来自Java的Bigquery IAM访问 [英] Bigquery IAM access from java
问题描述
我想向新用户授予来自Java api的bigquery.user访问权限.但是从提供的文档中以某种方式无法完成 .关于API调用的内容并不多.有人可以指出我正确的方向.
I want to grant a new user bigquery.user access from java api. But somehow not able to do from the documentation provided. There is not much with respect to API calls. Can someone point me at the right direction.
到目前为止,我正在使用以下代码:
I am using the below code as of now :
package com.infy.entitlement;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.api.services.iam.v1.model.Binding;
import com.google.api.services.iam.v1.model.Policy;
import com.google.api.services.iam.v1.model.SetIamPolicyRequest;
final HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
final GoogleCredential credential = GoogleCredential
.getApplicationDefault(httpTransport, jsonFactory)
.createScoped(IamScopes.all());
final Iam iam = new Iam.Builder(
httpTransport, jsonFactory, credential)
.setApplicationName("SS")
.build();
String[] myViewers = new String[] {"user:testviewer1@gmail.com",
"user:testviewer2@gmail.com"};
String targetRole = "projects/***/roles/bigquery.users";
Policy policy = iam.projects().serviceAccounts().getIamPolicy("projects/***/serviceAccounts/****").execute();
Binding targetBinding = null;
List<Binding> bindings = new ArrayList<Binding>();
if(policy.getBindings() != null){
bindings = policy.getBindings();
}
if(bindings != null){
for (Binding binding : bindings) {
if (binding.getRole().equals(targetRole)) {
targetBinding = binding;
break;
}
}
}
if (targetBinding == null) {
targetBinding = new Binding();
targetBinding.setMembers(Arrays.asList(myViewers));
targetBinding.setRole(targetRole);
bindings.add(targetBinding);
}
policy.setBindings(bindings);
iam.projects().serviceAccounts().setIamPolicy("projects/****/serviceAccounts/******", SetIamPolicyRequest.class.newInstance().setPolicy(policy)).execute();
System.out.println(targetBinding.getRole());
}
}
执行后,我得到以下错误: 线程主"中的com.google.api.client.googleapis.json.GoogleJsonResponseException异常:400错误的请求 { 代码":400, 错误":[{ "domain":"global", "message":角色(项目/dazzling-byway-184414/roles/bigquery.users)在资源的层次结构中不存在.", "reason":"badRequest" }], "message":角色(项目/dazzling-byway-184414/roles/bigquery.users)在资源的层次结构中不存在.", 状态":"INVALID_ARGUMENT" }
After executing i am getting the below error: Exception in thread "main" com.google.api.client.googleapis.json.GoogleJsonResponseException: 400 Bad Request { "code" : 400, "errors" : [ { "domain" : "global", "message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.", "reason" : "badRequest" } ], "message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.", "status" : "INVALID_ARGUMENT" }
传递请求是否有特定格式?
Is there any particular format of passing the request?
推荐答案
我同意小霞的评论,即您应该尝试使用"bigquery.user"作为目标角色.
I agree with the comment left by Xiaoxia that you should try using "bigquery.user" as the target role.
要回答有关在Java API上查找有关IAM访问的更多文档的其他问题,请查看
To answer your other question on finding more documentation on the Java API for IAM access, I would look at this link for getting the IAM policy, and this link for setting the IAM policy. Near the top in the example Java code, you will find instructions in setting up your environment for using the Java API for IAM access. The example Java code also serves as a reference for what you want to do.
这篇关于来自Java的Bigquery IAM访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
