feat: add public access prevention samples (GoogleCloudPlatform#1229)

Author: jdpedrie

storage/src/get_public_access_prevention.php

@@ -0,0 +1,51 @@
+
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_get_public_access_prevention]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Get the Public Access Prevention setting for a bucket
+ *
+ * @param string $bucketName the name of your Cloud Storage bucket.
+ */
+function get_public_access_prevention($bucketName)
+{
+    $storage = new StorageClient();
+    $bucket = $storage->bucket($bucketName);
+
+    $iamConfiguration = $bucket->info()['iamConfiguration'];
+
+    printf(
+        'The bucket public access prevention is %s for %s.' . PHP_EOL,
+        $iamConfiguration['publicAccessPrevention'],
+        $bucketName
+    );
+}
+# [END storage_get_public_access_prevention]
+
+// The following 2 lines are only needed to run the samples
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);

storage/src/lock_retention_policy.php

@@ -30,6 +30,7 @@
  * Locks a bucket's retention policy.
  *
  * @param string $bucketName the name of your Cloud Storage bucket.
+ *     Example: `$bucketName = 'my-bucket';`
  */
 function lock_retention_policy($bucketName)
 {

storage/src/set_public_access_prevention_enforced.php

@@ -0,0 +1,55 @@
+
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_set_public_access_prevention_enforced]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Set the bucket Public Access Prevention to enforced.
+ *
+ * @param string $bucketName the name of your Cloud Storage bucket.
+ *     Example: `$bucketName = 'my-bucket';`
+ */
+function set_public_access_prevention_enforced($bucketName)
+{
+    $storage = new StorageClient();
+    $bucket = $storage->bucket($bucketName);
+
+    $bucket->update([
+        'iamConfiguration' => [
+            'publicAccessPrevention' => 'enforced'
+        ]
+    ]);
+
+    printf(
+        'Public Access Prevention has been set to enforced for %s.' . PHP_EOL,
+        $bucketName
+    );
+}
+# [END storage_set_public_access_prevention_enforced]
+
+// The following 2 lines are only needed to run the samples
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);

storage/src/set_public_access_prevention_unspecified.php

@@ -0,0 +1,56 @@
+
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_set_public_access_prevention_unspecified]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Set the bucket Public Access Prevention to unspecified.
+ *
+ * @param string $bucketName the name of your Cloud Storage bucket.
+ *     Example: `$bucketName = 'my-bucket';`
+ *
+ */
+function set_public_access_prevention_unspecified($bucketName)
+{
+    $storage = new StorageClient();
+    $bucket = $storage->bucket($bucketName);
+
+    $bucket->update([
+        'iamConfiguration' => [
+            'publicAccessPrevention' => 'unspecified'
+        ]
+    ]);
+
+    printf(
+        'Public Access Prevention has been set to unspecified for %s.' . PHP_EOL,
+        $bucketName
+    );
+}
+# [END storage_set_public_access_prevention_unspecified]
+
+// The following 2 lines are only needed to run the samples
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);

storage/test/UniformBucketLevelAccessCommandTest.php renamed to storage/test/IamConfigurationTest.php

@@ -23,9 +23,10 @@
 use PHPUnit\Framework\TestCase;
 
 /**
- * Unit Tests for UniformBucketLevelAccessCommand.
+ * Unit Tests for IamConfiguration.
+ * @group storage-iamconfiguration
  */
-class UniformBucketLevelAccessCommandTest extends TestCase
+class IamConfigurationTest extends TestCase
 {
     use TestTrait;
     use ExecuteCommandTrait;
@@ -41,7 +42,7 @@ public function setUp(): void
         $this->storage = new StorageClient();
 
         // Append random because tests for multiple PHP versions were running at the same time.
-        $bucketName = 'php-ubla-' . time() . '-' . rand(1000, 9999);
+        $bucketName = 'php-iamconfiguration-' . time() . '-' . rand(1000, 9999);
         $this->bucket = $this->storage->createBucket($bucketName);
     }
 

storage/test/PublicAccessPreventionTest.php

@@ -0,0 +1,109 @@
+
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Google\Cloud\Samples\Storage\Tests;
+
+use Google\Cloud\Storage\StorageClient;
+use Google\Cloud\TestUtils\TestTrait;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Unit tests for public access prevention
+ * @group pap
+ */
+class PublicAccessPreventionTest extends TestCase
+{
+    use TestTrait;
+
+    private static $storage;
+    private static $bucket;
+
+    public static function setUpBeforeClass(): void
+    {
+        self::$storage = new StorageClient();
+        self::$bucket = self::$storage->createBucket(
+            uniqid('samples-public-access-prevention-')
+        );
+    }
+
+    public static function tearDownAfterClass(): void
+    {
+        self::$bucket->delete();
+    }
+
+    public function testSetPublicAccessPreventionToEnforced()
+    {
+        $output = self::runFunctionSnippet('set_public_access_prevention_enforced', [
+            self::$bucket->name(),
+        ]);
+
+        $this->assertStringContainsString(
+            sprintf(
+                "Public Access Prevention has been set to enforced for %s.",
+                self::$bucket->name()
+            ),
+            $output
+        );
+
+        self::$bucket->reload();
+        $bucketInformation = self::$bucket->info();
+        $pap = $bucketInformation['iamConfiguration']['publicAccessPrevention'];
+        $this->assertEquals('enforced', $pap);
+    }
+
+    /** @depends testSetPublicAccessPreventionToEnforced */
+    public function testSetPublicAccessPreventionToUnspecified()
+    {
+        $output = self::runFunctionSnippet('set_public_access_prevention_unspecified', [
+            self::$bucket->name(),
+        ]);
+
+        $this->assertStringContainsString(
+            sprintf(
+                "Public Access Prevention has been set to unspecified for %s.",
+                self::$bucket->name()
+            ),
+            $output
+        );
+
+        self::$bucket->reload();
+        $bucketInformation = self::$bucket->info();
+        $pap = $bucketInformation['iamConfiguration']['publicAccessPrevention'];
+        $this->assertEquals('unspecified', $pap);
+    }
+
+    /** @depends testSetPublicAccessPreventionToUnspecified */
+    public function testGetPublicAccessPrevention()
+    {
+        $output = self::runFunctionSnippet('get_public_access_prevention', [
+            self::$bucket->name(),
+        ]);
+
+        $this->assertStringContainsString(
+            sprintf(
+                "The bucket public access prevention is unspecified for %s.",
+                self::$bucket->name()
+            ),
+            $output
+        );
+
+        self::$bucket->reload();
+        $bucketInformation = self::$bucket->info();
+        $pap = $bucketInformation['iamConfiguration']['publicAccessPrevention'];
+        $this->assertEquals('unspecified', $pap);
+    }
+}