bucket)(bucket_name)
+    buckets_to_delete.append(bucket)
+
+    # Exercise bucket ACL with metageneration match
+    acl = bucket.acl
+    acl.group("cloud-developer-relations@google.com").grant_read()
+    bucket.reload()
+
+    with pytest.raises(exceptions.PreconditionFailed):
+        acl.save(if_metageneration_match=wrong_metageneration_number)
+        assert (
+            "READER"
+            not in acl.group("cloud-developer-relations@google.com").get_roles()
+        )
+
+    acl.save(if_metageneration_match=bucket.metageneration)
+    assert "READER" in acl.group("cloud-developer-relations@google.com").get_roles()
+
+    # Exercise default object ACL w/ metageneration match
+    doa = bucket.default_object_acl
+    doa.group("cloud-developer-relations@google.com").grant_owner()
+    bucket.reload()
+
+    with pytest.raises(exceptions.PreconditionFailed):
+        doa.save(if_metageneration_match=wrong_metageneration_number)
+        assert (
+            "OWNER" not in doa.group("cloud-developer-relations@google.com").get_roles()
+        )
+
+    doa.save(if_metageneration_match=bucket.metageneration)
+    assert "OWNER" in doa.group("cloud-developer-relations@google.com").get_roles()
+
+
 def test_bucket_copy_blob(
     storage_client, buckets_to_delete, blobs_to_delete, user_project,
 ):
