google-cloud-bigtable 1.0.2 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d0176970ee72e39f0de396385bea3f8f41d46ba2016c81e6ce1cea93a1a7bf49
-  data.tar.gz: fb2cb6fed3a4fb130f5f5e4d9590daaea5ef5134d68d3fc3a09a3ffdf342851d
+  metadata.gz: d5a23f16f0330f474a569b573e9651402b1494e0d6549a93bd09a92e74276866
+  data.tar.gz: 2f876607d84147ef39875f8fd476ee278fc0d31bad9e70db70d752eac33bc4fb
 SHA512:
-  metadata.gz: ff1726e7db56ecd3d2d3b76ddc307ae3b8cc023a682fae5c9ef25bc3a13310d0f4541a7abd73aacc8174f1deb2415c910ba8383556e0c238cc0969a01e475748
-  data.tar.gz: 6d67330c76ddde34ddcd79a6fc875d3d4c2795e87152157f0d4c7836e9336683943ec5c89cf53ac9ea88b0bc4a8af74b8b07ce1b53ba63544d5521c052c829ad
+  metadata.gz: 8cceac32a50ad779a690fe989ba58c6723e876a0125045e9c380740e550781710a4b7c4c79b5954029d9b334dc43a87b29624cd09d1a769c0960fa0fc7e3027e
+  data.tar.gz: afdb9a5c2ef03fd8471cc6fa1746ba2aecd8e96618dd3049a035ee42f6c5fbbc9439367c299101c59edf20731847eb0444b5937c72711a18d1de8c534fdc2759

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Release History
 
+### 1.1.0 / 2020-02-10
+
+#### Features
+
+* Add Table-level IAM Policy support
+
 ### 1.0.2 / 2020-01-23
 
 #### Documentation

data/lib/google/cloud/bigtable/instance.rb

@@ -854,7 +854,7 @@ module Google
         #   policy.add("roles/owner", "user:owner@example.com")
         #   updated_policy = instance.update_policy(policy)
         #
-        #   puts update_policy.roles
+        #   puts updated_policy.roles
         #
         def update_policy new_policy
           ensure_service!
@@ -884,7 +884,7 @@ module Google
         #   * bigtable.tables.get
         #   * bigtable.tables.list
         #
-        # @return [Array<Strings>] The permissions that have access.
+        # @return [Array<String>] The permissions that are configured for the policy.
         #
         # @example
         #   require "google/cloud/bigtable"
@@ -902,11 +902,8 @@ module Google
         #
         def test_iam_permissions *permissions
           ensure_service!
-          grpc = service.test_instance_permissions(
-            instance_id,
-            Array(permissions).flatten
-          )
-          grpc.permissions
+          grpc = service.test_instance_permissions instance_id, permissions.flatten
+          grpc.permissions.to_a
         end
 
         # @private

data/lib/google/cloud/bigtable/policy.rb

@@ -19,7 +19,7 @@ module Google
       ##
       # # Policy
       #
-      # Represents a Cloud IAM Policy for Bigtable instance resources.
+      # Represents a Cloud IAM Policy for Bigtable resources.
       #
       # A common pattern for updating a resource's metadata, such as its policy,
       # is to read the current data from the service, update the data locally,

data/lib/google/cloud/bigtable/service.rb

@@ -640,6 +640,58 @@ module Google
           end
         end
 
+        ##
+        # Gets the access control policy for an table resource. Returns an empty
+        # policy if an table exists but does not have a policy set.
+        #
+        # @param table_id [String]
+        #   Unique ID of the table for which the policy is being requested.
+        # @return [Google::Iam::V1::Policy]
+        #
+        def get_table_policy instance_id, table_id
+          execute do
+            tables.get_iam_policy table_path(instance_id, table_id)
+          end
+        end
+
+        ##
+        # Sets the access control policy on an table resource. Replaces any
+        # existing policy.
+        #
+        # @param table_id [String]
+        #   Unique ID of the table the policy is for.
+        # @param policy [Google::Iam::V1::Policy | Hash]
+        #   REQUIRED: The complete policy to be applied to the +resource+. The size of
+        #   the policy is limited to a few 10s of KB. An empty policy is valid
+        #   for Cloud Bigtable, but certain Cloud Platform services (such as Projects)
+        #   might reject an empty policy.
+        #   Alternatively, provide a hash similar to `Google::Iam::V1::Policy`.
+        # @return [Google::Iam::V1::Policy]
+        #
+        def set_table_policy instance_id, table_id, policy
+          execute do
+            tables.set_iam_policy table_path(instance_id, table_id), policy
+          end
+        end
+
+        ##
+        # Returns permissions that the caller has for the specified table resource.
+        #
+        # @param table_id [String]
+        #   The table ID that the policy detail is being requested for.
+        # @param permissions [Array<String>]
+        #   The set of permissions to check for the +resource+. Permissions with
+        #   wildcards (such as '*' or 'storage.*') are not allowed. For more
+        #   information see
+        #   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+        # @return [Google::Iam::V1::TestIamPermissionsResponse]
+        #
+        def test_table_permissions instance_id, table_id, permissions
+          execute do
+            tables.test_iam_permissions table_path(instance_id, table_id), permissions
+          end
+        end
+
         def read_rows instance_id, table_id, app_profile_id: nil, rows: nil, filter: nil, rows_limit: nil
           # execute is not used because error handling is in ReadOperations#read_rows
           client.read_rows table_path(instance_id, table_id),

data/lib/google/cloud/bigtable/table.rb

@@ -20,6 +20,7 @@ require "google/cloud/bigtable/table/cluster_state"
 require "google/cloud/bigtable/column_family_map"
 require "google/cloud/bigtable/gc_rule"
 require "google/cloud/bigtable/mutation_operations"
+require "google/cloud/bigtable/policy"
 require "google/cloud/bigtable/read_operations"
 
 module Google
@@ -239,6 +240,117 @@ module Google
           granularity == :MILLIS
         end
 
+        ##
+        # Gets the [Cloud IAM](https://cloud.google.com/iam/) access control
+        # policy for the table.
+        #
+        # @see https://cloud.google.com/bigtable/docs/access-control
+        #
+        # @yield [policy] A block for updating the policy. The latest policy
+        #   will be read from the Bigtable service and passed to the block. After
+        #   the block completes, the modified policy will be written to the
+        #   service.
+        # @yieldparam [Policy] policy the current Cloud IAM Policy for this
+        #   table.
+        #
+        # @return [Policy] The current Cloud IAM Policy for the table.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #   policy = table.policy
+        #
+        # @example Update the policy by passing a block.
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #
+        #   table.policy do |p|
+        #     p.add("roles/owner", "user:owner@example.com")
+        #   end # 2 API calls
+        #
+        def policy
+          ensure_service!
+          grpc = service.get_table_policy instance_id, name
+          policy = Policy.from_grpc grpc
+          return policy unless block_given?
+          yield policy
+          update_policy policy
+        end
+
+        ##
+        # Updates the [Cloud IAM](https://cloud.google.com/iam/) access control
+        # policy for the table. The policy should be read from {#policy}.
+        # See {Google::Cloud::Bigtable::Policy} for an explanation of the policy
+        # `etag` property and how to modify policies.
+        #
+        # You can also update the policy by passing a block to {#policy}, which
+        # will call this method internally after the block completes.
+        #
+        # @param new_policy [Policy] a new or modified Cloud IAM Policy for this
+        #   table
+        #
+        # @return [Policy] The policy returned by the API update operation.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #
+        #   policy = table.policy
+        #   policy.add("roles/owner", "user:owner@example.com")
+        #   updated_policy = table.update_policy(policy)
+        #
+        #   puts updated_policy.roles
+        #
+        def update_policy new_policy
+          ensure_service!
+          grpc = service.set_table_policy instance_id, name, new_policy.to_grpc
+          Policy.from_grpc grpc
+        end
+        alias policy= update_policy
+
+        ##
+        # Tests the specified permissions against the [Cloud
+        # IAM](https://cloud.google.com/iam/) access control policy.
+        #
+        # @see https://cloud.google.com/iam/docs/managing-policies Managing Policies
+        # @see https://cloud.google.com/bigtable/docs/access-control Access Control
+        #
+        # @param permissions [String, Array<String>] permissions The set of permissions to
+        #   check access for. Permissions with wildcards (such as `*` or
+        #   `bigtable.*`) are not allowed.
+        #   See [Access Control](https://cloud.google.com/bigtable/docs/access-control).
+        #
+        # @return [Array<String>] The permissions that are configured for the policy.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #
+        #   permissions = table.test_iam_permissions(
+        #     "bigtable.tables.delete",
+        #     "bigtable.tables.get"
+        #   )
+        #   permissions.include? "bigtable.tables.delete" #=> false
+        #   permissions.include? "bigtable.tables.get" #=> true
+        #
+        def test_iam_permissions *permissions
+          ensure_service!
+          grpc = service.test_table_permissions instance_id, name, permissions.flatten
+          grpc.permissions.to_a
+        end
+
         ##
         # Permanently deletes the table from a instance.
         #

data/lib/google/cloud/bigtable/version.rb

@@ -16,7 +16,7 @@
 module Google
   module Cloud
     module Bigtable
-      VERSION = "1.0.2".freeze
+      VERSION = "1.1.0".freeze
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-bigtable
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.1.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-23 00:00:00.000000000 Z
+date: 2020-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-cloud-core