Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.

A Policy is a collection of bindings. A binding binds one or more
members to a single role. Members can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users). A binding can
optionally specify a condition, which is a logic expression that further
constrains the role binding based on attributes about the request and/or
target resource.
JSON Example

{
  "bindings": [
    {
      "role": "roles/resourcemanager.organizationAdmin",
      "members": [
        "user:mike@example.com",
        "group:admins@example.com",
        "domain:google.com",
        "serviceAccount:my-project-id@appspot.gserviceaccount.com"
      ]
    },
    {
      "role": "roles/resourcemanager.organizationViewer",
      "members": ["user:eve@example.com"],
      "condition": {
        "title": "expirable access",
        "description": "Does not grant access after Sep 2020",
        "expression": "request.time <
        timestamp('2020-10-01T00:00:00.000Z')",
      }
    }
  ]
}

YAML Example

bindings:
- members:
  - user:mike&#64;example.com
  - group:admins&#64;example.com
  - domain:google.com
  - serviceAccount:my-project-id&#64;appspot.gserviceaccount.com
  role: roles/resourcemanager.organizationAdmin
- members:
  - user:eve&#64;example.com
  role: roles/resourcemanager.organizationViewer
  condition:
    title: expirable access
    description: Does not grant access after Sep 2020
    expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

For a description of IAM and its features, see the
IAM developer's guide.

Generated from protobuf message google.iam.v1.Policy

CloneableInstantiable
ExtendsGoogle\Protobuf\Internal\Message
Methods
public __construct( $data = NULL)
 
Constructor.

    public Google\Protobuf\Internal\Message::byteSize()
     


    • ignore
    public Google\Protobuf\Internal\Message::clear()
    public Google\Protobuf\Internal\Message::discardUnknownFields()
    public getBindings()
     
    Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect.

    bindings with no members will result in an error.

    Generated from protobuf field repeated .google.iam.v1.Binding bindings = 4;

    public getEtag()
     
    `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

    It is strongly suggested that systems make use of the etag in the
    read-modify-write cycle to perform policy updates in order to avoid race
    conditions: An etag is returned in the response to getIamPolicy, and
    systems are expected to put that etag in the request to setIamPolicy to
    ensure that their change will be applied to the same version of the policy.
    If no etag is provided in the call to setIamPolicy, then the existing
    policy is overwritten. Due to blind-set semantics of an etag-less policy,
    'setIamPolicy' will not fail even if the incoming policy version does not
    meet the requirements for modifying the stored policy.

    Generated from protobuf field bytes etag = 3;

    • return string
    public getVersion()
     
    Specifies the format of the policy.

    Valid values are 0, 1, and 3. Requests specifying an invalid value will be
    rejected.
    Operations affecting conditional bindings must specify version 3. This can
    be either setting a conditional policy, modifying a conditional binding,
    or removing a binding (conditional or unconditional) from the stored
    conditional policy.
    Operations on non-conditional policies may specify any valid value or
    leave the field unset.
    If no etag is provided in the call to setIamPolicy, version compliance
    checks against the stored policy is skipped.

    Generated from protobuf field int32 version = 1;

    • return int
    public Google\Protobuf\Internal\Message::jsonByteSize()
     


    • ignore
    public Google\Protobuf\Internal\Message::mergeFrom( $msg)
    public Google\Protobuf\Internal\Message::mergeFromJsonString( $data)
    public Google\Protobuf\Internal\Message::mergeFromString( $data)
    public Google\Protobuf\Internal\Message::parseFromJsonStream( $input)
     


    • ignore
    public Google\Protobuf\Internal\Message::parseFromStream( $input)
     


    • ignore
    public Google\Protobuf\Internal\Message::serializeToJsonStream( $output)
     


    • ignore
    public Google\Protobuf\Internal\Message::serializeToJsonString()
     
    Serialize the message to json string.

    • return string Serialized json protobuf data.
    public Google\Protobuf\Internal\Message::serializeToStream( $output)
     


    • ignore
    public Google\Protobuf\Internal\Message::serializeToString()
     
    Serialize the message to string.

    • return string Serialized binary protobuf data.
    public setBindings( $var)
     
    Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect.

    bindings with no members will result in an error.

    Generated from protobuf field repeated .google.iam.v1.Binding bindings = 4;

    • return $this
    public setEtag( $var)
     
    `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

    It is strongly suggested that systems make use of the etag in the
    read-modify-write cycle to perform policy updates in order to avoid race
    conditions: An etag is returned in the response to getIamPolicy, and
    systems are expected to put that etag in the request to setIamPolicy to
    ensure that their change will be applied to the same version of the policy.
    If no etag is provided in the call to setIamPolicy, then the existing
    policy is overwritten. Due to blind-set semantics of an etag-less policy,
    'setIamPolicy' will not fail even if the incoming policy version does not
    meet the requirements for modifying the stored policy.

    Generated from protobuf field bytes etag = 3;

    • return $this
    public setVersion( $var)
     
    Specifies the format of the policy.

    Valid values are 0, 1, and 3. Requests specifying an invalid value will be
    rejected.
    Operations affecting conditional bindings must specify version 3. This can
    be either setting a conditional policy, modifying a conditional binding,
    or removing a binding (conditional or unconditional) from the stored
    conditional policy.
    Operations on non-conditional policies may specify any valid value or
    leave the field unset.
    If no etag is provided in the call to setIamPolicy, version compliance
    checks against the stored policy is skipped.

    Generated from protobuf field int32 version = 1;

    • return $this
    Methods
    protected Google\Protobuf\Internal\Message::mergeFromArray(array $array)
    protected Google\Protobuf\Internal\Message::mergeFromJsonArray( $array)
    protected Google\Protobuf\Internal\Message::readOneof( $number)
    protected Google\Protobuf\Internal\Message::readWrapperValue( $member)
    protected Google\Protobuf\Internal\Message::whichOneof( $oneof_name)
    protected Google\Protobuf\Internal\Message::writeOneof( $number, $value)
    protected Google\Protobuf\Internal\Message::writeWrapperValue( $member, $value)
    Properties
    private $bindings
     
    Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect.

    bindings with no members will result in an error.

    Generated from protobuf field repeated .google.iam.v1.Binding bindings = 4;

    private $etag
     
    `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

    It is strongly suggested that systems make use of the etag in the
    read-modify-write cycle to perform policy updates in order to avoid race
    conditions: An etag is returned in the response to getIamPolicy, and
    systems are expected to put that etag in the request to setIamPolicy to
    ensure that their change will be applied to the same version of the policy.
    If no etag is provided in the call to setIamPolicy, then the existing
    policy is overwritten. Due to blind-set semantics of an etag-less policy,
    'setIamPolicy' will not fail even if the incoming policy version does not
    meet the requirements for modifying the stored policy.

    Generated from protobuf field bytes etag = 3;

    private $version
     
    Specifies the format of the policy.

    Valid values are 0, 1, and 3. Requests specifying an invalid value will be
    rejected.
    Operations affecting conditional bindings must specify version 3. This can
    be either setting a conditional policy, modifying a conditional binding,
    or removing a binding (conditional or unconditional) from the stored
    conditional policy.
    Operations on non-conditional policies may specify any valid value or
    leave the field unset.
    If no etag is provided in the call to setIamPolicy, version compliance
    checks against the stored policy is skipped.

    Generated from protobuf field int32 version = 1;

    Methods
    private Google\Protobuf\Internal\Message::appendHelper( $field, $append_value)
    private Google\Protobuf\Internal\Message::convertJsonValueToProtoValue( $value, $field, $is_map_key = false)
    private Google\Protobuf\Internal\Message::defaultValue( $field)
     


    • ignore
    private Google\Protobuf\Internal\Message::existField( $field)
     


    • ignore
    private Google\Protobuf\Internal\Message::fieldByteSize( $field)
     


    • ignore
    private Google\Protobuf\Internal\Message::fieldDataOnlyByteSize( $field, $value)
     


    • ignore
    private Google\Protobuf\Internal\Message::fieldDataOnlyJsonByteSize( $field, $value)
     


    • ignore
    private Google\Protobuf\Internal\Message::fieldJsonByteSize( $field)
     


    • ignore
    private Google\Protobuf\Internal\Message::initWithDescriptor(Google\Protobuf\Internal\Descriptor $desc)
     


    • ignore
    private Google\Protobuf\Internal\Message::initWithGeneratedPool()
     


    • ignore
    private Google\Protobuf\Internal\Message::kvUpdateHelper( $field, $update_key, $update_value)
    private Google\Protobuf\Internal\Message::mergeFromArrayJsonImpl( $array)
    private static Google\Protobuf\Internal\Message::normalizeArrayElementsToMessageType( $value, $class)
     
    Tries to normalize the elements in $value into a provided protobuf wrapper type $class. If $value is any type other than array, we do not do any conversion, and instead rely on the existing protobuf type checking. If $value is an array, we process each element and try to convert it to an instance of $class.

      private static Google\Protobuf\Internal\Message::normalizeToMessageType( $value, $class)
       
      Tries to normalize $value into a provided protobuf wrapper type $class.

      If $value is any type other than an object, we attempt to construct an
      instance of $class and assign $value to it using the setValue method
      shared by all wrapper types.

      This method will raise an error if it receives a type that cannot be
      assigned to the wrapper type via setValue.

        private Google\Protobuf\Internal\Message::parseFieldFromStream( $tag, $input, $field)
         


        • ignore
        private static Google\Protobuf\Internal\Message::parseFieldFromStreamNoTag( $input, $field, $value)
         


        • ignore
        private Google\Protobuf\Internal\Message::repeatedFieldDataOnlyByteSize( $field)
         


        • ignore
        private Google\Protobuf\Internal\Message::serializeFieldToJsonStream( $output, $field)
         


        • ignore
        private Google\Protobuf\Internal\Message::serializeFieldToStream( $output, $field)
         


        • ignore
        private Google\Protobuf\Internal\Message::serializeMapFieldToStream( $field, $output)
         


        • ignore
        private Google\Protobuf\Internal\Message::serializeRepeatedFieldToStream( $field, $output)
         


        • ignore
        private Google\Protobuf\Internal\Message::serializeSingularFieldToStream( $field, $output)
         


        • ignore
        private Google\Protobuf\Internal\Message::skipField( $input, $tag)
         


        • ignore
        Methods
        private static Google\Protobuf\Internal\Message::normalizeArrayElementsToMessageType( $value, $class)
         
        Tries to normalize the elements in $value into a provided protobuf wrapper type $class. If $value is any type other than array, we do not do any conversion, and instead rely on the existing protobuf type checking. If $value is an array, we process each element and try to convert it to an instance of $class.

          private static Google\Protobuf\Internal\Message::normalizeToMessageType( $value, $class)
           
          Tries to normalize $value into a provided protobuf wrapper type $class.

          If $value is any type other than an object, we attempt to construct an
          instance of $class and assign $value to it using the setValue method
          shared by all wrapper types.

          This method will raise an error if it receives a type that cannot be
          assigned to the wrapper type via setValue.

            private static Google\Protobuf\Internal\Message::parseFieldFromStreamNoTag( $input, $field, $value)
             


            • ignore
            © 2020 Bruce Wells
            Search Namespaces \ Classes
            ConfigurationNumbers (0-9.) only