public void AddRoleMember_ContainsBinding()
{
var policy = new Policy
{
Bindings = { new Binding {
Role = "role", Members ={ "member" }, Condition = new Type.Expr {
Description = "condition"
}
} }
};
Assert.Throws <InvalidOperationException>(() => policy.AddRoleMember("role", "member2"));
Assert.Throws <InvalidOperationException>(() => policy.AddRoleMember("role2", "member2"));
}
public void AddRoleMember_NewRole()
{
var policy = new Policy
{
Bindings =
{
new Binding {
Role = "other", Members ={ "x", "y", "z" }
},
}
};
var expected = new Policy
{
Bindings =
{
new Binding {
Role = "other", Members ={ "x", "y", "z" }
},
new Binding {
Role = "target", Members ={ "d" }
},
}
};
Assert.True(policy.AddRoleMember("target", "d"));
Assert.Equal(expected, policy);
}
public Policy IamGrantAccess(
string projectId = "my-project", string secretId = "my-secret",
string member = "user:[email protected]")
{
// Create the client.
SecretManagerServiceClient client = SecretManagerServiceClient.Create();
// Build the resource name.
SecretName secretName = new SecretName(projectId, secretId);
// Get current policy.
Policy policy = client.GetIamPolicy(new GetIamPolicyRequest
{
ResourceAsResourceName = secretName,
});
// Add the user to the list of bindings.
policy.AddRoleMember("roles/secretmanager.secretAccessor", member);
// Save the updated policy.
policy = client.SetIamPolicy(new SetIamPolicyRequest
{
ResourceAsResourceName = secretName,
Policy = policy,
});
return(policy);
}
public Policy IamAddMember(
string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string keyId = "my-key",
string member = "user:[email protected]")
{
// Create the client.
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
// Build the resource name.
CryptoKeyName resourceName = new CryptoKeyName(projectId, locationId, keyRingId, keyId);
// The resource name could also be a key ring.
// var resourceName = new KeyRingName(projectId, locationId, keyRingId);
// Get the current IAM policy.
Policy policy = client.GetIamPolicy(resourceName);
// Add the member to the policy.
policy.AddRoleMember("roles/cloudkms.cryptoKeyEncrypterDecrypter", member);
// Save the updated IAM policy.
Policy result = client.SetIamPolicy(resourceName, policy);
// Return the resulting policy.
return(result);
}
public void AddRoleMember_LaterVersion()
{
var policy = new Policy {
Version = 2
};
Assert.Throws <InvalidOperationException>(() => policy.AddRoleMember("role", "member"));
}
public void AddRoleMember_RoleExists_MemberExists()
{
var policy = new Policy
{
Bindings =
{
new Binding {
Role = "other", Members ={ "x", "y", "z" }
},
new Binding {
Role = "target", Members ={ "a", "b", "c" }
},
}
};
var expected = policy.Clone();
Assert.False(policy.AddRoleMember("target", "b"));
Assert.Equal(expected, policy); // No change
}
