Class: Google::Cloud::Storage::Policy::Condition

Inherits:

Object

• Object
• Google::Cloud::Storage::Policy::Condition

Defined in:

lib/google/cloud/storage/policy/condition.rb

Overview

Condition

Value object accepting an attribute-based logic expression based on a subset of the Common Expression Language (CEL).

Examples:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

policy = bucket.policy requested_policy_version: 3
policy.bindings.each do |binding|
  puts binding.condition.title if binding.condition
end

Updating a Policy from version 1 to version 3 by adding a condition:

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket = storage.bucket "my-bucket"

bucket.uniform_bucket_level_access = true

bucket.policy requested_policy_version: 3 do |p|
  p.version # the value is 1
  p.version = 3 # Must be explicitly set to opt-in to support for conditions.

  expr = "resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")"
  p.bindings.insert({
                      role: "roles/storage.admin",
                      members: ["user:owner@example.com"],
                      condition: {
                        title: "my-condition",
                        description: "description of condition",
                        expression: expr
                      }
                    })
end

See Also:

• Cloud IAM policies with conditions

Instance Attribute Summary

• #description ⇒ String

  Used to document the condition.

• #expression ⇒ String

  Defines an attribute-based logic expression using a subset of the Common Expression Language (CEL).

• #title ⇒ String

  Used to identify the condition.

Instance Method Summary

• #initialize(title:, description: nil, expression:) ⇒ Condition constructor

  Creates a Condition object.

• #to_gapi ⇒ Object

Constructor Details

#initialize(title:, description: nil, expression:) ⇒ Condition

Creates a Condition object.

Parameters:

• title (String) —

  Used to identify the condition. Required.

• description (String) (defaults to: nil) —

  Used to document the condition. Optional.

• expression (String) —

  Defines an attribute-based logic expression using a subset of the Common Expression Language (CEL). The condition expression can contain multiple statements, each uses one attributes, and statements are combined using logic operators, following CEL language specification. Required.

# File 'lib/google/cloud/storage/policy/condition.rb', line 86

def initialize title:, description: nil, expression:
  @title = String title
  @description = String description
  @expression = String expression
end

Instance Attribute Details

#description ⇒ String

Used to document the condition. Optional.

Returns:

• (String) —

  the current value of description

# File 'lib/google/cloud/storage/policy/condition.rb', line 72

def description
  @description
end

#expression ⇒ String

Defines an attribute-based logic expression using a subset of the Common Expression Language (CEL). The condition expression can contain multiple statements, each uses one attributes, and statements are combined using logic operators, following CEL language specification. Required.

Returns:

• (String) —

  the current value of expression

# File 'lib/google/cloud/storage/policy/condition.rb', line 72

def expression
  @expression
end

#title ⇒ String

Used to identify the condition. Required.

Returns:

• (String) —

  the current value of title

# File 'lib/google/cloud/storage/policy/condition.rb', line 72

def title
  @title
end

Instance Method Details

#to_gapi ⇒ Object

# File 'lib/google/cloud/storage/policy/condition.rb', line 125

def to_gapi
  {
    title: @title,
    description: @description,
    expression: @expression
  }.delete_if { |_, v| v.nil? }
end