googleapis · quartzmo · Mar 1, 2016 · Mar 1, 2016
diff --git a/acceptance/pubsub/pubsub_test.rb b/acceptance/pubsub/pubsub_test.rb
@@ -223,9 +223,16 @@ def pull_with_retry sub
     let(:service_account) { pubsub.connection.credentials.client.issuer }
 
     it "allows policy to be set on a topic" do
+      # Check permissions first
+      roles = ["pubsub.topics.getIamPolicy", "pubsub.topics.setIamPolicy"]
+      permissions = topic.test_permissions roles
+      skip "Don't have permissions to get/set topic's policy" unless permissions == roles
+
       topic.policy.must_be_kind_of Hash
 
-      role = {"role"=>"roles/pubsub.subscriber", "members"=>["serviceAccount:#{service_account}"]}
+      # We need a valid service account in order to update the policy
+      service_account.wont_be :nil?
+      role = {"role"=>"roles/pubsub.publisher", "members"=>["serviceAccount:#{service_account}"]}
       tp = topic.policy.dup
       tp["bindings"] ||= []
       tp["bindings"] << role
@@ -235,8 +242,15 @@ def pull_with_retry sub
     end
 
     it "allows policy to be set on a subscription" do
+      # Check permissions first
+      roles = ["pubsub.subscriptions.getIamPolicy", "pubsub.subscriptions.setIamPolicy"]
+      permissions = subscription.test_permissions roles
+      skip "Don't have permissions to get/set subscription's policy" unless permissions == roles
+
       subscription.policy.must_be_kind_of Hash
 
+      # We need a valid service account in order to update the policy
+      service_account.wont_be :nil?
       role = {"role"=>"roles/pubsub.subscriber", "members"=>["serviceAccount:#{service_account}"]}
       sp = subscription.policy.dup
       sp["bindings"] ||= []
@@ -247,15 +261,13 @@ def pull_with_retry sub
     end
 
     it "allows permissions to be tested on a topic" do
-      skip
-      roles = ["projects.topic.list", "projects.topic.publish"]
+      roles = ["pubsub.topics.get", "pubsub.topics.publish"]
       permissions = topic.test_permissions roles
       permissions.must_equal roles
     end
 
     it "allows permissions to be tested on a subscription" do
-      skip
-      roles = ["projects.subscriptions.list", "projects.subscriptions.pull"]
+      roles = ["pubsub.subscriptions.consume", "pubsub.subscriptions.get"]
       permissions = subscription.test_permissions roles
       permissions.must_equal roles
     end

diff --git a/lib/gcloud/pubsub/subscription.rb b/lib/gcloud/pubsub/subscription.rb
@@ -507,6 +507,15 @@ def policy= new_policy
       #   check access for. Permissions with wildcards (such as `*` or
       #   `storage.*`) are not allowed.
       #
+      #   The permissions that can be checked on a subscription are:
+      #
+      #   * pubsub.subscriptions.consume
+      #   * pubsub.subscriptions.get
+      #   * pubsub.subscriptions.delete
+      #   * pubsub.subscriptions.update
+      #   * pubsub.subscriptions.getIamPolicy
+      #   * pubsub.subscriptions.setIamPolicy
+      #
       # @return [Array<String>] The permissions that have access.
       #
       # @example
@@ -515,10 +524,10 @@ def policy= new_policy
       #   gcloud = Gcloud.new
       #   pubsub = gcloud.pubsub
       #   sub = pubsub.subscription "my-subscription"
-      #   perms = sub.test_permissions "projects.subscriptions.list",
-      #                                "projects.subscriptions.pull"
-      #   perms.include? "projects.subscriptions.list" #=> true
-      #   perms.include? "projects.subscriptions.pull" #=> false
+      #   perms = sub.test_permissions "pubsub.subscriptions.get",
+      #                                "pubsub.subscriptions.consume"
+      #   perms.include? "pubsub.subscriptions.get" #=> true
+      #   perms.include? "pubsub.subscriptions.consume" #=> false
       #
       def test_permissions *permissions
         permissions = Array(permissions).flatten

diff --git a/lib/gcloud/pubsub/topic.rb b/lib/gcloud/pubsub/topic.rb
@@ -406,6 +406,16 @@ def policy= new_policy
       #   check access for. Permissions with wildcards (such as `*` or
       #   `storage.*`) are not allowed.
       #
+      #   The permissions that can be checked on a topic are:
+      #
+      #   * pubsub.topics.publish
+      #   * pubsub.topics.attachSubscription
+      #   * pubsub.topics.get
+      #   * pubsub.topics.delete
+      #   * pubsub.topics.update
+      #   * pubsub.topics.getIamPolicy
+      #   * pubsub.topics.setIamPolicy
+      #
       # @return [Array<Strings>] The permissions that have access.
       #
       # @example
@@ -414,10 +424,10 @@ def policy= new_policy
       #   gcloud = Gcloud.new
       #   pubsub = gcloud.pubsub
       #   topic = pubsub.topic "my-topic"
-      #   perms = topic.test_permissions "projects.topic.list",
-      #                                  "projects.topic.publish"
-      #   perms.include? "projects.topic.list" #=> true
-      #   perms.include? "projects.topic.publish" #=> false
+      #   perms = topic.test_permissions "pubsub.topics.get",
+      #                                  "pubsub.topics.publish"
+      #   perms.include? "pubsub.topics.get" #=> true
+      #   perms.include? "pubsub.topics.publish" #=> false
       #
       def test_permissions *permissions
         permissions = Array(permissions).flatten

diff --git a/test/gcloud/pubsub/subscription/policy_test.rb b/test/gcloud/pubsub/subscription/policy_test.rb
@@ -154,14 +154,14 @@
     mock_connection.post "/v1/projects/#{project}/subscriptions/#{sub_name}:testIamPermissions" do |env|
       json_permissions = JSON.parse env.body
       json_permissions["permissions"].count.must_equal 2
-      json_permissions["permissions"].first.must_equal "projects.subscriptions.list"
-      json_permissions["permissions"].last.must_equal  "projects.subscriptions.pull"
+      json_permissions["permissions"].first.must_equal "pubsub.subscriptions.get"
+      json_permissions["permissions"].last.must_equal  "pubsub.subscriptions.consume"
       [200, {"Content-Type"=>"application/json"},
-       { "permissions" => ["projects.subscriptions.list"] }.to_json]
+       { "permissions" => ["pubsub.subscriptions.get"] }.to_json]
     end
 
-    permissions = subscription.test_permissions "projects.subscriptions.list",
-                                                "projects.subscriptions.pull"
-    permissions.must_equal ["projects.subscriptions.list"]
+    permissions = subscription.test_permissions "pubsub.subscriptions.get",
+                                                "pubsub.subscriptions.consume"
+    permissions.must_equal ["pubsub.subscriptions.get"]
   end
 end
diff --git a/test/gcloud/pubsub/topic/policy_test.rb b/test/gcloud/pubsub/topic/policy_test.rb
@@ -150,14 +150,14 @@
     mock_connection.post "/v1/projects/#{project}/topics/#{topic_name}:testIamPermissions" do |env|
       json_permissions = JSON.parse env.body
       json_permissions["permissions"].count.must_equal 2
-      json_permissions["permissions"].first.must_equal "projects.topic.list"
-      json_permissions["permissions"].last.must_equal  "projects.topic.publish"
+      json_permissions["permissions"].first.must_equal "pubsub.topics.get"
+      json_permissions["permissions"].last.must_equal  "pubsub.topics.publish"
       [200, {"Content-Type"=>"application/json"},
-       { "permissions" => ["projects.topic.list"] }.to_json]
+       { "permissions" => ["pubsub.topics.get"] }.to_json]
     end
 
-    permissions = topic.test_permissions "projects.topic.list",
-                                         "projects.topic.publish"
-    permissions.must_equal ["projects.topic.list"]
+    permissions = topic.test_permissions "pubsub.topics.get",
+                                         "pubsub.topics.publish"
+    permissions.must_equal ["pubsub.topics.get"]
   end
 end