Skip to content

Commit 096b5f6

Browse files
tseavertseaver
committed
Merge pull request #1782 from tseaver/1687-1743-pubsub-iam_system_tests
Avoid get / set of IAM policy if current account doesn't have permission
2 parents 22634ab + 6c8b259 commit 096b5f6

1 file changed

Lines changed: 13 additions & 8 deletions

File tree

system_tests/pubsub.py

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,7 @@ def _maybe_emulator_skip(self):
180180
self.skipTest('IAM not supported by Pub/Sub emulator')
181181

182182
def test_topic_iam_policy(self):
183+
from gcloud.pubsub.iam import PUBSUB_TOPICS_GET_IAM_POLICY
183184
self._maybe_emulator_skip()
184185
topic_name = 'test-topic-iam-policy-topic' + unique_resource_id('-')
185186
topic = Config.CLIENT.topic(topic_name)
@@ -190,12 +191,14 @@ def test_topic_iam_policy(self):
190191
count -= 1
191192
self.assertTrue(topic.exists())
192193
self.to_delete.append(topic)
193-
policy = topic.get_iam_policy()
194-
policy.viewers.add(policy.user('jjg@google.com'))
195-
new_policy = topic.set_iam_policy(policy)
196-
self.assertEqual(new_policy.viewers, policy.viewers)
194+
if topic.check_iam_permissions([PUBSUB_TOPICS_GET_IAM_POLICY]):
195+
policy = topic.get_iam_policy()
196+
policy.viewers.add(policy.user('jjg@google.com'))
197+
new_policy = topic.set_iam_policy(policy)
198+
self.assertEqual(new_policy.viewers, policy.viewers)
197199

198200
def test_subscription_iam_policy(self):
201+
from gcloud.pubsub.iam import PUBSUB_SUBSCRIPTIONS_GET_IAM_POLICY
199202
self._maybe_emulator_skip()
200203
topic_name = 'test-sub-iam-policy-topic' + unique_resource_id('-')
201204
topic = Config.CLIENT.topic(topic_name)
@@ -215,10 +218,12 @@ def test_subscription_iam_policy(self):
215218
count -= 1
216219
self.assertTrue(subscription.exists())
217220
self.to_delete.insert(0, subscription)
218-
policy = subscription.get_iam_policy()
219-
policy.viewers.add(policy.user('jjg@google.com'))
220-
new_policy = subscription.set_iam_policy(policy)
221-
self.assertEqual(new_policy.viewers, policy.viewers)
221+
if subscription.check_iam_permissions(
222+
[PUBSUB_SUBSCRIPTIONS_GET_IAM_POLICY]):
223+
policy = subscription.get_iam_policy()
224+
policy.viewers.add(policy.user('jjg@google.com'))
225+
new_policy = subscription.set_iam_policy(policy)
226+
self.assertEqual(new_policy.viewers, policy.viewers)
222227

223228
def test_fetch_delete_subscription_w_deleted_topic(self):
224229
TO_DELETE = 'delete-me' + unique_resource_id('-')

0 commit comments

Comments
 (0)