HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/lib/googlecloudsdk/api_lib/container/binauthz/
Upload Files
File: //snap/google-cloud-cli/current/lib/googlecloudsdk/api_lib/container/binauthz/iam.py
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""API helpers for interacting with IAM."""

from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals

from googlecloudsdk.api_lib.container.binauthz import apis
from googlecloudsdk.command_lib.iam import iam_util


class Client(object):
  """A client for interacting with IAM."""

  def __init__(self, api_version=None):
    self.client = apis.GetClientInstance(api_version)
    self.messages = apis.GetMessagesModule(api_version)

  def Get(self, any_ref):
    """Gets the IamPolicy associated with a resource."""
    return self.client.projects_policy.GetIamPolicy(
        self.messages.BinaryauthorizationProjectsPolicyGetIamPolicyRequest(
            resource=any_ref.RelativeName(),
            options_requestedPolicyVersion=iam_util
            .MAX_LIBRARY_IAM_SUPPORTED_VERSION))

  def Set(self, any_ref, policy):
    """Sets a resource's IamPolicy to the one provided.

    If 'policy' has no etag specified, this will BLINDLY OVERWRITE the IAM
    policy!

    Args:
        any_ref: A resources.Resource naming the resource.
        policy: A protorpc.Message instance of an IamPolicy object.

    Returns:
        The IAM Policy.
    """
    policy.version = iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
    return self.client.projects_policy.SetIamPolicy(
        self.messages.BinaryauthorizationProjectsPolicySetIamPolicyRequest(
            resource=any_ref.RelativeName(),
            setIamPolicyRequest=self.messages.SetIamPolicyRequest(
                policy=policy,),
        ))

  def AddBinding(self, any_ref, member, role):
    """Does an atomic Read-Modify-Write, adding the member to the role."""
    policy = self.Get(any_ref)
    iam_util.AddBindingToIamPolicy(self.messages.Binding, policy, member, role)
    return self.Set(any_ref, policy)

  def RemoveBinding(self, any_ref, member, role):
    """Does an atomic Read-Modify-Write, removing the member from the role."""
    policy = self.Get(any_ref)
    iam_util.RemoveBindingFromIamPolicy(policy, member, role)
    return self.Set(any_ref, policy)
@ Telegram