incorporate requested changes

rahul2393 · rahul2393 · commit d92aae62b61e · 2022-11-30T11:22:38.000+05:30
diff --git a/samples/snippets/src/main/java/com/example/spanner/AddAndDropDatabaseRole.java b/samples/snippets/src/main/java/com/example/spanner/AddAndDropDatabaseRole.java
@@ -24,59 +24,62 @@
 import com.google.common.collect.ImmutableList;
 import com.google.spanner.admin.database.v1.UpdateDatabaseDdlMetadata;
 import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
 
 public class AddAndDropDatabaseRole {
 
-  static void addAndDropDatabaseRole() throws InterruptedException, ExecutionException {
+  static void addAndDropDatabaseRole() {
     // TODO(developer): Replace these variables before running the sample.
     String projectId = "my-project";
     String instanceId = "my-instance";
     String databaseId = "my-database";
     String parentRole = "new-parent";
     String childRole = "new-child";
+    addAndDropDatabaseRole(projectId, instanceId, databaseId, parentRole, childRole);
+  }
 
+  static void addAndDropDatabaseRole(
+      String projectId, String instanceId, String databaseId, String parentRole, String childRole) {
     try (Spanner spanner =
         SpannerOptions.newBuilder().setProjectId(projectId).build().getService()) {
-      DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient();
-      addAndDropDatabaseRole(adminClient, instanceId, databaseId, parentRole, childRole);
+      final DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient();
+      OperationFuture<Void, UpdateDatabaseDdlMetadata> operation =
+          adminClient.updateDatabaseDdl(
+              instanceId,
+              databaseId,
+              ImmutableList.of(
+                  "CREATE ROLE " + parentRole,
+                  "GRANT SELECT ON TABLE Albums TO ROLE " + parentRole,
+                  "CREATE ROLE " + childRole,
+                  "GRANT ROLE " + parentRole + " TO ROLE " + childRole),
+              null);
+      try {
+        System.out.println("Waiting for role create operation to complete...");
+        operation.get(5, TimeUnit.MINUTES);
+        System.out.printf(
+            "Created roles %s and %s and granted privileges%n", parentRole, childRole);
+        // Delete role and membership.
+        operation =
+            adminClient.updateDatabaseDdl(
+                instanceId,
+                databaseId,
+                ImmutableList.of(
+                    "REVOKE ROLE " + parentRole + " FROM ROLE " + childRole,
+                    "DROP ROLE " + childRole),
+                null);
+        System.out.println("Waiting for role revoke & drop operation to complete...");
+        operation.get(5, TimeUnit.MINUTES);
+        System.out.printf("Revoked privileges and dropped role %s%n", childRole);
+      } catch (ExecutionException | TimeoutException e) {
+        System.out.printf(
+            "Error: AddAndDropDatabaseRole failed with error message %s\n", e.getMessage());
+        e.printStackTrace();
+      } catch (InterruptedException e) {
+        System.out.println(
+            "Error: Waiting for AddAndDropDatabaseRole operation to finish was interrupted");
+      }
     }
   }
-
-  static void addAndDropDatabaseRole(
-      DatabaseAdminClient adminClient,
-      String instanceId,
-      String databaseId,
-      String parentRole,
-      String childRole)
-      throws InterruptedException, ExecutionException {
-    OperationFuture<Void, UpdateDatabaseDdlMetadata> operation =
-        adminClient.updateDatabaseDdl(
-            instanceId,
-            databaseId,
-            ImmutableList.of(
-                "CREATE ROLE " + parentRole,
-                "GRANT SELECT ON TABLE Albums TO ROLE " + parentRole,
-                "CREATE ROLE " + childRole,
-                "GRANT ROLE " + parentRole + " TO ROLE " + childRole),
-            null);
-
-    // Wait for the operation to finish.
-    // This will throw an ExecutionException if the operation fails.
-    operation.get();
-    System.out.printf("Created roles %s and %s and granted privileges%n", parentRole, childRole);
-
-    // Delete role and membership.
-    operation =
-        adminClient.updateDatabaseDdl(
-            instanceId,
-            databaseId,
-            ImmutableList.of(
-                "REVOKE ROLE " + parentRole + " FROM ROLE " + childRole, "DROP ROLE " + childRole),
-            null);
-    // Wait for the operation to finish.
-    // This will throw an ExecutionException if the operation fails.
-    operation.get();
-    System.out.printf("Revoked privileges and dropped role %s%n", childRole);
-  }
 }
 // [END spanner_add_and_drop_database_role]
diff --git a/samples/snippets/src/main/java/com/example/spanner/EnableFineGrainedAccess.java b/samples/snippets/src/main/java/com/example/spanner/EnableFineGrainedAccess.java
@@ -36,59 +36,66 @@ static void enableFineGrainedAccess() {
     String iamMember = "user:alice@example.com";
     String role = "new-parent";
     String title = "my condition title";
-
-    try (Spanner spanner =
-        SpannerOptions.newBuilder().setProjectId(projectId).build().getService()) {
-      DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient();
-      enableFineGrainedAccess(adminClient, instanceId, databaseId, iamMember, title, role);
-    }
+    enableFineGrainedAccess(projectId, instanceId, databaseId, iamMember, title, role);
   }
 
   static void enableFineGrainedAccess(
-      DatabaseAdminClient adminClient,
+      String projectId,
       String instanceId,
       String databaseId,
       String iamMember,
       String title,
       String role) {
-    Policy policy = adminClient.getDatabaseIAMPolicy(instanceId, databaseId, 3);
-    int policyVersion = policy.getVersion();
-    if (policy.getVersion() < 3) {
-      policyVersion = 3;
-    }
-    List<String> members = new ArrayList<>();
-    members.add(iamMember);
-    List<Binding> bindings = new ArrayList<>(policy.getBindingsList());
+    try (Spanner spanner =
+        SpannerOptions.newBuilder().setProjectId(projectId).build().getService()) {
+      final DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient();
+      Policy policy = adminClient.getDatabaseIAMPolicy(instanceId, databaseId, 3);
+      int policyVersion = policy.getVersion();
+      /* getDatabaseIAMPolicy returns the IAM policy for the given database
+       *
+       * The policy in the response might use the policy version that you specified, or it might use
+       * a lower policy version. For example, if you specify version 3, but the policy has no
+       * conditional role bindings, the response uses version 1. Valid values are 0, 1, and 3.
+       *
+       */
+      if (policy.getVersion() < 3) {
+        // conditional role bindings work with policy version 3
+        policyVersion = 3;
+      }
+      List<String> members = new ArrayList<>();
+      members.add(iamMember);
+      List<Binding> bindings = new ArrayList<>(policy.getBindingsList());
 
-    bindings.add(
-        Binding.newBuilder()
-            .setRole("roles/spanner.fineGrainedAccessUser")
-            .setMembers(members)
-            .build());
+      bindings.add(
+          Binding.newBuilder()
+              .setRole("roles/spanner.fineGrainedAccessUser")
+              .setMembers(members)
+              .build());
 
-    bindings.add(
-        Binding.newBuilder()
-            .setRole("roles/spanner.databaseRoleUser")
-            .setCondition(
-                Condition.newBuilder()
-                    .setDescription(title)
-                    .setExpression(
-                        String.format("resource.name.endsWith(\"/databaseRoles/%s\")", role))
-                    .setTitle(title)
-                    .build())
-            .setMembers(members)
-            .build());
+      bindings.add(
+          Binding.newBuilder()
+              .setRole("roles/spanner.databaseRoleUser")
+              .setCondition(
+                  Condition.newBuilder()
+                      .setDescription(title)
+                      .setExpression(
+                          String.format("resource.name.endsWith(\"/databaseRoles/%s\")", role))
+                      .setTitle(title)
+                      .build())
+              .setMembers(members)
+              .build());
 
-    Policy policyWithConditions =
-        Policy.newBuilder()
-            .setVersion(policyVersion)
-            .setEtag(policy.getEtag())
-            .setBindings(bindings)
-            .build();
-    Policy response =
-        adminClient.setDatabaseIAMPolicy(instanceId, databaseId, policyWithConditions);
-    System.out.printf(
-        "Enabled fine-grained access in IAM with version %d%n", response.getVersion());
+      Policy policyWithConditions =
+          Policy.newBuilder()
+              .setVersion(policyVersion)
+              .setEtag(policy.getEtag())
+              .setBindings(bindings)
+              .build();
+      Policy response =
+          adminClient.setDatabaseIAMPolicy(instanceId, databaseId, policyWithConditions);
+      System.out.printf(
+          "Enabled fine-grained access in IAM with version %d%n", response.getVersion());
+    }
   }
 }
 // [END spanner_enable_fine_grained_access]
diff --git a/samples/snippets/src/main/java/com/example/spanner/ListDatabaseRoles.java b/samples/snippets/src/main/java/com/example/spanner/ListDatabaseRoles.java
@@ -31,30 +31,27 @@ static void listDatabaseRoles() throws InterruptedException, ExecutionException
     String projectId = "my-project";
     String instanceId = "my-instance";
     String databaseId = "my-database";
+    listDatabaseRoles(projectId, instanceId, databaseId);
+  }
 
+  static void listDatabaseRoles(String projectId, String instanceId, String databaseId) {
     try (Spanner spanner =
         SpannerOptions.newBuilder().setProjectId(projectId).build().getService()) {
-      DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient();
-      listDatabaseRoles(adminClient, projectId, instanceId, databaseId);
-    }
-  }
-
-  static void listDatabaseRoles(
-      DatabaseAdminClient adminClient, String projectId, String instanceId, String databaseId)
-      throws InterruptedException, ExecutionException {
-    String databasePath = DatabaseId.of(projectId, instanceId, databaseId).getName();
-    System.out.println("List of Database roles");
-    for (DatabaseRole role : adminClient.listDatabaseRoles(instanceId, databaseId).iterateAll()) {
-      if (!role.getName().startsWith(databasePath + "/databaseRoles/")) {
-        throw new RuntimeException(
-            "Role +"
-                + role.getName()
-                + "does not have prefix ["
-                + databasePath
-                + "/databaseRoles/"
-                + "]");
+      final DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient();
+      String databasePath = DatabaseId.of(projectId, instanceId, databaseId).getName();
+      System.out.println("List of Database roles");
+      for (DatabaseRole role : adminClient.listDatabaseRoles(instanceId, databaseId).iterateAll()) {
+        if (!role.getName().startsWith(databasePath + "/databaseRoles/")) {
+          throw new RuntimeException(
+              "Role +"
+                  + role.getName()
+                  + "does not have prefix ["
+                  + databasePath
+                  + "/databaseRoles/"
+                  + "]");
+        }
+        System.out.printf("%s%n", role.getName());
       }
-      System.out.printf("%s%n", role.getName());
     }
   }
 }
diff --git a/samples/snippets/src/test/java/com/example/spanner/DatabaseRolesIT.java b/samples/snippets/src/test/java/com/example/spanner/DatabaseRolesIT.java
@@ -103,11 +103,7 @@ public void testAddAndDropDatabaseRole() throws Exception {
         SampleRunner.runSample(
             () ->
                 AddAndDropDatabaseRole.addAndDropDatabaseRole(
-                    databaseAdminClient,
-                    instanceId,
-                    databaseId.getDatabase(),
-                    "new-parent",
-                    "new-child"));
+                    projectId, instanceId, databaseId.getDatabase(), "new-parent", "new-child"));
     assertTrue(out.contains("Created roles new_parent and new_child and granted privileges"));
     assertTrue(out.contains("Revoked privileges and dropped role new_child"));
   }
@@ -118,7 +114,7 @@ public void testListDatabaseRoles() throws Exception {
         SampleRunner.runSample(
             () ->
                 ListDatabaseRoles.listDatabaseRoles(
-                    databaseAdminClient, projectId, instanceId, databaseId.getDatabase()));
+                    projectId, instanceId, databaseId.getDatabase()));
     assertTrue(out.contains("new_parent"));
   }
 
