Cloud Storage API - Class Google::Cloud::Storage::PolicyV1 (v1.53.0)

Reference documentation and code samples for the Cloud Storage API class Google::Cloud::Storage::PolicyV1.

A subclass of Policy that supports access to #roles and related helpers. Attempts to call #bindings and #version= will raise a runtime error. To update the Policy version and add bindings with a newer syntax, use PolicyV3 instead by calling Bucket#policy with requested_policy_version: 3. To obtain instances of this class, call Bucket#policy without the requested_policy_version keyword argument.

Example

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.version # the value is 1
  p.remove "roles/storage.admin", "user:owner@example.com"
  p.add "roles/storage.admin", "user:newowner@example.com"
  p.roles["roles/storage.objectViewer"] = ["allUsers"]
end

Methods

#add

def add(role_name, member)

Convenience method for adding a member to a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Parameters
  • role_name (String) — A Cloud IAM role, such as "roles/storage.admin".
  • member (String) — A Cloud IAM identity, such as "user:owner@example.com".
Example
require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.add "roles/storage.admin", "user:newowner@example.com"
end

#deep_dup

def deep_dup() -> Policy

Returns a deep copy of the policy.

Returns

#remove

def remove(role_name, member)

Convenience method for removing a member from a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Parameters
  • role_name (String) — A Cloud IAM role, such as "roles/storage.admin".
  • member (String) — A Cloud IAM identity, such as "user:owner@example.com".
Example
require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.remove "roles/storage.admin", "user:owner@example.com"
end

#role

def role(role_name) -> Array<String>

Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in #roles. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Returns
  • (Array<String>) — The members strings, or an empty array.
Example
require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.role("roles/storage.admin") << "user:owner@example.com"
end

#roles

def roles() -> Hash

Returns the version 1 bindings (no conditions) as a hash that associates roles with arrays of members. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Returns
  • (Hash) — the current value of roles

#roles=

def roles=(value) -> Hash

Returns the version 1 bindings (no conditions) as a hash that associates roles with arrays of members. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.

Parameter
  • value (Hash) — the newly set value
Returns
  • (Hash) — the newly set value