From 6de8bed03121a4870c99aa99f7c07356d71ffdbe Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Fri, 26 Jul 2019 11:39:44 -0700 Subject: [PATCH 1/8] Add support UniformBucketLevelAccess --- .../com/google/cloud/storage/BucketInfo.java | 94 ++++++++++------ .../cloud/storage/it/ITStorageTest.java | 101 ++++++++++++++++-- 2 files changed, 156 insertions(+), 39 deletions(-) diff --git a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java index 73ba7dc121ac..d3b06077d99b 100644 --- a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java +++ b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java @@ -101,13 +101,13 @@ public com.google.api.services.storage.model.Bucket apply(BucketInfo bucketInfo) /** * The Bucket's IAM Configuration. * - * @see Bucket Policy Only + * @see Uniform Bucket Level Access */ public static class IamConfiguration implements Serializable { private static final long serialVersionUID = -8671736104909424616L; - private Boolean isBucketPolicyOnlyEnabled; - private Long bucketPolicyOnlyLockedTime; + private Boolean isUniformBucketLevelAccessEnabled; + private Long uniformBucketLevelAccessLockedTime; @Override public boolean equals(Object o) { @@ -121,12 +121,12 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(isBucketPolicyOnlyEnabled, bucketPolicyOnlyLockedTime); + return Objects.hash(isUniformBucketLevelAccessEnabled, uniformBucketLevelAccessLockedTime); } private IamConfiguration(Builder builder) { - this.isBucketPolicyOnlyEnabled = builder.isBucketPolicyOnlyEnabled; - this.bucketPolicyOnlyLockedTime = builder.bucketPolicyOnlyLockedTime; + this.isUniformBucketLevelAccessEnabled = builder.isUniformBucketLevelAccessEnabled; + this.uniformBucketLevelAccessLockedTime = builder.uniformBucketLevelAccessLockedTime; } public static Builder newBuilder() { @@ -135,70 +135,104 @@ public static Builder newBuilder() { public Builder toBuilder() { Builder builder = new Builder(); - builder.isBucketPolicyOnlyEnabled = isBucketPolicyOnlyEnabled; - builder.bucketPolicyOnlyLockedTime = bucketPolicyOnlyLockedTime; + builder.isUniformBucketLevelAccessEnabled = isUniformBucketLevelAccessEnabled; + builder.uniformBucketLevelAccessLockedTime = uniformBucketLevelAccessLockedTime; return builder; } + /** + * Deprecated in favor of isUniformBucketLevelAccessEnabled(). + */ + @Deprecated public Boolean isBucketPolicyOnlyEnabled() { - return isBucketPolicyOnlyEnabled; + return isUniformBucketLevelAccessEnabled; } + /** + * Deprecated in favor of uniformBucketLevelAccessLockedTime(). + */ + @Deprecated public Long getBucketPolicyOnlyLockedTime() { - return bucketPolicyOnlyLockedTime; + return uniformBucketLevelAccessLockedTime; + } + + public Boolean isUniformBucketLevelAccessEnabled() { + return isUniformBucketLevelAccessEnabled; + } + + public Long getUniformBucketLevelAccessLockedTime() { + return uniformBucketLevelAccessLockedTime; } Bucket.IamConfiguration toPb() { Bucket.IamConfiguration iamConfiguration = new Bucket.IamConfiguration(); - Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly = - new Bucket.IamConfiguration.BucketPolicyOnly(); - bucketPolicyOnly.setEnabled(isBucketPolicyOnlyEnabled); - bucketPolicyOnly.setLockedTime( - bucketPolicyOnlyLockedTime == null ? null : new DateTime(bucketPolicyOnlyLockedTime)); + Bucket.IamConfiguration.UniformBucketLevelAccess uniformBucketLevelAccess = + new Bucket.IamConfiguration.UniformBucketLevelAccess(); + uniformBucketLevelAccess.setEnabled(isUniformBucketLevelAccessEnabled); + uniformBucketLevelAccess.setLockedTime( + uniformBucketLevelAccess == null ? null : new DateTime(uniformBucketLevelAccessLockedTime)); - iamConfiguration.setBucketPolicyOnly(bucketPolicyOnly); + iamConfiguration.setUniformBucketLevelAccess(uniformBucketLevelAccess); return iamConfiguration; } static IamConfiguration fromPb(Bucket.IamConfiguration iamConfiguration) { - Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly = - iamConfiguration.getBucketPolicyOnly(); - DateTime lockedTime = bucketPolicyOnly.getLockedTime(); + Bucket.IamConfiguration.UniformBucketLevelAccess uniformBucketLevelAccess = + iamConfiguration.getUniformBucketLevelAccess(); + DateTime lockedTime = uniformBucketLevelAccess.getLockedTime(); return newBuilder() - .setIsBucketPolicyOnlyEnabled(bucketPolicyOnly.getEnabled()) - .setBucketPolicyOnlyLockedTime(lockedTime == null ? null : lockedTime.getValue()) + .setIsUniformBucketLevelAccessEnabled(uniformBucketLevelAccess.getEnabled()) + .setUniformBucketLevelAccessLockedTime(lockedTime == null ? null : lockedTime.getValue()) .build(); } /** Builder for {@code IamConfiguration} */ public static class Builder { - private Boolean isBucketPolicyOnlyEnabled; - private Long bucketPolicyOnlyLockedTime; + private Boolean isUniformBucketLevelAccessEnabled; + private Long uniformBucketLevelAccessLockedTime; + + /** + * Deprecated in favor of setIsUniformBucketLevelAccessEnabled(). + */ + @Deprecated + public Builder setIsBucketPolicyOnlyEnabled(Boolean isBucketPolicyOnlyEnabled) { + this.isUniformBucketLevelAccessEnabled = isBucketPolicyOnlyEnabled; + return this; + } + + /** + * Deprecated in favor of setUniformBucketLevelAccessLockedTime(). + */ + @Deprecated + Builder setBucketPolicyOnlyLockedTime(Long bucketPolicyOnlyLockedTime) { + this.uniformBucketLevelAccessLockedTime = bucketPolicyOnlyLockedTime; + return this; + } /** - * Sets whether BucketPolicyOnly is enabled for this bucket. When this is enabled, access to + * Sets whether Uniform Bucket Level Access is enabled for this bucket. When this is enabled, access to * the bucket will be configured through IAM, and legacy ACL policies will not work. When this - * is first enabled, {@code bucketPolicyOnly.lockedTime} will be set by the API automatically. + * is first enabled, {@code uniformBucketLevelAccess.lockedTime} will be set by the API automatically. * This field can then be disabled until the time specified, after which it will become * immutable and calls to change it will fail. If this is enabled, calls to access legacy ACL * information will fail. */ - public Builder setIsBucketPolicyOnlyEnabled(Boolean isBucketPolicyOnlyEnabled) { - this.isBucketPolicyOnlyEnabled = isBucketPolicyOnlyEnabled; + public Builder setIsUniformBucketLevelAccessEnabled(Boolean isUniformBucketLevelAccessEnabled) { + this.isUniformBucketLevelAccessEnabled = isUniformBucketLevelAccessEnabled; return this; } /** - * Sets the deadline for switching {@code bucketPolicyOnly.enabled} back to false. After this + * Sets the deadline for switching {@code uniformBucketLevelAccess.enabled} back to false. After this * time passes, calls to do so will fail. This is package-private, since in general this field * should never be set by a user--it's automatically set by the backend when {@code enabled} * is set to true. */ - Builder setBucketPolicyOnlyLockedTime(Long bucketPolicyOnlyLockedTime) { - this.bucketPolicyOnlyLockedTime = bucketPolicyOnlyLockedTime; + Builder setUniformBucketLevelAccessLockedTime(Long uniformBucketLevelAccessLockedTime) { + this.uniformBucketLevelAccessLockedTime = uniformBucketLevelAccessLockedTime; return this; } diff --git a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 7c3c3e942c5a..91023d2fc72e 100644 --- a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2485,21 +2485,58 @@ public void testGetServiceAccount() { @Test public void testBucketWithBucketPolicyOnlyEnabled() throws Exception { - String bpoBucket = RemoteStorageHelper.generateBucketName(); + String bucket = RemoteStorageHelper.generateBucketName(); try { storage.create( - Bucket.newBuilder(bpoBucket) - .setIamConfiguration( - BucketInfo.IamConfiguration.newBuilder() - .setIsBucketPolicyOnlyEnabled(true) - .build()) - .build()); + Bucket.newBuilder(bucket) + .setIamConfiguration( + BucketInfo.IamConfiguration.newBuilder() + .setIsBucketPolicyOnlyEnabled(true) + .build()) + .build()); Bucket remoteBucket = - storage.get(bpoBucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); + storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); assertTrue(remoteBucket.getIamConfiguration().isBucketPolicyOnlyEnabled()); assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime()); + + try { + //remoteBucket.listAcls(); + fail("StorageException was expected."); + } catch (StorageException e) { + // Expected: Listing legacy ACLs should fail on a BPO enabled bucket + } + try { + remoteBucket.listDefaultAcls(); + fail("StorageException was expected"); + } catch (StorageException e) { + // Expected: Listing legacy ACLs should fail on a BPO enabled bucket + } + } catch (Exception e) { + fail(e.getMessage()); + } finally { + RemoteStorageHelper.forceDelete(storage, bucket, 1, TimeUnit.MINUTES); + } + } + + @Test + public void testBucketWithUniformBucketLevelAccessEnabled() throws Exception { + String bucket = RemoteStorageHelper.generateBucketName(); + try { + storage.create( + Bucket.newBuilder(bucket) + .setIamConfiguration( + BucketInfo.IamConfiguration.newBuilder() + .setIsUniformBucketLevelAccessEnabled(true) + .build()) + .build()); + + Bucket remoteBucket = + storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); + + assertTrue(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); + assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime()); try { remoteBucket.listAcls(); fail("StorageException was expected."); @@ -2513,7 +2550,7 @@ public void testBucketWithBucketPolicyOnlyEnabled() throws Exception { // Expected: Listing legacy ACLs should fail on a BPO enabled bucket } } finally { - RemoteStorageHelper.forceDelete(storage, bpoBucket, 1, TimeUnit.MINUTES); + RemoteStorageHelper.forceDelete(storage, bucket, 1, TimeUnit.MINUTES); } } @@ -2563,6 +2600,52 @@ public void testEnableAndDisableBucketPolicyOnlyOnExistingBucket() throws Except } } + @Test + public void testEnableAndDisableUniformBucketLevelAccessOnExistingBucket() throws Exception { + String bpoBucket = RemoteStorageHelper.generateBucketName(); + try { + BucketInfo.IamConfiguration ublaDisabledIamConfiguration = + BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build(); + Bucket bucket = + storage.create( + Bucket.newBuilder(bpoBucket) + .setIamConfiguration(ublaDisabledIamConfiguration) + .setAcl(ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER))) + .setDefaultAcl( + ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER))) + .build()); + + bucket + .toBuilder() + .setIamConfiguration( + ublaDisabledIamConfiguration.toBuilder().setIsUniformBucketLevelAccessEnabled(true).build()) + .build() + .update(); + + Bucket remoteBucket = + storage.get(bpoBucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); + + assertTrue(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); + assertNotNull(remoteBucket.getIamConfiguration().getUniformBucketLevelAccessLockedTime()); + + bucket.toBuilder().setIamConfiguration(ublaDisabledIamConfiguration).build().update(); + + remoteBucket = + storage.get( + bpoBucket, + Storage.BucketGetOption.fields( + BucketField.IAMCONFIGURATION, BucketField.ACL, BucketField.DEFAULT_OBJECT_ACL)); + + assertFalse(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); + assertEquals(User.ofAllAuthenticatedUsers(), remoteBucket.getDefaultAcl().get(0).getEntity()); + assertEquals(Role.READER, remoteBucket.getDefaultAcl().get(0).getRole()); + assertEquals(User.ofAllAuthenticatedUsers(), remoteBucket.getAcl().get(0).getEntity()); + assertEquals(Role.READER, remoteBucket.getAcl().get(0).getRole()); + } finally { + RemoteStorageHelper.forceDelete(storage, bpoBucket, 1, TimeUnit.MINUTES); + } + } + @Test public void testUploadUsingSignedURL() throws Exception { String blobName = "test-signed-url-upload"; From 6b585b34121dab64939593c5d6f8b9920877dea2 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Fri, 26 Jul 2019 13:00:15 -0700 Subject: [PATCH 2/8] Fix casing for ubla. --- .../src/main/java/com/google/cloud/storage/BucketInfo.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java index d3b06077d99b..66251188817b 100644 --- a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java +++ b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java @@ -101,7 +101,7 @@ public com.google.api.services.storage.model.Bucket apply(BucketInfo bucketInfo) /** * The Bucket's IAM Configuration. * - * @see Uniform Bucket Level Access + * @see uniform bucket-level access */ public static class IamConfiguration implements Serializable { private static final long serialVersionUID = -8671736104909424616L; @@ -213,7 +213,7 @@ Builder setBucketPolicyOnlyLockedTime(Long bucketPolicyOnlyLockedTime) { } /** - * Sets whether Uniform Bucket Level Access is enabled for this bucket. When this is enabled, access to + * Sets whether uiform bucket-level access is enabled for this bucket. When this is enabled, access to * the bucket will be configured through IAM, and legacy ACL policies will not work. When this * is first enabled, {@code uniformBucketLevelAccess.lockedTime} will be set by the API automatically. * This field can then be disabled until the time specified, after which it will become From 9c9ec214dc6f112358738123ba7a05dd8a8e2c66 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Fri, 26 Jul 2019 16:13:40 -0700 Subject: [PATCH 3/8] BPO -> UBLA samples --- .../storage/snippets/StorageSnippets.java | 40 +++++++++---------- .../storage/snippets/ITStorageSnippets.java | 18 ++++----- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java index 48b8ce6aebc8..539abc752447 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java @@ -1411,9 +1411,9 @@ public Blob releaseTemporaryHold(String bucketName, String blobName) throws Stor return blob; } - /** Example of how to enable Bucket Policy Only for a bucket */ - public Bucket enableBucketPolicyOnly(String bucketName) throws StorageException { - // [START storage_enable_bucket_policy_only] + /** Example of how to enable uniform bucket-level access for a bucket */ + public Bucket enableUniformBucketLevelAccess(String bucketName) throws StorageException { + // [START storage_enable_uniform_bucket_level_access] // Instantiate a Google Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); @@ -1421,19 +1421,19 @@ public Bucket enableBucketPolicyOnly(String bucketName) throws StorageException // String bucketName = "my-bucket"; BucketInfo.IamConfiguration iamConfiguration = - BucketInfo.IamConfiguration.newBuilder().setIsBucketPolicyOnlyEnabled(true).build(); + BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build(); Bucket bucket = storage.update( BucketInfo.newBuilder(bucketName).setIamConfiguration(iamConfiguration).build()); - System.out.println("Bucket Policy Only was enabled for " + bucketName); - // [END storage_enable_bucket_policy_only] + System.out.println("Uniform bucket-level access was enabled for " + bucketName); + // [END storage_enable_uniform_bucket_level_access] return bucket; } - /** Example of how to disable Bucket Policy Only for a bucket */ - public Bucket disableBucketPolicyOnly(String bucketName) throws StorageException { - // [START storage_disable_bucket_policy_only] + /** Example of how to disable uniform bucket-level access for a bucket */ + public Bucket disableUniformBucketLevelAccess(String bucketName) throws StorageException { + // [START storage_disable_uniform_bucket_level_access] // Instantiate a Google Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); @@ -1441,19 +1441,19 @@ public Bucket disableBucketPolicyOnly(String bucketName) throws StorageException // String bucketName = "my-bucket"; BucketInfo.IamConfiguration iamConfiguration = - BucketInfo.IamConfiguration.newBuilder().setIsBucketPolicyOnlyEnabled(false).build(); + BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build(); Bucket bucket = storage.update( BucketInfo.newBuilder(bucketName).setIamConfiguration(iamConfiguration).build()); - System.out.println("Bucket Policy Only was disabled for " + bucketName); - // [END storage_disable_bucket_policy_only] + System.out.println("Uniform bucket-level access was disabled for " + bucketName); + // [END storage_disable_uniform_bucket_level_access] return bucket; } - /** Example of how to get Bucket Policy Only metadata for a bucket */ - public Bucket getBucketPolicyOnly(String bucketName) throws StorageException { - // [START storage_get_bucket_policy_only] + /** Example of how to get uniform bucket-level access metadata for a bucket */ + public Bucket getUniformBucketLevelAccess(String bucketName) throws StorageException { + // [START storage_get_uniform_bucket_level_access] // Instantiate a Google Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); @@ -1463,16 +1463,16 @@ public Bucket getBucketPolicyOnly(String bucketName) throws StorageException { Bucket bucket = storage.get(bucketName, BucketGetOption.fields(BucketField.IAMCONFIGURATION)); BucketInfo.IamConfiguration iamConfiguration = bucket.getIamConfiguration(); - Boolean enabled = iamConfiguration.isBucketPolicyOnlyEnabled(); - Date lockedTime = new Date(iamConfiguration.getBucketPolicyOnlyLockedTime()); + Boolean enabled = iamConfiguration.isUniformBucketLevelAccessEnabled(); + Date lockedTime = new Date(iamConfiguration.getUniformBucketLevelAccessLockedTime()); if (enabled != null && enabled) { - System.out.println("Bucket Policy Only is enabled for " + bucketName); + System.out.println("Uniform bucket-level access is enabled for " + bucketName); System.out.println("Bucket will be locked on " + lockedTime); } else { - System.out.println("Bucket Policy Only is disabled for " + bucketName); + System.out.println("Uniform bucket-level access is disabled for " + bucketName); } - // [END storage_get_bucket_policy_only] + // [END storage_get_uniform_bucket_level_access] return bucket; } diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITStorageSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITStorageSnippets.java index 8fadb384def6..6b6513e05e6c 100644 --- a/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITStorageSnippets.java +++ b/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITStorageSnippets.java @@ -570,18 +570,18 @@ public void testLockRetentionPolicy() { } @Test - public void testBucketPolicyOnly() { + public void testUniformBucketLevelAccess() { String tempBucket = RemoteStorageHelper.generateBucketName(); Bucket bucket = storageSnippets.createBucket(tempBucket); assertNotNull(bucket); - bucket = storageSnippets.enableBucketPolicyOnly(tempBucket); - assertTrue(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled()); - assertNotNull(bucket.getIamConfiguration().getBucketPolicyOnlyLockedTime()); - bucket = storageSnippets.getBucketPolicyOnly(tempBucket); - assertTrue(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled()); - assertNotNull(bucket.getIamConfiguration().getBucketPolicyOnlyLockedTime()); - bucket = storageSnippets.disableBucketPolicyOnly(tempBucket); - assertFalse(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled()); + bucket = storageSnippets.enableUniformBucketLevelAccess(tempBucket); + assertTrue(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); + assertNotNull(bucket.getIamConfiguration().getUniformBucketLevelAccessLockedTime()); + bucket = storageSnippets.getUniformBucketLevelAccess(tempBucket); + assertTrue(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); + assertNotNull(bucket.getIamConfiguration().getUniformBucketLevelAccessLockedTime()); + bucket = storageSnippets.disableUniformBucketLevelAccess(tempBucket); + assertFalse(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); } @Test From 81994f0f15c1108f1d0d608c64480dee86ce30d1 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Fri, 26 Jul 2019 23:46:17 -0700 Subject: [PATCH 4/8] Add workaround until backend is fixed --- .../main/java/com/google/cloud/storage/BucketInfo.java | 9 ++++++++- .../java/com/google/cloud/storage/it/ITStorageTest.java | 4 +--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java index 66251188817b..2520dcafa9bf 100644 --- a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java +++ b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java @@ -171,7 +171,14 @@ Bucket.IamConfiguration toPb() { new Bucket.IamConfiguration.UniformBucketLevelAccess(); uniformBucketLevelAccess.setEnabled(isUniformBucketLevelAccessEnabled); uniformBucketLevelAccess.setLockedTime( - uniformBucketLevelAccess == null ? null : new DateTime(uniformBucketLevelAccessLockedTime)); + uniformBucketLevelAccessLockedTime == null ? null : new DateTime(uniformBucketLevelAccessLockedTime)); + + /** WORK AROUND */ + Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly = new Bucket.IamConfiguration.BucketPolicyOnly(); + bucketPolicyOnly.setEnabled(isUniformBucketLevelAccessEnabled); + bucketPolicyOnly.setLockedTime(uniformBucketLevelAccessLockedTime == null ? null : new DateTime(uniformBucketLevelAccessLockedTime)); + iamConfiguration.setBucketPolicyOnly(bucketPolicyOnly); + /** END OF WORKAROUND */ iamConfiguration.setUniformBucketLevelAccess(uniformBucketLevelAccess); diff --git a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 91023d2fc72e..865cc0f0431b 100644 --- a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2502,7 +2502,7 @@ public void testBucketWithBucketPolicyOnlyEnabled() throws Exception { assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime()); try { - //remoteBucket.listAcls(); + remoteBucket.listAcls(); fail("StorageException was expected."); } catch (StorageException e) { // Expected: Listing legacy ACLs should fail on a BPO enabled bucket @@ -2513,8 +2513,6 @@ public void testBucketWithBucketPolicyOnlyEnabled() throws Exception { } catch (StorageException e) { // Expected: Listing legacy ACLs should fail on a BPO enabled bucket } - } catch (Exception e) { - fail(e.getMessage()); } finally { RemoteStorageHelper.forceDelete(storage, bucket, 1, TimeUnit.MINUTES); } From 1bc4827e97eba01c215158070a5fc7f5a3411c6d Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Sat, 27 Jul 2019 01:24:35 -0700 Subject: [PATCH 5/8] Fix lint --- .../com/google/cloud/storage/BucketInfo.java | 55 ++++++++------- .../cloud/storage/it/ITStorageTest.java | 69 ++++++++++--------- 2 files changed, 64 insertions(+), 60 deletions(-) diff --git a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java index 2520dcafa9bf..e15c45a3fc9b 100644 --- a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java +++ b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java @@ -101,7 +101,8 @@ public com.google.api.services.storage.model.Bucket apply(BucketInfo bucketInfo) /** * The Bucket's IAM Configuration. * - * @see uniform bucket-level access + * @see uniform + * bucket-level access */ public static class IamConfiguration implements Serializable { private static final long serialVersionUID = -8671736104909424616L; @@ -140,17 +141,13 @@ public Builder toBuilder() { return builder; } - /** - * Deprecated in favor of isUniformBucketLevelAccessEnabled(). - */ + /** Deprecated in favor of isUniformBucketLevelAccessEnabled(). */ @Deprecated public Boolean isBucketPolicyOnlyEnabled() { return isUniformBucketLevelAccessEnabled; } - /** - * Deprecated in favor of uniformBucketLevelAccessLockedTime(). - */ + /** Deprecated in favor of uniformBucketLevelAccessLockedTime(). */ @Deprecated public Long getBucketPolicyOnlyLockedTime() { return uniformBucketLevelAccessLockedTime; @@ -171,15 +168,20 @@ Bucket.IamConfiguration toPb() { new Bucket.IamConfiguration.UniformBucketLevelAccess(); uniformBucketLevelAccess.setEnabled(isUniformBucketLevelAccessEnabled); uniformBucketLevelAccess.setLockedTime( - uniformBucketLevelAccessLockedTime == null ? null : new DateTime(uniformBucketLevelAccessLockedTime)); + uniformBucketLevelAccessLockedTime == null + ? null + : new DateTime(uniformBucketLevelAccessLockedTime)); /** WORK AROUND */ - Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly = new Bucket.IamConfiguration.BucketPolicyOnly(); + Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly = + new Bucket.IamConfiguration.BucketPolicyOnly(); bucketPolicyOnly.setEnabled(isUniformBucketLevelAccessEnabled); - bucketPolicyOnly.setLockedTime(uniformBucketLevelAccessLockedTime == null ? null : new DateTime(uniformBucketLevelAccessLockedTime)); + bucketPolicyOnly.setLockedTime( + uniformBucketLevelAccessLockedTime == null + ? null + : new DateTime(uniformBucketLevelAccessLockedTime)); iamConfiguration.setBucketPolicyOnly(bucketPolicyOnly); /** END OF WORKAROUND */ - iamConfiguration.setUniformBucketLevelAccess(uniformBucketLevelAccess); return iamConfiguration; @@ -201,18 +203,14 @@ public static class Builder { private Boolean isUniformBucketLevelAccessEnabled; private Long uniformBucketLevelAccessLockedTime; - /** - * Deprecated in favor of setIsUniformBucketLevelAccessEnabled(). - */ + /** Deprecated in favor of setIsUniformBucketLevelAccessEnabled(). */ @Deprecated public Builder setIsBucketPolicyOnlyEnabled(Boolean isBucketPolicyOnlyEnabled) { this.isUniformBucketLevelAccessEnabled = isBucketPolicyOnlyEnabled; return this; } - /** - * Deprecated in favor of setUniformBucketLevelAccessLockedTime(). - */ + /** Deprecated in favor of setUniformBucketLevelAccessLockedTime(). */ @Deprecated Builder setBucketPolicyOnlyLockedTime(Long bucketPolicyOnlyLockedTime) { this.uniformBucketLevelAccessLockedTime = bucketPolicyOnlyLockedTime; @@ -220,23 +218,24 @@ Builder setBucketPolicyOnlyLockedTime(Long bucketPolicyOnlyLockedTime) { } /** - * Sets whether uiform bucket-level access is enabled for this bucket. When this is enabled, access to - * the bucket will be configured through IAM, and legacy ACL policies will not work. When this - * is first enabled, {@code uniformBucketLevelAccess.lockedTime} will be set by the API automatically. - * This field can then be disabled until the time specified, after which it will become - * immutable and calls to change it will fail. If this is enabled, calls to access legacy ACL - * information will fail. + * Sets whether uiform bucket-level access is enabled for this bucket. When this is enabled, + * access to the bucket will be configured through IAM, and legacy ACL policies will not work. + * When this is first enabled, {@code uniformBucketLevelAccess.lockedTime} will be set by the + * API automatically. This field can then be disabled until the time specified, after which it + * will become immutable and calls to change it will fail. If this is enabled, calls to access + * legacy ACL information will fail. */ - public Builder setIsUniformBucketLevelAccessEnabled(Boolean isUniformBucketLevelAccessEnabled) { + public Builder setIsUniformBucketLevelAccessEnabled( + Boolean isUniformBucketLevelAccessEnabled) { this.isUniformBucketLevelAccessEnabled = isUniformBucketLevelAccessEnabled; return this; } /** - * Sets the deadline for switching {@code uniformBucketLevelAccess.enabled} back to false. After this - * time passes, calls to do so will fail. This is package-private, since in general this field - * should never be set by a user--it's automatically set by the backend when {@code enabled} - * is set to true. + * Sets the deadline for switching {@code uniformBucketLevelAccess.enabled} back to false. + * After this time passes, calls to do so will fail. This is package-private, since in general + * this field should never be set by a user--it's automatically set by the backend when {@code + * enabled} is set to true. */ Builder setUniformBucketLevelAccessLockedTime(Long uniformBucketLevelAccessLockedTime) { this.uniformBucketLevelAccessLockedTime = uniformBucketLevelAccessLockedTime; diff --git a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java index 865cc0f0431b..53dbb4478d02 100644 --- a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java +++ b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java @@ -2488,15 +2488,15 @@ public void testBucketWithBucketPolicyOnlyEnabled() throws Exception { String bucket = RemoteStorageHelper.generateBucketName(); try { storage.create( - Bucket.newBuilder(bucket) - .setIamConfiguration( - BucketInfo.IamConfiguration.newBuilder() - .setIsBucketPolicyOnlyEnabled(true) - .build()) - .build()); + Bucket.newBuilder(bucket) + .setIamConfiguration( + BucketInfo.IamConfiguration.newBuilder() + .setIsBucketPolicyOnlyEnabled(true) + .build()) + .build()); Bucket remoteBucket = - storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); + storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); assertTrue(remoteBucket.getIamConfiguration().isBucketPolicyOnlyEnabled()); assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime()); @@ -2523,15 +2523,15 @@ public void testBucketWithUniformBucketLevelAccessEnabled() throws Exception { String bucket = RemoteStorageHelper.generateBucketName(); try { storage.create( - Bucket.newBuilder(bucket) - .setIamConfiguration( - BucketInfo.IamConfiguration.newBuilder() - .setIsUniformBucketLevelAccessEnabled(true) - .build()) - .build()); + Bucket.newBuilder(bucket) + .setIamConfiguration( + BucketInfo.IamConfiguration.newBuilder() + .setIsUniformBucketLevelAccessEnabled(true) + .build()) + .build()); Bucket remoteBucket = - storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); + storage.get(bucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); assertTrue(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); assertNotNull(remoteBucket.getIamConfiguration().getBucketPolicyOnlyLockedTime()); @@ -2603,25 +2603,30 @@ public void testEnableAndDisableUniformBucketLevelAccessOnExistingBucket() throw String bpoBucket = RemoteStorageHelper.generateBucketName(); try { BucketInfo.IamConfiguration ublaDisabledIamConfiguration = - BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build(); + BucketInfo.IamConfiguration.newBuilder() + .setIsUniformBucketLevelAccessEnabled(false) + .build(); Bucket bucket = - storage.create( - Bucket.newBuilder(bpoBucket) - .setIamConfiguration(ublaDisabledIamConfiguration) - .setAcl(ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER))) - .setDefaultAcl( - ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER))) - .build()); + storage.create( + Bucket.newBuilder(bpoBucket) + .setIamConfiguration(ublaDisabledIamConfiguration) + .setAcl(ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER))) + .setDefaultAcl( + ImmutableList.of(Acl.of(User.ofAllAuthenticatedUsers(), Role.READER))) + .build()); bucket - .toBuilder() - .setIamConfiguration( - ublaDisabledIamConfiguration.toBuilder().setIsUniformBucketLevelAccessEnabled(true).build()) - .build() - .update(); + .toBuilder() + .setIamConfiguration( + ublaDisabledIamConfiguration + .toBuilder() + .setIsUniformBucketLevelAccessEnabled(true) + .build()) + .build() + .update(); Bucket remoteBucket = - storage.get(bpoBucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); + storage.get(bpoBucket, Storage.BucketGetOption.fields(BucketField.IAMCONFIGURATION)); assertTrue(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); assertNotNull(remoteBucket.getIamConfiguration().getUniformBucketLevelAccessLockedTime()); @@ -2629,10 +2634,10 @@ public void testEnableAndDisableUniformBucketLevelAccessOnExistingBucket() throw bucket.toBuilder().setIamConfiguration(ublaDisabledIamConfiguration).build().update(); remoteBucket = - storage.get( - bpoBucket, - Storage.BucketGetOption.fields( - BucketField.IAMCONFIGURATION, BucketField.ACL, BucketField.DEFAULT_OBJECT_ACL)); + storage.get( + bpoBucket, + Storage.BucketGetOption.fields( + BucketField.IAMCONFIGURATION, BucketField.ACL, BucketField.DEFAULT_OBJECT_ACL)); assertFalse(remoteBucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()); assertEquals(User.ofAllAuthenticatedUsers(), remoteBucket.getDefaultAcl().get(0).getEntity()); From 34e0b8bae67909b1bf808f91a4bb21c514869961 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Sat, 27 Jul 2019 01:40:58 -0700 Subject: [PATCH 6/8] Fix lint issues in snippets --- .../cloud/examples/storage/snippets/StorageSnippets.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java index 539abc752447..4cfaf6234792 100644 --- a/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java +++ b/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java @@ -1441,7 +1441,9 @@ public Bucket disableUniformBucketLevelAccess(String bucketName) throws StorageE // String bucketName = "my-bucket"; BucketInfo.IamConfiguration iamConfiguration = - BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build(); + BucketInfo.IamConfiguration.newBuilder() + .setIsUniformBucketLevelAccessEnabled(false) + .build(); Bucket bucket = storage.update( BucketInfo.newBuilder(bucketName).setIamConfiguration(iamConfiguration).build()); From 2e8c059b458147d5d36e6719f0654baeb81325a2 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Sun, 28 Jul 2019 23:42:45 -0700 Subject: [PATCH 7/8] Update bpo unit tests --- .../java/com/google/cloud/storage/BucketInfoTest.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java index 857da2b4ba9f..034d09c518c5 100644 --- a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java +++ b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java @@ -68,8 +68,8 @@ public class BucketInfoTest { private static final String INDEX_PAGE = "index.html"; private static final BucketInfo.IamConfiguration IAM_CONFIGURATION = BucketInfo.IamConfiguration.newBuilder() - .setIsBucketPolicyOnlyEnabled(true) - .setBucketPolicyOnlyLockedTime(System.currentTimeMillis()) + .setIsUniformBucketLevelAccessEnabled(true) + .setUniformBucketLevelAccessLockedTime(System.currentTimeMillis()) .build(); private static final String NOT_FOUND_PAGE = "error.html"; private static final String LOCATION = "ASIA"; @@ -264,12 +264,14 @@ public void testLifecycleRules() { public void testIamConfiguration() { Bucket.IamConfiguration iamConfiguration = BucketInfo.IamConfiguration.newBuilder() - .setIsBucketPolicyOnlyEnabled(true) - .setBucketPolicyOnlyLockedTime(System.currentTimeMillis()) + .setIsUniformBucketLevelAccessEnabled(true) + .setUniformBucketLevelAccessLockedTime(System.currentTimeMillis()) .build() .toPb(); assertEquals(Boolean.TRUE, iamConfiguration.getBucketPolicyOnly().getEnabled()); assertNotNull(iamConfiguration.getBucketPolicyOnly().getLockedTime()); + assertEquals(Boolean.TRUE, iamConfiguration.getUniformBucketLevelAccess().getEnabled()); + assertNotNull(iamConfiguration.getUniformBucketLevelAccess().getLockedTime()); } } From 8a6c2bfee2ec33948800f1b9a7684d316ea9c431 Mon Sep 17 00:00:00 2001 From: Frank Natividad Date: Sun, 28 Jul 2019 23:42:45 -0700 Subject: [PATCH 8/8] Update bpo unit tests --- .../main/java/com/google/cloud/storage/BucketInfo.java | 10 ---------- .../java/com/google/cloud/storage/BucketInfoTest.java | 10 ++++++---- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java index e15c45a3fc9b..96aa658928a5 100644 --- a/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java +++ b/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java @@ -172,16 +172,6 @@ Bucket.IamConfiguration toPb() { ? null : new DateTime(uniformBucketLevelAccessLockedTime)); - /** WORK AROUND */ - Bucket.IamConfiguration.BucketPolicyOnly bucketPolicyOnly = - new Bucket.IamConfiguration.BucketPolicyOnly(); - bucketPolicyOnly.setEnabled(isUniformBucketLevelAccessEnabled); - bucketPolicyOnly.setLockedTime( - uniformBucketLevelAccessLockedTime == null - ? null - : new DateTime(uniformBucketLevelAccessLockedTime)); - iamConfiguration.setBucketPolicyOnly(bucketPolicyOnly); - /** END OF WORKAROUND */ iamConfiguration.setUniformBucketLevelAccess(uniformBucketLevelAccess); return iamConfiguration; diff --git a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java index 857da2b4ba9f..034d09c518c5 100644 --- a/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java +++ b/google-cloud-clients/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketInfoTest.java @@ -68,8 +68,8 @@ public class BucketInfoTest { private static final String INDEX_PAGE = "index.html"; private static final BucketInfo.IamConfiguration IAM_CONFIGURATION = BucketInfo.IamConfiguration.newBuilder() - .setIsBucketPolicyOnlyEnabled(true) - .setBucketPolicyOnlyLockedTime(System.currentTimeMillis()) + .setIsUniformBucketLevelAccessEnabled(true) + .setUniformBucketLevelAccessLockedTime(System.currentTimeMillis()) .build(); private static final String NOT_FOUND_PAGE = "error.html"; private static final String LOCATION = "ASIA"; @@ -264,12 +264,14 @@ public void testLifecycleRules() { public void testIamConfiguration() { Bucket.IamConfiguration iamConfiguration = BucketInfo.IamConfiguration.newBuilder() - .setIsBucketPolicyOnlyEnabled(true) - .setBucketPolicyOnlyLockedTime(System.currentTimeMillis()) + .setIsUniformBucketLevelAccessEnabled(true) + .setUniformBucketLevelAccessLockedTime(System.currentTimeMillis()) .build() .toPb(); assertEquals(Boolean.TRUE, iamConfiguration.getBucketPolicyOnly().getEnabled()); assertNotNull(iamConfiguration.getBucketPolicyOnly().getLockedTime()); + assertEquals(Boolean.TRUE, iamConfiguration.getUniformBucketLevelAccess().getEnabled()); + assertNotNull(iamConfiguration.getUniformBucketLevelAccess().getLockedTime()); } }