nrupal
diff --git a/‎iam/api-client/access.py
Copy file name to clipboard
+132Lines changed: 132 additions & 0 deletions b/‎iam/api-client/access.py
Copy file name to clipboard
+132Lines changed: 132 additions & 0 deletions
diff --git a/‎iam/api-client/access_test.py
Copy file name to clipboard
+29Lines changed: 29 additions & 0 deletions b/‎iam/api-client/access_test.py
Copy file name to clipboard
+29Lines changed: 29 additions & 0 deletions
@@ -0,0 +1,132 @@
+# !/usr/bin/env python
+#
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Demonstrates how to perform basic access management with Google Cloud IAM.
+
+For more information, see the documentation at
+https://cloud.google.com/iam/docs/granting-changing-revoking-access.
+"""
+
+import argparse
+import os
+
+from google.oauth2 import service_account
+import googleapiclient.discovery
+
+
+credentials = service_account.Credentials.from_service_account_file(
+    filename=os.environ['GOOGLE_APPLICATION_CREDENTIALS'],
+    scopes=['https://www.googleapis.com/auth/cloud-platform'])
+service = googleapiclient.discovery.build(
+    'cloudresourcemanager', 'v1', credentials=credentials)
+
+
+# [START iam_get_policy]
+def get_policy(project_id):
+    """Gets IAM policy for a project."""
+
+    # pylint: disable=no-member
+    policy = service.projects().getIamPolicy(
+        resource=project_id, body={}).execute()
+    print(policy)
+    return policy
+# [END iam_get_policy]
+
+
+# [START iam_modify_policy_add_member]
+def modify_policy_add_member(policy, role, member):
+    """Adds a new member to a role binding."""
+    binding = next(b for b in policy['bindings'] if b['role'] == role)
+    binding['members'].append(member)
+    print(binding)
+    return policy
+# [END iam_modify_policy_add_member]
+
+
+# [START iam_modify_policy_add_role]
+def modify_policy_add_role(policy, role, member):
+    """Adds a new role binding to a policy."""
+    binding = {
+        'role': role,
+        'members': [member]
+    }
+    policy['bindings'].append(binding)
+    print(policy)
+    return policy
+# [END iam_modify_policy_add_role]
+
+
+# [START iam_set_policy]
+def set_policy(project_id, policy):
+    """Sets IAM policy for a project."""
+
+    # pylint: disable=no-member
+    policy = service.projects().setIamPolicy(
+        resource=project_id, body={
+            'policy': policy
+        }).execute()
+    print(policy)
+    return policy
+# [END iam_set_policy]
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter)
+
+    subparsers = parser.add_subparsers(dest='command')
+
+    # Get
+    get_parser = subparsers.add_parser(
+        'get', help=get_policy.__doc__)
+    get_parser.add_argument('project_id')
+
+    # Modify: add member
+    modify_member_parser = subparsers.add_parser(
+        'modify_member', help=get_policy.__doc__)
+    modify_member_parser.add_argument('project_id')
+    modify_member_parser.add_argument('role')
+    modify_member_parser.add_argument('member')
+
+    # Modify: add role
+    modify_role_parser = subparsers.add_parser(
+        'modify_role', help=get_policy.__doc__)
+    modify_role_parser.add_argument('project_id')
+    modify_role_parser.add_argument('project_id')
+    modify_role_parser.add_argument('role')
+    modify_role_parser.add_argument('member')
+
+    # Set
+    set_parser = subparsers.add_parser(
+        'set', help=set_policy.__doc__)
+    set_parser.add_argument('project_id')
+    set_parser.add_argument('policy')
+
+    args = parser.parse_args()
+
+    if args.command == 'get':
+        get_policy(args.project_id)
+    elif args.command == 'set':
+        set_policy(args.project_id, args.policy)
+    elif args.command == 'add_member':
+        modify_policy_add_member(args.policy, args.role, args.member)
+    elif args.command == 'add_binding':
+        modify_policy_add_role(args.policy, args.role, args.member)
+
+
+if __name__ == '__main__':
+    main()
@@ -0,0 +1,29 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+
+import access
+
+
+def test_access(capsys):
+    project = os.environ['GCLOUD_PROJECT']
+
+    policy = access.get_policy(project)
+    out, _ = capsys.readouterr()
+    assert 'etag' in out
+
+    policy = access.set_policy(project, policy)
+    out, _ = capsys.readouterr()
+    assert 'etag' in out