Example #1
0
        // [END kms_add_member_to_cryptokey_policy]

        // [START kms_remove_member_from_cryptokey_policy]
        public static object RemoveMemberFromCryptoKeyPolicy(string projectId, string location,
                                                             string keyRing, string cryptoKey, string role, string member)
        {
            var cloudKms = CreateAuthorizedClient();
            // Generate the full path of the parent to use for updating the crypto key IAM policy.
            var parent = $"projects/{projectId}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}";
            var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();

            if (result.Bindings != null)
            {
                result.Bindings.ToList().ForEach(response =>
                {
                    if (response.Role == role)
                    {
                        // Remove the role/member combo from the crypto key IAM policy.
                        response.Members = response.Members.Where(m => m != member).ToList();
                    }
                });
                // Set the modified crypto key IAM policy to be the cryto key's current IAM policy.
                SetIamPolicyRequest setIamPolicyRequest = new SetIamPolicyRequest();
                setIamPolicyRequest.Policy = result;
                var request = new ProjectsResource.LocationsResource.KeyRingsResource.CryptoKeysResource
                              .SetIamPolicyRequest(cloudKms, setIamPolicyRequest, parent);
                var setIamPolicyResult = request.Execute();
                // Get and display the modified crypto key IAM policy.
                var resultAfterUpdate = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();
                if (resultAfterUpdate.Bindings != null)
                {
                    Console.WriteLine($"Policy Bindings: {resultAfterUpdate.Bindings}");
                    resultAfterUpdate.Bindings.ToList().ForEach(response =>
                    {
                        Console.WriteLine($"Role: {response.Role}");
                        response.Members.ToList().ForEach(memberAfterUpdate =>
                        {
                            Console.WriteLine($"  Member: {memberAfterUpdate}");
                        });
                    });
                }
                else
                {
                    Console.WriteLine($"Empty IAM policy found for CryptoKey: {parent}");
                }
            }
            else
            {
                Console.WriteLine($"Empty IAM policy found for CryptoKey: {parent}");
            }
            return(0);
        }
Example #2
0
        // [END kms_get_cryptokey_policy]

        // [START kms_add_member_to_cryptokey_policy]
        public static object AddMemberToCryptoKeyPolicy(string projectId, string location,
                                                        string keyRing, string cryptoKey, string role, string member)
        {
            var cloudKms = CreateAuthorizedClient();
            // Generate the full path of the parent to use for updating the crypto key IAM policy.
            var parent = $"projects/{projectId}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}";
            SetIamPolicyRequest setIamPolicyRequest = new SetIamPolicyRequest();
            var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();

            if (result.Bindings != null)
            {
                // Policy already exists, so add a new Binding to it.
                Binding bindingToAdd = new Binding();
                bindingToAdd.Role = role;
                string[] testMembers = { member };
                bindingToAdd.Members = testMembers;
                result.Bindings.Add(bindingToAdd);
                setIamPolicyRequest.Policy = result;
            }
            else
            {
                // Policy does not yet exist, so create a new one.
                Policy newPolicy = new Policy();
                newPolicy.Bindings = new List <Binding>();
                Binding bindingToAdd = new Binding();
                bindingToAdd.Role = role;
                string[] testMembers = { member };
                bindingToAdd.Members = testMembers;
                newPolicy.Bindings.Add(bindingToAdd);
                setIamPolicyRequest.Policy = newPolicy;
            }
            var request = new ProjectsResource.LocationsResource.KeyRingsResource.CryptoKeysResource
                          .SetIamPolicyRequest(cloudKms, setIamPolicyRequest, parent);
            var setIamPolicyResult = request.Execute();
            var updateResult       = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();

            updateResult.Bindings.ToList().ForEach(response =>
            {
                Console.WriteLine($"Role: {response.Role}");
                response.Members.ToList().ForEach(memberFound =>
                {
                    Console.WriteLine($"  Member: {memberFound}");
                });
            });
            return(0);
        }