Configura la política de control de acceso de un recurso.
Páginas de documentación que incluyen esta muestra de código
Para ver la muestra de código usada en contexto, consulta la siguiente documentación:
Muestra de código
Go
import (
"context"
"fmt"
"io"
healthcare "google.golang.org/api/healthcare/v1"
)
// setDatasetIAMPolicy sets an IAM policy for the dataset.
func setDatasetIAMPolicy(w io.Writer, projectID, location, datasetID string) error {
ctx := context.Background()
healthcareService, err := healthcare.NewService(ctx)
if err != nil {
return fmt.Errorf("healthcare.NewService: %v", err)
}
datasetsService := healthcareService.Projects.Locations.Datasets
name := fmt.Sprintf("projects/%s/locations/%s/datasets/%s", projectID, location, datasetID)
policy, err := datasetsService.GetIamPolicy(name).Do()
if err != nil {
return fmt.Errorf("GetIamPolicy: %v", err)
}
policy.Bindings = append(policy.Bindings, &healthcare.Binding{
Members: []string{"user:example@example.com"},
Role: "roles/viewer",
})
req := &healthcare.SetIamPolicyRequest{
Policy: policy,
}
policy, err = datasetsService.SetIamPolicy(name, req).Do()
if err != nil {
return fmt.Errorf("SetIamPolicy: %v", err)
}
fmt.Fprintf(w, "IAM Policy etag: %v", policy.Etag)
return nil
}
Java
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.healthcare.v1.CloudHealthcare;
import com.google.api.services.healthcare.v1.CloudHealthcare.Projects.Locations.Datasets;
import com.google.api.services.healthcare.v1.CloudHealthcareScopes;
import com.google.api.services.healthcare.v1.model.Binding;
import com.google.api.services.healthcare.v1.model.Policy;
import com.google.api.services.healthcare.v1.model.SetIamPolicyRequest;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
public class DatasetSetIamPolicy {
private static final String DATASET_NAME = "projects/%s/locations/%s/datasets/%s";
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
private static final NetHttpTransport HTTP_TRANSPORT = new NetHttpTransport();
public static void datasetSetIamPolicy(String datasetName) throws IOException {
// String datasetName =
// String.format(DATASET_NAME, "your-project-id", "your-region-id", "your-dataset-id");
// Initialize the client, which will be used to interact with the service.
CloudHealthcare client = createClient();
// Configure the IAMPolicy to apply to the dataset.
// For more information on understanding IAM roles, see the following:
// https://cloud.google.com/iam/docs/understanding-roles
Binding binding =
new Binding()
.setRole("roles/healthcare.datasetViewer")
.setMembers(Arrays.asList("domain:google.com"));
Policy policy = new Policy().setBindings(Arrays.asList(binding));
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest().setPolicy(policy);
// Create request and configure any parameters.
Datasets.SetIamPolicy request =
client.projects().locations().datasets().setIamPolicy(datasetName, policyRequest);
// Execute the request and process the results.
Policy updatedPolicy = request.execute();
System.out.println("Dataset policy has been updated: " + updatedPolicy.toPrettyString());
}
private static CloudHealthcare createClient() throws IOException {
// Use Application Default Credentials (ADC) to authenticate the requests
// For more information see https://cloud.google.com/docs/authentication/production
GoogleCredentials credential =
GoogleCredentials.getApplicationDefault()
.createScoped(Collections.singleton(CloudHealthcareScopes.CLOUD_PLATFORM));
// Create a HttpRequestInitializer, which will provide a baseline configuration to all requests.
HttpRequestInitializer requestInitializer =
request -> {
new HttpCredentialsAdapter(credential).initialize(request);
request.setConnectTimeout(60000); // 1 minute connect timeout
request.setReadTimeout(60000); // 1 minute read timeout
};
// Build the client for interacting with the service.
return new CloudHealthcare.Builder(HTTP_TRANSPORT, JSON_FACTORY, requestInitializer)
.setApplicationName("your-application-name")
.build();
}
}Node.js
const google = require('@googleapis/healthcare');
const healthcare = google.healthcare({
version: 'v1',
auth: new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/cloud-platform'],
}),
});
const setDatasetIamPolicy = async () => {
// TODO(developer): uncomment these lines before running the sample
// const cloudRegion = 'us-central1';
// const projectId = 'adjective-noun-123';
// const datasetId = 'my-dataset';
// const member = 'user:example@gmail.com';
// const role = 'roles/healthcare.datasetViewer';
const resource_ = `projects/${projectId}/locations/${cloudRegion}/datasets/${datasetId}`;
const request = {
resource_,
resource: {
policy: {
bindings: [
{
members: member,
role: role,
},
],
},
},
};
const dataset = await healthcare.projects.locations.datasets.setIamPolicy(
request
);
console.log(
'Set dataset IAM policy:',
JSON.stringify(dataset.data, null, 2)
);
};
setDatasetIamPolicy();Python
def set_dataset_iam_policy(project_id, location, dataset_id, member, role, etag=None):
"""Sets the IAM policy for the specified dataset.
A single member will be assigned a single role. A member can be any of:
- allUsers, that is, anyone
- allAuthenticatedUsers, anyone authenticated with a Google account
- user:email, as in 'user:somebody@example.com'
- group:email, as in 'group:admins@example.com'
- domain:domainname, as in 'domain:example.com'
- serviceAccount:email,
as in 'serviceAccount:my-other-app@appspot.gserviceaccount.com'
A role can be any IAM role, such as 'roles/viewer', 'roles/owner',
or 'roles/editor'
See https://github.com/GoogleCloudPlatform/python-docs-samples/tree/master/healthcare/api-client/v1/datasets
before running the sample.
"""
# Imports the Google API Discovery Service.
from googleapiclient import discovery
api_version = "v1"
service_name = "healthcare"
# Returns an authorized API client by discovering the Healthcare API
# and using GOOGLE_APPLICATION_CREDENTIALS environment variable.
client = discovery.build(service_name, api_version)
# TODO(developer): Uncomment these lines and replace with your values.
# project_id = 'my-project' # replace with your GCP project ID
# location = 'us-central1' # replace with the dataset's location
# dataset_id = 'my-dataset' # replace with your dataset ID
dataset_name = "projects/{}/locations/{}/datasets/{}".format(
project_id, location, dataset_id
)
policy = {"bindings": [{"role": role, "members": [member]}]}
if etag is not None:
policy["etag"] = etag
request = (
client.projects()
.locations()
.datasets()
.setIamPolicy(resource=dataset_name, body={"policy": policy})
)
response = request.execute()
print("etag: {}".format(response.get("name")))
print("bindings: {}".format(response.get("bindings")))
return response
¿Qué sigue?
Para buscar y filtrar muestras de código para otros productos de Google Cloud, consulta el navegador de muestra de Google Cloud.