GoogleCloudPlatform · lesv · May 12, 2020 · May 1, 2020 · May 4, 2020 · May 5, 2020
diff --git a/...a/com/google/iam/snippets/AddBinding.java → ...rc/main/java/iam/snippets/AddBinding.java b/...a/com/google/iam/snippets/AddBinding.java → ...rc/main/java/iam/snippets/AddBinding.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_modify_policy_add_binding]
 import com.google.api.services.cloudresourcemanager.model.Binding;

diff --git a/...va/com/google/iam/snippets/AddMember.java → ...src/main/java/iam/snippets/AddMember.java b/...va/com/google/iam/snippets/AddMember.java → ...src/main/java/iam/snippets/AddMember.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_modify_policy_add_member]
 import com.google.api.services.cloudresourcemanager.model.Binding;
@@ -32,7 +32,7 @@ public static void addMember(Policy policy) {
     List<Binding> bindings = policy.getBindings();
 
     for (Binding b : bindings) {
-      if (b.getRole() == role) {
+      if (b.getRole().equals(role)) {
         b.getMembers().add(member);
         System.out.println("Member " + member + " added to role " + role);
         return;

diff --git a/...le/iam/snippets/CreateServiceAccount.java → ...va/iam/snippets/CreateServiceAccount.java b/...le/iam/snippets/CreateServiceAccount.java → ...va/iam/snippets/CreateServiceAccount.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_create_service_account]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...iam/snippets/CreateServiceAccountKey.java → ...iam/snippets/CreateServiceAccountKey.java b/...iam/snippets/CreateServiceAccountKey.java → ...iam/snippets/CreateServiceAccountKey.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_create_key]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...le/iam/snippets/DeleteServiceAccount.java → ...va/iam/snippets/DeleteServiceAccount.java b/...le/iam/snippets/DeleteServiceAccount.java → ...va/iam/snippets/DeleteServiceAccount.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_delete_service_account]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...iam/snippets/DeleteServiceAccountKey.java → ...iam/snippets/DeleteServiceAccountKey.java b/...iam/snippets/DeleteServiceAccountKey.java → ...iam/snippets/DeleteServiceAccountKey.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_delete_key]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...e/iam/snippets/DisableServiceAccount.java → ...a/iam/snippets/DisableServiceAccount.java b/...e/iam/snippets/DisableServiceAccount.java → ...a/iam/snippets/DisableServiceAccount.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_disable_service_account]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...le/iam/snippets/EnableServiceAccount.java → ...va/iam/snippets/EnableServiceAccount.java b/...le/iam/snippets/EnableServiceAccount.java → ...va/iam/snippets/EnableServiceAccount.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_enable_service_account]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...va/com/google/iam/snippets/GetPolicy.java → ...src/main/java/iam/snippets/GetPolicy.java b/...va/com/google/iam/snippets/GetPolicy.java → ...src/main/java/iam/snippets/GetPolicy.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_get_policy]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...m/google/iam/snippets/GrantableRoles.java → ...ain/java/iam/snippets/GrantableRoles.java b/...m/google/iam/snippets/GrantableRoles.java → ...ain/java/iam/snippets/GrantableRoles.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;

diff --git a/.../iam/snippets/ListServiceAccountKeys.java → .../iam/snippets/ListServiceAccountKeys.java b/.../iam/snippets/ListServiceAccountKeys.java → .../iam/snippets/ListServiceAccountKeys.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_list_keys]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...gle/iam/snippets/ListServiceAccounts.java → ...ava/iam/snippets/ListServiceAccounts.java b/...gle/iam/snippets/ListServiceAccounts.java → ...ava/iam/snippets/ListServiceAccounts.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_list_service_accounts]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...a/com/google/iam/snippets/Quickstart.java → ...rc/main/java/iam/snippets/Quickstart.java b/...a/com/google/iam/snippets/Quickstart.java → ...rc/main/java/iam/snippets/Quickstart.java
@@ -15,7 +15,7 @@
 
 // [START iam_quickstart]
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;

diff --git a/iam/api-client/src/main/java/iam/snippets/QuickstartV2.java b/iam/api-client/src/main/java/iam/snippets/QuickstartV2.java
@@ -0,0 +1,169 @@
+/* Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package iam.snippets;
+// [START iam_quickstart_v2]
+
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
+import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
+import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.services.cloudresourcemanager.CloudResourceManager;
+import com.google.api.services.cloudresourcemanager.model.Binding;
+import com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest;
+import com.google.api.services.cloudresourcemanager.model.Policy;
+import com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest;
+import com.google.api.services.iam.v1.IamScopes;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Collections;
+import java.util.List;
+
+public class QuickstartV2 {
+
+  public static void main(String[] args) {
+    // TODO: Replace with your project ID.
+    String projectId = "your-project";
+    // TODO: Replace with the ID of your member in the form "member:[email protected]"
+    String member = "your-member";
+    // The role to be granted.
+    String role = "roles/logging.logWriter";
+
+    // Initializes the Cloud Resource Manager service.
+    CloudResourceManager crmService = null;
+    try {
+      crmService = initializeService();
+    } catch (IOException | GeneralSecurityException e) {
+      System.out.println("Unable to initialize service: \n" + e.toString());
+    }
+
+    // Grants your member the "Log writer" role for your project.
+    addBinding(crmService, projectId, member, role);
+
+    // Get the project's policy and print all members with the "Log Writer" role
+    Policy policy = getPolicy(crmService, projectId);
+    Binding binding = null;
+    List<Binding> bindings = policy.getBindings();
+    for (Binding b : bindings) {
+      if (b.getRole().equals(role)) {
+        binding = b;
+        break;
+      }
+    }
+    System.out.println("Role: " + binding.getRole());
+    System.out.print("Members: ");
+    for (String m : binding.getMembers()) {
+      System.out.print("[" + m + "] ");
+    }
+    System.out.println();
+
+    // Removes member from the "Log writer" role.
+    removeMember(crmService, projectId, member, role);
+  }
+
+  public static CloudResourceManager initializeService()
+      throws IOException, GeneralSecurityException {
+    // Use the Application Default Credentials strategy for authentication. For more info, see:
+    // https://cloud.google.com/docs/authentication/production#finding_credentials_automatically
+    GoogleCredential credential =
+        GoogleCredential.getApplicationDefault()
+            .createScoped(Collections.singleton(IamScopes.CLOUD_PLATFORM));
+
+    // Creates the Cloud Resource Manager service object.
+    CloudResourceManager service =
+        new CloudResourceManager.Builder(
+                GoogleNetHttpTransport.newTrustedTransport(),
+                JacksonFactory.getDefaultInstance(),
+                credential)
+            .setApplicationName("service-accounts")
+            .build();
+    return service;
+  }
+
+  public static void addBinding(
+      CloudResourceManager crmService, String projectId, String member, String role) {
+
+    // Gets the project's policy.
+    Policy policy = getPolicy(crmService, projectId);
+
+    // If binding already exists, adds member to binding.
+    List<Binding> bindings = policy.getBindings();
+    for (Binding b : bindings) {
+      if (b.getRole().equals(role)) {
+        b.getMembers().add(member);
+        break;
+      }
+    }
+
+    // If binding does not exist, adds binding to policy.
+    Binding binding = new Binding();
+    binding.setRole(role);
+    binding.setMembers(Collections.singletonList(member));
+    policy.getBindings().add(binding);
+
+    // Set the updated policy
+    setPolicy(crmService, projectId, policy);
+  }
+
+  public static void removeMember(
+      CloudResourceManager crmService, String projectId, String member, String role) {
+    // Gets the project's policy.
+    Policy policy = getPolicy(crmService, projectId);
+
+    // Removes the member from the role.
+    List<Binding> bindings = policy.getBindings();
+    Binding binding = null;
+    for (Binding b : bindings) {
+      if (b.getRole().equals(role)) {
+        binding = b;
+        break;
+      }
+    }
+    if (binding.getMembers().contains(member)) {
+      binding.getMembers().remove(member);
+      if (binding.getMembers().isEmpty()) {
+        policy.getBindings().remove(binding);
+      }
+    }
+
+    // Sets the updated policy.
+    setPolicy(crmService, projectId, policy);
+  }
+
+  public static Policy getPolicy(CloudResourceManager crmService, String projectId) {
+    // Gets the project's policy by calling the
+    // Cloud Resource Manager Projects API.
+    Policy policy = null;
+    try {
+      GetIamPolicyRequest request = new GetIamPolicyRequest();
+      policy = crmService.projects().getIamPolicy(projectId, request).execute();
+    } catch (IOException e) {
+      System.out.println("Unable to get policy: \n" + e.toString());
+    }
+    return policy;
+  }
+
+  private static void setPolicy(CloudResourceManager crmService, String projectId, Policy policy) {
+    // Sets the project's policy by calling the
+    // Cloud Resource Manager Projects API.
+    try {
+      SetIamPolicyRequest request = new SetIamPolicyRequest();
+      request.setPolicy(policy);
+      crmService.projects().setIamPolicy(projectId, request).execute();
+    } catch (IOException e) {
+      System.out.println("Unable to set policy: \n" + e.toString());
+    }
+  }
+}
+// [END iam_quickstart_v2]
diff --git a/...com/google/iam/snippets/RemoveMember.java → .../main/java/iam/snippets/RemoveMember.java b/...com/google/iam/snippets/RemoveMember.java → .../main/java/iam/snippets/RemoveMember.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_modify_policy_remove_member]
 import com.google.api.services.cloudresourcemanager.model.Binding;
@@ -30,18 +30,19 @@ public static void removeMember(Policy policy) {
     String member = "user:[email protected]";
 
     List<Binding> bindings = policy.getBindings();
-
+    Binding binding = null;
     for (Binding b : bindings) {
-      if (b.getRole() == role) {
-        if (b.getMembers().contains(member)) {
-          b.getMembers().remove(member);
-          System.out.println("Member " + member + " removed from " + role);
-        }
-        if (b.getMembers().size() == 0) {
-          policy.getBindings().remove(b);
-        }
-        return;
+      if (b.getRole().equals(role)) {
+        binding = b;
+      }
+    }
+    if (binding.getMembers().contains(member)) {
+      binding.getMembers().remove(member);
+      System.out.println("Member " + member + " removed from " + role);
+      if (binding.getMembers().isEmpty()) {
+        policy.getBindings().remove(binding);
       }
+      return;
     }
 
     System.out.println("Role not found in policy; member not removed");

diff --git a/...le/iam/snippets/RenameServiceAccount.java → ...va/iam/snippets/RenameServiceAccount.java b/...le/iam/snippets/RenameServiceAccount.java → ...va/iam/snippets/RenameServiceAccount.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_rename_service_account]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/...va/com/google/iam/snippets/SetPolicy.java → ...src/main/java/iam/snippets/SetPolicy.java b/...va/com/google/iam/snippets/SetPolicy.java → ...src/main/java/iam/snippets/SetPolicy.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_set_policy]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/.../google/iam/snippets/TestPermissions.java → ...in/java/iam/snippets/TestPermissions.java b/.../google/iam/snippets/TestPermissions.java → ...in/java/iam/snippets/TestPermissions.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 // [START iam_test_permissions]
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;

diff --git a/.../com/google/iam/snippets/AccessTests.java → ...c/test/java/iam/snippets/AccessTests.java b/.../com/google/iam/snippets/AccessTests.java → ...c/test/java/iam/snippets/AccessTests.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;

diff --git a/...google/iam/snippets/GrantableRolesIT.java → ...t/java/iam/snippets/GrantableRolesIT.java b/...google/iam/snippets/GrantableRolesIT.java → ...t/java/iam/snippets/GrantableRolesIT.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 import static org.junit.Assert.assertTrue;
 

diff --git a/...com/google/iam/snippets/QuickstartIT.java → .../test/java/iam/snippets/QuickstartIT.java b/...com/google/iam/snippets/QuickstartIT.java → .../test/java/iam/snippets/QuickstartIT.java
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package com.google.iam.snippets;
+package iam.snippets;
 
 import static org.junit.Assert.assertTrue;