Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Cloud Storage API - Class Google::Cloud::Storage::Policy::Binding (v1.43.0)

Reference documentation and code samples for the Cloud Storage API class Google::Cloud::Storage::Policy::Binding.

Binding

Value object associating members and an optional condition with a role.

Inherits

Object

Examples

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

policy = bucket.policy requested_policy_version: 3
policy.bindings.each do |binding|
  puts binding.role
end

Updating a Policy from version 1 to version 3:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access = true

bucket.policy requested_policy_version: 3 do |p|
  p.version # the value is 1
  p.version = 3 # Must be explicitly set to opt-in to support for conditions.

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end

Methods

#condition

def condition() -> Google::Cloud::Storage::Policy::Condition, nil

The condition that is associated with this binding, or nil if there is no condition. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.

Returns

(Google::Cloud::Storage::Policy::Condition, nil) — the current value of condition

#condition=

def condition=(title:, description: nil, expression:)

Sets the condition for the binding.

Overloads

def condition=(title:, description: nil, expression:)

Sets the condition for the binding.

Parameters

title (String) — Used to identify the condition. Required.
description (String) — Used to document the condition. Optional.
expression (String) — Defines an attribute-based logic expression using a subset of the Common Expression Language (CEL). The condition expression can contain multiple statements, each uses one attributes, and statements are combined using logic operators, following CEL language specification. Required.

#initialize

def initialize(role:, members:, condition: nil) -> Binding

Creates a Binding object.

Parameters

role (String) — Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.
members (Array<String>) —
Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.
- allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
- serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
- domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.
condition (Google::Cloud::Storage::Policy::Condition) (defaults to: nil) — The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently. Optional.

Returns

(Binding) — a new instance of Binding

Raises

(ArgumentError)

#members

def members() -> Array<String>

Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.

allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com.
serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. Required.

Returns

(Array<String>) — the current value of members

#members=

def members=(new_members)

Sets the members for the binding.

Raises

(ArgumentError)

#role

def role() -> String

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.

Returns

(String) — the current value of role

#role=

def role=(new_role)

Sets the role for the binding.