在提供的资源中列出拒绝政策。
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
Go
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Go API 参考文档。
import (
"context"
"fmt"
"io"
iam "cloud.google.com/go/iam/apiv2"
"google.golang.org/api/iterator"
iampb "google.golang.org/genproto/googleapis/iam/v2"
)
// listDenyPolicies lists all the deny policies that are attached to a resource.
// A resource can have up to 5 deny policies.
func listDenyPolicies(w io.Writer, projectID string) error {
// projectID := "your_project_id"
ctx := context.Background()
policiesClient, err := iam.NewPoliciesClient(ctx)
if err != nil {
return fmt.Errorf("NewPoliciesClient: %v", err)
}
defer policiesClient.Close()
// Each deny policy is attached to an organization, folder, or project.
// To work with deny policies, specify the attachment point.
//
// Its format can be one of the following:
// 1. cloudresourcemanager.googleapis.com/organizations/ORG_ID
// 2. cloudresourcemanager.googleapis.com/folders/FOLDER_ID
// 3. cloudresourcemanager.googleapis.com/projects/PROJECT_ID
//
// The attachment point is identified by its URL-encoded resource name. Hence, replace
// the "/" with "%%2F".
attachmentPoint := fmt.Sprintf(
"cloudresourcemanager.googleapis.com%%2Fprojects%%2F%s",
projectID,
)
req := &iampb.ListPoliciesRequest{
// Construct the full path of the resource's deny policies.
// Its format is: "policies/ATTACHMENT_POINT/denypolicies"
Parent: fmt.Sprintf("policies/%s/denypolicies", attachmentPoint),
}
it := policiesClient.ListPolicies(ctx, req)
fmt.Fprintf(w, "Policies found in project %s:\n", projectID)
for {
policy, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
return err
}
fmt.Fprintf(w, "- %s\n", policy.GetName())
}
return nil
}
Java
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Java API 参考文档。
import com.google.iam.v2.PoliciesClient;
import com.google.iam.v2.Policy;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
public class ListDenyPolicies {
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
// ID or number of the Google Cloud project you want to use.
String projectId = "your-google-cloud-project-id";
listDenyPolicies(projectId);
}
// List all the deny policies that are attached to a resource.
// A resource can have up to 5 deny policies.
public static void listDenyPolicies(String projectId) throws IOException {
// Initialize the Policies client.
try (PoliciesClient policiesClient = PoliciesClient.create()) {
// Each deny policy is attached to an organization, folder, or project.
// To work with deny policies, specify the attachment point.
//
// Its format can be one of the following:
// 1. cloudresourcemanager.googleapis.com/organizations/ORG_ID
// 2. cloudresourcemanager.googleapis.com/folders/FOLDER_ID
// 3. cloudresourcemanager.googleapis.com/projects/PROJECT_ID
//
// The attachment point is identified by its URL-encoded resource name.
String urlEncodedResource =
URLEncoder.encode(
"cloudresourcemanager.googleapis.com/projects/", StandardCharsets.UTF_8);
String attachmentPoint = String.format("%s%s", urlEncodedResource, projectId);
// Construct the full path of the resource to which the policy is attached.
// Its format is: "policies/{attachmentPoint}/denypolicies"
String policyParent = String.format("policies/%s/denypolicies", attachmentPoint);
// Create a list request and iterate over the returned policies.
for (Policy policy : policiesClient.listPolicies(policyParent).iterateAll()) {
System.out.println(policy.getName());
}
System.out.println("Listed all deny policies");
}
}
}
Node.js
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Node.js API 参考文档。
/**
* TODO(developer): Uncomment and replace these variables before running the sample.
*/
// const projectId = 'YOUR_PROJECT_ID';
const {PoliciesClient} = require('@google-cloud/iam').v2;
const iamClient = new PoliciesClient();
// Each deny policy is attached to an organization, folder, or project.
// To work with deny policies, specify the attachment point.
//
// Its format can be one of the following:
// 1. cloudresourcemanager.googleapis.com/organizations/ORG_ID
// 2. cloudresourcemanager.googleapis.com/folders/FOLDER_ID
// 3. cloudresourcemanager.googleapis.com/projects/PROJECT_ID
//
// The attachment point is identified by its URL-encoded resource name. Hence, replace
// the "/" with "%2F".
const attachmentPoint = `cloudresourcemanager.googleapis.com%2Fprojects%2F${projectId}`;
async function listDenyPolicies() {
const request = {
parent: `policies/${attachmentPoint}/denypolicies`,
};
const policies = await iamClient.listPoliciesAsync(request);
for await (const policy of policies) {
console.log(`- ${policy.name}`);
}
}
listDenyPolicies();
Python
如需了解如何安装和使用 IAM 客户端库,请参阅 IAM 客户端库。如需了解详情,请参阅 IAM Python API 参考文档。
def list_deny_policy(project_id: str) -> None:
from google.cloud import iam_v2
from google.cloud.iam_v2 import types
"""
List all the deny policies that are attached to a resource.
A resource can have up to 5 deny policies.
project_id: ID or number of the Google Cloud project you want to use.
"""
policies_client = iam_v2.PoliciesClient()
# Each deny policy is attached to an organization, folder, or project.
# To work with deny policies, specify the attachment point.
#
# Its format can be one of the following:
# 1. cloudresourcemanager.googleapis.com/organizations/ORG_ID
# 2. cloudresourcemanager.googleapis.com/folders/FOLDER_ID
# 3. cloudresourcemanager.googleapis.com/projects/PROJECT_ID
#
# The attachment point is identified by its URL-encoded resource name. Hence, replace
# the "/" with "%2F".
attachment_point = f"cloudresourcemanager.googleapis.com%2Fprojects%2F{project_id}"
request = types.ListPoliciesRequest()
# Construct the full path of the resource's deny policies.
# Its format is: "policies/{attachmentPoint}/denypolicies"
request.parent = f"policies/{attachment_point}/denypolicies"
# Create a list request and iterate over the returned policies.
policies = policies_client.list_policies(request=request)
for policy in policies:
print(policy.name)
print("Listed all deny policies")
if __name__ == "__main__":
import uuid
# Your Google Cloud project ID.
project_id = "your-google-cloud-project-id"
# Any unique ID (0 to 63 chars) starting with a lowercase letter.
policy_id = f"deny-{uuid.uuid4()}"
list_deny_policy(project_id)
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。