Add IAM samples #359
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,190 @@ | ||
| /** | ||
| * Copyright 2017, Google, Inc. | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| 'use strict'; | ||
|
|
||
| function viewBucketIamMembers (bucketName) { | ||
| // [START view_bucket_iam_members] | ||
|
|
||
| // Your Google Cloud Storage bucket name | ||
|
There was a problem hiding this comment. Variable definitions (everything really) should be below any import statements. |
||
| // const bucketName = "my-bucket"; | ||
|
|
||
| // Imports the Google Cloud client library | ||
| const Storage = require('@google-cloud/storage'); | ||
|
|
||
| // Instantiates a client | ||
| const storage = Storage(); | ||
|
|
||
| // Get a reference to a Google Cloud Storage bucket | ||
| const bucket = storage.bucket(bucketName); | ||
|
|
||
| // Gets and displays the bucket's IAM policy | ||
| bucket.iam.getPolicy() | ||
| .then((data) => { | ||
| const policy = data[0].bindings; | ||
|
|
||
| // Displays the roles in the bucket's IAM policy | ||
| console.log(`Roles for bucket ${bucketName}:`); | ||
| policy.forEach((role) => { | ||
| console.log(` Role: ${role.role}`); | ||
| console.log(` Members:`); | ||
|
|
||
| const members = role.members; | ||
| members.forEach((member) => { | ||
| console.log(` ${member}`); | ||
| }); | ||
| }); | ||
| }) | ||
| .catch((err) => { | ||
| console.error('Error:', err); | ||
| }); | ||
| // [END view_bucket_iam_members] | ||
| } | ||
|
|
||
| function addBucketIamMember (bucketName, roleName, members) { | ||
| // [START add_bucket_iam_member] | ||
| // Your Google Cloud Storage bucket name | ||
| // const bucketName = "my-bucket"; | ||
|
There was a problem hiding this comment. Variable definitions (everything really) should be below any import statements |
||
|
|
||
| // The bucket-level IAM role to grant | ||
| // const roleName = "roles/storage.objectViewer"; | ||
|
|
||
| // The list of IAM members to grant the role to | ||
| // const members = ['user:[email protected]', 'group:[email protected]']; | ||
|
There was a problem hiding this comment. there's some extra indentation on this line |
||
|
|
||
| // Imports the Google Cloud client library | ||
| const Storage = require('@google-cloud/storage'); | ||
|
|
||
| // Instantiates a client | ||
| const storage = Storage(); | ||
|
|
||
| // Get a reference to a Google Cloud Storage bucket | ||
| const bucket = storage.bucket(bucketName); | ||
|
|
||
| // Gets and updates the bucket's IAM policy | ||
| bucket.iam.getPolicy() | ||
| .then((data) => { | ||
| const policy = data[0]; | ||
|
|
||
| // Adds the new roles to the bucket's IAM policy | ||
| policy.bindings.push({ | ||
| role: roleName, | ||
| members: members | ||
| }); | ||
|
|
||
| // Updates the bucket's IAM policy | ||
| return bucket.iam.setPolicy(policy); | ||
| }) | ||
| .then(() => { | ||
| console.log(`Added the following member(s) with role ${roleName} to ${bucketName}:`); | ||
| members.forEach((member) => { | ||
| console.log(` ${member}`); | ||
| }); | ||
| }) | ||
| .catch((err) => { | ||
| console.error('Error:', err); | ||
| }); | ||
| // [END add_bucket_iam_member] | ||
| } | ||
|
|
||
| function removeBucketIamMember (bucketName, roleName, members) { | ||
| // [START remove_bucket_iam_member] | ||
| // Your Google Cloud Storage bucket name | ||
| // const bucketName = "my-bucket"; | ||
|
There was a problem hiding this comment. Variable definitions (everything really) should be below any import statements |
||
|
|
||
| // The bucket-level IAM role to grant | ||
| // const roleName = "roles/storage.objectViewer"; | ||
|
|
||
| // The list of IAM members to grant the role to | ||
| // const members = ['user:[email protected]', 'group:[email protected]']; | ||
|
|
||
| // Imports the Google Cloud client library | ||
| const Storage = require('@google-cloud/storage'); | ||
|
|
||
| // Instantiates a client | ||
| const storage = Storage(); | ||
|
|
||
| // Get a reference to a Google Cloud Storage bucket | ||
| const bucket = storage.bucket(bucketName); | ||
|
|
||
| // Gets and updates the bucket's IAM policy | ||
| bucket.iam.getPolicy() | ||
| .then((data) => { | ||
| const policy = data[0]; | ||
|
|
||
| // Finds and updates the appropriate role-member group | ||
| const index = policy.bindings.findIndex((role) => role.role === roleName); | ||
| let role = policy.bindings[index]; | ||
| if (role) { | ||
| role.members = role.members.filter((member) => members.indexOf(member) === -1); | ||
|
|
||
| // Updates the policy object with the new (or empty) role-member group | ||
| if (role.members.length === 0) { | ||
| policy.bindings.splice(index, 1); | ||
| } else { | ||
| policy.bindings.index = role; | ||
| } | ||
|
|
||
| // Updates the bucket's IAM policy | ||
| return bucket.iam.setPolicy(policy); | ||
| } else { | ||
| // No matching role-member group(s) were found | ||
| throw new Error('No matching role-member group(s) found.'); | ||
| } | ||
| }) | ||
| .then(() => { | ||
| console.log(`Removed the following member(s) with role ${roleName} from ${bucketName}:`); | ||
| members.forEach((member) => { | ||
| console.log(` ${member}`); | ||
| }); | ||
| }) | ||
| .catch((err) => { | ||
| console.error('Error:', err); | ||
| }); | ||
| // [END remove_bucket_iam_member] | ||
| } | ||
|
|
||
| const cli = require(`yargs`) | ||
| .demand(1) | ||
| .array('members') | ||
| .command( | ||
| `view-members <bucketName>`, | ||
| `Lists IAM member-role groups for a given Google Cloud Storage bucket.`, | ||
| {}, | ||
| (opts) => viewBucketIamMembers(opts.bucketName) | ||
| ) | ||
| .command( | ||
| `add-members <bucketName> <roleName> [members..]`, | ||
| `Adds one or more IAM member-role groups to a Google Cloud Storage bucket.`, | ||
| {}, | ||
| (opts) => addBucketIamMember(opts.bucketName, opts.roleName, opts.members) | ||
| ) | ||
| .command( | ||
| `remove-members <bucketName> <roleName> [members..]`, | ||
| `Removes one or more IAM member-role groups from a Google Cloud Storage bucket.`, | ||
| {}, | ||
| (opts) => removeBucketIamMember(opts.bucketName, opts.roleName, opts.members) | ||
| ) | ||
| .example(`node $0 view-members "my-bucket"`) | ||
| .example(`node $0 add-members "my-bucket" "storage.objectViewer" "user:[email protected]" "group:[email protected]"`) | ||
| .example(`node $0 remove-members "my-bucket" "storage.objectViewer" "user:[email protected]" "group:[email protected]"`) | ||
| .wrap(120) | ||
| .recommendCommands() | ||
| .epilogue(`For more information, see https://cloud.google.com/iam/docs/overview and https://cloud.google.com/storage/docs`) | ||
| .help(); | ||
|
|
||
| if (module === require.main) { | ||
| cli.help().strict().argv; // eslint-disable-line | ||
|
There was a problem hiding this comment. Maybe you're right, perhaps we should make this the standard (a "main" function). Change to: .epilogue(`For more information, see https://cloud.google.com/iam/docs/overview and https://cloud.google.com/storage/docs`)
.help()
.strict();
if (module === require.main) {
cli.parse(process.argv.slice(2));
} |
||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| /** | ||
| * Copyright 2017, Google, Inc. | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| 'use strict'; | ||
|
|
||
| const path = require(`path`); | ||
| const storage = require(`@google-cloud/storage`)(); | ||
| const test = require(`ava`); | ||
| const tools = require(`@google-cloud/nodejs-repo-tools`); | ||
| const uuid = require(`uuid`); | ||
|
|
||
| const cwd = path.join(__dirname, `..`); | ||
| const bucketName = `nodejs-docs-samples-test-${uuid.v4()}`; | ||
| const bucket = storage.bucket(bucketName); | ||
| const userEmail = `[email protected]`; | ||
| const cmd = `node iam.js`; | ||
| const roleName = `roles/storage.objectViewer`; | ||
|
|
||
| test.before(tools.checkCredentials); | ||
| test.before(async (t) => { | ||
| await bucket.create(); | ||
| }); | ||
|
|
||
| test.after.always(async (t) => { | ||
| try { | ||
| await bucket.delete(); | ||
| } catch (err) {} // ignore error | ||
| }); | ||
|
|
||
| test.serial(`should add multiple members to a role on a bucket`, async (t) => { | ||
| const output = await tools.runAsync(`${cmd} add-members ${bucketName} ${roleName} "user:${userEmail}"`, cwd); | ||
| t.true(output.includes(`Added the following member(s) with role ${roleName} to ${bucketName}:`)); | ||
| t.true(output.includes(`user:${userEmail}`)); | ||
| }); | ||
|
|
||
| test.serial(`should list members of a role on a bucket`, async (t) => { | ||
| const output = await tools.runAsync(`${cmd} view-members ${bucketName} "user:${userEmail}"`, cwd); | ||
| t.true(output.includes(`Roles for bucket ${bucketName}:`)); | ||
| t.true(output.includes(`Role: ${roleName}`)); | ||
| t.true(output.includes(`Members:`)); | ||
| t.true(output.includes(`user:${userEmail}`)); | ||
| }); | ||
|
|
||
| test.serial(`should remove multiple members from a role on a bucket`, async (t) => { | ||
| const output = await tools.runAsync(`${cmd} remove-members ${bucketName} ${roleName} "user:${userEmail}"`, cwd); | ||
| t.true(output.includes(`Removed the following member(s) with role ${roleName} from ${bucketName}:`)); | ||
| t.true(output.includes(`user:${userEmail}`)); | ||
| }); |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there's an extra blank line here