def Run(self, args):
api_version = util.GetApiFromTrack(self.ReleaseTrack())
dns_client = util.GetApiClient(api_version)
messages = apis.GetMessagesModule('dns', api_version)
zone_ref = args.CONCEPTS.zone.Parse()
resource_name = 'projects/{0}/managedZones/{1}'.format(
zone_ref.project, zone_ref.managedZone)
policy, update_mask = iam_util.ParsePolicyFileWithUpdateMask(
args.policy_file, messages.GoogleIamV1Policy)
req = messages.DnsProjectsManagedZonesSetIamPolicyRequest(
resource=resource_name,
googleIamV1SetIamPolicyRequest=messages.
GoogleIamV1SetIamPolicyRequest(policy=policy,
updateMask=update_mask))
return dns_client.projects_managedZones.SetIamPolicy(req)
def Run(self_, args):
"""Called when command is executed."""
# Default Policy message and set IAM request message field names
policy_type_name = 'Policy'
policy_request_path = 'setIamPolicyRequest'
# Use Policy message and set IAM request field name overrides for API's
# with non-standard naming (if provided)
if self.spec.iam:
if 'policy' in self.spec.iam.message_type_overrides:
policy_type_name = (self.spec.iam
.message_type_overrides['policy'] or
policy_type_name)
policy_request_path = (self.spec.iam.set_iam_policy_request_path or
policy_request_path)
policy_field_path = policy_request_path + '.policy'
policy_type = self.method.GetMessageByName(policy_type_name)
if not policy_type:
raise ValueError('Policy type [{}] not found.'.format(
policy_type_name))
policy, update_mask = iam_util.ParsePolicyFileWithUpdateMask(
args.policy_file, policy_type)
# override policy version
if self.spec.iam and self.spec.iam.policy_version:
policy.version = self.spec.iam.policy_version
self.spec.request.static_fields[policy_field_path] = policy
self._SetPolicyUpdateMask(update_mask)
try:
ref, response = self._CommonRun(args)
except HttpBadRequestError as ex:
log.err.Print(
'ERROR: Policy modification failed. For bindings with conditions'
', run "gcloud alpha iam policies lint-condition" to identify '
'issues in conditions.'
)
raise ex
iam_util.LogSetIamPolicy(ref.Name(), self.display_resource_type)
return self._HandleResponse(response, args)
def SetIamPolicy(models_client, model, policy_file):
model_ref = ParseModel(model)
policy, update_mask = iam_util.ParsePolicyFileWithUpdateMask(
policy_file, models_client.messages.GoogleIamV1Policy)
iam_util.LogSetIamPolicy(model_ref.Name(), 'model')
return models_client.SetIamPolicy(model_ref, policy, update_mask)
def SetInstanceIamPolicy(instance_ref, policy):
"""Sets the IAM policy on an instance."""
msgs = apis.GetMessagesModule('spanner', 'v1')
policy, field_mask = iam_util.ParsePolicyFileWithUpdateMask(
policy, msgs.Policy)
return instances.SetPolicy(instance_ref, policy, field_mask)
