google-cloud-bigtable 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a096cf8d1c1d26e38753da0ac165bdec3491bd821ce49da374b35362d5dc32a2
-  data.tar.gz: b7c9b2b6832514c1861f8cd9c6af2e73b1c4c7c2fa1ce3354ff7dd125c769dea
+  metadata.gz: 864b31028834907aa872f0f5aec7a31a682e419c286744c1cc3243072597e739
+  data.tar.gz: 543de2a38416692f95400157b4ca67520b5a6765bed60dd1237b3be405a10d2e
 SHA512:
-  metadata.gz: b40689f9ab7ef728fa6e156e2cd3c2aa8dbaa0e23adb957501ec2b016fc1dff0235485c2c95f2a9d2398bee9a070455fc36f55f2fcdd5cc4ebabb971c3155e66
-  data.tar.gz: 33383bc875ced164d0f32e230653c03b2786ffaa00f024145bfb3ee1e067412e60eedb28814a2571d904e1c3706bea34c3cbc9129b7063c7259050ccd38eb2bb
+  metadata.gz: a62102b9792b017c396477aa79435a29b1c495e2234c8a34c6040c74883c9aaa7f07cf9e945606a139e7f8d032f57663da235a8a6f3e8922eeaad72f5a582b46
+  data.tar.gz: 5d474fd9b72cb0d2474be964d1c0af670266f577af221d6ae76256c34f935ec239040b824e2eadd7e391ad09fde511406f210f0e007796cea69e163d244827f9

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Release History
 
+### 2.2.0 / 2020-11-11
+
+#### Features
+
+* Add Backup-level IAM Policy support
+  * Add Backup#policy
+  * Add Backup#update_policy
+  * Add Backup#test_iam_permissions
+
 ### 2.1.0 / 2020-09-17
 
 #### Features

data/lib/google/cloud/bigtable/backup.rb

@@ -18,6 +18,7 @@
 require "google/cloud/bigtable/backup/job"
 require "google/cloud/bigtable/backup/list"
 require "google/cloud/bigtable/convert"
+require "google/cloud/bigtable/policy"
 require "google/cloud/bigtable/table/restore_job"
 
 
@@ -206,6 +207,126 @@ module Google
           state == :READY
         end
 
+        ##
+        # Gets the [Cloud IAM](https://cloud.google.com/iam/) access control
+        # policy for the backup.
+        #
+        # @see https://cloud.google.com/bigtable/docs/access-control
+        #
+        # @yield [policy] A block for updating the policy. The latest policy
+        #   will be read from the Bigtable service and passed to the block. After
+        #   the block completes, the modified policy will be written to the
+        #   service.
+        # @yieldparam [Policy] policy the current Cloud IAM Policy for this
+        #   backup.
+        #
+        # @return [Policy] The current Cloud IAM Policy for the backup.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #   instance = bigtable.instance("my-instance")
+        #   cluster = instance.cluster("my-cluster")
+        #
+        #   backup = cluster.backup("my-backup")
+        #
+        #   policy = backup.policy
+        #
+        # @example Update the policy by passing a block.
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #   instance = bigtable.instance("my-instance")
+        #   cluster = instance.cluster("my-cluster")
+        #
+        #   backup = cluster.backup("my-backup")
+        #
+        #   backup.policy do |p|
+        #     p.add("roles/owner", "user:owner@example.com")
+        #   end # 2 API calls
+        #
+        def policy
+          ensure_service!
+          grpc = service.get_backup_policy instance_id, cluster_id, backup_id
+          policy = Policy.from_grpc grpc
+          return policy unless block_given?
+          yield policy
+          update_policy policy
+        end
+
+        ##
+        # Updates the [Cloud IAM](https://cloud.google.com/iam/) access control
+        # policy for the backup. The policy should be read from {#policy}.
+        # See {Google::Cloud::Bigtable::Policy} for an explanation of the policy
+        # `etag` property and how to modify policies.
+        #
+        # You can also update the policy by passing a block to {#policy}, which
+        # will call this method internally after the block completes.
+        #
+        # @param new_policy [Policy] a new or modified Cloud IAM Policy for this
+        #   backup
+        #
+        # @return [Policy] The policy returned by the API update operation.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #   instance = bigtable.instance("my-instance")
+        #   cluster = instance.cluster("my-cluster")
+        #
+        #   backup = cluster.backup("my-backup")
+        #
+        #   policy = backup.policy
+        #   policy.add("roles/owner", "user:owner@example.com")
+        #   updated_policy = backup.update_policy(policy)
+        #
+        #   puts updated_policy.roles
+        #
+        def update_policy new_policy
+          ensure_service!
+          grpc = service.set_backup_policy instance_id, cluster_id, backup_id, new_policy.to_grpc
+          Policy.from_grpc grpc
+        end
+        alias policy= update_policy
+
+        ##
+        # Tests the specified permissions against the [Cloud
+        # IAM](https://cloud.google.com/iam/) access control policy.
+        #
+        # @see https://cloud.google.com/iam/docs/managing-policies Managing Policies
+        # @see https://cloud.google.com/bigtable/docs/access-control Access Control
+        #
+        # @param permissions [String, Array<String>] permissions The set of permissions to
+        #   check access for. Permissions with wildcards (such as `*` or `bigtable.*`) are
+        #   not allowed.
+        #   See [Access Control](https://cloud.google.com/bigtable/docs/access-control).
+        #
+        # @return [Array<String>] The permissions that are configured for the policy.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #   instance = bigtable.instance("my-instance")
+        #   cluster = instance.cluster("my-cluster")
+        #
+        #   backup = cluster.backup("my-backup")
+        #
+        #   permissions = backup.test_iam_permissions(
+        #     "bigtable.backups.delete",
+        #     "bigtable.backups.get"
+        #   )
+        #   permissions.include? "bigtable.backups.delete" #=> false
+        #   permissions.include? "bigtable.backups.get" #=> true
+        #
+        def test_iam_permissions *permissions
+          ensure_service!
+          grpc = service.test_backup_permissions instance_id, cluster_id, backup_id, permissions.flatten
+          grpc.permissions.to_a
+        end
+
         ##
         # Creates a new table by restoring from a completed backup.
         #

data/lib/google/cloud/bigtable/service.rb

@@ -515,6 +515,47 @@ module Google
                                        ignore_warnings: ignore_warnings
         end
 
+        ##
+        # Gets the access control policy for an backup resource. Returns an empty
+        # policy if an backup exists but does not have a policy set.
+        #
+        # @return [Google::Iam::V1::Policy]
+        #
+        def get_backup_policy instance_id, cluster_id, backup_id
+          tables.get_iam_policy resource: backup_path(instance_id, cluster_id, backup_id)
+        end
+
+        ##
+        # Sets the access control policy on an backup resource. Replaces any
+        # existing policy.
+        #
+        # @param policy [Google::Iam::V1::Policy | Hash]
+        #   REQUIRED: The complete policy to be applied to the +resource+. The size of
+        #   the policy is limited to a few 10s of KB. An empty policy is valid
+        #   for Cloud Bigtable, but certain Cloud Platform services (such as Projects)
+        #   might reject an empty policy.
+        #   Alternatively, provide a hash similar to `Google::Iam::V1::Policy`.
+        # @return [Google::Iam::V1::Policy]
+        #
+        def set_backup_policy instance_id, cluster_id, backup_id, policy
+          tables.set_iam_policy resource: backup_path(instance_id, cluster_id, backup_id), policy: policy
+        end
+
+        ##
+        # Returns permissions that the caller has for the specified backup resource.
+        #
+        # @param permissions [Array<String>]
+        #   The set of permissions to check for the +resource+. Permissions with
+        #   wildcards (such as '*' or 'storage.*') are not allowed. For more
+        #   information see
+        #   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+        # @return [Google::Iam::V1::TestIamPermissionsResponse]
+        #
+        def test_backup_permissions instance_id, cluster_id, backup_id, permissions
+          tables.test_iam_permissions resource:    backup_path(instance_id, cluster_id, backup_id),
+                                      permissions: permissions
+        end
+
         ##
         # Gets the access control policy for an instance resource. Returns an empty
         # policy if an instance exists but does not have a policy set.

data/lib/google/cloud/bigtable/version.rb

@@ -16,7 +16,7 @@
 module Google
   module Cloud
     module Bigtable
-      VERSION = "2.1.0".freeze
+      VERSION = "2.2.0".freeze
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-bigtable
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-17 00:00:00.000000000 Z
+date: 2020-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-cloud-bigtable-admin-v2