Reference documentation and code samples for the Identity and Access Management (IAM) V3BETA API class Google::Iam::V3beta::PolicyBinding.
IAM policy binding resource.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#annotations
def annotations() -> ::Google::Protobuf::Map{::String => ::String}- (::Google::Protobuf::Map{::String => ::String}) — Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
#annotations=
def annotations=(value) -> ::Google::Protobuf::Map{::String => ::String}- value (::Google::Protobuf::Map{::String => ::String}) — Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
- (::Google::Protobuf::Map{::String => ::String}) — Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
#condition
def condition() -> ::Google::Type::Expr-
(::Google::Type::Expr) —
Optional. The condition to apply to the policy binding. When set, the
expressionfield in theExprmust include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.The condition is currently only supported when bound to policies of kind principal access boundary.
When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are
principal.typeandprincipal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'".Allowed operations for
principal.subject:principal.subject == <principal subject string>principal.subject != <principal subject string>principal.subject in [<list of principal subjects>]principal.subject.startsWith(<string>)principal.subject.endsWith(<string>)
Allowed operations for
principal.type:principal.type == <principal type string>principal.type != <principal type string>principal.type in [<list of principal types>]
Supported principal types are workspace, workforce pool, workload pool, service account, and Agent Identity. Allowed string must be one of:
iam.googleapis.com/WorkspaceIdentityiam.googleapis.com/WorkforcePoolIdentityiam.googleapis.com/WorkloadPoolIdentityiam.googleapis.com/ServiceAccountiam.googleapis.com/AgentPoolIdentity(available in Preview)
#condition=
def condition=(value) -> ::Google::Type::Expr-
value (::Google::Type::Expr) —
Optional. The condition to apply to the policy binding. When set, the
expressionfield in theExprmust include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.The condition is currently only supported when bound to policies of kind principal access boundary.
When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are
principal.typeandprincipal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'".Allowed operations for
principal.subject:principal.subject == <principal subject string>principal.subject != <principal subject string>principal.subject in [<list of principal subjects>]principal.subject.startsWith(<string>)principal.subject.endsWith(<string>)
Allowed operations for
principal.type:principal.type == <principal type string>principal.type != <principal type string>principal.type in [<list of principal types>]
Supported principal types are workspace, workforce pool, workload pool, service account, and Agent Identity. Allowed string must be one of:
iam.googleapis.com/WorkspaceIdentityiam.googleapis.com/WorkforcePoolIdentityiam.googleapis.com/WorkloadPoolIdentityiam.googleapis.com/ServiceAccountiam.googleapis.com/AgentPoolIdentity(available in Preview)
-
(::Google::Type::Expr) —
Optional. The condition to apply to the policy binding. When set, the
expressionfield in theExprmust include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters.The condition is currently only supported when bound to policies of kind principal access boundary.
When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are
principal.typeandprincipal.subject. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'".Allowed operations for
principal.subject:principal.subject == <principal subject string>principal.subject != <principal subject string>principal.subject in [<list of principal subjects>]principal.subject.startsWith(<string>)principal.subject.endsWith(<string>)
Allowed operations for
principal.type:principal.type == <principal type string>principal.type != <principal type string>principal.type in [<list of principal types>]
Supported principal types are workspace, workforce pool, workload pool, service account, and Agent Identity. Allowed string must be one of:
iam.googleapis.com/WorkspaceIdentityiam.googleapis.com/WorkforcePoolIdentityiam.googleapis.com/WorkloadPoolIdentityiam.googleapis.com/ServiceAccountiam.googleapis.com/AgentPoolIdentity(available in Preview)
#create_time
def create_time() -> ::Google::Protobuf::Timestamp- (::Google::Protobuf::Timestamp) — Output only. The time when the policy binding was created.
#display_name
def display_name() -> ::String- (::String) — Optional. The description of the policy binding. Must be less than or equal to 63 characters.
#display_name=
def display_name=(value) -> ::String- value (::String) — Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- (::String) — Optional. The description of the policy binding. Must be less than or equal to 63 characters.
#etag
def etag() -> ::String- (::String) — Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
#etag=
def etag=(value) -> ::String- value (::String) — Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- (::String) — Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
#name
def name() -> ::String-
(::String) —
Identifier. The name of the policy binding, in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.Format:
projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
#name=
def name=(value) -> ::String-
value (::String) —
Identifier. The name of the policy binding, in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.Format:
projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
-
(::String) —
Identifier. The name of the policy binding, in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target.Format:
projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
#policy
def policy() -> ::String- (::String) — Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.
#policy=
def policy=(value) -> ::String- value (::String) — Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.
- (::String) — Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.
#policy_kind
def policy_kind() -> ::Google::Iam::V3beta::PolicyBinding::PolicyKind-
(::Google::Iam::V3beta::PolicyBinding::PolicyKind) —
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
#policy_kind=
def policy_kind=(value) -> ::Google::Iam::V3beta::PolicyBinding::PolicyKind-
value (::Google::Iam::V3beta::PolicyBinding::PolicyKind) —
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
-
(::Google::Iam::V3beta::PolicyBinding::PolicyKind) —
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
#policy_uid
def policy_uid() -> ::String- (::String) — Output only. The globally unique ID of the policy to be bound.
#target
def target() -> ::Google::Iam::V3beta::PolicyBinding::Target- (::Google::Iam::V3beta::PolicyBinding::Target) — Required. Immutable. The full resource name of the resource to which the policy will be bound. Immutable once set.
#target=
def target=(value) -> ::Google::Iam::V3beta::PolicyBinding::Target- value (::Google::Iam::V3beta::PolicyBinding::Target) — Required. Immutable. The full resource name of the resource to which the policy will be bound. Immutable once set.
- (::Google::Iam::V3beta::PolicyBinding::Target) — Required. Immutable. The full resource name of the resource to which the policy will be bound. Immutable once set.
#uid
def uid() -> ::String- (::String) — Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
#update_time
def update_time() -> ::Google::Protobuf::Timestamp- (::Google::Protobuf::Timestamp) — Output only. The time when the policy binding was most recently updated.