Search in sources :

Example 1 with SetIamPolicyRequest

use of com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest in project java-docs-samples by GoogleCloudPlatform.

the class DeviceRegistryExample method setIamPermissions.

// [END iot_get_iam_policy]
// [START iot_set_iam_policy]
/**
 * Sets IAM permissions for the given registry.
 */
public static void setIamPermissions(String projectId, String cloudRegion, String registryName, String member, String role) throws GeneralSecurityException, IOException {
    GoogleCredential credential = GoogleCredential.getApplicationDefault().createScoped(CloudIotScopes.all());
    JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
    HttpRequestInitializer init = new RetryHttpInitializerWrapper(credential);
    final CloudIot service = new CloudIot.Builder(GoogleNetHttpTransport.newTrustedTransport(), jsonFactory, init).setApplicationName(APP_NAME).build();
    final String registryPath = String.format("projects/%s/locations/%s/registries/%s", projectId, cloudRegion, registryName);
    com.google.api.services.cloudiot.v1.model.Policy policy = service.projects().locations().registries().getIamPolicy(registryPath, new GetIamPolicyRequest()).execute();
    List<com.google.api.services.cloudiot.v1.model.Binding> bindings = policy.getBindings();
    boolean addNewRole = true;
    if (bindings != null) {
        for (com.google.api.services.cloudiot.v1.model.Binding binding : bindings) {
            if (binding.getRole().equals(role)) {
                List<String> members = binding.getMembers();
                members.add(member);
                binding.setMembers(members);
                addNewRole = false;
            }
        }
    } else {
        bindings = new ArrayList<>();
    }
    if (addNewRole) {
        com.google.api.services.cloudiot.v1.model.Binding bind = new com.google.api.services.cloudiot.v1.model.Binding();
        bind.setRole(role);
        List<String> members = new ArrayList<>();
        members.add(member);
        bind.setMembers(members);
        bindings.add(bind);
    }
    policy.setBindings(bindings);
    SetIamPolicyRequest req = new SetIamPolicyRequest().setPolicy(policy);
    policy = service.projects().locations().registries().setIamPolicy(registryPath, req).execute();
    System.out.println("Policy ETAG: " + policy.getEtag());
    for (com.google.api.services.cloudiot.v1.model.Binding binding : policy.getBindings()) {
        System.out.println(String.format("Role: %s", binding.getRole()));
        System.out.println("Binding members: ");
        for (String mem : binding.getMembers()) {
            System.out.println(String.format("\t%s", mem));
        }
    }
}
Also used : Binding(com.google.iam.v1.Binding) CloudIot(com.google.api.services.cloudiot.v1.CloudIot) SetIamPolicyRequest(com.google.api.services.cloudiot.v1.model.SetIamPolicyRequest) JsonFactory(com.google.api.client.json.JsonFactory) ArrayList(java.util.ArrayList) GoogleCredential(com.google.api.client.googleapis.auth.oauth2.GoogleCredential) GetIamPolicyRequest(com.google.api.services.cloudiot.v1.model.GetIamPolicyRequest) HttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer)

Example 2 with SetIamPolicyRequest

use of com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method addMemberToCryptoKeyPolicy.

// [END kms_get_keyring_policy]
// [START kms_add_member_to_cryptokey_policy]
/**
 * Adds the given member to the given key, with the given role.
 *
 * @param projectId The id of the project.
 * @param locationId The location id of the key.
 * @param keyRingId The id of the keyring.
 * @param cryptoKeyId The id of the crypto key.
 * @param member The member to add. Must be in the proper format, eg:
 *
 * allUsers user:$userEmail serviceAccount:$serviceAccountEmail
 *
 * See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
 * @param role Must be in one of the following formats: roles/[role]
 * organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
 *
 * See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
 */
public static Policy addMemberToCryptoKeyPolicy(String projectId, String locationId, String keyRingId, String cryptoKeyId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the cryptoKey version
    String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", projectId, locationId, keyRingId, cryptoKeyId);
    // Get the current IAM policy
    Policy iamPolicy = getCryptoKeyPolicy(projectId, locationId, keyRingId, cryptoKeyId);
    // Add the new account to it.
    Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
    List<Binding> bindings = iamPolicy.getBindings();
    if (null == bindings) {
        bindings = Collections.singletonList(newBinding);
    } else {
        bindings.add(newBinding);
    }
    iamPolicy.setBindings(bindings);
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}
Also used : Policy(com.google.api.services.cloudkms.v1.model.Policy) Binding(com.google.api.services.cloudkms.v1.model.Binding) CloudKMS(com.google.api.services.cloudkms.v1.CloudKMS) SetIamPolicyRequest(com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest)

Example 3 with SetIamPolicyRequest

use of com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method addMemberToKeyRingPolicy.

// [END kms_add_member_to_cryptokey_policy]
// [START kms_add_member_to_keyring_policy]
/**
 * Adds the given member to the given keyring, with the given role.
 *
 * @param projectId The id of the project.
 * @param locationId The location id of the key.
 * @param keyRingId The id of the keyring.
 * @param member The member to add. Must be in the proper format, eg:
 *
 * allUsers user:$userEmail serviceAccount:$serviceAccountEmail
 *
 * See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
 * @param role Must be in one of the following formats: roles/[role]
 * organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
 *
 * See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
 */
public static Policy addMemberToKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the keyring version
    String keyring = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
    // Get the current IAM policy
    Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
    // Add the new account to it.
    Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
    List<Binding> bindings = iamPolicy.getBindings();
    if (null == bindings) {
        bindings = Collections.singletonList(newBinding);
    } else {
        bindings.add(newBinding);
    }
    iamPolicy.setBindings(bindings);
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}
Also used : Policy(com.google.api.services.cloudkms.v1.model.Policy) Binding(com.google.api.services.cloudkms.v1.model.Binding) CloudKMS(com.google.api.services.cloudkms.v1.CloudKMS) SetIamPolicyRequest(com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest)

Example 4 with SetIamPolicyRequest

use of com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method removeMemberFromKeyRingPolicy.

// [END kms_remove_member_from_cryptokey_policy]
// [START kms_remove_member_from_keyring_policy]
/**
 * Removes the given member from the given policy.
 */
public static Policy removeMemberFromKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the cryptoKey
    String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
    // Get the current IAM policy and add the new account to it.
    Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
    // Filter out the given member
    for (Binding b : iamPolicy.getBindings()) {
        if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
            b.getMembers().remove(member);
            break;
        }
    }
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}
Also used : Policy(com.google.api.services.cloudkms.v1.model.Policy) Binding(com.google.api.services.cloudkms.v1.model.Binding) CloudKMS(com.google.api.services.cloudkms.v1.CloudKMS) SetIamPolicyRequest(com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest)

Example 5 with SetIamPolicyRequest

use of com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method removeMemberFromCryptoKeyPolicy.

// [END kms_add_member_to_keyring_policy]
// [START kms_remove_member_from_cryptokey_policy]
/**
 * Removes the given member from the given policy.
 */
public static Policy removeMemberFromCryptoKeyPolicy(String projectId, String locationId, String keyRingId, String cryptoKeyId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the cryptoKey
    String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", projectId, locationId, keyRingId, cryptoKeyId);
    // Get the current IAM policy and add the new account to it.
    Policy iamPolicy = getCryptoKeyPolicy(projectId, locationId, keyRingId, cryptoKeyId);
    if (null == iamPolicy.getBindings()) {
        // Nothing to remove
        return null;
    }
    // Filter out the given member
    for (Binding b : iamPolicy.getBindings()) {
        if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
            b.getMembers().removeAll(Collections.singletonList(member));
            break;
        }
    }
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}
Also used : Policy(com.google.api.services.cloudkms.v1.model.Policy) Binding(com.google.api.services.cloudkms.v1.model.Binding) CloudKMS(com.google.api.services.cloudkms.v1.CloudKMS) SetIamPolicyRequest(com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest)

Aggregations

CloudKMS (com.google.api.services.cloudkms.v1.CloudKMS)4 Binding (com.google.api.services.cloudkms.v1.model.Binding)4 Policy (com.google.api.services.cloudkms.v1.model.Policy)4 SetIamPolicyRequest (com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest)4 GoogleCredential (com.google.api.client.googleapis.auth.oauth2.GoogleCredential)1 HttpRequestInitializer (com.google.api.client.http.HttpRequestInitializer)1 JsonFactory (com.google.api.client.json.JsonFactory)1 CloudIot (com.google.api.services.cloudiot.v1.CloudIot)1 GetIamPolicyRequest (com.google.api.services.cloudiot.v1.model.GetIamPolicyRequest)1 SetIamPolicyRequest (com.google.api.services.cloudiot.v1.model.SetIamPolicyRequest)1 Binding (com.google.iam.v1.Binding)1 ArrayList (java.util.ArrayList)1