dakodner
diff --git a/‎storage/api/composer.json‎
Lines changed: 4 additions & 1 deletion b/‎storage/api/composer.json‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎storage/api/composer.lock‎
Lines changed: 20 additions & 20 deletions b/‎storage/api/composer.lock‎
Lines changed: 20 additions & 20 deletions
diff --git a/‎storage/api/src/IamCommand.php‎
Lines changed: 96 additions & 0 deletions b/‎storage/api/src/IamCommand.php‎
Lines changed: 96 additions & 0 deletions
diff --git a/‎storage/api/src/functions/add_bucket_iam_member.php‎
Lines changed: 55 additions & 0 deletions b/‎storage/api/src/functions/add_bucket_iam_member.php‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎storage/api/src/functions/remove_bucket_iam_member.php‎
Lines changed: 64 additions & 0 deletions b/‎storage/api/src/functions/remove_bucket_iam_member.php‎
Lines changed: 64 additions & 0 deletions
@@ -11,6 +11,7 @@
         "files": [
             "src/functions/add_bucket_acl.php",
             "src/functions/add_bucket_default_acl.php",
+            "src/functions/add_bucket_iam_member.php",
             "src/functions/add_object_acl.php",
             "src/functions/copy_object.php",
             "src/functions/create_bucket.php",
@@ -34,9 +35,11 @@
             "src/functions/list_objects_with_prefix.php",
             "src/functions/make_public.php",
             "src/functions/move_object.php",
+            "src/functions/remove_bucket_iam_member.php",
             "src/functions/rotate_encryption_key.php",
             "src/functions/upload_encrypted_object.php",
-            "src/functions/upload_object.php"
+            "src/functions/upload_object.php",
+            "src/functions/view_bucket_iam_members.php"
         ]
     },
     "require-dev": {
 
@@ -0,0 +1,96 @@
+<?php
+/**
+ * Copyright 2016 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use InvalidArgumentException;
+
+/**
+ * Command line utility to manage Storage IAM.
+ *
+ * Usage: php storage.php iam
+ */
+class IamCommand extends Command
+{
+    protected function configure()
+    {
+        $this
+            ->setName('iam')
+            ->setDescription('Manage IAM for Storage')
+            ->setHelp(<<<EOF
+The <info>%command.name%</info> command manages Storage IAM policies.
+
+    <info>php %command.full_name% my-bucket</info>
+
+    <info>php %command.full_name% my-bucket --role my-role --add-member user/[email protected]</info>
+
+    <info>php %command.full_name% my-bucket --role my-role --remove-member user/[email protected]</info>
+
+EOF
+            )
+            ->addArgument(
+                'bucket',
+                InputArgument::REQUIRED,
+                'The bucket that you want to change IAM for. '
+            )
+            ->addOption(
+                'role',
+                null,
+                InputOption::VALUE_REQUIRED,
+                'The new role to add to a bucket. '
+            )
+            ->addOption(
+                'add-member',
+                null,
+                InputOption::VALUE_REQUIRED,
+                'The new member to add with the new role to the bucket. '
+            )
+            ->addOption(
+                'remove-member',
+                null,
+                InputOption::VALUE_REQUIRED,
+                'The member to remove from a role for a bucket. '
+            )
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $bucketName = $input->getArgument('bucket');
+        $role = $input->getOption('role');
+        $addMember = $input->getOption('add-member');
+        $removeMember = $input->getOption('remove-member');
+        if ($addMember) {
+            if (!$role) {
+                throw new InvalidArgumentException('Must provide role as an option.');
+            }
+            add_bucket_iam_member($bucketName, $role, $addMember);
+        } elseif ($removeMember) {
+            if (!$role) {
+                throw new InvalidArgumentException('Must provide role as an option.');
+            }
+            remove_bucket_iam_member($bucketName, $role, $removeMember);
+        } else {
+            view_bucket_iam_members($bucketName);
+        }
+    }
+}
@@ -0,0 +1,55 @@
+<?php
+/**
+ * Copyright 2016 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/api/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START add_bucket_iam_member]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Adds a new member / role IAM pair to a given Cloud Storage bucket.
+ *
+ * @param string $bucketName the name of your Cloud Storage bucket.
+ * @param string $role the role you want to add a given member to.
+ * @param string $member the member you want to give the new role for the Cloud
+ * Storage bucket.
+ *
+ * @return void
+ */
+function add_bucket_iam_member($bucketName, $role, $member)
+{
+    $storage = new StorageClient();
+    $bucket = $storage->bucket($bucketName);
+
+    $policy = $bucket->iam()->policy();
+
+    $policy['bindings'][] = [
+        'role' => $role,
+        'members' => [$member]
+    ];
+
+    $bucket->iam()->setPolicy($policy);
+
+    printf('User %s added to role %s for bucket %s' . PHP_EOL, $member, $role, $bucketName);
+}
+# [END add_bucket_iam_member]
@@ -0,0 +1,64 @@
+<?php
+/**
+ * Copyright 2016 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/api/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START remove_bucket_iam_member]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Removes a member / role IAM pair from a given Cloud Storage bucket.
+ *
+ * @param string $bucketName the name of your Cloud Storage bucket.
+ * @param string $role the role you want to remove a given member from.
+ * @param string $member the member you want to remove from the given role.
+ *
+ * @return void
+ */
+function remove_bucket_iam_member($bucketName, $role, $member)
+{
+    $storage = new StorageClient();
+    $bucket = $storage->bucket($bucketName);
+
+    $policy = $bucket->iam()->policy();
+
+    foreach ($policy['bindings'] as $i => &$binding) {
+        if ($binding['role'] == $role) {
+            if (false !== $j = array_search($member, $binding['members'])) {
+                unset($binding['members'][$j]);
+                $binding['members'] = array_values($binding['members']);
+                if (empty($binding['members'])) {
+                    unset($policy['bindings'][$i]);
+                    $policy['bindings'] = array_values($policy['bindings']);
+                }
+                $bucket->iam()->setPolicy($policy);
+                printf('User %s removed from role %s for bucket %s' . PHP_EOL, $member, $role, $bucketName);
+                return;
+            } else {
+                printf('Member %s not found for role %s for bucket %s.' . PHP_EOL, $member, $role, $bucketName);
+            }
+        }
+    }
+    printf('Role %s not found for bucket %s.' . PHP_EOL, $role, $bucketName);
+}
+# [END remove_bucket_iam_member]