in storage/src/remove_bucket_iam_member.php [39:76]
function remove_bucket_iam_member(string $bucketName, string $role, string $member): void
{
$storage = new StorageClient();
$bucket = $storage->bucket($bucketName);
$iam = $bucket->iam();
$policy = $iam->policy(['requestedPolicyVersion' => 3]);
$policy['version'] = 3;
foreach ($policy['bindings'] as $i => $binding) {
// This example only removes member from bindings without a condition.
if ($binding['role'] == $role && !isset($binding['condition'])) {
$key = array_search($member, $binding['members']);
if ($key !== false) {
unset($binding['members'][$key]);
// If the last member is removed from the binding, clean up the
// binding.
if (count($binding['members']) == 0) {
unset($policy['bindings'][$i]);
// Ensure array keys are sequential, otherwise JSON encodes
// the array as an object, which fails when calling the API.
$policy['bindings'] = array_values($policy['bindings']);
} else {
// Ensure array keys are sequential, otherwise JSON encodes
// the array as an object, which fails when calling the API.
$binding['members'] = array_values($binding['members']);
$policy['bindings'][$i] = $binding;
}
$iam->setPolicy($policy);
printf('User %s removed from role %s for bucket %s' . PHP_EOL, $member, $role, $bucketName);
return;
}
}
}
throw new \RuntimeException('No matching role-member group(s) found.');
}