Before you begin
Create a Google Cloud project
For this quickstart, you need a new Google Cloud project.
-
Sign in to your Google Account.
If you don't already have one, sign up for a new account.
-
In the Google Cloud Console, on the project selector page, click Create to begin creating a new Google Cloud project.
- Enable the Resource Manager API.
-
Set up authentication:
-
In the Cloud Console, go to the Create service account key page.
Go to the Create Service Account Key page - From the Service account list, select New service account.
- In the Service account name field, enter a name.
From the Role list, select Project > Owner.
- Click Create. A JSON file that contains your key downloads to your computer.
-
-
Set the environment variable
GOOGLE_APPLICATION_CREDENTIALS
to the path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.
Install the client library
C#
For more on setting up your C# development environment, refer to the C# Development Environment Setup Guide.
install-package Google.Apis.Iam.v1 install-package Google.Apis.CloudResourceManager.v1
Go
go get -u golang.org/x/oauth2/google go get -u google.golang.org/api/cloudresourcemanager/v1
Java
For more on setting up your Java development environment, refer to the Java Development Environment Setup Guide.
If you are using Maven, add this to yourpom.xml
file.
Python
For more on setting up your Python development environment, refer to the Python Development Environment Setup Guide.
pip install --upgrade google-api-python-client google-auth google-auth-httplib2
Read, modify, and write an IAM policy
The code snippet in this quickstart does the following:
- Initializes the Resource Manager service, which manages Google Cloud projects.
- Reads the IAM policy for your project.
- Modifies the IAM policy by granting the Log Writer role
(
roles/logging.logWriter
) to your Google Account. - Writes the updated IAM policy.
- Prints all the members in your project that have the Log Writer role
(
roles/logging.logWriter
). - Revokes the Log Writer role.
Replace the following values before running the code snippet:
your-project
: The ID of your project.your-member
: The email address for your Google Account, with the prefixuser:
. For example,user:tanya@example.com
.
C#
For more information, see the Resource Manager C# API reference documentation.
Go
For more information, see the Resource Manager Go API reference documentation.
Java
For more information, see the Resource Manager Java API reference documentation.
Python
For more information, see the Resource Manager Python API reference documentation.
Congratulations! You used the IAM methods in the Resource Manager API to modify access for a project.
How did it go?
Clean up
- Use the Cloud Console to delete your project if you do not need it.
What's next
- Read about how IAM works.
- Learn more about granting, changing, and revoking access.
- Troubleshoot access issues with the Policy Troubleshooter.