def Run(self, args): messages = cloudkms_base.GetMessagesModule() policy = iam_util.ParseJsonPolicyFile(args.policy_file, messages.Policy) return iam.SetKeyRingIamPolicy(flags.ParseKeyRingName(args), policy)
def Run(self, args): policy = iam_util.ParseJsonPolicyFile(args.policy_file, self.messages.Policy) ref = self.CreateReference(args) request_class = self.service.GetRequestType(self.method) request = request_class(project=self.project) self.ScopeRequest(ref, request) self.SetResourceName(ref, request) request.policy = policy set_policy_request = (self.service, self.method, request) errors = [] objects = request_helper.MakeRequests(requests=[set_policy_request], http=self.http, batch_url=self.batch_url, errors=errors, custom_get_requests=None) # Converting the objects genrator to a list triggers the # logic that actually populates the errors list. resources = list(objects) if errors: utils.RaiseToolException(errors, error_message='Could not fetch resource:') # TODO(user): determine how this output should look when empty. # SetIamPolicy always returns either an error or the newly set policy. # If the policy was just set to the empty policy it returns a valid empty # policy (just an etag.) # It is not possible to have multiple policies for one resource. return resources[0]
def SetIamPolicy(models_client, model, policy_file): model_ref = ParseModel(model) policy = iam_util.ParseJsonPolicyFile( policy_file, models_client.messages.GoogleIamV1Policy) update_mask = iam_util.ConstructUpdateMaskFromPolicy(policy_file) iam_util.LogSetIamPolicy(model_ref.Name(), 'model') return models_client.SetIamPolicy(model_ref, policy, update_mask)
def SetIamPolicyFromFile(project_ref, policy_file): """Read projects IAM policy from a file, and set it.""" messages = projects_util.GetMessages() policy = iam_util.ParseJsonPolicyFile(policy_file, messages.Policy) try: return SetIamPolicy(project_ref, policy) except exceptions.HttpError as error: raise projects_util.ConvertHttpError(error)
def Run(self, args): messages = self.OrganizationsMessages() policy = iam_util.ParseJsonPolicyFile(args.policy_file, messages.Policy) policy_request = ( messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest( organizationsId=args.id, setIamPolicyRequest=messages.SetIamPolicyRequest( policy=policy))) return self.OrganizationsClient().SetIamPolicy(policy_request)
def Run(self, args): messages = cloudkms_base.GetMessagesModule() policy = iam_util.ParseJsonPolicyFile(args.policy_file, messages.Policy) update_mask = iam_util.ConstructUpdateMaskFromPolicy(args.policy_file) crypto_key_ref = flags.ParseCryptoKeyName(args) result = iam.SetCryptoKeyIamPolicy(crypto_key_ref, policy, update_mask) iam_util.LogSetIamPolicy(crypto_key_ref.Name(), 'key') return result
def Run(self, args): messages = cloudkms_base.GetMessagesModule() policy = iam_util.ParseJsonPolicyFile(args.policy_file, messages.Policy) update_mask = iam_util.ConstructUpdateMaskFromPolicy(args.policy_file) keyring_ref = flags.ParseKeyRingName(args) result = iam.SetKeyRingIamPolicy(keyring_ref, policy, update_mask) iam_util.LogSetIamPolicy(keyring_ref.Name(), 'keyring') return result
def Run(self, args): try: policy = iam_util.ParseJsonPolicyFile( args.policy_file, self.messages.Policy) return self.iam_client.projects_serviceAccounts.SetIamPolicy( self.messages.IamProjectsServiceAccountsSetIamPolicyRequest( resource=utils.EmailToAccountResourceName(args.account), setIamPolicyRequest=self.messages.SetIamPolicyRequest( policy=policy))) except exceptions.HttpError as error: raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args): apitools_client = genomics_util.GetGenomicsClient() messages = genomics_util.GetGenomicsMessages() dataset_resource = resources.REGISTRY.Parse( args.id, collection='genomics.datasets') policy = iam_util.ParseJsonPolicyFile(args.policy_file, messages.Policy) policy_request = messages.GenomicsDatasetsSetIamPolicyRequest( resource='datasets/{0}'.format(dataset_resource.Name()), setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy), ) return apitools_client.datasets.SetIamPolicy(policy_request)
def Run(self, args): """Sets the IAM policy for the repository. Args: args: argparse.Namespace, the arguments this command is run with. Returns: (sourcerepo_v1_messsages.Policy) The IAM policy. Raises: ToolException: on project initialization errors. """ res = resources.REGISTRY.Parse( args.name, params={'projectsId': properties.VALUES.core.project.GetOrFail}, collection='sourcerepo.projects.repos') policy = iam_util.ParseJsonPolicyFile(args.policy_file, sourcerepo.messages.Policy) source = sourcerepo.Source() return source.SetIamPolicy(res, policy)
def Run(self, args): try: policy = iam_util.ParseJsonPolicyFile(args.policy_file, self.messages.Policy) if not policy.etag: msg = ( 'The specified policy does not contain an "etag" field ' 'identifying a specific version to replace. Changing a ' 'policy without an "etag" can overwrite concurrent policy ' 'changes.') console_io.PromptContinue( message=msg, prompt_string='Replace existing policy', cancel_on_no=True) return self.iam_client.projects_serviceAccounts.SetIamPolicy( self.messages.IamProjectsServiceAccountsSetIamPolicyRequest( resource=iam_util.EmailToAccountResourceName(args.account), setIamPolicyRequest=self.messages.SetIamPolicyRequest( policy=policy))) except exceptions.HttpError as error: raise iam_util.ConvertToServiceAccountException( error, args.account)
def SetDatabaseIamPolicy(database_ref, policy): """Sets the IAM policy on a database.""" msgs = apis.GetMessagesModule('spanner', 'v1') policy = iam_util.ParseJsonPolicyFile(policy, msgs.Policy) return databases.SetPolicy(database_ref, policy)
def SetInstanceIamPolicy(instance_ref, policy): """Sets the IAM policy on an instance.""" msgs = apis.GetMessagesModule('spanner', 'v1') policy = iam_util.ParseJsonPolicyFile(policy, msgs.Policy) return instances.SetPolicy(instance_ref, policy)