@Override public List<String> apply(TestIamPermissionsResponse input) { return input.getPermissionsList(); } },
/** * * * <pre> * Representation of the actual Cloud IAM policy set on a cloud resource. For each * resource, there must be at most one Cloud IAM policy set on it. * </pre> * * <code>.google.iam.v1.Policy iam_policy = 4;</code> */ public com.google.iam.v1.Policy getIamPolicy() { return iamPolicy_ == null ? com.google.iam.v1.Policy.getDefaultInstance() : iamPolicy_; } /**
/** * Gets the access control policy for an instance resource. Returns an empty policy if an instance * exists but does not have a policy set. * * <p>Sample code: * * <pre><code> * try (BaseBigtableInstanceAdminClient baseBigtableInstanceAdminClient = BaseBigtableInstanceAdminClient.create()) { * String formattedResource = InstanceName.format("[PROJECT]", "[INSTANCE]"); * Policy response = baseBigtableInstanceAdminClient.getIamPolicy(formattedResource); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
private static void ensureKmsKeyRingIamPermissionsForTests( IAMPolicyGrpc.IAMPolicyBlockingStub iamStub, String projectId, String location, String keyRingName) throws StatusRuntimeException { ServiceAccount serviceAccount = storage.getServiceAccount(projectId); String kmsKeyRingResourcePath = KeyRingName.of(projectId, location, keyRingName).toString(); Binding binding = Binding.newBuilder() .setRole("roles/cloudkms.cryptoKeyEncrypterDecrypter") .addMembers("serviceAccount:" + serviceAccount.getEmail()) .build(); com.google.iam.v1.Policy policy = com.google.iam.v1.Policy.newBuilder().addBindings(binding).build(); SetIamPolicyRequest setIamPolicyRequest = SetIamPolicyRequest.newBuilder() .setResource(kmsKeyRingResourcePath) .setPolicy(policy) .build(); requestParamsHeader.put(requestParamsKey, "parent=" + kmsKeyRingResourcePath); iamStub = MetadataUtils.attachHeaders(iamStub, requestParamsHeader); iamStub.setIamPolicy(setIamPolicyRequest); }
/** * Sets the access control policy on the specified resource. Replaces any existing policy. * * <p>Sample code: * * <pre><code> * try (TopicAdminClient topicAdminClient = TopicAdminClient.create()) { * String formattedResource = ProjectTopicName.format("[PROJECT]", "[TOPIC]"); * Policy policy = Policy.newBuilder().build(); * Policy response = topicAdminClient.setIamPolicy(formattedResource, policy); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being specified. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the * policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud * Platform services (such as Projects) might reject them. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy setIamPolicy(String resource, Policy policy) { SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder().setResource(resource).setPolicy(policy).build(); return setIamPolicy(request); }
/** Example of replacing a topic policy. */ public Policy replaceTopicPolicy(String topicId) throws Exception { // [START pubsub_set_topic_policy] try (TopicAdminClient topicAdminClient = TopicAdminClient.create()) { String topicName = ProjectTopicName.format(projectId, topicId); Policy policy = topicAdminClient.getIamPolicy(topicName); // add role -> members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // create updated policy Policy updatedPolicy = Policy.newBuilder(policy).addBindings(binding).build(); updatedPolicy = topicAdminClient.setIamPolicy(topicName, updatedPolicy); return updatedPolicy; } // [END pubsub_set_topic_policy] }
/** Example of replacing a subscription policy. */ public Policy replaceSubscriptionPolicy(String subscriptionId) throws Exception { // [START pubsub_set_subscription_policy] try (SubscriptionAdminClient subscriptionAdminClient = SubscriptionAdminClient.create()) { ProjectSubscriptionName subscriptionName = ProjectSubscriptionName.of(projectId, subscriptionId); Policy policy = subscriptionAdminClient.getIamPolicy(subscriptionName.toString()); // Create a role => members binding Binding binding = Binding.newBuilder() .setRole(Role.viewer().toString()) .addMembers(Identity.allAuthenticatedUsers().toString()) .build(); // Update policy Policy updatedPolicy = policy.toBuilder().addBindings(binding).build(); updatedPolicy = subscriptionAdminClient.setIamPolicy(subscriptionName.toString(), updatedPolicy); return updatedPolicy; } // [END pubsub_set_subscription_policy] }
/** * Sets the access control policy on an instance resource. Replaces any existing policy. * * <p>Sample code: * * <pre><code> * try (BaseBigtableInstanceAdminClient baseBigtableInstanceAdminClient = BaseBigtableInstanceAdminClient.create()) { * String formattedResource = InstanceName.format("[PROJECT]", "[INSTANCE]"); * Policy policy = Policy.newBuilder().build(); * Policy response = baseBigtableInstanceAdminClient.setIamPolicy(formattedResource, policy); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being specified. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the * policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud * Platform services (such as Projects) might reject them. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy setIamPolicy(String resource, Policy policy) { SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder().setResource(resource).setPolicy(policy).build(); return setIamPolicy(request); }
/** * Gets the access control policy on the specified Source. * * <p>Sample code: * * <pre><code> * try (SecurityCenterClient securityCenterClient = SecurityCenterClient.create()) { * SourceName resource = SourceName.of("[ORGANIZATION]", "[SOURCE]"); * Policy response = securityCenterClient.getIamPolicy(resource.toString()); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Sets the access control policy on the specified resource. Replaces any existing policy. * * <p>Sample code: * * <pre><code> * try (SubscriptionAdminClient subscriptionAdminClient = SubscriptionAdminClient.create()) { * String formattedResource = ProjectSubscriptionName.format("[PROJECT]", "[SUBSCRIPTION]"); * Policy policy = Policy.newBuilder().build(); * Policy response = subscriptionAdminClient.setIamPolicy(formattedResource, policy); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being specified. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the * policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud * Platform services (such as Projects) might reject them. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy setIamPolicy(String resource, Policy policy) { SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder().setResource(resource).setPolicy(policy).build(); return setIamPolicy(request); }
/** * Gets the access control policy for a resource. Returns an empty policy if the resource exists * and does not have a policy set. * * <p>Sample code: * * <pre><code> * try (SubscriptionAdminClient subscriptionAdminClient = SubscriptionAdminClient.create()) { * String formattedResource = ProjectSubscriptionName.format("[PROJECT]", "[SUBSCRIPTION]"); * Policy response = subscriptionAdminClient.getIamPolicy(formattedResource); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Sets the access control policy on the specified resource. Replaces any existing policy. * * <p>Sample code: * * <pre><code> * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); * Policy policy = Policy.newBuilder().build(); * Policy response = keyManagementServiceClient.setIamPolicy(resource.toString(), policy); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being specified. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the * policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud * Platform services (such as Projects) might reject them. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy setIamPolicy(String resource, Policy policy) { SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder().setResource(resource).setPolicy(policy).build(); return setIamPolicy(request); }
/** * Gets the access control policy for a resource. Returns an empty policy if the resource exists * and does not have a policy set. * * <p>Sample code: * * <pre><code> * try (TopicAdminClient topicAdminClient = TopicAdminClient.create()) { * String formattedResource = ProjectTopicName.format("[PROJECT]", "[TOPIC]"); * Policy response = topicAdminClient.getIamPolicy(formattedResource); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Sets the access control policy on the specified Source. * * <p>Sample code: * * <pre><code> * try (SecurityCenterClient securityCenterClient = SecurityCenterClient.create()) { * SourceName resource = SourceName.of("[ORGANIZATION]", "[SOURCE]"); * Policy policy = Policy.newBuilder().build(); * Policy response = securityCenterClient.setIamPolicy(resource.toString(), policy); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being specified. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the * policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud * Platform services (such as Projects) might reject them. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy setIamPolicy(String resource, Policy policy) { SetIamPolicyRequest request = SetIamPolicyRequest.newBuilder().setResource(resource).setPolicy(policy).build(); return setIamPolicy(request); }
/** * Gets the access control policy for a resource. Returns an empty policy if the resource exists * and does not have a policy set. * * <p>Sample code: * * <pre><code> * try (DeviceManagerClient deviceManagerClient = DeviceManagerClient.create()) { * RegistryName resource = RegistryName.of("[PROJECT]", "[LOCATION]", "[REGISTRY]"); * Policy response = deviceManagerClient.getIamPolicy(resource.toString()); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Gets the access control policy for a resource. Returns an empty policy if the resource exists * and does not have a policy set. * * <p>Sample code: * * <pre><code> * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); * Policy response = keyManagementServiceClient.getIamPolicy(resource.toString()); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Gets the access control policy for a note or an occurrence resource. Requires * `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` * permission if the resource is a note or occurrence, respectively. * * <p>The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and * `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences. * * <p>Sample code: * * <pre><code> * try (ContainerAnalysisV1Beta1Client containerAnalysisV1Beta1Client = ContainerAnalysisV1Beta1Client.create()) { * IamResourceName resource = NoteName.of("[PROJECT]", "[NOTE]"); * Policy response = containerAnalysisV1Beta1Client.getIamPolicy(resource.toString()); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Gets the access control policy for a database resource. Returns an empty policy if a database * exists but does not have a policy set. * * <p>Authorization requires `spanner.databases.getIamPolicy` permission on * [resource][google.iam.v1.GetIamPolicyRequest.resource]. * * <p>Sample code: * * <pre><code> * try (DatabaseAdminClient databaseAdminClient = DatabaseAdminClient.create()) { * String formattedResource = DatabaseName.format("[PROJECT]", "[INSTANCE]", "[DATABASE]"); * Policy response = databaseAdminClient.getIamPolicy(formattedResource); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Gets the access control policy for an instance resource. Returns an empty policy if an instance * exists but does not have a policy set. * * <p>Authorization requires `spanner.instances.getIamPolicy` on * [resource][google.iam.v1.GetIamPolicyRequest.resource]. * * <p>Sample code: * * <pre><code> * try (InstanceAdminClient instanceAdminClient = InstanceAdminClient.create()) { * String formattedResource = InstanceName.format("[PROJECT]", "[INSTANCE]"); * Policy response = instanceAdminClient.getIamPolicy(formattedResource); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }
/** * Gets the access control policy for a [Queue][google.cloud.tasks.v2beta3.Queue]. Returns an * empty policy if the resource exists and does not have a policy set. * * <p>Authorization requires the following [Google IAM](https://cloud.google.com/iam) permission * on the specified resource parent: * * <p>* `cloudtasks.queues.getIamPolicy` * * <p>Sample code: * * <pre><code> * try (CloudTasksClient cloudTasksClient = CloudTasksClient.create()) { * QueueName resource = QueueName.of("[PROJECT]", "[LOCATION]", "[QUEUE]"); * Policy response = cloudTasksClient.getIamPolicy(resource.toString()); * } * </code></pre> * * @param resource REQUIRED: The resource for which the policy is being requested. `resource` is * usually specified as a path. For example, a Project resource is specified as * `projects/{project}`. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Policy getIamPolicy(String resource) { GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); return getIamPolicy(request); }