Examples with Binding com.google.api.services.cloudresourcemanager.v3.model.Binding used on opensource projects

Example 1 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method addMemberToCryptoKeyPolicy.

// [END kms_get_keyring_policy]
// [START kms_add_member_to_cryptokey_policy]
/**
 * Adds the given member to the given key, with the given role.
 *
 * @param projectId The id of the project.
 * @param locationId The location id of the key.
 * @param keyRingId The id of the keyring.
 * @param cryptoKeyId The id of the crypto key.
 * @param member The member to add. Must be in the proper format, eg:
 *
 * allUsers user:$userEmail serviceAccount:$serviceAccountEmail
 *
 * See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
 * @param role Must be in one of the following formats: roles/[role]
 * organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
 *
 * See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
 */
public static Policy addMemberToCryptoKeyPolicy(String projectId, String locationId, String keyRingId, String cryptoKeyId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the cryptoKey version
    String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", projectId, locationId, keyRingId, cryptoKeyId);
    // Get the current IAM policy
    Policy iamPolicy = getCryptoKeyPolicy(projectId, locationId, keyRingId, cryptoKeyId);
    // Add the new account to it.
    Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
    List<Binding> bindings = iamPolicy.getBindings();
    if (null == bindings) {
        bindings = Collections.singletonList(newBinding);
    } else {
        bindings.add(newBinding);
    }
    iamPolicy.setBindings(bindings);
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}

Example 2 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method addMemberToKeyRingPolicy.

// [END kms_add_member_to_cryptokey_policy]
// [START kms_add_member_to_keyring_policy]
/**
 * Adds the given member to the given keyring, with the given role.
 *
 * @param projectId The id of the project.
 * @param locationId The location id of the key.
 * @param keyRingId The id of the keyring.
 * @param member The member to add. Must be in the proper format, eg:
 *
 * allUsers user:$userEmail serviceAccount:$serviceAccountEmail
 *
 * See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
 * @param role Must be in one of the following formats: roles/[role]
 * organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
 *
 * See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
 */
public static Policy addMemberToKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the keyring version
    String keyring = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
    // Get the current IAM policy
    Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
    // Add the new account to it.
    Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
    List<Binding> bindings = iamPolicy.getBindings();
    if (null == bindings) {
        bindings = Collections.singletonList(newBinding);
    } else {
        bindings.add(newBinding);
    }
    iamPolicy.setBindings(bindings);
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}

Example 3 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method removeMemberFromKeyRingPolicy.

// [END kms_remove_member_from_cryptokey_policy]
// [START kms_remove_member_from_keyring_policy]
/**
 * Removes the given member from the given policy.
 */
public static Policy removeMemberFromKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the cryptoKey
    String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
    // Get the current IAM policy and add the new account to it.
    Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
    // Filter out the given member
    for (Binding b : iamPolicy.getBindings()) {
        if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
            b.getMembers().remove(member);
            break;
        }
    }
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}

Example 4 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class QuickstartTests method testQuickstart.

@Test
public void testQuickstart() throws Exception {
    String member = "serviceAccount:" + serviceAccount.getEmail();
    String role = "roles/logging.logWriter";
    // Tests initializeService()
    CloudResourceManager crmService = Quickstart.initializeService();
    // Tests addBinding()
    Quickstart.addBinding(crmService, "projects/" + PROJECT_ID, member, role);
    // Get the project's polcy and confirm that the member is in the policy
    Policy policy = Quickstart.getPolicy(crmService, "projects/" + PROJECT_ID);
    Binding binding = null;
    List<Binding> bindings = policy.getBindings();
    for (Binding b : bindings) {
        if (b.getRole().equals(role)) {
            binding = b;
            break;
        }
    }
    assertThat(binding.getMembers(), hasItem(member));
    // Tests removeMember()
    Quickstart.removeMember(crmService, "projects/" + PROJECT_ID, member, role);
    // Confirm that the member has been removed
    policy = Quickstart.getPolicy(crmService, "projects/" + PROJECT_ID);
    binding = null;
    bindings = policy.getBindings();
    for (Binding b : bindings) {
        if (b.getRole().equals(role)) {
            binding = b;
            break;
        }
    }
    if (binding != null) {
        assertThat(binding.getMembers(), not(hasItem(member)));
    }
}

Example 5 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class FhirStoreSetIamPolicy method fhirStoreSetIamPolicy.

public static void fhirStoreSetIamPolicy(String fhirStoreName) throws IOException {
    // String fhirStoreName =
    // String.format(
    // FHIR_NAME, "your-project-id", "your-region-id", "your-dataset-id", "your-fhir-id");
    // Initialize the client, which will be used to interact with the service.
    CloudHealthcare client = createClient();
    // Configure the IAMPolicy to apply to the store.
    // For more information on understanding IAM roles, see the following:
    // https://cloud.google.com/iam/docs/understanding-roles
    Binding binding = new Binding().setRole("roles/healthcare.fhirResourceReader").setMembers(Arrays.asList("domain:google.com"));
    Policy policy = new Policy().setBindings(Arrays.asList(binding));
    SetIamPolicyRequest policyRequest = new SetIamPolicyRequest().setPolicy(policy);
    // Create request and configure any parameters.
    FhirStores.SetIamPolicy request = client.projects().locations().datasets().fhirStores().setIamPolicy(fhirStoreName, policyRequest);
    // Execute the request and process the results.
    Policy updatedPolicy = request.execute();
    System.out.println("FHIR policy has been updated: " + updatedPolicy.toPrettyString());
}