Examples with Policy com.google.api.services.iam.v1.model.Policy used on opensource projects

Example 1 with Policy

use of com.google.api.services.iam.v1.model.Policy in project google-cloud-intellij by GoogleCloudPlatform.

the class CloudApiManager method addRolesToServiceAccount.

/**
 * Adds a set of {@link Role roles} to a {@link ServiceAccount}.
 *
 * <p>This is done by fetching the cloud project's existing IAM Policy, adding the new roles to
 * the given service account, and then writing the updated policy back to the cloud project.
 *
 * @param user the current {@link CredentialedUser}
 * @param serviceAccount the {@link ServiceAccount} to which to add roles
 * @param roles the set of {@link Role} to be added to the service account
 * @param cloudProject the current {@link CloudProject}
 * @throws IOException if the API call fails to update the IAM policy
 */
private static void addRolesToServiceAccount(CredentialedUser user, ServiceAccount serviceAccount, Set<Role> roles, CloudProject cloudProject) throws IOException {
    CloudResourceManager resourceManager = GoogleApiClientFactory.getInstance().getCloudResourceManagerClient(user.getCredential());
    Policy existingPolicy = resourceManager.projects().getIamPolicy(cloudProject.projectId(), new GetIamPolicyRequest()).execute();
    List<Binding> bindings = Lists.newArrayList(existingPolicy.getBindings());
    List<Binding> additionalBindings = roles.stream().map(role -> {
        Binding binding = new Binding();
        binding.setRole(role.getName());
        binding.setMembers(createServiceAccountMemberBindings(serviceAccount));
        return binding;
    }).collect(Collectors.toList());
    bindings.addAll(additionalBindings);
    SetIamPolicyRequest policyRequest = new SetIamPolicyRequest();
    Policy newPolicy = new Policy();
    newPolicy.setBindings(bindings);
    policyRequest.setPolicy(newPolicy);
    resourceManager.projects().setIamPolicy(cloudProject.projectId(), policyRequest).execute();
}

Example 2 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method addMemberToCryptoKeyPolicy.

// [END kms_get_keyring_policy]
// [START kms_add_member_to_cryptokey_policy]
/**
 * Adds the given member to the given key, with the given role.
 *
 * @param projectId The id of the project.
 * @param locationId The location id of the key.
 * @param keyRingId The id of the keyring.
 * @param cryptoKeyId The id of the crypto key.
 * @param member The member to add. Must be in the proper format, eg:
 *
 * allUsers user:$userEmail serviceAccount:$serviceAccountEmail
 *
 * See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
 * @param role Must be in one of the following formats: roles/[role]
 * organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
 *
 * See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
 */
public static Policy addMemberToCryptoKeyPolicy(String projectId, String locationId, String keyRingId, String cryptoKeyId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the cryptoKey version
    String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", projectId, locationId, keyRingId, cryptoKeyId);
    // Get the current IAM policy
    Policy iamPolicy = getCryptoKeyPolicy(projectId, locationId, keyRingId, cryptoKeyId);
    // Add the new account to it.
    Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
    List<Binding> bindings = iamPolicy.getBindings();
    if (null == bindings) {
        bindings = Collections.singletonList(newBinding);
    } else {
        bindings.add(newBinding);
    }
    iamPolicy.setBindings(bindings);
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}

Example 3 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method addMemberToKeyRingPolicy.

// [END kms_add_member_to_cryptokey_policy]
// [START kms_add_member_to_keyring_policy]
/**
 * Adds the given member to the given keyring, with the given role.
 *
 * @param projectId The id of the project.
 * @param locationId The location id of the key.
 * @param keyRingId The id of the keyring.
 * @param member The member to add. Must be in the proper format, eg:
 *
 * allUsers user:$userEmail serviceAccount:$serviceAccountEmail
 *
 * See https://g.co/cloud/kms/docs/reference/rest/v1/Policy#binding for more details.
 * @param role Must be in one of the following formats: roles/[role]
 * organizations/[organizationId]/roles/[role] projects/[projectId]/roles/[role]
 *
 * See https://g.co/cloud/iam/docs/understanding-roles for available values for [role].
 */
public static Policy addMemberToKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the keyring version
    String keyring = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
    // Get the current IAM policy
    Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
    // Add the new account to it.
    Binding newBinding = new Binding().setRole(role).setMembers(Collections.singletonList(member));
    List<Binding> bindings = iamPolicy.getBindings();
    if (null == bindings) {
        bindings = Collections.singletonList(newBinding);
    } else {
        bindings.add(newBinding);
    }
    iamPolicy.setBindings(bindings);
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}

Example 4 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class Snippets method removeMemberFromKeyRingPolicy.

// [END kms_remove_member_from_cryptokey_policy]
// [START kms_remove_member_from_keyring_policy]
/**
 * Removes the given member from the given policy.
 */
public static Policy removeMemberFromKeyRingPolicy(String projectId, String locationId, String keyRingId, String member, String role) throws IOException {
    // Create the Cloud KMS client.
    CloudKMS kms = createAuthorizedClient();
    // The resource name of the cryptoKey
    String cryptoKey = String.format("projects/%s/locations/%s/keyRings/%s", projectId, locationId, keyRingId);
    // Get the current IAM policy and add the new account to it.
    Policy iamPolicy = getKeyRingPolicy(projectId, locationId, keyRingId);
    // Filter out the given member
    for (Binding b : iamPolicy.getBindings()) {
        if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
            b.getMembers().remove(member);
            break;
        }
    }
    // Set the new IAM Policy.
    Policy newIamPolicy = kms.projects().locations().keyRings().setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)).execute();
    System.out.println("Response: " + newIamPolicy);
    return newIamPolicy;
}

Example 5 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class AccessTests method testSetPolicy.

@Test
public void testSetPolicy() {
    Policy policy = GetPolicy.getPolicy("projects/" + PROJECT_ID);
    SetPolicy.setPolicy(policy, "projects/" + PROJECT_ID);
    String got = bout.toString();
    assertThat(got, containsString("Policy retrieved: "));
}