fix: changeover unspecified to inherited (#603)

* fix: changeover unspecified to inherited

* Update google/cloud/storage/bucket.py

Co-authored-by: Tres Seaver <[email protected]>

* Apply suggestions from code review

Co-authored-by: Tres Seaver <[email protected]>

* remove dup line

* Apply suggestions from code review

Co-authored-by: Tres Seaver <[email protected]>

* Update tests/unit/test_bucket.py

Co-authored-by: cojenco <[email protected]>

* lint fix

* one more lint fix

* line

Co-authored-by: Tres Seaver <[email protected]>
Co-authored-by: cojenco <[email protected]>

Author: 3 people

google/cloud/storage/bucket.py

@@ -51,7 +51,7 @@
 from google.cloud.storage.constants import MULTI_REGIONAL_LEGACY_STORAGE_CLASS
 from google.cloud.storage.constants import MULTI_REGION_LOCATION_TYPE
 from google.cloud.storage.constants import NEARLINE_STORAGE_CLASS
-from google.cloud.storage.constants import PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
+from google.cloud.storage.constants import PUBLIC_ACCESS_PREVENTION_INHERITED
 from google.cloud.storage.constants import REGIONAL_LEGACY_STORAGE_CLASS
 from google.cloud.storage.constants import REGION_LOCATION_TYPE
 from google.cloud.storage.constants import STANDARD_STORAGE_CLASS
@@ -387,8 +387,7 @@ class IAMConfiguration(dict):
 
     :type public_access_prevention: str
     :params public_access_prevention:
-        (Optional) Whether the public access prevention policy is 'unspecified' (default) or 'enforced'
-        See: https://cloud.google.com/storage/docs/public-access-prevention
+        (Optional) Whether the public access prevention policy is 'inherited' (default) or 'enforced'
         See: https://cloud.google.com/storage/docs/public-access-prevention
 
     :type uniform_bucket_level_access_enabled: bool
@@ -438,7 +437,7 @@ def __init__(
             uniform_bucket_level_access_enabled = False
 
         if public_access_prevention is _default:
-            public_access_prevention = PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
+            public_access_prevention = PUBLIC_ACCESS_PREVENTION_INHERITED
 
         data = {
             "uniformBucketLevelAccess": {
@@ -481,11 +480,12 @@ def bucket(self):
 
     @property
     def public_access_prevention(self):
-        """Setting for public access prevention policy. Options are 'unspecified' (default) or 'enforced'.
-            More information can be found at https://cloud.google.com/storage/docs/public-access-prevention
+        """Setting for public access prevention policy. Options are 'inherited' (default) or 'enforced'.
+
+            See: https://cloud.google.com/storage/docs/public-access-prevention
 
         :rtype: string
-        :returns: the public access prevention status, either 'enforced' or 'unspecified'.
+        :returns: the public access prevention status, either 'enforced' or 'inherited'.
         """
         return self["publicAccessPrevention"]
 

google/cloud/storage/constants.py

@@ -107,5 +107,13 @@
 PUBLIC_ACCESS_PREVENTION_UNSPECIFIED = "unspecified"
 """Unspecified public access prevention value.
 
+DEPRECATED: Use 'PUBLIC_ACCESS_PREVENTION_INHERITED' instead.
+
+See: https://cloud.google.com/storage/docs/public-access-prevention
+"""
+
+PUBLIC_ACCESS_PREVENTION_INHERITED = "inherited"
+"""Inherited public access prevention value.
+
 See: https://cloud.google.com/storage/docs/public-access-prevention
 """

tests/system/test_bucket.py

@@ -806,22 +806,22 @@ def test_ubla_set_unset_preserves_acls(
     assert blob_acl_before == blob_acl_after
 
 
-@pytest.mark.skip(reason="Unspecified PAP is changing to inherited")
-def test_new_bucket_created_w_unspecified_pap(
+def test_new_bucket_created_w_inherited_pap(
     storage_client, buckets_to_delete, blobs_to_delete,
 ):
     from google.cloud.storage import constants
 
-    bucket_name = _helpers.unique_name("new-w-pap-unspecified")
+    bucket_name = _helpers.unique_name("new-w-pap-inherited")
     bucket = storage_client.bucket(bucket_name)
     bucket.iam_configuration.uniform_bucket_level_access_enabled = True
     bucket.create()
     buckets_to_delete.append(bucket)
 
-    assert (
-        bucket.iam_configuration.public_access_prevention
-        == constants.PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
-    )
+    # TODO: Remove unspecified after changeover is complete
+    assert bucket.iam_configuration.public_access_prevention in [
+        constants.PUBLIC_ACCESS_PREVENTION_UNSPECIFIED,
+        constants.PUBLIC_ACCESS_PREVENTION_INHERITED,
+    ]
 
     bucket.iam_configuration.public_access_prevention = (
         constants.PUBLIC_ACCESS_PREVENTION_ENFORCED
@@ -876,12 +876,13 @@ def test_new_bucket_created_w_enforced_pap(
     )
 
     bucket.iam_configuration.public_access_prevention = (
-        constants.PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
+        constants.PUBLIC_ACCESS_PREVENTION_INHERITED
     )
     bucket.patch()
 
-    assert (
-        bucket.iam_configuration.public_access_prevention
-        == constants.PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
-    )
+    # TODO: Remove unspecified after changeover is complete
+    assert bucket.iam_configuration.public_access_prevention in [
+        constants.PUBLIC_ACCESS_PREVENTION_UNSPECIFIED,
+        constants.PUBLIC_ACCESS_PREVENTION_INHERITED,
+    ]
     assert not bucket.iam_configuration.uniform_bucket_level_access_enabled

tests/unit/test_bucket.py

@@ -23,6 +23,7 @@
 from google.cloud.storage.retry import DEFAULT_RETRY_IF_GENERATION_SPECIFIED
 from google.cloud.storage.retry import DEFAULT_RETRY_IF_METAGENERATION_SPECIFIED
 from google.cloud.storage.constants import PUBLIC_ACCESS_PREVENTION_ENFORCED
+from google.cloud.storage.constants import PUBLIC_ACCESS_PREVENTION_INHERITED
 from google.cloud.storage.constants import PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
 
 
@@ -358,8 +359,10 @@ def test_ctor_defaults(self):
         self.assertIs(config.bucket, bucket)
         self.assertFalse(config.uniform_bucket_level_access_enabled)
         self.assertIsNone(config.uniform_bucket_level_access_locked_time)
-        self.assertEqual(
-            config.public_access_prevention, PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
+        # TODO: Remove unspecified after changeover is complete
+        self.assertIn(
+            config.public_access_prevention,
+            [PUBLIC_ACCESS_PREVENTION_UNSPECIFIED, PUBLIC_ACCESS_PREVENTION_INHERITED],
         )
         self.assertFalse(config.bucket_policy_only_enabled)
         self.assertIsNone(config.bucket_policy_only_locked_time)
@@ -396,9 +399,11 @@ def test_ctor_explicit_pap(self):
             config.public_access_prevention, PUBLIC_ACCESS_PREVENTION_ENFORCED
         )
 
-        config.public_access_prevention = PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
-        self.assertEqual(
-            config.public_access_prevention, PUBLIC_ACCESS_PREVENTION_UNSPECIFIED
+        config.public_access_prevention = PUBLIC_ACCESS_PREVENTION_INHERITED
+        # TODO: Remove unspecified after changeover is complete
+        self.assertIn(
+            config.public_access_prevention,
+            [PUBLIC_ACCESS_PREVENTION_UNSPECIFIED, PUBLIC_ACCESS_PREVENTION_INHERITED],
         )
 
     def test_ctor_explicit_bpo(self):