1# -*- coding: utf-8 -*- # 2# Copyright 2018 Google LLC. All Rights Reserved. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15 16"""Removes an IAM policy binding from a Google Cloud Function.""" 17 18from __future__ import absolute_import 19from __future__ import division 20from __future__ import unicode_literals 21 22from googlecloudsdk.api_lib.functions.v1 import util 23from googlecloudsdk.calliope import base 24from googlecloudsdk.command_lib.functions import flags 25from googlecloudsdk.command_lib.iam import iam_util 26 27 28class RemoveIamPolicyBinding(base.Command): 29 """Removes an IAM policy binding from a Google Cloud Function.""" 30 31 detailed_help = { 32 'DESCRIPTION': '{description}', 33 'EXAMPLES': 34 """\ 35 To remove the iam policy binding for `FUNCTION-1` from role 36 `ROLE-1` for member `MEMBER-1` run: 37 38 $ {command} FUNCTION-1 --member=MEMBER-1 --role=ROLE-1 39 """, 40 } 41 42 @staticmethod 43 def Args(parser): 44 """Register flags for this command.""" 45 flags.AddFunctionResourceArg(parser, 'to remove IAM policy binding from') 46 iam_util.AddArgsForRemoveIamPolicyBinding(parser) 47 48 def Run(self, args): 49 """This is what gets called when the user runs this command. 50 51 Args: 52 args: an argparse namespace. All the arguments that were provided to this 53 command invocation. 54 55 Returns: 56 The specified function with its description and configured filter. 57 """ 58 client = util.GetApiClientInstance() 59 messages = client.MESSAGES_MODULE 60 function_ref = args.CONCEPTS.name.Parse() 61 policy = client.projects_locations_functions.GetIamPolicy( 62 messages.CloudfunctionsProjectsLocationsFunctionsGetIamPolicyRequest( 63 resource=function_ref.RelativeName())) 64 iam_util.RemoveBindingFromIamPolicy(policy, args.member, args.role) 65 return client.projects_locations_functions.SetIamPolicy( 66 messages.CloudfunctionsProjectsLocationsFunctionsSetIamPolicyRequest( 67 resource=function_ref.RelativeName(), 68 setIamPolicyRequest=messages.SetIamPolicyRequest( 69 policy=policy))) 70