Move cli/gcp to cli/internal/gcp

cli/internal/gcp/client/project_test.go

@@ -0,0 +1,177 @@
+package client
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	iampb "google.golang.org/genproto/googleapis/iam/v1"
+	"google.golang.org/protobuf/proto"
+)
+
+func TestAddIAMPolicyBindings(t *testing.T) {
+	someErr := errors.New("someErr")
+
+	testCases := map[string]struct {
+		projectsAPI stubProjectsAPI
+		input       AddIAMPolicyBindingInput
+		wantErr     bool
+	}{
+		"successful set without new bindings": {
+			input: AddIAMPolicyBindingInput{
+				Bindings: []PolicyBinding{},
+			},
+		},
+		"successful set with bindings": {
+			input: AddIAMPolicyBindingInput{
+				Bindings: []PolicyBinding{
+					{
+						ServiceAccount: "service-account",
+						Role:           "role",
+					},
+				},
+			},
+		},
+		"retrieving iam policy fails": {
+			projectsAPI: stubProjectsAPI{
+				getPolicyErr: someErr,
+			},
+			wantErr: true,
+		},
+		"setting iam policy fails": {
+			projectsAPI: stubProjectsAPI{
+				setPolicyErr: someErr,
+			},
+			wantErr: true,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+
+			ctx := context.Background()
+			client := Client{
+				project:     "project",
+				zone:        "zone",
+				name:        "name",
+				uid:         "uid",
+				projectsAPI: tc.projectsAPI,
+			}
+
+			err := client.addIAMPolicyBindings(ctx, tc.input)
+			if tc.wantErr {
+				assert.Error(err)
+			} else {
+				assert.NoError(err)
+			}
+		})
+	}
+}
+
+func TestAddIAMPolicy(t *testing.T) {
+	testCases := map[string]struct {
+		binding    PolicyBinding
+		policy     *iampb.Policy
+		wantErr    bool
+		wantPolicy *iampb.Policy
+	}{
+		"successful on empty policy": {
+			binding: PolicyBinding{
+				ServiceAccount: "service-account",
+				Role:           "role",
+			},
+			policy: &iampb.Policy{
+				Bindings: []*iampb.Binding{},
+			},
+			wantPolicy: &iampb.Policy{
+				Bindings: []*iampb.Binding{
+					{
+						Role:    "role",
+						Members: []string{"serviceAccount:service-account"},
+					},
+				},
+			},
+		},
+		"successful on existing policy with different role": {
+			binding: PolicyBinding{
+				ServiceAccount: "service-account",
+				Role:           "role",
+			},
+			policy: &iampb.Policy{
+				Bindings: []*iampb.Binding{
+					{
+						Role:    "other-role",
+						Members: []string{"other-member"},
+					},
+				},
+			},
+			wantPolicy: &iampb.Policy{
+				Bindings: []*iampb.Binding{
+					{
+						Role:    "other-role",
+						Members: []string{"other-member"},
+					},
+					{
+						Role:    "role",
+						Members: []string{"serviceAccount:service-account"},
+					},
+				},
+			},
+		},
+		"successful on existing policy with existing role": {
+			binding: PolicyBinding{
+				ServiceAccount: "service-account",
+				Role:           "role",
+			},
+			policy: &iampb.Policy{
+				Bindings: []*iampb.Binding{
+					{
+						Role:    "role",
+						Members: []string{"other-member"},
+					},
+				},
+			},
+			wantPolicy: &iampb.Policy{
+				Bindings: []*iampb.Binding{
+					{
+						Role:    "role",
+						Members: []string{"other-member", "serviceAccount:service-account"},
+					},
+				},
+			},
+		},
+		"already a member": {
+			binding: PolicyBinding{
+				ServiceAccount: "service-account",
+				Role:           "role",
+			},
+			policy: &iampb.Policy{
+				Bindings: []*iampb.Binding{
+					{
+						Role:    "role",
+						Members: []string{"serviceAccount:service-account"},
+					},
+				},
+			},
+			wantPolicy: &iampb.Policy{
+				Bindings: []*iampb.Binding{
+					{
+						Role:    "role",
+						Members: []string{"serviceAccount:service-account"},
+					},
+				},
+			},
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+
+			addIAMPolicy(tc.policy, tc.binding)
+			assert.True(proto.Equal(tc.wantPolicy, tc.policy))
+		})
+	}
+}