I want to grant a new user bigquery.user access from java api. But somehow not able to do from the documentation provided. There is not much with respect to API calls. Can someone point me at the right direction.
I am using the below code as of now :
package com.infy.entitlement;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.googleapis.util.Utils;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.services.cloudresourcemanager.model.GetIamPolicyRequest;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.IamScopes;
import com.google.api.services.iam.v1.model.Binding;
import com.google.api.services.iam.v1.model.Policy;
import com.google.api.services.iam.v1.model.SetIamPolicyRequest;
final HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
final GoogleCredential credential = GoogleCredential
.getApplicationDefault(httpTransport, jsonFactory)
.createScoped(IamScopes.all());
final Iam iam = new Iam.Builder(
httpTransport, jsonFactory, credential)
.setApplicationName("SS")
.build();
String[] myViewers = new String[] {"user:testviewer1@gmail.com",
"user:testviewer2@gmail.com"};
String targetRole = "projects/***/roles/bigquery.users";
Policy policy = iam.projects().serviceAccounts().getIamPolicy("projects/***/serviceAccounts/****").execute();
Binding targetBinding = null;
List<Binding> bindings = new ArrayList<Binding>();
if(policy.getBindings() != null){
bindings = policy.getBindings();
}
if(bindings != null){
for (Binding binding : bindings) {
if (binding.getRole().equals(targetRole)) {
targetBinding = binding;
break;
}
}
}
if (targetBinding == null) {
targetBinding = new Binding();
targetBinding.setMembers(Arrays.asList(myViewers));
targetBinding.setRole(targetRole);
bindings.add(targetBinding);
}
policy.setBindings(bindings);
iam.projects().serviceAccounts().setIamPolicy("projects/****/serviceAccounts/******", SetIamPolicyRequest.class.newInstance().setPolicy(policy)).execute();
System.out.println(targetBinding.getRole());
}
}
After executing i am getting the below error: Exception in thread "main" com.google.api.client.googleapis.json.GoogleJsonResponseException: 400 Bad Request { "code" : 400, "errors" : [ { "domain" : "global", "message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.", "reason" : "badRequest" } ], "message" : "Role (projects/dazzling-byway-184414/roles/bigquery.users) does not exist in the resource's hierarchy.", "status" : "INVALID_ARGUMENT" }
Is there any particular format of passing the request?
I agree with the comment left by Xiaoxia that you should try using “bigquery.user” as the target role.
To answer your other question on finding more documentation on the Java API for IAM access, I would look at this link for getting the IAM policy, and this link for setting the IAM policy. Near the top in the example Java code, you will find instructions in setting up your environment for using the Java API for IAM access. The example Java code also serves as a reference for what you want to do.