[Storage] Support UniformBucketLevelAccess (GoogleCloudPlatform#936)

frankyn · bshaffer · commit c9c278adb020 · 2019-10-10T13:12:20.000-07:00
diff --git a/storage/README.md b/storage/README.md
@@ -44,7 +44,7 @@ This simple command-line application demonstrates how to invoke
     object-acl                       Manage the ACL for Cloud Storage objects
     objects                          Manage Cloud Storage objects
     requester-pays                   Manage Cloud Storage requester pays buckets and objects
-    bucket-policy-only               Manage Cloud Storage bucket policy only buckets
+    uniform-bucket-level-access      Manage Cloud Storage uniform bucket-level access buckets
     get-object-v2-signed-url         Generate a v2 signed URL for downloading an object.
     get-object-v4-signed-url         Generate a v4 signed URL for downloading an object.
     get-object-v4-upload-signed-url  Generate a v4 signed URL for uploading an object.
diff --git a/storage/composer.json b/storage/composer.json
@@ -20,14 +20,14 @@
             "src/delete_object.php",
             "src/delete_object_acl.php",
             "src/delete_hmac_key.php",
-            "src/disable_bucket_policy_only.php",
+            "src/disable_uniform_bucket_level_access.php",
             "src/disable_default_event_based_hold.php",
             "src/disable_requester_pays.php",
             "src/deactivate_hmac_key.php",
             "src/download_encrypted_object.php",
             "src/download_file_requester_pays.php",
             "src/download_object.php",
-            "src/enable_bucket_policy_only.php",
+            "src/enable_uniform_bucket_level_access.php",
             "src/enable_default_event_based_hold.php",
             "src/enable_default_kms_key.php",
             "src/enable_requester_pays.php",
@@ -39,7 +39,7 @@
             "src/get_bucket_default_acl.php",
             "src/get_bucket_default_acl_for_entity.php",
             "src/get_bucket_labels.php",
-            "src/get_bucket_policy_only.php",
+            "src/get_uniform_bucket_level_access.php",
             "src/get_object_acl.php",
             "src/get_object_acl_for_entity.php",
             "src/get_object_v2_signed_url.php",
diff --git a/storage/src/disable_uniform_bucket_level_access.php b/storage/src/disable_uniform_bucket_level_access.php
@@ -23,27 +23,31 @@
 
 namespace Google\Cloud\Samples\Storage;
 
-# [START storage_enable_bucket_policy_only]
+# [START storage_disable_uniform_bucket_level_access]
 use Google\Cloud\Storage\StorageClient;
 
 /**
- * Enable Bucket Policy Only.
+ * Enable uniform bucket-level access.
  *
  * @param string $bucketName Name of your Google Cloud Storage bucket.
  *
  * @return void
  */
-function enable_bucket_policy_only($bucketName)
+function disable_uniform_bucket_level_access($bucketName)
 {
     $storage = new StorageClient();
     $bucket = $storage->bucket($bucketName);
     $bucket->update([
         'iamConfiguration' => [
+            'uniformBucketLevelAccess' => [
+                'enabled' => false
+            ],
+            // This is a workaround
             'bucketPolicyOnly' => [
-              'enabled' => true
-            ]
+                'enabled' => false
+            ],
         ]
     ]);
-    printf('Bucket Policy Only was enabled for %s' . PHP_EOL, $bucketName);
+    printf('Uniform bucket-level access was disabled for %s' . PHP_EOL, $bucketName);
 }
-# [END storage_enable_bucket_policy_only]
+# [END storage_disable_uniform_bucket_level_access]
diff --git a/storage/src/enable_uniform_bucket_level_access.php b/storage/src/enable_uniform_bucket_level_access.php
@@ -23,27 +23,31 @@
 
 namespace Google\Cloud\Samples\Storage;
 
-# [START storage_disable_bucket_policy_only]
+# [START storage_enable_uniform_bucket_level_access]
 use Google\Cloud\Storage\StorageClient;
 
 /**
- * Enable Bucket Policy Only.
+ * Enable uniform bucket-level access.
  *
  * @param string $bucketName Name of your Google Cloud Storage bucket.
  *
  * @return void
  */
-function disable_bucket_policy_only($bucketName)
+function enable_uniform_bucket_level_access($bucketName)
 {
     $storage = new StorageClient();
     $bucket = $storage->bucket($bucketName);
     $bucket->update([
         'iamConfiguration' => [
+            'uniformBucketLevelAccess' => [
+                'enabled' => true
+            ],
+            // This is a workaround
             'bucketPolicyOnly' => [
-              'enabled' => false
+                'enabled' => true
             ]
         ]
     ]);
-    printf('Bucket Policy Only was disabled for %s' . PHP_EOL, $bucketName);
+    printf('Uniform bucket-level access was enabled for %s' . PHP_EOL, $bucketName);
 }
-# [END storage_disable_bucket_policy_only]
+# [END storage_enable_uniform_bucket_level_access]
diff --git a/storage/src/get_uniform_bucket_level_access.php b/storage/src/get_uniform_bucket_level_access.php
@@ -23,27 +23,27 @@
 
 namespace Google\Cloud\Samples\Storage;
 
-# [START storage_get_bucket_policy_only]
+# [START storage_get_uniform_bucket_level_access]
 use Google\Cloud\Storage\StorageClient;
 
 /**
- * Enable Bucket Policy Only.
+ * Enable uniform bucket-level access.
  *
  * @param string $bucketName Name of your Google Cloud Storage bucket.
  *
  * @return void
  */
-function get_bucket_policy_only($bucketName)
+function get_uniform_bucket_level_access($bucketName)
 {
     $storage = new StorageClient();
     $bucket = $storage->bucket($bucketName);
     $bucketInformation = $bucket->info();
-    $bucketPolicyOnly = $bucketInformation['iamConfiguration']['bucketPolicyOnly'];
-    if ($bucketPolicyOnly['enabled']) {
-        printf('Bucket Policy Only is enabled for %s' . PHP_EOL, $bucketName);
-        printf('Bucket Policy Only will be locked on %s' . PHP_EOL, $bucketPolicyOnly['LockedTime']);
+    $ubla = $bucketInformation['iamConfiguration']['uniformBucketLevelAccess'];
+    if ($ubla['enabled']) {
+        printf('Uniform bucket-level access is enabled for %s' . PHP_EOL, $bucketName);
+        printf('Uniform bucket-level access will be locked on %s' . PHP_EOL, $ubla['LockedTime']);
     } else {
-        printf('Bucket Policy Only is disabled for %s' . PHP_EOL, $bucketName);
+        printf('Uniform bucket-level access is disabled for %s' . PHP_EOL, $bucketName);
     }
 }
-# [END storage_get_bucket_policy_only]
+# [END storage_get_uniform_bucket_level_access]
diff --git a/storage/storage.php b/storage/storage.php
@@ -405,27 +405,27 @@
         }
     });
 
-$application->add(new Command('bucket-policy-only'))
-    ->setDescription('Manage Cloud Storage bucket policy only buckets.')
+$application->add(new Command('uniform-bucket-level-access'))
+    ->setDescription('Manage Cloud Storage uniform bucket-level access buckets.')
     ->setHelp(<<<EOF
-The <info>%command.name%</info> command manages Cloud Storage bucket policy only buckets.
+The <info>%command.name%</info> command manages Cloud Storage uniform bucket-level access buckets.
 
 <info>php %command.full_name% --help</info>
 
 EOF
     )
-    ->addArgument('bucket', InputArgument::REQUIRED, 'The Cloud Storage Bucket Policy Only bucket name')
-    ->addOption('enable', null, InputOption::VALUE_NONE, 'Enable Bucket Policy Only on a Cloud Storage bucket')
-    ->addOption('disable', null, InputOption::VALUE_NONE, 'Disable Bucket Policy Only on a Cloud Storage bucket')
-    ->addOption('get', null, InputOption::VALUE_NONE, 'Get Bucket Policy Only on a Cloud Storage bucekt')
+    ->addArgument('bucket', InputArgument::REQUIRED, 'The Cloud Storage uniform bucket-level access bucket name')
+    ->addOption('enable', null, InputOption::VALUE_NONE, 'Enable uniform bucket-level access on a Cloud Storage bucket')
+    ->addOption('disable', null, InputOption::VALUE_NONE, 'Disable uniform bucket-level access on a Cloud Storage bucket')
+    ->addOption('get', null, InputOption::VALUE_NONE, 'Get uniform bucket-level access on a Cloud Storage bucekt')
     ->setCode(function ($input, $output) {
         $bucketName = $input->getArgument('bucket');
         if ($input->getOption('enable')) {
-            enable_bucket_policy_only($bucketName);
+            enable_uniform_bucket_level_access($bucketName);
         } elseif ($input->getOption('disable')) {
-            disable_bucket_policy_only($bucketName);
+            disable_uniform_bucket_level_access($bucketName);
         } elseif ($input->getOption('get')) {
-            get_bucket_policy_only($bucketName);
+            get_uniform_bucket_level_access($bucketName);
         } else {
             throw new \Exception('You must provide --enable, --disable, or --get with a bucket name.');
         }
diff --git a/storage/test/BucketPolicyOnlyCommandTest.php b/storage/test/BucketPolicyOnlyCommandTest.php
diff --git a/storage/test/UniformBucketLevelAccessCommandTest.php b/storage/test/UniformBucketLevelAccessCommandTest.php
