// [END kms_get_keyring_policy]
// [START kms_add_member_to_keyring_policy]
public static void AddMemberToKeyRingPolicy(string projectId, string locationId,
string keyRingId, string role, string member)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
KeyRingName keyRingName = new KeyRingName(projectId, locationId, keyRingId);
Policy policy = client.GetIamPolicy(KeyNameOneof.From(keyRingName));
policy.Bindings.Add(new Binding
{
Role = role,
Members = { member }
});
Policy updateResult = client.SetIamPolicy(KeyNameOneof.From(keyRingName), policy);
foreach (Binding bindingResult in updateResult.Bindings)
{
Console.WriteLine($"Role: {bindingResult.Role}");
foreach (string memberResult in bindingResult.Members)
{
Console.WriteLine($" Member: {memberResult}");
}
}
}
public Policy IamRemoveMember(
string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string keyId = "my-key",
string member = "user:[email protected]")
{
// Create the client.
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
// Build the resource name.
CryptoKeyName resourceName = new CryptoKeyName(projectId, locationId, keyRingId, keyId);
// The resource name could also be a key ring.
// var resourceName = new KeyRingName(projectId, locationId, keyRingId);
// Get the current IAM policy.
Policy policy = client.GetIamPolicy(resourceName);
// Add the member to the policy.
policy.RemoveRoleMember("roles/cloudkms.cryptoKeyEncrypterDecrypter", member);
// Save the updated IAM policy.
Policy result = client.SetIamPolicy(resourceName, policy);
// Return the resulting policy.
return(result);
}
// [END kms_add_member_to_cryptokey_policy]
// [START kms_remove_member_from_cryptokey_policy]
public static void RemoveMemberFromCryptoKeyPolicy(string projectId, string locationId,
string keyRingId, string cryptoKeyId, string role, string member)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
Policy policy = client.GetIamPolicy(KeyNameOneof.From(cryptoKeyName));
foreach (Binding binding in policy.Bindings.Where(b => b.Role == role))
{
binding.Members.Remove(member);
}
Policy updateResult = client.SetIamPolicy(KeyNameOneof.From(cryptoKeyName), policy);
foreach (Binding bindingResult in updateResult.Bindings)
{
Console.WriteLine($"Role: {bindingResult.Role}");
foreach (string memberResult in bindingResult.Members)
{
Console.WriteLine($" Member: {memberResult}");
}
}
}
