From 1828152e032eca80ab1123a55193f71abc5e47c1 Mon Sep 17 00:00:00 2001
From: DSdatsme <darsuratwala@gmail.com>
Date: Sat, 18 May 2019 11:02:47 +0530
Subject: [PATCH 1/6] added remove member sample

---
 iam/api-client/access.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/iam/api-client/access.py b/iam/api-client/access.py
index cd7930b4944..4eec16f8ce9 100644
--- a/iam/api-client/access.py
+++ b/iam/api-client/access.py
@@ -69,6 +69,16 @@ def modify_policy_add_role(policy, role, member):
 # [END iam_modify_policy_add_role]
 
 
+# [START iam_modify_policy_remove_member]
+def modify_policy_remove_member(policy, role, member):
+    """Removes a  member from a role binding."""
+    binding = next(b for b in policy['bindings'] if b['role'] == role)
+    binding['members'].remove(member)
+    print(binding)
+    return policy
+# [END iam_modify_policy_remove_member]
+
+
 # [START iam_set_policy]
 def set_policy(project_id, policy):
     """Sets IAM policy for a project."""

From f3841e2d812c3100931611a0bb484bb914fa338a Mon Sep 17 00:00:00 2001
From: DSdatsme <darsuratwala@gmail.com>
Date: Sat, 18 May 2019 11:23:49 +0530
Subject: [PATCH 2/6] WPI test cases

---
 iam/api-client/access.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/iam/api-client/access.py b/iam/api-client/access.py
index 4eec16f8ce9..9b6594363d3 100644
--- a/iam/api-client/access.py
+++ b/iam/api-client/access.py
@@ -120,6 +120,13 @@ def main():
     modify_role_parser.add_argument('role')
     modify_role_parser.add_argument('member')
 
+    # Modify: remove member
+    modify_member_parser = subparsers.add_parser(
+        'modify_member', help=get_policy.__doc__)
+    modify_member_parser.add_argument('project_id')
+    modify_member_parser.add_argument('role')
+    modify_member_parser.add_argument('member')
+    
     # Set
     set_parser = subparsers.add_parser(
         'set', help=set_policy.__doc__)
@@ -134,6 +141,8 @@ def main():
         set_policy(args.project_id, args.policy)
     elif args.command == 'add_member':
         modify_policy_add_member(args.policy, args.role, args.member)
+    elif args.command == 'remove_member':
+        modify_policy_remove_member(args.policy, args.role, args.member)
     elif args.command == 'add_binding':
         modify_policy_add_role(args.policy, args.role, args.member)
 

From cb6a6632d44f7a828efc15c57d0e29c5ed6c0e90 Mon Sep 17 00:00:00 2001
From: DSdatsme <darsuratwala@gmail.com>
Date: Sat, 18 May 2019 13:18:57 +0530
Subject: [PATCH 3/6] Add IAM remove user snippet

---
 iam/api-client/access.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iam/api-client/access.py b/iam/api-client/access.py
index 9b6594363d3..0d761f1008b 100644
--- a/iam/api-client/access.py
+++ b/iam/api-client/access.py
@@ -126,7 +126,7 @@ def main():
     modify_member_parser.add_argument('project_id')
     modify_member_parser.add_argument('role')
     modify_member_parser.add_argument('member')
-    
+
     # Set
     set_parser = subparsers.add_parser(
         'set', help=set_policy.__doc__)

From b6fe450559b161cfac39448265485d10314b759a Mon Sep 17 00:00:00 2001
From: DSdatsme <darsuratwala@gmail.com>
Date: Sat, 10 Aug 2019 19:24:09 +0530
Subject: [PATCH 4/6] =?UTF-8?q?=C2=96[IAM]=20test=20case=20to=20add/remove?=
 =?UTF-8?q?=20member?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 iam/api-client/access_test.py | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/iam/api-client/access_test.py b/iam/api-client/access_test.py
index eb95f9398ea..e404ceb28a8 100644
--- a/iam/api-client/access_test.py
+++ b/iam/api-client/access_test.py
@@ -13,17 +13,41 @@
 # limitations under the License.
 
 import os
+import random
 
 import access
-
+import service_accounts
 
 def test_access(capsys):
-    project = os.environ['GCLOUD_PROJECT']
+    
+    # Setting up variables for testing
+    project_id = os.environ['GCLOUD_PROJECT']
+    gcp_role = 'roles/owner'
+
+    # section to create service account to test policy updates.
+    rand = str(random.randint(0, 1000))
+    name = 'python-test-' + rand
+    email = 'serviceAccount:' + name + '@' + project_id + '.iam.gserviceaccount.com'
+    service_accounts.create_service_account(
+        project_id, name, 'Py Test Account')
+
+    policy = access.get_policy(project_id)
+    out, _ = capsys.readouterr()
+    assert 'etag' in out
 
-    policy = access.get_policy(project)
+    policy = access.modify_policy_add_role(policy, gcp_role, email)
     out, _ = capsys.readouterr()
     assert 'etag' in out
 
-    policy = access.set_policy(project, policy)
+    policy = access.modify_policy_remove_member(policy, gcp_role, email)
     out, _ = capsys.readouterr()
     assert 'etag' in out
+
+    policy = access.set_policy(project_id, policy)
+    out, _ = capsys.readouterr()
+    assert 'etag' in out
+
+    # deleting the service account created above
+    service_accounts.delete_service_account(
+        email)
+

From 03feaf9080aaae8272ec1720e7026e6f3858a2d0 Mon Sep 17 00:00:00 2001
From: DSdatsme <darsuratwala@gmail.com>
Date: Sat, 10 Aug 2019 20:01:12 +0530
Subject: [PATCH 5/6] [IAM] fixed test errors for add/remove member

---
 iam/api-client/access_test.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/iam/api-client/access_test.py b/iam/api-client/access_test.py
index e404ceb28a8..5359df4a77f 100644
--- a/iam/api-client/access_test.py
+++ b/iam/api-client/access_test.py
@@ -18,16 +18,19 @@
 import access
 import service_accounts
 
+
 def test_access(capsys):
-    
     # Setting up variables for testing
     project_id = os.environ['GCLOUD_PROJECT']
+
+    # specifying a sample role to be assigned
     gcp_role = 'roles/owner'
 
     # section to create service account to test policy updates.
     rand = str(random.randint(0, 1000))
     name = 'python-test-' + rand
-    email = 'serviceAccount:' + name + '@' + project_id + '.iam.gserviceaccount.com'
+    email = name + '@' + project_id + '.iam.gserviceaccount.com'
+    member = 'serviceAccount:' + email
     service_accounts.create_service_account(
         project_id, name, 'Py Test Account')
 
@@ -35,11 +38,11 @@ def test_access(capsys):
     out, _ = capsys.readouterr()
     assert 'etag' in out
 
-    policy = access.modify_policy_add_role(policy, gcp_role, email)
+    policy = access.modify_policy_add_role(policy, gcp_role, member)
     out, _ = capsys.readouterr()
     assert 'etag' in out
 
-    policy = access.modify_policy_remove_member(policy, gcp_role, email)
+    policy = access.modify_policy_remove_member(policy, gcp_role, member)
     out, _ = capsys.readouterr()
     assert 'etag' in out
 
@@ -50,4 +53,3 @@ def test_access(capsys):
     # deleting the service account created above
     service_accounts.delete_service_account(
         email)
-

From 650f9fae887aff37c853556384a6e49fbee12919 Mon Sep 17 00:00:00 2001
From: Gus Class <gguuss@gmail.com>
Date: Wed, 14 Aug 2019 10:31:55 -0700
Subject: [PATCH 6/6] Fixes tests

---
 iam/api-client/access.py          | 3 ++-
 iam/api-client/access_test.py     | 8 ++++----
 iam/api-client/grantable_roles.py | 3 ++-
 iam/api-client/quickstart.py      | 3 ++-
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/iam/api-client/access.py b/iam/api-client/access.py
index 0d761f1008b..d7cdbd4f72a 100644
--- a/iam/api-client/access.py
+++ b/iam/api-client/access.py
@@ -73,7 +73,8 @@ def modify_policy_add_role(policy, role, member):
 def modify_policy_remove_member(policy, role, member):
     """Removes a  member from a role binding."""
     binding = next(b for b in policy['bindings'] if b['role'] == role)
-    binding['members'].remove(member)
+    if 'members' in binding and member in binding['members']:
+        binding['members'].remove(member)
     print(binding)
     return policy
 # [END iam_modify_policy_remove_member]
diff --git a/iam/api-client/access_test.py b/iam/api-client/access_test.py
index 5359df4a77f..fc73474c87b 100644
--- a/iam/api-client/access_test.py
+++ b/iam/api-client/access_test.py
@@ -36,19 +36,19 @@ def test_access(capsys):
 
     policy = access.get_policy(project_id)
     out, _ = capsys.readouterr()
-    assert 'etag' in out
+    assert u'etag' in out
 
     policy = access.modify_policy_add_role(policy, gcp_role, member)
     out, _ = capsys.readouterr()
-    assert 'etag' in out
+    assert u'etag' in out
 
     policy = access.modify_policy_remove_member(policy, gcp_role, member)
     out, _ = capsys.readouterr()
-    assert 'etag' in out
+    assert 'iam.gserviceaccount.com' in out
 
     policy = access.set_policy(project_id, policy)
     out, _ = capsys.readouterr()
-    assert 'etag' in out
+    assert u'etag' in out
 
     # deleting the service account created above
     service_accounts.delete_service_account(
diff --git a/iam/api-client/grantable_roles.py b/iam/api-client/grantable_roles.py
index e5986e7e1e7..ec8e87706b9 100644
--- a/iam/api-client/grantable_roles.py
+++ b/iam/api-client/grantable_roles.py
@@ -34,7 +34,8 @@ def view_grantable_roles(full_resource_name):
     }).execute()
 
     for role in roles['roles']:
-        print('Title: ' + role['title'])
+        if 'title' in role:
+            print('Title: ' + role['title'])
         print('Name: ' + role['name'])
         print('Description: ' + role['description'])
         print(' ')
diff --git a/iam/api-client/quickstart.py b/iam/api-client/quickstart.py
index 932e6832010..d38c601dee0 100644
--- a/iam/api-client/quickstart.py
+++ b/iam/api-client/quickstart.py
@@ -41,7 +41,8 @@ def quickstart():
     for role in roles:
         print('Title: ' + role['title'])
         print('Name: ' + role['name'])
-        print('Description: ' + role['description'])
+        if 'description' in role:
+            print('Description: ' + role['description'])
         print('')
     # [END iam_quickstart]