1

我想从 java api 授予新用户 bigquery.user 访问权限。但不知何故无法从提供的文档中做到。关于 API 调用的内容不多。有人可以指出我正确的方向。

到目前为止,我正在使用以下代码:

package com.infy.entitlement;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.api.services.iam.v1.model.Binding;
import com.google.api.services.iam.v1.model.Policy;
import com.google.api.services.iam.v1.model.SetIamPolicyRequest;




        final HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
            final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
            final GoogleCredential credential = GoogleCredential
                    .getApplicationDefault(httpTransport, jsonFactory)
                    .createScoped(IamScopes.all());

            final Iam iam = new Iam.Builder(
                    httpTransport, jsonFactory, credential)
                    .setApplicationName("SS")
                    .build();

            String[] myViewers = new String[] {"user:testviewer1@gmail.com",
            "user:testviewer2@gmail.com"};

            String targetRole = "projects/***/roles/bigquery.users";

            Policy policy = iam.projects().serviceAccounts().getIamPolicy("projects/***/serviceAccounts/****").execute();

            Binding targetBinding = null;

            List<Binding> bindings = new ArrayList<Binding>();

            if(policy.getBindings() != null){
                bindings = policy.getBindings();
            }


            if(bindings != null){
                for (Binding binding : bindings) {
                    if (binding.getRole().equals(targetRole)) {
                        targetBinding = binding;
                        break;
                    }
                }
            }

            if (targetBinding == null) {
                targetBinding = new Binding();
                targetBinding.setMembers(Arrays.asList(myViewers));
                targetBinding.setRole(targetRole);
                bindings.add(targetBinding);

            }

            policy.setBindings(bindings);

            iam.projects().serviceAccounts().setIamPolicy("projects/****/serviceAccounts/******", SetIamPolicyRequest.class.newInstance().setPolicy(policy)).execute();

            System.out.println(targetBinding.getRole());
        }
    }

执行后我收到以下错误:线程“main”com.google.api.client.googleapis.json.GoogleJsonResponseException:400 Bad Request {“code”:400,“errors”:[{“domain”:“ global", "message" : "资源层次结构中不存在角色 (projects/dazzling-byway-184414/roles/bigquery.users)。", "reason" : "badRequest" } ], "message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) 在资源的层次结构中不存在。", "status" : "INVALID_ARGUMENT" }

是否有任何特定的传递请求格式?

4

1 回答 1

2

我同意小夏留下的评论,您应该尝试使用“bigquery.user”作为目标角色。

要回答有关查找有关 IAM 访问的 Java API 的更多文档的其他问题,我将查看此链接以获取 IAM 策略,以及此链接以设置 IAM 策略。在示例 Java 代码的顶部附近,您将找到有关设置环境以使用 Java API 进行 IAM 访问的说明。示例 Java 代码还可以作为您想要执行的操作的参考。

于 2018-06-15T15:07:32.177 回答