def Run(self, args): project_ref = command_lib_util.ParseProject(args.id) condition = iam_util.ValidateAndExtractCondition(args) return projects_api.RemoveIamPolicyBindingWithCondition( project_ref, args.member, args.role, condition, args.all)
def Run(self, args): with endpoint_util.MlEndpointOverrides(region=args.region): condition = iam_util.ValidateAndExtractCondition(args) iam_util.ValidateMutexConditionAndPrimitiveRoles( condition, args.role) return models_util.AddIamPolicyBindingWithCondition( models.ModelsClient(), args.model, args.member, args.role, condition)
def Run(self, args): condition = iam_util.ValidateAndExtractCondition(args) client = services.ServicesClient() service_ref = args.CONCEPTS.service.Parse() iam_util.LogSetIamPolicy(service_ref.Name(), _RESOURCE_TYPE) return client.AddIamPolicyBinding(service_ref, args.member, args.role, condition)
def Run(self, args): condition = iam_util.ValidateAndExtractCondition(args) client = namespaces.NamespacesClient() namespace_ref = args.CONCEPTS.namespace.Parse() iam_util.LogSetIamPolicy(namespace_ref.Name(), _RESOURCE_TYPE) return client.RemoveIamPolicyBinding(namespace_ref, args.member, args.role, condition)
def Run(self, args): """Handles the execution when users run this command. Args: args: An argparse namespace. All the arguments that were provided to this command invocation. """ condition = iam_util.ValidateAndExtractCondition(args) iap_iam_ref = iap_util.ParseIapDestGroupResource(self.ReleaseTrack(), args) iap_iam_ref.RemoveIamPolicyBinding(args.member, args.role, condition, args.all)
def Run(self, args): """This is what gets called when the user runs this command. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: The specified function with its description and configured filter. """ condition = iam_util.ValidateAndExtractCondition(args) iap_iam_ref = iap_util.ParseIapGatewayResource(self.ReleaseTrack()) return iap_iam_ref.RemoveIamPolicyBinding(args.member, args.role, condition, args.all)
def testValidateAndExtractCondition_FromCondition(self): parser = util.ArgumentParser() iam_util.AddArgsForAddIamPolicyBinding(parser, add_condition=True) res = parser.parse_args([ '--role=roles/non-primitive', '--member=user:[email protected]', '--condition=expression=expr,title=title,description=descr' ]) condition = iam_util.ValidateAndExtractCondition(res) expected_condition = { 'expression': 'expr', 'title': 'title', 'description': 'descr' } self.assertEqual(condition, expected_condition)
def Run(self, args): """This is what gets called when the user runs this command. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: The specified function with its description and configured filter. """ with endpoint_util.MlEndpointOverrides(region=args.region): condition = iam_util.ValidateAndExtractCondition(args) iam_util.ValidateMutexConditionAndPrimitiveRoles( condition, args.role) return models_util.RemoveIamPolicyBindingWithCondition( models.ModelsClient(), args.model, args.member, args.role, condition)
def testValidateAndExtractCondition_FromFile(self): parser = util.ArgumentParser() iam_util.AddArgsForAddIamPolicyBinding(parser, add_condition=True) condition_file = self.Touch(self.temp_path, 'condition', contents='expression: expr\ntitle: title\n' 'description: descr') res = parser.parse_args([ '--role=roles/non-primitive', '--member=user:[email protected]', '--condition-from-file={}'.format(condition_file) ]) condition = iam_util.ValidateAndExtractCondition(res) expected_condition = { 'expression': 'expr', 'title': 'title', 'description': 'descr' } self.assertEqual(condition, expected_condition)
def _GetModifiedIamPolicyRemoveIamBinding(self, args, add_condition=False): """Get the IAM policy and remove the specified binding to it. Args: args: an argparse namespace. add_condition: True if support condition. Returns: IAM policy. """ if add_condition: condition = iam_util.ValidateAndExtractCondition(args) policy = self._GetIamPolicy(args) iam_util.RemoveBindingFromIamPolicyWithCondition( policy, args.member, args.role, condition, all_conditions=args.all) else: policy = self._GetIamPolicy(args) iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) return policy
def Run(self, args): condition = iam_util.ValidateAndExtractCondition(args) messages = self.OrganizationsMessages() get_policy_request = ( messages.CloudresourcemanagerOrganizationsGetIamPolicyRequest( organizationsId=args.id, getIamPolicyRequest=messages.GetIamPolicyRequest())) policy = self.OrganizationsClient().GetIamPolicy(get_policy_request) iam_util.RemoveBindingFromIamPolicyWithCondition( policy, args.member, args.role, condition, args.all) set_policy_request = ( messages.CloudresourcemanagerOrganizationsSetIamPolicyRequest( organizationsId=args.id, setIamPolicyRequest=messages.SetIamPolicyRequest(policy=policy))) return self.OrganizationsClient().SetIamPolicy(set_policy_request)