import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.healthcare.v1.CloudHealthcare;
import com.google.api.services.healthcare.v1.CloudHealthcare.Projects.Locations.Datasets.FhirStores;
import com.google.api.services.healthcare.v1.CloudHealthcareScopes;
import com.google.api.services.healthcare.v1.model.Binding;
import com.google.api.services.healthcare.v1.model.Policy;
import com.google.api.services.healthcare.v1.model.SetIamPolicyRequest;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
public class FhirStoreSetIamPolicy {
private static final String FHIR_NAME = "projects/%s/locations/%s/datasets/%s/fhirStores/%s";
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
private static final NetHttpTransport HTTP_TRANSPORT = new NetHttpTransport();
public static void fhirStoreSetIamPolicy(String fhirStoreName) throws IOException {
// String fhirStoreName =
// String.format(
// FHIR_NAME, "your-project-id", "your-region-id", "your-dataset-id", "your-fhir-id");
// Initialize the client, which will be used to interact with the service.
CloudHealthcare client = createClient();
// Configure the IAMPolicy to apply to the store.
// For more information on understanding IAM roles, see the following:
// https://cloud.google.com/iam/docs/understanding-roles
Binding binding =
new Binding()
.setRole("roles/healthcare.fhirResourceReader")
.setMembers(Arrays.asList("domain:google.com"));
Policy policy = new Policy().setBindings(Arrays.asList(binding));
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest().setPolicy(policy);
// Create request and configure any parameters.
FhirStores.SetIamPolicy request =
client
.projects()
.locations()
.datasets()
.fhirStores()
.setIamPolicy(fhirStoreName, policyRequest);
// Execute the request and process the results.
Policy updatedPolicy = request.execute();
System.out.println("FHIR policy has been updated: " + updatedPolicy.toPrettyString());
}
private static CloudHealthcare createClient() throws IOException {
// Use Application Default Credentials (ADC) to authenticate the requests
// For more information see https://cloud.google.com/docs/authentication/production
GoogleCredentials credential =
GoogleCredentials.getApplicationDefault()
.createScoped(Collections.singleton(CloudHealthcareScopes.CLOUD_PLATFORM));
// Create a HttpRequestInitializer, which will provide a baseline configuration to all requests.
HttpRequestInitializer requestInitializer =
request -> {
new HttpCredentialsAdapter(credential).initialize(request);
request.setConnectTimeout(60000); // 1 minute connect timeout
request.setReadTimeout(60000); // 1 minute read timeout
};
// Build the client for interacting with the service.
return new CloudHealthcare.Builder(HTTP_TRANSPORT, JSON_FACTORY, requestInitializer)
.setApplicationName("your-application-name")
.build();
}
}
def set_fhir_store_iam_policy(
project_id,
location,
dataset_id,
fhir_store_id,
member,
role,
etag=None,
):
"""Sets the IAM policy for the specified FHIR store.
A single member will be assigned a single role. A member can be any of:
- allUsers, that is, anyone
- allAuthenticatedUsers, anyone authenticated with a Google account
- user:email, as in 'user:somebody@example.com'
- group:email, as in 'group:admins@example.com'
- domain:domainname, as in 'domain:example.com'
- serviceAccount:email,
as in 'serviceAccount:my-other-app@appspot.gserviceaccount.com'
A role can be any IAM role, such as 'roles/viewer', 'roles/owner',
or 'roles/editor'
See https://github.com/GoogleCloudPlatform/python-docs-samples/tree/main/healthcare/api-client/v1/fhir
before running the sample."""
# Imports the Google API Discovery Service.
from googleapiclient import discovery
api_version = "v1"
service_name = "healthcare"
# Instantiates an authorized API client by discovering the Healthcare API
# and using GOOGLE_APPLICATION_CREDENTIALS environment variable.
client = discovery.build(service_name, api_version)
# TODO(developer): Uncomment these lines and replace with your values.
# project_id = 'my-project' # replace with your GCP project ID
# location = 'us-central1' # replace with the parent dataset's location
# dataset_id = 'my-dataset' # replace with the parent dataset's ID
# fhir_store_id = 'my-fhir-store' # replace with the FHIR store ID
# member = 'myemail@example.com' # replace with an authorized member
# role = 'roles/viewer' # replace with a Healthcare API IAM role
fhir_store_parent = "projects/{}/locations/{}/datasets/{}".format(
project_id, location, dataset_id
)
fhir_store_name = "{}/fhirStores/{}".format(fhir_store_parent, fhir_store_id)
policy = {"bindings": [{"role": role, "members": [member]}]}
if etag is not None:
policy["etag"] = etag
request = (
client.projects()
.locations()
.datasets()
.fhirStores()
.setIamPolicy(resource=fhir_store_name, body={"policy": policy})
)
response = request.execute()
print("etag: {}".format(response.get("name")))
print("bindings: {}".format(response.get("bindings")))
return response