Examples with Policy com.google.api.services.iam.v1.model.Policy used on opensource projects

Example 31 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class GetPolicy method getPolicy.

// Gets a project's policy.
public static Policy getPolicy(String projectId) {
    // projectId = "my-project-id"
    Policy policy = null;
    CloudResourceManager service = null;
    try {
        service = createCloudResourceManagerService();
    } catch (IOException | GeneralSecurityException e) {
        System.out.println("Unable to initialize service: \n" + e.toString());
        return policy;
    }
    try {
        GetIamPolicyRequest request = new GetIamPolicyRequest();
        policy = service.projects().getIamPolicy(projectId, request).execute();
        System.out.println("Policy retrieved: " + policy.toString());
        return policy;
    } catch (IOException e) {
        System.out.println("Unable to get policy: \n" + e.toString());
        return policy;
    }
}

Example 32 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class Quickstart method addBinding.

public static void addBinding(CloudResourceManager crmService, String projectId, String member, String role) {
    // Gets the project's policy.
    Policy policy = getPolicy(crmService, projectId);
    // Finds binding in policy, if it exists
    Binding binding = null;
    for (Binding b : policy.getBindings()) {
        if (b.getRole().equals(role)) {
            binding = b;
            break;
        }
    }
    if (binding != null) {
        // If binding already exists, adds member to binding.
        binding.getMembers().add(member);
    } else {
        // If binding does not exist, adds binding to policy.
        binding = new Binding();
        binding.setRole(role);
        binding.setMembers(Collections.singletonList(member));
        policy.getBindings().add(binding);
    }
    // Sets the updated policy
    setPolicy(crmService, projectId, policy);
}

Example 33 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class Quickstart method main.

public static void main(String[] args) {
    // TODO: Replace with your project ID in the form "projects/your-project-id".
    String projectId = "your-project";
    // TODO: Replace with the ID of your member in the form "user:member@example.com"
    String member = "your-member";
    // The role to be granted.
    String role = "roles/logging.logWriter";
    // Initializes the Cloud Resource Manager service.
    CloudResourceManager crmService = null;
    try {
        crmService = initializeService();
    } catch (IOException | GeneralSecurityException e) {
        System.out.println("Unable to initialize service: \n" + e.getMessage() + e.getStackTrace());
    }
    // Grants your member the "Log writer" role for your project.
    addBinding(crmService, projectId, member, role);
    // Get the project's policy and print all members with the "Log Writer" role
    Policy policy = getPolicy(crmService, projectId);
    Binding binding = null;
    List<Binding> bindings = policy.getBindings();
    for (Binding b : bindings) {
        if (b.getRole().equals(role)) {
            binding = b;
            break;
        }
    }
    System.out.println("Role: " + binding.getRole());
    System.out.print("Members: ");
    for (String m : binding.getMembers()) {
        System.out.print("[" + m + "] ");
    }
    System.out.println();
    // Removes member from the "Log writer" role.
    removeMember(crmService, projectId, member, role);
}

Example 34 with Policy

use of com.google.api.services.iam.v1.model.Policy in project java-docs-samples by GoogleCloudPlatform.

the class Quickstart method getPolicy.

public static Policy getPolicy(CloudResourceManager crmService, String projectId) {
    // Gets the project's policy by calling the
    // Cloud Resource Manager Projects API.
    Policy policy = null;
    try {
        GetIamPolicyRequest request = new GetIamPolicyRequest();
        policy = crmService.projects().getIamPolicy(projectId, request).execute();
    } catch (IOException e) {
        System.out.println("Unable to get policy: \n" + e.getMessage() + e.getStackTrace());
    }
    return policy;
}

Example 35 with Policy

use of com.google.api.services.iam.v1.model.Policy in project terra-workspace-manager by DataBiosphere.

the class GcpCloudSyncStep method doStep.

@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
    String gcpProjectId = flightContext.getWorkingMap().get(GCP_PROJECT_ID, String.class);
    FlightMap workingMap = flightContext.getWorkingMap();
    // Read Sam groups for each workspace role.
    Map<WsmIamRole, String> workspaceRoleGroupsMap = workingMap.get(WorkspaceFlightMapKeys.IAM_GROUP_EMAIL_MAP, new TypeReference<>() {
    });
    try {
        Policy currentPolicy = resourceManagerCow.projects().getIamPolicy(gcpProjectId, new GetIamPolicyRequest()).execute();
        List<Binding> newBindings = new ArrayList<>();
        // Add all existing bindings to ensure we don't accidentally clobber existing permissions.
        newBindings.addAll(currentPolicy.getBindings());
        // Add appropriate project-level roles for each WSM IAM role.
        workspaceRoleGroupsMap.forEach((role, email) -> newBindings.add(bindingForRole(role, email, gcpProjectId)));
        Policy newPolicy = new Policy().setVersion(currentPolicy.getVersion()).setBindings(newBindings).setEtag(currentPolicy.getEtag());
        SetIamPolicyRequest iamPolicyRequest = new SetIamPolicyRequest().setPolicy(newPolicy);
        logger.info("Setting new Cloud Context IAM policy: " + iamPolicyRequest.toPrettyString());
        resourceManagerCow.projects().setIamPolicy(gcpProjectId, iamPolicyRequest).execute();
    } catch (IOException e) {
        throw new RetryableCrlException("Error setting IAM permissions", e);
    }
    return StepResult.getStepResultSuccess();
}