ci: fix IAM samples to avoid block on 'allUsers' (#529)

tseaver · web-flow · commit a26ae077ac9a · 2021-10-28T08:53:41.000+02:00
Closes #528.
diff --git a/packages/google-cloud-pubsub/samples/snippets/iam.py b/packages/google-cloud-pubsub/samples/snippets/iam.py
@@ -81,7 +81,7 @@ def set_topic_policy(project_id: str, topic_id: str) -> None:
     policy = client.get_iam_policy(request={"resource": topic_path})
 
     # Add all users as viewers.
-    policy.bindings.add(role="roles/pubsub.viewer", members=["allUsers"])
+    policy.bindings.add(role="roles/pubsub.viewer", members=["domain:google.com"])
 
     # Add a group as a publisher.
     policy.bindings.add(
@@ -110,7 +110,7 @@ def set_subscription_policy(project_id: str, subscription_id: str) -> None:
     policy = client.get_iam_policy(request={"resource": subscription_path})
 
     # Add all users as viewers.
-    policy.bindings.add(role="roles/pubsub.viewer", members=["allUsers"])
+    policy.bindings.add(role="roles/pubsub.viewer", members=["domain:google.com"])
 
     # Add a group as an editor.
     policy.bindings.add(role="roles/editor", members=["group:cloud-logs@google.com"])
diff --git a/packages/google-cloud-pubsub/samples/snippets/iam_test.py b/packages/google-cloud-pubsub/samples/snippets/iam_test.py
@@ -98,7 +98,7 @@ def test_set_topic_policy(
     iam.set_topic_policy(PROJECT_ID, TOPIC_ID)
     policy = publisher_client.get_iam_policy(request={"resource": topic_path})
     assert "roles/pubsub.publisher" in str(policy)
-    assert "allUsers" in str(policy)
+    assert "domain:google.com" in str(policy)
 
 
 def test_set_subscription_policy(
@@ -107,7 +107,7 @@ def test_set_subscription_policy(
     iam.set_subscription_policy(PROJECT_ID, SUBSCRIPTION_ID)
     policy = subscriber_client.get_iam_policy(request={"resource": subscription_path})
     assert "roles/pubsub.viewer" in str(policy)
-    assert "allUsers" in str(policy)
+    assert "domain:google.com" in str(policy)
 
 
 def test_check_topic_permissions(topic_path: str, capsys: CaptureFixture) -> None:
