fix(IAM Policy Management): fixed examples and integration tests

guicabr · guicabr · commit a5c3f7cca1df · 2021-02-11T18:18:27.000-06:00
diff --git a/examples/test_iam_policy_management_v1_examples.py b/examples/test_iam_policy_management_v1_examples.py
@@ -19,16 +19,39 @@
 
 import os
 import pytest
+import random
 from ibm_cloud_sdk_core import ApiException, read_external_sources
 from ibm_platform_services.iam_policy_management_v1 import *
 
+#
+# Below are examples on how to use IAM Policy Management service
+#
+# The following environment variables are assumed to be defined when running examples below:
+#
+# IAM_POLICY_MANAGEMENT_URL=https://iam.cloud.ibm.com
+# IAM_POLICY_MANAGEMENT_AUTH_TYPE=iam
+# IAM_POLICY_MANAGEMENT_AUTH_URL=https://iam.cloud.ibm.com/identity/token
+# IAM_POLICY_MANAGEMENT_APIKEY= <YOUR_APIKEY>
+# IAM_POLICY_MANAGEMENT_TEST_ACCOUNT_ID= <YOUR_ACCOUNT_ID>
+#
+# Alternatively, above environment variables can be placed in a "credentials" file and then:
+# export IBM_CREDENTIALS_FILE=<name of credentials file>
+#
+
 # Config file name
-config_file = 'iam_policy_management_v1.env'
+config_file = 'iam_policy_management.env'
 
 iam_policy_management_service = None
 
 config = None
 
+test_account_id = None
+test_policy_id = None
+test_policy_etag = None
+test_custom_role_id = None
+test_custom_role_etag = None
+test_user_id = "IBMid-SDKPython" + str(random.randint(0, 99999))
+test_service_name = "iam-groups"
 
 ##############################################################################
 # Start of Examples for Service: IamPolicyManagementV1
@@ -54,8 +77,9 @@ def setup_class(cls):
             assert iam_policy_management_service is not None
 
             # Load the configuration
-            global config
+            global config, test_account_id
             config = read_external_sources(IamPolicyManagementV1.DEFAULT_SERVICE_NAME)
+            test_account_id = config['TEST_ACCOUNT_ID']
 
         print('Setup complete.')
 
@@ -64,52 +88,61 @@ def setup_class(cls):
     )
 
     @needscredentials
-    def test_list_policies_example(self):
+    def test_create_policy_example(self):
         """
-        list_policies request example
+        create_policy request example
         """
         try:
-            # begin-list_policies
+            global test_policy_id
+            # begin-create_policy
 
-            policy_list = iam_policy_management_service.list_policies(
-                account_id='testString'
+            policy_subject = PolicySubject(
+                attributes=[SubjectAttribute(name='iam_id', value=test_user_id)])
+            policy_role = PolicyRole(
+                role_id='crn:v1:bluemix:public:iam::::role:Viewer')
+            resource_account_attribute = ResourceAttribute(
+                name='accountId', value=test_account_id)
+            resource_service_attribute = ResourceAttribute(
+                name='serviceName', value=test_service_name)
+            resource_tag = ResourceTag(name='project', value='prototype')
+            policy_resource = PolicyResource(
+                attributes=[resource_account_attribute,
+                            resource_service_attribute],
+                tags=[resource_tag])
+
+            policy = iam_policy_management_service.create_policy(
+                type='access',
+                subjects=[policy_subject],
+                roles=[policy_role],
+                resources=[policy_resource]
             ).get_result()
 
-            print(json.dumps(policy_list, indent=2))
+            print(policy)
 
-            # end-list_policies
+            # end-create_policy
+            test_policy_id = policy['id']
 
         except ApiException as e:
             pytest.fail(str(e))
 
     @needscredentials
-    def test_create_policy_example(self):
+    def test_get_policy_example(self):
         """
-        create_policy request example
+        get_policy request example
         """
         try:
-            # begin-create_policy
-
-            policy_subject_model = {
-            }
-
-            policy_role_model = {
-                'role_id': 'testString'
-            }
-
-            policy_resource_model = {
-            }
+            global test_policy_etag
+            # begin-get_policy
 
-            policy = iam_policy_management_service.create_policy(
-                type='testString',
-                subjects=[policy_subject_model],
-                roles=[policy_role_model],
-                resources=[policy_resource_model]
-            ).get_result()
+            response = iam_policy_management_service.get_policy(
+                policy_id=test_policy_id
+            )
+            policy = response.get_result()
 
-            print(json.dumps(policy, indent=2))
+            print(policy)
 
-            # end-create_policy
+            # end-get_policy
+            test_policy_etag = response.get_headers().get("Etag")
 
         except ApiException as e:
             pytest.fail(str(e))
@@ -122,64 +155,70 @@ def test_update_policy_example(self):
         try:
             # begin-update_policy
 
-            policy_subject_model = {
-            }
-
-            policy_role_model = {
-                'role_id': 'testString'
-            }
-
-            policy_resource_model = {
-            }
+            policy_subject = PolicySubject(
+                attributes=[SubjectAttribute(name='iam_id', value=test_user_id)])
+            updated_policy_role = PolicyRole(
+                role_id='crn:v1:bluemix:public:iam::::role:Editor')
+            resource_account_attribute = ResourceAttribute(
+                name='accountId', value=test_account_id)
+            resource_service_attribute = ResourceAttribute(
+                name='serviceName', value=test_service_name)
+            resource_tag = ResourceTag(name='project', value='prototype')
+            policy_resource = PolicyResource(
+                attributes=[resource_account_attribute,
+                            resource_service_attribute],
+                tags=[resource_tag])
 
             policy = iam_policy_management_service.update_policy(
-                policy_id='testString',
-                if_match='testString',
-                type='testString',
-                subjects=[policy_subject_model],
-                roles=[policy_role_model],
-                resources=[policy_resource_model]
+                type='access',
+                policy_id=test_policy_id,
+                if_match=test_policy_etag,
+                subjects=[policy_subject],
+                roles=[updated_policy_role],
+                resources=[policy_resource]
             ).get_result()
 
-            print(json.dumps(policy, indent=2))
+            print(policy)
 
             # end-update_policy
 
         except ApiException as e:
             pytest.fail(str(e))
 
     @needscredentials
-    def test_get_policy_example(self):
+    def test_list_policies_example(self):
         """
-        get_policy request example
+        list_policies request example
         """
         try:
-            # begin-get_policy
+            # begin-list_policies
 
-            policy = iam_policy_management_service.get_policy(
-                policy_id='testString'
+            policy_list = iam_policy_management_service.list_policies(
+                account_id=test_account_id, iam_id=test_user_id, format='include_last_permit'
             ).get_result()
 
-            print(json.dumps(policy, indent=2))
+            print(policy_list)
 
-            # end-get_policy
+            # end-list_policies
 
         except ApiException as e:
             pytest.fail(str(e))
 
     @needscredentials
-    def test_list_roles_example(self):
+    def test_delete_policy_example(self):
         """
-        list_roles request example
+        delete_policy request example
         """
         try:
-            # begin-list_roles
+            # begin-delete_policy
 
-            role_list = iam_policy_management_service.list_roles().get_result()
+            response = iam_policy_management_service.delete_policy(
+                policy_id=test_policy_id
+            )
 
-            print(json.dumps(role_list, indent=2))
+            print(response)
 
-            # end-list_roles
+            # end-delete_policy
 
         except ApiException as e:
             pytest.fail(str(e))
@@ -190,96 +229,103 @@ def test_create_role_example(self):
         create_role request example
         """
         try:
+            global test_custom_role_id
             # begin-create_role
 
             custom_role = iam_policy_management_service.create_role(
-                display_name='testString',
-                actions=['testString'],
-                name='testString',
-                account_id='testString',
-                service_name='testString'
+                display_name='IAM Groups read access',
+                actions=['iam-groups.groups.read'],
+                name='ExampleRoleIAMGroups',
+                account_id=test_account_id,
+                service_name=test_service_name
             ).get_result()
 
-            print(json.dumps(custom_role, indent=2))
+            print(custom_role)
 
             # end-create_role
+            test_custom_role_id = custom_role["id"]
 
         except ApiException as e:
             pytest.fail(str(e))
 
     @needscredentials
-    def test_update_role_example(self):
+    def test_get_role_example(self):
         """
-        update_role request example
+        get_role request example
         """
         try:
-            # begin-update_role
+            global test_custom_role_etag
+            # begin-get_role
 
-            custom_role = iam_policy_management_service.update_role(
-                role_id='testString',
-                if_match='testString',
-            ).get_result()
+            response = iam_policy_management_service.get_role(
+                role_id=test_custom_role_id
+            )
+            custom_role = response.get_result()
 
-            print(json.dumps(custom_role, indent=2))
+            print(custom_role)
 
-            # end-update_role
+            # end-get_role
+            test_custom_role_etag = response.get_headers().get("Etag")
 
         except ApiException as e:
             pytest.fail(str(e))
 
     @needscredentials
-    def test_get_role_example(self):
+    def test_update_role_example(self):
         """
-        get_role request example
+        update_role request example
         """
         try:
-            # begin-get_role
+            # begin-update_role
 
-            custom_role = iam_policy_management_service.get_role(
-                role_id='testString'
+            updated_role_actions = ['iam-groups.groups.read', 'iam-groups.groups.list']
+            custom_role = iam_policy_management_service.update_role(
+                role_id=test_custom_role_id,
+                if_match=test_custom_role_etag,
+                actions=updated_role_actions
             ).get_result()
 
-            print(json.dumps(custom_role, indent=2))
+            print(custom_role)
 
-            # end-get_role
+            # end-update_role
 
         except ApiException as e:
             pytest.fail(str(e))
 
     @needscredentials
-    def test_delete_role_example(self):
+    def test_list_roles_example(self):
         """
-        delete_role request example
+        list_roles request example
         """
         try:
-            # begin-delete_role
+            # begin-list_roles
 
-            response = iam_policy_management_service.delete_role(
-                role_id='testString'
+            role_list = iam_policy_management_service.list_roles(
+                account_id=test_account_id
             ).get_result()
 
-            print(json.dumps(response, indent=2))
+            print(role_list)
 
-            # end-delete_role
+            # end-list_roles
 
         except ApiException as e:
             pytest.fail(str(e))
 
     @needscredentials
-    def test_delete_policy_example(self):
+    def test_delete_role_example(self):
         """
-        delete_policy request example
+        delete_role request example
         """
         try:
-            # begin-delete_policy
+            # begin-delete_role
 
-            response = iam_policy_management_service.delete_policy(
-                policy_id='testString'
-            ).get_result()
+            response = iam_policy_management_service.delete_role(
+                role_id=test_custom_role_id
+            )
 
-            print(json.dumps(response, indent=2))
+            print(response)
 
-            # end-delete_policy
+            # end-delete_role
 
         except ApiException as e:
             pytest.fail(str(e))
diff --git a/test/integration/test_iam_policy_management_v1.py b/test/integration/test_iam_policy_management_v1.py
@@ -63,11 +63,13 @@ def setUpClass(cls):
         cls.testPolicySubject = PolicySubject(attributes=
             [SubjectAttribute(name='iam_id', value=cls.testUserId)])
         cls.testPolicyRole = PolicyRole(role_id=cls.testViewerRoleCrn)
+        resource_tag = ResourceTag(name='project', value='prototype',
+                                   operator='stringEquals')
         cls.testPolicyResources = PolicyResource(attributes=
             [ResourceAttribute(name='accountId', value=cls.testAccountId,
                 operator='stringEquals'),
             ResourceAttribute(name='serviceName', value=cls.testServiceName,
-                operator='stringEquals')])
+                operator='stringEquals')], tags=[resource_tag])
 
         cls.testCustomRoleId = ""
         cls.testCustomRoleETag = ""
