I have a dump of IAM Policies and I want to add a new member to all of them. The problem is that each resource has its own API for setting IAM policies, and so I would need to handle each type of resource individually. So much toil. I want a generic "IAM API" that takes a resource & policy as inputs, and creates the binding. Is such a thing possible?
For reference, the format for my policy dump is:
- policy:
bindings:
- members:
- user:tom@email.com
role: roles/compute.networkUser
etag: BwWfgKQuAFg=
project: projects/800307802527
resource: //compute.googleapis.com/projects/foo-proj/regions/us-central1/subnetworks/sub1
I have a very long list of these records, and I want to iterate through them adding a member "new-member@email.com" to each one. Is there a generic IAM API I can call to add a policy binding to a resource?
As mentioned in the comment, each resource has its own API. There is no "Generic" IAM API to handle your use case. You can however create a feature request through the Public Issue Tracker to make a request for this feature to be implemented.