def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') parent_name = iam_util.GetParentName(args.organization, args.project) if args.file: if args.title or args.description or args.stage or args.permissions: raise exceptions.ConflictingArgumentsException('file', 'others') role = iam_util.ParseYamlToRole(args.file, messages.Role) role.name = None role.etag = None else: role = messages.Role(title=args.title, description=args.description) if args.permissions: role.includedPermissions = args.permissions.split(',') if args.stage: role.stage = iam_util.StageTypeFromString(args.stage) if not role.title: role.title = args.role if not args.quiet: testing_permissions = util.GetTestingPermissions( iam_client, messages, iam_util.GetResourceReference(args.project, args.organization), role.includedPermissions) iam_util.TestingPermissionsWarning(testing_permissions) result = iam_client.organizations_roles.Create( messages.IamOrganizationsRolesCreateRequest( createRoleRequest=messages.CreateRoleRequest( role=role, roleId=args.role), parent=parent_name)) log.CreatedResource(args.role, kind='role') iam_util.SetRoleStageIfAlpha(result) return result
def Run(self, args): iam_client = apis.GetClientInstance('iam', 'v1') messages = apis.GetMessagesModule('iam', 'v1') role_name = iam_util.GetRoleName(args.organization, args.project, args.role) role = messages.Role() if args.file: if (args.title or args.description or args.stage or args.permissions or args.add_permissions or args.remove_permissions): raise exceptions.ConflictingArgumentsException( 'file', 'others') role = iam_util.ParseYamlToRole(args.file, messages.Role) if not role.etag: msg = ('The specified role does not contain an "etag" field ' 'identifying a specific version to replace. Updating a ' 'role without an "etag" can overwrite concurrent role ' 'changes.') console_io.PromptContinue( message=msg, prompt_string='Replace existing role', cancel_on_no=True) if not args.quiet: self.WarnTestingPermissions(iam_client, messages, role.includedPermissions, args.project, args.organization) try: res = iam_client.organizations_roles.Patch( messages.IamOrganizationsRolesPatchRequest(name=role_name, role=role)) iam_util.SetRoleStageIfAlpha(res) return res except apitools_exceptions.HttpConflictError as e: raise exceptions.HttpException( e, error_format=( 'Stale "etag": ' 'Please use the etag from your latest describe ' 'response. Or new changes have been made since ' 'your latest describe operation. Please retry ' 'the whole describe-update process. Or you can ' 'leave the etag blank to overwrite concurrent ' 'role changes.')) except apitools_exceptions.HttpError as e: raise exceptions.HttpException(e) res = self.UpdateWithFlags(args, role_name, role, iam_client, messages) iam_util.SetRoleStageIfAlpha(res) return res
def Run(self, args): client, messages = util.GetClientAndMessages() parent_name = iam_util.GetParentName(args.organization, args.project) if args.file: role = iam_util.ParseYamlToRole(args.file, messages.Role) role.name = None role.etag = None else: role = messages.Role(title=args.title, description=args.description) if args.permissions: role.includedPermissions = args.permissions.split(',') if args.stage: role.stage = iam_util.StageTypeFromString(args.stage) if not role.title: role.title = args.role if not args.quiet: permissions_helper = util.PermissionsHelper( client, messages, iam_util.GetResourceReference(args.project, args.organization), role.includedPermissions) api_diabled_permissions = permissions_helper.GetApiDisabledPermissons( ) iam_util.ApiDisabledPermissionsWarning(api_diabled_permissions) testing_permissions = permissions_helper.GetTestingPermissions() iam_util.TestingPermissionsWarning(testing_permissions) result = client.organizations_roles.Create( messages.IamOrganizationsRolesCreateRequest( createRoleRequest=messages.CreateRoleRequest(role=role, roleId=args.role), parent=parent_name)) log.CreatedResource(args.role, kind='role') iam_util.SetRoleStageIfAlpha(result) return result