Identity and Access Management (IAM) V3BETA API - Class Google::Iam::V3beta::PolicyBinding (v0.1.0)

Reference documentation and code samples for the Identity and Access Management (IAM) V3BETA API class Google::Iam::V3beta::PolicyBinding.

IAM policy binding resource.

Inherits

Object

Extended By

Google::Protobuf::MessageExts::ClassMethods

Includes

Google::Protobuf::MessageExts

Methods

#annotations

def annotations() -> ::Google::Protobuf::Map{::String => ::String}

Returns

(::Google::Protobuf::Map{::String => ::String}) — Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

#annotations=

def annotations=(value) -> ::Google::Protobuf::Map{::String => ::String}

Parameter

value (::Google::Protobuf::Map{::String => ::String}) — Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

Returns

(::Google::Protobuf::Map{::String => ::String}) — Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

#condition

def condition() -> ::Google::Type::Expr

Returns

(::Google::Type::Expr) —
Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.

The condition is currently only supported when bound to policies of kind principal access boundary.

When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'".

Allowed operations for principal.subject:
- principal.subject == <principal subject string>
- principal.subject != <principal subject string>
- principal.subject in [<list of principal subjects>]
- principal.subject.startsWith(<string>)
- principal.subject.endsWith(<string>)
Allowed operations for principal.type:
- principal.type == <principal type string>
- principal.type != <principal type string>
- principal.type in [<list of principal types>]
Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:
- iam.googleapis.com/WorkspaceIdentity
- iam.googleapis.com/WorkforcePoolIdentity
- iam.googleapis.com/WorkloadPoolIdentity
- iam.googleapis.com/ServiceAccount

#condition=

def condition=(value) -> ::Google::Type::Expr

Parameter

value (::Google::Type::Expr) —
Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.

The condition is currently only supported when bound to policies of kind principal access boundary.

When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'".

Allowed operations for principal.subject:
- principal.subject == <principal subject string>
- principal.subject != <principal subject string>
- principal.subject in [<list of principal subjects>]
- principal.subject.startsWith(<string>)
- principal.subject.endsWith(<string>)
Allowed operations for principal.type:
- principal.type == <principal type string>
- principal.type != <principal type string>
- principal.type in [<list of principal types>]
Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:
- iam.googleapis.com/WorkspaceIdentity
- iam.googleapis.com/WorkforcePoolIdentity
- iam.googleapis.com/WorkloadPoolIdentity
- iam.googleapis.com/ServiceAccount

Returns

(::Google::Type::Expr) —
Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.

The condition is currently only supported when bound to policies of kind principal access boundary.

When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'".

Allowed operations for principal.subject:
- principal.subject == <principal subject string>
- principal.subject != <principal subject string>
- principal.subject in [<list of principal subjects>]
- principal.subject.startsWith(<string>)
- principal.subject.endsWith(<string>)
Allowed operations for principal.type:
- principal.type == <principal type string>
- principal.type != <principal type string>
- principal.type in [<list of principal types>]
Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:
- iam.googleapis.com/WorkspaceIdentity
- iam.googleapis.com/WorkforcePoolIdentity
- iam.googleapis.com/WorkloadPoolIdentity
- iam.googleapis.com/ServiceAccount

#create_time

def create_time() -> ::Google::Protobuf::Timestamp

Returns

(::Google::Protobuf::Timestamp) — Output only. The time when the policy binding was created.

#display_name

def display_name() -> ::String

Returns

(::String) — Optional. The description of the policy binding. Must be less than or equal to 63 characters.

#display_name=

def display_name=(value) -> ::String

Parameter

value (::String) — Optional. The description of the policy binding. Must be less than or equal to 63 characters.

Returns

(::String) — Optional. The description of the policy binding. Must be less than or equal to 63 characters.

#etag

def etag() -> ::String

Returns

(::String) — Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.

#etag=

def etag=(value) -> ::String

Parameter

value (::String) — Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.

Returns

(::String) — Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.

#name

def name() -> ::String

Returns

(::String) —
Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.

Format:
- projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
- projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
- folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
- organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}

#name=

def name=(value) -> ::String

Parameter

value (::String) —
Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.

Format:
- projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
- projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
- folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
- organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}

Returns

(::String) —
Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.

Format:
- projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
- projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
- folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
- organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}

#policy

def policy() -> ::String

Returns

(::String) — Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.

#policy=

def policy=(value) -> ::String

Parameter

value (::String) — Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.

Returns

(::String) — Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.

#policy_kind

def policy_kind() -> ::Google::Iam::V3beta::PolicyBinding::PolicyKind

Returns

(::Google::Iam::V3beta::PolicyBinding::PolicyKind) —
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind

#policy_kind=

def policy_kind=(value) -> ::Google::Iam::V3beta::PolicyBinding::PolicyKind

Parameter

value (::Google::Iam::V3beta::PolicyBinding::PolicyKind) —
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind

Returns

(::Google::Iam::V3beta::PolicyBinding::PolicyKind) —
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind

#policy_uid

def policy_uid() -> ::String

Returns

(::String) — Output only. The globally unique ID of the policy to be bound.

#target

def target() -> ::Google::Iam::V3beta::PolicyBinding::Target

Returns

(::Google::Iam::V3beta::PolicyBinding::Target) — Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.

#target=

def target=(value) -> ::Google::Iam::V3beta::PolicyBinding::Target

Parameter

value (::Google::Iam::V3beta::PolicyBinding::Target) — Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.

Returns

(::Google::Iam::V3beta::PolicyBinding::Target) — Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.

#uid

def uid() -> ::String

Returns

(::String) — Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.

#update_time

def update_time() -> ::Google::Protobuf::Timestamp

Returns

(::Google::Protobuf::Timestamp) — Output only. The time when the policy binding was most recently updated.

Identity and Access Management (IAM) V3BETA API - Class Google::Iam::V3beta::PolicyBinding (v0.1.0) Stay organized with collections Save and categorize content based on your preferences.

Inherits

Extended By

Includes

Methods

#annotations

#annotations=

#condition

#condition=

#create_time

#display_name

#display_name=

#etag

#etag=

#name

#name=

#policy

#policy=

#policy_kind

#policy_kind=

#policy_uid

#target

#target=

#uid

#update_time

Identity and Access Management (IAM) V3BETA API - Class Google::Iam::V3beta::PolicyBinding (v0.1.0)