@Override protected Policy fromPb(com.google.iam.v1.Policy policyPb) { Map<Role, Set<Identity>> bindings = new HashMap<>(); for (com.google.iam.v1.Binding bindingPb : policyPb.getBindingsList()) { bindings.put( Role.of(bindingPb.getRole()), ImmutableSet.copyOf( Lists.transform( bindingPb.getMembersList(), new Function<String, Identity>() { @Override public Identity apply(String s) { return IDENTITY_VALUE_OF_FUNCTION.apply(s); } }))); } return newBuilder() .setBindings(bindings) .setEtag( policyPb.getEtag().isEmpty() ? null : BaseEncoding.base64().encode(policyPb.getEtag().toByteArray())) .setVersion(policyPb.getVersion()) .build(); }
/** Example of removing a member from the Bucket-level IAM */ public Policy removeBucketIamMember(String bucketName, Role role, Identity identity) { // [START remove_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Remove an identity from a Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().removeIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role) == null || !updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Removed %s with role %s from %s\n", identity, role, bucketName); } // [END remove_bucket_iam_member] return updatedPolicy; } }
/** Example of adding a member to the Bucket-level IAM */ public Policy addBucketIamMember(String bucketName, Role role, Identity identity) { // [START add_bucket_iam_member] // Initialize a Cloud Storage client Storage storage = StorageOptions.getDefaultInstance().getService(); // Get IAM Policy for a bucket Policy policy = storage.getIamPolicy(bucketName); // Add identity to Bucket-level IAM role Policy updatedPolicy = storage.setIamPolicy(bucketName, policy.toBuilder().addIdentity(role, identity).build()); if (updatedPolicy.getBindings().get(role).contains(identity)) { System.out.printf("Added %s with role %s to %s\n", identity, role, bucketName); } // [END add_bucket_iam_member] return updatedPolicy; }
@Override protected Policy fromPb(com.google.iam.v1.Policy policyPb) { Map<Role, Set<Identity>> bindings = new HashMap<>(); for (com.google.iam.v1.Binding bindingPb : policyPb.getBindingsList()) { bindings.put( Role.of(bindingPb.getRole()), ImmutableSet.copyOf( Lists.transform( bindingPb.getMembersList(), new Function<String, Identity>() { @Override public Identity apply(String s) { return IDENTITY_VALUE_OF_FUNCTION.apply(s); } }))); } return newBuilder() .setBindings(bindings) .setEtag( policyPb.getEtag().isEmpty() ? null : BaseEncoding.base64().encode(policyPb.getEtag().toByteArray())) .setVersion(policyPb.getVersion()) .build(); }
static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) { Policy.Builder policyBuilder = Policy.newBuilder(); for (Bindings binding : apiPolicy.getBindings()) { for (String member : binding.getMembers()) { policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); } } return policyBuilder.setEtag(apiPolicy.getEtag()).build(); }
.toBuilder() .addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) .build(), bucketOptions); assertEquals(bindingsWithPublicRead, updatedPolicy.getBindings()); .toBuilder() .removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers()) .build(), bucketOptions); assertEquals(bindingsWithoutPublicRead, revertedPolicy.getBindings());
Map<Role, Set<Identity>> editorBinding = ImmutableMap.<Role, Set<Identity>>builder().put(EDITOR, BINDINGS.get(EDITOR)).build(); Policy policy = FULL_POLICY.toBuilder().setBindings(editorBinding).build(); assertEquals(editorBinding, policy.getBindings()); assertEquals("etag", policy.getEtag()); assertEquals(1, policy.getVersion()); policy = SIMPLE_POLICY.toBuilder().removeRole(EDITOR).build(); assertEquals(ImmutableMap.of(VIEWER, BINDINGS.get(VIEWER)), policy.getBindings()); assertNull(policy.getEtag()); .removeIdentity(VIEWER, USER, ALL_USERS) .addIdentity(VIEWER, DOMAIN, GROUP) .build(); assertEquals( ImmutableMap.of(VIEWER, ImmutableSet.of(SERVICE_ACCOUNT, DOMAIN, GROUP)), .addIdentity(EDITOR, GROUP) .removeIdentity(EDITOR, GROUP) .build(); assertEquals( ImmutableMap.of(OWNER, ImmutableSet.of(USER, SERVICE_ACCOUNT)), policy.getBindings());
Identity.user("test2@gmail.com")) .setEtag(ETAG) .build(); com.google.api.services.storage.model.Policy apiPolicy = new com.google.api.services.storage.model.Policy()
@Test public void testGetIamPolicy() { // Setup com.google.iam.v1.GetIamPolicyRequest expectedRequest = com.google.iam.v1.GetIamPolicyRequest.newBuilder() .setResource(NameUtil.formatInstanceName(PROJECT_ID, INSTANCE_ID)) .build(); com.google.iam.v1.Policy expectedResponse = com.google.iam.v1.Policy.newBuilder() .addBindings( com.google.iam.v1.Binding.newBuilder() .setRole("roles/bigtable.user") .addMembers("user:someone@example.com")) .setEtag(ByteString.copyFromUtf8("my-etag")) .build(); Mockito.when(mockGetIamPolicyCallable.futureCall(expectedRequest)) .thenReturn(ApiFutures.immediateFuture(expectedResponse)); // Execute Policy actualResult = adminClient.getIamPolicy(INSTANCE_ID); // Verify assertThat(actualResult) .isEqualTo( Policy.newBuilder() .addIdentity(Role.of("bigtable.user"), Identity.user("someone@example.com")) .setEtag(BaseEncoding.base64().encode("my-etag".getBytes())) .build()); }
public static void main(String... args) { // Create Resource Manager service object // By default, credentials are inferred from the runtime environment. ResourceManager resourceManager = ResourceManagerOptions.getDefaultInstance().getService(); // Get a project from the server String projectId = "some-project-id"; // Use an existing project's ID Project project = resourceManager.get(projectId); // Get the project's policy Policy policy = project.getPolicy(); // Add a viewer Policy.Builder modifiedPolicy = policy.toBuilder(); Identity newViewer = Identity.user("<insert user's email address here>"); modifiedPolicy.addIdentity(Role.viewer(), newViewer); // Write policy Policy updatedPolicy = project.replacePolicy(modifiedPolicy.build()); // Print policy System.out.printf("Updated policy for %s: %n%s%n", projectId, updatedPolicy); } }
@Test public void testDefaultMarshaller() { DefaultMarshaller marshaller = new DefaultMarshaller(); Policy emptyPolicy = Policy.newBuilder().build(); assertEquals(emptyPolicy, marshaller.fromPb(marshaller.toPb(emptyPolicy))); assertEquals(SIMPLE_POLICY, marshaller.fromPb(marshaller.toPb(SIMPLE_POLICY))); assertEquals(FULL_POLICY, marshaller.fromPb(marshaller.toPb(FULL_POLICY))); com.google.iam.v1.Policy policyPb = com.google.iam.v1.Policy.getDefaultInstance(); Policy policy = marshaller.fromPb(policyPb); assertTrue(policy.getBindings().isEmpty()); assertNull(policy.getEtag()); assertEquals(0, policy.getVersion()); } }
@Test public void testEqualsHashCode() { assertNotNull(FULL_POLICY); Policy emptyPolicy = Policy.newBuilder().build(); Policy anotherPolicy = Policy.newBuilder().build(); assertEquals(emptyPolicy, anotherPolicy); assertEquals(emptyPolicy.hashCode(), anotherPolicy.hashCode()); assertNotEquals(FULL_POLICY, SIMPLE_POLICY); assertNotEquals(FULL_POLICY.hashCode(), SIMPLE_POLICY.hashCode()); Policy copy = SIMPLE_POLICY.toBuilder().build(); assertEquals(SIMPLE_POLICY, copy); assertEquals(SIMPLE_POLICY.hashCode(), copy.hashCode()); }
@Test public void testBindings() { assertTrue(Policy.newBuilder().build().getBindings().isEmpty()); assertEquals(BINDINGS, SIMPLE_POLICY.getBindings()); }
static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) { Policy.Builder policyBuilder = Policy.newBuilder(); for (Bindings binding : apiPolicy.getBindings()) { for (String member : binding.getMembers()) { policyBuilder.addIdentity(Role.of(binding.getRole()), Identity.valueOf(member)); } } return policyBuilder.setEtag(apiPolicy.getEtag()).build(); }