Class: Google::Cloud::Storage::PolicyV3

Inherits:

Policy

Object
Policy
Google::Cloud::Storage::PolicyV3

show all

Defined in:: lib/google/cloud/storage/policy.rb

Overview

A subclass of Policy that supports access to #bindings and #version=. Attempts to call #roles and relate helpers will raise a runtime error. This class may be used to update the Policy version and add bindings with a newer syntax. To obtain instances of this class, call Bucket#policy with requested_policy_version: 3.

Examples:

Updating Policy version 1 to version 3:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access = true

bucket.policy requested_policy_version: 3 do |p|
  p.version # the value is 1
  p.version = 3

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end

Using Policy version 3:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access? # true

bucket.policy requested_policy_version: 3 do |p|
  p.version = 3 # Must be explicitly set to opt-in to support for conditions.

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end

Instance Attribute Summary collapse

#bindings ⇒ Bindings
Returns the Policy's bindings object that associate roles with an array of members.

Attributes inherited from Policy

#etag, #version

Instance Method Summary collapse

#version=(new_version) ⇒ Object
Updates the syntax schema version of the policy.

Instance Attribute Details

#bindings ⇒ `Bindings`

Returns the Policy's bindings object that associate roles with an array of members. Conditions can be configured on the Google::Cloud::Storage::Policy::Binding object. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Returns:

(Bindings) —
the current value of bindings



335
336
337

# File 'lib/google/cloud/storage/policy.rb', line 335

def bindings
  @bindings
end

Instance Method Details

#version=(new_version) ⇒ `Object`

Updates the syntax schema version of the policy. Each version of the policy contains a specific syntax schema that can be used by bindings. The newer version may contain role bindings with the newer syntax schema that is unsupported by earlier versions. This field is not intended to be used for any purposes other than policy syntax schema control.

The following policy versions are valid:

1 - The first version of Cloud IAM policy schema. Supports binding one role to one or more members. Does not support conditional bindings.
3 - Introduces the condition field in the role binding, which further constrains the role binding via context-based and attribute-based rules. See Understanding policies and Overview of Cloud IAM Conditions for more information.