Class: Google::Cloud::Storage::Policy::Binding

Inherits:

Object

Object
Google::Cloud::Storage::Policy::Binding

show all

Defined in:: lib/google/cloud/storage/policy/binding.rb

Overview

Binding

Value object associating members and an optional condition with a role.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

policy = bucket.policy requested_policy_version: 3
policy.bindings.each do |binding|
  puts binding.role
end

Updating a Policy from version 1 to version 3:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access = true

bucket.policy requested_policy_version: 3 do |p|
  p.version # the value is 1
  p.version = 3 # Must be explicitly set to opt-in to support for conditions.

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end

Instance Attribute Summary collapse

#condition ⇒ Google::Cloud::Storage::Policy::Condition^?
The condition that is associated with this binding, or nil if there is no condition.
#members ⇒ Array<String>
Specifies the identities requesting access for a Cloud Platform resource.
#role ⇒ String
Role that is assigned to members.

Instance Method Summary collapse

#initialize(role:, members:, condition: nil) ⇒ Binding constructor
Creates a Binding object.

Constructor Details

#initialize(role:, members:, condition: nil) ⇒ `Binding`

Creates a Binding object.

Parameters:

role (String) —
Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.
members (Array<String>) —
Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
- serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
- domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.
condition (Google::Cloud::Storage::Policy::Condition) (defaults to: nil) —
The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently. Optional.

Raises:

(ArgumentError)

# File 'lib/google/cloud/storage/policy/binding.rb', line 126

def initialize role:, members:, condition: nil
  @role = String role

  @members = Array members
  raise ArgumentError, "members is empty, must be provided" if @members.empty?

  condition = Condition.new(**condition) if condition.is_a? Hash
  if condition && !(condition.is_a? Condition)
    raise ArgumentError, "expected Condition, not #{condition.inspect}"
  end
  @condition = condition
end

Instance Attribute Details

#condition ⇒ `Google::Cloud::Storage::Policy::Condition`^?

The condition that is associated with this binding, or nil if there is no condition. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.

Returns:

(Google::Cloud::Storage::Policy::Condition, nil) —
the current value of condition



91
92
93

# File 'lib/google/cloud/storage/policy/binding.rb', line 91

def condition
  @condition
end

#members ⇒ `Array<String>`

Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.

allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.

Returns:

(Array<String>) —
the current value of members



91
92
93

# File 'lib/google/cloud/storage/policy/binding.rb', line 91

def members
  @members
end

#role ⇒ `String`

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.

Returns:

(String) —
the current value of role



91
92
93

# File 'lib/google/cloud/storage/policy/binding.rb', line 91

def role
  @role
end

Class: Google::Cloud::Storage::Policy::Binding

Overview

Binding

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(role:, members:, condition: nil) ⇒ Binding

Instance Attribute Details

#condition ⇒ Google::Cloud::Storage::Policy::Condition?

#members ⇒ Array<String>

#role ⇒ String

#initialize(role:, members:, condition: nil) ⇒ `Binding`

#condition ⇒ `Google::Cloud::Storage::Policy::Condition`^?

#members ⇒ `Array<String>`

#role ⇒ `String`