来自 java 的 Bigquery IAM 访问
Bigquery IAM access from java
我想授予来自 java api 的新用户 bigquery.user 访问权限。但是不知何故不能从documentation provided开始做。关于 API 调用的内容并不多。谁能给我指出正确的方向。
我目前正在使用以下代码:
package com.infy.entitlement;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.api.services.iam.v1.model.Binding;
import com.google.api.services.iam.v1.model.Policy;
import com.google.api.services.iam.v1.model.SetIamPolicyRequest;
final HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
final GoogleCredential credential = GoogleCredential
.getApplicationDefault(httpTransport, jsonFactory)
.createScoped(IamScopes.all());
final Iam iam = new Iam.Builder(
httpTransport, jsonFactory, credential)
.setApplicationName("SS")
.build();
String[] myViewers = new String[] {"user:testviewer1@gmail.com",
"user:testviewer2@gmail.com"};
String targetRole = "projects/***/roles/bigquery.users";
Policy policy = iam.projects().serviceAccounts().getIamPolicy("projects/***/serviceAccounts/****").execute();
Binding targetBinding = null;
List<Binding> bindings = new ArrayList<Binding>();
if(policy.getBindings() != null){
bindings = policy.getBindings();
}
if(bindings != null){
for (Binding binding : bindings) {
if (binding.getRole().equals(targetRole)) {
targetBinding = binding;
break;
}
}
}
if (targetBinding == null) {
targetBinding = new Binding();
targetBinding.setMembers(Arrays.asList(myViewers));
targetBinding.setRole(targetRole);
bindings.add(targetBinding);
}
policy.setBindings(bindings);
iam.projects().serviceAccounts().setIamPolicy("projects/****/serviceAccounts/******", SetIamPolicyRequest.class.newInstance().setPolicy(policy)).execute();
System.out.println(targetBinding.getRole());
}
}
执行后出现以下错误:
线程 "main" com.google.api.client.googleapis.json.GoogleJsonResponseException 中的异常:400 错误请求
{
"code" : 400,
"errors":[{
"domain" : "global",
"message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.",
"reason" : "badRequest"
} ],
"message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.",
"status" : "INVALID_ARGUMENT"
}
是否有特定的传递请求格式?
我想授予来自 java api 的新用户 bigquery.user 访问权限。但是不知何故不能从documentation provided开始做。关于 API 调用的内容并不多。谁能给我指出正确的方向。
我目前正在使用以下代码:
package com.infy.entitlement;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.api.services.iam.v1.model.Binding;
import com.google.api.services.iam.v1.model.Policy;
import com.google.api.services.iam.v1.model.SetIamPolicyRequest;
final HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
final GoogleCredential credential = GoogleCredential
.getApplicationDefault(httpTransport, jsonFactory)
.createScoped(IamScopes.all());
final Iam iam = new Iam.Builder(
httpTransport, jsonFactory, credential)
.setApplicationName("SS")
.build();
String[] myViewers = new String[] {"user:testviewer1@gmail.com",
"user:testviewer2@gmail.com"};
String targetRole = "projects/***/roles/bigquery.users";
Policy policy = iam.projects().serviceAccounts().getIamPolicy("projects/***/serviceAccounts/****").execute();
Binding targetBinding = null;
List<Binding> bindings = new ArrayList<Binding>();
if(policy.getBindings() != null){
bindings = policy.getBindings();
}
if(bindings != null){
for (Binding binding : bindings) {
if (binding.getRole().equals(targetRole)) {
targetBinding = binding;
break;
}
}
}
if (targetBinding == null) {
targetBinding = new Binding();
targetBinding.setMembers(Arrays.asList(myViewers));
targetBinding.setRole(targetRole);
bindings.add(targetBinding);
}
policy.setBindings(bindings);
iam.projects().serviceAccounts().setIamPolicy("projects/****/serviceAccounts/******", SetIamPolicyRequest.class.newInstance().setPolicy(policy)).execute();
System.out.println(targetBinding.getRole());
}
}
执行后出现以下错误: 线程 "main" com.google.api.client.googleapis.json.GoogleJsonResponseException 中的异常:400 错误请求 { "code" : 400, "errors":[{ "domain" : "global", "message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.", "reason" : "badRequest" } ], "message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.", "status" : "INVALID_ARGUMENT" }
是否有特定的传递请求格式?