1# -*- coding: utf-8 -*- #
2# Copyright 2018 Google LLC. All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#    http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16"""Removes an IAM policy binding from a Google Cloud Function."""
17
18from __future__ import absolute_import
19from __future__ import division
20from __future__ import unicode_literals
21
22from googlecloudsdk.api_lib.functions.v1 import util
23from googlecloudsdk.calliope import base
24from googlecloudsdk.command_lib.functions import flags
25from googlecloudsdk.command_lib.iam import iam_util
26
27
28class RemoveIamPolicyBinding(base.Command):
29  """Removes an IAM policy binding from a Google Cloud Function."""
30
31  detailed_help = {
32      'DESCRIPTION': '{description}',
33      'EXAMPLES':
34          """\
35          To remove the iam policy binding for `FUNCTION-1` from role
36          `ROLE-1` for member `MEMBER-1` run:
37
38            $ {command} FUNCTION-1 --member=MEMBER-1 --role=ROLE-1
39          """,
40  }
41
42  @staticmethod
43  def Args(parser):
44    """Register flags for this command."""
45    flags.AddFunctionResourceArg(parser, 'to remove IAM policy binding from')
46    iam_util.AddArgsForRemoveIamPolicyBinding(parser)
47
48  def Run(self, args):
49    """This is what gets called when the user runs this command.
50
51    Args:
52      args: an argparse namespace. All the arguments that were provided to this
53        command invocation.
54
55    Returns:
56      The specified function with its description and configured filter.
57    """
58    client = util.GetApiClientInstance()
59    messages = client.MESSAGES_MODULE
60    function_ref = args.CONCEPTS.name.Parse()
61    policy = client.projects_locations_functions.GetIamPolicy(
62        messages.CloudfunctionsProjectsLocationsFunctionsGetIamPolicyRequest(
63            resource=function_ref.RelativeName()))
64    iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role)
65    return client.projects_locations_functions.SetIamPolicy(
66        messages.CloudfunctionsProjectsLocationsFunctionsSetIamPolicyRequest(
67            resource=function_ref.RelativeName(),
68            setIamPolicyRequest=messages.SetIamPolicyRequest(
69                policy=policy)))
70