Java Code Examples for com.google.cloud.storage.Storage#setIamPolicy()
The following examples show how to use
com.google.cloud.storage.Storage#setIamPolicy() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: MakeBucketPublic.java From google-cloud-java with Apache License 2.0 | 6 votes |
public static void makeBucketPublic(String projectId, String bucketName) { // The ID of your GCP project // String projectId = "your-project-id"; // The ID of your GCS bucket // String bucketName = "your-unique-bucket-name"; Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService(); Policy originalPolicy = storage.getIamPolicy(bucketName); storage.setIamPolicy( bucketName, originalPolicy .toBuilder() .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) // All users can view .build()); System.out.println("Bucket " + bucketName + " is now publicly readable"); }
Example 2
Source File: RemoveBucketIamMember.java From google-cloud-java with Apache License 2.0 | 5 votes |
public static void removeBucketIamMember(String projectId, String bucketName) { // The ID of your GCP project // String projectId = "your-project-id"; // The ID of your GCS bucket // String bucketName = "your-unique-bucket-name"; // For more information please read: // https://cloud.google.com/storage/docs/access-control/iam Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService(); Policy originalPolicy = storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3)); String role = "roles/storage.objectViewer"; String member = "group:example@google.com"; // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable. List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList()); // Remove role-member binding without a condition. for (int index = 0; index < bindings.size(); index++) { Binding binding = bindings.get(index); boolean foundRole = binding.getRole().equals(role); boolean foundMember = binding.getMembers().contains(member); boolean bindingIsNotConditional = binding.getCondition() == null; if (foundRole && foundMember && bindingIsNotConditional) { bindings.set(index, binding.toBuilder().removeMembers(member).build()); break; } } // Update policy to remove member Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder(); updatedPolicyBuilder.setBindings(bindings).setVersion(3); Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build()); System.out.printf("Removed %s with role %s from %s\n", member, role, bucketName); }
Example 3
Source File: AddBucketIamMember.java From google-cloud-java with Apache License 2.0 | 5 votes |
/** Example of adding a member to the Bucket-level IAM */ public static void addBucketIamMember(String projectId, String bucketName) { // The ID of your GCP project // String projectId = "your-project-id"; // The ID of your GCS bucket // String bucketName = "your-unique-bucket-name"; // For more information please read: // https://cloud.google.com/storage/docs/access-control/iam Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService(); Policy originalPolicy = storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3)); String role = "roles/storage.objectViewer"; String member = "group:example@google.com"; // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable. List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList()); // Create a new binding using role and member Binding.Builder newMemberBindingBuilder = Binding.newBuilder(); newMemberBindingBuilder.setRole(role).setMembers(Arrays.asList(member)); bindings.add(newMemberBindingBuilder.build()); // Update policy to add member Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder(); updatedPolicyBuilder.setBindings(bindings).setVersion(3); Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build()); System.out.printf("Added %s with role %s to %s\n", member, role, bucketName); }
Example 4
Source File: RemoveBucketIamConditionalBinding.java From google-cloud-java with Apache License 2.0 | 4 votes |
/** Example of removing a conditional binding to the Bucket-level IAM */ public static void removeBucketIamConditionalBinding(String projectId, String bucketName) { // The ID of your GCP project // String projectId = "your-project-id"; // The ID of your GCS bucket // String bucketName = "your-unique-bucket-name"; // For more information please read: // https://cloud.google.com/storage/docs/access-control/iam Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService(); Policy originalPolicy = storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3)); String role = "roles/storage.objectViewer"; // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable. List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList()); // Create a condition to compare against Condition.Builder conditionBuilder = Condition.newBuilder(); conditionBuilder.setTitle("Title"); conditionBuilder.setDescription("Description"); conditionBuilder.setExpression( "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"); Iterator iterator = bindings.iterator(); while (iterator.hasNext()) { Binding binding = (Binding) iterator.next(); boolean foundRole = binding.getRole().equals(role); boolean conditionsEqual = conditionBuilder.build().equals(binding.getCondition()); // Remove condition when the role and condition are equal if (foundRole && conditionsEqual) { iterator.remove(); break; } } // Update policy to remove conditional binding Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder(); updatedPolicyBuilder.setBindings(bindings).setVersion(3); Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build()); System.out.println("Conditional Binding was removed."); }
Example 5
Source File: AddBucketIamConditionalBinding.java From google-cloud-java with Apache License 2.0 | 4 votes |
/** Example of adding a conditional binding to the Bucket-level IAM */ public static void addBucketIamConditionalBinding(String projectId, String bucketName) { // The ID of your GCP project // String projectId = "your-project-id"; // The ID of your GCS bucket // String bucketName = "your-unique-bucket-name"; // For more information please read: // https://cloud.google.com/storage/docs/access-control/iam Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService(); Policy originalPolicy = storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3)); String role = "roles/storage.objectViewer"; String member = "group:example@google.com"; // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable. List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList()); // Create a condition String conditionTitle = "Title"; String conditionDescription = "Description"; String conditionExpression = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"; Condition.Builder conditionBuilder = Condition.newBuilder(); conditionBuilder.setTitle(conditionTitle); conditionBuilder.setDescription(conditionDescription); conditionBuilder.setExpression(conditionExpression); // Add condition to a binding Binding.Builder newBindingBuilder = Binding.newBuilder() .setRole(role) .setMembers(Arrays.asList(member)) .setCondition(conditionBuilder.build()); bindings.add(newBindingBuilder.build()); // Update policy with new conditional binding Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder(); updatedPolicyBuilder.setBindings(bindings).setVersion(3); Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build()); System.out.printf( "Added %s with role %s to %s with condition %s %s %s\n", member, role, bucketName, conditionTitle, conditionDescription, conditionExpression); }