Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM policy should return an empty set of the bindings do not exist #3346

Closed
theacodes opened this issue May 1, 2017 · 4 comments
Closed

IAM policy should return an empty set of the bindings do not exist #3346

theacodes opened this issue May 1, 2017 · 4 comments
Assignees
@tseaver
Labels
api: core auth type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@theacodes
Copy link
Contributor

https://github.com/GoogleCloudPlatform/google-cloud-python/blob/bd9fdfba07fac63a91847628613928a569250c0f/core/google/cloud/iam.py#L71

Should return an empty set if no bindings are set for that role.
@theacodes theacodes added blocks-docs-samples api: core type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels May 1, 2017
@dhermes
Copy link
Contributor

dhermes commented May 1, 2017

Current behavior leads to KeyError, yes?

@theacodes
Copy link
Contributor Author

ya, I'd like to be able to do:

policy = something.get_iam_policy()
policy['roles/editor'].add('whatever')
something.set_iam_policy(policy)

and it'll work regardless of if any editors had been previously set.

@dhermes
Copy link
Contributor

dhermes commented May 1, 2017

@jonparrott ISTM like you want a collections.defaultdict(set)?

In #3325 a similar snippet was failing because policy.owners returned a frozenset. In the __getitem__ case, the raw binding will be returned, which we guarantee is a set. Is it a bad thing that the two different means of access produce different behavior?

@theacodes
Copy link
Contributor Author

Defaultdict is pretty much what I'm after, in terms of behavior.
I'm fine with the old/deprecated methods returning a frozenset.

@tseaver tseaver mentioned this issue May 16, 2017
Merged
@tseaver tseaver added the auth label May 16, 2017
@tseaver tseaver mentioned this issue Jun 26, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tseaver tseaver

Labels
api: core auth type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tseaver @theacodes @dhermes