class AddIamPolicyBinding(base.Command):
"""Add an IAM policy binding to a Google Compute Engine image.
*{command}* adds an IAM policy binding to a Google Compute Engine
image's access policy.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'image', 'my-image', role='roles/compute.securityAdmin', use_an=True)
@staticmethod
def Args(parser):
AddIamPolicyBinding.disk_image_arg = images_flags.MakeDiskImageArg(
plural=False)
AddIamPolicyBinding.disk_image_arg.AddArgument(
parser, operation_type='add the IAM policy binding to')
iam_util.AddArgsForAddIamPolicyBinding(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client
image_ref = AddIamPolicyBinding.disk_image_arg.ResolveAsResource(
args, holder.resources)
get_request = client.messages.ComputeImagesGetIamPolicyRequest(
resource=image_ref.image, project=image_ref.project)
policy = client.apitools_client.images.GetIamPolicy(get_request)
iam_util.AddBindingToIamPolicy(client.messages.Binding, policy,
args.member, args.role)
# TODO(b/78371568): Construct the GlobalSetPolicyRequest directly
# out of the parsed policy.
set_request = client.messages.ComputeImagesSetIamPolicyRequest(
globalSetPolicyRequest=client.messages.GlobalSetPolicyRequest(
bindings=policy.bindings, etag=policy.etag),
resource=image_ref.image,
project=image_ref.project)
return client.apitools_client.images.SetIamPolicy(set_request)
class AddIamPolicyBinding(base.Command):
"""Add an IAM policy binding to a Google Compute Engine disk.
*{command}* adds an IAM policy binding to a Google Compute Engine
disk's access policy.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'disk', 'my-disk', role='roles/compute.securityAdmin')
@staticmethod
def Args(parser):
AddIamPolicyBinding.disk_arg = disks_flags.MakeDiskArg(plural=False)
AddIamPolicyBinding.disk_arg.AddArgument(
parser, operation_type='add the IAM policy binding to')
iam_util.AddArgsForAddIamPolicyBinding(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client
disk_ref = AddIamPolicyBinding.disk_arg.ResolveAsResource(
args, holder.resources)
get_request = client.messages.ComputeDisksGetIamPolicyRequest(
resource=disk_ref.disk,
zone=disk_ref.zone,
project=disk_ref.project)
policy = client.apitools_client.disks.GetIamPolicy(get_request)
iam_util.AddBindingToIamPolicy(client.messages.Binding, policy,
args.member, args.role)
set_request = client.messages.ComputeDisksSetIamPolicyRequest(
zoneSetPolicyRequest=client.messages.ZoneSetPolicyRequest(
policy=policy),
resource=disk_ref.disk,
zone=disk_ref.zone,
project=disk_ref.project)
return client.apitools_client.disks.SetIamPolicy(set_request)
class AddIamPolicyBinding(base.Command):
"""Adds IAM policy binding to a service's access policy."""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'service', 'my-service')
@staticmethod
def Args(parser):
"""Args is called by calliope to gather arguments for this command.
Args:
parser: An argparse parser that you can use to add arguments that go
on the command line after this command. Positional arguments are
allowed.
"""
service_flag = common_flags.service_flag(
suffix='to which the member is to be added')
service_flag.AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(parser)
@http_retry.RetryOnHttpStatus(httplib.CONFLICT)
def Run(self, args):
"""Run 'service-management add-iam-policy-binding'.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The response from the access API call.
Raises:
ToolException: An error such as specifying a label that doesn't exist
or a principal that is already a member of the service or visibility
label.
"""
messages = services_util.GetMessagesModule()
client = services_util.GetClientInstance()
request = messages.ServicemanagementServicesGetIamPolicyRequest(
servicesId=args.service)
try:
policy = client.services.GetIamPolicy(request)
except apitools_exceptions.HttpError as error:
# If the error is a 404, no IAM policy exists, so just create a blank one.
exc = exceptions.HttpException(error)
if exc.payload.status_code == 404:
policy = messages.Policy()
else:
raise
iam_util.AddBindingToIamPolicy(messages, policy, args.member,
args.role)
# Send updated access policy to backend
request = messages.ServicemanagementServicesSetIamPolicyRequest(
servicesId=args.service,
setIamPolicyRequest=(messages.SetIamPolicyRequest(policy=policy)))
return client.services.SetIamPolicy(request)
class AddIamPolicyBinding(base_classes.BaseIamCommand):
"""Add an IAM policy binding to a service account.
This command adds a policy binding to the IAM policy of a service account,
given an IAM_ACCOUNT and the binding.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'service account',
'*****@*****.**')
detailed_help['DESCRIPTION'] += '\n\n' + (
iam_util.GetHintForServiceAccountResource('add iam policy bindings to'))
@staticmethod
def Args(parser):
iam_util.AddServiceAccountNameArg(
parser,
action='whose policy to add bindings to')
iam_util.AddArgsForAddIamPolicyBinding(parser)
@http_retry.RetryOnHttpStatus(httplib.CONFLICT)
def Run(self, args):
policy = self.iam_client.projects_serviceAccounts.GetIamPolicy(
self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.service_account)))
iam_util.AddBindingToIamPolicy(self.messages.Binding, policy, args.member,
args.role)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.service_account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
class AddIamPolicyBindingAlpha(base.Command):
"""Adds IAM policy binding to a model.
Adds a policy binding to the IAM policy of a ML engine model, given a model ID
and the binding. One binding consists of a member, a role, and an optional
condition.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'model', 'my_model', role='roles/ml.admin', condition=True)
@staticmethod
def Args(parser):
flags.GetModelName().AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(
parser,
flags.MlEngineIamRolesCompleter,
add_condition=True)
def Run(self, args):
condition = iam_util.ValidateAndExtractCondition(args)
iam_util.ValidateMutexConditionAndPrimitiveRoles(condition, args.role)
return models_util.AddIamPolicyBindingWithCondition(
models.ModelsClient(),
args.model,
args.member,
args.role,
condition)
class AddIamPolicyBinding(base.Command):
"""Add an IAM policy binding to a queue's access policy."""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'queue', 'my-queue', role='roles/cloudtasks.queueAdmin')
@staticmethod
def Args(parser):
flags.AddQueueResourceArg(parser, 'to add the IAM policy binding to')
flags.AddLocationFlag(parser)
iam_util.AddArgsForAddIamPolicyBinding(parser)
def Run(self, args):
queues_client = queues.Queues()
queues_messages = queues_client.api.messages
queue_ref = parsers.ParseQueue(args.queue, args.location)
try:
policy = queues_client.GetIamPolicy(queue_ref)
except apitools_exceptions.HttpNotFoundError:
# If the error is a 404, no IAM policy exists, so just create a blank one.
policy = queues_messages.Policy()
iam_util.AddBindingToIamPolicy(queues_messages.Binding, policy,
args.member, args.role)
response = queues_client.SetIamPolicy(queue_ref, policy)
return response
class AddIamPolicyBinding(base.Command):
"""Add IAM policy binding for a project.
Adds a policy binding to the IAM policy of a project,
given a project ID and the binding.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'project', 'example-project-id-1')
def Collection(self):
return command_lib_util.PROJECTS_COLLECTION
def GetUriFunc(self):
return command_lib_util.ProjectsUriFunc
@staticmethod
def Args(parser):
flags.GetProjectFlag('add IAM policy binding to').AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(
parser, 'id', 'cloudresourcemanager.projects')
@http_retry.RetryOnHttpStatus(httplib.CONFLICT)
def Run(self, args):
project_ref = command_lib_util.ParseProject(args.id)
return projects_api.AddIamPolicyBinding(project_ref, args.member,
args.role)
class AddIamPolicyBinding(orgs_base.OrganizationCommand):
"""Add IAM policy binding for an organization.
Adds a policy binding to the IAM policy of an organization,
given an organization ID and the binding.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding('organization',
'123456789')
@staticmethod
def Args(parser):
flags.IdArg('to which you want to add a binding').AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(
parser, completer=completers.OrganizationsIamRolesCompleter)
@http_retry.RetryOnHttpStatus(six.moves.http_client.CONFLICT)
def Run(self, args):
messages = self.OrganizationsMessages()
get_policy_request = (
messages.CloudresourcemanagerOrganizationsGetIamPolicyRequest(
organizationsId=args.id,
getIamPolicyRequest=messages.GetIamPolicyRequest()))
policy = self.OrganizationsClient().GetIamPolicy(get_policy_request)
iam_util.AddBindingToIamPolicy(
messages.Binding, policy, args.member, args.role)
set_policy_request = (
messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest(
organizationsId=args.id,
setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy)))
return self.OrganizationsClient().SetIamPolicy(set_policy_request)
class AddIamPolicyBinding(base.Command):
"""Add IAM policy binding for a folder.
Adds a policy binding to the IAM policy of a folder,
given a folder ID and the binding.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'folder', '3589215982')
@staticmethod
def Args(parser):
flags.FolderIdArg('to which you want to add a binding').AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(
parser,
role_completer=completers.FoldersIamRolesCompleter)
# Allow for retries due to ETag-based optimistic concurrency control
@http_retry.RetryOnHttpStatus(six.moves.http_client.CONFLICT)
def Run(self, args):
messages = folders.FoldersMessages()
policy = folders.GetIamPolicy(args.id)
iam_util.AddBindingToIamPolicy(
messages.Binding, policy, args.member, args.role)
return folders.SetIamPolicy(args.id, policy)
class AddIamPolicyBinding(base_classes.BaseIamCommand):
"""Add an IAM policy binding to a service account.
This command adds a policy binding to the IAM policy of a service account,
given an IAM-ACCOUNT and the binding.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'service account', '*****@*****.**')
@staticmethod
def Args(parser):
parser.add_argument('account',
metavar='IAM-ACCOUNT',
help='The service account whose policy to '
'add bindings to.')
iam_util.AddArgsForAddIamPolicyBinding(parser)
@http_retry.RetryOnHttpStatus(httplib.CONFLICT)
def Run(self, args):
policy = self.iam_client.projects_serviceAccounts.GetIamPolicy(
self.messages.IamProjectsServiceAccountsGetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.account)))
iam_util.AddBindingToIamPolicy(self.messages, policy, args.member,
args.role)
return self.iam_client.projects_serviceAccounts.SetIamPolicy(
self.messages.IamProjectsServiceAccountsSetIamPolicyRequest(
resource=iam_util.EmailToAccountResourceName(args.account),
setIamPolicyRequest=self.messages.SetIamPolicyRequest(
policy=policy)))
class AddIamPolicyBindingBeta(AddIamPolicyBinding):
"""Add IAM policy binding to a model."""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'model', 'my_model', role='roles/ml.admin', condition=False)
@staticmethod
def Args(parser):
_AddIamPolicyBindingFlags(parser)
def Run(self, args):
return _Run(args)
class SetIamPolicy(base_classes.BaseIamCommand):
"""Add an IAM policy binding to a Cloud Pub/Sub Topic."""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'topic', 'my-topic')
@staticmethod
def Args(parser):
flags.AddTopicResourceArg(parser, 'to add an IAM policy binding to.')
iam_util.AddArgsForAddIamPolicyBinding(parser)
def Run(self, args):
client = topics.TopicsClient()
topic_ref = util.ParseTopic(args.topic)
return client.AddIamPolicyBinding(topic_ref, args.member, args.role)
class AddIamPolicyBinding(base_classes.BaseIamCommand):
"""Add an IAM policy binding to a Cloud Pub/Sub Subscription."""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'subscription', 'my-subscription')
@staticmethod
def Args(parser):
flags.AddSubscriptionResourceArg(parser,
'to add an IAM policy binding to.')
iam_util.AddArgsForAddIamPolicyBinding(parser)
def Run(self, args):
client = subscriptions.SubscriptionsClient()
subscription_ref = util.ParseSubscription(args.subscription)
return client.AddIamPolicyBinding(subscription_ref, args.member, args.role)
class AddIamPolicyBinding(base.Command):
"""Add an IAM policy binding to a Google Compute Engine instance.
*{command}* adds an IAM policy binding to a Google Compute Engine
instance's access policy.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'instance',
'my-instance',
role='roles/compute.securityAdmin',
use_an=True)
@staticmethod
def Args(parser):
flags.INSTANCE_ARG.AddArgument(
parser, operation_type='add the IAM policy binding to')
iam_util.AddArgsForAddIamPolicyBinding(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client
instance_ref = flags.INSTANCE_ARG.ResolveAsResource(
args,
holder.resources,
scope_lister=flags.GetInstanceZoneScopeLister(client))
policy = client.MakeRequests([
(client.apitools_client.instances, 'GetIamPolicy',
client.messages.ComputeInstancesGetIamPolicyRequest(
resource=instance_ref.instance,
zone=instance_ref.zone,
project=instance_ref.project))
])[0]
iam_util.AddBindingToIamPolicy(client.messages.Binding, policy,
args.member, args.role)
# TODO(b/78371568): Construct the ZoneSetPolicyRequest directly
# out of the parsed policy.
return client.MakeRequests([
(client.apitools_client.instances, 'SetIamPolicy',
client.messages.ComputeInstancesSetIamPolicyRequest(
zoneSetPolicyRequest=client.messages.ZoneSetPolicyRequest(
bindings=policy.bindings, etag=policy.etag),
project=instance_ref.project,
resource=instance_ref.instance,
zone=instance_ref.zone))
])[0]
class AddIamPolicyBinding(base.Command):
"""Add IAM policy binding for a project.
Adds a policy binding to the IAM policy of a project,
given a project ID and the binding.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'project', 'example-project-id-1')
@staticmethod
def Args(parser):
flags.GetProjectFlag('add IAM policy binding to').AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(
parser, completer=completers.ProjectsIamRolesCompleter)
@http_retry.RetryOnHttpStatus(six.moves.http_client.CONFLICT)
def Run(self, args):
project_ref = command_lib_util.ParseProject(args.id)
return projects_api.AddIamPolicyBinding(project_ref, args.member, args.role)
class AddIamPolicyBindingAlpha(orgs_base.OrganizationCommand):
"""Add IAM policy binding for an organization.
Adds a policy binding to the IAM policy of an organization,
given an organization ID and the binding. One binding consists of a member, a
role, and an optional condition.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'organization', 'example-organization-id-1', use_an=True, condition=True)
@staticmethod
def Args(parser):
flags.IdArg('to which you want to add a binding').AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(
parser,
role_completer=completers.OrganizationsIamRolesCompleter,
add_condition=True)
@http_retry.RetryOnHttpStatus(six.moves.http_client.CONFLICT)
def Run(self, args):
condition = iam_util.ValidateAndExtractConditionMutexRole(args)
messages = self.OrganizationsMessages()
get_policy_request = (
messages.CloudresourcemanagerOrganizationsGetIamPolicyRequest(
organizationsId=args.id,
getIamPolicyRequest=messages.GetIamPolicyRequest()))
policy = self.OrganizationsClient().GetIamPolicy(get_policy_request)
iam_util.AddBindingToIamPolicyWithCondition(messages.Binding, messages.Expr,
policy, args.member, args.role,
condition)
set_policy_request = (
messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest(
organizationsId=args.id,
setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy)))
return self.OrganizationsClient().SetIamPolicy(set_policy_request)
class AddIamPolicyBinding(base.Command):
"""Add IAM policy binding for a dataset.
This command adds a policy binding to the IAM policy of a dataset,
given a dataset ID and the binding.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'dataset', '1000')
@staticmethod
def Args(parser):
parser.add_argument('id', type=str, help='The ID of the dataset.')
iam_util.AddArgsForAddIamPolicyBinding(parser, 'id',
'genomics.datasets')
@genomics_util.ReraiseHttpException
def Run(self, args):
apitools_client = genomics_util.GetGenomicsClient()
messages = genomics_util.GetGenomicsMessages()
dataset_resource = resources.REGISTRY.Parse(
args.id, collection='genomics.datasets')
policy_request = messages.GenomicsDatasetsGetIamPolicyRequest(
resource='datasets/{0}'.format(dataset_resource.Name()),
getIamPolicyRequest=messages.GetIamPolicyRequest(),
)
policy = apitools_client.datasets.GetIamPolicy(policy_request)
iam_util.AddBindingToIamPolicy(messages, policy, args.member,
args.role)
policy_request = messages.GenomicsDatasetsSetIamPolicyRequest(
resource='datasets/{0}'.format(dataset_resource.Name()),
setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy),
)
return apitools_client.datasets.SetIamPolicy(policy_request)
class AddIamPolicyBindingAlpha(base.Command):
"""Adds IAM policy binding to a model.
Adds a policy binding to the IAM policy of a ML engine model, given a model ID
and the binding. One binding consists of a member, a role, and an optional
condition.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'model', 'my_model', role='roles/ml.admin', condition=True)
@staticmethod
def Args(parser):
_AddIamPolicyBindingFlags(parser,
add_condition=True,
hide_region_flag=False)
def Run(self, args):
with endpoint_util.MlEndpointOverrides(region=args.region):
condition = iam_util.ValidateAndExtractCondition(args)
iam_util.ValidateMutexConditionAndPrimitiveRoles(
condition, args.role)
return models_util.AddIamPolicyBindingWithCondition(
models.ModelsClient(), args.model, args.member, args.role,
condition)
class AddIamPolicyBindingAlpha(base.Command):
"""Add IAM policy binding for a project.
Adds a policy binding to the IAM policy of a project, given a project ID and
the binding. One binding consists of a member, a role, and an optional
condition.
"""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'project', 'example-project-id-1', condition=True)
@staticmethod
def Args(parser):
flags.GetProjectFlag('add IAM policy binding to').AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(
parser,
role_completer=completers.ProjectsIamRolesCompleter,
add_condition=True)
@http_retry.RetryOnHttpStatus(six.moves.http_client.CONFLICT)
def Run(self, args):
project_ref = command_lib_util.ParseProject(args.id)
condition = iam_util.ValidateAndExtractConditionMutexRole(args)
return projects_api.AddIamPolicyBindingWithCondition(
project_ref, args.member, args.role, condition)
class AddIamPolicyBinding(base.Command):
"""Adds IAM policy binding to a service's access policy."""
# This detailed help helper interacts weirdly with the deprecate decorator...
# Messages are doubled and I'm not sure why. Still, not harmful.
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'service', 'my-service', role='roles/servicemanagement.serviceConsumer')
@staticmethod
def Args(parser):
"""Args is called by calliope to gather arguments for this command.
Args:
parser: An argparse parser that you can use to add arguments that go
on the command line after this command. Positional arguments are
allowed.
"""
service_flag = common_flags.producer_service_flag(
suffix='to which the member is to be added')
service_flag.AddToParser(parser)
iam_util.AddArgsForAddIamPolicyBinding(parser)
@http_retry.RetryOnHttpStatus(httplib.CONFLICT)
def Run(self, args):
"""Run 'service-management add-iam-policy-binding'.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The response from the access API call.
Raises:
ToolException: An error such as specifying a label that doesn't exist
or a principal that is already a member of the service or visibility
label.
"""
messages = services_util.GetMessagesModule()
client = services_util.GetClientInstance()
service = arg_parsers.GetServiceNameFromArg(args.service)
request = messages.ServicemanagementServicesGetIamPolicyRequest(
servicesId=service)
try:
policy = client.services.GetIamPolicy(request)
except apitools_exceptions.HttpNotFoundError:
# If the error is a 404, no IAM policy exists, so just create a blank one.
policy = messages.Policy()
iam_util.AddBindingToIamPolicy(
messages.Binding, policy, args.member, args.role)
# Send updated access policy to backend
request = messages.ServicemanagementServicesSetIamPolicyRequest(
servicesId=service,
setIamPolicyRequest=(messages.SetIamPolicyRequest(policy=policy)))
return client.services.SetIamPolicy(request)
class AddIamPolicyBinding(base.Command,
base_classes.BaseServiceManagementCommand):
"""Adds IAM policy binding to a service's access policy."""
detailed_help = iam_util.GetDetailedHelpForAddIamPolicyBinding(
'service', 'my-service')
@staticmethod
def Args(parser):
"""Args is called by calliope to gather arguments for this command.
Args:
parser: An argparse parser that you can use to add arguments that go
on the command line after this command. Positional arguments are
allowed.
"""
service_flag = common_flags.service_flag(
suffix='to which the member is to be added')
service_flag.AddToParser(parser)
parser.add_argument('--member',
required=True,
help='The member to add to the binding.')
@http_error_handler.HandleHttpErrors
@http_retry.RetryOnHttpStatus(httplib.CONFLICT)
def Run(self, args):
"""Run 'service-management add-iam-policy-binding'.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The response from the access API call.
Raises:
ToolException: An error such as specifying a label that doesn't exist
or a principal that is already a member of the service or visibility
label.
"""
request = (self.services_messages.
ServicemanagementServicesGetIamPolicyRequest(
servicesId=args.service))
try:
policy = self.services_client.services.GetIamPolicy(request)
except apitools_exceptions.HttpError as error:
# If the error is a 404, no IAM policy exists, so just create a blank one.
if http_error_handler.GetHttpErrorStatusCode(error) == 404:
policy = self.services_messages.Policy()
else:
raise
iam_util.AddBindingToIamPolicy(
self.services_messages, policy, args.member,
'roles/servicemanagement.serviceConsumer')
# Send updated access policy to backend
request = (self.services_messages.
ServicemanagementServicesSetIamPolicyRequest(
servicesId=args.service,
setIamPolicyRequest=(
self.services_messages.SetIamPolicyRequest(
policy=policy))))
return self.services_client.services.SetIamPolicy(request)
