A subclass of Policy that supports access to #roles
and related helpers. Attempts to call #bindings and #version= will
raise a runtime error. To update the Policy version and add bindings with a newer
syntax, use PolicyV3 instead by calling
Bucket#policy with requested_policy_version: 3
. To
obtain instances of this class, call Bucket#policy
without the requested_policy_version
keyword argument.
Inherits
Example
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.version # the value is 1 p.remove "roles/storage.admin", "user:owner@example.com" p.add "roles/storage.admin", "user:newowner@example.com" p.roles["roles/storage.objectViewer"] = ["allUsers"] end
Methods
#add
def add(role_name, member)
Convenience method for adding a member to a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.
-
role_name (String) — A Cloud IAM role, such as
"roles/storage.admin"
. -
member (String) — A Cloud IAM identity, such as
"user:owner@example.com"
.
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.add "roles/storage.admin", "user:newowner@example.com" end
#deep_dup
def deep_dup() -> Policy
Returns a deep copy of the policy.
- (Policy)
#remove
def remove(role_name, member)
Convenience method for removing a member from a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.
-
role_name (String) — A Cloud IAM role, such as
"roles/storage.admin"
. -
member (String) — A Cloud IAM identity, such as
"user:owner@example.com"
.
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.remove "roles/storage.admin", "user:owner@example.com" end
#role
def role(role_name) -> Array<String>
Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in #roles. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.
- (Array<String>) — The members strings, or an empty array.
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.role("roles/storage.admin") < "user:owner@example.com"="">
#roles
def roles() -> Hash
Returns the version 1 bindings (no conditions) as a hash that associates roles with arrays of members. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.
- (Hash) — the current value of roles
#roles=
def roles=(value) -> Hash
Returns the version 1 bindings (no conditions) as a hash that associates roles with arrays of members. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.
- value (Hash) — the newly set value
- (Hash) — the newly set value