class Google::Cloud::Storage::PolicyV1
A subclass of {Google::Cloud::Storage::Policy} that supports access to {#roles} and related helpers. Attempts to call {#bindings} and {#version=} will raise a runtime error. To update the Policy
version and add bindings with a newer syntax, use {Google::Cloud::Storage::PolicyV3} instead by calling {Google::Cloud::Storage::Bucket#policy} with `requested_policy_version: 3`. To obtain instances of this class, call {Google::Cloud::Storage::Bucket#policy} without the `requested_policy_version` keyword argument.
@attr [Hash] roles Returns the version 1 bindings (no conditions) as a hash that
associates roles with arrays of members. See [Understanding Roles](https://cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Buckets: setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy) for a listing of values and patterns for members.
@example
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.version # the value is 1 p.remove "roles/storage.admin", "user:owner@example.com" p.add "roles/storage.admin", "user:newowner@example.com" p.roles["roles/storage.objectViewer"] = ["allUsers"] end
Attributes
Public Class Methods
@private New Policy
from a Google::Apis::StorageV1::Policy object.
# File lib/google/cloud/storage/policy.rb, line 254 def self.from_gapi gapi roles = Array(gapi.bindings).each_with_object({}) do |binding, memo| memo[binding.role] = binding.members.to_a end new gapi.etag, gapi.version, roles end
@private Creates a PolicyV1
object.
Google::Cloud::Storage::Policy::new
# File lib/google/cloud/storage/policy.rb, line 117 def initialize etag, version, roles super etag, version @roles = roles end
Public Instance Methods
Convenience method for adding a member to a binding on this policy. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Buckets: setIamPolicy](cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy) for a listing of values and patterns for members.
@param [String] role_name A Cloud
IAM role, such as
`"roles/storage.admin"`.
@param [String] member A Cloud
IAM identity, such as
`"user:owner@example.com"`.
@example
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.add "roles/storage.admin", "user:newowner@example.com" end
# File lib/google/cloud/storage/policy.rb, line 146 def add role_name, member role(role_name) << member end
@private Illegal operation in PolicyV1
. Use {#roles} instead.
@raise [RuntimeError] If called on this class.
# File lib/google/cloud/storage/policy.rb, line 227 def bindings raise "Illegal operation unless using PolicyV3. Use #roles instead." end
Returns a deep copy of the policy.
@deprecated Because the latest policy is now always retrieved by
{Bucket#policy}.
@return [Policy]
# File lib/google/cloud/storage/policy.rb, line 212 def deep_dup warn "DEPRECATED: Storage::PolicyV1#deep_dup" dup.tap do |p| roles_dup = p.roles.transform_values do |v| v.dup rescue value end p.instance_variable_set :@roles, roles_dup end end
Convenience method for removing a member from a binding on this policy. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Buckets: setIamPolicy](cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy) for a listing of values and patterns for members.
@param [String] role_name A Cloud
IAM role, such as
`"roles/storage.admin"`.
@param [String] member A Cloud
IAM identity, such as
`"user:owner@example.com"`.
@example
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.remove "roles/storage.admin", "user:owner@example.com" end
# File lib/google/cloud/storage/policy.rb, line 174 def remove role_name, member role(role_name).delete member end
Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in {#roles}. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Buckets: setIamPolicy](cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy) for a listing of values and patterns for members.
@return [Array<String>] The members strings, or an empty array.
@example
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.policy do |p| p.role("roles/storage.admin") << "user:owner@example.com" end
# File lib/google/cloud/storage/policy.rb, line 200 def role role_name roles[role_name] ||= [] end
@private Illegal operation in PolicyV1
. Use {Google::Cloud::Storage::PolicyV3#version=} instead.
@raise [RuntimeError] If called on this class.
# File lib/google/cloud/storage/policy.rb, line 236 def version=(*) raise "Illegal operation unless using PolicyV3." end
Protected Instance Methods
# File lib/google/cloud/storage/policy.rb, line 263 def roles_to_gapi roles.keys.map do |role_name| next if roles[role_name].empty? Google::Apis::StorageV1::Policy::Binding.new( role: role_name, members: roles[role_name].uniq ) end end