Search in sources :

Example 21 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class AddBinding method addBinding.

// Adds a member to a role with no previous members.
public static void addBinding(Policy policy) {
    // policy = service.Projects.GetIAmPolicy(new GetIamPolicyRequest(), your-project-id).Execute();
    String role = "roles/role-to-add";
    List<String> members = new ArrayList<String>();
    members.add("user:member-to-add@example.com");
    Binding binding = new Binding();
    binding.setRole(role);
    binding.setMembers(members);
    policy.getBindings().add(binding);
    System.out.println("Added binding: " + binding.toString());
}
Also used : Binding(com.google.api.services.cloudresourcemanager.v3.model.Binding) ArrayList(java.util.ArrayList)

Example 22 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class Quickstart method addBinding.

public static void addBinding(CloudResourceManager crmService, String projectId, String member, String role) {
    // Gets the project's policy.
    Policy policy = getPolicy(crmService, projectId);
    // Finds binding in policy, if it exists
    Binding binding = null;
    for (Binding b : policy.getBindings()) {
        if (b.getRole().equals(role)) {
            binding = b;
            break;
        }
    }
    if (binding != null) {
        // If binding already exists, adds member to binding.
        binding.getMembers().add(member);
    } else {
        // If binding does not exist, adds binding to policy.
        binding = new Binding();
        binding.setRole(role);
        binding.setMembers(Collections.singletonList(member));
        policy.getBindings().add(binding);
    }
    // Sets the updated policy
    setPolicy(crmService, projectId, policy);
}
Also used : Policy(com.google.api.services.cloudresourcemanager.v3.model.Policy) Binding(com.google.api.services.cloudresourcemanager.v3.model.Binding)

Example 23 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class Quickstart method main.

public static void main(String[] args) {
    // TODO: Replace with your project ID in the form "projects/your-project-id".
    String projectId = "your-project";
    // TODO: Replace with the ID of your member in the form "user:member@example.com"
    String member = "your-member";
    // The role to be granted.
    String role = "roles/logging.logWriter";
    // Initializes the Cloud Resource Manager service.
    CloudResourceManager crmService = null;
    try {
        crmService = initializeService();
    } catch (IOException | GeneralSecurityException e) {
        System.out.println("Unable to initialize service: \n" + e.getMessage() + e.getStackTrace());
    }
    // Grants your member the "Log writer" role for your project.
    addBinding(crmService, projectId, member, role);
    // Get the project's policy and print all members with the "Log Writer" role
    Policy policy = getPolicy(crmService, projectId);
    Binding binding = null;
    List<Binding> bindings = policy.getBindings();
    for (Binding b : bindings) {
        if (b.getRole().equals(role)) {
            binding = b;
            break;
        }
    }
    System.out.println("Role: " + binding.getRole());
    System.out.print("Members: ");
    for (String m : binding.getMembers()) {
        System.out.print("[" + m + "] ");
    }
    System.out.println();
    // Removes member from the "Log writer" role.
    removeMember(crmService, projectId, member, role);
}
Also used : Policy(com.google.api.services.cloudresourcemanager.v3.model.Policy) Binding(com.google.api.services.cloudresourcemanager.v3.model.Binding) CloudResourceManager(com.google.api.services.cloudresourcemanager.v3.CloudResourceManager) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException)

Example 24 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.

the class RemoveMember method removeMember.

// Removes member from a role; removes binding if binding contains 0 members.
public static void removeMember(Policy policy) {
    // policy = service.Projects.GetIAmPolicy(new GetIamPolicyRequest(), your-project-id).Execute();
    String role = "roles/existing-role";
    String member = "user:member-to-remove@example.com";
    List<Binding> bindings = policy.getBindings();
    Binding binding = null;
    for (Binding b : bindings) {
        if (b.getRole().equals(role)) {
            binding = b;
        }
    }
    if (binding.getMembers().contains(member)) {
        binding.getMembers().remove(member);
        System.out.println("Member " + member + " removed from " + role);
        if (binding.getMembers().isEmpty()) {
            policy.getBindings().remove(binding);
        }
        return;
    }
    System.out.println("Role not found in policy; member not removed");
    return;
}
Also used : Binding(com.google.api.services.cloudresourcemanager.v3.model.Binding)

Example 25 with Binding

use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project terra-workspace-manager by DataBiosphere.

the class GcpCloudSyncStep method doStep.

@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
    String gcpProjectId = flightContext.getWorkingMap().get(GCP_PROJECT_ID, String.class);
    FlightMap workingMap = flightContext.getWorkingMap();
    // Read Sam groups for each workspace role.
    Map<WsmIamRole, String> workspaceRoleGroupsMap = workingMap.get(WorkspaceFlightMapKeys.IAM_GROUP_EMAIL_MAP, new TypeReference<>() {
    });
    try {
        Policy currentPolicy = resourceManagerCow.projects().getIamPolicy(gcpProjectId, new GetIamPolicyRequest()).execute();
        List<Binding> newBindings = new ArrayList<>();
        // Add all existing bindings to ensure we don't accidentally clobber existing permissions.
        newBindings.addAll(currentPolicy.getBindings());
        // Add appropriate project-level roles for each WSM IAM role.
        workspaceRoleGroupsMap.forEach((role, email) -> newBindings.add(bindingForRole(role, email, gcpProjectId)));
        Policy newPolicy = new Policy().setVersion(currentPolicy.getVersion()).setBindings(newBindings).setEtag(currentPolicy.getEtag());
        SetIamPolicyRequest iamPolicyRequest = new SetIamPolicyRequest().setPolicy(newPolicy);
        logger.info("Setting new Cloud Context IAM policy: " + iamPolicyRequest.toPrettyString());
        resourceManagerCow.projects().setIamPolicy(gcpProjectId, iamPolicyRequest).execute();
    } catch (IOException e) {
        throw new RetryableCrlException("Error setting IAM permissions", e);
    }
    return StepResult.getStepResultSuccess();
}
Also used : Policy(com.google.api.services.cloudresourcemanager.v3.model.Policy) Binding(com.google.api.services.cloudresourcemanager.v3.model.Binding) SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.v3.model.SetIamPolicyRequest) ArrayList(java.util.ArrayList) IOException(java.io.IOException) GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.v3.model.GetIamPolicyRequest) RetryableCrlException(bio.terra.workspace.service.workspace.exceptions.RetryableCrlException) FlightMap(bio.terra.stairway.FlightMap) WsmIamRole(bio.terra.workspace.service.iam.model.WsmIamRole)

Aggregations

Binding (com.google.api.services.cloudresourcemanager.v3.model.Binding)12 IOException (java.io.IOException)10 Policy (com.google.api.services.cloudresourcemanager.v3.model.Policy)9 Binding (com.google.api.services.iam.v1.model.Binding)6 Policy (com.google.api.services.iam.v1.model.Policy)5 SetIamPolicyRequest (com.google.api.services.iam.v1.model.SetIamPolicyRequest)5 ArrayList (java.util.ArrayList)5 CloudKMS (com.google.api.services.cloudkms.v1.CloudKMS)4 Binding (com.google.api.services.cloudkms.v1.model.Binding)4 Policy (com.google.api.services.cloudkms.v1.model.Policy)4 SetIamPolicyRequest (com.google.api.services.cloudkms.v1.model.SetIamPolicyRequest)4 GetIamPolicyRequest (com.google.api.services.cloudresourcemanager.v3.model.GetIamPolicyRequest)4 SetIamPolicyRequest (com.google.api.services.cloudresourcemanager.v3.model.SetIamPolicyRequest)4 CloudHealthcare (com.google.api.services.healthcare.v1.CloudHealthcare)4 Binding (com.google.api.services.healthcare.v1.model.Binding)4 Policy (com.google.api.services.healthcare.v1.model.Policy)4 SetIamPolicyRequest (com.google.api.services.healthcare.v1.model.SetIamPolicyRequest)4 ServiceAccountName (bio.terra.cloudres.google.iam.ServiceAccountName)3 StepResult (bio.terra.stairway.StepResult)3 CreateServiceAccountRequest (com.google.api.services.iam.v1.model.CreateServiceAccountRequest)3