in secretmanager/src/iam_revoke_access.php [39:74]
function iam_revoke_access(string $projectId, string $secretId, string $member): void
{
// Create the Secret Manager client.
$client = new SecretManagerServiceClient();
// Build the resource name of the secret.
$name = $client->secretName($projectId, $secretId);
// Get the current IAM policy.
$policy = $client->getIamPolicy((new GetIamPolicyRequest)->setResource($name));
// Remove the member from the list of bindings.
foreach ($policy->getBindings() as $binding) {
if ($binding->getRole() == 'roles/secretmanager.secretAccessor') {
$members = $binding->getMembers();
foreach ($members as $i => $existingMember) {
if ($member == $existingMember) {
unset($members[$i]);
$binding->setMembers($members);
break;
}
}
}
}
// Build the request.
$request = (new SetIamPolicyRequest)
->setResource($name)
->setPolicy($policy);
// Save the updated policy to the server.
$client->setIamPolicy($request);
// Print out a success message.
printf('Updated IAM policy for %s', $secretId);
}