Helper class for creating valid IAM policies

Example:

use Google\Cloud\Core\Iam\PolicyBuilder;

$builder = new PolicyBuilder();
$builder->addBinding('roles/admin', [ 'user:admin@domain.com' ]);
$result = $builder->result();
CloneableInstantiable
Methods
public __construct(array $policy = [])
 

Create a PolicyBuilder.

To use conditions in the bindings, the version of the policy must be set
to 3.

  • see https://cloud.google.com/iam/docs/policies#versionsPolicy versioning
  • see https://cloud-dot-devsite.googleplex.com/storage/docs/access-control/using-iam-permissions#conditions-iamUsing Cloud IAM Conditions on buckets Example: ``` $policy = [ 'etag' => 'AgIc==', 'version' => 3, 'bindings' => [ [ 'role' => 'roles/admin', 'members' => [ 'user:admin@domain.com', 'user2:admin@domain.com' ], 'condition' => [ 'title' => 'match-prefix', 'description' => 'Applies to objects matching a prefix', 'expression' => 'resource.name.startsWith("projects/_/buckets/bucket-name/objects/prefix-a-")' ] ] ], ]; $builder = new PolicyBuilder($policy); ```
  • throws InvalidArgumentException
public addBinding( $role, array $members)
 

Add a new binding to the policy.

This method will fail with an InvalidOpereationException if it is
called on a Policy with a version greater than 1 as that indicates
a more complicated policy than this method is prepared to handle.
Changes to such policies must be made manually by the setBindings()
method.

Example:

$builder->addBinding('roles/admin', [ 'user:admin@domain.com' ]);
public removeBinding( $role, array $members)
 

Remove a binding from the policy.

This method will fail with a BadMethodCallException if it is
called on a Policy with a version greater than 1 as that indicates
a more complicated policy than this method is prepared to handle.
Changes to such policies must be made manually by the setBindings()
method.

Example:

$builder->setBindings([
    [
        'role' => 'roles/admin',
        'members' => [
            'user:admin@domain.com',
            'user2:admin@domain.com'
        ]
    ]
]);
$builder->removeBinding('roles/admin', [ 'user:admin@domain.com' ]);
public result()
 

Create a policy array with data in the correct format.

Example:

$policy = $builder->result();
  • return array An array of policy data
public setBindings(array $bindings = [])
 

Override all stored bindings on the policy.

Example:

$builder->setBindings([
    [
        'role' => 'roles/admin',
        'members' => [
            'user:admin@domain.com'
        ],
        'condition' => [
            'expression' =>
                'request.time < timestamp("2020-07-01T00:00:00.000Z")'
        ]
    ]
]);
public setEtag( $etag)
 

Update the etag on the policy.

Example:

$builder->setEtag($oldPolicy['etag']);
public setVersion( $version)
 

Update the version of the policy.

Example:

$builder->setVersion(1);
Properties
private $bindings
 
  • var array
private $etag
 
  • var string
private $version
 
  • var int
Methods
private validateConditions()
private validatePolicyVersion()
© 2020 Bruce Wells
Search Namespaces \ Classes
ConfigurationNumbers (0-9.) only