diff --git a/iam/cloud-client/snippets/iam_modify_policy_add_role.py b/iam/cloud-client/snippets/iam_modify_policy_add_role.py index 03f31f63a386..4d7bfc4a62c7 100644 --- a/iam/cloud-client/snippets/iam_modify_policy_add_role.py +++ b/iam/cloud-client/snippets/iam_modify_policy_add_role.py @@ -14,10 +14,10 @@ # [START iam_modify_policy_add_role] -def modify_policy_add_role(policy: dict, role: str, member: str) -> dict: +def modify_policy_add_role(policy: dict, role: str, principal: str) -> dict: """Adds a new role binding to a policy.""" - binding = {"role": role, "members": [member]} + binding = {"role": role, "members": [principal]} policy["bindings"].append(binding) print(policy) return policy diff --git a/iam/cloud-client/snippets/modify_policy_add_member.py b/iam/cloud-client/snippets/modify_policy_add_member.py index 8659385a27c0..f79ec5f9cd3d 100644 --- a/iam/cloud-client/snippets/modify_policy_add_member.py +++ b/iam/cloud-client/snippets/modify_policy_add_member.py @@ -22,20 +22,13 @@ def modify_policy_add_member( project_id: str, role: str, member: str ) -> policy_pb2.Policy: """ - Add a member to certain role in project policy. + Add a principal to certain role in project policy. project_id: ID or number of the Google Cloud project you want to use. - role: role to which member need to be added. - member: The principals requesting access. - - Possible format for member: - * user:{emailid} - * serviceAccount:{emailid} - * group:{emailid} - * deleted:user:{emailid}?uid={uniqueid} - * deleted:serviceAccount:{emailid}?uid={uniqueid} - * deleted:group:{emailid}?uid={uniqueid} - * domain:{domain} + role: role to which principal need to be added. + member: The principal requesting access. + + For principal ID formats, see https://cloud.google.com/iam/docs/principal-identifiers """ policy = get_project_policy(project_id) diff --git a/iam/cloud-client/snippets/modify_policy_remove_member.py b/iam/cloud-client/snippets/modify_policy_remove_member.py index ef62ece38c08..b35fdaacf51a 100644 --- a/iam/cloud-client/snippets/modify_policy_remove_member.py +++ b/iam/cloud-client/snippets/modify_policy_remove_member.py @@ -22,20 +22,13 @@ def modify_policy_remove_member( project_id: str, role: str, member: str ) -> policy_pb2.Policy: """ - Remove a member from certain role in project policy. + Remove a principal from certain role in project policy. project_id: ID or number of the Google Cloud project you want to use. - role: role to which member need to be added. - member: The principals requesting access. - - Possible format for member: - * user:{emailid} - * serviceAccount:{emailid} - * group:{emailid} - * deleted:user:{emailid}?uid={uniqueid} - * deleted:serviceAccount:{emailid}?uid={uniqueid} - * deleted:group:{emailid}?uid={uniqueid} - * domain:{domain} + role: role to revoke. + member: The principal to revoke access from. + + For principal ID formats, see https://cloud.google.com/iam/docs/principal-identifiers """ policy = get_project_policy(project_id) diff --git a/iam/cloud-client/snippets/quickstart.py b/iam/cloud-client/snippets/quickstart.py index 4f9cfd697cbc..04ab9d2f4f5e 100644 --- a/iam/cloud-client/snippets/quickstart.py +++ b/iam/cloud-client/snippets/quickstart.py @@ -19,20 +19,20 @@ def quickstart(project_id: str, member: str) -> None: - """Gets a policy, adds a member, prints their permissions, and removes the member. + """Gets a policy, adds a principal, prints their permissions, and removes the principal. project_id: ID or number of the Google Cloud project you want to use. - member: The principals requesting the access. + member: The principal requesting the access. """ # Role to be granted. role = "roles/logging.logWriter" crm_service = resourcemanager_v3.ProjectsClient() - # Grants your member the 'Log Writer' role for the project. + # Grants your principal the 'Log Writer' role for the project. modify_policy_add_role(crm_service, project_id, role, member) - # Gets the project's policy and prints all members with the 'Log Writer' role. + # Gets the project's policy and prints all principals with the 'Log Writer' role. policy = get_policy(crm_service, project_id) binding = next(b for b in policy.bindings if b.role == role) print(f"Role: {(binding.role)}") @@ -40,7 +40,7 @@ def quickstart(project_id: str, member: str) -> None: for m in binding.members: print(f"[{m}]") - # Removes the member from the 'Log Writer' role. + # Removes the principal from the 'Log Writer' role. modify_policy_remove_member(crm_service, project_id, role, member) @@ -115,7 +115,8 @@ def modify_policy_remove_member( if __name__ == "__main__": # TODO: replace with your project ID project_id = "your-project-id" - # TODO: Replace with the ID of your member in the form 'user:member@example.com'. - member = "your-member" + # TODO: Replace with the ID of your principal. + # For examples, see https://cloud.google.com/iam/docs/principal-identifiers + member = "your-principal" quickstart(project_id, member) # [END iam_quickstart]