A subclass of Policy that supports access to #bindings
and #version=. Attempts to call #roles and relate helpers will raise a runtime
error. This class may be used to update the Policy version and add bindings with a newer
syntax. To obtain instances of this class, call Bucket#policy
with requested_policy_version: 3.
Inherits
Examples
Updating Policy version 1 to version 3:
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.uniform_bucket_level_access = true bucket.policy requested_policy_version: 3 do |p| p.version # the value is 1 p.version = 3 expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")" p.bindings.insert({ role: "roles/storage.admin", members: ["user:owner@example.com"], condition: { title: "my-condition", description: "description of condition", expression: expr } }) end
Using Policy version 3:
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.uniform_bucket_level_access? # true bucket.policy requested_policy_version: 3 do |p| p.version = 3 # Must be explicitly set to opt-in to support for conditions. expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")" p.bindings.insert({ role: "roles/storage.admin", members: ["user:owner@example.com"], condition: { title: "my-condition", description: "description of condition", expression: expr } }) end
Methods
#bindings
def bindings() -> BindingsReturns the Policy's bindings object that associate roles with an array of members. Conditions can be configured on the Google::Cloud::Storage::Policy::Binding object. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.
- (Bindings) — the current value of bindings
#bindings=
def bindings=(value) -> BindingsReturns the Policy's bindings object that associate roles with an array of members. Conditions can be configured on the Google::Cloud::Storage::Policy::Binding object. See Understanding Roles for a listing of primitive and curated roles. See Buckets: setIamPolicy for a listing of values and patterns for members.
- value (Bindings) — the newly set value
- (Bindings) — the newly set value
#version=
def version=(new_version)Updates the syntax schema version of the policy. Each version of the policy contains a specific syntax schema that can be used by bindings. The newer version may contain role bindings with the newer syntax schema that is unsupported by earlier versions. This field is not intended to be used for any purposes other than policy syntax schema control.
The following policy versions are valid:
- 1 - The first version of Cloud IAM policy schema. Supports binding one role to one or more members. Does not support conditional bindings.
- 3 - Introduces the condition field in the role binding, which further constrains the role binding via context-based and attribute-based rules. See Understanding policies and Overview of Cloud IAM Conditions for more information.
- new_version (Integer) — The syntax schema version of the policy.
Updating Policy version 1 to version 3:
require "google/cloud/storage" storage = Google::Cloud::Storage.new bucket = storage.bucket "my-bucket" bucket.uniform_bucket_level_access = true bucket.policy requested_policy_version: 3 do |p| p.version # the value is 1 p.version = 3 expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")" p.bindings.insert({ role: "roles/storage.admin", members: ["user:owner@example.com"], condition: { title: "my-condition", description: "description of condition", expression: expr } }) end