use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class AddBinding method addBinding.
// Adds a member to a role with no previous members.
public static void addBinding(Policy policy) {
// policy = service.Projects.GetIAmPolicy(new GetIamPolicyRequest(), your-project-id).Execute();
String role = "roles/role-to-add";
List<String> members = new ArrayList<String>();
members.add("user:member-to-add@example.com");
Binding binding = new Binding();
binding.setRole(role);
binding.setMembers(members);
policy.getBindings().add(binding);
System.out.println("Added binding: " + binding.toString());
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class Quickstart method addBinding.
public static void addBinding(CloudResourceManager crmService, String projectId, String member, String role) {
// Gets the project's policy.
Policy policy = getPolicy(crmService, projectId);
// Finds binding in policy, if it exists
Binding binding = null;
for (Binding b : policy.getBindings()) {
if (b.getRole().equals(role)) {
binding = b;
break;
}
}
if (binding != null) {
// If binding already exists, adds member to binding.
binding.getMembers().add(member);
} else {
// If binding does not exist, adds binding to policy.
binding = new Binding();
binding.setRole(role);
binding.setMembers(Collections.singletonList(member));
policy.getBindings().add(binding);
}
// Sets the updated policy
setPolicy(crmService, projectId, policy);
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class Quickstart method main.
public static void main(String[] args) {
// TODO: Replace with your project ID in the form "projects/your-project-id".
String projectId = "your-project";
// TODO: Replace with the ID of your member in the form "user:member@example.com"
String member = "your-member";
// The role to be granted.
String role = "roles/logging.logWriter";
// Initializes the Cloud Resource Manager service.
CloudResourceManager crmService = null;
try {
crmService = initializeService();
} catch (IOException | GeneralSecurityException e) {
System.out.println("Unable to initialize service: \n" + e.getMessage() + e.getStackTrace());
}
// Grants your member the "Log writer" role for your project.
addBinding(crmService, projectId, member, role);
// Get the project's policy and print all members with the "Log Writer" role
Policy policy = getPolicy(crmService, projectId);
Binding binding = null;
List<Binding> bindings = policy.getBindings();
for (Binding b : bindings) {
if (b.getRole().equals(role)) {
binding = b;
break;
}
}
System.out.println("Role: " + binding.getRole());
System.out.print("Members: ");
for (String m : binding.getMembers()) {
System.out.print("[" + m + "] ");
}
System.out.println();
// Removes member from the "Log writer" role.
removeMember(crmService, projectId, member, role);
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project java-docs-samples by GoogleCloudPlatform.
the class RemoveMember method removeMember.
// Removes member from a role; removes binding if binding contains 0 members.
public static void removeMember(Policy policy) {
// policy = service.Projects.GetIAmPolicy(new GetIamPolicyRequest(), your-project-id).Execute();
String role = "roles/existing-role";
String member = "user:member-to-remove@example.com";
List<Binding> bindings = policy.getBindings();
Binding binding = null;
for (Binding b : bindings) {
if (b.getRole().equals(role)) {
binding = b;
}
}
if (binding.getMembers().contains(member)) {
binding.getMembers().remove(member);
System.out.println("Member " + member + " removed from " + role);
if (binding.getMembers().isEmpty()) {
policy.getBindings().remove(binding);
}
return;
}
System.out.println("Role not found in policy; member not removed");
return;
}
use of com.google.api.services.cloudresourcemanager.v3.model.Binding in project terra-workspace-manager by DataBiosphere.
the class GcpCloudSyncStep method doStep.
@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
String gcpProjectId = flightContext.getWorkingMap().get(GCP_PROJECT_ID, String.class);
FlightMap workingMap = flightContext.getWorkingMap();
// Read Sam groups for each workspace role.
Map<WsmIamRole, String> workspaceRoleGroupsMap = workingMap.get(WorkspaceFlightMapKeys.IAM_GROUP_EMAIL_MAP, new TypeReference<>() {
});
try {
Policy currentPolicy = resourceManagerCow.projects().getIamPolicy(gcpProjectId, new GetIamPolicyRequest()).execute();
List<Binding> newBindings = new ArrayList<>();
// Add all existing bindings to ensure we don't accidentally clobber existing permissions.
newBindings.addAll(currentPolicy.getBindings());
// Add appropriate project-level roles for each WSM IAM role.
workspaceRoleGroupsMap.forEach((role, email) -> newBindings.add(bindingForRole(role, email, gcpProjectId)));
Policy newPolicy = new Policy().setVersion(currentPolicy.getVersion()).setBindings(newBindings).setEtag(currentPolicy.getEtag());
SetIamPolicyRequest iamPolicyRequest = new SetIamPolicyRequest().setPolicy(newPolicy);
logger.info("Setting new Cloud Context IAM policy: " + iamPolicyRequest.toPrettyString());
resourceManagerCow.projects().setIamPolicy(gcpProjectId, iamPolicyRequest).execute();
} catch (IOException e) {
throw new RetryableCrlException("Error setting IAM permissions", e);
}
return StepResult.getStepResultSuccess();
}
Aggregations