Class: Google::Cloud::Storage::Policy

  • Object
show all
Defined in:



An abstract Cloud IAM Policy for the Cloud Storage service. See concrete subclasses PolicyV1 and PolicyV3.

A common pattern for updating a resource's metadata, such as its Policy, is to read the current data from the service, update the data locally, and then send the modified data for writing. This pattern may result in a conflict if two or more processes attempt the sequence simultaneously. IAM solves this problem with the #etag property, which is used to verify whether the policy has changed since the last request. When you make a request to with an etag value, Cloud IAM compares the etag value in the request with the existing etag value associated with the policy. It writes the policy only if the etag values match.

When you update a policy, first read the policy (and its current etag) from the service, then modify the policy locally, and then write the modified policy to the service. See Bucket#policy and Bucket#policy=.

Direct Known Subclasses

PolicyV1, PolicyV3

Defined Under Namespace

Classes: Binding, Bindings, Condition

Instance Attribute Summary collapse

Instance Attribute Details


Used to verify whether the policy has changed since the last request. The policy will be written only if the etag values match.


  • (String)

    the current value of etag

# File 'lib/google/cloud/storage/policy.rb', line 71

def etag


The syntax schema version of the policy. Each version of the policy contains a specific syntax schema that can be used by bindings. The newer version may contain role bindings with the newer syntax schema that is unsupported by earlier versions. This field is not intended to be used for any purposes other than policy syntax schema control.

The following policy versions are valid:

  • 1 - The first version of Cloud IAM policy schema. Supports binding one role to one or more members. Does not support conditional bindings.
  • 3 - Introduces the condition field in the role binding, which further constrains the role binding via context-based and attribute-based rules. See Understanding policies and Overview of Cloud IAM Conditions for more information.


  • (Integer)

    the current value of version

# File 'lib/google/cloud/storage/policy.rb', line 71

def version