Reference documentation and code samples for the IAM API class Google::Iam::V1::IAMPolicy::Client.
Client for the IAMPolicy service.
API Overview
Manages Identity and Access Management (IAM) policies.
Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.
Data model
Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.
Policy Structure
See google.iam.v1.Policy
This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.
Inherits
- Object
Methods
.configure
def self.configure() { |config| ... } -> Client::Configuration
Configure the IAMPolicy Client class.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
# Modify the configuration for all IAMPolicy clients ::Google::Iam::V1::IAMPolicy::Client.configure do |config| config.timeout = 10.0 end
#configure
def configure() { |config| ... } -> Client::Configuration
Configure the IAMPolicy Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
#get_iam_policy
def get_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
def get_iam_policy(resource: nil, options: nil) -> ::Google::Iam::V1::Policy
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
def get_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
get_iam_policy
via a request object, either of type
GetIamPolicyRequest or an equivalent Hash.
- request (::Google::Iam::V1::GetIamPolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def get_iam_policy(resource: nil, options: nil) -> ::Google::Iam::V1::Policy
get_iam_policy
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- resource (::String) — REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
-
options (::Google::Iam::V1::GetPolicyOptions, ::Hash) — OPTIONAL: A
GetPolicyOptions
object for specifying options toGetIamPolicy
.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Iam::V1::Policy)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/iam/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Iam::V1::IAMPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Iam::V1::GetIamPolicyRequest.new # Call the get_iam_policy method. result = client.get_iam_policy request # The returned object is of type Google::Iam::V1::Policy. p result
#initialize
def initialize() { |config| ... } -> Client
Create a new IAMPolicy client object.
- (config) — Configure the IAMPolicy client.
- config (Client::Configuration)
- (Client) — a new instance of Client
# Create a client using the default configuration client = ::Google::Iam::V1::IAMPolicy::Client.new # Create a client using a custom configuration client = ::Google::Iam::V1::IAMPolicy::Client.new do |config| config.timeout = 10.0 end
#set_iam_policy
def set_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
def set_iam_policy(resource: nil, policy: nil, update_mask: nil) -> ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource. Replaces any existing policy.
Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
def set_iam_policy(request, options = nil) -> ::Google::Iam::V1::Policy
set_iam_policy
via a request object, either of type
SetIamPolicyRequest or an equivalent Hash.
- request (::Google::Iam::V1::SetIamPolicyRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def set_iam_policy(resource: nil, policy: nil, update_mask: nil) -> ::Google::Iam::V1::Policy
set_iam_policy
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- resource (::String) — REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
-
policy (::Google::Iam::V1::Policy, ::Hash) — REQUIRED: The complete policy to be applied to the
resource
. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. -
update_mask (::Google::Protobuf::FieldMask, ::Hash) — OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
the fields in the mask will be modified. If no mask is provided, the
following default mask is used:
paths: "bindings, etag"
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Iam::V1::Policy)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/iam/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Iam::V1::IAMPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Iam::V1::SetIamPolicyRequest.new # Call the set_iam_policy method. result = client.set_iam_policy request # The returned object is of type Google::Iam::V1::Policy. p result
#test_iam_permissions
def test_iam_permissions(request, options = nil) -> ::Google::Iam::V1::TestIamPermissionsResponse
def test_iam_permissions(resource: nil, permissions: nil) -> ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
If the resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND
error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
def test_iam_permissions(request, options = nil) -> ::Google::Iam::V1::TestIamPermissionsResponse
test_iam_permissions
via a request object, either of type
TestIamPermissionsRequest or an equivalent Hash.
- request (::Google::Iam::V1::TestIamPermissionsRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def test_iam_permissions(resource: nil, permissions: nil) -> ::Google::Iam::V1::TestIamPermissionsResponse
test_iam_permissions
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- resource (::String) — REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
-
permissions (::Array<::String>) — The set of permissions to check for the
resource
. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Iam::V1::TestIamPermissionsResponse)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/iam/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Iam::V1::IAMPolicy::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Iam::V1::TestIamPermissionsRequest.new # Call the test_iam_permissions method. result = client.test_iam_permissions request # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse. p result