Class: Google::Iam::V3beta::PolicyBinding

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/iam/v3beta/policy_binding_resources.rb

Overview

IAM policy binding resource.

Defined Under Namespace

Modules: PolicyKind Classes: AnnotationsEntry, Target

Instance Attribute Summary collapse

Instance Attribute Details

#annotations::Google::Protobuf::Map{::String => ::String}

Returns Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations.

Returns:



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#condition::Google::Type::Expr

Returns Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.

The condition is currently only supported when bound to policies of kind principal access boundary.

When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == '[email protected]'".

Allowed operations for principal.subject:

  • principal.subject == <principal subject string>
  • principal.subject != <principal subject string>
  • principal.subject in [<list of principal subjects>]
  • principal.subject.startsWith(<string>)
  • principal.subject.endsWith(<string>)

Allowed operations for principal.type:

  • principal.type == <principal type string>
  • principal.type != <principal type string>
  • principal.type in [<list of principal types>]

Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:

  • iam.googleapis.com/WorkspaceIdentity
  • iam.googleapis.com/WorkforcePoolIdentity
  • iam.googleapis.com/WorkloadPoolIdentity
  • iam.googleapis.com/ServiceAccount.

Returns:

  • (::Google::Type::Expr)

    Optional. The condition to apply to the policy binding. When set, the expression field in the Expr must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.

    The condition is currently only supported when bound to policies of kind principal access boundary.

    When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type and principal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == '[email protected]'".

    Allowed operations for principal.subject:

    • principal.subject == <principal subject string>
    • principal.subject != <principal subject string>
    • principal.subject in [<list of principal subjects>]
    • principal.subject.startsWith(<string>)
    • principal.subject.endsWith(<string>)

    Allowed operations for principal.type:

    • principal.type == <principal type string>
    • principal.type != <principal type string>
    • principal.type in [<list of principal types>]

    Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:

    • iam.googleapis.com/WorkspaceIdentity
    • iam.googleapis.com/WorkforcePoolIdentity
    • iam.googleapis.com/WorkloadPoolIdentity
    • iam.googleapis.com/ServiceAccount


116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#create_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The time when the policy binding was created.

Returns:



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#display_name::String

Returns Optional. The description of the policy binding. Must be less than or equal to 63 characters.

Returns:

  • (::String)

    Optional. The description of the policy binding. Must be less than or equal to 63 characters.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#etag::String

Returns Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.

Returns:

  • (::String)

    Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#name::String

Returns Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.

Format:

  • projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
  • projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
  • folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
  • organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}.

Returns:

  • (::String)

    Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.

    Format:

    • projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
    • projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
    • folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
    • organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}


116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#policy::String

Returns Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.

Returns:

  • (::String)

    Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#policy_kind::Google::Iam::V3beta::PolicyBinding::PolicyKind

Returns Immutable. The kind of the policy to attach in this binding. This field must be one of the following:

  • Left empty (will be automatically set to the policy kind)
  • The input policy kind.

Returns:



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#policy_uid::String (readonly)

Returns Output only. The globally unique ID of the policy to be bound.

Returns:

  • (::String)

    Output only. The globally unique ID of the policy to be bound.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#target::Google::Iam::V3beta::PolicyBinding::Target

Returns Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.

Returns:



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#uid::String (readonly)

Returns Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.

Returns:

  • (::String)

    Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end

#update_time::Google::Protobuf::Timestamp (readonly)

Returns Output only. The time when the policy binding was most recently updated.

Returns:



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'proto_docs/google/iam/v3beta/policy_binding_resources.rb', line 116

class PolicyBinding
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Target is the full resource name of the resource to which the policy will
  # be bound. Immutable once set.
  # @!attribute [rw] principal_set
  #   @return [::String]
  #     Immutable. Full Resource Name used for principal access boundary policy
  #     bindings. The principal set must be directly parented by the policy
  #     binding's parent or same as the parent if the target is a
  #     project/folder/organization.
  #
  #     Examples:
  #     * For binding's parented by an organization:
  #       * Organization:
  #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
  #       * Workforce Identity:
  #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
  #       * Workspace Identity:
  #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
  #     * For binding's parented by a folder:
  #       * Folder:
  #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
  #     * For binding's parented by a project:
  #       * Project:
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
  #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
  #       * Workload Identity Pool:
  #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
  class Target
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class AnnotationsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Different policy kinds supported in this binding.
  module PolicyKind
    # Unspecified policy kind; Not a valid state
    POLICY_KIND_UNSPECIFIED = 0

    # Principal access boundary policy kind
    PRINCIPAL_ACCESS_BOUNDARY = 1
  end
end