Class: Google::Cloud::PubSub::V1::IAMPolicy::Client
- Inherits:
-
Object
- Object
- Google::Cloud::PubSub::V1::IAMPolicy::Client
- Defined in:
- lib/google/cloud/pubsub/v1/iam_policy/client.rb
Overview
Client for the IAMPolicy service.
API Overview
Manages Identity and Access Management (IAM) policies.
Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.
Data model
Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.
Policy Structure
See google.iam.v1.Policy
This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.
Defined Under Namespace
Classes: Configuration
Class Method Summary collapse
-
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
Instance Method Summary collapse
-
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
-
#get_iam_policy(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource.
-
#initialize {|config| ... } ⇒ Client
constructor
Create a new IAMPolicy client object.
-
#set_iam_policy(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource.
-
#test_iam_permissions(request, options = nil) {|response, operation| ... } ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource.
Constructor Details
#initialize {|config| ... } ⇒ Client
Create a new IAMPolicy client object.
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
# File 'lib/google/cloud/pubsub/v1/iam_policy/client.rb', line 131 def initialize # These require statements are intentionally placed here to initialize # the gRPC module only when it's required. # See https://github.com/googleapis/toolkit/issues/446 require "gapic/grpc" require "google/iam/v1/iam_policy_services_pb" # Create the configuration object @config = Configuration.new Client.configure # Yield the configuration if needed yield @config if block_given? # Create credentials credentials = @config.credentials # Use self-signed JWT if the endpoint is unchanged from default, # but only if the default endpoint does not have a region prefix. enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint && !@config.endpoint.split(".").first.include?("-") credentials ||= Credentials.default scope: @config.scope, enable_self_signed_jwt: enable_self_signed_jwt if credentials.is_a?(::String) || credentials.is_a?(::Hash) credentials = Credentials.new credentials, scope: @config.scope end @quota_project_id = @config.quota_project @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id @iam_policy_stub = ::Gapic::ServiceStub.new( ::Google::Iam::V1::IAMPolicy::Stub, credentials: credentials, endpoint: @config.endpoint, channel_args: @config.channel_args, interceptors: @config.interceptors ) end |
Class Method Details
.configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client class.
See Configuration for a description of the configuration fields.
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/google/cloud/pubsub/v1/iam_policy/client.rb', line 78 def self.configure @configure ||= begin namespace = ["Google", "Cloud", "PubSub", "V1"] parent_config = while namespace.any? parent_name = namespace.join "::" parent_const = const_get parent_name break parent_const.configure if parent_const.respond_to? :configure namespace.pop end default_config = Client::Configuration.new parent_config default_config end yield @configure if block_given? @configure end |
Instance Method Details
#configure {|config| ... } ⇒ Client::Configuration
Configure the IAMPolicy Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on configure.
See Configuration for a description of the configuration fields.
110 111 112 113 |
# File 'lib/google/cloud/pubsub/v1/iam_policy/client.rb', line 110 def configure yield @config if block_given? @config end |
#get_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #get_iam_policy(resource: nil, options: nil) ⇒ ::Google::Iam::V1::Policy
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 |
# File 'lib/google/cloud/pubsub/v1/iam_policy/client.rb', line 311 def get_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.get_iam_policy..to_h # Set x-goog-api-client and x-goog-user-project headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::PubSub::V1::VERSION [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs.get_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.get_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :get_iam_policy, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#set_iam_policy(request, options = nil) ⇒ ::Google::Iam::V1::Policy #set_iam_policy(resource: nil, policy: nil) ⇒ ::Google::Iam::V1::Policy
Sets the access control policy on the specified resource. Replaces any existing policy.
220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 |
# File 'lib/google/cloud/pubsub/v1/iam_policy/client.rb', line 220 def set_iam_policy request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs.set_iam_policy..to_h # Set x-goog-api-client and x-goog-user-project headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::PubSub::V1::VERSION [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs.set_iam_policy.timeout, metadata: , retry_policy: @config.rpcs.set_iam_policy.retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :set_iam_policy, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |
#test_iam_permissions(request, options = nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse #test_iam_permissions(resource: nil, permissions: nil) ⇒ ::Google::Iam::V1::TestIamPermissionsResponse
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 |
# File 'lib/google/cloud/pubsub/v1/iam_policy/client.rb', line 408 def request, = nil raise ::ArgumentError, "request must be provided" if request.nil? request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest # Converts hash and nil to an options object = ::Gapic::CallOptions.new(**.to_h) if .respond_to? :to_h # Customize the options with defaults = @config.rpcs...to_h # Set x-goog-api-client and x-goog-user-project headers [:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \ lib_name: @config.lib_name, lib_version: @config.lib_version, gapic_version: ::Google::Cloud::PubSub::V1::VERSION [:"x-goog-user-project"] = @quota_project_id if @quota_project_id header_params = {} if request.resource header_params["resource"] = request.resource end request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&") [:"x-goog-request-params"] ||= request_params_header .apply_defaults timeout: @config.rpcs..timeout, metadata: , retry_policy: @config.rpcs..retry_policy .apply_defaults timeout: @config.timeout, metadata: @config., retry_policy: @config.retry_policy @iam_policy_stub.call_rpc :test_iam_permissions, request, options: do |response, operation| yield response, operation if block_given? return response end rescue ::GRPC::BadStatus => e raise ::Google::Cloud::Error.from_error(e) end |