import com.google.cloud.datacatalog.v1.DataCatalogClient;
import com.google.cloud.datacatalog.v1.TagTemplateName;
import com.google.iam.v1.Binding;
import com.google.iam.v1.Policy;
import com.google.iam.v1.SetIamPolicyRequest;
import java.io.IOException;
// Sample to grant tag access on template
public class GrantTagTemplateUserRole {
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "my-project";
String tagTemplateId = "my_tag_template";
grantTagTemplateUserRole(projectId, tagTemplateId);
}
public static void grantTagTemplateUserRole(String projectId, String templateId)
throws IOException {
// Currently, Data Catalog stores metadata in the us-central1 region.
String location = "us-central1";
// Format the Template name.
String templateName =
TagTemplateName.newBuilder()
.setProject(projectId)
.setLocation(location)
.setTagTemplate(templateId)
.build()
.toString();
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DataCatalogClient dataCatalogClient = DataCatalogClient.create()) {
// Create a Binding to add the Tag Template User role and member to the policy.
Binding binding =
Binding.newBuilder()
.setRole("roles/datacatalog.tagTemplateUser")
.addMembers("group:example-analyst-group@google.com")
.build();
// Create a Policy object to update Template's IAM policy by adding the new binding.
Policy policyUpdate = Policy.newBuilder().addBindings(binding).build();
SetIamPolicyRequest request =
SetIamPolicyRequest.newBuilder()
.setPolicy(policyUpdate)
.setResource(templateName)
.build();
// Update Template's policy.
dataCatalogClient.setIamPolicy(request);
System.out.println("Role successfully granted");
}
}
}
from google.cloud import datacatalog_v1
from google.iam.v1 import iam_policy_pb2 as iam_policy
from google.iam.v1 import policy_pb2
datacatalog = datacatalog_v1.DataCatalogClient()
# TODO: Set these values before running the sample.
project_id = "project_id"
tag_template_id = "existing_tag_template_id"
# For a full list of values a member can have, see:
# https://cloud.google.com/iam/docs/reference/rest/v1/Policy?hl=en#binding
member_id = "user:super-cool.test-user@gmail.com"
# For all regions available, see:
# https://cloud.google.com/data-catalog/docs/concepts/regions
location = "us-central1"
# Format the Template name.
template_name = datacatalog_v1.DataCatalogClient.tag_template_path(
project_id, location, tag_template_id
)
# Retrieve Template's current IAM Policy.
policy = datacatalog.get_iam_policy(resource=template_name)
# Add Tag Template User role and member to the policy.
binding = policy_pb2.Binding()
binding.role = "roles/datacatalog.tagTemplateUser"
binding.members.append(member_id)
policy.bindings.append(binding)
set_policy_request = iam_policy.SetIamPolicyRequest(
resource=template_name, policy=policy
)
# Update Template's policy.
policy = datacatalog.set_iam_policy(set_policy_request)
for binding in policy.bindings:
for member in binding.members:
print(f"Member: {member}, Role: {binding.role}")
REST 和命令行
REST 和命令行
如果您无法使用针对您的语言的 Cloud 客户端库或者您想要使用 REST 请求来测试 API,请参阅以下示例并参阅 Data Catalog REST API 文档。
在使用任何请求数据之前,请先进行以下替换:
project-id:GCP 项目 ID
template-id:标记模板 ID
HTTP 方法和网址:
POST https://datacatalog.googleapis.com/v1/projects/project-id/locations/us-central1/tagTemplates/template-id:setIamPolicy
