Class: Google::Cloud::Storage::PolicyV1

Inherits:

Policy

• Object
• Policy
• Google::Cloud::Storage::PolicyV1

Defined in:

lib/google/cloud/storage/policy.rb

Overview

A subclass of Policy that supports access to #roles and related helpers. Attempts to call #bindings and #version= will raise a runtime error. To update the Policy version and add bindings with a newer syntax, use PolicyV3 instead by calling Bucket#policy with requested_policy_version: 3. To obtain instances of this class, call Bucket#policy without the requested_policy_version keyword argument.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.version # the value is 1
  p.remove "roles/storage.admin", "user:owner@example.com"
  p.add "roles/storage.admin", "user:newowner@example.com"
  p.roles["roles/storage.objectViewer"] = ["allUsers"]
end

Instance Attribute Summary

• #roles ⇒ Hash

  Returns the version 1 bindings (no conditions) as a hash that associates roles with arrays of members.

Attributes inherited from Policy

#etag, #version

Instance Method Summary

• #add(role_name, member) ⇒ Object

  Convenience method for adding a member to a binding on this policy.

• #deep_dup ⇒ Policy deprecated Deprecated.

  Because the latest policy is now always retrieved by Bucket#policy.

• #remove(role_name, member) ⇒ Object

  Convenience method for removing a member from a binding on this policy.

• #role(role_name) ⇒ Array<String>

  Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in #roles.

Instance Attribute Details

#roles ⇒ Hash

Returns the version 1 bindings (no conditions) as a hash that associates roles with arrays of members. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Returns:

• (Hash) —

  the current value of roles

# File 'lib/google/cloud/storage/policy.rb', line 112

def roles
  @roles
end

Instance Method Details

#add(role_name, member) ⇒ Object

Convenience method for adding a member to a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.add "roles/storage.admin", "user:newowner@example.com"
end

Parameters:

• role_name (String) —

  A Cloud IAM role, such as "roles/storage.admin".

• member (String) —

  A Cloud IAM identity, such as "user:owner@example.com".

# File 'lib/google/cloud/storage/policy.rb', line 146

def add role_name, member
  role(role_name) << member
end

#deep_dup ⇒ Policy

Deprecated.

Because the latest policy is now always retrieved by Bucket#policy.

Returns a deep copy of the policy.

Returns:

• (Policy)

# File 'lib/google/cloud/storage/policy.rb', line 212

def deep_dup
  warn "DEPRECATED: Storage::PolicyV1#deep_dup"
  dup.tap do |p|
    roles_dup = p.roles.transform_values do |v|
      v.dup rescue value
    end
    p.instance_variable_set :@roles, roles_dup
  end
end

#remove(role_name, member) ⇒ Object

Convenience method for removing a member from a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.remove "roles/storage.admin", "user:owner@example.com"
end

Parameters:

• role_name (String) —

  A Cloud IAM role, such as "roles/storage.admin".

• member (String) —

  A Cloud IAM identity, such as "user:owner@example.com".

# File 'lib/google/cloud/storage/policy.rb', line 174

def remove role_name, member
  role(role_name).delete member
end

#role(role_name) ⇒ Array<String>

Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in #roles. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.role("roles/storage.admin") << "user:owner@example.com"
end

Returns:

• (Array<String>) —

  The members strings, or an empty array.

# File 'lib/google/cloud/storage/policy.rb', line 200

def role role_name
  roles[role_name] ||= []
end