Google Cloud Iam V2 Client - Class PoliciesClient (0.3.1)

Reference documentation and code samples for the Google Cloud Iam V2 Client class PoliciesClient.

Service Description: An interface for managing Identity and Access Management (IAM) policies.

This class is currently experimental and may be subject to changes.

Namespace

Google \ Cloud \ Iam \ V2 \ Client

Methods

__construct

Constructor.

Parameters
NameDescription
options array

Optional. Options for configuring the service API wrapper.

↳ apiEndpoint string

The address of the API remote host. May optionally include the port, formatted as "

↳ credentials string|array|FetchAuthTokenInterface|CredentialsWrapper

The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.

↳ credentialsConfig array

Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .

↳ disableRetries bool

Determines whether or not retries defined by the client configuration should be disabled. Defaults to false.

↳ clientConfig string|array

Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.

↳ transport string|TransportInterface

The transport used for executing network requests. May be either the string rest or grpc. Defaults to grpc if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.

↳ transportConfig array

Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.

↳ clientCertSource callable

A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

createPolicy

Creates a policy.

The async variant is Google\Cloud\Iam\V2\Client\BaseClient\self::createPolicyAsync() .

Parameters
NameDescription
request Google\Cloud\Iam\V2\CreatePolicyRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example 
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Iam\V2\Client\PoliciesClient;
use Google\Cloud\Iam\V2\CreatePolicyRequest;
use Google\Cloud\Iam\V2\Policy;
use Google\Rpc\Status;

/**
 * @param string $parent The resource that the policy is attached to, along with the kind of policy
 *                       to create. Format: `policies/{attachment_point}/denypolicies`
 *
 *
 *                       The attachment point is identified by its URL-encoded full resource name,
 *                       which means that the forward-slash character, `/`, must be written as
 *                       `%2F`. For example,
 *                       `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
 *
 *                       For organizations and folders, use the numeric ID in the full resource
 *                       name. For projects, you can use the alphanumeric or the numeric ID.
 */
function create_policy_sample(string $parent): void
{
    // Create a client.
    $policiesClient = new PoliciesClient();

    // Prepare the request message.
    $policy = new Policy();
    $request = (new CreatePolicyRequest())
        ->setParent($parent)
        ->setPolicy($policy);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $policiesClient->createPolicy($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var Policy $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    create_policy_sample($parent);
}

deletePolicy

Deletes a policy. This action is permanent.

The async variant is Google\Cloud\Iam\V2\Client\BaseClient\self::deletePolicyAsync() .

Parameters
NameDescription
request Google\Cloud\Iam\V2\DeletePolicyRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example 
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Iam\V2\Client\PoliciesClient;
use Google\Cloud\Iam\V2\DeletePolicyRequest;
use Google\Cloud\Iam\V2\Policy;
use Google\Rpc\Status;

/**
 * @param string $name The resource name of the policy to delete. Format:
 *                     `policies/{attachment_point}/denypolicies/{policy_id}`
 *
 *
 *                     Use the URL-encoded full resource name, which means that the forward-slash
 *                     character, `/`, must be written as `%2F`. For example,
 *                     `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
 *
 *                     For organizations and folders, use the numeric ID in the full resource
 *                     name. For projects, you can use the alphanumeric or the numeric ID.
 */
function delete_policy_sample(string $name): void
{
    // Create a client.
    $policiesClient = new PoliciesClient();

    // Prepare the request message.
    $request = (new DeletePolicyRequest())
        ->setName($name);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $policiesClient->deletePolicy($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var Policy $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $name = '[NAME]';

    delete_policy_sample($name);
}

getPolicy

Gets a policy.

The async variant is Google\Cloud\Iam\V2\Client\BaseClient\self::getPolicyAsync() .

Parameters
NameDescription
request Google\Cloud\Iam\V2\GetPolicyRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V2\Policy
Example 
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V2\Client\PoliciesClient;
use Google\Cloud\Iam\V2\GetPolicyRequest;
use Google\Cloud\Iam\V2\Policy;

/**
 * @param string $name The resource name of the policy to retrieve. Format:
 *                     `policies/{attachment_point}/denypolicies/{policy_id}`
 *
 *
 *                     Use the URL-encoded full resource name, which means that the forward-slash
 *                     character, `/`, must be written as `%2F`. For example,
 *                     `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`.
 *
 *                     For organizations and folders, use the numeric ID in the full resource
 *                     name. For projects, you can use the alphanumeric or the numeric ID.
 */
function get_policy_sample(string $name): void
{
    // Create a client.
    $policiesClient = new PoliciesClient();

    // Prepare the request message.
    $request = (new GetPolicyRequest())
        ->setName($name);

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $policiesClient->getPolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $name = '[NAME]';

    get_policy_sample($name);
}

listPolicies

Retrieves the policies of the specified kind that are attached to a resource.

The response lists only policy metadata. In particular, policy rules are omitted.

The async variant is Google\Cloud\Iam\V2\Client\BaseClient\self::listPoliciesAsync() .

Parameters
NameDescription
request Google\Cloud\Iam\V2\ListPoliciesRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example 
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Iam\V2\Client\PoliciesClient;
use Google\Cloud\Iam\V2\ListPoliciesRequest;
use Google\Cloud\Iam\V2\Policy;

/**
 * @param string $parent The resource that the policy is attached to, along with the kind of policy
 *                       to list. Format:
 *                       `policies/{attachment_point}/denypolicies`
 *
 *
 *                       The attachment point is identified by its URL-encoded full resource name,
 *                       which means that the forward-slash character, `/`, must be written as
 *                       `%2F`. For example,
 *                       `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`.
 *
 *                       For organizations and folders, use the numeric ID in the full resource
 *                       name. For projects, you can use the alphanumeric or the numeric ID.
 */
function list_policies_sample(string $parent): void
{
    // Create a client.
    $policiesClient = new PoliciesClient();

    // Prepare the request message.
    $request = (new ListPoliciesRequest())
        ->setParent($parent);

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $policiesClient->listPolicies($request);

        /** @var Policy $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    list_policies_sample($parent);
}

updatePolicy

Updates the specified policy.

You can update only the rules and the display name for the policy.

To update a policy, you should use a read-modify-write loop:

  1. Use GetPolicy to read the current version of the policy.
  2. Modify the policy as needed.
  3. Use UpdatePolicy to write the updated policy.

This pattern helps prevent conflicts between concurrent updates.

The async variant is Google\Cloud\Iam\V2\Client\BaseClient\self::updatePolicyAsync() .

Parameters
NameDescription
request Google\Cloud\Iam\V2\UpdatePolicyRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example 
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Iam\V2\Client\PoliciesClient;
use Google\Cloud\Iam\V2\Policy;
use Google\Cloud\Iam\V2\UpdatePolicyRequest;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_policy_sample(): void
{
    // Create a client.
    $policiesClient = new PoliciesClient();

    // Prepare the request message.
    $policy = new Policy();
    $request = (new UpdatePolicyRequest())
        ->setPolicy($policy);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $policiesClient->updatePolicy($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var Policy $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

createPolicyAsync

Parameters
NameDescription
request Google\Cloud\Iam\V2\CreatePolicyRequest
optionalArgs = [] array
Returns
TypeDescription
GuzzleHttp\Promise\PromiseInterface

deletePolicyAsync

Parameters
NameDescription
request Google\Cloud\Iam\V2\DeletePolicyRequest
optionalArgs = [] array
Returns
TypeDescription
GuzzleHttp\Promise\PromiseInterface

getPolicyAsync

Parameters
NameDescription
request Google\Cloud\Iam\V2\GetPolicyRequest
optionalArgs = [] array
Returns
TypeDescription
GuzzleHttp\Promise\PromiseInterface

listPoliciesAsync

Parameters
NameDescription
request Google\Cloud\Iam\V2\ListPoliciesRequest
optionalArgs = [] array
Returns
TypeDescription
GuzzleHttp\Promise\PromiseInterface

updatePolicyAsync

Parameters
NameDescription
request Google\Cloud\Iam\V2\UpdatePolicyRequest
optionalArgs = [] array
Returns
TypeDescription
GuzzleHttp\Promise\PromiseInterface

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
TypeDescription
Google\ApiCore\LongRunning\OperationsClient

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
NameDescription
operationName string

The name of the long running operation

methodName string

The name of the method used to start the operation

Returns
TypeDescription
Google\ApiCore\OperationResponse