Reference documentation and code samples for the Google Cloud PHP shared dependency, providing functionality useful to all components. Client class PolicyBuilder.
Helper class for creating valid IAM policies
Example:
use Google\Cloud\Core\Iam\PolicyBuilder;
$builder = new PolicyBuilder();
$builder->addBinding('roles/admin', [ 'user:admin@domain.com' ]);
$result = $builder->result();
Namespace
Google \ Cloud \ Core \ IamMethods
__construct
See also:
Example: ``` $policy = [ 'etag' => 'AgIc==', 'version' => 3, 'bindings' => [ [ 'role' => 'roles/admin', 'members' => [ 'user:admin@domain.com', 'user2:admin@domain.com' ], 'condition' => [ 'title' => 'match-prefix', 'description' => 'Applies to objects matching a prefix', 'expression' => 'resource.name.startsWith("projects/_/buckets/bucket-name/objects/prefix-a-")' ] ] ], ];
$builder = new PolicyBuilder($policy); ```
Parameter | |
---|---|
Name | Description |
policy |
array
A policy array |
setBindings
Override all stored bindings on the policy.
Example:
$builder->setBindings([
[
'role' => 'roles/admin',
'members' => [
'user:admin@domain.com'
],
'condition' => [
'expression' =>
'request.time < timestamp("2020-07-01T00:00:00.000Z")'
]
]
]);
Parameter | |
---|---|
Name | Description |
bindings |
array
[optional] An array of bindings |
Returns | |
---|---|
Type | Description |
PolicyBuilder |
addBinding
Add a new binding to the policy.
This method will fail with an InvalidOpereationException if it is called on a Policy with a version greater than 1 as that indicates a more complicated policy than this method is prepared to handle. Changes to such policies must be made manually by the setBindings() method.
Example:
$builder->addBinding('roles/admin', [ 'user:admin@domain.com' ]);
Parameters | |
---|---|
Name | Description |
role |
string
A valid role for the service |
members |
array
An array of members to assign to the binding |
Returns | |
---|---|
Type | Description |
PolicyBuilder |
removeBinding
Remove a binding from the policy.
This method will fail with a BadMethodCallException if it is called on a Policy with a version greater than 1 as that indicates a more complicated policy than this method is prepared to handle. Changes to such policies must be made manually by the setBindings() method.
Example:
$builder->setBindings([
[
'role' => 'roles/admin',
'members' => [
'user:admin@domain.com',
'user2:admin@domain.com'
]
]
]);
$builder->removeBinding('roles/admin', [ 'user:admin@domain.com' ]);
Parameters | |
---|---|
Name | Description |
role |
string
A valid role for the service |
members |
array
An array of members to remove from the role |
Returns | |
---|---|
Type | Description |
PolicyBuilder |
setEtag
Update the etag on the policy.
Example:
$builder->setEtag($oldPolicy['etag']);
Parameter | |
---|---|
Name | Description |
etag |
string
used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that updates to existing policies make use of the etag to avoid race conditions. |
Returns | |
---|---|
Type | Description |
PolicyBuilder |
setVersion
Update the version of the policy.
Example:
$builder->setVersion(1);
Parameter | |
---|---|
Name | Description |
version |
int
Version of the Policy. Defaults to |
Returns | |
---|---|
Type | Description |
PolicyBuilder |
result
Create a policy array with data in the correct format.
Example:
$policy = $builder->result();
Returns | |
---|---|
Type | Description |
array |
An array of policy data |