Binding
Value object associating members and an optional condition with a role.
Inherits
- Object
Examples
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" policy = bucket.policy requested_policy_version: 3 policy.bindings.each do |binding| puts binding.role end
Updating a Policy from version 1 to version 3:
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.uniform_bucket_level_access = true bucket.policy requested_policy_version: 3 do |p| p.version # the value is 1 p.version = 3 # Must be explicitly set to opt-in to support for conditions. expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")" p.bindings.insert({ role: "roles/storage.admin", members: ["user:owner@example.com"], condition: { title: "my-condition", description: "description of condition", expression: expr } }) end
Methods
#condition
def condition() -> Google::Cloud::Storage::Policy::Condition, nil
The
condition that is associated with this binding, or nil
if there is
no condition. NOTE: An unsatisfied condition will not allow user
access via current binding. Different bindings, including their
conditions, are examined independently.
- (Google::Cloud::Storage::Policy::Condition, nil) — the current value of condition
#condition=
def condition=(title:, description: nil, expression:)
Sets the condition for the binding.
def condition=(title:, description: nil, expression:)
- title (String) — Used to identify the condition. Required.
- description (String) — Used to document the condition. Optional.
- expression (String) — Defines an attribute-based logic expression using a subset of the Common Expression Language (CEL). The condition expression can contain multiple statements, each uses one attributes, and statements are combined using logic operators, following CEL language specification. Required.
#initialize
def initialize(role:, members:, condition: nil) -> Binding
Creates a Binding object.
-
role (String) — Role that is assigned to members. For example,
roles/viewer
,roles/editor
, orroles/owner
. Required. -
members (Array<String>) —
Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.
allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account.allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account.user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
.serviceAccount:{emailid}
: An email address that represents a service account. For example,my-other-app@appspot.gserviceaccount.com
.group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
.domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. Required.
- condition (Google::Cloud::Storage::Policy::Condition) (defaults to: nil) — The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently. Optional.
- (Binding) — a new instance of Binding
- (ArgumentError)
#members
def members() -> Array<String>
Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.
allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account.allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account.user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
.serviceAccount:{emailid}
: An email address that represents a service account. For example,my-other-app@appspot.gserviceaccount.com
.group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
.domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. Required.
- (Array<String>) — the current value of members
#members=
def members=(new_members)
Sets the members for the binding.
- (ArgumentError)
#role
def role() -> String
Role that is assigned to members. For example,
roles/viewer
, roles/editor
, or roles/owner
. Required.
- (String) — the current value of role
#role=
def role=(new_role)
Sets the role for the binding.