Exemplo n.º 1
0
        // [END secretmanager_iam_grant_access]

        // [START secretmanager_iam_revoke_access]
        /// <summary>
        /// Revoke a user or account access to the secret.
        /// </summary>
        /// <param name="projectId">ID of the project where the secret resides.</param>
        /// <param name="secretId">ID of the secret.</param>
        /// <param name="member">IAM member to revoke with user: or serviceAccount: prefix</param>
        /// <example>
        /// Revoke a user or account access to the secret.
        /// <code>IAMRevokeAccess("my-project", "my-secret", "user:[email protected]")</code>
        /// </example>
        public static void IAMRevokeAccess(string projectId, string secretId, string member)
        {
            SecretManagerServiceClient client = SecretManagerServiceClient.Create();

            // Create the request to get the current IAM policy.
            var getRequest = new GetIamPolicyRequest
            {
                ResourceAsResourceName = new SecretName(projectId, secretId),
            };

            // Get the current IAM policy.
            var policy = client.GetIamPolicy(getRequest);

            // Remove the user to the list of bindings.
            policy.RemoveRoleMember("roles/secretmanager.secretAccessor", member);

            // Create the request to update the IAM policy.
            var setRequest = new SetIamPolicyRequest
            {
                ResourceAsResourceName = new SecretName(projectId, secretId),
                Policy = policy,
            };

            // Save the updated IAM policy.
            client.SetIamPolicy(setRequest);

            Console.WriteLine($"Updated IAM policy for {secretId}");
        }
Exemplo n.º 2
0
    public Policy IamGrantAccess(
        string projectId = "my-project", string secretId = "my-secret",
        string member    = "user:[email protected]")
    {
        // Create the client.
        SecretManagerServiceClient client = SecretManagerServiceClient.Create();

        // Build the resource name.
        SecretName secretName = new SecretName(projectId, secretId);

        // Get current policy.
        Policy policy = client.GetIamPolicy(new GetIamPolicyRequest
        {
            ResourceAsResourceName = secretName,
        });

        // Add the user to the list of bindings.
        policy.AddRoleMember("roles/secretmanager.secretAccessor", member);

        // Save the updated policy.
        policy = client.SetIamPolicy(new SetIamPolicyRequest
        {
            ResourceAsResourceName = secretName,
            Policy = policy,
        });
        return(policy);
    }