coderatgoogle
diff --git a/‎iam/api-client/README.md‎
Lines changed: 24 additions & 4 deletions b/‎iam/api-client/README.md‎
Lines changed: 24 additions & 4 deletions
diff --git a/‎iam/api-client/pom.xml‎
Lines changed: 15 additions & 1 deletion b/‎iam/api-client/pom.xml‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎iam/api-client/src/main/java/iam/snippets/Quickstart.java‎
Lines changed: 134 additions & 21 deletions b/‎iam/api-client/src/main/java/iam/snippets/Quickstart.java‎
Lines changed: 134 additions & 21 deletions
@@ -10,16 +10,36 @@ the Google API Client Library for Java.
 
 ## Quickstart
 
-Install [Maven](http://maven.apache.org/).
+The Quickstart does the following: 
 
-Build the project with:
+*  Initializes the Resource Manager service, which manages GCP projects.
+* Reads the [IAM policy](https://cloud.google.com/iam/docs/overview#cloud-iam-policy)
+  for your project.
+* Modifies the IAM policy by granting the Log Writer role
+  (`roles/logging.logWriter`) to your Google Account.
+* Writes the updated IAM policy.
+*  Prints all the members in your project that have the Log Writer role
+   (`roles/logging.logWriter`).
+*  Revokes the Log Writer role.
+
+To build and run the Quickstart, install [Maven](http://maven.apache.org/).
+
+To build the project, run the following command:
 
 ```xml
 mvn clean package
 ```
 
-Run the Quickstart, which lists roles in a project:
+To run the Quickstart, ensure that the Resource Manager API is enabled
+for your project and that you have set up authentication. For details, see the
+[Before you begin](https://cloud.google.com/iam/docs/quickstart-client-libraries#before-you-begin)
+section of the IAM client library Quickstart documentation.
+
+Then, replace the `projectId` and `member` fields with your
+project ID and member ID, and run the following command:
 
 ```xml
 mvn exec:java
-```
+```
+
+For more information, see the [IAM client library Quickstart documentation](https://cloud.google.com/iam/docs/quickstart-client-libraries).
@@ -55,6 +55,20 @@
       <version>v1-rev20200907-1.30.10</version><!-- v1 required here, v2 is different - DO NOT UPDATE to v2 -->
     </dependency>
 <!-- [END iam_java_quickstart_dependency] -->
+<!-- [START iamcredentials_java_dependency]-->
+    <dependency>
+      <groupId>com.google.apis</groupId>
+      <artifactId>google-api-services-iamcredentials</artifactId>
+      <version>v1-rev20200821-1.30.10</version>
+    </dependency>
+<!-- [END iamcredentials_java_dependency]-->
+<!-- [START troubleshooter_java_dependency]-->
+    <dependency>
+      <groupId>com.google.apis</groupId>
+      <artifactId>google-api-services-policytroubleshooter</artifactId>
+      <version>v1-rev20200801-1.30.10</version>
+    </dependency>
+<!-- [END troubleshooter_java_dependency]-->
     <dependency>
         <groupId>commons-cli</groupId>
         <artifactId>commons-cli</artifactId>
@@ -89,7 +103,7 @@
         <artifactId>exec-maven-plugin</artifactId>
         <version>3.0.0</version>
         <configuration>
-          <mainClass>com.google.iam.snippets.GrantableRoles</mainClass>
+          <mainClass>iam.snippets.Quickstart</mainClass>
         </configuration>
       </plugin>
     </plugins>
 
@@ -1,4 +1,4 @@
-/* Copyright 2018 Google LLC
+/* Copyright 2020 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,48 +13,161 @@
  * limitations under the License.
  */
 
-// [START iam_quickstart]
-
 package iam.snippets;
 
+// [START iam_quickstart]
 import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
 import com.google.api.client.json.jackson2.JacksonFactory;
-import com.google.api.services.iam.v1.Iam;
+import com.google.api.services.cloudresourcemanager.CloudResourceManager;
+import com.google.api.services.cloudresourcemanager.model.Binding;
+import com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest;
+import com.google.api.services.cloudresourcemanager.model.Policy;
+import com.google.api.services.cloudresourcemanager.model.SetIamPolicyRequest;
 import com.google.api.services.iam.v1.IamScopes;
-import com.google.api.services.iam.v1.model.ListRolesResponse;
-import com.google.api.services.iam.v1.model.Role;
 import com.google.auth.http.HttpCredentialsAdapter;
 import com.google.auth.oauth2.GoogleCredentials;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.util.Collections;
 import java.util.List;
 
 public class Quickstart {
 
-  public static void main(String[] args) throws Exception {
-    // Get credentials
+  public static void main(String[] args) {
+    // TODO: Replace with your project ID.
+    String projectId = "your-project";
+    // TODO: Replace with the ID of your member in the form "user:member@example.com"
+    String member = "your-member";
+    // The role to be granted.
+    String role = "roles/logging.logWriter";
+
+    // Initializes the Cloud Resource Manager service.
+    CloudResourceManager crmService = null;
+    try {
+      crmService = initializeService();
+    } catch (IOException | GeneralSecurityException e) {
+      System.out.println("Unable to initialize service: \n" + e.getMessage() + e.getStackTrace());
+    }
+
+    // Grants your member the "Log writer" role for your project.
+    addBinding(crmService, projectId, member, role);
+
+    // Get the project's policy and print all members with the "Log Writer" role
+    Policy policy = getPolicy(crmService, projectId);
+    Binding binding = null;
+    List<Binding> bindings = policy.getBindings();
+    for (Binding b : bindings) {
+      if (b.getRole().equals(role)) {
+        binding = b;
+        break;
+      }
+    }
+    System.out.println("Role: " + binding.getRole());
+    System.out.print("Members: ");
+    for (String m : binding.getMembers()) {
+      System.out.print("[" + m + "] ");
+    }
+    System.out.println();
+
+    // Removes member from the "Log writer" role.
+    removeMember(crmService, projectId, member, role);
+  }
+
+  public static CloudResourceManager initializeService()
+      throws IOException, GeneralSecurityException {
+    // Use the Application Default Credentials strategy for authentication. For more info, see:
+    // https://cloud.google.com/docs/authentication/production#finding_credentials_automatically
     GoogleCredentials credential =
         GoogleCredentials.getApplicationDefault()
             .createScoped(Collections.singleton(IamScopes.CLOUD_PLATFORM));
 
-    // Create the Cloud IAM service object
-    Iam service =
-        new Iam.Builder(
+    // Creates the Cloud Resource Manager service object.
+    CloudResourceManager service =
+        new CloudResourceManager.Builder(
                 GoogleNetHttpTransport.newTrustedTransport(),
                 JacksonFactory.getDefaultInstance(),
                 new HttpCredentialsAdapter(credential))
-            .setApplicationName("quickstart")
+            .setApplicationName("iam-quickstart")
             .build();
+    return service;
+  }
+
+  public static void addBinding(
+      CloudResourceManager crmService, String projectId, String member, String role) {
+
+    // Gets the project's policy.
+    Policy policy = getPolicy(crmService, projectId);
 
-    // Call the Cloud IAM Roles API
-    ListRolesResponse response = service.roles().list().execute();
-    List<Role> roles = response.getRoles();
+    // Finds binding in policy, if it exists
+    Binding binding = null;
+    for (Binding b : policy.getBindings()) {
+      if (b.getRole().equals(role)) {
+        binding = b; 
+        break;
+      }
+    }
+
+    if (binding != null) {
+      // If binding already exists, adds member to binding.
+      binding.getMembers().add(member);
+    } else {
+      // If binding does not exist, adds binding to policy.
+      binding = new Binding();
+      binding.setRole(role);
+      binding.setMembers(Collections.singletonList(member));
+      policy.getBindings().add(binding);
+    }
+
+    // Sets the updated policy
+    setPolicy(crmService, projectId, policy);
+  }
+
+  public static void removeMember(
+      CloudResourceManager crmService, String projectId, String member, String role) {
+    // Gets the project's policy.
+    Policy policy = getPolicy(crmService, projectId);
+
+    // Removes the member from the role.
+    Binding binding = null;
+    for (Binding b : policy.getBindings()) {
+      if (b.getRole().equals(role)) {
+        binding = b;
+        break;
+      }
+    }
+    if (binding.getMembers().contains(member)) {
+      binding.getMembers().remove(member);
+      if (binding.getMembers().isEmpty()) {
+        policy.getBindings().remove(binding);
+      }
+    }
+
+    // Sets the updated policy.
+    setPolicy(crmService, projectId, policy);
+  }
+
+  public static Policy getPolicy(CloudResourceManager crmService, String projectId) {
+    // Gets the project's policy by calling the
+    // Cloud Resource Manager Projects API.
+    Policy policy = null;
+    try {
+      GetIamPolicyRequest request = new GetIamPolicyRequest();
+      policy = crmService.projects().getIamPolicy(projectId, request).execute();
+    } catch (IOException e) {
+      System.out.println("Unable to get policy: \n" + e.getMessage() + e.getStackTrace());
+    }
+    return policy;
+  }
 
-    // Process the response
-    for (Role role : roles) {
-      System.out.println("Title: " + role.getTitle());
-      System.out.println("Name: " + role.getName());
-      System.out.println("Description: " + role.getDescription());
-      System.out.println();
+  private static void setPolicy(CloudResourceManager crmService, String projectId, Policy policy) {
+    // Sets the project's policy by calling the
+    // Cloud Resource Manager Projects API.
+    try {
+      SetIamPolicyRequest request = new SetIamPolicyRequest();
+      request.setPolicy(policy);
+      crmService.projects().setIamPolicy(projectId, request).execute();
+    } catch (IOException e) {
+      System.out.println("Unable to set policy: \n" + e.getMessage() + e.getStackTrace());
     }
   }
 }