@Override protected com.google.iam.v1.Policy toPb(Policy policy) { com.google.iam.v1.Policy.Builder policyBuilder = com.google.iam.v1.Policy.newBuilder(); List<com.google.iam.v1.Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { com.google.iam.v1.Binding.Builder bindingBuilder = com.google.iam.v1.Binding.newBuilder(); bindingBuilder.setRole(binding.getKey().getValue()); bindingBuilder.addAllMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingBuilder.build()); } policyBuilder.addAllBindings(bindingPbList); if (policy.etag != null) { policyBuilder.setEtag(ByteString.copyFrom(BaseEncoding.base64().decode(policy.etag))); } policyBuilder.setVersion(policy.version); return policyBuilder.build(); } }
@Test public void testTopicPolicy() { ProjectTopicName topicName = ProjectTopicName.of(projectId, formatForTest("testing-topic-policy")); topicAdminClient.createTopic(topicName); Policy policy = topicAdminClient.getIamPolicy(topicName.toString()); Binding binding = Binding.newBuilder().setRole("roles/viewer").addMembers("allAuthenticatedUsers").build(); Policy newPolicy = topicAdminClient.setIamPolicy( topicName.toString(), policy.toBuilder().addBindings(binding).build()); assertThat(newPolicy.getBindingsList()).contains(binding); String permissionName = "pubsub.topics.get"; List<String> permissions = topicAdminClient .testIamPermissions(topicName.toString(), Collections.singletonList(permissionName)) .getPermissionsList(); assertThat(permissions).contains(permissionName); topicAdminClient.deleteTopic(topicName); }
Binding.newBuilder().setRole("roles/owner").addMembers("allAuthenticatedUsers").build(); Policy newPolicy = topicAdminClient.setIamPolicy(
@Override protected com.google.iam.v1.Policy toPb(Policy policy) { com.google.iam.v1.Policy.Builder policyBuilder = com.google.iam.v1.Policy.newBuilder(); List<com.google.iam.v1.Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { com.google.iam.v1.Binding.Builder bindingBuilder = com.google.iam.v1.Binding.newBuilder(); bindingBuilder.setRole(binding.getKey().getValue()); bindingBuilder.addAllMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingBuilder.build()); } policyBuilder.addAllBindings(bindingPbList); if (policy.etag != null) { policyBuilder.setEtag(ByteString.copyFrom(BaseEncoding.base64().decode(policy.etag))); } policyBuilder.setVersion(policy.version); return policyBuilder.build(); } }
.setRole(role) .addMembers(member) .build();
.setRole(role) .addMembers(member) .build();
newBindings.add(builder.build());
newBindings.add(builder.build());
private static void ensureKmsKeyRingIamPermissionsForTests( IAMPolicyGrpc.IAMPolicyBlockingStub iamStub, String projectId, String location, String keyRingName) throws StatusRuntimeException { ServiceAccount serviceAccount = storage.getServiceAccount(projectId); String kmsKeyRingResourcePath = KeyRingName.of(projectId, location, keyRingName).toString(); Binding binding = Binding.newBuilder() .setRole("roles/cloudkms.cryptoKeyEncrypterDecrypter") .addMembers("serviceAccount:" + serviceAccount.getEmail()) .build(); com.google.iam.v1.Policy policy = com.google.iam.v1.Policy.newBuilder().addBindings(binding).build(); SetIamPolicyRequest setIamPolicyRequest = SetIamPolicyRequest.newBuilder() .setResource(kmsKeyRingResourcePath) .setPolicy(policy) .build(); requestParamsHeader.put(requestParamsKey, "parent=" + kmsKeyRingResourcePath); iamStub = MetadataUtils.attachHeaders(iamStub, requestParamsHeader); iamStub.setIamPolicy(setIamPolicyRequest); }
/** Example of replacing a subscription policy. */ public Policy replaceSubscriptionPolicy(String subscriptionId) throws Exception { // [START pubsub_set_subscription_policy] try (SubscriptionAdminClient subscriptionAdminClient = SubscriptionAdminClient.create()) { ProjectSubscriptionName subscriptionName = ProjectSubscriptionName.of(projectId, subscriptionId); Policy policy = subscriptionAdminClient.getIamPolicy(subscriptionName.toString()); // Create a role => members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // Update policy Policy updatedPolicy = policy.toBuilder().addBindings(binding).build(); updatedPolicy = subscriptionAdminClient.setIamPolicy(subscriptionName.toString(), updatedPolicy); return updatedPolicy; } // [END pubsub_set_subscription_policy] }
/** Example of replacing a topic policy. */ public Policy replaceTopicPolicy(String topicId) throws Exception { // [START pubsub_set_topic_policy] try (TopicAdminClient topicAdminClient = TopicAdminClient.create()) { String topicName = ProjectTopicName.format(projectId, topicId); Policy policy = topicAdminClient.getIamPolicy(topicName); // add role -> members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // create updated policy Policy updatedPolicy = Policy.newBuilder(policy).addBindings(binding).build(); updatedPolicy = topicAdminClient.setIamPolicy(topicName, updatedPolicy); return updatedPolicy; } // [END pubsub_set_topic_policy] }