Class: Google::Iam::V1::IAMPolicy::Rest::Client
- Inherits:
-
Object
- Object
- Google::Iam::V1::IAMPolicy::Rest::Client
- Defined in:
- lib/google/iam/v1/iam_policy/rest/client.rb
Overview
REST client for the IAMPolicy service.
API Overview
Manages Identity and Access Management (IAM) policies.
Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.
Data model
Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.
Policy Structure
See google.iam.v1.Policy
This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.
Defined Under Namespace
Classes: Configuration
Instance Attribute Summary collapse
-
#location_client ⇒ Google::Cloud::Location::Locations::Rest::Client
readonly
Get the associated client for mix-in of the Locations.
Class Method Summary collapse
-
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
Instance Method Summary collapse
-
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
-
#get_iam_policy(request, options = nil) {|result, operation| ... } ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource.
-
#initialize {|config| ... } ⇒ Client
constructor
Create a new IAMPolicy REST client object.
-
#logger ⇒ Logger
The logger used for request/response debug logging.
-
#set_iam_policy(request, options = nil) {|result, operation| ... } ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource.
-
#test_iam_permissions(request, options = nil) {|result, operation| ... } ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
-
#universe_domain ⇒ String
The effective universe domain.
Constructor Details
#initialize {|config| ... } ⇒ Client
Create a new IAMPolicy REST client object.
148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 148 def initialize # Create the configuration object @config = Configuration.new Client.configure # Yield the configuration if needed yield @config if block_given? # Create credentials credentials = @config.credentials # Use self-signed JWT if the endpoint is unchanged from default, # but only if the default endpoint does not have a region prefix. enable_self_signed_jwt = @config.endpoint.nil? || (@config.endpoint == Configuration::DEFAULT_ENDPOINT && !@config.endpoint.split(".").first.include?("-")) credentials ||= Credentials.default scope: @config.scope, enable_self_signed_jwt: enable_self_signed_jwt if credentials.is_a?(::String) || credentials.is_a?(::Hash) credentials = Credentials.new credentials, scope: @config.scope end @quota_project_id = @config.quota_project @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id @iam_policy_stub = ::Google::Iam::V1::IAMPolicy::Rest::ServiceStub.new( endpoint: @config.endpoint, endpoint_template: DEFAULT_ENDPOINT_TEMPLATE, universe_domain: @config.universe_domain, credentials: credentials, logger: @config.logger ) @iam_policy_stub.logger(stub: true)&.info do |entry| entry.set_system_name entry.set_service entry. = "Created client for #{entry.service}" entry.set_credentials_fields credentials entry.set "customEndpoint", @config.endpoint if @config.endpoint entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end @location_client = Google::Cloud::Location::Locations::Rest::Client.new do |config| config.credentials = credentials config.quota_project = @quota_project_id config.endpoint = @iam_policy_stub.endpoint config.universe_domain = @iam_policy_stub.universe_domain config.bindings_override = @config.bindings_override config.logger = @iam_policy_stub.logger if config.respond_to? :logger= end end |
Instance Attribute Details
#location_client ⇒ Google::Cloud::Location::Locations::Rest::Client (readonly)
Get the associated client for mix-in of the Locations.
204 205 206 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 204 def location_client @location_client end |
Class Method Details
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
See Configuration for a description of the configuration fields.
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 86 def self.configure @configure ||= begin namespace = ["Google", "Iam", "V1"] parent_config = while namespace.any? parent_name = namespace.join "::" parent_const = const_get parent_name break parent_const.configure if parent_const.respond_to? :configure namespace.pop end default_config = Client::Configuration.new parent_config default_config end yield @configure if block_given? @configure end |
Instance Method Details
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on configure.
See Configuration for a description of the configuration fields.
118 119 120 121 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 118 def configure yield @config if block_given? @config end |
#get_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #get_iam_policy(resource: nil, options: nil) ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 359 def get_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.get_iam_policy..to_h # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::Batch::V1::VERSION, transports_version_send: [:rest] [:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty? [:"x-goog-user-project"] = @quota_project_id if @quota_project_id .apply_defaults timeout: @config.rpcs.get_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.get_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.get_iam_policy request, do |result, operation| yield result, operation if block_given? end rescue ::Gapic::Rest::Error => e raise ::Google::Cloud::Error.from_error(e) end |
#logger ⇒ Logger
The logger used for request/response debug logging.
211 212 213 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 211 def logger @iam_policy_stub.logger end |
#set_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #set_iam_policy(resource: nil, policy: nil, update_mask: nil) ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource. Replaces any existing policy.
Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 275 def set_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.set_iam_policy..to_h # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::Batch::V1::VERSION, transports_version_send: [:rest] [:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty? [:"x-goog-user-project"] = @quota_project_id if @quota_project_id .apply_defaults timeout: @config.rpcs.set_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.set_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.set_iam_policy request, do |result, operation| yield result, operation if block_given? end rescue ::Gapic::Rest::Error => e raise ::Google::Cloud::Error.from_error(e) end |
#test_iam_permissions(request, options = nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse #test_iam_permissions(resource: nil, permissions: nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
If the resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND
error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 449 def request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs...to_h # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::Batch::V1::VERSION, transports_version_send: [:rest] [:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty? [:"x-goog-user-project"] = @quota_project_id if @quota_project_id .apply_defaults timeout: @config.rpcs..timeout, metadata: , retry_policy: @config.rpcs..retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub. request, do |result, operation| yield result, operation if block_given? end rescue ::Gapic::Rest::Error => e raise ::Google::Cloud::Error.from_error(e) end |
#universe_domain ⇒ String
The effective universe domain
128 129 130 |
# File 'lib/google/iam/v1/iam_policy/rest/client.rb', line 128 def universe_domain @iam_policy_stub.universe_domain end |