GoogleCloudPlatform · melaniedejong · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025 · ghost
diff --git a/iam/cloud-client/snippets/modify_policy_add_member.py b/iam/cloud-client/snippets/modify_policy_add_member.py
@@ -19,22 +19,22 @@
 
 
 def modify_policy_add_member(
-    project_id: str, role: str, member: str
+    project_id: str, role: str, principal: str
 ) -> policy_pb2.Policy:
     """
     Add a principal to certain role in project policy.
 
     project_id: ID or number of the Google Cloud project you want to use.
     role: role to which principal need to be added.
-    member: The principal requesting access.
+    principal: The principal requesting access.
 
     For principal ID formats, see https://cloud.google.com/iam/docs/principal-identifiers
     """
     policy = get_project_policy(project_id)
 
     for bind in policy.bindings:
         if bind.role == role:
-            bind.members.append(member)
+            bind.members.append(principal)
             break
 
     return set_project_policy(project_id, policy)
@@ -52,4 +52,4 @@ def modify_policy_add_member(
     role = "roles/viewer"
     member = f"serviceAccount:test-service-account@{project_id}.iam.gserviceaccount.com"
 
-    modify_policy_add_member(project_id, role, member)
+    modify_policy_add_member(project_id, role, principal)
-    modify_policy_add_member(project_id, role, principal)
+    modify_policy_add_member(project_id, role, member)
-    modify_policy_add_member(project_id, role, principal)
+    modify_policy_add_member(project_id, role, member)
diff --git a/iam/cloud-client/snippets/modify_policy_remove_member.py b/iam/cloud-client/snippets/modify_policy_remove_member.py
@@ -19,14 +19,14 @@
 
 
 def modify_policy_remove_member(
-    project_id: str, role: str, member: str
+    project_id: str, role: str, principal: str
 ) -> policy_pb2.Policy:
     """
     Remove a principal from certain role in project policy.
 
     project_id: ID or number of the Google Cloud project you want to use.
     role: role to revoke.
-    member: The principal to revoke access from.
+    principal: The principal to revoke access from.
 
     For principal ID formats, see https://cloud.google.com/iam/docs/principal-identifiers
     """
@@ -35,7 +35,7 @@ def modify_policy_remove_member(
     for bind in policy.bindings:
         if bind.role == role:
             if member in bind.members:
-                bind.members.remove(member)
+                bind.members.remove(principal)
-            if member in bind.members:
-                bind.members.remove(member)
-                bind.members.remove(principal)
+            if principal in bind.members:
+                bind.members.remove(principal)
-            if member in bind.members:
-                bind.members.remove(member)
-                bind.members.remove(principal)
+            if principal in bind.members:
+                bind.members.remove(principal)
             break
 
     return set_project_policy(project_id, policy, False)
@@ -51,6 +51,6 @@ def modify_policy_remove_member(
     # Your Google Cloud project ID.
     project_id = "test-project-id"
     role = "roles/viewer"
-    member = f"serviceAccount:test-service-account@{project_id}.iam.gserviceaccount.com"
+    principal = f"serviceAccount:test-service-account@{project_id}.iam.gserviceaccount.com"
 
-    modify_policy_remove_member(project_id, role, member)
+    modify_policy_remove_member(project_id, role, principal)