class RemoveIamPolicyBinding(base.Command): """Remove IAM policy binding for a folder. Removes a policy binding to the IAM policy of a folder, given a folder ID and the binding. """ detailed_help = iam_util.GetDetailedHelpForRemoveIamPolicyBinding( 'folder', '3589215982') @staticmethod def Args(parser): flags.FolderIdArg('to which you want to add a binding').AddToParser( parser) iam_util.AddArgsForRemoveIamPolicyBinding( parser, completer=completers.FoldersIamRolesCompleter) # Allow for retries due to ETag-based optimistic concurrency control @http_retry.RetryOnHttpStatus(six.moves.http_client.CONFLICT) def Run(self, args): policy = folders.GetIamPolicy(args.id) iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) return folders.SetIamPolicy(args.id, policy)
class RemoveIamPolicyBinding(base.Command): """Remove IAM policy binding for a dataset. This command removes a policy binding to the IAM policy of a dataset, given a dataset ID and the binding. """ detailed_help = iam_util.GetDetailedHelpForRemoveIamPolicyBinding( 'dataset', '1000') @staticmethod def Args(parser): parser.add_argument('id', type=str, help='The ID of the dataset.') iam_util.AddArgsForRemoveIamPolicyBinding(parser, 'id', 'genomics.datasets') @genomics_util.ReraiseHttpException def Run(self, args): apitools_client = genomics_util.GetGenomicsClient() messages = genomics_util.GetGenomicsMessages() dataset_resource = resources.REGISTRY.Parse( args.id, collection='genomics.datasets') policy_request = messages.GenomicsDatasetsGetIamPolicyRequest( resource='datasets/{0}'.format(dataset_resource.Name()), getIamPolicyRequest=messages.GetIamPolicyRequest(), ) policy = apitools_client.datasets.GetIamPolicy(policy_request) iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) policy_request = messages.GenomicsDatasetsSetIamPolicyRequest( resource='datasets/{0}'.format(dataset_resource.Name()), setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy), ) return apitools_client.datasets.SetIamPolicy(policy_request)
class RemoveIamPolicyBinding(base.Command): """Removes IAM policy binding from an AI Platform Model resource. Removes a policy binding from an AI Platform Model. One binding consists of a member, a role and an optional condition. See $ {parent_command} get-iam-policy for examples of how to specify a model resource. """ description = 'remove IAM policy binding from an AI Platform model' detailed_help = iam_util.GetDetailedHelpForRemoveIamPolicyBinding( 'model', 'my_model', role='roles/ml.admin', condition=False) @staticmethod def Args(parser): """Register flags for this command. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. """ _GetRemoveIamPolicyBindingArgs(parser, add_condition=False) def Run(self, args): """This is what gets called when the user runs this command. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: The specified function with its description and configured filter. """ with endpoint_util.MlEndpointOverrides(region=args.region): client = models.ModelsClient() return models_util.RemoveIamPolicyBinding(client, args.model, args.member, args.role)
class RemoveIamPolicyBindingAlpha(orgs_base.OrganizationCommand): """Remove IAM policy binding for an organization. Removes a policy binding to the IAM policy of an organization, given an organization ID and the binding. One binding consists of a member, a role, and an optional condition. """ detailed_help = iam_util.GetDetailedHelpForRemoveIamPolicyBinding( 'organization', 'example-organization-id-1', use_an=True, condition=True) @staticmethod def Args(parser): flags.IdArg('whose IAM binding you want to remove.').AddToParser(parser) iam_util.AddArgsForRemoveIamPolicyBinding(parser, add_condition=True) @http_retry.RetryOnHttpStatus(six.moves.http_client.CONFLICT) def Run(self, args): condition = iam_util.ValidateAndExtractCondition(args) messages = self.OrganizationsMessages() get_policy_request = ( messages.CloudresourcemanagerOrganizationsGetIamPolicyRequest( organizationsId=args.id, getIamPolicyRequest=messages.GetIamPolicyRequest())) policy = self.OrganizationsClient().GetIamPolicy(get_policy_request) iam_util.RemoveBindingFromIamPolicyWithCondition( policy, args.member, args.role, condition, args.all) set_policy_request = ( messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest( organizationsId=args.id, setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy))) return self.OrganizationsClient().SetIamPolicy(set_policy_request)
class RemoveIamPolicyBinding(orgs_base.OrganizationCommand): """Remove IAM policy binding for an organization. Removes a policy binding to the IAM policy of an organization, given an organization ID and the binding. """ detailed_help = iam_util.GetDetailedHelpForRemoveIamPolicyBinding( 'organization', 'example-organization-id-1') @staticmethod def Args(parser): flags.IdArg('whose IAM binding you want to remove.').AddToParser( parser) iam_util.AddArgsForRemoveIamPolicyBinding(parser) @http_retry.RetryOnHttpStatus(httplib.CONFLICT) def Run(self, args): messages = self.OrganizationsMessages() get_policy_request = ( messages.CloudresourcemanagerOrganizationsGetIamPolicyRequest( organizationsId=args.id, getIamPolicyRequest=messages.GetIamPolicyRequest())) policy = self.OrganizationsClient().GetIamPolicy(get_policy_request) iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) set_policy_request = ( messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest( organizationsId=args.id, setIamPolicyRequest=messages.SetIamPolicyRequest( policy=policy))) return self.OrganizationsClient().SetIamPolicy(set_policy_request)
class RemoveIamPolicyBinding(base.Command): """Remove an IAM policy binding from a Google Compute Engine disk. *{command}* removes an IAM policy binding from a Google Compute Engine disk's access policy. """ detailed_help = iam_util.GetDetailedHelpForRemoveIamPolicyBinding( 'disk', 'my-disk', role='roles/compute.securityAdmin') @staticmethod def Args(parser): RemoveIamPolicyBinding.disk_arg = disks_flags.MakeDiskArg(plural=False) RemoveIamPolicyBinding.disk_arg.AddArgument( parser, operation_type='remove the IAM policy binding from') iam_util.AddArgsForRemoveIamPolicyBinding(parser) def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) client = holder.client disk_ref = RemoveIamPolicyBinding.disk_arg.ResolveAsResource( args, holder.resources) get_request = client.messages.ComputeDisksGetIamPolicyRequest( resource=disk_ref.disk, zone=disk_ref.zone, project=disk_ref.project) policy = client.apitools_client.disks.GetIamPolicy(get_request) iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) # TODO(b/78371568): Construct the ZoneSetPolicyRequest directly # out of the parsed policy. set_request = client.messages.ComputeDisksSetIamPolicyRequest( resource=disk_ref.disk, zone=disk_ref.zone, zoneSetPolicyRequest=client.messages.ZoneSetPolicyRequest( bindings=policy.bindings, etag=policy.etag), project=disk_ref.project) return client.apitools_client.disks.SetIamPolicy(set_request)
class RemoveIamPolicyBinding(base_classes.BaseIamCommand): """Remove an IAM policy binding from a service account. This command removes a policy binding to the IAM policy of a service account, given an IAM-ACCOUNT and the binding. """ detailed_help = iam_util.GetDetailedHelpForRemoveIamPolicyBinding( 'service account', '*****@*****.**') @staticmethod def Args(parser): parser.add_argument('account', metavar='IAM-ACCOUNT', help='The service account whose policy to ' 'remove the binding from.') iam_util.AddArgsForRemoveIamPolicyBinding(parser) @http_retry.RetryOnHttpStatus(httplib.CONFLICT) def Run(self, args): try: policy = self.iam_client.projects_serviceAccounts.GetIamPolicy( self.messages.IamProjectsServiceAccountsGetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName( args.account))) iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) return self.iam_client.projects_serviceAccounts.SetIamPolicy( self.messages.IamProjectsServiceAccountsSetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName(args.account), setIamPolicyRequest=self.messages.SetIamPolicyRequest( policy=policy))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException( error, args.account)