Cloud Storage API - Class Google::Cloud::Storage::Policy::Binding (v1.57.0)

Reference documentation and code samples for the Cloud Storage API class Google::Cloud::Storage::Policy::Binding.

Binding

Value object associating members and an optional condition with a role.

Inherits

  • Object

Examples

require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" policy = bucket.policy requested_policy_version: 3 policy.bindings.each do |binding|  puts binding.role end

Updating a Policy from version 1 to version 3:

require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.uniform_bucket_level_access = true bucket.policy requested_policy_version: 3 do |p|  p.version # the value is 1  p.version = 3 # Must be explicitly set to opt-in to support for conditions.  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"  p.bindings.insert({  role: "roles/storage.admin",  members: ["user:owner@example.com"],  condition: {  title: "my-condition",  description: "description of condition",  expression: expr  }  }) end

Methods

#condition

def condition() -> Google::Cloud::Storage::Policy::Condition, nil

The condition that is associated with this binding, or nil if there is no condition. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.

Returns

#condition=

def condition=(title:, description: nil, expression:)

Sets the condition for the binding.

Overloads 
def condition=(title:, description: nil, expression:)
Sets the condition for the binding.
Parameters
  • title (String) — Used to identify the condition. Required.
  • description (String) — Used to document the condition. Optional.
  • expression (String) — Defines an attribute-based logic expression using a subset of the Common Expression Language (CEL). The condition expression can contain multiple statements, each uses one attributes, and statements are combined using logic operators, following CEL language specification. Required.

#initialize

def initialize(role:, members:, condition: nil) -> Binding

Creates a Binding object.

Parameters
  • role (String) — Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.
  • members (Array<String>) —

    Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.

    • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
    • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
    • user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
    • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
    • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
    • domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.
  • condition (Google::Cloud::Storage::Policy::Condition) (defaults to: nil) — The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently. Optional.
Returns
  • (Binding) — a new instance of Binding
Raises
  • (ArgumentError)

#members

def members() -> Array<String>

Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.
Returns
  • (Array<String>) — the current value of members

#members=

def members=(new_members)

Sets the members for the binding.

Raises
  • (ArgumentError)

#role

def role() -> String

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.

Returns
  • (String) — the current value of role

#role=

def role=(new_role)

Sets the role for the binding.