secretmanager: add IAM helper for generic resource IAM handle
Change-Id: I11a7ba281a658bbc2eba91c89320d18f96adef0f
Reviewed-on: https://code-review.googlesource.com/c/gocloud/+/49650
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chris Broadfoot <cbro@google.com>
diff --git a/secretmanager/apiv1beta1/iam.go b/secretmanager/apiv1beta1/iam.go
new file mode 100644
index 0000000..3826967
--- /dev/null
+++ b/secretmanager/apiv1beta1/iam.go
@@ -0,0 +1,59 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package secretmanager
+
+import (
+ "context"
+
+ "cloud.google.com/go/iam"
+ iampb "google.golang.org/genproto/googleapis/iam/v1"
+)
+
+// IAM returns a handle to inspect and change permissions of the resource
+// indicated by the given resource path. Name should be of the format
+// `projects/my-project/secrets/my-secret`.
+func (c *Client) IAM(name string) *iam.Handle {
+ return iam.InternalNewHandleClient(&iamClient{c}, name)
+}
+
+// iamClient implements the Get/Set/Test IAM methods.
+type iamClient struct {
+ c *Client
+}
+
+func (c *iamClient) Get(ctx context.Context, resource string) (*iampb.Policy, error) {
+ return c.c.GetIamPolicy(ctx, &iampb.GetIamPolicyRequest{
+ Resource: resource,
+ })
+}
+
+func (c *iamClient) Set(ctx context.Context, resource string, p *iampb.Policy) error {
+ _, err := c.c.SetIamPolicy(ctx, &iampb.SetIamPolicyRequest{
+ Policy: p,
+ Resource: resource,
+ })
+ return err
+}
+
+func (c *iamClient) Test(ctx context.Context, resource string, perms []string) ([]string, error) {
+ resp, err := c.c.TestIamPermissions(ctx, &iampb.TestIamPermissionsRequest{
+ Resource: resource,
+ Permissions: perms,
+ })
+ if err != nil {
+ return nil, err
+ }
+ return resp.Permissions, nil
+}
diff --git a/secretmanager/apiv1beta1/iam_example_test.go b/secretmanager/apiv1beta1/iam_example_test.go
new file mode 100644
index 0000000..28466996
--- /dev/null
+++ b/secretmanager/apiv1beta1/iam_example_test.go
@@ -0,0 +1,40 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package secretmanager_test
+
+import (
+ "context"
+
+ secretmanager "cloud.google.com/go/secretmanager/apiv1beta1"
+)
+
+func ExampleClient_IAM() {
+ ctx := context.Background()
+ c, err := secretmanager.NewClient(ctx)
+ if err != nil {
+ // TODO: Handle error.
+ }
+
+ // TODO: fill in secret resource path
+ secret := "projects/[PROJECT_ID]/secrets/[SECRET]"
+ handle := c.IAM(secret)
+
+ policy, err := handle.Policy(ctx)
+ if err != nil {
+ // TODO: Handle error.
+ }
+ // TODO: Use policy.
+ _ = policy
+}
