docs(samples): init add iam deny samples and test

googleapis · Sita04 · Jul 8, 2022 · Jun 30, 2022 · Jun 30, 2022 · Jun 30, 2022
commit 5bb15bbfd6ef4695ee9b048d662ae1b1e0df0cf6
diff --git a/samples/cloud-client/snippets/src/main/java/CreateDenyPolicy.java b/samples/cloud-client/snippets/src/main/java/CreateDenyPolicy.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import com.google.iam.v2beta.CreatePolicyRequest;
+import com.google.iam.v2beta.DenyRule;
+import com.google.iam.v2beta.PoliciesClient;
+import com.google.iam.v2beta.Policy;
+import com.google.iam.v2beta.PolicyRule;
+import com.google.type.Expr;
+import java.io.IOException;
+import java.util.UUID;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+public class CreateDenyPolicy {
+
+  public static void main(String[] args)
+      throws IOException, ExecutionException, InterruptedException, TimeoutException {
+    // TODO(developer): Replace these variables before running the sample.
+    // ID or number of the Google Cloud project you want to use.
+    String projectId = "your-google-cloud-project-id";
+
+    // Specify the name of the Deny policy you want to retrieve.
+    String policyName = "deny-policy-name";
+
+    createDenyPolicy(projectId, policyName);
+  }
+
+  public static void createDenyPolicy(String projectId, String policyName)
+      throws IOException, ExecutionException, InterruptedException, TimeoutException {
+
+    try (PoliciesClient policiesClient = PoliciesClient.create()) {
+      String attachmentPoint =
+          String.format("cloudresourcemanager.googleapis.com/projects/%s", projectId)
+              .replaceAll("/", "%2F");
+
+      String policyParent = String.format(
+          "policies/%s/denypolicies", attachmentPoint);
+
+      Policy policy = Policy.newBuilder()
+          .setName(policyName)
+          .setDisplayName("something")
+          .addRules(PolicyRule.newBuilder()
+              .setDescription(
+                  "block all principals from deleting projects, unless the principal is a member of [email protected] and the project being deleted has a tag with the value test")
+              .setDenyRule(DenyRule.newBuilder()
+                  .addDeniedPrincipals("principalSet://goog/public:all")
+                  .addExceptionPrincipals("principalSet://goog/group/[email protected]")
+                  .addDeniedPermissions("cloudresourcemanager.googleapis.com/projects.delete")
+                  .addExceptionPermissions("iam.googleapis.com/roles.list")
+                  .setDenialCondition(Expr.newBuilder()
+                      .setExpression("!resource.matchTag('12345678/env', 'test')")
+                      .setTitle("Only for non-test projects")
+                      .build())
+                  .build())
+              .build())
+          .build();
+
+      CreatePolicyRequest createPolicyRequest = CreatePolicyRequest.newBuilder()
+          .setParent(policyParent)
+          .setPolicy(policy)
+          .setPolicyId("deny-" + UUID.randomUUID())
+          .build();
+
+      Policy response = policiesClient.createPolicyAsync(createPolicyRequest)
+          .get(3, TimeUnit.MINUTES);
+      System.out.println(response.getName());
+    }
+  }
+}
diff --git a/samples/cloud-client/snippets/src/main/java/DeleteDenyPolicy.java b/samples/cloud-client/snippets/src/main/java/DeleteDenyPolicy.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import com.google.iam.v2beta.DeletePolicyRequest;
+import com.google.iam.v2beta.PoliciesClient;
+import com.google.iam.v2beta.Policy;
+import java.io.IOException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+public class DeleteDenyPolicy {
+
+  public static void main(String[] args)
+      throws IOException, InterruptedException, ExecutionException, TimeoutException {
+    // TODO(developer): Replace these variables before running the sample.
+
+    // ID or number of the Google Cloud project you want to use.
+    String projectId = "your-google-cloud-project-id";
+
+    // Specify the name of the Deny policy you want to delete.
+    String policyName = "deny-policy-name";
+
+    deleteDenyPolicy(projectId, policyName);
+  }
+
+  public static void deleteDenyPolicy(String projectId, String policyName)
+      throws IOException, InterruptedException, ExecutionException, TimeoutException {
+    try (PoliciesClient policiesClient = PoliciesClient.create()) {
+
+      String attachmentPoint =
+          String.format("cloudresourcemanager.googleapis.com/projects/%s", projectId)
+              .replaceAll("/", "%2F");
+
+      String policyParent = String.format(
+          "policies/%s/denypolicies/%s", attachmentPoint, policyName);
+
+      DeletePolicyRequest deletePolicyRequest = DeletePolicyRequest.newBuilder()
+          .setName(policyParent)
+          .build();
+
+      Policy policy = policiesClient.deletePolicyAsync(deletePolicyRequest)
+          .get(3, TimeUnit.MINUTES);
+      System.out.println(policy.getName());
+    }
+  }
+}
diff --git a/samples/cloud-client/snippets/src/main/java/GetDenyPolicy.java b/samples/cloud-client/snippets/src/main/java/GetDenyPolicy.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import com.google.iam.v2beta.GetPolicyRequest;
+import com.google.iam.v2beta.PoliciesClient;
+import com.google.iam.v2beta.Policy;
+import java.io.IOException;
+
+public class GetDenyPolicy {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(developer): Replace these variables before running the sample.
+
+    // ID or number of the Google Cloud project you want to use.
+    String projectId = "your-google-cloud-project-id";
+
+    // Specify the name of the Deny policy you want to retrieve.
+    String policyName = "deny-policy-name";
+
+    getDenyPolicy(projectId, policyName);
+  }
+
+
+  // Retrieve the Deny policy given the project id and policy name.
+  public static void getDenyPolicy(String projectId, String policyName) throws IOException {
+    // Create the IAM Policies client.
+    try (PoliciesClient policiesClient = PoliciesClient.create()) {
+
+      String attachmentPoint =
+          String.format("cloudresourcemanager.googleapis.com/projects/%s", projectId)
+              .replaceAll("/", "%2F");
+
+      String policyParent = String.format(
+          "policies/%s/denypolicies/%s", attachmentPoint, policyName);
+
+      // Specify the policyParent and execute the Policy Get request.
+      GetPolicyRequest getPolicyRequest = GetPolicyRequest.newBuilder()
+          .setName(policyParent)
+          .build();
+
+      Policy policy = policiesClient.getPolicy(getPolicyRequest);
+      System.out.println(policy.getName());
+    }
+  }
+
+}
diff --git a/samples/cloud-client/snippets/src/main/java/ListDenyPolicies.java b/samples/cloud-client/snippets/src/main/java/ListDenyPolicies.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import com.google.iam.v2beta.PoliciesClient;
+import com.google.iam.v2beta.Policy;
+import java.io.IOException;
+
+public class ListDenyPolicies {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(developer): Replace these variables before running the sample.
+    // ID or number of the Google Cloud project you want to use.
+    String projectId = "your-google-cloud-project-id";
+
+    listDenyPolicies(projectId);
+  }
+
+  public static void listDenyPolicies(String projectId) throws IOException {
+    // Initialize the IAM service.
+    try (PoliciesClient policiesClient = PoliciesClient.create()) {
+      String attachmentPoint =
+          String.format("cloudresourcemanager.googleapis.com/projects/%s", projectId)
+              .replaceAll("/", "%2F");
+
+      String policyParent = String.format(
+          "policies/%s/denypolicies", attachmentPoint);
+
+      for (Policy policy : policiesClient.listPolicies(policyParent).iterateAll()) {
+        System.out.println(policy.getName());
+      }
+    }
+  }
+}
diff --git a/samples/cloud-client/snippets/src/main/java/UpdateDenyPolicy.java b/samples/cloud-client/snippets/src/main/java/UpdateDenyPolicy.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import com.google.iam.v2beta.DenyRule;
+import com.google.iam.v2beta.PoliciesClient;
+import com.google.iam.v2beta.Policy;
+import com.google.iam.v2beta.PolicyRule;
+import com.google.iam.v2beta.UpdatePolicyRequest;
+import com.google.type.Expr;
+import java.io.IOException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+public class UpdateDenyPolicy {
+
+  public static void main(String[] args)
+      throws IOException, ExecutionException, InterruptedException, TimeoutException {
+    // TODO(developer): Replace these variables before running the sample.
+
+    // ID or number of the Google Cloud project you want to use.
+    String projectId = "your-google-cloud-project-id";
+
+    // Specify the name of the Deny policy you want to retrieve.
+    String policyName = "deny-policy-name";
+
+    updateDenyPolicy(projectId, policyName);
+  }
+
+  public static void updateDenyPolicy(String projectId, String policyName)
+      throws IOException, ExecutionException, InterruptedException, TimeoutException {
+
+    try (PoliciesClient policiesClient = PoliciesClient.create()) {
+
+      String attachmentPoint =
+          String.format("cloudresourcemanager.googleapis.com/projects/%s", projectId)
+              .replaceAll("/", "%2F");
+
+      String policyParent = String.format(
+          "policies/%s/denypolicies/%s", attachmentPoint, policyName);
+
+      Policy policy = Policy.newBuilder()
+          .setName(policyParent)
+          .addRules(PolicyRule.newBuilder()
+              .setDescription(
+                  "block all principals from deleting projects, unless the principal is a member of [email protected] and the project being deleted has a tag with the value test")
+              .setDenyRule(DenyRule.newBuilder()
+                  .addDeniedPrincipals("principalSet://goog/public:all")
+                  .addExceptionPrincipals("principalSet://goog/group/[email protected]")
+                  .addDeniedPermissions("cloudresourcemanager.googleapis.com/projects.delete")
+                  .addExceptionPermissions("iam.googleapis.com/roles.list")
+                  .setDenialCondition(Expr.newBuilder()
+                      .setExpression("!resource.matchTag('12345678/env', 'prod')")
+                      .setTitle("Only for non-test projects")
+                      .build())
+                  .build())
+              .build())
+          .build();
+
+      UpdatePolicyRequest updatePolicyRequest = UpdatePolicyRequest.newBuilder()
+          .setPolicy(policy)
+          .build();
+
+      Policy response = policiesClient.updatePolicyAsync(updatePolicyRequest)
+          .get(3, TimeUnit.MINUTES);
+      System.out.println(response.getName());
+    }
+  }
+}