Class: Google::Cloud::Spanner::Policy
- Inherits:
-
Object
- Object
- Google::Cloud::Spanner::Policy
- Defined in:
- lib/google/cloud/spanner/policy.rb
Overview
# Policy
Represents a Cloud IAM Policy for the Spanner service.
A common pattern for updating a resource’s metadata, such as its Policy, is to read the current data from the service, update the data locally, and then send the modified data for writing. This pattern may result in a conflict if two or more processes attempt the sequence simultaneously. IAM solves this problem with the #etag property, which is used to verify whether the policy has changed since the last request. When you make a request to with an ‘etag` value, Cloud IAM compares the `etag` value in the request with the existing `etag` value associated with the policy. It writes the policy only if the `etag` values match.
When you update a policy, first read the policy (and its current ‘etag`) from the service, then modify the policy locally, and then write the modified policy to the service. See Instance#policy and Instance#policy= and Database#policy and Database#policy=.
Instance Attribute Summary collapse
-
#etag ⇒ String
Used to verify whether the policy has changed since the last request.
-
#roles ⇒ Hash{String => Array<String>}
The bindings that associate roles with an array of members.
Class Method Summary collapse
Instance Method Summary collapse
-
#add(role_name, member) ⇒ Object
Convenience method for adding a member to a binding on this policy.
-
#initialize(etag, roles) ⇒ Policy
constructor
A new instance of Policy.
-
#remove(role_name, member) ⇒ Object
Convenience method for removing a member from a binding on this policy.
-
#role(role_name) ⇒ Array<String>
Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in #roles.
- #to_grpc ⇒ Object
Constructor Details
#initialize(etag, roles) ⇒ Policy
Returns a new instance of Policy.
77 78 79 80 |
# File 'lib/google/cloud/spanner/policy.rb', line 77 def initialize etag, roles @etag = etag @roles = roles end |
Instance Attribute Details
#etag ⇒ String
Used to verify whether the policy has changed since the last request. The policy will be written only if the ‘etag` values match.
72 73 74 |
# File 'lib/google/cloud/spanner/policy.rb', line 72 def etag @etag end |
#roles ⇒ Hash{String => Array<String>}
The bindings that associate roles with an array of members. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Binding](cloud.google.com/spanner/reference/rpc/google.iam.v1#google.iam.v1.Binding) for a listing of values and patterns for members.
72 73 74 |
# File 'lib/google/cloud/spanner/policy.rb', line 72 def roles @roles end |
Class Method Details
.from_grpc(grpc) ⇒ Object
178 179 180 181 182 183 |
# File 'lib/google/cloud/spanner/policy.rb', line 178 def self.from_grpc grpc roles = grpc.bindings.each_with_object({}) do |binding, memo| memo[binding.role] = binding.members.to_a end new grpc.etag, roles end |
Instance Method Details
#add(role_name, member) ⇒ Object
Convenience method for adding a member to a binding on this policy. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Binding](cloud.google.com/spanner/reference/rpc/google.iam.v1#google.iam.v1.Binding) for a listing of values and patterns for members.
105 106 107 |
# File 'lib/google/cloud/spanner/policy.rb', line 105 def add role_name, member role(role_name) << member end |
#remove(role_name, member) ⇒ Object
Convenience method for removing a member from a binding on this policy. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Binding](cloud.google.com/spanner/reference/rpc/google.iam.v1#google.iam.v1.Binding) for a listing of values and patterns for members.
132 133 134 |
# File 'lib/google/cloud/spanner/policy.rb', line 132 def remove role_name, member role(role_name).delete member end |
#role(role_name) ⇒ Array<String>
Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in #roles. See [Understanding Roles](cloud.google.com/iam/docs/understanding-roles) for a listing of primitive and curated roles. See [Binding](cloud.google.com/spanner/reference/rpc/google.iam.v1#google.iam.v1.Binding) for a listing of values and patterns for members.
157 158 159 |
# File 'lib/google/cloud/spanner/policy.rb', line 157 def role role_name roles[role_name] ||= [] end |
#to_grpc ⇒ Object
163 164 165 166 167 168 169 170 171 172 173 174 |
# File 'lib/google/cloud/spanner/policy.rb', line 163 def to_grpc Google::Iam::V1::Policy.new( etag: etag, bindings: roles.keys.map do |role_name| next if roles[role_name].empty? Google::Iam::V1::Binding.new( role: role_name, members: roles[role_name] ) end ) end |