def Run(self, args):
project_ref = command_lib_util.ParseProject(args.id)
condition = iam_util.ValidateAndExtractCondition(args)
return projects_api.RemoveIamPolicyBindingWithCondition(
project_ref, args.member, args.role, condition, args.all)
def Run(self, args):
with endpoint_util.MlEndpointOverrides(region=args.region):
condition = iam_util.ValidateAndExtractCondition(args)
iam_util.ValidateMutexConditionAndPrimitiveRoles(
condition, args.role)
return models_util.AddIamPolicyBindingWithCondition(
models.ModelsClient(), args.model, args.member, args.role,
condition)
def Run(self, args):
condition = iam_util.ValidateAndExtractCondition(args)
client = services.ServicesClient()
service_ref = args.CONCEPTS.service.Parse()
iam_util.LogSetIamPolicy(service_ref.Name(), _RESOURCE_TYPE)
return client.AddIamPolicyBinding(service_ref, args.member, args.role,
condition)
def Run(self, args):
condition = iam_util.ValidateAndExtractCondition(args)
client = namespaces.NamespacesClient()
namespace_ref = args.CONCEPTS.namespace.Parse()
iam_util.LogSetIamPolicy(namespace_ref.Name(), _RESOURCE_TYPE)
return client.RemoveIamPolicyBinding(namespace_ref, args.member,
args.role, condition)
def Run(self, args):
"""Handles the execution when users run this command.
Args:
args: An argparse namespace. All the arguments that were provided to this
command invocation.
"""
condition = iam_util.ValidateAndExtractCondition(args)
iap_iam_ref = iap_util.ParseIapDestGroupResource(self.ReleaseTrack(), args)
iap_iam_ref.RemoveIamPolicyBinding(args.member, args.role, condition,
args.all)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
condition = iam_util.ValidateAndExtractCondition(args)
iap_iam_ref = iap_util.ParseIapGatewayResource(self.ReleaseTrack())
return iap_iam_ref.RemoveIamPolicyBinding(args.member, args.role,
condition, args.all)
def testValidateAndExtractCondition_FromCondition(self):
parser = util.ArgumentParser()
iam_util.AddArgsForAddIamPolicyBinding(parser, add_condition=True)
res = parser.parse_args([
'--role=roles/non-primitive', '--member=user:[email protected]',
'--condition=expression=expr,title=title,description=descr'
])
condition = iam_util.ValidateAndExtractCondition(res)
expected_condition = {
'expression': 'expr',
'title': 'title',
'description': 'descr'
}
self.assertEqual(condition, expected_condition)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
with endpoint_util.MlEndpointOverrides(region=args.region):
condition = iam_util.ValidateAndExtractCondition(args)
iam_util.ValidateMutexConditionAndPrimitiveRoles(
condition, args.role)
return models_util.RemoveIamPolicyBindingWithCondition(
models.ModelsClient(), args.model, args.member, args.role,
condition)
def testValidateAndExtractCondition_FromFile(self):
parser = util.ArgumentParser()
iam_util.AddArgsForAddIamPolicyBinding(parser, add_condition=True)
condition_file = self.Touch(self.temp_path,
'condition',
contents='expression: expr\ntitle: title\n'
'description: descr')
res = parser.parse_args([
'--role=roles/non-primitive', '--member=user:[email protected]',
'--condition-from-file={}'.format(condition_file)
])
condition = iam_util.ValidateAndExtractCondition(res)
expected_condition = {
'expression': 'expr',
'title': 'title',
'description': 'descr'
}
self.assertEqual(condition, expected_condition)
def _GetModifiedIamPolicyRemoveIamBinding(self, args, add_condition=False):
"""Get the IAM policy and remove the specified binding to it.
Args:
args: an argparse namespace.
add_condition: True if support condition.
Returns:
IAM policy.
"""
if add_condition:
condition = iam_util.ValidateAndExtractCondition(args)
policy = self._GetIamPolicy(args)
iam_util.RemoveBindingFromIamPolicyWithCondition(
policy, args.member, args.role, condition, all_conditions=args.all)
else:
policy = self._GetIamPolicy(args)
iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role)
return policy
def Run(self, args):
condition = iam_util.ValidateAndExtractCondition(args)
messages = self.OrganizationsMessages()
get_policy_request = (
messages.CloudresourcemanagerOrganizationsGetIamPolicyRequest(
organizationsId=args.id,
getIamPolicyRequest=messages.GetIamPolicyRequest()))
policy = self.OrganizationsClient().GetIamPolicy(get_policy_request)
iam_util.RemoveBindingFromIamPolicyWithCondition(
policy, args.member, args.role, condition, args.all)
set_policy_request = (
messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest(
organizationsId=args.id,
setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy)))
return self.OrganizationsClient().SetIamPolicy(set_policy_request)
