class Google::Cloud::Storage::PolicyV1

A subclass of {Google::Cloud::Storage::Policy} that supports access to {#roles} and related helpers. Attempts to call {#bindings} and {#version=} will raise a runtime error. To update the Policy version and add bindings with a newer syntax, use {Google::Cloud::Storage::PolicyV3} instead by calling {Google::Cloud::Storage::Bucket#policy} with `requested_policy_version: 3`. To obtain instances of this class, call {Google::Cloud::Storage::Bucket#policy} without the `requested_policy_version` keyword argument.

@attr [Hash] roles Returns the version 1 bindings (no conditions) as a hash that

associates roles with arrays of members. See [Understanding
Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
listing of primitive and curated roles. See [Buckets:
setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
for a listing of values and patterns for members.

@example

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.version # the value is 1
  p.remove "roles/storage.admin", "user:owner@example.com"
  p.add "roles/storage.admin", "user:newowner@example.com"
  p.roles["roles/storage.objectViewer"] = ["allUsers"]
end

Attributes

roles[R]

Public Class Methods

from_gapi(gapi) click to toggle source

@private New Policy from a Google::Apis::StorageV1::Policy object.

# File lib/google/cloud/storage/policy.rb, line 254
def self.from_gapi gapi
  roles = Array(gapi.bindings).each_with_object({}) do |binding, memo|
    memo[binding.role] = binding.members.to_a
  end
  new gapi.etag, gapi.version, roles
end
new(etag, version, roles) click to toggle source

@private Creates a PolicyV1 object.

Calls superclass method Google::Cloud::Storage::Policy::new
# File lib/google/cloud/storage/policy.rb, line 117
def initialize etag, version, roles
  super etag, version
  @roles = roles
end

Public Instance Methods

add(role_name, member) click to toggle source

Convenience method for adding a member to a binding on this policy. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Buckets: setIamPolicy](cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy) for a listing of values and patterns for members.

@param [String] role_name A Cloud IAM role, such as

`"roles/storage.admin"`.

@param [String] member A Cloud IAM identity, such as

`"user:owner@example.com"`.

@example

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.add "roles/storage.admin", "user:newowner@example.com"
end
# File lib/google/cloud/storage/policy.rb, line 146
def add role_name, member
  role(role_name) << member
end
bindings() click to toggle source

@private Illegal operation in PolicyV1. Use {#roles} instead.

@raise [RuntimeError] If called on this class.

# File lib/google/cloud/storage/policy.rb, line 227
def bindings
  raise "Illegal operation unless using PolicyV3. Use #roles instead."
end
deep_dup() click to toggle source

Returns a deep copy of the policy.

@deprecated Because the latest policy is now always retrieved by

{Bucket#policy}.

@return [Policy]

# File lib/google/cloud/storage/policy.rb, line 212
def deep_dup
  warn "DEPRECATED: Storage::PolicyV1#deep_dup"
  dup.tap do |p|
    roles_dup = p.roles.transform_values do |v|
      v.dup rescue value
    end
    p.instance_variable_set :@roles, roles_dup
  end
end
remove(role_name, member) click to toggle source

Convenience method for removing a member from a binding on this policy. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Buckets: setIamPolicy](cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy) for a listing of values and patterns for members.

@param [String] role_name A Cloud IAM role, such as

`"roles/storage.admin"`.

@param [String] member A Cloud IAM identity, such as

`"user:owner@example.com"`.

@example

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.remove "roles/storage.admin", "user:owner@example.com"
end
# File lib/google/cloud/storage/policy.rb, line 174
def remove role_name, member
  role(role_name).delete member
end
role(role_name) click to toggle source

Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in {#roles}. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Buckets: setIamPolicy](cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy) for a listing of values and patterns for members.

@return [Array<String>] The members strings, or an empty array.

@example

require "google/cloud/storage"

storage = Google::Cloud::Storage.new

bucket = storage.bucket "my-bucket"

bucket.policy do |p|
  p.role("roles/storage.admin") << "user:owner@example.com"
end
# File lib/google/cloud/storage/policy.rb, line 200
def role role_name
  roles[role_name] ||= []
end
to_gapi() click to toggle source

@private Convert the Policy to a Google::Apis::StorageV1::Policy.

# File lib/google/cloud/storage/policy.rb, line 243
def to_gapi
  Google::Apis::StorageV1::Policy.new(
    etag: etag,
    version: version,
    bindings: roles_to_gapi
  )
end
version=(*) click to toggle source

@private Illegal operation in PolicyV1. Use {Google::Cloud::Storage::PolicyV3#version=} instead.

@raise [RuntimeError] If called on this class.

# File lib/google/cloud/storage/policy.rb, line 236
def version=(*)
  raise "Illegal operation unless using PolicyV3."
end

Protected Instance Methods

roles_to_gapi() click to toggle source
# File lib/google/cloud/storage/policy.rb, line 263
def roles_to_gapi
  roles.keys.map do |role_name|
    next if roles[role_name].empty?
    Google::Apis::StorageV1::Policy::Binding.new(
      role: role_name,
      members: roles[role_name].uniq
    )
  end
end