设置 FHIR 存储区的访问权限控制政策。
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
Go
在试用此示例之前,请按照使用客户端库的 Cloud Healthcare API 快速入门中的 Go 设置说明进行操作。如需了解详情,请参阅 Cloud Healthcare API Go API 参考文档。
如需向 Cloud Healthcare API 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
healthcare "google.golang.org/api/healthcare/v1"
)
// setFHIRIAMPolicy sets the FHIR store's IAM policy.
func setFHIRIAMPolicy(w io.Writer, projectID, location, datasetID, fhirStoreID string) error {
ctx := context.Background()
healthcareService, err := healthcare.NewService(ctx)
if err != nil {
return fmt.Errorf("healthcare.NewService: %w", err)
}
fhirService := healthcareService.Projects.Locations.Datasets.FhirStores
name := fmt.Sprintf("projects/%s/locations/%s/datasets/%s/fhirStores/%s", projectID, location, datasetID, fhirStoreID)
policy, err := fhirService.GetIamPolicy(name).Do()
if err != nil {
return fmt.Errorf("GetIamPolicy: %w", err)
}
policy.Bindings = append(policy.Bindings, &healthcare.Binding{
Members: []string{"user:example@example.com"},
Role: "roles/viewer",
})
req := &healthcare.SetIamPolicyRequest{
Policy: policy,
}
policy, err = fhirService.SetIamPolicy(name, req).Do()
if err != nil {
return fmt.Errorf("SetIamPolicy: %w", err)
}
fmt.Fprintf(w, "IAM Policy version: %v\n", policy.Version)
return nil
}
Java
在试用此示例之前,请按照使用客户端库的 Cloud Healthcare API 快速入门中的 Java 设置说明进行操作。如需了解详情,请参阅 Cloud Healthcare API Java API 参考文档。
如需向 Cloud Healthcare API 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.services.healthcare.v1.CloudHealthcare;
import com.google.api.services.healthcare.v1.CloudHealthcare.Projects.Locations.Datasets.FhirStores;
import com.google.api.services.healthcare.v1.CloudHealthcareScopes;
import com.google.api.services.healthcare.v1.model.Binding;
import com.google.api.services.healthcare.v1.model.Policy;
import com.google.api.services.healthcare.v1.model.SetIamPolicyRequest;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
public class FhirStoreSetIamPolicy {
private static final String FHIR_NAME = "projects/%s/locations/%s/datasets/%s/fhirStores/%s";
private static final JsonFactory JSON_FACTORY = new GsonFactory();
private static final NetHttpTransport HTTP_TRANSPORT = new NetHttpTransport();
public static void fhirStoreSetIamPolicy(String fhirStoreName) throws IOException {
// String fhirStoreName =
// String.format(
// FHIR_NAME, "your-project-id", "your-region-id", "your-dataset-id", "your-fhir-id");
// Initialize the client, which will be used to interact with the service.
CloudHealthcare client = createClient();
// Configure the IAMPolicy to apply to the store.
// For more information on understanding IAM roles, see the following:
// https://cloud.google.com/iam/docs/understanding-roles
Binding binding =
new Binding()
.setRole("roles/healthcare.fhirResourceReader")
.setMembers(Arrays.asList("domain:google.com"));
Policy policy = new Policy().setBindings(Arrays.asList(binding));
SetIamPolicyRequest policyRequest = new SetIamPolicyRequest().setPolicy(policy);
// Create request and configure any parameters.
FhirStores.SetIamPolicy request =
client
.projects()
.locations()
.datasets()
.fhirStores()
.setIamPolicy(fhirStoreName, policyRequest);
// Execute the request and process the results.
Policy updatedPolicy = request.execute();
System.out.println("FHIR policy has been updated: " + updatedPolicy.toPrettyString());
}
private static CloudHealthcare createClient() throws IOException {
// Use Application Default Credentials (ADC) to authenticate the requests
// For more information see https://cloud.google.com/docs/authentication/production
GoogleCredentials credential =
GoogleCredentials.getApplicationDefault()
.createScoped(Collections.singleton(CloudHealthcareScopes.CLOUD_PLATFORM));
// Create a HttpRequestInitializer, which will provide a baseline configuration to all requests.
HttpRequestInitializer requestInitializer =
request -> {
new HttpCredentialsAdapter(credential).initialize(request);
request.setConnectTimeout(60000); // 1 minute connect timeout
request.setReadTimeout(60000); // 1 minute read timeout
};
// Build the client for interacting with the service.
return new CloudHealthcare.Builder(HTTP_TRANSPORT, JSON_FACTORY, requestInitializer)
.setApplicationName("your-application-name")
.build();
}
}
Node.js
在试用此示例之前,请按照使用客户端库的 Cloud Healthcare API 快速入门中的 Node.js 设置说明进行操作。如需了解详情,请参阅 Cloud Healthcare API Node.js API 参考文档。
如需向 Cloud Healthcare API 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
const google = require('@googleapis/healthcare');
const healthcare = google.healthcare({
version: 'v1',
auth: new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/cloud-platform'],
}),
});
const setFhirStoreIamPolicy = async () => {
// TODO(developer): uncomment these lines before running the sample
// const cloudRegion = 'us-central1';
// const projectId = 'adjective-noun-123';
// const datasetId = 'my-dataset';
// const fhirStoreId = 'my-fhir-store';
// const member = 'user:example@gmail.com';
// const role = 'roles/healthcare.fhirStoreViewer';
const resource_ = `projects/${projectId}/locations/${cloudRegion}/datasets/${datasetId}/fhirStores/${fhirStoreId}`;
const request = {
resource_,
resource: {
policy: {
bindings: [
{
members: member,
role: role,
},
],
},
},
};
const fhirStore =
await healthcare.projects.locations.datasets.fhirStores.setIamPolicy(
request
);
console.log(
'Set FHIR store IAM policy:',
JSON.stringify(fhirStore.data, null, 2)
);
};
setFhirStoreIamPolicy();
Python
在试用此示例之前,请按照使用客户端库的 Cloud Healthcare API 快速入门中的 Python 设置说明进行操作。如需了解详情,请参阅 Cloud Healthcare API Python API 参考文档。
如需向 Cloud Healthcare API 进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
def set_fhir_store_iam_policy(
project_id,
location,
dataset_id,
fhir_store_id,
member,
role,
etag=None,
):
"""Sets the IAM policy for the specified FHIR store.
A single member will be assigned a single role. A member can be any of:
- allUsers, that is, anyone
- allAuthenticatedUsers, anyone authenticated with a Google account
- user:email, as in 'user:somebody@example.com'
- group:email, as in 'group:admins@example.com'
- domain:domainname, as in 'domain:example.com'
- serviceAccount:email,
as in 'serviceAccount:my-other-app@appspot.gserviceaccount.com'
A role can be any IAM role, such as 'roles/viewer', 'roles/owner',
or 'roles/editor'
See https://github.com/GoogleCloudPlatform/python-docs-samples/tree/main/healthcare/api-client/v1/fhir
before running the sample."""
# Imports the Google API Discovery Service.
from googleapiclient import discovery
api_version = "v1"
service_name = "healthcare"
# Instantiates an authorized API client by discovering the Healthcare API
# and using GOOGLE_APPLICATION_CREDENTIALS environment variable.
client = discovery.build(service_name, api_version)
# TODO(developer): Uncomment these lines and replace with your values.
# project_id = 'my-project' # replace with your GCP project ID
# location = 'us-central1' # replace with the parent dataset's location
# dataset_id = 'my-dataset' # replace with the parent dataset's ID
# fhir_store_id = 'my-fhir-store' # replace with the FHIR store ID
# member = 'myemail@example.com' # replace with an authorized member
# role = 'roles/viewer' # replace with a Healthcare API IAM role
fhir_store_parent = "projects/{}/locations/{}/datasets/{}".format(
project_id, location, dataset_id
)
fhir_store_name = f"{fhir_store_parent}/fhirStores/{fhir_store_id}"
policy = {"bindings": [{"role": role, "members": [member]}]}
if etag is not None:
policy["etag"] = etag
request = (
client.projects()
.locations()
.datasets()
.fhirStores()
.setIamPolicy(resource=fhir_store_name, body={"policy": policy})
)
response = request.execute()
print("etag: {}".format(response.get("name")))
print("bindings: {}".format(response.get("bindings")))
return response
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。