class Google::Cloud::Storage::Policy::Bindings

# Bindings

Enumerable object for managing Cloud IAM bindings associated with a bucket.

@see cloud.google.com/iam/docs/overview Cloud IAM Overview

@example Updating a Policy from version 1 to version 3:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access = true

bucket.policy requested_policy_version: 3 do |p|
  p.version # the value is 1
  p.version = 3 # Must be explicitly set to opt-in to support for conditions.

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end

Public Class Methods

new() click to toggle source

@private Creates a Bindings object.

# File lib/google/cloud/storage/policy/bindings.rb, line 59
def initialize
  @bindings = []
end

Public Instance Methods

each(&block) click to toggle source

Calls the block once for each binding in the collection, passing a {Google::Cloud::Storage::Policy::Binding} object as parameter. A {Google::Cloud::Storage::Policy::Binding} object is passed even when the arguments to {#insert} were hash objects.

If no block is given, an enumerator is returned instead.

@yield [binding] A binding in this bindings collection. @yieldparam [Google::Cloud::Storage::Policy::Binding] binding A

binding object, even when the arguments to {#insert} were hash
objects.

@return [Enumerator]

@example

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

policy = bucket.policy requested_policy_version: 3
policy.bindings.each do |binding|
  puts binding.role
end
# File lib/google/cloud/storage/policy/bindings.rb, line 171
def each &block
  return enum_for :each unless block_given?

  @bindings.each(&block)
end
insert(*bindings) click to toggle source

Adds a binding or bindings to the collection. The arguments may be {Google::Cloud::Storage::Policy::Binding} objects or equivalent hash objects that will be implicitly coerced to binding objects.

@param [Google::Cloud::Storage::Policy::Binding, Hash] bindings One

or more bindings to be added to the policy owning the collection.
The arguments may be {Google::Cloud::Storage::Policy::Binding}
objects or equivalent hash objects that will be implicitly coerced
to binding objects.

@return [Bindings] `self` for chaining.

@example Updating a Policy from version 1 to version 3:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access = true

bucket.policy requested_policy_version: 3 do |p|
  p.version # the value is 1
  p.version = 3 # Must be explicitly set to opt-in to support for conditions.

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end
# File lib/google/cloud/storage/policy/bindings.rb, line 100
def insert *bindings
  bindings = coerce_bindings(*bindings)
  @bindings += bindings
  self
end
remove(*bindings) click to toggle source

Deletes the binding or bindings from the collection that are equal to the arguments. The specification arguments may be {Google::Cloud::Storage::Policy::Binding} objects or equivalent hash objects that will be implicitly coerced to binding objects.

@param [Google::Cloud::Storage::Policy::Binding, Hash] bindings One

or more specifications for bindings to be removed from the
collection. The arguments may be
{Google::Cloud::Storage::Policy::Binding} objects or equivalent
hash objects that will be implicitly coerced to binding objects.

@return [Bindings] `self` for chaining.

@example

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.policy requested_policy_version: 3 do |p|
  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.remove({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end
# File lib/google/cloud/storage/policy/bindings.rb, line 139
def remove *bindings
  bindings = coerce_bindings(*bindings)
  @bindings -= bindings
  self
end
to_gapi() click to toggle source

@private

# File lib/google/cloud/storage/policy/bindings.rb, line 179
def to_gapi
  @bindings.map(&:to_gapi)
end

Protected Instance Methods

coerce_bindings(*bindings) click to toggle source
# File lib/google/cloud/storage/policy/bindings.rb, line 185
def coerce_bindings *bindings
  bindings.map do |binding|
    binding = Binding.new(**binding) if binding.is_a? Hash
    raise ArgumentError, "expected Binding, not #{binding.inspect}" unless binding.is_a? Binding
    binding
  end
end