Cloud Key Management Service (KMS) V1 API - Class Google::Cloud::Kms::V1::IAMPolicy::Client (v0.13.0)

Reference documentation and code samples for the Cloud Key Management Service (KMS) V1 API class Google::Cloud::Kms::V1::IAMPolicy::Client.

Client for the IAMPolicy service.

API Overview

Manages Identity and Access Management (IAM) policies.

Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.

Data model

Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.

Policy Structure

See google.iam.v1.Policy

This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.

Inherits

  • Object

Methods

.configure

def self.configure() { |config| ... } -> Client::Configuration

Configure the IAMPolicy Client class.

See Configuration for a description of the configuration fields.

Yields
  • (config) — Configure the Client client.
Yield Parameter
Example
# Modify the configuration for all IAMPolicy clients
::Google::Cloud::Kms::V1::IAMPolicy::Client.configure do |config|
  config.timeout = 10.0
end

#configure

def configure() { |config| ... } -> Client::Configuration

Configure the IAMPolicy Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.

See Configuration for a description of the configuration fields.

Yields
  • (config) — Configure the Client client.
Yield Parameter

#get_iam_policy

def get_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
def get_iam_policy(resource: nil, options: nil) -> ::Google::Iam::V1::Policy

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Overloads
def get_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
Pass arguments to get_iam_policy via a request object, either of type Iam::V1::GetIamPolicyRequest or an equivalent Hash.
Parameters
  • request (::Google::Iam::V1::GetIamPolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_iam_policy(resource: nil, options: nil) -> ::Google::Iam::V1::Policy
Pass arguments to get_iam_policy via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • resource (::String) — REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
  • options (::Google::Iam::V1::GetPolicyOptions, ::Hash) — OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/iam/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::IAMPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Iam::V1::GetIamPolicyRequest.new

# Call the get_iam_policy method.
result = client.get_iam_policy request

# The returned object is of type Google::Iam::V1::Policy.
p result

#initialize

def initialize() { |config| ... } -> Client

Create a new IAMPolicy client object.

Yields
  • (config) — Configure the IAMPolicy client.
Yield Parameter
Returns
  • (Client) — a new instance of Client
Example
# Create a client using the default configuration
client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new

# Create a client using a custom configuration
client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new do |config|
  config.timeout = 10.0
end

#set_iam_policy

def set_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
def set_iam_policy(resource: nil, policy: nil, update_mask: nil) -> ::Google::Iam::V1::Policy

Sets the access control policy on the specified resource. Replaces any existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.

Overloads
def set_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
Pass arguments to set_iam_policy via a request object, either of type Iam::V1::SetIamPolicyRequest or an equivalent Hash.
Parameters
  • request (::Google::Iam::V1::SetIamPolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def set_iam_policy(resource: nil, policy: nil, update_mask: nil) -> ::Google::Iam::V1::Policy
Pass arguments to set_iam_policy via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • resource (::String) — REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
  • policy (::Google::Iam::V1::Policy, ::Hash) — REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
  • update_mask (::Google::Protobuf::FieldMask, ::Hash) — OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:

    paths: "bindings, etag"

Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/iam/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::IAMPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Iam::V1::SetIamPolicyRequest.new

# Call the set_iam_policy method.
result = client.set_iam_policy request

# The returned object is of type Google::Iam::V1::Policy.
p result

#test_iam_permissions

def test_iam_permissions(request, options = nil) -> ::Google::Iam::V1::TestIamPermissionsResponse
def test_iam_permissions(resource: nil, permissions: nil) -> ::Google::Iam::V1::TestIamPermissionsResponse

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Overloads
def test_iam_permissions(request, options = nil) -> ::Google::Iam::V1::TestIamPermissionsResponse
Pass arguments to test_iam_permissions via a request object, either of type Iam::V1::TestIamPermissionsRequest or an equivalent Hash.
Parameters
  • request (::Google::Iam::V1::TestIamPermissionsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
  • options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def test_iam_permissions(resource: nil, permissions: nil) -> ::Google::Iam::V1::TestIamPermissionsResponse
Pass arguments to test_iam_permissions via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).
Parameters
  • resource (::String) — REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
  • permissions (::Array<::String>) — The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.
Yields
  • (response, operation) — Access the result along with the RPC operation
Yield Parameters
Raises
  • (::Google::Cloud::Error) — if the RPC is aborted.
Example

Basic example

require "google/iam/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::IAMPolicy::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Iam::V1::TestIamPermissionsRequest.new

# Call the test_iam_permissions method.
result = client.test_iam_permissions request

# The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
p result