Class: Google::Apis::CloudtasksV2::Policy
- Inherits:
-
Object
- Object
- Google::Apis::CloudtasksV2::Policy
- Defined in:
- generated/google/apis/cloudtasks_v2/classes.rb,
generated/google/apis/cloudtasks_v2/representations.rb,
generated/google/apis/cloudtasks_v2/representations.rb
Overview
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy
is a collection of bindings
. A binding
binds one or more
members
to a single role
. Members can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of
permissions; each role
can be an IAM predefined role or a user-created
custom role.
Optionally, a binding
can specify a condition
, which is a logical
expression that allows access to a resource only if the expression evaluates
to true
. A condition can add constraints based on attributes of the
request, the resource, or both.
JSON example:
"bindings": [
"role": "roles/resourcemanager.organizationAdmin",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com"
]
,
"role": "roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"condition":
"title": "expirable access",
"description": "Does not grant access after Sep 2020",
"expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
",
],
"etag": "BwWWja0YfJA=",
"version": 3
YAML example:
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin
- members:
- user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
- etag: BwWWja0YfJA=
- version: 3 For a description of IAM and its features, see the IAM documentation.
Instance Attribute Summary collapse
-
#bindings ⇒ Array<Google::Apis::CloudtasksV2::Binding>
Associates a list of
members
to arole
. -
#etag ⇒ String
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. -
#version ⇒ Fixnum
Specifies the format of the policy.
Instance Method Summary collapse
-
#initialize(**args) ⇒ Policy
constructor
A new instance of Policy.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Google::Apis::Core::JsonObjectSupport
Methods included from Google::Apis::Core::Hashable
Constructor Details
#initialize(**args) ⇒ Policy
Returns a new instance of Policy.
1007 1008 1009 |
# File 'generated/google/apis/cloudtasks_v2/classes.rb', line 1007 def initialize(**args) update!(**args) end |
Instance Attribute Details
#bindings ⇒ Array<Google::Apis::CloudtasksV2::Binding>
Associates a list of members
to a role
. Optionally, may specify a
condition
that determines how and when the bindings
are applied. Each
of the bindings
must contain at least one member.
Corresponds to the JSON property bindings
969 970 971 |
# File 'generated/google/apis/cloudtasks_v2/classes.rb', line 969 def bindings @bindings end |
#etag ⇒ String
etag
is used for optimistic concurrency control as a way to help
prevent simultaneous updates of a policy from overwriting each other.
It is strongly suggested that systems make use of the etag
in the
read-modify-write cycle to perform policy updates in order to avoid race
conditions: An etag
is returned in the response to getIamPolicy
, and
systems are expected to put that etag in the request to setIamPolicy
to
ensure that their change will be applied to the same version of the policy.
Important: If you use IAM Conditions, you must include the etag
field
whenever you call setIamPolicy
. If you omit this field, then IAM allows
you to overwrite a version 3
policy with a version 1
policy, and all of
the conditions in the version 3
policy are lost.
Corresponds to the JSON property etag
NOTE: Values are automatically base64 encoded/decoded in the client library.
985 986 987 |
# File 'generated/google/apis/cloudtasks_v2/classes.rb', line 985 def etag @etag end |
#version ⇒ Fixnum
Specifies the format of the policy.
Valid values are 0
, 1
, and 3
. Requests that specify an invalid value
are rejected.
Any operation that affects conditional role bindings must specify version
3
. This requirement applies to the following operations:
- Getting a policy that includes a conditional role binding
- Adding a conditional role binding to a policy
- Changing a conditional role binding in a policy
- Removing any role binding, with or without a condition, from a policy
that includes conditions
Important: If you use IAM Conditions, you must include the
etag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. Corresponds to the JSON propertyversion
1005 1006 1007 |
# File 'generated/google/apis/cloudtasks_v2/classes.rb', line 1005 def version @version end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
1012 1013 1014 1015 1016 |
# File 'generated/google/apis/cloudtasks_v2/classes.rb', line 1012 def update!(**args) @bindings = args[:bindings] if args.key?(:bindings) @etag = args[:etag] if args.key?(:etag) @version = args[:version] if args.key?(:version) end |