Class: Google::Iam::V1::IAMPolicy::Client
- Inherits:
-
Object
- Object
- Google::Iam::V1::IAMPolicy::Client
- Defined in:
- lib/google/iam/v1/iam_policy/client.rb
Overview
Client for the IAMPolicy service.
API Overview
Manages Identity and Access Management (IAM) policies.
Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.
Data model
Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.
Policy Structure
See google.iam.v1.Policy
This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.
Defined Under Namespace
Classes: Configuration
Instance Attribute Summary collapse
-
#location_client ⇒ Google::Cloud::Location::Locations::Client
readonly
Get the associated client for mix-in of the Locations.
Class Method Summary collapse
-
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
Instance Method Summary collapse
-
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
-
#get_iam_policy(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource.
-
#initialize {|config| ... } ⇒ Client
constructor
Create a new IAMPolicy client object.
-
#set_iam_policy(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource.
-
#test_iam_permissions(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
-
#universe_domain ⇒ String
The effective universe domain.
Constructor Details
#initialize {|config| ... } ⇒ Client
Create a new IAMPolicy client object.
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 144 def initialize # These require statements are intentionally placed here to initialize # the gRPC module only when it's required. # See https://github.com/googleapis/toolkit/issues/446 require "gapic/grpc" require "google/iam/v1/iam_policy_services_pb" # Create the configuration object @config = Configuration.new Client.configure # Yield the configuration if needed yield @config if block_given? # Create credentials credentials = @config.credentials # Use self-signed JWT if the endpoint is unchanged from default, # but only if the default endpoint does not have a region prefix. enable_self_signed_jwt = @config.endpoint.nil? || (@config.endpoint == Configuration::DEFAULT_ENDPOINT && !@config.endpoint.split(".").first.include?("-")) credentials ||= Credentials.default scope: @config.scope, enable_self_signed_jwt: enable_self_signed_jwt if credentials.is_a?(::String) || credentials.is_a?(::Hash) credentials = Credentials.new credentials, scope: @config.scope end @quota_project_id = @config.quota_project @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id @iam_policy_stub = ::Gapic::ServiceStub.new( ::Google::Iam::V1::IAMPolicy::Stub, credentials: credentials, endpoint: @config.endpoint, endpoint_template: DEFAULT_ENDPOINT_TEMPLATE, universe_domain: @config.universe_domain, channel_args: @config.channel_args, interceptors: @config.interceptors, channel_pool_config: @config.channel_pool ) @location_client = Google::Cloud::Location::Locations::Client.new do |config| config.credentials = credentials config.quota_project = @quota_project_id config.endpoint = @iam_policy_stub.endpoint config.universe_domain = @iam_policy_stub.universe_domain end end |
Instance Attribute Details
#location_client ⇒ Google::Cloud::Location::Locations::Client (readonly)
Get the associated client for mix-in of the Locations.
196 197 198 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 196 def location_client @location_client end |
Class Method Details
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
See Configuration for a description of the configuration fields.
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 82 def self.configure @configure ||= begin namespace = ["Google", "Iam", "V1"] parent_config = while namespace.any? parent_name = namespace.join "::" parent_const = const_get parent_name break parent_const.configure if parent_const.respond_to? :configure namespace.pop end default_config = Client::Configuration.new parent_config default_config end yield @configure if block_given? @configure end |
Instance Method Details
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on configure.
See Configuration for a description of the configuration fields.
114 115 116 117 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 114 def configure yield @config if block_given? @config end |
#get_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #get_iam_policy(resource: nil, options: nil) ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 350 def get_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.get_iam_policy..to_h # Set x-goog-api-client and x-goog-user-project headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::Batch::V1::VERSION [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs.get_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.get_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :get_iam_policy, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#set_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #set_iam_policy(resource: nil, policy: nil, update_mask: nil) ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource. Replaces any existing policy.
Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 259 def set_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.set_iam_policy..to_h # Set x-goog-api-client and x-goog-user-project headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::Batch::V1::VERSION [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs.set_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.set_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :set_iam_policy, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#test_iam_permissions(request, options = nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse #test_iam_permissions(resource: nil, permissions: nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
If the resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND
error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 447 def request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs...to_h # Set x-goog-api-client and x-goog-user-project headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::Batch::V1::VERSION [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs..timeout, metadata: , retry_policy: @config.rpcs..retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :test_iam_permissions, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#universe_domain ⇒ String
The effective universe domain
124 125 126 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 124 def universe_domain @iam_policy_stub.universe_domain end |