Reference documentation and code samples for the Cloud Pub/Sub API class Google::Cloud::PubSub::Policy.
Policy
Represents a Cloud IAM Policy for the Pub/Sub service.
A common pattern for updating a resource's metadata, such as its Policy,
is to read the current data from the service, update the data locally,
and then send the modified data for writing. This pattern may result in
a conflict if two or more processes attempt the sequence simultaneously.
IAM solves this problem with the #etag
property, which is used to verify whether the policy has changed since
the last request. When you make a request to with an etag
value, Cloud
IAM compares the etag
value in the request with the existing etag
value associated with the policy. It writes the policy only if the etag
values match.
When you update a policy, first read the policy (and its current etag
)
from the service, then modify the policy locally, and then write the
modified policy to the service. See Topic#policy
and Topic#policy=
.
Inherits
- Object
Example
require "google/cloud/pubsub" pubsub = Google :: Cloud :: PubSub . new topic = pubsub . topic "my-topic" topic . policy do | p | p . remove "roles/owner" , "user:owner@example.com" p . add "roles/owner" , "user:newowner@example.com" p . roles [ "roles/viewer" ] = [ "allUsers" ] end
Methods
#add
def
add
(
role_name
,
member
)
Convenience method for adding a member to a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Binding for a listing of values and patterns for members.
- role_name(String) — A Cloud IAM role, such as
"roles/pubsub.admin". - member(String) — A Cloud IAM identity, such as
"user:owner@example.com".
require "google/cloud/pubsub" pubsub = Google :: Cloud :: PubSub . new topic = pubsub . topic "my-topic" topic . policy do | p | p . add "roles/owner" , "user:newowner@example.com" end
#etag
def
etag
()
-
>
String
Used to verify whether the policy has changed since
the last request. The policy will be written only if the etag
values
match.
- (String) — the current value of etag
#etag=
def
etag=
(
value
)
-
>
String
Used to verify whether the policy has changed since
the last request. The policy will be written only if the etag
values
match.
- value(String) — the newly set value
- (String) — the newly set value
#remove
def
remove
(
role_name
,
member
)
Convenience method for removing a member from a binding on this policy. See Understanding Roles for a listing of primitive and curated roles. See Binding for a listing of values and patterns for members.
- role_name(String) — A Cloud IAM role, such as
"roles/pubsub.admin". - member(String) — A Cloud IAM identity, such as
"user:owner@example.com".
require "google/cloud/pubsub" pubsub = Google :: Cloud :: PubSub . new topic = pubsub . topic "my-topic" topic . policy do | p | p . remove "roles/owner" , "user:owner@example.com" end
#role
def
role
(
role_name
)
-
>
Array<String>
Convenience method returning the array of members bound to a role in this policy, or an empty array if no value is present for the role in #roles . See Understanding Roles for a listing of primitive and curated roles. See Binding for a listing of values and patterns for members.
- (Array<String>) — The members strings, or an empty array.
require "google/cloud/pubsub" pubsub = Google :: Cloud :: PubSub . new topic = pubsub . topic "my-topic" topic . policy do | p | p . role ( "roles/viewer" ) << "user:viewer@example.com" end
#roles
def
roles
()
-
>
Hash
{
String
=
>
Array<String>
}
The bindings that associate roles with an array of members. See Understanding Roles for a listing of primitive and curated roles. See Binding for a listing of values and patterns for members.
- (Hash{String => Array<String>}) — the current value of roles
#roles=
def
roles=
(
value
)
-
>
Hash
{
String
=
>
Array<String>
}
The bindings that associate roles with an array of members. See Understanding Roles for a listing of primitive and curated roles. See Binding for a listing of values and patterns for members.
- value(Hash{String => Array<String>}) — the newly set value
- (Hash{String => Array<String>}) — the newly set value
