Class Google::Cloud::Storage::Policy::Binding (v1.35.0)

Binding

Value object associating members and an optional condition with a role.

Inherits

  • Object

Examples

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

policy = bucket.policy requested_policy_version: 3
policy.bindings.each do |binding|
  puts binding.role
end

Updating a Policy from version 1 to version 3:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access = true

bucket.policy requested_policy_version: 3 do |p|
  p.version # the value is 1
  p.version = 3 # Must be explicitly set to opt-in to support for conditions.

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end

Methods

#condition

def condition() -> Google::Cloud::Storage::Policy::Condition, nil

The condition that is associated with this binding, or nil if there is no condition. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.

Returns

#condition=

def condition=(title:, description: nil, expression:)

Sets the condition for the binding.

Overloads
def condition=(title:, description: nil, expression:)
Sets the condition for the binding.
Parameters
  • title (String) — Used to identify the condition. Required.
  • description (String) — Used to document the condition. Optional.
  • expression (String) — Defines an attribute-based logic expression using a subset of the Common Expression Language (CEL). The condition expression can contain multiple statements, each uses one attributes, and statements are combined using logic operators, following CEL language specification. Required.

#initialize

def initialize(role:, members:, condition: nil) -> Binding

Creates a Binding object.

Parameters
  • role (String) — Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.
  • members (Array<String>) —

    Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.

    • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
    • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
    • user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
    • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
    • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
    • domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.
  • condition (Google::Cloud::Storage::Policy::Condition) (defaults to: nil) — The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently. Optional.
Returns
  • (Binding) — a new instance of Binding
Raises
  • (ArgumentError)

#members

def members() -> Array<String>

Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.
Returns
  • (Array<String>) — the current value of members

#members=

def members=(new_members)

Sets the members for the binding.

Raises
  • (ArgumentError)

#role

def role() -> String

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.

Returns
  • (String) — the current value of role

#role=

def role=(new_role)

Sets the role for the binding.