def Run(self, args):
messages = cloudkms_base.GetMessagesModule()
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
messages.Policy)
return iam.SetKeyRingIamPolicy(flags.ParseKeyRingName(args), policy)
def Run(self, args):
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
self.messages.Policy)
ref = self.CreateReference(args)
request_class = self.service.GetRequestType(self.method)
request = request_class(project=self.project)
self.ScopeRequest(ref, request)
self.SetResourceName(ref, request)
request.policy = policy
set_policy_request = (self.service, self.method, request)
errors = []
objects = request_helper.MakeRequests(requests=[set_policy_request],
http=self.http,
batch_url=self.batch_url,
errors=errors,
custom_get_requests=None)
# Converting the objects genrator to a list triggers the
# logic that actually populates the errors list.
resources = list(objects)
if errors:
utils.RaiseToolException(errors,
error_message='Could not fetch resource:')
# TODO(user): determine how this output should look when empty.
# SetIamPolicy always returns either an error or the newly set policy.
# If the policy was just set to the empty policy it returns a valid empty
# policy (just an etag.)
# It is not possible to have multiple policies for one resource.
return resources[0]
def SetIamPolicy(models_client, model, policy_file):
model_ref = ParseModel(model)
policy = iam_util.ParseJsonPolicyFile(
policy_file, models_client.messages.GoogleIamV1Policy)
update_mask = iam_util.ConstructUpdateMaskFromPolicy(policy_file)
iam_util.LogSetIamPolicy(model_ref.Name(), 'model')
return models_client.SetIamPolicy(model_ref, policy, update_mask)
def SetIamPolicyFromFile(project_ref, policy_file):
"""Read projects IAM policy from a file, and set it."""
messages = projects_util.GetMessages()
policy = iam_util.ParseJsonPolicyFile(policy_file, messages.Policy)
try:
return SetIamPolicy(project_ref, policy)
except exceptions.HttpError as error:
raise projects_util.ConvertHttpError(error)
def Run(self, args):
messages = self.OrganizationsMessages()
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
messages.Policy)
policy_request = (
messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest(
organizationsId=args.id,
setIamPolicyRequest=messages.SetIamPolicyRequest(
policy=policy)))
return self.OrganizationsClient().SetIamPolicy(policy_request)
def Run(self, args):
messages = cloudkms_base.GetMessagesModule()
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
messages.Policy)
update_mask = iam_util.ConstructUpdateMaskFromPolicy(args.policy_file)
crypto_key_ref = flags.ParseCryptoKeyName(args)
result = iam.SetCryptoKeyIamPolicy(crypto_key_ref, policy, update_mask)
iam_util.LogSetIamPolicy(crypto_key_ref.Name(), 'key')
return result
def Run(self, args):
messages = cloudkms_base.GetMessagesModule()
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
messages.Policy)
update_mask = iam_util.ConstructUpdateMaskFromPolicy(args.policy_file)
keyring_ref = flags.ParseKeyRingName(args)
result = iam.SetKeyRingIamPolicy(keyring_ref, policy, update_mask)
iam_util.LogSetIamPolicy(keyring_ref.Name(), 'keyring')
return result
def Run(self, args):
try:
policy = iam_util.ParseJsonPolicyFile(
args.policy_file,
self.messages.Policy)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=utils.EmailToAccountResourceName(args.account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
except exceptions.HttpError as error:
raise utils.ConvertToServiceAccountException(error, args.account)
def Run(self, args):
apitools_client = genomics_util.GetGenomicsClient()
messages = genomics_util.GetGenomicsMessages()
dataset_resource = resources.REGISTRY.Parse(
args.id, collection='genomics.datasets')
policy = iam_util.ParseJsonPolicyFile(args.policy_file, messages.Policy)
policy_request = messages.GenomicsDatasetsSetIamPolicyRequest(
resource='datasets/{0}'.format(dataset_resource.Name()),
setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy),
)
return apitools_client.datasets.SetIamPolicy(policy_request)
def Run(self, args):
"""Sets the IAM policy for the repository.
Args:
args: argparse.Namespace, the arguments this command is run with.
Returns:
(sourcerepo_v1_messsages.Policy) The IAM policy.
Raises:
ToolException: on project initialization errors.
"""
res = resources.REGISTRY.Parse(
args.name,
params={'projectsId': properties.VALUES.core.project.GetOrFail},
collection='sourcerepo.projects.repos')
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
sourcerepo.messages.Policy)
source = sourcerepo.Source()
return source.SetIamPolicy(res, policy)
def Run(self, args):
try:
policy = iam_util.ParseJsonPolicyFile(args.policy_file,
self.messages.Policy)
if not policy.etag:
msg = (
'The specified policy does not contain an "etag" field '
'identifying a specific version to replace. Changing a '
'policy without an "etag" can overwrite concurrent policy '
'changes.')
console_io.PromptContinue(
message=msg,
prompt_string='Replace existing policy',
cancel_on_no=True)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
except exceptions.HttpError as error:
raise iam_util.ConvertToServiceAccountException(
error, args.account)
def SetDatabaseIamPolicy(database_ref, policy):
"""Sets the IAM policy on a database."""
msgs = apis.GetMessagesModule('spanner', 'v1')
policy = iam_util.ParseJsonPolicyFile(policy, msgs.Policy)
return databases.SetPolicy(database_ref, policy)
def SetInstanceIamPolicy(instance_ref, policy):
"""Sets the IAM policy on an instance."""
msgs = apis.GetMessagesModule('spanner', 'v1')
policy = iam_util.ParseJsonPolicyFile(policy, msgs.Policy)
return instances.SetPolicy(instance_ref, policy)
