Google Cloud Iam V3 Client - Class PolicyBinding (1.1.0)

Reference documentation and code samples for the Google Cloud Iam V3 Client class PolicyBinding.

IAM policy binding resource.

Generated from protobuf message google.iam.v3.PolicyBinding

Namespace

Google \ Cloud \ Iam \ V3

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.
↳ name string

Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format: * * projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id} * * projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id} * * folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id} * * organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
↳ uid string

Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
↳ etag string

Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
↳ display_name string

Optional. The description of the policy binding. Must be less than or equal to 63 characters.
↳ annotations array|Google\Protobuf\Internal\MapField

Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
↳ target PolicyBinding\Target

Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
↳ policy_kind int

Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind
↳ policy string

Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.
↳ policy_uid string

Output only. The globally unique ID of the policy to be bound.
↳ condition Google\Type\Expr

Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters. The condition is currently only supported when bound to policies of kind principal access boundary. When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'". Allowed operations for principal.subject: - principal.subject == <principal subject string> - principal.subject != <principal subject string> - principal.subject in [<list of principal subjects>] - principal.subject.startsWith(<string>) - principal.subject.endsWith(<string>) Allowed operations for principal.type: - principal.type == <principal type string> - principal.type != <principal type string> - principal.type in [<list of principal types>] Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of: - iam.googleapis.com/WorkspaceIdentity - iam.googleapis.com/WorkforcePoolIdentity - iam.googleapis.com/WorkloadPoolIdentity - iam.googleapis.com/ServiceAccount
↳ create_time Google\Protobuf\Timestamp

Output only. The time when the policy binding was created.
↳ update_time Google\Protobuf\Timestamp

Output only. The time when the policy binding was most recently updated.

getName

Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}.

The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format:

  • projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
  • projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
  • folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
  • organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
Returns
Type Description
string

setName

Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}.

The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format:

  • projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
  • projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
  • folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
  • organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
Parameter
Name Description
var string
Returns
Type Description
$this

getUid

Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.

Returns
Type Description
string

setUid

Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.

Parameter
Name Description
var string
Returns
Type Description
$this

getEtag

Optional. The etag for the policy binding.

If this is provided on update, it must match the server's etag.

Returns
Type Description
string

setEtag

Optional. The etag for the policy binding.

If this is provided on update, it must match the server's etag.

Parameter
Name Description
var string
Returns
Type Description
$this

getDisplayName

Optional. The description of the policy binding. Must be less than or equal to 63 characters.

Returns
Type Description
string

setDisplayName

Optional. The description of the policy binding. Must be less than or equal to 63 characters.

Parameter
Name Description
var string
Returns
Type Description
$this

getAnnotations

Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

Returns
Type Description
Google\Protobuf\Internal\MapField

setAnnotations

Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

Parameter
Name Description
var array|Google\Protobuf\Internal\MapField
Returns
Type Description
$this

getTarget

Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.

Returns
Type Description
PolicyBinding\Target|null

hasTarget

clearTarget

setTarget

Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.

Parameter
Name Description
var PolicyBinding\Target
Returns
Type Description
$this

getPolicyKind

Immutable. The kind of the policy to attach in this binding. This field must be one of the following:

  • Left empty (will be automatically set to the policy kind)
  • The input policy kind
Returns
Type Description
int

setPolicyKind

Immutable. The kind of the policy to attach in this binding. This field must be one of the following:

  • Left empty (will be automatically set to the policy kind)
  • The input policy kind
Parameter
Name Description
var int
Returns
Type Description
$this

getPolicy

Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.

Returns
Type Description
string

setPolicy

Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.

Parameter
Name Description
var string
Returns
Type Description
$this

getPolicyUid

Output only. The globally unique ID of the policy to be bound.

Returns
Type Description
string

setPolicyUid

Output only. The globally unique ID of the policy to be bound.

Parameter
Name Description
var string
Returns
Type Description
$this

getCondition

Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.

The condition is currently only supported when bound to policies of kind principal access boundary. When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'". Allowed operations for principal.subject:

  • principal.subject == <principal subject string>
  • principal.subject != <principal subject string>
  • principal.subject in [<list of principal subjects>]
  • principal.subject.startsWith(<string>)
  • principal.subject.endsWith(<string>) Allowed operations for principal.type:
  • principal.type == <principal type string>
  • principal.type != <principal type string>
  • principal.type in [<list of principal types>] Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:
  • iam.googleapis.com/WorkspaceIdentity
  • iam.googleapis.com/WorkforcePoolIdentity
  • iam.googleapis.com/WorkloadPoolIdentity
  • iam.googleapis.com/ServiceAccount
Returns
Type Description
Google\Type\Expr|null

hasCondition

clearCondition

setCondition

Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.

The condition is currently only supported when bound to policies of kind principal access boundary. When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'". Allowed operations for principal.subject:

  • principal.subject == <principal subject string>
  • principal.subject != <principal subject string>
  • principal.subject in [<list of principal subjects>]
  • principal.subject.startsWith(<string>)
  • principal.subject.endsWith(<string>) Allowed operations for principal.type:
  • principal.type == <principal type string>
  • principal.type != <principal type string>
  • principal.type in [<list of principal types>] Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:
  • iam.googleapis.com/WorkspaceIdentity
  • iam.googleapis.com/WorkforcePoolIdentity
  • iam.googleapis.com/WorkloadPoolIdentity
  • iam.googleapis.com/ServiceAccount
Parameter
Name Description
var Google\Type\Expr
Returns
Type Description
$this

getCreateTime

Output only. The time when the policy binding was created.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasCreateTime

clearCreateTime

setCreateTime

Output only. The time when the policy binding was created.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this

getUpdateTime

Output only. The time when the policy binding was most recently updated.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasUpdateTime

clearUpdateTime

setUpdateTime

Output only. The time when the policy binding was most recently updated.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this