Java Code Examples for com.google.cloud.storage.Storage#getIamPolicy()

The following examples show how to use com.google.cloud.storage.Storage#getIamPolicy() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
public static void makeBucketPublic(String projectId, String bucketName) {
  // The ID of your GCP project
  // String projectId = "your-project-id";

  // The ID of your GCS bucket
  // String bucketName = "your-unique-bucket-name";

  Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();
  Policy originalPolicy = storage.getIamPolicy(bucketName);
  storage.setIamPolicy(
      bucketName,
      originalPolicy
          .toBuilder()
          .addIdentity(StorageRoles.objectViewer(), Identity.allUsers()) // All users can view
          .build());

  System.out.println("Bucket " + bucketName + " is now publicly readable");
}
 
Example 2
public static void removeBucketIamMember(String projectId, String bucketName) {
  // The ID of your GCP project
  // String projectId = "your-project-id";

  // The ID of your GCS bucket
  // String bucketName = "your-unique-bucket-name";

  // For more information please read:
  // https://cloud.google.com/storage/docs/access-control/iam
  Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();

  Policy originalPolicy =
      storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3));

  String role = "roles/storage.objectViewer";
  String member = "group:[email protected]";

  // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable.
  List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList());

  // Remove role-member binding without a condition.
  for (int index = 0; index < bindings.size(); index++) {
    Binding binding = bindings.get(index);
    boolean foundRole = binding.getRole().equals(role);
    boolean foundMember = binding.getMembers().contains(member);
    boolean bindingIsNotConditional = binding.getCondition() == null;

    if (foundRole && foundMember && bindingIsNotConditional) {
      bindings.set(index, binding.toBuilder().removeMembers(member).build());
      break;
    }
  }

  // Update policy to remove member
  Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder();
  updatedPolicyBuilder.setBindings(bindings).setVersion(3);
  Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build());

  System.out.printf("Removed %s with role %s from %s\n", member, role, bucketName);
}
 
Example 3
public static void listBucketIamMembers(String projectId, String bucketName) {
  // The ID of your GCP project
  // String projectId = "your-project-id";

  // The ID of your GCS bucket
  // String bucketName = "your-unique-bucket-name";

  // For more information please read:
  // https://cloud.google.com/storage/docs/access-control/iam
  Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();

  Policy policy =
      storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3));

  // Print binding information
  for (Binding binding : policy.getBindingsList()) {
    System.out.printf("Role: %s Members: %s\n", binding.getRole(), binding.getMembers());

    // Print condition if one is set
    boolean bindingIsConditional = binding.getCondition() != null;
    if (bindingIsConditional) {
      System.out.printf("Condition Title: %s\n", binding.getCondition().getTitle());
      System.out.printf("Condition Description: %s\n", binding.getCondition().getDescription());
      System.out.printf("Condition Expression: %s\n", binding.getCondition().getExpression());
    }
  }
}
 
Example 4
/** Example of adding a member to the Bucket-level IAM */
public static void addBucketIamMember(String projectId, String bucketName) {
  // The ID of your GCP project
  // String projectId = "your-project-id";

  // The ID of your GCS bucket
  // String bucketName = "your-unique-bucket-name";

  // For more information please read:
  // https://cloud.google.com/storage/docs/access-control/iam
  Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();

  Policy originalPolicy =
      storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3));

  String role = "roles/storage.objectViewer";
  String member = "group:[email protected]";

  // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable.
  List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList());

  // Create a new binding using role and member
  Binding.Builder newMemberBindingBuilder = Binding.newBuilder();
  newMemberBindingBuilder.setRole(role).setMembers(Arrays.asList(member));
  bindings.add(newMemberBindingBuilder.build());

  // Update policy to add member
  Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder();
  updatedPolicyBuilder.setBindings(bindings).setVersion(3);
  Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build());

  System.out.printf("Added %s with role %s to %s\n", member, role, bucketName);
}
 
Example 5
/** Example of removing a conditional binding to the Bucket-level IAM */
public static void removeBucketIamConditionalBinding(String projectId, String bucketName) {
  // The ID of your GCP project
  // String projectId = "your-project-id";

  // The ID of your GCS bucket
  // String bucketName = "your-unique-bucket-name";

  // For more information please read:
  // https://cloud.google.com/storage/docs/access-control/iam
  Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();

  Policy originalPolicy =
      storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3));

  String role = "roles/storage.objectViewer";

  // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable.
  List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList());

  // Create a condition to compare against
  Condition.Builder conditionBuilder = Condition.newBuilder();
  conditionBuilder.setTitle("Title");
  conditionBuilder.setDescription("Description");
  conditionBuilder.setExpression(
      "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")");

  Iterator iterator = bindings.iterator();
  while (iterator.hasNext()) {
    Binding binding = (Binding) iterator.next();
    boolean foundRole = binding.getRole().equals(role);
    boolean conditionsEqual = conditionBuilder.build().equals(binding.getCondition());

    // Remove condition when the role and condition are equal
    if (foundRole && conditionsEqual) {
      iterator.remove();
      break;
    }
  }

  // Update policy to remove conditional binding
  Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder();
  updatedPolicyBuilder.setBindings(bindings).setVersion(3);
  Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build());

  System.out.println("Conditional Binding was removed.");
}
 
Example 6
/** Example of adding a conditional binding to the Bucket-level IAM */
public static void addBucketIamConditionalBinding(String projectId, String bucketName) {
  // The ID of your GCP project
  // String projectId = "your-project-id";

  // The ID of your GCS bucket
  // String bucketName = "your-unique-bucket-name";

  // For more information please read:
  // https://cloud.google.com/storage/docs/access-control/iam
  Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();

  Policy originalPolicy =
      storage.getIamPolicy(bucketName, Storage.BucketSourceOption.requestedPolicyVersion(3));

  String role = "roles/storage.objectViewer";
  String member = "group:[email protected]";

  // getBindingsList() returns an ImmutableList and copying over to an ArrayList so it's mutable.
  List<Binding> bindings = new ArrayList(originalPolicy.getBindingsList());

  // Create a condition
  String conditionTitle = "Title";
  String conditionDescription = "Description";
  String conditionExpression =
      "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")";
  Condition.Builder conditionBuilder = Condition.newBuilder();
  conditionBuilder.setTitle(conditionTitle);
  conditionBuilder.setDescription(conditionDescription);
  conditionBuilder.setExpression(conditionExpression);

  // Add condition to a binding
  Binding.Builder newBindingBuilder =
      Binding.newBuilder()
          .setRole(role)
          .setMembers(Arrays.asList(member))
          .setCondition(conditionBuilder.build());
  bindings.add(newBindingBuilder.build());

  // Update policy with new conditional binding
  Policy.Builder updatedPolicyBuilder = originalPolicy.toBuilder();
  updatedPolicyBuilder.setBindings(bindings).setVersion(3);
  Policy updatedPolicy = storage.setIamPolicy(bucketName, updatedPolicyBuilder.build());

  System.out.printf(
      "Added %s with role %s to %s with condition %s %s %s\n",
      member, role, bucketName, conditionTitle, conditionDescription, conditionExpression);
}