iam: implement doCreateIdentity for GCP #142
Conversation
|
Thanks for the contribution! Unfortunately we can't verify the commit author(s): Sriram Guduri <s***@s***.i***.s***.com>. One possible solution is to add that email to your GitHub account. Alternatively you can change your commits to another email and force push the change. After getting your commits associated with your GitHub account, sign the Salesforce Inc. Contributor License Agreement and this Pull Request will be revalidated. |
SriramGuduri
force-pushed
the
W-20111589/iamCreateIdentityGCP
branch
2 times, most recently
from
10d3d06 to
022911e
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #142 +/- ##
============================================
- Coverage 83.25% 83.20% -0.06%
- Complexity 36 55 +19
============================================
Files 148 149 +1
Lines 7697 7811 +114
Branches 898 906 +8
============================================
+ Hits 6408 6499 +91
- Misses 856 876 +20
- Partials 433 436 +3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
SriramGuduri
force-pushed
the
W-20111589/iamCreateIdentityGCP
branch
from
022911e to
fa1d1dc
Compare
|
Thanks for the contribution! Before we can merge this, we need @SriramGuduri to sign the Salesforce Inc. Contributor License Agreement. |
SriramGuduri
force-pushed
the
W-20111589/iamCreateIdentityGCP
branch
from
fa1d1dc to
6285df8
Compare
| import java.util.Optional; | ||
| import java.util.stream.Collectors; | ||
|
|
||
| @SuppressWarnings("rawtypes") |
There was a problem hiding this comment.
I think we don't need this. Also noticed that in AbstractIAM, we don't need the generic type T
public abstract class AbstractIam<T extends AbstractIam<T>> implements Provider, Identity
It's un-used.
There was a problem hiding this comment.
Addressed this in the following commits.
|
|
||
| @SuppressWarnings("rawtypes") | ||
| @AutoService(AbstractIam.class) | ||
| public class GcpIam extends AbstractIam<GcpIam> { |
There was a problem hiding this comment.
so, this will be public class GcpIam extends AbstractIam
There was a problem hiding this comment.
Addressed this in the following commits.
| public GcpIam(Builder builder) { | ||
| super(builder); | ||
| try { | ||
| this.iamClient = IAMClient.create(); |
There was a problem hiding this comment.
we should get the client from the builder, not create it here.
There was a problem hiding this comment.
Good catch. Addressed this in the following commits.
| try { | ||
| policy = iamClient.getIamPolicy(getRequest); | ||
| } catch (ApiException e) { | ||
| // If policy doesn't exist, create a new one |
There was a problem hiding this comment.
but we have not idea why the exception occurred, maybe it was just 5xx. Let's try to narrow down
There was a problem hiding this comment.
thinking aloud, since we are creating new identity here, what are the scenarios where policy would and would not exists? should be a single scenario
There was a problem hiding this comment.
but we have not idea why the exception occurred, maybe it was just 5xx. Let's try to narrow down
- The Idea is if
getIamPolicygives a404 NOT FOUNDerror, create a new one. But yeahApiExceptioncould be anything from a 5xx to a 4xx. I'll narrow down the check to404http status.
thinking aloud, since we are creating new identity here, what are the scenarios where policy would and would not exists? should be a single scenario
- The scenario I can think of here was if identity already existing with a Policy attached to it.
But seems like GCP doesn't restrict Display Names to be unique. This might not be a valid scenario to start with. I'll validate this once I have the GCP access and course correct.
SriramGuduri
force-pushed
the
W-20111589/iamCreateIdentityGCP
branch
from
8f7a02b to
b8fcdf3
Compare
| public GcpIam(Builder builder, IAMClient iamClient) { | ||
| super(builder); | ||
| if (iamClient == null) { | ||
| throw new InvalidArgumentException("IAMClient cannot be null"); | ||
| } | ||
| this.iamClient = iamClient; | ||
| } |
There was a problem hiding this comment.
we don't need this constructor now since we are building the iamClient in the builder if not present.
There was a problem hiding this comment.
I'll address this in following commits.
| /** | ||
| * Integration tests for GcpIam. | ||
| * | ||
| * <p>This test class follows the conformance testing pattern used across the MultiCloudJ project. |
There was a problem hiding this comment.
this gen ai comments be modified or removed, it's implicit that it should follow the project patterns
There was a problem hiding this comment.
My bad :-P. I'll remove them.
| * natively support. Therefore: | ||
| * <ul> | ||
| * <li>Recording mode (-Drecord) works by connecting directly to real GCP APIs</li> | ||
| * <li>Replay mode is not yet implemented and will fail</li> |
There was a problem hiding this comment.
we should try the rest client until we have the grpc enabled and avoid skipping the tests.
grpc is supported by wiremock here https://github.com/wiremock/wiremock-grpc-extension
There was a problem hiding this comment.
I was facing issue with http json transport earlier. I had a sync up with Yamini on this. I'll address this in the following commits.
| // Replay path - inject mock credentials | ||
| // Note: Since WireMock doesn't support gRPC, replay mode is not yet implemented. |
There was a problem hiding this comment.
Acknowledged. I'll address this in the following commits.
| /** | ||
| * Indicates whether the provider supports creating identities. | ||
| * | ||
| * @return true if createIdentity is supported | ||
| */ | ||
| boolean supportsCreateIdentity(); | ||
|
|
||
| /** | ||
| * Indicates whether the provider supports creating identities with trust configuration. | ||
| * | ||
| * @return true if createIdentity with trust config is supported | ||
| */ | ||
| boolean supportsCreateIdentityWithTrustConfig(); | ||
|
|
||
| /** | ||
| * Indicates whether the provider supports getting identity details. | ||
| * | ||
| * @return true if getIdentity is supported | ||
| */ | ||
| boolean supportsGetIdentity(); | ||
|
|
||
| /** | ||
| * Indicates whether the provider supports deleting identities. | ||
| * | ||
| * @return true if deleteIdentity is supported | ||
| */ | ||
| boolean supportsDeleteIdentity(); | ||
|
|
||
| /** | ||
| * Indicates whether the provider supports attaching inline policies. | ||
| * | ||
| * @return true if attachInlinePolicy is supported | ||
| */ | ||
| boolean supportsAttachInlinePolicy(); | ||
|
|
||
| /** | ||
| * Indicates whether the provider supports getting inline policy details. | ||
| * | ||
| * @return true if getInlinePolicyDetails is supported | ||
| */ | ||
| boolean supportsGetInlinePolicyDetails(); | ||
|
|
||
| /** | ||
| * Indicates whether the provider supports listing attached policies. | ||
| * | ||
| * @return true if getAttachedPolicies is supported | ||
| */ | ||
| boolean supportsGetAttachedPolicies(); | ||
|
|
||
| /** | ||
| * Indicates whether the provider supports removing policies. | ||
| * | ||
| * @return true if removePolicy is supported | ||
| */ | ||
| boolean supportsRemovePolicy(); |
There was a problem hiding this comment.
let's not add this for each func here, instead the tests can be skipped with Assumptions inside the @test.
There was a problem hiding this comment.
Acknowledged. I'll address this in the following commits.
| public Builder withCredentials(GoogleCredentials credentials) { | ||
| this.credentials = credentials; | ||
| return self(); | ||
| } |
There was a problem hiding this comment.
how will this be used ? the user never supply the GoogleCredentials directly
There was a problem hiding this comment.
I was referring to one of the services that supplied credentials to the builder. I'll clean this up.
| * | ||
| * @return list of WireMock extension class names | ||
| */ | ||
| List<String> getWiremockExtensions(); |
There was a problem hiding this comment.
let's add when we need it. not only interfaces need to define this extensions
SriramGuduri
force-pushed
the
W-20111589/iamCreateIdentityGCP
branch
from
b8fcdf3 to
1de95fa
Compare
3 participants
Summary
< Provide a brief description of the changes in this PR >
Some conventions to follow
docstore:for document store module,blobstorefor Blob Store moduletest:perf: