// [END kms_add_member_to_cryptokey_policy]
// [START kms_remove_member_from_cryptokey_policy]
public static object RemoveMemberFromCryptoKeyPolicy(string projectId, string location,
string keyRing, string cryptoKey, string role, string member)
{
var cloudKms = CreateAuthorizedClient();
// Generate the full path of the parent to use for updating the crypto key IAM policy.
var parent = $"projects/{projectId}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}";
var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();
if (result.Bindings != null)
{
result.Bindings.ToList().ForEach(response =>
{
if (response.Role == role)
{
// Remove the role/member combo from the crypto key IAM policy.
response.Members = response.Members.Where(m => m != member).ToList();
}
});
// Set the modified crypto key IAM policy to be the cryto key's current IAM policy.
SetIamPolicyRequest setIamPolicyRequest = new SetIamPolicyRequest();
setIamPolicyRequest.Policy = result;
var request = new ProjectsResource.LocationsResource.KeyRingsResource.CryptoKeysResource
.SetIamPolicyRequest(cloudKms, setIamPolicyRequest, parent);
var setIamPolicyResult = request.Execute();
// Get and display the modified crypto key IAM policy.
var resultAfterUpdate = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();
if (resultAfterUpdate.Bindings != null)
{
Console.WriteLine($"Policy Bindings: {resultAfterUpdate.Bindings}");
resultAfterUpdate.Bindings.ToList().ForEach(response =>
{
Console.WriteLine($"Role: {response.Role}");
response.Members.ToList().ForEach(memberAfterUpdate =>
{
Console.WriteLine($" Member: {memberAfterUpdate}");
});
});
}
else
{
Console.WriteLine($"Empty IAM policy found for CryptoKey: {parent}");
}
}
else
{
Console.WriteLine($"Empty IAM policy found for CryptoKey: {parent}");
}
return(0);
}
// [END kms_get_cryptokey_policy]
// [START kms_add_member_to_cryptokey_policy]
public static object AddMemberToCryptoKeyPolicy(string projectId, string location,
string keyRing, string cryptoKey, string role, string member)
{
var cloudKms = CreateAuthorizedClient();
// Generate the full path of the parent to use for updating the crypto key IAM policy.
var parent = $"projects/{projectId}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}";
SetIamPolicyRequest setIamPolicyRequest = new SetIamPolicyRequest();
var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();
if (result.Bindings != null)
{
// Policy already exists, so add a new Binding to it.
Binding bindingToAdd = new Binding();
bindingToAdd.Role = role;
string[] testMembers = { member };
bindingToAdd.Members = testMembers;
result.Bindings.Add(bindingToAdd);
setIamPolicyRequest.Policy = result;
}
else
{
// Policy does not yet exist, so create a new one.
Policy newPolicy = new Policy();
newPolicy.Bindings = new List <Binding>();
Binding bindingToAdd = new Binding();
bindingToAdd.Role = role;
string[] testMembers = { member };
bindingToAdd.Members = testMembers;
newPolicy.Bindings.Add(bindingToAdd);
setIamPolicyRequest.Policy = newPolicy;
}
var request = new ProjectsResource.LocationsResource.KeyRingsResource.CryptoKeysResource
.SetIamPolicyRequest(cloudKms, setIamPolicyRequest, parent);
var setIamPolicyResult = request.Execute();
var updateResult = cloudKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(parent).Execute();
updateResult.Bindings.ToList().ForEach(response =>
{
Console.WriteLine($"Role: {response.Role}");
response.Members.ToList().ForEach(memberFound =>
{
Console.WriteLine($" Member: {memberFound}");
});
});
return(0);
}