use of org.flyte.api.v1.Binding in project java-docs-samples by GoogleCloudPlatform.
the class IamRevokeAccess method iamRevokeAccess.
// Revoke a member access to a particular secret.
public static void iamRevokeAccess(String projectId, String secretId, String member) throws IOException {
// the "close" method on the client to safely clean up any remaining background resources.
try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
// Build the name from the version.
SecretName secretName = SecretName.of(projectId, secretId);
// Request the current IAM policy.
Policy policy = client.getIamPolicy(GetIamPolicyRequest.newBuilder().setResource(secretName.toString()).build());
// Search through bindings and remove matches.
String roleToFind = "roles/secretmanager.secretAccessor";
for (Binding binding : policy.getBindingsList()) {
if (binding.getRole() == roleToFind && binding.getMembersList().contains(member)) {
binding.getMembersList().remove(member);
}
}
// Save the updated IAM policy.
client.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(secretName.toString()).setPolicy(policy).build());
System.out.printf("Updated IAM policy for %s\n", secretId);
}
}
use of org.flyte.api.v1.Binding in project java-functions by googleapis.
the class CloudFunctionsServiceClientTest method setIamPolicyTest.
@Test
public void setIamPolicyTest() throws Exception {
Policy expectedResponse = Policy.newBuilder().setVersion(351608024).addAllBindings(new ArrayList<Binding>()).setEtag(ByteString.EMPTY).build();
mockCloudFunctionsService.addResponse(expectedResponse);
SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder().setResource(CloudFunctionName.of("[PROJECT]", "[LOCATION]", "[FUNCTION]").toString()).setPolicy(Policy.newBuilder().build()).build();
Policy actualResponse = client.setIamPolicy(request);
Assert.assertEquals(expectedResponse, actualResponse);
List<AbstractMessage> actualRequests = mockCloudFunctionsService.getRequests();
Assert.assertEquals(1, actualRequests.size());
SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0));
Assert.assertEquals(request.getResource(), actualRequest.getResource());
Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
use of org.flyte.api.v1.Binding in project java-functions by googleapis.
the class CloudFunctionsServiceClientTest method getIamPolicyTest.
@Test
public void getIamPolicyTest() throws Exception {
Policy expectedResponse = Policy.newBuilder().setVersion(351608024).addAllBindings(new ArrayList<Binding>()).setEtag(ByteString.EMPTY).build();
mockCloudFunctionsService.addResponse(expectedResponse);
GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(CloudFunctionName.of("[PROJECT]", "[LOCATION]", "[FUNCTION]").toString()).setOptions(GetPolicyOptions.newBuilder().build()).build();
Policy actualResponse = client.getIamPolicy(request);
Assert.assertEquals(expectedResponse, actualResponse);
List<AbstractMessage> actualRequests = mockCloudFunctionsService.getRequests();
Assert.assertEquals(1, actualRequests.size());
GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0));
Assert.assertEquals(request.getResource(), actualRequest.getResource());
Assert.assertEquals(request.getOptions(), actualRequest.getOptions());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
use of org.flyte.api.v1.Binding in project java-storage by googleapis.
the class ITStorageTest method ensureKmsKeyRingIamPermissionsForTests.
private static void ensureKmsKeyRingIamPermissionsForTests(IAMPolicyGrpc.IAMPolicyBlockingStub iamStub, String projectId, String location, String keyRingName) throws StatusRuntimeException {
ServiceAccount serviceAccount = storage.getServiceAccount(projectId);
String kmsKeyRingResourcePath = KeyRingName.of(projectId, location, keyRingName).toString();
Binding binding = Binding.newBuilder().setRole("roles/cloudkms.cryptoKeyEncrypterDecrypter").addMembers("serviceAccount:" + serviceAccount.getEmail()).build();
com.google.iam.v1.Policy policy = com.google.iam.v1.Policy.newBuilder().addBindings(binding).build();
SetIamPolicyRequest setIamPolicyRequest = SetIamPolicyRequest.newBuilder().setResource(kmsKeyRingResourcePath).setPolicy(policy).build();
requestParamsHeader.put(requestParamsKey, "parent=" + kmsKeyRingResourcePath);
iamStub = MetadataUtils.attachHeaders(iamStub, requestParamsHeader);
try {
iamStub.setIamPolicy(setIamPolicyRequest);
} catch (StatusRuntimeException e) {
if (log.isLoggable(Level.WARNING)) {
log.log(Level.WARNING, "Unable to set IAM policy: {0}", e.getMessage());
}
}
}
use of org.flyte.api.v1.Binding in project java-storage by googleapis.
the class ITStorageTest method testBucketPolicyV3.
@Test
public void testBucketPolicyV3() {
// Enable Uniform Bucket-Level Access
storage.update(BucketInfo.newBuilder(BUCKET).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build());
String projectId = remoteStorageHelper.getOptions().getProjectId();
Storage.BucketSourceOption[] bucketOptions = new Storage.BucketSourceOption[] { Storage.BucketSourceOption.requestedPolicyVersion(3) };
Identity projectOwner = Identity.projectOwner(projectId);
Identity projectEditor = Identity.projectEditor(projectId);
Identity projectViewer = Identity.projectViewer(projectId);
List<com.google.cloud.Binding> bindingsWithoutPublicRead = ImmutableList.of(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build());
List<com.google.cloud.Binding> bindingsWithPublicRead = ImmutableList.of(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).setMembers(ImmutableList.of("allUsers")).build());
List<com.google.cloud.Binding> bindingsWithConditionalPolicy = ImmutableList.of(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).setMembers(ImmutableList.of("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com")).setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()).build());
// Validate getting policy.
Policy currentPolicy = storage.getIamPolicy(BUCKET, bucketOptions);
assertEquals(bindingsWithoutPublicRead, currentPolicy.getBindingsList());
// Validate updating policy.
List<com.google.cloud.Binding> currentBindings = new ArrayList(currentPolicy.getBindingsList());
currentBindings.add(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().getValue()).addMembers(Identity.allUsers().strValue()).build());
Policy updatedPolicy = storage.setIamPolicy(BUCKET, currentPolicy.toBuilder().setBindings(currentBindings).build(), bucketOptions);
assertTrue(bindingsWithPublicRead.size() == updatedPolicy.getBindingsList().size() && bindingsWithPublicRead.containsAll(updatedPolicy.getBindingsList()));
// Remove a member
List<com.google.cloud.Binding> updatedBindings = new ArrayList(updatedPolicy.getBindingsList());
for (int i = 0; i < updatedBindings.size(); i++) {
com.google.cloud.Binding binding = updatedBindings.get(i);
if (binding.getRole().equals(StorageRoles.legacyObjectReader().toString())) {
List<String> members = new ArrayList(binding.getMembers());
members.remove(Identity.allUsers().strValue());
updatedBindings.set(i, binding.toBuilder().setMembers(members).build());
break;
}
}
Policy revertedPolicy = storage.setIamPolicy(BUCKET, updatedPolicy.toBuilder().setBindings(updatedBindings).build(), bucketOptions);
assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindingsList());
assertTrue(bindingsWithoutPublicRead.size() == revertedPolicy.getBindingsList().size() && bindingsWithoutPublicRead.containsAll(revertedPolicy.getBindingsList()));
// Add Conditional Policy
List<com.google.cloud.Binding> conditionalBindings = new ArrayList(revertedPolicy.getBindingsList());
conditionalBindings.add(com.google.cloud.Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).addMembers("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com").setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()).build());
Policy conditionalPolicy = storage.setIamPolicy(BUCKET, revertedPolicy.toBuilder().setBindings(conditionalBindings).setVersion(3).build(), bucketOptions);
assertTrue(bindingsWithConditionalPolicy.size() == conditionalPolicy.getBindingsList().size() && bindingsWithConditionalPolicy.containsAll(conditionalPolicy.getBindingsList()));
// Remove Conditional Policy
conditionalPolicy = storage.setIamPolicy(BUCKET, conditionalPolicy.toBuilder().setBindings(updatedBindings).setVersion(3).build(), bucketOptions);
// Validate testing permissions.
List<Boolean> expectedPermissions = ImmutableList.of(true, true);
assertEquals(expectedPermissions, storage.testIamPermissions(BUCKET, ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), bucketOptions));
// Disable Uniform Bucket-Level Access
storage.update(BucketInfo.newBuilder(BUCKET).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build()).build());
}
Aggregations