use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class Snippets method addMemberToCryptoKeyPolicy.
// [END kms_get_keyring_policy]
// [START kms_add_member_to_cryptokey_policy]
/**
* Adds the given member to the given key, with the given role.
*
* @param projectId The id of the project.
* @param locationId The location id of the key.
* @param keyRingId The id of the keyring.
* @param cryptoKeyId The id of the crypto key.
* @param member The member to add. Must be in the proper format, eg:
*
* allUsers user:$userEmail serviceAccount:$serviceAccountEmail
*
* See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
* @param role Must be in one of the following formats: roles/[role]
* organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
*
* See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
*/
public static Policy addMemberToCryptoKeyPolicy(String projectId, String locationId, String keyRingId, String cryptoKeyId, String member, String role) throws IOException {
// Create the Cloud KMS client.
CloudKMS kms = createAuthorizedClient();
// The resource name of the cryptoKey version
String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", projectId, locationId, keyRingId, cryptoKeyId);
// Get the current IAM policy
Policy iamPolicy = getCryptoKeyPolicy(projectId, locationId, keyRingId, cryptoKeyId);
// Add the new account to it.
Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
List<Binding> bindings = iamPolicy.getBindings();
if (null == bindings) {
bindings = Collections.singletonList(newBinding);
} else {
bindings.add(newBinding);
}
iamPolicy.setBindings(bindings);
// Set the new IAM Policy.
Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
System.out.println("Response: " + newIamPolicy);
return newIamPolicy;
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class Snippets method addMemberToKeyRingPolicy.
// [END kms_add_member_to_cryptokey_policy]
// [START kms_add_member_to_keyring_policy]
/**
* Adds the given member to the given keyring, with the given role.
*
* @param projectId The id of the project.
* @param locationId The location id of the key.
* @param keyRingId The id of the keyring.
* @param member The member to add. Must be in the proper format, eg:
*
* allUsers user:$userEmail serviceAccount:$serviceAccountEmail
*
* See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
* @param role Must be in one of the following formats: roles/[role]
* organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
*
* See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
*/
public static Policy addMemberToKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
// Create the Cloud KMS client.
CloudKMS kms = createAuthorizedClient();
// The resource name of the keyring version
String keyring = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
// Get the current IAM policy
Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
// Add the new account to it.
Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
List<Binding> bindings = iamPolicy.getBindings();
if (null == bindings) {
bindings = Collections.singletonList(newBinding);
} else {
bindings.add(newBinding);
}
iamPolicy.setBindings(bindings);
// Set the new IAM Policy.
Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
System.out.println("Response: " + newIamPolicy);
return newIamPolicy;
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class Snippets method removeMemberFromKeyRingPolicy.
// [END kms_remove_member_from_cryptokey_policy]
// [START kms_remove_member_from_keyring_policy]
/**
* Removes the given member from the given policy.
*/
public static Policy removeMemberFromKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
// Create the Cloud KMS client.
CloudKMS kms = createAuthorizedClient();
// The resource name of the cryptoKey
String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
// Get the current IAM policy and add the new account to it.
Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
// Filter out the given member
for (Binding b : iamPolicy.getBindings()) {
if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
b.getMembers().remove(member);
break;
}
}
// Set the new IAM Policy.
Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
System.out.println("Response: " + newIamPolicy);
return newIamPolicy;
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class QuickstartTests method testQuickstart.
@Test
public void testQuickstart() throws Exception {
String member = "serviceAccount:" + serviceAccount.getEmail();
String role = "roles/logging.logWriter";
// Tests initializeService()
CloudResourceManager crmService = Quickstart.initializeService();
// Tests addBinding()
Quickstart.addBinding(crmService, "projects/" + PROJECT_ID, member, role);
// Get the project's polcy and confirm that the member is in the policy
Policy policy = Quickstart.getPolicy(crmService, "projects/" + PROJECT_ID);
Binding binding = null;
List<Binding> bindings = policy.getBindings();
for (Binding b : bindings) {
if (b.getRole().equals(role)) {
binding = b;
break;
}
}
assertThat(binding.getMembers(), hasItem(member));
// Tests removeMember()
Quickstart.removeMember(crmService, "projects/" + PROJECT_ID, member, role);
// Confirm that the member has been removed
policy = Quickstart.getPolicy(crmService, "projects/" + PROJECT_ID);
binding = null;
bindings = policy.getBindings();
for (Binding b : bindings) {
if (b.getRole().equals(role)) {
binding = b;
break;
}
}
if (binding != null) {
assertThat(binding.getMembers(), not(hasItem(member)));
}
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class FhirStoreSetIamPolicy method fhirStoreSetIamPolicy.
public static void fhirStoreSetIamPolicy(String fhirStoreName) throws IOException {
// String fhirStoreName =
// String.format(
// FHIR_NAME, "your-project-id", "your-region-id", "your-dataset-id", "your-fhir-id");
// Initialize the client, which will be used to interact with the service.
CloudHealthcare client = createClient();
// Configure the IAMPolicy to apply to the store.
// For more information on understanding IAM roles, see the following:
// https://cloud.google.com/iam/docs/understanding-roles
Binding binding = new Binding().setRole("roles/healthcare.fhirResourceReader").setMembers(Arrays.asList("domain:google.com"));
Policy policy = new Policy().setBindings(Arrays.asList(binding));
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest().setPolicy(policy);
// Create request and configure any parameters.
FhirStores.SetIamPolicy request = client.projects().locations().datasets().fhirStores().setIamPolicy(fhirStoreName, policyRequest);
// Execute the request and process the results.
Policy updatedPolicy = request.execute();
System.out.println("FHIR policy has been updated: " + updatedPolicy.toPrettyString());
}
Aggregations