Class: Google::Iam::V1::IAMPolicy::Client
- Inherits:
-
Object
- Object
- Google::Iam::V1::IAMPolicy::Client
- Defined in:
- lib/google/iam/v1/iam_policy/client.rb
Overview
Client for the IAMPolicy service.
API Overview
Manages Identity and Access Management (IAM) policies.
Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.
Data model
Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.
Policy Structure
See google.iam.v1.Policy
This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.
Defined Under Namespace
Classes: Configuration
Class Method Summary collapse
-
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
Instance Method Summary collapse
-
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
-
#get_iam_policy(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource.
-
#initialize {|config| ... } ⇒ Client
constructor
Create a new IAMPolicy client object.
-
#set_iam_policy(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource.
-
#test_iam_permissions(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
-
#universe_domain ⇒ String
The effective universe domain.
Constructor Details
#initialize {|config| ... } ⇒ Client
Create a new IAMPolicy client object.
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 145 def initialize # These require statements are intentionally placed here to initialize # the gRPC module only when it's required. # See https://github.com/googleapis/toolkit/issues/446 require "gapic/grpc" require "google/iam/v1/iam_policy_services_pb" # Create the configuration object @config = Configuration.new Client.configure # Yield the configuration if needed yield @config if block_given? # Create credentials credentials = @config.credentials # Use self-signed JWT if the endpoint is unchanged from default, # but only if the default endpoint does not have a region prefix. enable_self_signed_jwt = @config.endpoint.nil? || (@config.endpoint == Configuration::DEFAULT_ENDPOINT && !@config.endpoint.split(".").first.include?("-")) credentials ||= Credentials.default scope: @config.scope, enable_self_signed_jwt: enable_self_signed_jwt if credentials.is_a?(::String) || credentials.is_a?(::Hash) credentials = Credentials.new credentials, scope: @config.scope end @quota_project_id = @config.quota_project @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id @iam_policy_stub = ::Gapic::ServiceStub.new( ::Google::Iam::V1::IAMPolicy::Stub, credentials: credentials, endpoint: @config.endpoint, endpoint_template: DEFAULT_ENDPOINT_TEMPLATE, universe_domain: @config.universe_domain, channel_args: @config.channel_args, interceptors: @config.interceptors, channel_pool_config: @config.channel_pool ) end |
Class Method Details
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
See Configuration for a description of the configuration fields.
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 83 def self.configure @configure ||= begin namespace = ["Google", "Iam", "V1"] parent_config = while namespace.any? parent_name = namespace.join "::" parent_const = const_get parent_name break parent_const.configure if parent_const.respond_to? :configure namespace.pop end default_config = Client::Configuration.new parent_config default_config end yield @configure if block_given? @configure end |
Instance Method Details
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on configure.
See Configuration for a description of the configuration fields.
115 116 117 118 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 115 def configure yield @config if block_given? @config end |
#get_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #get_iam_policy(resource: nil, options: nil) ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 338 def get_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.get_iam_policy..to_h # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Iam::V1::VERSION [:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty? [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs.get_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.get_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :get_iam_policy, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#set_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #set_iam_policy(resource: nil, policy: nil, update_mask: nil) ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource. Replaces any existing policy.
Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 246 def set_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.set_iam_policy..to_h # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Iam::V1::VERSION [:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty? [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs.set_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.set_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :set_iam_policy, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#test_iam_permissions(request, options = nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse #test_iam_permissions(resource: nil, permissions: nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
If the resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND
error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 436 def request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs...to_h # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Iam::V1::VERSION [:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty? [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs..timeout, metadata: , retry_policy: @config.rpcs..retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :test_iam_permissions, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#universe_domain ⇒ String
The effective universe domain
125 126 127 |
# File 'lib/google/iam/v1/iam_policy/client.rb', line 125 def universe_domain @iam_policy_stub.universe_domain end |