/** * Grants the following permissions: * * <ul> * <li>storage.objects.create * </ul> */ public static Role objectCreator() { return Role.of("roles/storage.objectCreator"); }
@Override public boolean equals(Object obj) { return obj instanceof Role && Objects.equals(value, ((Role) obj).getValue()); } }
/** * Returns a new role given its string value. * * <p>If the value contains no slash character ({@code '/'}), the prefix {@code "roles/""} is * prepended. This slightly simplifies usage for <a * href="https://cloud.google.com/iam/docs/understanding-roles">predefined roles</a>. For <a * href="https://cloud.google.com/iam/docs/creating-custom-roles">custom roles</a>, call this * method with the fully-qualified name, eg {@code "projects/XXX/roles/YYY"}. * * @param value the string value for the role * @see <a href="https://cloud.google.com/iam/docs/viewing-grantable-roles">Viewing the Grantable * Roles on Resources</a> */ public static Role of(String value) { checkNotNull(value); if (!value.contains("/")) { value = ROLE_PREFIX + value; } return new Role(value); }
@Test public void testOf() { assertThat(VIEWER.getValue()).isEqualTo("roles/viewer"); assertThat(EDITOR.getValue()).isEqualTo("roles/editor"); assertThat(OWNER.getValue()).isEqualTo("roles/owner"); compareRoles(VIEWER, Role.of("roles/viewer")); compareRoles(EDITOR, Role.of("roles/editor")); compareRoles(OWNER, Role.of("roles/owner")); String customRole = "projects/foo/roles/bar"; assertThat(Role.of(customRole).getValue()).isEqualTo(customRole); }
/** Example of replacing a topic policy. */ public Policy replaceTopicPolicy(String topicId) throws Exception { // [START pubsub_set_topic_policy] try (TopicAdminClient topicAdminClient = TopicAdminClient.create()) { String topicName = ProjectTopicName.format(projectId, topicId); Policy policy = topicAdminClient.getIamPolicy(topicName); // add role -> members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // create updated policy Policy updatedPolicy = Policy.newBuilder(policy).addBindings(binding).build(); updatedPolicy = topicAdminClient.setIamPolicy(topicName, updatedPolicy); return updatedPolicy; } // [END pubsub_set_topic_policy] }
public static void main(String... args) { // Create Resource Manager service object // By default, credentials are inferred from the runtime environment. ResourceManager resourceManager = ResourceManagerOptions.getDefaultInstance().getService(); // Get a project from the server String projectId = "some-project-id"; // Use an existing project's ID Project project = resourceManager.get(projectId); // Get the project's policy Policy policy = project.getPolicy(); // Add a viewer Policy.Builder modifiedPolicy = policy.toBuilder(); Identity newViewer = Identity.user("<insert user's email address here>"); modifiedPolicy.addIdentity(Role.viewer(), newViewer); // Write policy Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build()); // Print policy System.out.printf("Updated policy for %s: %n%s%n", projectId, updatedPolicy); } }
/** Example of replacing a subscription policy. */ public Policy replaceSubscriptionPolicy(String subscriptionId) throws Exception { // [START pubsub_set_subscription_policy] try (SubscriptionAdminClient subscriptionAdminClient = SubscriptionAdminClient.create()) { ProjectSubscriptionName subscriptionName = ProjectSubscriptionName.of(projectId, subscriptionId); Policy policy = subscriptionAdminClient.getIamPolicy(subscriptionName.toString()); // Create a role => members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // Update policy Policy updatedPolicy = policy.toBuilder().addBindings(binding).build(); updatedPolicy = subscriptionAdminClient.setIamPolicy(subscriptionName.toString(), updatedPolicy); return updatedPolicy; } // [END pubsub_set_subscription_policy] }
/** * Grants the following permissions: * * <ul> * <li>storage.buckets.get * <li>storage.objects.list * </ul> */ public static Role legacyBucketReader() { return Role.of("roles/storage.legacyBucketReader"); }
static com.google.api.services.storage.model.Policy convertToApiPolicy(Policy policy) { List<Bindings> bindings = new ArrayList<>(policy.getBindings().size()); for (Map.Entry<Role, Set<Identity>> entry : policy.getBindings().entrySet()) { List<String> members = new ArrayList<>(entry.getValue().size()); for (Identity identity : entry.getValue()) { members.add(identity.strValue()); } bindings.add(new Bindings().setMembers(members).setRole(entry.getKey().getValue())); } return new com.google.api.services.storage.model.Policy() .setBindings(bindings) .setEtag(policy.getEtag()); }
/** * Returns a new role given its string value. * * <p>If the value contains no slash character ({@code '/'}), the prefix {@code "roles/""} is * prepended. This slightly simplifies usage for <a * href="https://cloud.google.com/iam/docs/understanding-roles">predefined roles</a>. For <a * href="https://cloud.google.com/iam/docs/creating-custom-roles">custom roles</a>, call this * method with the fully-qualified name, eg {@code "projects/XXX/roles/YYY"}. * * @param value the string value for the role * @see <a href="https://cloud.google.com/iam/docs/viewing-grantable-roles">Viewing the Grantable * Roles on Resources</a> */ public static Role of(String value) { checkNotNull(value); if (!value.contains("/")) { value = ROLE_PREFIX + value; } return new Role(value); }
/** * Returns the viewer role. Encapsulates the permission for read-only actions that preserve state * of a resource. * * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a> */ public static Role viewer() { return of("viewer"); }
@Override protected com.google.iam.v1.Policy toPb(Policy policy) { com.google.iam.v1.Policy.Builder policyBuilder = com.google.iam.v1.Policy.newBuilder(); List<com.google.iam.v1.Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { com.google.iam.v1.Binding.Builder bindingBuilder = com.google.iam.v1.Binding.newBuilder(); bindingBuilder.setRole(binding.getKey().getValue()); bindingBuilder.addAllMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingBuilder.build()); } policyBuilder.addAllBindings(bindingPbList); if (policy.etag != null) { policyBuilder.setEtag(ByteString.copyFrom(BaseEncoding.base64().decode(policy.etag))); } policyBuilder.setVersion(policy.version); return policyBuilder.build(); } }
/** * Grants the following permissions: * * <ul> * <li>storage.objects.* * </ul> */ public static Role objectAdmin() { return Role.of("roles/storage.objectAdmin"); }
@Override protected com.google.api.services.cloudresourcemanager.model.Policy toPb(Policy policy) { com.google.api.services.cloudresourcemanager.model.Policy policyPb = new com.google.api.services.cloudresourcemanager.model.Policy(); List<Binding> bindingPbList = new LinkedList<>(); for (Map.Entry<Role, Set<Identity>> binding : policy.getBindings().entrySet()) { Binding bindingPb = new Binding(); bindingPb.setRole(binding.getKey().getValue()); bindingPb.setMembers( Lists.transform( new ArrayList<>(binding.getValue()), new Function<Identity, String>() { @Override public String apply(Identity identity) { return IDENTITY_STR_VALUE_FUNCTION.apply(identity); } })); bindingPbList.add(bindingPb); } policyPb.setBindings(bindingPbList); policyPb.setEtag(policy.getEtag()); policyPb.setVersion(policy.getVersion()); return policyPb; } }
/** * Returns the editor role. Encapsulates all viewer's permissions and permissions for actions that * modify the state of a resource. * * @see <a href="https://cloud.google.com/iam/docs/understanding-roles">Understanding Roles</a> */ public static Role editor() { return of("editor"); }
@Override public boolean equals(Object obj) { return obj instanceof Role && Objects.equals(value, ((Role) obj).getValue()); } }