/** Example of adding a member to the Bucket-level IAM */ public Policy addBucketIamMember(String bucketName, Role role, Identity identity) { // [START add_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Add identity to Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().addIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName); } // [END add_bucket_iam_member] return updatedPolicy; }
@Test public void testIllegalPolicies() { try { Policy.newBuilder().addIdentity(null, USER); fail("Null role should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().addIdentity(VIEWER, null, USER); fail("Null identity should cause exception."); } catch (NullPointerException ex) { Policy.newBuilder().addIdentity(VIEWER, USER, (Identity[]) null); fail("Null identity should cause exception."); } catch (NullPointerException ex) {
@Test public void testGetIamPolicy() { // Setup com.google.iam.v1.GetIamPolicyRequest expectedRequest = com.google.iam.v1.GetIamPolicyRequest.newBuilder() .setResource(NameUtil.formatInstanceName(PROJECT_ID, INSTANCE_ID)) .build(); com.google.iam.v1.Policy expectedResponse = com.google.iam.v1.Policy.newBuilder() .addBindings( com.google.iam.v1.Binding.newBuilder() .setRole("roles/bigtable.user") .addMembers("user:someone@example.com")) .setEtag(ByteString.copyFromUtf8("my-etag")) .build(); Mockito.when(mockGetIamPolicyCallable.futureCall(expectedRequest)) .thenReturn(ApiFutures.immediateFuture(expectedResponse)); // Execute Policy actualResult = adminClient.getIamPolicy(INSTANCE_ID); // Verify assertThat(actualResult) .isEqualTo( Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .setEtag(BaseEncoding.base64().encode("my-etag".getBytes())) .build()); }
static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) { Policy.Builder policyBuilder = Policy.newBuilder(); for (Bindings binding : apiPolicy.getBindings()) { for (String member : binding.getMembers()) { policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); } } return policyBuilder.setEtag(apiPolicy.getEtag()).build(); }
Policy postCommitLibPolicy = Policy.newBuilder() .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) .addIdentity( StorageRoles.objectAdmin(), Identity.user("test1@gmail.com"), Identity.user("test2@gmail.com")) .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .setEtag(POLICY_ETAG2) .build(); currentPolicy .toBuilder() .addIdentity(StorageRoles.admin(), Identity.group("test-group@gmail.com")) .build()); assertEquals(updatedPolicy, postCommitLibPolicy);
currentPolicy .toBuilder() .addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) .build(), bucketOptions);
.toBuilder() .removeIdentity(VIEWER, USER, ALL_USERS) .addIdentity(VIEWER, DOMAIN, GROUP) .build(); assertEquals( Policy.newBuilder() .removeIdentity(VIEWER, USER) .addIdentity(OWNER, USER, SERVICE_ACCOUNT) .addIdentity(EDITOR, GROUP) .removeIdentity(EDITOR, GROUP) .build();
INSTANCE_ID, Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .build()); .isEqualTo( Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .setEtag(BaseEncoding.base64().encode("my-etag".getBytes())) .build());
Policy libPolicy = Policy.newBuilder() .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) .addIdentity( StorageRoles.objectAdmin(), Identity.user("test1@gmail.com"),
public static void main(String... args) { // Create Resource Manager service object // By default, credentials are inferred from the runtime environment. ResourceManager resourceManager = ResourceManagerOptions.getDefaultInstance().getService(); // Get a project from the server String projectId = "some-project-id"; // Use an existing project's ID Project project = resourceManager.get(projectId); // Get the project's policy Policy policy = project.getPolicy(); // Add a viewer Policy.Builder modifiedPolicy = policy.toBuilder(); Identity newViewer = Identity.user("<insert user's email address here>"); modifiedPolicy.addIdentity(Role.viewer(), newViewer); // Write policy Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build()); // Print policy System.out.printf("Updated policy for %s: %n%s%n", projectId, updatedPolicy); } }
static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) { Policy.Builder policyBuilder = Policy.newBuilder(); for (Bindings binding : apiPolicy.getBindings()) { for (String member : binding.getMembers()) { policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); } } return policyBuilder.setEtag(apiPolicy.getEtag()).build(); }