> getConditionsAsStrings() {
+ return conditions.entrySet().stream()
+ .collect(Collectors.toMap(e -> e.getKey().getValue(), Map.Entry::getValue));
}
/** Custom builder for Statement to handle conditions. */
@@ -83,7 +109,7 @@ public static class StatementBuilder {
* @param value the condition value
* @return this builder
*/
- public StatementBuilder condition(String operator, String key, Object value) {
+ public StatementBuilder condition(ConditionOperator operator, String key, Object value) {
if (operator != null && key != null && value != null) {
if (this.conditions == null) {
this.conditions = new java.util.HashMap<>();
diff --git a/iam/iam-client/src/main/java/com/salesforce/multicloudj/iam/model/StorageActions.java b/iam/iam-client/src/main/java/com/salesforce/multicloudj/iam/model/StorageActions.java
new file mode 100644
index 000000000..b891e39e2
--- /dev/null
+++ b/iam/iam-client/src/main/java/com/salesforce/multicloudj/iam/model/StorageActions.java
@@ -0,0 +1,37 @@
+package com.salesforce.multicloudj.iam.model;
+
+/**
+ * Pre-defined storage service actions for IAM policies.
+ *
+ * These constants represent common storage operations that can be used in policy statements
+ * across AWS S3, GCP Cloud Storage, and other cloud providers.
+ */
+public final class StorageActions {
+ private StorageActions() {
+ // Prevent instantiation
+ }
+
+ /** Action to read objects from storage */
+ public static final Action GET_OBJECT = Action.of("storage:GetObject");
+
+ /** Action to write/upload objects to storage */
+ public static final Action PUT_OBJECT = Action.of("storage:PutObject");
+
+ /** Action to delete objects from storage */
+ public static final Action DELETE_OBJECT = Action.of("storage:DeleteObject");
+
+ /** Action to list objects in a bucket/container */
+ public static final Action LIST_BUCKET = Action.of("storage:ListBucket");
+
+ /** Action to get bucket location/metadata */
+ public static final Action GET_BUCKET_LOCATION = Action.of("storage:GetBucketLocation");
+
+ /** Action to create a new bucket/container */
+ public static final Action CREATE_BUCKET = Action.of("storage:CreateBucket");
+
+ /** Action to delete a bucket/container */
+ public static final Action DELETE_BUCKET = Action.of("storage:DeleteBucket");
+
+ /** Wildcard action representing all storage operations */
+ public static final Action ALL = Action.wildcard("storage");
+}
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/AbstractIamIT.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/AbstractIamIT.java
index fe8481795..5e1c05eb4 100644
--- a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/AbstractIamIT.java
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/AbstractIamIT.java
@@ -2,8 +2,10 @@
import com.salesforce.multicloudj.common.util.common.TestsUtil;
import com.salesforce.multicloudj.iam.driver.AbstractIam;
+import com.salesforce.multicloudj.iam.model.Action;
import com.salesforce.multicloudj.iam.model.AttachInlinePolicyRequest;
import com.salesforce.multicloudj.iam.model.CreateOptions;
+import com.salesforce.multicloudj.iam.model.Effect;
import com.salesforce.multicloudj.iam.model.GetAttachedPoliciesRequest;
import com.salesforce.multicloudj.iam.model.GetInlinePolicyDetailsRequest;
import com.salesforce.multicloudj.iam.model.PolicyDocument;
@@ -54,6 +56,10 @@ default String getPolicyVersion() {
String getTestPolicyName();
+ default String getTestAction() {
+ return "storage:GetObject";
+ }
+
/**
* Role name for getInlinePolicyDetails (and similar) when the API requires it. Unused for AWS
* (identity is used); required for GCP (e.g. "roles/storage.objectViewer").
@@ -114,13 +120,12 @@ public void cleanupTestEnvironment() throws Exception {
@Test
public void testAttachInlinePolicy() {
- Statement.StatementBuilder statementBuilder =
- Statement.builder().effect(harness.getTestPolicyEffect());
+ Statement.StatementBuilder statementBuilder = Statement.builder().effect(Effect.ALLOW);
if (StringUtils.isNotBlank(harness.getTestPolicyResource())) {
statementBuilder.resource(harness.getTestPolicyResource());
}
for (String action : harness.getTestPolicyActions()) {
- statementBuilder.action(action);
+ statementBuilder.action(Action.of(action));
}
PolicyDocument policyDocument =
@@ -141,19 +146,23 @@ public void testAttachInlinePolicy() {
@Test
public void testGetInlinePolicyDetails() {
- Statement.StatementBuilder statementBuilder =
- Statement.builder().effect(harness.getTestPolicyEffect());
+ Statement.StatementBuilder statementBuilder = Statement.builder().effect(Effect.ALLOW);
if (StringUtils.isNotBlank(harness.getTestPolicyResource())) {
statementBuilder.resource(harness.getTestPolicyResource());
}
for (String action : harness.getTestPolicyActions()) {
- statementBuilder.action(action);
+ statementBuilder.action(Action.of(action));
}
PolicyDocument policyDocument =
PolicyDocument.builder()
.name(harness.getTestPolicyName())
.version(harness.getPolicyVersion())
- .statement(statementBuilder.build())
+ .statement(
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(Action.of(harness.getTestAction()))
+ .resource(harness.getTestPolicyResource())
+ .build())
.build();
iamClient.attachInlinePolicy(
@@ -179,13 +188,12 @@ public void testGetInlinePolicyDetails() {
@Test
public void testGetAttachedPolicies() {
- Statement.StatementBuilder statementBuilder =
- Statement.builder().effect(harness.getTestPolicyEffect());
+ Statement.StatementBuilder statementBuilder = Statement.builder().effect(Effect.ALLOW);
if (StringUtils.isNotBlank(harness.getTestPolicyResource())) {
statementBuilder.resource(harness.getTestPolicyResource());
}
for (String action : harness.getTestPolicyActions()) {
- statementBuilder.action(action);
+ statementBuilder.action(Action.of(action));
}
PolicyDocument policyDocument =
@@ -217,19 +225,23 @@ public void testGetAttachedPolicies() {
@Test
public void testRemovePolicy() {
- Statement.StatementBuilder statementBuilder =
- Statement.builder().effect(harness.getTestPolicyEffect());
+ Statement.StatementBuilder statementBuilder = Statement.builder().effect(Effect.ALLOW);
if (StringUtils.isNotBlank(harness.getTestPolicyResource())) {
statementBuilder.resource(harness.getTestPolicyResource());
}
for (String action : harness.getTestPolicyActions()) {
- statementBuilder.action(action);
+ statementBuilder.action(Action.of(action));
}
PolicyDocument policyDocument =
PolicyDocument.builder()
.name(harness.getTestPolicyName())
.version(harness.getPolicyVersion())
- .statement(statementBuilder.build())
+ .statement(
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(Action.of(harness.getTestAction()))
+ .resource(harness.getTestPolicyResource())
+ .build())
.build();
iamClient.attachInlinePolicy(
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/IamClientTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/IamClientTest.java
index 1b943df57..0edf6232d 100644
--- a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/IamClientTest.java
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/client/IamClientTest.java
@@ -17,10 +17,12 @@
import com.salesforce.multicloudj.common.exceptions.UnAuthorizedException;
import com.salesforce.multicloudj.iam.driver.AbstractIam;
import com.salesforce.multicloudj.iam.model.AttachInlinePolicyRequest;
+import com.salesforce.multicloudj.iam.model.Effect;
import com.salesforce.multicloudj.iam.model.GetAttachedPoliciesRequest;
import com.salesforce.multicloudj.iam.model.GetInlinePolicyDetailsRequest;
import com.salesforce.multicloudj.iam.model.PolicyDocument;
import com.salesforce.multicloudj.iam.model.Statement;
+import com.salesforce.multicloudj.iam.model.StorageActions;
import com.salesforce.multicloudj.sts.model.CredentialsOverrider;
import java.net.URI;
import java.util.Arrays;
@@ -138,8 +140,8 @@ void testAttachInlinePolicy() {
.statement(
Statement.builder()
.sid("TestPolicy")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.build())
.build();
AttachInlinePolicyRequest request =
@@ -165,8 +167,8 @@ void testAttachInlinePolicyThrowsException() {
.statement(
Statement.builder()
.sid("TestPolicy")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.build())
.build();
AttachInlinePolicyRequest request =
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/driver/AbstractIamTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/driver/AbstractIamTest.java
index b4195eb94..a978e6149 100644
--- a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/driver/AbstractIamTest.java
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/driver/AbstractIamTest.java
@@ -16,7 +16,9 @@
import com.salesforce.multicloudj.common.exceptions.InvalidArgumentException;
import com.salesforce.multicloudj.iam.client.TestIam;
+import com.salesforce.multicloudj.iam.model.Action;
import com.salesforce.multicloudj.iam.model.AttachInlinePolicyRequest;
+import com.salesforce.multicloudj.iam.model.Effect;
import com.salesforce.multicloudj.iam.model.GetAttachedPoliciesRequest;
import com.salesforce.multicloudj.iam.model.GetInlinePolicyDetailsRequest;
import com.salesforce.multicloudj.iam.model.PolicyDocument;
@@ -274,7 +276,8 @@ void testValidationThrowsInvalidArgumentException() {
PolicyDocument policy =
PolicyDocument.builder()
.version("2012-10-17")
- .statement(Statement.builder().effect("Allow").action("s3:GetObject").build())
+ .statement(
+ Statement.builder().effect(Effect.ALLOW).action(Action.of("s3:GetObject")).build())
.build();
// createIdentity
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ActionTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ActionTest.java
new file mode 100644
index 000000000..587bcfa4b
--- /dev/null
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ActionTest.java
@@ -0,0 +1,89 @@
+package com.salesforce.multicloudj.iam.model;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import com.salesforce.multicloudj.common.exceptions.InvalidArgumentException;
+import org.junit.jupiter.api.Test;
+
+public class ActionTest {
+
+ @Test
+ public void testValidActionParsing() {
+ Action action = Action.of("storage:GetObject");
+ assertEquals("storage", action.getService());
+ assertEquals("GetObject", action.getOperation());
+ assertEquals("storage:GetObject", action.toActionString());
+ assertFalse(action.isWildcard());
+ }
+
+ @Test
+ public void testWildcardAction() {
+ Action action = Action.of("storage:*");
+ assertEquals("storage", action.getService());
+ assertEquals("*", action.getOperation());
+ assertEquals("storage:*", action.toActionString());
+ assertTrue(action.isWildcard());
+ }
+
+ @Test
+ public void testInvalidFormatNoColon() {
+ assertThrows(InvalidArgumentException.class, () -> Action.of("invalid"));
+ }
+
+ @Test
+ public void testInvalidFormatMultipleColons() {
+ assertThrows(InvalidArgumentException.class, () -> Action.of("too:many:parts"));
+ }
+
+ @Test
+ public void testInvalidFormatEmptyService() {
+ assertThrows(InvalidArgumentException.class, () -> Action.of(":GetObject"));
+ }
+
+ @Test
+ public void testInvalidFormatEmptyOperation() {
+ assertThrows(InvalidArgumentException.class, () -> Action.of("storage:"));
+ }
+
+ @Test
+ public void testNullAction() {
+ assertThrows(InvalidArgumentException.class, () -> Action.of(null));
+ }
+
+ @Test
+ public void testEmptyAction() {
+ assertThrows(InvalidArgumentException.class, () -> Action.of(""));
+ }
+
+ @Test
+ public void testWhitespaceAction() {
+ assertThrows(InvalidArgumentException.class, () -> Action.of(" "));
+ }
+
+ @Test
+ public void testActionWithWhitespace() {
+ Action action = Action.of(" storage : GetObject ");
+ assertEquals("storage", action.getService());
+ assertEquals("GetObject", action.getOperation());
+ }
+
+ @Test
+ public void testActionEquality() {
+ Action action1 = Action.of("storage:GetObject");
+ Action action2 = Action.of("storage:GetObject");
+ Action action3 = Action.of("storage:PutObject");
+
+ assertEquals(action1, action2);
+ assertEquals(action1.hashCode(), action2.hashCode());
+ assertFalse(action1.equals(action3));
+ }
+
+ @Test
+ public void testActionToString() {
+ Action action = Action.of("compute:CreateInstance");
+ assertEquals("compute:CreateInstance", action.toString());
+ }
+}
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ComputeActionsTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ComputeActionsTest.java
new file mode 100644
index 000000000..bf428b964
--- /dev/null
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ComputeActionsTest.java
@@ -0,0 +1,45 @@
+package com.salesforce.multicloudj.iam.model;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+
+public class ComputeActionsTest {
+
+ @Test
+ public void testCreateInstance() {
+ assertEquals("compute:CreateInstance", ComputeActions.CREATE_INSTANCE.toActionString());
+ }
+
+ @Test
+ public void testDeleteInstance() {
+ assertEquals("compute:DeleteInstance", ComputeActions.DELETE_INSTANCE.toActionString());
+ }
+
+ @Test
+ public void testStartInstance() {
+ assertEquals("compute:StartInstance", ComputeActions.START_INSTANCE.toActionString());
+ }
+
+ @Test
+ public void testStopInstance() {
+ assertEquals("compute:StopInstance", ComputeActions.STOP_INSTANCE.toActionString());
+ }
+
+ @Test
+ public void testDescribeInstances() {
+ assertEquals("compute:DescribeInstances", ComputeActions.DESCRIBE_INSTANCES.toActionString());
+ }
+
+ @Test
+ public void testGetInstance() {
+ assertEquals("compute:GetInstance", ComputeActions.GET_INSTANCE.toActionString());
+ }
+
+ @Test
+ public void testWildcard() {
+ assertEquals("compute:*", ComputeActions.ALL.toActionString());
+ assertTrue(ComputeActions.ALL.isWildcard());
+ }
+}
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ConditionOperatorTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ConditionOperatorTest.java
new file mode 100644
index 000000000..100f9f0f2
--- /dev/null
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/ConditionOperatorTest.java
@@ -0,0 +1,42 @@
+package com.salesforce.multicloudj.iam.model;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import org.junit.jupiter.api.Test;
+
+public class ConditionOperatorTest {
+
+ @Test
+ public void testStringOperators() {
+ assertEquals("stringEquals", ConditionOperator.STRING_EQUALS.getValue());
+ assertEquals("stringNotEquals", ConditionOperator.STRING_NOT_EQUALS.getValue());
+ assertEquals("stringLike", ConditionOperator.STRING_LIKE.getValue());
+ assertEquals("stringNotLike", ConditionOperator.STRING_NOT_LIKE.getValue());
+ }
+
+ @Test
+ public void testNumericOperators() {
+ assertEquals("numericEquals", ConditionOperator.NUMERIC_EQUALS.getValue());
+ assertEquals("numericLessThan", ConditionOperator.NUMERIC_LESS_THAN.getValue());
+ assertEquals("numericGreaterThan", ConditionOperator.NUMERIC_GREATER_THAN.getValue());
+ }
+
+ @Test
+ public void testDateOperators() {
+ assertEquals("dateEquals", ConditionOperator.DATE_EQUALS.getValue());
+ assertEquals("dateLessThan", ConditionOperator.DATE_LESS_THAN.getValue());
+ assertEquals("dateGreaterThan", ConditionOperator.DATE_GREATER_THAN.getValue());
+ }
+
+ @Test
+ public void testOtherOperators() {
+ assertEquals("bool", ConditionOperator.BOOL.getValue());
+ assertEquals("ipAddress", ConditionOperator.IP_ADDRESS.getValue());
+ assertEquals("notIpAddress", ConditionOperator.NOT_IP_ADDRESS.getValue());
+ }
+
+ @Test
+ public void testToString() {
+ assertEquals("stringEquals", ConditionOperator.STRING_EQUALS.toString());
+ }
+}
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/EffectTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/EffectTest.java
new file mode 100644
index 000000000..45ed4e87a
--- /dev/null
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/EffectTest.java
@@ -0,0 +1,26 @@
+package com.salesforce.multicloudj.iam.model;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import org.junit.jupiter.api.Test;
+
+public class EffectTest {
+
+ @Test
+ public void testAllowEffect() {
+ assertEquals("Allow", Effect.ALLOW.getValue());
+ assertEquals("Allow", Effect.ALLOW.toString());
+ }
+
+ @Test
+ public void testDenyEffect() {
+ assertEquals("Deny", Effect.DENY.getValue());
+ assertEquals("Deny", Effect.DENY.toString());
+ }
+
+ @Test
+ public void testEnumValues() {
+ Effect[] effects = Effect.values();
+ assertEquals(2, effects.length);
+ }
+}
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/IamActionsTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/IamActionsTest.java
new file mode 100644
index 000000000..f4227c3f6
--- /dev/null
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/IamActionsTest.java
@@ -0,0 +1,55 @@
+package com.salesforce.multicloudj.iam.model;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+
+public class IamActionsTest {
+
+ @Test
+ public void testAssumeRole() {
+ assertEquals("iam:AssumeRole", IamActions.ASSUME_ROLE.toActionString());
+ }
+
+ @Test
+ public void testCreateRole() {
+ assertEquals("iam:CreateRole", IamActions.CREATE_ROLE.toActionString());
+ }
+
+ @Test
+ public void testDeleteRole() {
+ assertEquals("iam:DeleteRole", IamActions.DELETE_ROLE.toActionString());
+ }
+
+ @Test
+ public void testGetRole() {
+ assertEquals("iam:GetRole", IamActions.GET_ROLE.toActionString());
+ }
+
+ @Test
+ public void testAttachRolePolicy() {
+ assertEquals("iam:AttachRolePolicy", IamActions.ATTACH_ROLE_POLICY.toActionString());
+ }
+
+ @Test
+ public void testDetachRolePolicy() {
+ assertEquals("iam:DetachRolePolicy", IamActions.DETACH_ROLE_POLICY.toActionString());
+ }
+
+ @Test
+ public void testPutRolePolicy() {
+ assertEquals("iam:PutRolePolicy", IamActions.PUT_ROLE_POLICY.toActionString());
+ }
+
+ @Test
+ public void testGetRolePolicy() {
+ assertEquals("iam:GetRolePolicy", IamActions.GET_ROLE_POLICY.toActionString());
+ }
+
+ @Test
+ public void testWildcard() {
+ assertEquals("iam:*", IamActions.ALL.toActionString());
+ assertTrue(IamActions.ALL.isWildcard());
+ }
+}
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/PolicyDocumentTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/PolicyDocumentTest.java
index c2bfbdc42..61609950b 100644
--- a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/PolicyDocumentTest.java
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/PolicyDocumentTest.java
@@ -24,12 +24,12 @@ public void testPolicyDocumentBuilder() {
.statement(
Statement.builder()
.sid("StorageAccess")
- .effect("Allow")
- .action("storage:GetObject")
- .action("storage:PutObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.PUT_OBJECT)
.principal("arn:aws:iam::123456789012:user/ExampleUser")
.resource("storage://my-bucket/*")
- .condition("StringEquals", "aws:RequestedRegion", "us-west-2")
+ .condition(ConditionOperator.STRING_EQUALS, "aws:RequestedRegion", "us-west-2")
.build())
.build();
@@ -38,15 +38,18 @@ public void testPolicyDocumentBuilder() {
Statement statement = policy.getStatements().get(0);
assertEquals("StorageAccess", statement.getSid());
- assertEquals("Allow", statement.getEffect());
- assertEquals(Arrays.asList("storage:GetObject", "storage:PutObject"), statement.getActions());
+ assertEquals(Effect.ALLOW, statement.getEffect());
+ assertEquals(2, statement.getActions().size());
+ assertEquals(StorageActions.GET_OBJECT, statement.getActions().get(0));
+ assertEquals(StorageActions.PUT_OBJECT, statement.getActions().get(1));
assertEquals(
Arrays.asList("arn:aws:iam::123456789012:user/ExampleUser"), statement.getPrincipals());
assertEquals(Arrays.asList("storage://my-bucket/*"), statement.getResources());
- assertTrue(statement.getConditions().containsKey("StringEquals"));
+ assertTrue(statement.getConditions().containsKey(ConditionOperator.STRING_EQUALS));
assertEquals(
- "us-west-2", statement.getConditions().get("StringEquals").get("aws:RequestedRegion"));
+ "us-west-2",
+ statement.getConditions().get(ConditionOperator.STRING_EQUALS).get("aws:RequestedRegion"));
}
@Test
@@ -58,15 +61,15 @@ public void testMultipleStatements() {
.statement(
Statement.builder()
.sid("ReadAccess")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource("storage://my-bucket/*")
.build())
.statement(
Statement.builder()
.sid("WriteAccess")
- .effect("Allow")
- .action("storage:PutObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.PUT_OBJECT)
.resource("storage://my-bucket/*")
.build())
.build();
@@ -93,8 +96,8 @@ public void testOptionalVersionBuildsSuccessfully() {
.statement(
Statement.builder()
.sid("TestStatement")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource("storage://test-bucket/*")
.build())
.build();
@@ -111,7 +114,10 @@ public void testStatementWithoutEffectThrowsException() {
.name("TestPolicy")
.version(TEST_VERSION)
.statement(
- Statement.builder().sid("TestStatement").action("storage:GetObject").build())
+ Statement.builder()
+ .sid("TestStatement")
+ .action(StorageActions.GET_OBJECT)
+ .build())
.build();
});
}
@@ -124,7 +130,7 @@ public void testStatementWithoutActionsThrowsException() {
PolicyDocument.builder()
.name("TestPolicy")
.version(TEST_VERSION)
- .statement(Statement.builder().sid("TestStatement").effect("Allow").build())
+ .statement(Statement.builder().sid("TestStatement").effect(Effect.ALLOW).build())
.build();
});
}
@@ -138,11 +144,11 @@ public void testBuilderMethodsWithMultipleValues() {
.statement(
Statement.builder()
.sid("TestStatement")
- .effect("Allow")
- .action("storage:GetObject")
- .action("storage:PutObject")
- .action("storage:DeleteObject")
- .action("storage:ListObjects")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.PUT_OBJECT)
+ .action(StorageActions.DELETE_OBJECT)
+ .action(StorageActions.LIST_BUCKET)
.resource("storage://bucket1/*")
.resource("storage://bucket2/*")
.resource("storage://bucket3/*")
@@ -151,8 +157,11 @@ public void testBuilderMethodsWithMultipleValues() {
.principal("principal2")
.principal("principal3")
.principal("principal4")
- .condition("StringEquals", "aws:RequestedRegion", "us-west-2")
- .condition("DateGreaterThan", "aws:CurrentTime", "2024-01-01T00:00:00Z")
+ .condition(ConditionOperator.STRING_EQUALS, "aws:RequestedRegion", "us-west-2")
+ .condition(
+ ConditionOperator.DATE_GREATER_THAN,
+ "aws:CurrentTime",
+ "2024-01-01T00:00:00Z")
.build())
.build();
@@ -160,10 +169,10 @@ public void testBuilderMethodsWithMultipleValues() {
// Test actions
assertEquals(4, statement.getActions().size());
- assertTrue(statement.getActions().contains("storage:GetObject"));
- assertTrue(statement.getActions().contains("storage:PutObject"));
- assertTrue(statement.getActions().contains("storage:DeleteObject"));
- assertTrue(statement.getActions().contains("storage:ListObjects"));
+ assertTrue(statement.getActions().contains(StorageActions.GET_OBJECT));
+ assertTrue(statement.getActions().contains(StorageActions.PUT_OBJECT));
+ assertTrue(statement.getActions().contains(StorageActions.DELETE_OBJECT));
+ assertTrue(statement.getActions().contains(StorageActions.LIST_BUCKET));
// Test resources
assertEquals(4, statement.getResources().size());
@@ -180,8 +189,8 @@ public void testBuilderMethodsWithMultipleValues() {
assertTrue(statement.getPrincipals().contains("principal4"));
// Test conditions
- assertTrue(statement.getConditions().containsKey("StringEquals"));
- assertTrue(statement.getConditions().containsKey("DateGreaterThan"));
+ assertTrue(statement.getConditions().containsKey(ConditionOperator.STRING_EQUALS));
+ assertTrue(statement.getConditions().containsKey(ConditionOperator.DATE_GREATER_THAN));
}
@Test
@@ -194,8 +203,8 @@ public void testAddNullStatement() {
.statement(
Statement.builder()
.sid("ValidStatement")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource("storage://test-bucket/*")
.build())
.build();
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/StatementTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/StatementTest.java
index 160f163e6..808eeb4b3 100644
--- a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/StatementTest.java
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/StatementTest.java
@@ -18,24 +18,27 @@ public void testStatementBuilder() {
Statement statement =
Statement.builder()
.sid("TestStatement")
- .effect("Allow")
- .action("storage:GetObject")
- .action("storage:PutObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.PUT_OBJECT)
.resource("storage://my-bucket/*")
.principal("arn:aws:iam::123456789012:user/TestUser")
- .condition("StringEquals", "aws:RequestedRegion", "us-west-2")
+ .condition(ConditionOperator.STRING_EQUALS, "aws:RequestedRegion", "us-west-2")
.build();
assertEquals("TestStatement", statement.getSid());
- assertEquals("Allow", statement.getEffect());
- assertEquals(Arrays.asList("storage:GetObject", "storage:PutObject"), statement.getActions());
+ assertEquals(Effect.ALLOW, statement.getEffect());
+ assertEquals(2, statement.getActions().size());
+ assertEquals(StorageActions.GET_OBJECT, statement.getActions().get(0));
+ assertEquals(StorageActions.PUT_OBJECT, statement.getActions().get(1));
assertEquals(Arrays.asList("storage://my-bucket/*"), statement.getResources());
assertEquals(
Arrays.asList("arn:aws:iam::123456789012:user/TestUser"), statement.getPrincipals());
- assertTrue(statement.getConditions().containsKey("StringEquals"));
+ assertTrue(statement.getConditions().containsKey(ConditionOperator.STRING_EQUALS));
assertEquals(
- "us-west-2", statement.getConditions().get("StringEquals").get("aws:RequestedRegion"));
+ "us-west-2",
+ statement.getConditions().get(ConditionOperator.STRING_EQUALS).get("aws:RequestedRegion"));
}
@Test
@@ -43,14 +46,15 @@ public void testStatementBuilderMinimal() {
Statement statement =
Statement.builder()
.sid("MinimalStatement")
- .effect("Deny")
- .action("storage:DeleteObject")
+ .effect(Effect.DENY)
+ .action(StorageActions.DELETE_OBJECT)
.resource("storage://sensitive-bucket/*")
.build();
assertEquals("MinimalStatement", statement.getSid());
- assertEquals("Deny", statement.getEffect());
- assertEquals(Arrays.asList("storage:DeleteObject"), statement.getActions());
+ assertEquals(Effect.DENY, statement.getEffect());
+ assertEquals(1, statement.getActions().size());
+ assertEquals(StorageActions.DELETE_OBJECT, statement.getActions().get(0));
assertEquals(Arrays.asList("storage://sensitive-bucket/*"), statement.getResources());
assertTrue(statement.getPrincipals().isEmpty());
assertTrue(statement.getConditions().isEmpty());
@@ -63,8 +67,8 @@ public void testStatementBuilderMultipleResources() {
Statement statement =
Statement.builder()
.sid("MultiResourceStatement")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource("storage://bucket1/*")
.resource("storage://bucket2/*")
.build();
@@ -81,8 +85,8 @@ public void testStatementBuilderMultiplePrincipals() {
Statement statement =
Statement.builder()
.sid("MultiPrincipalStatement")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource("storage://shared-bucket/*")
.principal("arn:aws:iam::123456789012:user/User1")
.principal("arn:aws:iam::123456789012:user/User2")
@@ -96,33 +100,35 @@ public void testStatementBuilderMultipleConditions() {
Statement statement =
Statement.builder()
.sid("MultiConditionStatement")
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource("storage://conditional-bucket/*")
- .condition("StringEquals", "aws:RequestedRegion", "us-west-2")
- .condition("DateGreaterThan", "aws:CurrentTime", "2024-01-01T00:00:00Z")
+ .condition(ConditionOperator.STRING_EQUALS, "aws:RequestedRegion", "us-west-2")
+ .condition(
+ ConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "2024-01-01T00:00:00Z")
.build();
- assertTrue(statement.getConditions().containsKey("StringEquals"));
- assertTrue(statement.getConditions().containsKey("DateGreaterThan"));
+ assertTrue(statement.getConditions().containsKey(ConditionOperator.STRING_EQUALS));
+ assertTrue(statement.getConditions().containsKey(ConditionOperator.DATE_GREATER_THAN));
assertEquals(
- "us-west-2", statement.getConditions().get("StringEquals").get("aws:RequestedRegion"));
+ "us-west-2",
+ statement.getConditions().get(ConditionOperator.STRING_EQUALS).get("aws:RequestedRegion"));
assertEquals(
"2024-01-01T00:00:00Z",
- statement.getConditions().get("DateGreaterThan").get("aws:CurrentTime"));
+ statement.getConditions().get(ConditionOperator.DATE_GREATER_THAN).get("aws:CurrentTime"));
}
@Test
public void testStatementWithoutSid() {
Statement statement =
Statement.builder()
- .effect("Allow")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource("storage://no-sid-bucket/*")
.build();
assertNull(statement.getSid());
- assertEquals("Allow", statement.getEffect());
+ assertEquals(Effect.ALLOW, statement.getEffect());
}
@Test
@@ -141,7 +147,7 @@ public void testStatementWithoutEffectThrowsException() {
() -> {
Statement.builder()
.sid("NoEffectStatement")
- .action("storage:GetObject")
+ .action(StorageActions.GET_OBJECT)
.resource("storage://test-bucket/*")
.build();
});
@@ -154,34 +160,21 @@ public void testStatementWithoutActionsThrowsException() {
() -> {
Statement.builder()
.sid("NoActionsStatement")
- .effect("Allow")
+ .effect(Effect.ALLOW)
.resource("storage://test-bucket/*")
.build();
});
}
@Test
- public void testStatementWithEmptyEffect() {
- assertThrows(
- InvalidArgumentException.class,
- () -> {
- Statement.builder()
- .sid("EmptyEffectStatement")
- .effect("")
- .action("storage:GetObject")
- .build();
- });
- }
-
- @Test
- public void testStatementWithWhitespaceEffect() {
+ public void testStatementWithNullAction() {
assertThrows(
InvalidArgumentException.class,
() -> {
Statement.builder()
- .sid("WhitespaceEffectStatement")
- .effect(" ")
- .action("storage:GetObject")
+ .sid("NullActionStatement")
+ .effect(Effect.ALLOW)
+ .action((Action) null)
.build();
});
}
@@ -190,11 +183,8 @@ public void testStatementWithWhitespaceEffect() {
public void testNullAndEmptyValueHandling() {
Statement statement =
Statement.builder()
- .effect("Allow")
- .action(null)
- .action("")
- .action(" ")
- .action("storage:GetObject")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
.resource(null)
.resource("")
.resource(" ")
@@ -204,13 +194,13 @@ public void testNullAndEmptyValueHandling() {
.principal(" ")
.principal("valid-principal")
.condition(null, "key", "value")
- .condition("StringEquals", null, "value")
- .condition("StringEquals", "key", null)
- .condition("StringEquals", "aws:RequestedRegion", "us-west-2")
+ .condition(ConditionOperator.STRING_EQUALS, null, "value")
+ .condition(ConditionOperator.STRING_EQUALS, "key", null)
+ .condition(ConditionOperator.STRING_EQUALS, "aws:RequestedRegion", "us-west-2")
.build();
assertEquals(1, statement.getActions().size());
- assertEquals("storage:GetObject", statement.getActions().get(0));
+ assertEquals(StorageActions.GET_OBJECT, statement.getActions().get(0));
assertEquals(1, statement.getResources().size());
assertEquals("storage://test-bucket/*", statement.getResources().get(0));
@@ -219,51 +209,83 @@ public void testNullAndEmptyValueHandling() {
assertEquals("valid-principal", statement.getPrincipals().get(0));
assertEquals(1, statement.getConditions().size());
- assertTrue(statement.getConditions().containsKey("StringEquals"));
+ assertTrue(statement.getConditions().containsKey(ConditionOperator.STRING_EQUALS));
assertEquals(
- "us-west-2", statement.getConditions().get("StringEquals").get("aws:RequestedRegion"));
+ "us-west-2",
+ statement.getConditions().get(ConditionOperator.STRING_EQUALS).get("aws:RequestedRegion"));
}
@Test
- public void testListMethodsWithNullValues() {
- List principals = Arrays.asList("principal1", null, "", " ", "principal2");
- List actions = Arrays.asList("storage:GetObject", null, "", " ", "storage:PutObject");
- List resources =
- Arrays.asList("storage://bucket1/*", null, "", " ", "storage://bucket2/*");
+ public void testMixedServiceActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(ComputeActions.CREATE_INSTANCE)
+ .action(IamActions.ASSUME_ROLE)
+ .build();
+
+ assertEquals(3, statement.getActions().size());
+ assertEquals(StorageActions.GET_OBJECT, statement.getActions().get(0));
+ assertEquals(ComputeActions.CREATE_INSTANCE, statement.getActions().get(1));
+ assertEquals(IamActions.ASSUME_ROLE, statement.getActions().get(2));
+ }
+ @Test
+ public void testWildcardActions() {
Statement statement =
Statement.builder()
- .effect("Allow")
- .actions(actions)
- .resources(resources)
- .principals(principals)
+ .effect(Effect.ALLOW)
+ .action(StorageActions.ALL)
+ .action(ComputeActions.ALL)
+ .action(IamActions.ALL)
.build();
- assertEquals(2, statement.getActions().size());
- assertTrue(statement.getActions().contains("storage:GetObject"));
- assertTrue(statement.getActions().contains("storage:PutObject"));
+ assertEquals(3, statement.getActions().size());
+ assertTrue(statement.getActions().get(0).isWildcard());
+ assertTrue(statement.getActions().get(1).isWildcard());
+ assertTrue(statement.getActions().get(2).isWildcard());
+ }
- assertEquals(2, statement.getResources().size());
- assertTrue(statement.getResources().contains("storage://bucket1/*"));
- assertTrue(statement.getResources().contains("storage://bucket2/*"));
+ @Test
+ public void testCustomAction() {
+ Action customAction = Action.of("customService:CustomOperation");
+ Statement statement = Statement.builder().effect(Effect.ALLOW).action(customAction).build();
- assertEquals(2, statement.getPrincipals().size());
- assertTrue(statement.getPrincipals().contains("principal1"));
- assertTrue(statement.getPrincipals().contains("principal2"));
+ assertEquals(1, statement.getActions().size());
+ assertEquals("customService:CustomOperation", statement.getActions().get(0).toActionString());
}
@Test
- public void testListMethodsWithNullLists() {
- // Test that individual actions and resources are preserved even without using list methods
+ public void testGetActionsAsStrings() {
Statement statement =
Statement.builder()
- .effect("Allow")
- .action("storage:GetObject")
- .resource("storage://test-bucket/*")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.PUT_OBJECT)
.build();
- assertEquals(1, statement.getActions().size());
- assertEquals(1, statement.getResources().size());
- assertTrue(statement.getPrincipals().isEmpty());
+ List actionStrings = statement.getActionsAsStrings();
+ assertEquals(2, actionStrings.size());
+ assertEquals("storage:GetObject", actionStrings.get(0));
+ assertEquals("storage:PutObject", actionStrings.get(1));
+ }
+
+ @Test
+ public void testGetConditionsAsStrings() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .condition(ConditionOperator.STRING_EQUALS, "key1", "value1")
+ .condition(ConditionOperator.NUMERIC_LESS_THAN, "key2", 100)
+ .build();
+
+ var conditionStrings = statement.getConditionsAsStrings();
+ assertEquals(2, conditionStrings.size());
+ assertTrue(conditionStrings.containsKey("stringEquals"));
+ assertTrue(conditionStrings.containsKey("numericLessThan"));
+ assertEquals("value1", conditionStrings.get("stringEquals").get("key1"));
+ assertEquals(100, conditionStrings.get("numericLessThan").get("key2"));
}
}
diff --git a/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/StorageActionsTest.java b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/StorageActionsTest.java
new file mode 100644
index 000000000..7712e6a8d
--- /dev/null
+++ b/iam/iam-client/src/test/java/com/salesforce/multicloudj/iam/model/StorageActionsTest.java
@@ -0,0 +1,52 @@
+package com.salesforce.multicloudj.iam.model;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+
+public class StorageActionsTest {
+
+ @Test
+ public void testGetObject() {
+ assertEquals("storage:GetObject", StorageActions.GET_OBJECT.toActionString());
+ assertEquals("storage", StorageActions.GET_OBJECT.getService());
+ assertEquals("GetObject", StorageActions.GET_OBJECT.getOperation());
+ }
+
+ @Test
+ public void testPutObject() {
+ assertEquals("storage:PutObject", StorageActions.PUT_OBJECT.toActionString());
+ }
+
+ @Test
+ public void testDeleteObject() {
+ assertEquals("storage:DeleteObject", StorageActions.DELETE_OBJECT.toActionString());
+ }
+
+ @Test
+ public void testListBucket() {
+ assertEquals("storage:ListBucket", StorageActions.LIST_BUCKET.toActionString());
+ }
+
+ @Test
+ public void testGetBucketLocation() {
+ assertEquals("storage:GetBucketLocation", StorageActions.GET_BUCKET_LOCATION.toActionString());
+ }
+
+ @Test
+ public void testCreateBucket() {
+ assertEquals("storage:CreateBucket", StorageActions.CREATE_BUCKET.toActionString());
+ }
+
+ @Test
+ public void testDeleteBucket() {
+ assertEquals("storage:DeleteBucket", StorageActions.DELETE_BUCKET.toActionString());
+ }
+
+ @Test
+ public void testWildcard() {
+ assertEquals("storage:*", StorageActions.ALL.toActionString());
+ assertTrue(StorageActions.ALL.isWildcard());
+ }
+}
diff --git a/iam/iam-gcp/src/main/java/com/salesforce/multicloudj/iam/gcp/GcpIam.java b/iam/iam-gcp/src/main/java/com/salesforce/multicloudj/iam/gcp/GcpIam.java
index e482f5a66..590b8549d 100644
--- a/iam/iam-gcp/src/main/java/com/salesforce/multicloudj/iam/gcp/GcpIam.java
+++ b/iam/iam-gcp/src/main/java/com/salesforce/multicloudj/iam/gcp/GcpIam.java
@@ -21,9 +21,11 @@
import com.salesforce.multicloudj.common.gcp.CommonErrorCodeMapping;
import com.salesforce.multicloudj.common.gcp.GcpConstants;
import com.salesforce.multicloudj.iam.driver.AbstractIam;
+import com.salesforce.multicloudj.iam.model.Action;
import com.salesforce.multicloudj.iam.model.AttachInlinePolicyRequest;
import com.salesforce.multicloudj.iam.model.CreateIdentityRequest;
import com.salesforce.multicloudj.iam.model.DeleteIdentityRequest;
+import com.salesforce.multicloudj.iam.model.Effect;
import com.salesforce.multicloudj.iam.model.GetAttachedPoliciesRequest;
import com.salesforce.multicloudj.iam.model.GetIdentityRequest;
import com.salesforce.multicloudj.iam.model.GetInlinePolicyDetailsRequest;
@@ -62,18 +64,6 @@ public GcpIam(Builder builder) {
* is provided, it also grants the roles/iam.serviceAccountTokenCreator role to the specified
* trusted principals, enabling them to impersonate this service account.
*
- * @param identityName the service account ID (e.g., "my-service-account"). This will be used to
- * construct the full email: {identityName}@{project-id}.iam.gserviceaccount.com
- * @param description optional description for the service account (can be null, defaults to empty
- * string)
- * @param tenantId the GCP project ID (e.g., "my-project-123") or full project resource name
- * (e.g., "projects/my-project-123"). The "projects/" prefix is optional.
- * @param region the region (not used in GCP IAM as service accounts are global resources)
- * @param trustConfig optional trust configuration containing principals that should be granted
- * the roles/iam.serviceAccountTokenCreator role. Principals can be specified as: - Service
- * account email: "sa@project.iam.gserviceaccount.com" - Formatted member:
- * "serviceAccount:sa@project.iam.gserviceaccount.com" - User: "user:user@example.com" -
- * Group: "group:group@example.com"
* @param request the request containing identity name, description, tenant ID, region, trust
* config, and options
* @return the service account email address (unique identifier) in the format:
@@ -164,20 +154,27 @@ private String formatPrincipalAsMember(String principal) {
}
/**
- * Attaches an inline policy to a resource. This implementation treats each action in the
- * PolicyDocument statement as a GCP IAM role name and grants that role to the IAM member. The
- * action values are used directly as role names (e.g., "roles/iam.serviceAccountUser",
- * "roles/storage.objectViewer").
+ * Attaches an inline policy to a resource. This implementation translates substrate-neutral
+ * actions from the PolicyDocument to GCP IAM roles and grants those roles to the IAM member via
+ * bindings.
+ *
+ * Translation examples:
+ *
+ *
+ * - storage:GetObject → roles/storage.objectViewer
+ *
- storage:PutObject → roles/storage.objectCreator
+ *
- compute:CreateInstance → roles/compute.instanceAdmin.v1
+ *
*
* Note: GCP IAM is deny-by-default: access is denied unless explicitly allowed via bindings.
*
- *
Note: This implementation only processes "Allow" statements. "Deny" statements are skipped
- * because ProjectsClient only supports allow policies (bindings). Deny policies require the IAM
- * v2 API (PoliciesClient) and are managed separately from allow policies.
+ *
Note: This implementation only processes "Allow" statements. "Deny" statements are not
+ * supported because ProjectsClient only supports allow policies (bindings). Deny policies require
+ * the IAM v2 API (PoliciesClient) and are managed separately from allow policies.
*
- * @param request the request; GCP uses identityName as member, tenantId as resource name (e.g.
- * organizations/123, folders/456, projects/my-project). Policy document actions are treated
- * as GCP IAM role names.
+ * @param request the substrate-neutral policy document
+ * @throws SubstrateSdkException if translation fails (unknown action, unsupported condition,
+ * etc.)
*/
@Override
protected void doAttachInlinePolicy(AttachInlinePolicyRequest request) {
@@ -201,13 +198,16 @@ protected void doAttachInlinePolicy(AttachInlinePolicyRequest request) {
for (Statement statement : request.getPolicyDocument().getStatements()) {
// Skip Deny statements: ProjectsClient only supports allow policies (bindings).
// Deny policies require the IAM v2 API (PoliciesClient) and are managed separately.
- if (!EFFECT_ALLOW.equalsIgnoreCase(statement.getEffect())) {
+ if (statement.getEffect() != Effect.ALLOW) {
continue;
}
- // Treat each action as a GCP IAM role name
- for (String action : statement.getActions()) {
- policy = addBinding(policy, action, member);
+ // Translate substrate-neutral actions to GCP roles
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ // Add binding for each translated role
+ for (String role : roles) {
+ policy = addBinding(policy, role, member);
}
}
@@ -324,12 +324,20 @@ protected String doGetInlinePolicyDetails(GetInlinePolicyDetailsRequest request)
// Build a PolicyDocument to represent this role binding
// The version field is immaterial for GCP IAM policy document.
+ // Convert GCP role format (e.g., "roles/iam.serviceAccountUser") to substrate-neutral format
+ String actionString =
+ request.getRoleName().startsWith("roles/")
+ ? "gcp-role:" + request.getRoleName().substring("roles/".length())
+ : request.getRoleName();
PolicyDocument policyDocument =
PolicyDocument.builder()
.name(request.getRoleName())
.version("")
.statement(
- Statement.builder().effect(EFFECT_ALLOW).action(request.getRoleName()).build())
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(Action.of(actionString))
+ .build())
.build();
// Convert PolicyDocument to JSON string using Jackson
@@ -361,7 +369,7 @@ private String toJsonString(PolicyDocument policyDocument) {
* "serviceAccount:my-sa@project.iam.gserviceaccount.com", "user:user@example.com",
* "group:group@example.com") tenantId the resource name that owns the IAM policy. Examples
* include: "organizations/123456789012", "folders/987654321098", "projects/my-project",
- * "projects/my-project/topics/my-topic",, Can be any GCP resource that supports IAM policies.
+ * "projects/my-project/topics/my-topic", Can be any GCP resource that supports IAM policies.
* region the region (optional for GCP)
* @return a list of role names (e.g., "roles/iam.serviceAccountUser",
* "roles/storage.objectViewer")
@@ -391,13 +399,6 @@ protected List doGetAttachedPolicies(GetAttachedPoliciesRequest request)
* Removes an inline policy (role) from an IAM member. In GCP, this removes the IAM member from
* the specified role binding in the resource's IAM policy.
*
- * @param identityName the IAM member (e.g.,
- * "serviceAccount:my-sa@project.iam.gserviceaccount.com", "user:user@example.com",
- * "group:group@example.com")
- * @param policyName the role name to remove (e.g., "roles/iam.serviceAccountUser")
- * @param tenantId the resource name that owns the IAM policy. Examples include:
- * "organizations/123456789012", "folders/987654321098", "projects/my-project",
- * "projects/my-project/topics/my-topic",, Can be any GCP resource that supports IAM policies.
* @param request the request containing identity name, policy name, tenant ID, and region
*/
@Override
@@ -505,13 +506,7 @@ private Policy removeBinding(Policy policy, String role, String member) {
* operation cannot be undone. The method accepts either a service account ID or full email
* address as input and constructs the appropriate resource name for the API call.
*
- * @param identityName the service account identifier to delete, which can be: - Service account
- * ID: "my-service-account" - Full email:
- * "my-service-account@project-id.iam.gserviceaccount.com" Both formats are accepted and will
- * be normalized to the full resource name.
- * @param tenantId the GCP project ID (e.g., "my-project-123") or full project resource name
- * (e.g., "projects/my-project-123"). The "projects/" prefix is optional.
- * @param region the region (not used in GCP IAM as service accounts are global resources)
+ * @param request the request containing identity name, tenant ID, and region
* @throws ApiException if the service account is not found, access is denied, or deletion fails
* (propagates to IamClient)
*/
@@ -535,11 +530,6 @@ protected void doDeleteIdentity(DeleteIdentityRequest request) {
* the unique identifier. The method accepts either a service account ID or full email address as
* input and constructs the appropriate resource name for the API call.
*
- * @param identityName the service account identifier, which can be: - Service account ID:
- * "my-service-account" - Full email: "my-service-account@project-id.iam.gserviceaccount.com"
- * Both formats are accepted and will be normalized to the full resource name.
- * @param tenantId the GCP project ID (e.g., "my-project-123") or full project resource name
- * (e.g., "projects/my-project-123"). The "projects/" prefix is optional.
* @param request the request containing identity name, tenant ID, and region
* @return the service account email address (unique identifier) in the format:
* {account-id}@{project-id}.iam.gserviceaccount.com
diff --git a/iam/iam-gcp/src/main/java/com/salesforce/multicloudj/iam/gcp/GcpIamPolicyTranslator.java b/iam/iam-gcp/src/main/java/com/salesforce/multicloudj/iam/gcp/GcpIamPolicyTranslator.java
new file mode 100644
index 000000000..0767a8925
--- /dev/null
+++ b/iam/iam-gcp/src/main/java/com/salesforce/multicloudj/iam/gcp/GcpIamPolicyTranslator.java
@@ -0,0 +1,146 @@
+package com.salesforce.multicloudj.iam.gcp;
+
+import com.salesforce.multicloudj.common.exceptions.InvalidArgumentException;
+import com.salesforce.multicloudj.common.exceptions.SubstrateSdkException;
+import com.salesforce.multicloudj.iam.model.Action;
+import com.salesforce.multicloudj.iam.model.ComputeActions;
+import com.salesforce.multicloudj.iam.model.IamActions;
+import com.salesforce.multicloudj.iam.model.Statement;
+import com.salesforce.multicloudj.iam.model.StorageActions;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * Translates substrate-neutral PolicyDocument actions to GCP IAM roles.
+ *
+ * This translator converts substrate-neutral actions to GCP-specific IAM roles according to the
+ * translation rules defined in PolicyDocument documentation.
+ *
+ *
Translation rules:
+ *
+ *
+ * - Actions: storage:GetObject → roles/storage.objectViewer
+ *
- Actions: storage:PutObject → roles/storage.objectCreator
+ *
- Actions: compute:CreateInstance → roles/compute.instanceAdmin.v1
+ *
- Actions: iam:AssumeRole → roles/iam.serviceAccountUser
+ *
+ *
+ * Note: GCP IAM uses role-based access control, not action-based like AWS. Each
+ * substrate-neutral action maps to a GCP predefined role. Multiple actions may result in multiple
+ * role bindings.
+ */
+public class GcpIamPolicyTranslator {
+
+ // Action mappings: substrate-neutral → GCP role
+ private static final Map ACTION_TO_ROLE_MAPPINGS =
+ Map.ofEntries(
+ // Storage actions
+ Map.entry(StorageActions.GET_OBJECT, "roles/storage.objectViewer"),
+ Map.entry(StorageActions.PUT_OBJECT, "roles/storage.objectCreator"),
+ Map.entry(StorageActions.DELETE_OBJECT, "roles/storage.objectAdmin"),
+ Map.entry(StorageActions.LIST_BUCKET, "roles/storage.objectViewer"),
+ Map.entry(StorageActions.GET_BUCKET_LOCATION, "roles/storage.objectViewer"),
+ Map.entry(StorageActions.CREATE_BUCKET, "roles/storage.admin"),
+ Map.entry(StorageActions.DELETE_BUCKET, "roles/storage.admin"),
+
+ // Compute actions
+ Map.entry(ComputeActions.CREATE_INSTANCE, "roles/compute.instanceAdmin.v1"),
+ Map.entry(ComputeActions.DELETE_INSTANCE, "roles/compute.instanceAdmin.v1"),
+ Map.entry(ComputeActions.START_INSTANCE, "roles/compute.instanceAdmin.v1"),
+ Map.entry(ComputeActions.STOP_INSTANCE, "roles/compute.instanceAdmin.v1"),
+ Map.entry(ComputeActions.DESCRIBE_INSTANCES, "roles/compute.viewer"),
+ Map.entry(ComputeActions.GET_INSTANCE, "roles/compute.viewer"),
+
+ // IAM actions
+ Map.entry(IamActions.ASSUME_ROLE, "roles/iam.serviceAccountUser"),
+ Map.entry(IamActions.CREATE_ROLE, "roles/iam.serviceAccountAdmin"),
+ Map.entry(IamActions.DELETE_ROLE, "roles/iam.serviceAccountAdmin"),
+ Map.entry(IamActions.GET_ROLE, "roles/iam.serviceAccountViewer"),
+ Map.entry(IamActions.ATTACH_ROLE_POLICY, "roles/iam.serviceAccountAdmin"),
+ Map.entry(IamActions.DETACH_ROLE_POLICY, "roles/iam.serviceAccountAdmin"),
+ Map.entry(IamActions.PUT_ROLE_POLICY, "roles/iam.serviceAccountAdmin"),
+ Map.entry(IamActions.GET_ROLE_POLICY, "roles/iam.serviceAccountViewer"));
+
+ /**
+ * Translates substrate-neutral actions from a statement to GCP IAM roles.
+ *
+ * @param statement the substrate-neutral statement
+ * @return list of GCP IAM roles
+ * @throws SubstrateSdkException if action is unknown or conditions are unsupported
+ */
+ public static List translateActionsToRoles(Statement statement) {
+ if (statement.getEffect() == null) {
+ throw new InvalidArgumentException("Effect is required for GCP IAM policy statement");
+ }
+
+ // Check for unsupported conditions
+ if (statement.getConditions() != null && !statement.getConditions().isEmpty()) {
+ // GCP IAM v1 bindings support limited conditions via CEL expressions
+ // For now, we throw an error for any conditions as basic implementation
+ throw new InvalidArgumentException(
+ "GCP IAM policy conditions are not yet supported in substrate-neutral translation. "
+ + "Statement SID: "
+ + (statement.getSid() != null ? statement.getSid() : "unnamed")
+ + ". "
+ + "GCP requires IAM Conditions API (v2) with CEL expressions.");
+ }
+
+ List roles = new ArrayList<>();
+ for (Action action : statement.getActions()) {
+ String role = translateActionToRole(action);
+ if (!roles.contains(role)) {
+ roles.add(role);
+ }
+ }
+ return roles;
+ }
+
+ /**
+ * Translates a single substrate-neutral action to a GCP IAM role. Supports wildcard actions like
+ * storage:*, compute:*, iam:*.
+ *
+ * @param action the substrate-neutral action
+ * @return GCP IAM role
+ * @throws SubstrateSdkException if action is unknown
+ */
+ public static String translateActionToRole(Action action) {
+ // Handle wildcard actions (e.g., storage:*, compute:*, iam:*)
+ if (action.isWildcard()) {
+ String service = action.getService();
+ switch (service) {
+ case "storage":
+ // For storage:*, grant the most comprehensive storage role
+ return "roles/storage.admin";
+ case "compute":
+ // For compute:*, grant the most comprehensive compute role
+ return "roles/compute.admin";
+ case "iam":
+ // For iam:*, grant the most comprehensive IAM role
+ return "roles/iam.serviceAccountAdmin";
+ default:
+ throw new InvalidArgumentException(
+ "Unknown substrate-neutral service for wildcard action: "
+ + action.toActionString()
+ + ". "
+ + "Supported wildcard services: storage:*, compute:*, iam:*");
+ }
+ }
+
+ // Handle specific actions
+ String role = ACTION_TO_ROLE_MAPPINGS.get(action);
+ if (role == null) {
+ throw new InvalidArgumentException(
+ "Unknown substrate-neutral action: "
+ + action.toActionString()
+ + ". "
+ + "Supported actions: "
+ + ACTION_TO_ROLE_MAPPINGS.keySet().stream()
+ .map(Action::toActionString)
+ .collect(Collectors.joining(", "))
+ + ", or wildcard actions: storage:*, compute:*, iam:*");
+ }
+ return role;
+ }
+}
diff --git a/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamIT.java b/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamIT.java
index 98fbb487e..3edbe6322 100644
--- a/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamIT.java
+++ b/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamIT.java
@@ -202,12 +202,13 @@ public String getTestPolicyEffect() {
@Override
public List getTestPolicyActions() {
- return List.of("roles/storage.objectViewer", "roles/storage.objectCreator");
+ // Use substrate-neutral actions that will be translated to GCP roles
+ return List.of("storage:GetObject", "storage:PutObject");
}
@Override
public String getTestPolicyName() {
- return "roles/storage.objectViewer";
+ return "storage:GetObject";
}
@Override
diff --git a/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamPolicyTranslatorTest.java b/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamPolicyTranslatorTest.java
new file mode 100644
index 000000000..e682ce651
--- /dev/null
+++ b/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamPolicyTranslatorTest.java
@@ -0,0 +1,409 @@
+package com.salesforce.multicloudj.iam.gcp;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import com.salesforce.multicloudj.common.exceptions.InvalidArgumentException;
+import com.salesforce.multicloudj.iam.model.Action;
+import com.salesforce.multicloudj.iam.model.ComputeActions;
+import com.salesforce.multicloudj.iam.model.ConditionOperator;
+import com.salesforce.multicloudj.iam.model.Effect;
+import com.salesforce.multicloudj.iam.model.IamActions;
+import com.salesforce.multicloudj.iam.model.Statement;
+import com.salesforce.multicloudj.iam.model.StorageActions;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+
+public class GcpIamPolicyTranslatorTest {
+
+ @Test
+ void testTranslateStorageGetObjectAction() {
+ Statement statement =
+ Statement.builder().effect(Effect.ALLOW).action(StorageActions.GET_OBJECT).build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(1, roles.size());
+ assertEquals("roles/storage.objectViewer", roles.get(0));
+ }
+
+ @Test
+ void testTranslateStoragePutObjectAction() {
+ Statement statement =
+ Statement.builder().effect(Effect.ALLOW).action(StorageActions.PUT_OBJECT).build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(1, roles.size());
+ assertEquals("roles/storage.objectCreator", roles.get(0));
+ }
+
+ @Test
+ void testTranslateMultipleStorageActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.PUT_OBJECT)
+ .action(StorageActions.DELETE_OBJECT)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(3, roles.size());
+ assertTrue(roles.contains("roles/storage.objectViewer"));
+ assertTrue(roles.contains("roles/storage.objectCreator"));
+ assertTrue(roles.contains("roles/storage.objectAdmin"));
+ }
+
+ @Test
+ void testTranslateComputeActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(ComputeActions.CREATE_INSTANCE)
+ .action(ComputeActions.DELETE_INSTANCE)
+ .action(ComputeActions.GET_INSTANCE)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(2, roles.size()); // CreateInstance and DeleteInstance map to same role
+ assertTrue(roles.contains("roles/compute.instanceAdmin.v1"));
+ assertTrue(roles.contains("roles/compute.viewer"));
+ }
+
+ @Test
+ void testTranslateIamActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(IamActions.ASSUME_ROLE)
+ .action(IamActions.CREATE_ROLE)
+ .action(IamActions.GET_ROLE)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(3, roles.size());
+ assertTrue(roles.contains("roles/iam.serviceAccountUser"));
+ assertTrue(roles.contains("roles/iam.serviceAccountAdmin"));
+ assertTrue(roles.contains("roles/iam.serviceAccountViewer"));
+ }
+
+ @Test
+ void testTranslateDuplicateActionsReturnUniqueRoles() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.LIST_BUCKET) // Also maps to objectViewer
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(1, roles.size());
+ assertEquals("roles/storage.objectViewer", roles.get(0));
+ }
+
+ @Test
+ void testTranslateActionToRoleStorageActions() {
+ assertEquals(
+ "roles/storage.objectViewer",
+ GcpIamPolicyTranslator.translateActionToRole(StorageActions.GET_OBJECT));
+ assertEquals(
+ "roles/storage.objectCreator",
+ GcpIamPolicyTranslator.translateActionToRole(StorageActions.PUT_OBJECT));
+ assertEquals(
+ "roles/storage.objectAdmin",
+ GcpIamPolicyTranslator.translateActionToRole(StorageActions.DELETE_OBJECT));
+ assertEquals(
+ "roles/storage.admin",
+ GcpIamPolicyTranslator.translateActionToRole(StorageActions.CREATE_BUCKET));
+ }
+
+ @Test
+ void testTranslateActionToRoleComputeActions() {
+ assertEquals(
+ "roles/compute.instanceAdmin.v1",
+ GcpIamPolicyTranslator.translateActionToRole(ComputeActions.CREATE_INSTANCE));
+ assertEquals(
+ "roles/compute.instanceAdmin.v1",
+ GcpIamPolicyTranslator.translateActionToRole(ComputeActions.DELETE_INSTANCE));
+ assertEquals(
+ "roles/compute.viewer",
+ GcpIamPolicyTranslator.translateActionToRole(ComputeActions.GET_INSTANCE));
+ }
+
+ @Test
+ void testTranslateActionToRoleIamActions() {
+ assertEquals(
+ "roles/iam.serviceAccountUser",
+ GcpIamPolicyTranslator.translateActionToRole(IamActions.ASSUME_ROLE));
+ assertEquals(
+ "roles/iam.serviceAccountAdmin",
+ GcpIamPolicyTranslator.translateActionToRole(IamActions.CREATE_ROLE));
+ assertEquals(
+ "roles/iam.serviceAccountViewer",
+ GcpIamPolicyTranslator.translateActionToRole(IamActions.GET_ROLE));
+ }
+
+ @Test
+ void testTranslateUnknownActionThrowsException() {
+ Statement statement =
+ Statement.builder().effect(Effect.ALLOW).action(Action.of("unknown:Action")).build();
+
+ InvalidArgumentException exception =
+ assertThrows(
+ InvalidArgumentException.class,
+ () -> {
+ GcpIamPolicyTranslator.translateActionsToRoles(statement);
+ });
+
+ assertTrue(exception.getMessage().contains("Unknown substrate-neutral action: unknown:Action"));
+ }
+
+ @Test
+ void testTranslateActionToRoleUnknownActionThrowsException() {
+ InvalidArgumentException exception =
+ assertThrows(
+ InvalidArgumentException.class,
+ () -> {
+ GcpIamPolicyTranslator.translateActionToRole(Action.of("invalid:Action"));
+ });
+
+ assertTrue(exception.getMessage().contains("Unknown substrate-neutral action: invalid:Action"));
+ }
+
+ @Test
+ void testTranslateActionsToRolesWithConditionsThrowsException() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .condition(ConditionOperator.STRING_EQUALS, "key", "value")
+ .build();
+
+ InvalidArgumentException exception =
+ assertThrows(
+ InvalidArgumentException.class,
+ () -> {
+ GcpIamPolicyTranslator.translateActionsToRoles(statement);
+ });
+
+ assertTrue(exception.getMessage().contains("GCP IAM policy conditions are not yet supported"));
+ }
+
+ @Test
+ void testTranslateAllStorageActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.PUT_OBJECT)
+ .action(StorageActions.DELETE_OBJECT)
+ .action(StorageActions.LIST_BUCKET)
+ .action(StorageActions.GET_BUCKET_LOCATION)
+ .action(StorageActions.CREATE_BUCKET)
+ .action(StorageActions.DELETE_BUCKET)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ // Verify all unique roles are present
+ assertTrue(roles.contains("roles/storage.objectViewer"));
+ assertTrue(roles.contains("roles/storage.objectCreator"));
+ assertTrue(roles.contains("roles/storage.objectAdmin"));
+ assertTrue(roles.contains("roles/storage.admin"));
+ }
+
+ @Test
+ void testTranslateAllComputeActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(ComputeActions.CREATE_INSTANCE)
+ .action(ComputeActions.DELETE_INSTANCE)
+ .action(ComputeActions.START_INSTANCE)
+ .action(ComputeActions.STOP_INSTANCE)
+ .action(ComputeActions.DESCRIBE_INSTANCES)
+ .action(ComputeActions.GET_INSTANCE)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ // Verify all unique roles are present
+ assertTrue(roles.contains("roles/compute.instanceAdmin.v1"));
+ assertTrue(roles.contains("roles/compute.viewer"));
+ }
+
+ @Test
+ void testTranslateAllIamActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(IamActions.ASSUME_ROLE)
+ .action(IamActions.CREATE_ROLE)
+ .action(IamActions.DELETE_ROLE)
+ .action(IamActions.GET_ROLE)
+ .action(IamActions.ATTACH_ROLE_POLICY)
+ .action(IamActions.DETACH_ROLE_POLICY)
+ .action(IamActions.PUT_ROLE_POLICY)
+ .action(IamActions.GET_ROLE_POLICY)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ // Verify all unique roles are present
+ assertTrue(roles.contains("roles/iam.serviceAccountUser"));
+ assertTrue(roles.contains("roles/iam.serviceAccountAdmin"));
+ assertTrue(roles.contains("roles/iam.serviceAccountViewer"));
+ }
+
+ @Test
+ void testTranslateMixedServiceActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(ComputeActions.CREATE_INSTANCE)
+ .action(IamActions.ASSUME_ROLE)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(3, roles.size());
+ assertTrue(roles.contains("roles/storage.objectViewer"));
+ assertTrue(roles.contains("roles/compute.instanceAdmin.v1"));
+ assertTrue(roles.contains("roles/iam.serviceAccountUser"));
+ }
+
+ @Test
+ void testTranslateWildcardStorageAction() {
+ Statement statement =
+ Statement.builder().effect(Effect.ALLOW).action(StorageActions.ALL).build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(1, roles.size());
+ assertEquals("roles/storage.admin", roles.get(0));
+ }
+
+ @Test
+ void testTranslateWildcardComputeAction() {
+ Statement statement =
+ Statement.builder().effect(Effect.ALLOW).action(ComputeActions.ALL).build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(1, roles.size());
+ assertEquals("roles/compute.admin", roles.get(0));
+ }
+
+ @Test
+ void testTranslateWildcardIamAction() {
+ Statement statement = Statement.builder().effect(Effect.ALLOW).action(IamActions.ALL).build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(1, roles.size());
+ assertEquals("roles/iam.serviceAccountAdmin", roles.get(0));
+ }
+
+ @Test
+ void testTranslateMixedWildcardAndSpecificActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.ALL)
+ .action(ComputeActions.CREATE_INSTANCE)
+ .action(IamActions.GET_ROLE)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(3, roles.size());
+ assertTrue(roles.contains("roles/storage.admin"));
+ assertTrue(roles.contains("roles/compute.instanceAdmin.v1"));
+ assertTrue(roles.contains("roles/iam.serviceAccountViewer"));
+ }
+
+ @Test
+ void testTranslateMultipleWildcardActions() {
+ Statement statement =
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.ALL)
+ .action(ComputeActions.ALL)
+ .action(IamActions.ALL)
+ .build();
+
+ List roles = GcpIamPolicyTranslator.translateActionsToRoles(statement);
+
+ assertEquals(3, roles.size());
+ assertTrue(roles.contains("roles/storage.admin"));
+ assertTrue(roles.contains("roles/compute.admin"));
+ assertTrue(roles.contains("roles/iam.serviceAccountAdmin"));
+ }
+
+ @Test
+ void testTranslateUnknownWildcardServiceThrowsException() {
+ Statement statement =
+ Statement.builder().effect(Effect.ALLOW).action(Action.of("unknown:*")).build();
+
+ InvalidArgumentException exception =
+ assertThrows(
+ InvalidArgumentException.class,
+ () -> {
+ GcpIamPolicyTranslator.translateActionsToRoles(statement);
+ });
+
+ assertTrue(
+ exception
+ .getMessage()
+ .contains("Unknown substrate-neutral service for wildcard action: unknown:*"));
+ assertTrue(
+ exception
+ .getMessage()
+ .contains("Supported wildcard services: storage:*, compute:*, iam:*"));
+ }
+
+ @Test
+ void testTranslateActionToRoleWildcardStorage() {
+ assertEquals(
+ "roles/storage.admin", GcpIamPolicyTranslator.translateActionToRole(StorageActions.ALL));
+ }
+
+ @Test
+ void testTranslateActionToRoleWildcardCompute() {
+ assertEquals(
+ "roles/compute.admin", GcpIamPolicyTranslator.translateActionToRole(ComputeActions.ALL));
+ }
+
+ @Test
+ void testTranslateActionToRoleWildcardIam() {
+ assertEquals(
+ "roles/iam.serviceAccountAdmin",
+ GcpIamPolicyTranslator.translateActionToRole(IamActions.ALL));
+ }
+
+ @Test
+ void testTranslateNullEffectThrowsException() {
+ Statement mockStatement = mock(Statement.class);
+ when(mockStatement.getEffect()).thenReturn(null);
+ when(mockStatement.getActions())
+ .thenReturn(java.util.Collections.singletonList(StorageActions.GET_OBJECT));
+
+ InvalidArgumentException exception =
+ assertThrows(
+ InvalidArgumentException.class,
+ () -> {
+ GcpIamPolicyTranslator.translateActionsToRoles(mockStatement);
+ });
+
+ assertEquals("Effect is required for GCP IAM policy statement", exception.getMessage());
+ }
+}
diff --git a/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamTest.java b/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamTest.java
index ea827e5f5..07fcd9641 100644
--- a/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamTest.java
+++ b/iam/iam-gcp/src/test/java/com/salesforce/multicloudj/iam/gcp/GcpIamTest.java
@@ -41,12 +41,18 @@
import com.salesforce.multicloudj.common.exceptions.UnAuthorizedException;
import com.salesforce.multicloudj.common.exceptions.UnSupportedOperationException;
import com.salesforce.multicloudj.common.exceptions.UnknownException;
+import com.salesforce.multicloudj.iam.model.Action;
import com.salesforce.multicloudj.iam.model.AttachInlinePolicyRequest;
+import com.salesforce.multicloudj.iam.model.ComputeActions;
+import com.salesforce.multicloudj.iam.model.ConditionOperator;
+import com.salesforce.multicloudj.iam.model.Effect;
import com.salesforce.multicloudj.iam.model.GetAttachedPoliciesRequest;
import com.salesforce.multicloudj.iam.model.GetInlinePolicyDetailsRequest;
+import com.salesforce.multicloudj.iam.model.IamActions;
import com.salesforce.multicloudj.iam.model.PolicyDocument;
import com.salesforce.multicloudj.iam.model.RemovePolicyRequest;
import com.salesforce.multicloudj.iam.model.Statement;
+import com.salesforce.multicloudj.iam.model.StorageActions;
import com.salesforce.multicloudj.iam.model.TrustConfiguration;
import java.io.IOException;
import java.util.List;
@@ -151,13 +157,17 @@ void testDoAttachInlinePolicySuccess() {
when(mockProjectsClient.setIamPolicy(any(SetIamPolicyRequest.class)))
.thenReturn(existingPolicy);
- // Create policy document
+ // Create policy document with substrate-neutral action
PolicyDocument policyDocument =
PolicyDocument.builder()
.name("TestPolicy")
.version("2024-01-01")
.statement(
- Statement.builder().sid("TestPolicy").effect("Allow").action(TEST_ROLE).build())
+ Statement.builder()
+ .sid("TestPolicy")
+ .effect(Effect.ALLOW)
+ .action(IamActions.ASSUME_ROLE) // Translates to roles/iam.serviceAccountUser
+ .build())
.build();
// Execute
@@ -181,10 +191,10 @@ void testDoAttachInlinePolicySuccess() {
Policy updatedPolicy = setRequest.getPolicy();
Assertions.assertNotNull(updatedPolicy);
- // Verify the new binding was added
+ // Verify the new binding was added (translated role)
boolean foundBinding = false;
for (Binding binding : updatedPolicy.getBindingsList()) {
- if (binding.getRole().equals(TEST_ROLE)) {
+ if (binding.getRole().equals("roles/iam.serviceAccountUser")) {
assertTrue(binding.getMembersList().contains(TEST_SERVICE_ACCOUNT));
foundBinding = true;
}
@@ -203,7 +213,11 @@ void testDoAttachInlinePolicyWithNullPolicy() {
.name("TestPolicy")
.version("2024-01-01")
.statement(
- Statement.builder().sid("TestPolicy").effect("Allow").action(TEST_ROLE).build())
+ Statement.builder()
+ .sid("TestPolicy")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT) // Translates to roles/storage.objectViewer
+ .build())
.build();
AttachInlinePolicyRequest request =
@@ -225,7 +239,7 @@ void testDoAttachInlinePolicyMergesExistingBinding() {
Policy.newBuilder()
.addBindings(
Binding.newBuilder()
- .setRole(TEST_ROLE)
+ .setRole("roles/iam.serviceAccountUser")
.addMembers("serviceAccount:existing@test-project.iam.gserviceaccount.com")
.build())
.build();
@@ -240,7 +254,11 @@ void testDoAttachInlinePolicyMergesExistingBinding() {
.name("TestPolicy")
.version("2024-01-01")
.statement(
- Statement.builder().sid("TestPolicy").effect("Allow").action(TEST_ROLE).build())
+ Statement.builder()
+ .sid("TestPolicy")
+ .effect(Effect.ALLOW)
+ .action(IamActions.ASSUME_ROLE) // Translates to roles/iam.serviceAccountUser
+ .build())
.build();
AttachInlinePolicyRequest request =
@@ -259,7 +277,7 @@ void testDoAttachInlinePolicyMergesExistingBinding() {
Policy updatedPolicy = setRequestCaptor.getValue().getPolicy();
Binding updatedBinding =
updatedPolicy.getBindingsList().stream()
- .filter(b -> b.getRole().equals(TEST_ROLE))
+ .filter(b -> b.getRole().equals("roles/iam.serviceAccountUser"))
.findFirst()
.orElse(null);
@@ -273,15 +291,28 @@ void testDoAttachInlinePolicySkipsDenyStatements() {
Policy existingPolicy = Policy.newBuilder().build();
when(mockProjectsClient.getIamPolicy(any(GetIamPolicyRequest.class)))
.thenReturn(existingPolicy);
+ when(mockProjectsClient.setIamPolicy(any(SetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
PolicyDocument policyDocument =
PolicyDocument.builder()
.name("DenyPolicy")
.version("2024-01-01")
.statement(
- Statement.builder().sid("DenyPolicy").effect("Deny").action(TEST_ROLE).build())
+ Statement.builder()
+ .sid("DenyPolicy")
+ .effect(Effect.DENY)
+ .action(StorageActions.GET_OBJECT)
+ .build())
+ .statement(
+ Statement.builder()
+ .sid("AllowPolicy")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.PUT_OBJECT)
+ .build())
.build();
+ // Verify: Deny statements are skipped, Allow statements are processed
AttachInlinePolicyRequest request =
AttachInlinePolicyRequest.builder()
.policyDocument(policyDocument)
@@ -291,9 +322,21 @@ void testDoAttachInlinePolicySkipsDenyStatements() {
.build();
Assertions.assertDoesNotThrow(() -> gcpIam.doAttachInlinePolicy(request));
- // Verify: setIamPolicy should not be called since Deny statements are skipped and nothing
- // changes
- verify(mockProjectsClient, times(0)).setIamPolicy(any(SetIamPolicyRequest.class));
+ verify(mockProjectsClient, times(1)).getIamPolicy(any(GetIamPolicyRequest.class));
+ verify(mockProjectsClient, times(1)).setIamPolicy(any(SetIamPolicyRequest.class));
+
+ // Verify the policy was updated with only the Allow statement's role
+ ArgumentCaptor setRequestCaptor =
+ ArgumentCaptor.forClass(SetIamPolicyRequest.class);
+ verify(mockProjectsClient, times(1)).setIamPolicy(setRequestCaptor.capture());
+
+ SetIamPolicyRequest setRequest = setRequestCaptor.getValue();
+ Policy updatedPolicy = setRequest.getPolicy();
+
+ // Should have only one binding for the Allow statement's role
+ assertEquals(1, updatedPolicy.getBindingsCount());
+ assertEquals("roles/storage.objectCreator", updatedPolicy.getBindings(0).getRole());
+ assertTrue(updatedPolicy.getBindings(0).getMembersList().contains(TEST_SERVICE_ACCOUNT));
}
@Test
@@ -1658,4 +1701,236 @@ void testDeleteIdentitySuccessfullyDeletesServiceAccount() {
// Assert - Verify the method was called
verify(mockIamClient, times(1)).deleteServiceAccount(any(DeleteServiceAccountRequest.class));
}
+
+ @Test
+ void testAttachInlinePolicyWithStorageActions() {
+ Policy existingPolicy = Policy.newBuilder().build();
+ when(mockProjectsClient.getIamPolicy(any(GetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+ when(mockProjectsClient.setIamPolicy(any(SetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+
+ PolicyDocument policyDocument =
+ PolicyDocument.builder()
+ .version("2024-01-01")
+ .statement(
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .action(StorageActions.PUT_OBJECT)
+ .build())
+ .build();
+
+ // policyDocument, TEST_TENANT_ID, TEST_REGION, TEST_SERVICE_ACCOUNT
+ gcpIam.doAttachInlinePolicy(
+ AttachInlinePolicyRequest.builder()
+ .policyDocument(policyDocument)
+ .tenantId(TEST_TENANT_ID)
+ .region(TEST_REGION)
+ .identityName(TEST_SERVICE_ACCOUNT)
+ .build());
+
+ ArgumentCaptor captor = ArgumentCaptor.forClass(SetIamPolicyRequest.class);
+ verify(mockProjectsClient, times(1)).setIamPolicy(captor.capture());
+
+ Policy updatedPolicy = captor.getValue().getPolicy();
+ List roles =
+ updatedPolicy.getBindingsList().stream()
+ .map(Binding::getRole)
+ .collect(java.util.stream.Collectors.toList());
+
+ assertTrue(roles.contains("roles/storage.objectViewer"));
+ assertTrue(roles.contains("roles/storage.objectCreator"));
+ }
+
+ @Test
+ void testAttachInlinePolicyWithComputeActions() {
+ Policy existingPolicy = Policy.newBuilder().build();
+ when(mockProjectsClient.getIamPolicy(any(GetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+ when(mockProjectsClient.setIamPolicy(any(SetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+
+ PolicyDocument policyDocument =
+ PolicyDocument.builder()
+ .version("2024-01-01")
+ .statement(
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(ComputeActions.CREATE_INSTANCE)
+ .action(ComputeActions.GET_INSTANCE)
+ .build())
+ .build();
+
+ gcpIam.doAttachInlinePolicy(
+ AttachInlinePolicyRequest.builder()
+ .policyDocument(policyDocument)
+ .tenantId(TEST_TENANT_ID)
+ .region(TEST_REGION)
+ .identityName(TEST_SERVICE_ACCOUNT)
+ .build());
+
+ ArgumentCaptor captor = ArgumentCaptor.forClass(SetIamPolicyRequest.class);
+ verify(mockProjectsClient, times(1)).setIamPolicy(captor.capture());
+
+ Policy updatedPolicy = captor.getValue().getPolicy();
+ List roles =
+ updatedPolicy.getBindingsList().stream()
+ .map(Binding::getRole)
+ .collect(java.util.stream.Collectors.toList());
+
+ assertTrue(roles.contains("roles/compute.instanceAdmin.v1"));
+ assertTrue(roles.contains("roles/compute.viewer"));
+ }
+
+ @Test
+ void testAttachInlinePolicyWithIamActions() {
+ Policy existingPolicy = Policy.newBuilder().build();
+ when(mockProjectsClient.getIamPolicy(any(GetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+ when(mockProjectsClient.setIamPolicy(any(SetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+
+ PolicyDocument policyDocument =
+ PolicyDocument.builder()
+ .version("2024-01-01")
+ .statement(
+ Statement.builder().effect(Effect.ALLOW).action(IamActions.ASSUME_ROLE).build())
+ .build();
+
+ // policyDocument, TEST_TENANT_ID, TEST_REGION, TEST_SERVICE_ACCOUNT
+ gcpIam.doAttachInlinePolicy(
+ AttachInlinePolicyRequest.builder()
+ .policyDocument(policyDocument)
+ .tenantId(TEST_TENANT_ID)
+ .region(TEST_REGION)
+ .identityName(TEST_SERVICE_ACCOUNT)
+ .build());
+
+ ArgumentCaptor captor = ArgumentCaptor.forClass(SetIamPolicyRequest.class);
+ verify(mockProjectsClient, times(1)).setIamPolicy(captor.capture());
+
+ Policy updatedPolicy = captor.getValue().getPolicy();
+ Binding binding = updatedPolicy.getBindings(0);
+ assertEquals("roles/iam.serviceAccountUser", binding.getRole());
+ assertTrue(binding.getMembersList().contains(TEST_SERVICE_ACCOUNT));
+ }
+
+ @Test
+ void testAttachInlinePolicyWithConditionsThrowsException() {
+ Policy existingPolicy = Policy.newBuilder().build();
+ when(mockProjectsClient.getIamPolicy(any(GetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+
+ PolicyDocument policyDocument =
+ PolicyDocument.builder()
+ .version("2024-01-01")
+ .statement(
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .condition(ConditionOperator.STRING_EQUALS, "key", "value")
+ .build())
+ .build();
+
+ SubstrateSdkException exception =
+ assertThrows(
+ SubstrateSdkException.class,
+ () -> {
+ // policyDocument, TEST_TENANT_ID, TEST_REGION, TEST_SERVICE_ACCOUNT
+ gcpIam.doAttachInlinePolicy(
+ AttachInlinePolicyRequest.builder()
+ .policyDocument(policyDocument)
+ .tenantId(TEST_TENANT_ID)
+ .region(TEST_REGION)
+ .identityName(TEST_SERVICE_ACCOUNT)
+ .build());
+ });
+
+ assertTrue(exception.getMessage().contains("GCP IAM policy conditions are not yet supported"));
+ verify(mockProjectsClient, times(1)).getIamPolicy(any(GetIamPolicyRequest.class));
+ verify(mockProjectsClient, times(0)).setIamPolicy(any(SetIamPolicyRequest.class));
+ }
+
+ @Test
+ void testAttachInlinePolicyWithUnknownActionThrowsException() {
+ Policy existingPolicy = Policy.newBuilder().build();
+ when(mockProjectsClient.getIamPolicy(any(GetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+
+ PolicyDocument policyDocument =
+ PolicyDocument.builder()
+ .version("2024-01-01")
+ .statement(
+ Statement.builder()
+ .effect(Effect.ALLOW)
+ .action(Action.of("unknown:Action"))
+ .build())
+ .build();
+
+ SubstrateSdkException exception =
+ assertThrows(
+ SubstrateSdkException.class,
+ () -> {
+ // policyDocument, TEST_TENANT_ID, TEST_REGION, TEST_SERVICE_ACCOUNT
+ gcpIam.doAttachInlinePolicy(
+ AttachInlinePolicyRequest.builder()
+ .policyDocument(policyDocument)
+ .tenantId(TEST_TENANT_ID)
+ .region(TEST_REGION)
+ .identityName(TEST_SERVICE_ACCOUNT)
+ .build());
+ });
+
+ assertTrue(exception.getMessage().contains("Unknown substrate-neutral action: unknown:Action"));
+ verify(mockProjectsClient, times(1)).getIamPolicy(any(GetIamPolicyRequest.class));
+ verify(mockProjectsClient, times(0)).setIamPolicy(any(SetIamPolicyRequest.class));
+ }
+
+ @Test
+ void testAttachInlinePolicyWithMultipleStatements() {
+ Policy existingPolicy = Policy.newBuilder().build();
+ when(mockProjectsClient.getIamPolicy(any(GetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+ when(mockProjectsClient.setIamPolicy(any(SetIamPolicyRequest.class)))
+ .thenReturn(existingPolicy);
+
+ PolicyDocument policyDocument =
+ PolicyDocument.builder()
+ .version("2024-01-01")
+ .statement(
+ Statement.builder()
+ .sid("StorageAccess")
+ .effect(Effect.ALLOW)
+ .action(StorageActions.GET_OBJECT)
+ .build())
+ .statement(
+ Statement.builder()
+ .sid("ComputeAccess")
+ .effect(Effect.ALLOW)
+ .action(ComputeActions.CREATE_INSTANCE)
+ .build())
+ .build();
+
+ // policyDocument, TEST_TENANT_ID, TEST_REGION, TEST_SERVICE_ACCOUNT
+ gcpIam.doAttachInlinePolicy(
+ AttachInlinePolicyRequest.builder()
+ .policyDocument(policyDocument)
+ .tenantId(TEST_TENANT_ID)
+ .region(TEST_REGION)
+ .identityName(TEST_SERVICE_ACCOUNT)
+ .build());
+
+ ArgumentCaptor captor = ArgumentCaptor.forClass(SetIamPolicyRequest.class);
+ verify(mockProjectsClient, times(1)).setIamPolicy(captor.capture());
+
+ Policy updatedPolicy = captor.getValue().getPolicy();
+ List roles =
+ updatedPolicy.getBindingsList().stream()
+ .map(Binding::getRole)
+ .collect(java.util.stream.Collectors.toList());
+
+ assertTrue(roles.contains("roles/storage.objectViewer"));
+ assertTrue(roles.contains("roles/compute.instanceAdmin.v1"));
+ }
}
diff --git a/iam/iam-gcp/src/test/resources/__files/v3_projects_substrate-sdk-gcp-poc1getiampolicy.json b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testAttachInlinePolicy-POST-0.json
similarity index 77%
rename from iam/iam-gcp/src/test/resources/__files/v3_projects_substrate-sdk-gcp-poc1getiampolicy.json
rename to iam/iam-gcp/src/test/resources/__files/GcpIamIT_testAttachInlinePolicy-POST-0.json
index 845e80d47..af363ccc7 100644
--- a/iam/iam-gcp/src/test/resources/__files/v3_projects_substrate-sdk-gcp-poc1getiampolicy.json
+++ b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testAttachInlinePolicy-POST-0.json
@@ -1,8 +1,8 @@
{
"version" : 1,
- "etag" : "BwZFJCktcro=",
+ "etag" : "BwZMmdsi9KE=",
"bindings" : [ {
- "role" : "organizations/000000000000/roles/CustomRole499",
+ "role" : "organizations/540886916070/roles/CustomRole499",
"members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "projects/substrate-sdk-gcp-poc1/roles/bucket_reader_id",
@@ -10,6 +10,9 @@
}, {
"role" : "roles/artifactregistry.admin",
"members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushRepoAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/artifactregistry.createOnPushWriter",
"members" : [ "serviceAccount:user@domain.com" ]
@@ -21,10 +24,19 @@
"members" : [ "serviceAccount:service-599653580068@gcp-sa-artifactregistry.iam.gserviceaccount.com" ]
}, {
"role" : "roles/browser",
- "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/cloudaicompanion.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudaicompanion.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudbuild.iam.gserviceaccount.com" ]
}, {
"role" : "roles/cloudkms.admin",
"members" : [ "serviceAccount:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
@@ -33,7 +45,7 @@
"members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/cloudkms.cryptoKeyEncrypterDecrypter",
- "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/cloudkms.cryptoOperator",
"members" : [ "serviceAccount:user@domain.com" ]
@@ -42,13 +54,16 @@
"members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudkms.iam.gserviceaccount.com" ]
}, {
"role" : "roles/cloudkms.viewer",
- "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/compute.instanceAdmin.v1",
"members" : [ "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/compute.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@compute-system.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.clusterAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/container.defaultNodeServiceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-gkenode.iam.gserviceaccount.com" ]
@@ -66,13 +81,16 @@
"members" : [ "user:user@domain.com" ]
}, {
"role" : "roles/datastore.user",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
}, {
"role" : "roles/dns.admin",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/editor",
- "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/firebase.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/firebase.managementServiceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-firebase.iam.gserviceaccount.com" ]
@@ -85,6 +103,9 @@
}, {
"role" : "roles/firestore.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-firestore.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/gkehub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkehub.iam.gserviceaccount.com" ]
}, {
"role" : "roles/iam.securityAdmin",
"members" : [ "group:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -96,7 +117,7 @@
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/iam.serviceAccountTokenCreator",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/iam.serviceAccountUser",
"members" : [ "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -106,9 +127,18 @@
}, {
"role" : "roles/iam.workloadIdentityUser",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-tags-iam@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.logWriter",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-logging.iam.gserviceaccount.com" ]
}, {
"role" : "roles/logging.viewer",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/multiclustermetering.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-mcmetering.iam.gserviceaccount.com" ]
}, {
"role" : "roles/networkconnectivity.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-networkconnectivity.iam.gserviceaccount.com" ]
@@ -117,25 +147,25 @@
"members" : [ "serviceAccount:service-599653580068@gcp-sa-osconfig.iam.gserviceaccount.com" ]
}, {
"role" : "roles/owner",
- "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/pubsub.admin",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.publisher",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-pubsub.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.subscriber",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.viewer",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/resourcemanager.projectIamAdmin",
- "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/resourcemanager.tagAdmin",
"members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
@@ -157,6 +187,12 @@
}, {
"role" : "roles/secretmanager.admin",
"members" : [ "group:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageConsumer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.admin",
"members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -165,7 +201,7 @@
"members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.objectAdmin",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.objectCreator",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -174,13 +210,16 @@
"members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.objectViewer",
- "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::000000000000:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::065351723461:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storageinsights.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-storageinsights.iam.gserviceaccount.com" ]
}, {
"role" : "roles/viewer",
- "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/websecurityscanner.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.admin",
"members" : [ "user:user@domain.com" ]
@@ -189,12 +228,12 @@
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.invoker",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-workflows.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.viewer",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
} ]
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/__files/v3_projects_substrate-sdk-gcp-poc1setiampolicy.json b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetAttachedPolicies-POST-0.json
similarity index 77%
rename from iam/iam-gcp/src/test/resources/__files/v3_projects_substrate-sdk-gcp-poc1setiampolicy.json
rename to iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetAttachedPolicies-POST-0.json
index 845e80d47..af363ccc7 100644
--- a/iam/iam-gcp/src/test/resources/__files/v3_projects_substrate-sdk-gcp-poc1setiampolicy.json
+++ b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetAttachedPolicies-POST-0.json
@@ -1,8 +1,8 @@
{
"version" : 1,
- "etag" : "BwZFJCktcro=",
+ "etag" : "BwZMmdsi9KE=",
"bindings" : [ {
- "role" : "organizations/000000000000/roles/CustomRole499",
+ "role" : "organizations/540886916070/roles/CustomRole499",
"members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "projects/substrate-sdk-gcp-poc1/roles/bucket_reader_id",
@@ -10,6 +10,9 @@
}, {
"role" : "roles/artifactregistry.admin",
"members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushRepoAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/artifactregistry.createOnPushWriter",
"members" : [ "serviceAccount:user@domain.com" ]
@@ -21,10 +24,19 @@
"members" : [ "serviceAccount:service-599653580068@gcp-sa-artifactregistry.iam.gserviceaccount.com" ]
}, {
"role" : "roles/browser",
- "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/cloudaicompanion.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudaicompanion.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudbuild.iam.gserviceaccount.com" ]
}, {
"role" : "roles/cloudkms.admin",
"members" : [ "serviceAccount:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
@@ -33,7 +45,7 @@
"members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/cloudkms.cryptoKeyEncrypterDecrypter",
- "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/cloudkms.cryptoOperator",
"members" : [ "serviceAccount:user@domain.com" ]
@@ -42,13 +54,16 @@
"members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudkms.iam.gserviceaccount.com" ]
}, {
"role" : "roles/cloudkms.viewer",
- "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/compute.instanceAdmin.v1",
"members" : [ "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/compute.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@compute-system.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.clusterAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/container.defaultNodeServiceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-gkenode.iam.gserviceaccount.com" ]
@@ -66,13 +81,16 @@
"members" : [ "user:user@domain.com" ]
}, {
"role" : "roles/datastore.user",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
}, {
"role" : "roles/dns.admin",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/editor",
- "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/firebase.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/firebase.managementServiceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-firebase.iam.gserviceaccount.com" ]
@@ -85,6 +103,9 @@
}, {
"role" : "roles/firestore.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-firestore.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/gkehub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkehub.iam.gserviceaccount.com" ]
}, {
"role" : "roles/iam.securityAdmin",
"members" : [ "group:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -96,7 +117,7 @@
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/iam.serviceAccountTokenCreator",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/iam.serviceAccountUser",
"members" : [ "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -106,9 +127,18 @@
}, {
"role" : "roles/iam.workloadIdentityUser",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-tags-iam@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.logWriter",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-logging.iam.gserviceaccount.com" ]
}, {
"role" : "roles/logging.viewer",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/multiclustermetering.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-mcmetering.iam.gserviceaccount.com" ]
}, {
"role" : "roles/networkconnectivity.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-networkconnectivity.iam.gserviceaccount.com" ]
@@ -117,25 +147,25 @@
"members" : [ "serviceAccount:service-599653580068@gcp-sa-osconfig.iam.gserviceaccount.com" ]
}, {
"role" : "roles/owner",
- "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/pubsub.admin",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.publisher",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-pubsub.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.subscriber",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/pubsub.viewer",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/resourcemanager.projectIamAdmin",
- "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
}, {
"role" : "roles/resourcemanager.tagAdmin",
"members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
@@ -157,6 +187,12 @@
}, {
"role" : "roles/secretmanager.admin",
"members" : [ "group:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageConsumer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.admin",
"members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -165,7 +201,7 @@
"members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.objectAdmin",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.objectCreator",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
@@ -174,13 +210,16 @@
"members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storage.objectViewer",
- "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::000000000000:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::065351723461:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/storageinsights.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-storageinsights.iam.gserviceaccount.com" ]
}, {
"role" : "roles/viewer",
- "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/websecurityscanner.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.admin",
"members" : [ "user:user@domain.com" ]
@@ -189,12 +228,12 @@
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.invoker",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.serviceAgent",
"members" : [ "serviceAccount:service-599653580068@gcp-sa-workflows.iam.gserviceaccount.com" ]
}, {
"role" : "roles/workflows.viewer",
- "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
} ]
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetAttachedPolicies-POST-1.json b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetAttachedPolicies-POST-1.json
new file mode 100644
index 000000000..af363ccc7
--- /dev/null
+++ b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetAttachedPolicies-POST-1.json
@@ -0,0 +1,239 @@
+{
+ "version" : 1,
+ "etag" : "BwZMmdsi9KE=",
+ "bindings" : [ {
+ "role" : "organizations/540886916070/roles/CustomRole499",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "projects/substrate-sdk-gcp-poc1/roles/bucket_reader_id",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushRepoAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushWriter",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.reader",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-artifactregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/browser",
+ "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudaicompanion.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudaicompanion.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudbuild.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.admin",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypter",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypterDecrypter",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoOperator",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudkms.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.viewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/compute.instanceAdmin.v1",
+ "members" : [ "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/compute.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@compute-system.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.clusterAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.defaultNodeServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkenode.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@container-engine-robot.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/containerregistry.ServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@containerregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.bulkAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.owner",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/datastore.user",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/dns.admin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/editor",
+ "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/firebase.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.managementServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firebase.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.sdkAdminServiceAgent",
+ "members" : [ "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebaserules.system",
+ "members" : [ "serviceAccount:service-599653580068@firebase-rules.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firestore.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firestore.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/gkehub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkehub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.securityAdmin",
+ "members" : [ "group:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountOpenIdTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountUser",
+ "members" : [ "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityPoolAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityUser",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-tags-iam@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.logWriter",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-logging.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/multiclustermetering.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-mcmetering.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/networkconnectivity.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-networkconnectivity.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/osconfig.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-osconfig.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/owner",
+ "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/pubsub.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.publisher",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-pubsub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.subscriber",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/resourcemanager.projectIamAdmin",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagUser",
+ "members" : [ "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagViewer",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/run.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@serverless-robot-prod.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/secretmanager.admin",
+ "members" : [ "group:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageConsumer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.admin",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.bucketViewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectAdmin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator_withcond_959e4e2cb764fe9c3a0a",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectViewer",
+ "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::065351723461:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storageinsights.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-storageinsights.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/viewer",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/websecurityscanner.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.admin",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/workflows.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.invoker",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-workflows.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.viewer",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ } ]
+}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetInlinePolicyDetails-POST-0.json b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetInlinePolicyDetails-POST-0.json
new file mode 100644
index 000000000..af363ccc7
--- /dev/null
+++ b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetInlinePolicyDetails-POST-0.json
@@ -0,0 +1,239 @@
+{
+ "version" : 1,
+ "etag" : "BwZMmdsi9KE=",
+ "bindings" : [ {
+ "role" : "organizations/540886916070/roles/CustomRole499",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "projects/substrate-sdk-gcp-poc1/roles/bucket_reader_id",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushRepoAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushWriter",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.reader",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-artifactregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/browser",
+ "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudaicompanion.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudaicompanion.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudbuild.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.admin",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypter",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypterDecrypter",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoOperator",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudkms.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.viewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/compute.instanceAdmin.v1",
+ "members" : [ "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/compute.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@compute-system.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.clusterAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.defaultNodeServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkenode.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@container-engine-robot.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/containerregistry.ServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@containerregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.bulkAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.owner",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/datastore.user",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/dns.admin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/editor",
+ "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/firebase.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.managementServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firebase.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.sdkAdminServiceAgent",
+ "members" : [ "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebaserules.system",
+ "members" : [ "serviceAccount:service-599653580068@firebase-rules.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firestore.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firestore.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/gkehub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkehub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.securityAdmin",
+ "members" : [ "group:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountOpenIdTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountUser",
+ "members" : [ "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityPoolAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityUser",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-tags-iam@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.logWriter",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-logging.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/multiclustermetering.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-mcmetering.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/networkconnectivity.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-networkconnectivity.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/osconfig.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-osconfig.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/owner",
+ "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/pubsub.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.publisher",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-pubsub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.subscriber",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/resourcemanager.projectIamAdmin",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagUser",
+ "members" : [ "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagViewer",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/run.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@serverless-robot-prod.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/secretmanager.admin",
+ "members" : [ "group:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageConsumer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.admin",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.bucketViewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectAdmin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator_withcond_959e4e2cb764fe9c3a0a",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectViewer",
+ "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::065351723461:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storageinsights.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-storageinsights.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/viewer",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/websecurityscanner.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.admin",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/workflows.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.invoker",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-workflows.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.viewer",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ } ]
+}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetInlinePolicyDetails-POST-1.json b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetInlinePolicyDetails-POST-1.json
new file mode 100644
index 000000000..af363ccc7
--- /dev/null
+++ b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testGetInlinePolicyDetails-POST-1.json
@@ -0,0 +1,239 @@
+{
+ "version" : 1,
+ "etag" : "BwZMmdsi9KE=",
+ "bindings" : [ {
+ "role" : "organizations/540886916070/roles/CustomRole499",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "projects/substrate-sdk-gcp-poc1/roles/bucket_reader_id",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushRepoAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushWriter",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.reader",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-artifactregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/browser",
+ "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudaicompanion.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudaicompanion.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudbuild.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.admin",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypter",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypterDecrypter",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoOperator",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudkms.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.viewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/compute.instanceAdmin.v1",
+ "members" : [ "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/compute.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@compute-system.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.clusterAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.defaultNodeServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkenode.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@container-engine-robot.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/containerregistry.ServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@containerregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.bulkAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.owner",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/datastore.user",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/dns.admin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/editor",
+ "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/firebase.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.managementServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firebase.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.sdkAdminServiceAgent",
+ "members" : [ "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebaserules.system",
+ "members" : [ "serviceAccount:service-599653580068@firebase-rules.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firestore.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firestore.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/gkehub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkehub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.securityAdmin",
+ "members" : [ "group:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountOpenIdTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountUser",
+ "members" : [ "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityPoolAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityUser",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-tags-iam@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.logWriter",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-logging.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/multiclustermetering.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-mcmetering.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/networkconnectivity.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-networkconnectivity.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/osconfig.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-osconfig.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/owner",
+ "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/pubsub.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.publisher",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-pubsub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.subscriber",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/resourcemanager.projectIamAdmin",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagUser",
+ "members" : [ "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagViewer",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/run.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@serverless-robot-prod.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/secretmanager.admin",
+ "members" : [ "group:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageConsumer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.admin",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.bucketViewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectAdmin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator_withcond_959e4e2cb764fe9c3a0a",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectViewer",
+ "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::065351723461:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storageinsights.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-storageinsights.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/viewer",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/websecurityscanner.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.admin",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/workflows.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.invoker",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-workflows.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.viewer",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ } ]
+}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testRemovePolicy-POST-0.json b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testRemovePolicy-POST-0.json
new file mode 100644
index 000000000..af363ccc7
--- /dev/null
+++ b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testRemovePolicy-POST-0.json
@@ -0,0 +1,239 @@
+{
+ "version" : 1,
+ "etag" : "BwZMmdsi9KE=",
+ "bindings" : [ {
+ "role" : "organizations/540886916070/roles/CustomRole499",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "projects/substrate-sdk-gcp-poc1/roles/bucket_reader_id",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushRepoAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushWriter",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.reader",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-artifactregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/browser",
+ "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudaicompanion.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudaicompanion.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudbuild.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.admin",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypter",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypterDecrypter",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoOperator",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudkms.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.viewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/compute.instanceAdmin.v1",
+ "members" : [ "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/compute.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@compute-system.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.clusterAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.defaultNodeServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkenode.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@container-engine-robot.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/containerregistry.ServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@containerregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.bulkAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.owner",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/datastore.user",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/dns.admin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/editor",
+ "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/firebase.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.managementServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firebase.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.sdkAdminServiceAgent",
+ "members" : [ "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebaserules.system",
+ "members" : [ "serviceAccount:service-599653580068@firebase-rules.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firestore.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firestore.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/gkehub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkehub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.securityAdmin",
+ "members" : [ "group:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountOpenIdTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountUser",
+ "members" : [ "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityPoolAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityUser",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-tags-iam@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.logWriter",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-logging.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/multiclustermetering.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-mcmetering.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/networkconnectivity.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-networkconnectivity.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/osconfig.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-osconfig.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/owner",
+ "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/pubsub.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.publisher",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-pubsub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.subscriber",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/resourcemanager.projectIamAdmin",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagUser",
+ "members" : [ "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagViewer",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/run.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@serverless-robot-prod.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/secretmanager.admin",
+ "members" : [ "group:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageConsumer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.admin",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.bucketViewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectAdmin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator_withcond_959e4e2cb764fe9c3a0a",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectViewer",
+ "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::065351723461:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storageinsights.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-storageinsights.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/viewer",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/websecurityscanner.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.admin",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/workflows.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.invoker",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-workflows.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.viewer",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ } ]
+}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testRemovePolicy-POST-1.json b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testRemovePolicy-POST-1.json
new file mode 100644
index 000000000..af363ccc7
--- /dev/null
+++ b/iam/iam-gcp/src/test/resources/__files/GcpIamIT_testRemovePolicy-POST-1.json
@@ -0,0 +1,239 @@
+{
+ "version" : 1,
+ "etag" : "BwZMmdsi9KE=",
+ "bindings" : [ {
+ "role" : "organizations/540886916070/roles/CustomRole499",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "projects/substrate-sdk-gcp-poc1/roles/bucket_reader_id",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushRepoAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/artifactregistry.createOnPushWriter",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.reader",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/artifactregistry.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-artifactregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/browser",
+ "members" : [ "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudaicompanion.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudaicompanion.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudbuild.builds.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudbuild.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudbuild.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.admin",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypter",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoKeyEncrypterDecrypter",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.cryptoOperator",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/cloudkms.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-cloudkms.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/cloudkms.viewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/compute.instanceAdmin.v1",
+ "members" : [ "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/compute.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@compute-system.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.clusterAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.defaultNodeServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkenode.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/container.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@container-engine-robot.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/containerregistry.ServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@containerregistry.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.bulkAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/datastore.owner",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/datastore.user",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/dns.admin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/editor",
+ "members" : [ "group:user@domain.com", "group:user@domain.com", "serviceAccount:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/firebase.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.managementServiceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firebase.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebase.sdkAdminServiceAgent",
+ "members" : [ "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firebaserules.system",
+ "members" : [ "serviceAccount:service-599653580068@firebase-rules.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/firestore.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-firestore.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/gkehub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-gkehub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.securityAdmin",
+ "members" : [ "group:user@domain.com", "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountOpenIdTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountTokenCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:firebase-adminsdk-fbsvc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/iam.serviceAccountUser",
+ "members" : [ "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityPoolAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/iam.workloadIdentityUser",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:pcs-wis-service@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-tags-iam@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.logWriter",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-logging.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/logging.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/multiclustermetering.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-mcmetering.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/networkconnectivity.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-networkconnectivity.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/osconfig.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-osconfig.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/owner",
+ "members" : [ "serviceAccount:test-chameleon-multisubstrate@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:zxie-test@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/pubsub.admin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.publisher",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-pubsub.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.subscriber",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/pubsub.viewer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/resourcemanager.projectIamAdmin",
+ "members" : [ "group:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagAdmin",
+ "members" : [ "serviceAccount:pcs-wis-access@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:wisglobalrole@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagUser",
+ "members" : [ "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/resourcemanager.tagViewer",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.admin",
+ "members" : [ "serviceAccount:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/run.builder",
+ "members" : [ "serviceAccount:user@domain.com" ]
+ }, {
+ "role" : "roles/run.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@serverless-robot-prod.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/secretmanager.admin",
+ "members" : [ "group:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageAdmin",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/serviceusage.serviceUsageConsumer",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.admin",
+ "members" : [ "serviceAccount:bootstrap-terraform@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.bucketViewer",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectAdmin",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectCreator_withcond_959e4e2cb764fe9c3a0a",
+ "members" : [ "serviceAccount:raphty-aws@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storage.objectViewer",
+ "members" : [ "principalSet://iam.googleapis.com/projects/599653580068/locations/global/workloadIdentityPools/raphty-aws/attribute.aws_role/arn:aws:iam::065351723461:role/raphty-yz6qfcuppuxhyomcqhw1lgu", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:my-gcp-sa-s3@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/storageinsights.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-storageinsights.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/viewer",
+ "members" : [ "serviceAccount:user@domain.com", "serviceAccount:test-sa-1@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "serviceAccount:test-sa-2@substrate-sdk-gcp-poc1.iam.gserviceaccount.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com", "user:user@domain.com" ]
+ }, {
+ "role" : "roles/websecurityscanner.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-websecurityscanner.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.admin",
+ "members" : [ "user:user@domain.com" ]
+ }, {
+ "role" : "roles/workflows.editor",
+ "members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.invoker",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.serviceAgent",
+ "members" : [ "serviceAccount:service-599653580068@gcp-sa-workflows.iam.gserviceaccount.com" ]
+ }, {
+ "role" : "roles/workflows.viewer",
+ "members" : [ "serviceAccount:cha-pdtgeka5xmxny3szlqqj4tvwkq@sfdc-gffjhgy7cpswrysq98dnt9mbz.iam.gserviceaccount.com", "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
+ } ]
+}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testattachinlinepolicy-post-0.json b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testattachinlinepolicy-post-0.json
new file mode 100644
index 000000000..82fd71d71
--- /dev/null
+++ b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testattachinlinepolicy-post-0.json
@@ -0,0 +1,42 @@
+{
+ "id" : "22d93c52-f67e-43c8-88db-3e484ac651e4",
+ "name" : "GcpIamIT_testAttachInlinePolicy-POST-0",
+ "request" : {
+ "urlPath" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy",
+ "method" : "POST",
+ "headers" : {
+ "X-Query-Param-Count" : {
+ "equalTo" : "1"
+ }
+ },
+ "queryParameters" : {
+ "$alt" : {
+ "hasExactly" : [ {
+ "equalTo" : "json;enum-encoding=int"
+ } ]
+ }
+ },
+ "bodyPatterns" : [ {
+ "equalToJson" : "{}",
+ "ignoreArrayOrder" : true,
+ "ignoreExtraElements" : false
+ } ]
+ },
+ "response" : {
+ "status" : 200,
+ "bodyFileName" : "GcpIamIT_testAttachInlinePolicy-POST-0.json",
+ "headers" : {
+ "X-Frame-Options" : "SAMEORIGIN",
+ "Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
+ "Server" : "ESF",
+ "X-Content-Type-Options" : "nosniff",
+ "Vary" : [ "Origin", "X-Origin", "Referer" ],
+ "X-XSS-Protection" : "0",
+ "Date" : "Tue, 10 Mar 2026 06:21:31 GMT",
+ "Content-Type" : "application/json; charset=UTF-8"
+ }
+ },
+ "uuid" : "22d93c52-f67e-43c8-88db-3e484ac651e4",
+ "persistent" : true,
+ "insertionIndex" : 25
+}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-nminjngckd.json b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetattachedpolicies-post-0.json
similarity index 56%
rename from iam/iam-gcp/src/test/resources/mappings/post-nminjngckd.json
rename to iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetattachedpolicies-post-0.json
index e7f9d3c42..7515421d0 100644
--- a/iam/iam-gcp/src/test/resources/mappings/post-nminjngckd.json
+++ b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetattachedpolicies-post-0.json
@@ -1,9 +1,21 @@
{
- "id" : "e49fea98-8778-4b86-932e-4cfe8c9037e1",
- "name" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy",
+ "id" : "c0e86160-423b-4e65-bb58-0b9b5b374254",
+ "name" : "GcpIamIT_testGetAttachedPolicies-POST-0",
"request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy?$alt=json;enum-encoding%3Dint",
+ "urlPath" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy",
"method" : "POST",
+ "headers" : {
+ "X-Query-Param-Count" : {
+ "equalTo" : "1"
+ }
+ },
+ "queryParameters" : {
+ "$alt" : {
+ "hasExactly" : [ {
+ "equalTo" : "json;enum-encoding=int"
+ } ]
+ }
+ },
"bodyPatterns" : [ {
"equalToJson" : "{}",
"ignoreArrayOrder" : true,
@@ -12,7 +24,7 @@
},
"response" : {
"status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy.json",
+ "bodyFileName" : "GcpIamIT_testGetAttachedPolicies-POST-0.json",
"headers" : {
"X-Frame-Options" : "SAMEORIGIN",
"Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
@@ -20,13 +32,13 @@
"X-Content-Type-Options" : "nosniff",
"Vary" : [ "Origin", "X-Origin", "Referer" ],
"X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:24 GMT",
+ "Date" : "Tue, 10 Mar 2026 06:21:17 GMT",
"Content-Type" : "application/json; charset=UTF-8"
}
},
- "uuid" : "e49fea98-8778-4b86-932e-4cfe8c9037e1",
+ "uuid" : "c0e86160-423b-4e65-bb58-0b9b5b374254",
"persistent" : true,
"scenarioName" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy",
"requiredScenarioState" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy-2",
- "insertionIndex" : 1
+ "insertionIndex" : 19
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-5aattfatgv.json b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetattachedpolicies-post-1.json
similarity index 57%
rename from iam/iam-gcp/src/test/resources/mappings/post-5aattfatgv.json
rename to iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetattachedpolicies-post-1.json
index 45e180d64..0314e5256 100644
--- a/iam/iam-gcp/src/test/resources/mappings/post-5aattfatgv.json
+++ b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetattachedpolicies-post-1.json
@@ -1,9 +1,21 @@
{
- "id" : "50b9598e-41a3-48d1-91c4-cc76fc83f125",
- "name" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy",
+ "id" : "b4277c8a-5694-4d7a-87ea-d09211150390",
+ "name" : "GcpIamIT_testGetAttachedPolicies-POST-1",
"request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy?$alt=json;enum-encoding%3Dint",
+ "urlPath" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy",
"method" : "POST",
+ "headers" : {
+ "X-Query-Param-Count" : {
+ "equalTo" : "1"
+ }
+ },
+ "queryParameters" : {
+ "$alt" : {
+ "hasExactly" : [ {
+ "equalTo" : "json;enum-encoding=int"
+ } ]
+ }
+ },
"bodyPatterns" : [ {
"equalToJson" : "{}",
"ignoreArrayOrder" : true,
@@ -12,7 +24,7 @@
},
"response" : {
"status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy.json",
+ "bodyFileName" : "GcpIamIT_testGetAttachedPolicies-POST-1.json",
"headers" : {
"X-Frame-Options" : "SAMEORIGIN",
"Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
@@ -20,14 +32,14 @@
"X-Content-Type-Options" : "nosniff",
"Vary" : [ "Origin", "X-Origin", "Referer" ],
"X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:25 GMT",
+ "Date" : "Tue, 10 Mar 2026 06:21:15 GMT",
"Content-Type" : "application/json; charset=UTF-8"
}
},
- "uuid" : "50b9598e-41a3-48d1-91c4-cc76fc83f125",
+ "uuid" : "b4277c8a-5694-4d7a-87ea-d09211150390",
"persistent" : true,
"scenarioName" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy",
"requiredScenarioState" : "Started",
"newScenarioState" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy-2",
- "insertionIndex" : 6
+ "insertionIndex" : 20
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-xkfmqhdn11.json b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetinlinepolicydetails-post-0.json
similarity index 57%
rename from iam/iam-gcp/src/test/resources/mappings/post-xkfmqhdn11.json
rename to iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetinlinepolicydetails-post-0.json
index 039e48980..f6906a247 100644
--- a/iam/iam-gcp/src/test/resources/mappings/post-xkfmqhdn11.json
+++ b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetinlinepolicydetails-post-0.json
@@ -1,9 +1,21 @@
{
- "id" : "1ca367ef-1ab1-42e0-bd8d-e5b327da0828",
- "name" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy",
+ "id" : "88f7182c-bc2a-4722-baed-0690b332548c",
+ "name" : "GcpIamIT_testGetInlinePolicyDetails-POST-0",
"request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy?$alt=json;enum-encoding%3Dint",
+ "urlPath" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy",
"method" : "POST",
+ "headers" : {
+ "X-Query-Param-Count" : {
+ "equalTo" : "1"
+ }
+ },
+ "queryParameters" : {
+ "$alt" : {
+ "hasExactly" : [ {
+ "equalTo" : "json;enum-encoding=int"
+ } ]
+ }
+ },
"bodyPatterns" : [ {
"equalToJson" : "{}",
"ignoreArrayOrder" : true,
@@ -12,7 +24,7 @@
},
"response" : {
"status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy.json",
+ "bodyFileName" : "GcpIamIT_testGetInlinePolicyDetails-POST-0.json",
"headers" : {
"X-Frame-Options" : "SAMEORIGIN",
"Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
@@ -20,11 +32,11 @@
"X-Content-Type-Options" : "nosniff",
"Vary" : [ "Origin", "X-Origin", "Referer" ],
"X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:33 GMT",
+ "Date" : "Tue, 10 Mar 2026 06:20:56 GMT",
"Content-Type" : "application/json; charset=UTF-8"
}
},
- "uuid" : "1ca367ef-1ab1-42e0-bd8d-e5b327da0828",
+ "uuid" : "88f7182c-bc2a-4722-baed-0690b332548c",
"persistent" : true,
"scenarioName" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy",
"requiredScenarioState" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy-2",
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-mxkzqugtut.json b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetinlinepolicydetails-post-1.json
similarity index 56%
rename from iam/iam-gcp/src/test/resources/mappings/post-mxkzqugtut.json
rename to iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetinlinepolicydetails-post-1.json
index a0653b796..3bcda473b 100644
--- a/iam/iam-gcp/src/test/resources/mappings/post-mxkzqugtut.json
+++ b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testgetinlinepolicydetails-post-1.json
@@ -1,9 +1,21 @@
{
- "id" : "0acb1c66-bec3-4879-bab8-8db44a6fc534",
- "name" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy",
+ "id" : "33e13a3c-d5af-4a95-813b-5e7ef75d7db8",
+ "name" : "GcpIamIT_testGetInlinePolicyDetails-POST-1",
"request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy?$alt=json;enum-encoding%3Dint",
+ "urlPath" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy",
"method" : "POST",
+ "headers" : {
+ "X-Query-Param-Count" : {
+ "equalTo" : "1"
+ }
+ },
+ "queryParameters" : {
+ "$alt" : {
+ "hasExactly" : [ {
+ "equalTo" : "json;enum-encoding=int"
+ } ]
+ }
+ },
"bodyPatterns" : [ {
"equalToJson" : "{}",
"ignoreArrayOrder" : true,
@@ -12,7 +24,7 @@
},
"response" : {
"status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy.json",
+ "bodyFileName" : "GcpIamIT_testGetInlinePolicyDetails-POST-1.json",
"headers" : {
"X-Frame-Options" : "SAMEORIGIN",
"Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
@@ -20,14 +32,14 @@
"X-Content-Type-Options" : "nosniff",
"Vary" : [ "Origin", "X-Origin", "Referer" ],
"X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:22 GMT",
+ "Date" : "Tue, 10 Mar 2026 06:20:54 GMT",
"Content-Type" : "application/json; charset=UTF-8"
}
},
- "uuid" : "0acb1c66-bec3-4879-bab8-8db44a6fc534",
+ "uuid" : "33e13a3c-d5af-4a95-813b-5e7ef75d7db8",
"persistent" : true,
"scenarioName" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy",
"requiredScenarioState" : "Started",
"newScenarioState" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy-2",
- "insertionIndex" : 2
+ "insertionIndex" : 9
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-oac0vju14e.json b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testremovepolicy-post-0.json
similarity index 56%
rename from iam/iam-gcp/src/test/resources/mappings/post-oac0vju14e.json
rename to iam/iam-gcp/src/test/resources/mappings/gcpiamit_testremovepolicy-post-0.json
index a0772e4de..010664ddd 100644
--- a/iam/iam-gcp/src/test/resources/mappings/post-oac0vju14e.json
+++ b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testremovepolicy-post-0.json
@@ -1,9 +1,21 @@
{
- "id" : "7633676d-e774-4262-be57-571dd0e16f92",
- "name" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy",
+ "id" : "dc601264-598f-41b7-ad7b-b760df7e7189",
+ "name" : "GcpIamIT_testRemovePolicy-POST-0",
"request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy?$alt=json;enum-encoding%3Dint",
+ "urlPath" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy",
"method" : "POST",
+ "headers" : {
+ "X-Query-Param-Count" : {
+ "equalTo" : "1"
+ }
+ },
+ "queryParameters" : {
+ "$alt" : {
+ "hasExactly" : [ {
+ "equalTo" : "json;enum-encoding=int"
+ } ]
+ }
+ },
"bodyPatterns" : [ {
"equalToJson" : "{}",
"ignoreArrayOrder" : true,
@@ -12,7 +24,7 @@
},
"response" : {
"status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy.json",
+ "bodyFileName" : "GcpIamIT_testRemovePolicy-POST-0.json",
"headers" : {
"X-Frame-Options" : "SAMEORIGIN",
"Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
@@ -20,13 +32,13 @@
"X-Content-Type-Options" : "nosniff",
"Vary" : [ "Origin", "X-Origin", "Referer" ],
"X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:26 GMT",
+ "Date" : "Tue, 10 Mar 2026 06:21:13 GMT",
"Content-Type" : "application/json; charset=UTF-8"
}
},
- "uuid" : "7633676d-e774-4262-be57-571dd0e16f92",
+ "uuid" : "dc601264-598f-41b7-ad7b-b760df7e7189",
"persistent" : true,
"scenarioName" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy",
"requiredScenarioState" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy-2",
- "insertionIndex" : 5
+ "insertionIndex" : 16
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-skt7azqyn1.json b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testremovepolicy-post-1.json
similarity index 57%
rename from iam/iam-gcp/src/test/resources/mappings/post-skt7azqyn1.json
rename to iam/iam-gcp/src/test/resources/mappings/gcpiamit_testremovepolicy-post-1.json
index ac8b77fc2..d2ca5b897 100644
--- a/iam/iam-gcp/src/test/resources/mappings/post-skt7azqyn1.json
+++ b/iam/iam-gcp/src/test/resources/mappings/gcpiamit_testremovepolicy-post-1.json
@@ -1,9 +1,21 @@
{
- "id" : "b99f2e19-aa6b-4d92-b88b-53ece072e869",
- "name" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy",
+ "id" : "80c15e98-0c97-4175-a80f-d6ebbbca4226",
+ "name" : "GcpIamIT_testRemovePolicy-POST-1",
"request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy?$alt=json;enum-encoding%3Dint",
+ "urlPath" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy",
"method" : "POST",
+ "headers" : {
+ "X-Query-Param-Count" : {
+ "equalTo" : "1"
+ }
+ },
+ "queryParameters" : {
+ "$alt" : {
+ "hasExactly" : [ {
+ "equalTo" : "json;enum-encoding=int"
+ } ]
+ }
+ },
"bodyPatterns" : [ {
"equalToJson" : "{}",
"ignoreArrayOrder" : true,
@@ -12,7 +24,7 @@
},
"response" : {
"status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy.json",
+ "bodyFileName" : "GcpIamIT_testRemovePolicy-POST-1.json",
"headers" : {
"X-Frame-Options" : "SAMEORIGIN",
"Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
@@ -20,14 +32,14 @@
"X-Content-Type-Options" : "nosniff",
"Vary" : [ "Origin", "X-Origin", "Referer" ],
"X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:30 GMT",
+ "Date" : "Tue, 10 Mar 2026 06:21:12 GMT",
"Content-Type" : "application/json; charset=UTF-8"
}
},
- "uuid" : "b99f2e19-aa6b-4d92-b88b-53ece072e869",
+ "uuid" : "80c15e98-0c97-4175-a80f-d6ebbbca4226",
"persistent" : true,
"scenarioName" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy",
"requiredScenarioState" : "Started",
"newScenarioState" : "scenario-1-v3-projects-substrate-sdk-gcp-poc1:getIamPolicy-2",
- "insertionIndex" : 10
+ "insertionIndex" : 17
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-pkw37nmslw.json b/iam/iam-gcp/src/test/resources/mappings/post-pkw37nmslw.json
deleted file mode 100644
index 5694eb5a3..000000000
--- a/iam/iam-gcp/src/test/resources/mappings/post-pkw37nmslw.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "id" : "e870947d-5f8c-4b0c-b4a2-691c27366dea",
- "name" : "v3_projects_substrate-sdk-gcp-poc1setiampolicy",
- "request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:setIamPolicy?$alt=json;enum-encoding%3Dint",
- "method" : "POST",
- "bodyPatterns" : [ {
- "matchesJsonPath" : "$.policy"
- }, {
- "matchesJsonPath" : "$.policy.bindings"
- } ]
- },
- "response" : {
- "status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1setiampolicy.json",
- "headers" : {
- "X-Frame-Options" : "SAMEORIGIN",
- "Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
- "Server" : "ESF",
- "X-Content-Type-Options" : "nosniff",
- "Vary" : [ "Origin", "X-Origin", "Referer" ],
- "X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:32 GMT",
- "Content-Type" : "application/json; charset=UTF-8"
- }
- },
- "uuid" : "e870947d-5f8c-4b0c-b4a2-691c27366dea",
- "persistent" : true,
- "insertionIndex" : 9
-}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-wvlsovhqyv.json b/iam/iam-gcp/src/test/resources/mappings/post-wvlsovhqyv.json
deleted file mode 100644
index ca520b1aa..000000000
--- a/iam/iam-gcp/src/test/resources/mappings/post-wvlsovhqyv.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "id" : "2bd9315b-7a98-4be0-888b-0b624db826a9",
- "name" : "v3_projects_substrate-sdk-gcp-poc1setiampolicy",
- "request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:setIamPolicy?$alt=json;enum-encoding%3Dint",
- "method" : "POST",
- "bodyPatterns" : [ {
- "matchesJsonPath" : "$.policy"
- }, {
- "matchesJsonPath" : "$.policy.bindings"
- } ]
- },
- "response" : {
- "status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1setiampolicy.json",
- "headers" : {
- "X-Frame-Options" : "SAMEORIGIN",
- "Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
- "Server" : "ESF",
- "X-Content-Type-Options" : "nosniff",
- "Vary" : [ "Origin", "X-Origin", "Referer" ],
- "X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:28 GMT",
- "Content-Type" : "application/json; charset=UTF-8"
- }
- },
- "uuid" : "2bd9315b-7a98-4be0-888b-0b624db826a9",
- "persistent" : true,
- "insertionIndex" : 4
-}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/mappings/post-xuddonq8r7.json b/iam/iam-gcp/src/test/resources/mappings/post-xuddonq8r7.json
deleted file mode 100644
index 1f487b51a..000000000
--- a/iam/iam-gcp/src/test/resources/mappings/post-xuddonq8r7.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "id" : "68bcaca7-e8b2-4bf5-a8e6-8b3cc92a3e7e",
- "name" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy",
- "request" : {
- "url" : "/v3/projects/substrate-sdk-gcp-poc1:getIamPolicy?$alt=json;enum-encoding%3Dint",
- "method" : "POST",
- "bodyPatterns" : [ {
- "equalToJson" : "{}",
- "ignoreArrayOrder" : true,
- "ignoreExtraElements" : false
- } ]
- },
- "response" : {
- "status" : 200,
- "bodyFileName" : "v3_projects_substrate-sdk-gcp-poc1getiampolicy.json",
- "headers" : {
- "X-Frame-Options" : "SAMEORIGIN",
- "Alt-Svc" : "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000",
- "Server" : "ESF",
- "X-Content-Type-Options" : "nosniff",
- "Vary" : [ "Origin", "X-Origin", "Referer" ],
- "X-XSS-Protection" : "0",
- "Date" : "Thu, 04 Dec 2025 18:04:34 GMT",
- "Content-Type" : "application/json; charset=UTF-8"
- }
- },
- "uuid" : "68bcaca7-e8b2-4bf5-a8e6-8b3cc92a3e7e",
- "persistent" : true,
- "insertionIndex" : 12
-}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-0038e34cce.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithNullDescription-CreateServiceAccount-0.json
similarity index 85%
rename from iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-0038e34cce.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithNullDescription-CreateServiceAccount-0.json
index 10b46c662..03baaed91 100644
--- a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-0038e34cce.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithNullDescription-CreateServiceAccount-0.json
@@ -10,10 +10,10 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaNoDesc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "108085590103743633246",
+ "uniqueId" : "102865126650479399537",
"email" : "testSaNoDesc@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaNoDesc",
"etag" : "MDEwMjE5MjA=",
- "oauth2ClientId" : "108085590103743633246"
+ "oauth2ClientId" : "102865126650479399537"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-2b53a9fbf4.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithNullDescription-DeleteServiceAccount-1.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-2b53a9fbf4.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithNullDescription-DeleteServiceAccount-1.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-f89eed1a0c.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithOptions-CreateServiceAccount-0.json
similarity index 88%
rename from iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-f89eed1a0c.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithOptions-CreateServiceAccount-0.json
index 201617fd2..5f829b0d9 100644
--- a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-f89eed1a0c.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithOptions-CreateServiceAccount-0.json
@@ -11,11 +11,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaOptions@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "109565557264935454464",
+ "uniqueId" : "102953692975457158239",
"email" : "testSaOptions@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaOptions",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity with options",
- "oauth2ClientId" : "109565557264935454464"
+ "oauth2ClientId" : "102953692975457158239"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-3fbaf6618d.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithOptions-DeleteServiceAccount-1.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-3fbaf6618d.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithOptions-DeleteServiceAccount-1.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-5ac1ccc649.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-CreateServiceAccount-0.json
similarity index 88%
rename from iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-5ac1ccc649.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-CreateServiceAccount-0.json
index 9898f4d90..426f86022 100644
--- a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-5ac1ccc649.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-CreateServiceAccount-0.json
@@ -11,11 +11,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaTrusted@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "114226505833153891027",
+ "uniqueId" : "115083799994541468311",
"email" : "testSaTrusted@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaTrusted",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity with trust configuration",
- "oauth2ClientId" : "114226505833153891027"
+ "oauth2ClientId" : "115083799994541468311"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-3a633a932c.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-DeleteServiceAccount-3.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-3a633a932c.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-DeleteServiceAccount-3.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/GetIamPolicy-9ed4add206.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-GetIamPolicy-1.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/GetIamPolicy-9ed4add206.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-GetIamPolicy-1.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/SetIamPolicy-b8908f14aa.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-SetIamPolicy-2.json
similarity index 95%
rename from iam/iam-gcp/src/test/resources/recordings/SetIamPolicy-b8908f14aa.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-SetIamPolicy-2.json
index d6fc61b96..950b8000b 100644
--- a/iam/iam-gcp/src/test/resources/recordings/SetIamPolicy-b8908f14aa.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithTrustConfig-SetIamPolicy-2.json
@@ -12,7 +12,7 @@
},
"response" : {
"version" : 1,
- "etag" : "BwZGM212JDM=",
+ "etag" : "BwZMpYeYQ7Y=",
"bindings" : [ {
"role" : "roles/iam.serviceAccountTokenCreator",
"members" : [ "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com" ]
diff --git a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-fad45e7acf.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithoutTrustConfig-CreateServiceAccount-0.json
similarity index 88%
rename from iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-fad45e7acf.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithoutTrustConfig-CreateServiceAccount-0.json
index 2b46794d7..3dd8b166f 100644
--- a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-fad45e7acf.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithoutTrustConfig-CreateServiceAccount-0.json
@@ -11,11 +11,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSa@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "103620143516080021483",
+ "uniqueId" : "104843033574003145131",
"email" : "testSa@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSa",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity for MultiCloudJ integration tests",
- "oauth2ClientId" : "103620143516080021483"
+ "oauth2ClientId" : "104843033574003145131"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-dfbbbafc77.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithoutTrustConfig-DeleteServiceAccount-1.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-dfbbbafc77.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testCreateIdentityWithoutTrustConfig-DeleteServiceAccount-1.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-dbb645f094.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testDeleteIdentity-CreateServiceAccount-0.json
similarity index 88%
rename from iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-dbb645f094.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testDeleteIdentity-CreateServiceAccount-0.json
index 7618a409c..90db8bb94 100644
--- a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-dbb645f094.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testDeleteIdentity-CreateServiceAccount-0.json
@@ -11,11 +11,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaDelete@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "112498036806527349406",
+ "uniqueId" : "103339348629474298603",
"email" : "testSaDelete@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaDelete",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity for delete operation",
- "oauth2ClientId" : "112498036806527349406"
+ "oauth2ClientId" : "103339348629474298603"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-0aacb9ede1.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testDeleteIdentity-DeleteServiceAccount-1.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-0aacb9ede1.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testDeleteIdentity-DeleteServiceAccount-1.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-192993f719.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-CreateServiceAccount-0.json
similarity index 87%
rename from iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-192993f719.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-CreateServiceAccount-0.json
index 73d22c97f..968b529b8 100644
--- a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-192993f719.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-CreateServiceAccount-0.json
@@ -11,11 +11,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaGet@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "105446840476600676066",
+ "uniqueId" : "116075516548726492820",
"email" : "testSaGet@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaGet",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity for get operation",
- "oauth2ClientId" : "105446840476600676066"
+ "oauth2ClientId" : "116075516548726492820"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-b21348fb04.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-DeleteServiceAccount-2.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-b21348fb04.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-DeleteServiceAccount-2.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/GetServiceAccount-d6d8fa9d22.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-GetServiceAccount-1.json
similarity index 86%
rename from iam/iam-gcp/src/test/resources/recordings/GetServiceAccount-d6d8fa9d22.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-GetServiceAccount-1.json
index 51805fc86..dd5c9239a 100644
--- a/iam/iam-gcp/src/test/resources/recordings/GetServiceAccount-d6d8fa9d22.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testGetIdentity-GetServiceAccount-1.json
@@ -6,11 +6,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaGet@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "105446840476600676066",
+ "uniqueId" : "116075516548726492820",
"email" : "testSaGet@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaGet",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity for get operation",
- "oauth2ClientId" : "105446840476600676066"
+ "oauth2ClientId" : "116075516548726492820"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-a838751584.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-CreateServiceAccount-0.json
similarity index 88%
rename from iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-a838751584.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-CreateServiceAccount-0.json
index 3e40aef20..c7f36437f 100644
--- a/iam/iam-gcp/src/test/resources/recordings/CreateServiceAccount-a838751584.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-CreateServiceAccount-0.json
@@ -11,11 +11,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaLifeCycle@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "105479164116917983204",
+ "uniqueId" : "105239457643377913600",
"email" : "testSaLifeCycle@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaLifeCycle",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity for lifecycle test",
- "oauth2ClientId" : "105479164116917983204"
+ "oauth2ClientId" : "105239457643377913600"
}
}
\ No newline at end of file
diff --git a/iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-a4bc7f20c4.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-DeleteServiceAccount-2.json
similarity index 100%
rename from iam/iam-gcp/src/test/resources/recordings/DeleteServiceAccount-a4bc7f20c4.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-DeleteServiceAccount-2.json
diff --git a/iam/iam-gcp/src/test/resources/recordings/GetServiceAccount-dc77b3e304.json b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-GetServiceAccount-1.json
similarity index 86%
rename from iam/iam-gcp/src/test/resources/recordings/GetServiceAccount-dc77b3e304.json
rename to iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-GetServiceAccount-1.json
index 58995d12f..283092a3b 100644
--- a/iam/iam-gcp/src/test/resources/recordings/GetServiceAccount-dc77b3e304.json
+++ b/iam/iam-gcp/src/test/resources/recordings/GcpIamIT_testIdentityLifecycle-GetServiceAccount-1.json
@@ -6,11 +6,11 @@
"response" : {
"name" : "projects/substrate-sdk-gcp-poc1/serviceAccounts/testSaLifeCycle@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"projectId" : "substrate-sdk-gcp-poc1",
- "uniqueId" : "105479164116917983204",
+ "uniqueId" : "105239457643377913600",
"email" : "testSaLifeCycle@substrate-sdk-gcp-poc1.iam.gserviceaccount.com",
"displayName" : "testSaLifeCycle",
"etag" : "MDEwMjE5MjA=",
"description" : "Test identity for lifecycle test",
- "oauth2ClientId" : "105479164116917983204"
+ "oauth2ClientId" : "105239457643377913600"
}
}
\ No newline at end of file
diff --git a/registry/registry-gcp/pom.xml b/registry/registry-gcp/pom.xml
index ed1634512..8192e9465 100644
--- a/registry/registry-gcp/pom.xml
+++ b/registry/registry-gcp/pom.xml
@@ -89,7 +89,7 @@
com.google.api
gax
- 2.50.0
+ 2.65.0