test: GCP IAM policy APIs integ tests

iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/AbstractIamIT.java

@@ -0,0 +1,199 @@
+package com.salesforce.multicloudj.iam.client;
+
+import com.salesforce.multicloudj.common.util.common.TestsUtil;
+import com.salesforce.multicloudj.iam.driver.AbstractIam;
+import com.salesforce.multicloudj.iam.model.PolicyDocument;
+import com.salesforce.multicloudj.iam.model.Statement;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+
+import java.util.List;
+
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+public abstract class AbstractIamIT {
+	public interface Harness extends AutoCloseable {
+		AbstractIam createIamDriver(boolean useValidCredentials);
+
+		String getIdentityName();
+
+		String getTenantId();
+
+		String getRegion();
+
+		String getProviderId();
+
+		int getPort();
+
+		List<String> getWiremockExtensions();
+
+		String getIamEndpoint();
+
+		default String getPolicyVersion() {
+			return "";
+		}
+
+		String getTestPolicyEffect();
+
+		List<String> getTestPolicyActions();
+
+		String getTestPolicyName();
+	}
+
+	protected abstract Harness createHarness();
+
+	private Harness harness;
+
+	/**
+	 * Initializes the WireMock server before all tests.
+	 */
+	@BeforeAll
+	public void initializeWireMockServer() {
+		harness = createHarness();
+		TestsUtil.startWireMockServer(
+				"src/test/resources", harness.getPort(), harness.getWiremockExtensions().toArray(new String[0]));
+	}
+
+	/**
+	 * Shuts down the WireMock server after all tests.
+	 */
+	@AfterAll
+	public void shutdownWireMockServer() throws Exception {
+		TestsUtil.stopWireMockServer();
+		harness.close();
+	}
+
+	/**
+	 * Initialize the harness and
+	 */
+	@BeforeEach
+	public void setupTestEnvironment() {
+		TestsUtil.startWireMockRecording(harness.getIamEndpoint());
+	}
+
+	/**
+	 * Cleans up the test environment after each test.
+	 */
+	@AfterEach
+	public void cleanupTestEnvironment() {
+		TestsUtil.stopWireMockRecording();
+	}
+
+	@Test
+	public void testAttachInlinePolicy() {
+		AbstractIam iam = harness.createIamDriver(true);
+		IamClient iamClient = new IamClient(iam);
+
+		Statement.StatementBuilder statementBuilder = Statement.builder()
+				.effect(harness.getTestPolicyEffect());
+		for (String action : harness.getTestPolicyActions()) {
+			statementBuilder.action(action);
+		}
+
+		PolicyDocument policyDocument = PolicyDocument.builder()
+				.version(harness.getPolicyVersion())
+				.statement(statementBuilder.build())
+				.build();
+
+		iamClient.attachInlinePolicy(
+				policyDocument,
+				harness.getTenantId(),
+				harness.getRegion(),
+				harness.getIdentityName()
+		);
+	}
+
+	@Test
+	public void testGetInlinePolicyDetails() {
+		AbstractIam iam = harness.createIamDriver(true);
+		IamClient iamClient = new IamClient(iam);
+
+		PolicyDocument policyDocument = PolicyDocument.builder()
+				.version(harness.getPolicyVersion())
+				.statement(Statement.builder()
+						.effect(harness.getTestPolicyEffect())
+						.action(harness.getTestPolicyName())
+						.build())
+				.build();
+
+		iamClient.attachInlinePolicy(
+				policyDocument,
+				harness.getTenantId(),
+				harness.getRegion(),
+				harness.getIdentityName()
+		);
+
+		String policyDetails = iamClient.getInlinePolicyDetails(
+				harness.getIdentityName(),
+				harness.getTestPolicyName(),
+				harness.getTenantId(),
+				harness.getRegion()
+		);
+		Assertions.assertNotNull(policyDetails, "Policy details shouldn't be null");
+		Assertions.assertFalse(policyDetails.trim().isEmpty(), "Policy details shouldn't be empty");
+	}
+
+	@Test
+	public void testGetAttachedPolicies() {
+		AbstractIam iam = harness.createIamDriver(true);
+		IamClient iamClient = new IamClient(iam);
+
+		Statement.StatementBuilder statementBuilder = Statement.builder()
+				.effect(harness.getTestPolicyEffect());
+		for (String action : harness.getTestPolicyActions()) {
+			statementBuilder.action(action);
+		}
+
+		PolicyDocument policyDocument = PolicyDocument.builder()
+				.version(harness.getPolicyVersion())
+				.statement(statementBuilder.build())
+				.build();
+
+		iamClient.attachInlinePolicy(
+				policyDocument,
+				harness.getTenantId(),
+				harness.getRegion(),
+				harness.getIdentityName()
+		);
+
+		List<String> attachedPolicies = iamClient.getAttachedPolicies(
+				harness.getIdentityName(),
+				harness.getTenantId(),
+				harness.getRegion()
+		);
+		Assertions.assertNotNull(attachedPolicies, "Attached policies list shouldn't be null");
+		Assertions.assertFalse(attachedPolicies.isEmpty(), "Attached policies list shouldn't be empty");
+	}
+
+	@Test
+	public void testRemovePolicy() {
+		AbstractIam iam = harness.createIamDriver(true);
+		IamClient iamClient = new IamClient(iam);
+
+		PolicyDocument policyDocument = PolicyDocument.builder()
+				.version(harness.getPolicyVersion())
+				.statement(Statement.builder()
+						.effect(harness.getTestPolicyEffect())
+						.action(harness.getTestPolicyName())
+						.build())
+				.build();
+
+		iamClient.attachInlinePolicy(
+				policyDocument,
+				harness.getTenantId(),
+				harness.getRegion(),
+				harness.getIdentityName()
+		);
+
+		iamClient.removePolicy(
+				harness.getIdentityName(),
+				harness.getTestPolicyName(),
+				harness.getTenantId(),
+				harness.getRegion()
+		);
+	}
+}

iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamIT.java

@@ -0,0 +1,128 @@
+package com.salesforce.multicloudj.iam.gcp;
+
+import com.google.api.gax.core.FixedCredentialsProvider;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.cloud.iam.admin.v1.IAMClient;
+import com.google.cloud.iam.admin.v1.IAMSettings;
+import com.google.cloud.resourcemanager.v3.ProjectsClient;
+import com.google.cloud.resourcemanager.v3.ProjectsSettings;
+import com.salesforce.multicloudj.common.gcp.GcpConstants;
+import com.salesforce.multicloudj.common.gcp.util.MockGoogleCredentialsFactory;
+import com.salesforce.multicloudj.common.gcp.util.TestsUtilGcp;
+import com.salesforce.multicloudj.iam.client.AbstractIamIT;
+import com.salesforce.multicloudj.iam.driver.AbstractIam;
+import org.junit.jupiter.api.Assertions;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.concurrent.ThreadLocalRandom;
+
+public class GcpIamIT extends AbstractIamIT {
+	@Override
+	protected Harness createHarness() {
+		return new HarnessImpl();
+	}
+
+	public static class HarnessImpl implements AbstractIamIT.Harness {
+		ProjectsClient projectsClient;
+		IAMClient iamClient;
+		int port = ThreadLocalRandom.current().nextInt(1000, 10000);
+
+		@Override
+		public AbstractIam createIamDriver(boolean useValidCredentials) {
+			boolean isRecordingEnabled = System.getProperty("record") != null;
+			TransportChannelProvider channelProvider = TestsUtilGcp.getTransportChannelProvider(port);
+			ProjectsSettings.Builder projectsSettingsBuilder = ProjectsSettings.newBuilder()
+					.setTransportChannelProvider(channelProvider);
+			try {
+				if (isRecordingEnabled && useValidCredentials) {
+					projectsClient = ProjectsClient.create(projectsSettingsBuilder.build());
+					IAMSettings.Builder iamSettingsBuilder = IAMSettings.newBuilder();
+					iamClient = IAMClient.create(iamSettingsBuilder.build());
+					return new GcpIam.Builder()
+							.withProjectsClient(projectsClient)
+							.withIamClient(iamClient)
+							.build();
+				} else {
+					GoogleCredentials mockCreds = MockGoogleCredentialsFactory.createMockCredentials();
+					projectsSettingsBuilder.setCredentialsProvider(FixedCredentialsProvider.create(mockCreds));
+					projectsClient = ProjectsClient.create(projectsSettingsBuilder.build());
+					IAMSettings.Builder iamSettingsBuilder = IAMSettings.newBuilder()
+							.setCredentialsProvider(FixedCredentialsProvider.create(mockCreds));
+					iamClient = IAMClient.create(iamSettingsBuilder.build());
+					return new GcpIam.Builder()
+							.withProjectsClient(projectsClient)
+							.withIamClient(iamClient)
+							.build();
+				}
+			} catch (IOException e) {
+				Assertions.fail("Failed to create GCP clients", e);
+				return null;
+			}
+		}
+
+		@Override
+		public String getIdentityName() {
+			return "serviceAccount:[email protected]";
+		}
+
+		@Override
+		public String getTenantId() {
+			return "projects/substrate-sdk-gcp-poc1";
+		}
+
+		@Override
+		public String getRegion() {
+			return "us-west1";
+		}
+
+		@Override
+		public String getProviderId() {
+			return GcpConstants.PROVIDER_ID;
+		}
+
+		@Override
+		public int getPort() {
+			return port;
+		}
+
+		@Override
+		public List<String> getWiremockExtensions() {
+			return List.of("com.salesforce.multicloudj.iam.gcp.util.IamJsonResponseTransformer");
+		}
+
+		@Override
+		public String getIamEndpoint() {
+			return "https://cloudresourcemanager.googleapis.com";
+		}
+
+
+		@Override
+		public String getTestPolicyEffect() {
+			return "Allow";
+		}
+
+		@Override
+		public List<String> getTestPolicyActions() {
+			return List.of("roles/storage.objectViewer", "roles/storage.objectCreator");
+		}
+
+		@Override
+		public String getTestPolicyName() {
+			return "roles/storage.objectViewer";
+		}
+
+		@Override
+		public void close() {
+			if (projectsClient != null) {
+				projectsClient.close();
+			}
+			if (iamClient != null) {
+				iamClient.close();
+			}
+		}
+	}
+
+}
+