Reference documentation and code samples for the Google Cloud Iam V3 Client class PolicyBinding.
IAM policy binding resource.
Generated from protobuf message google.iam.v3.PolicyBinding
Namespace
Google \ Cloud \ Iam \ V3Methods
__construct
Constructor.
data
array
Optional. Data for populating the Message object.
↳ name
string
Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format: * * projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}
* * projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}
* * folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}
* * organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
↳ uid
string
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
↳ etag
string
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
↳ display_name
string
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
↳ annotations
array| Google\Protobuf\Internal\MapField
Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
↳ target
PolicyBinding\Target
Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
↳ policy_kind
int
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind
↳ policy
string
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.
↳ policy_uid
string
Output only. The globally unique ID of the policy to be bound.
↳ condition
Google\Type\Expr
Optional. The condition to apply to the policy binding. When set, the expression
field in the Expr
must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters. The condition is currently only supported when bound to policies of kind principal access boundary. When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are principal.type
and principal.subject
. An example expression is: "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject == 'bob@example.com'". Allowed operations for principal.subject
: - principal.subject == <principal subject string>
- principal.subject != <principal subject string>
- principal.subject in [<list of principal subjects>]
- principal.subject.startsWith(<string>)
- principal.subject.endsWith(<string>)
Allowed operations for principal.type
: - principal.type == <principal type string>
- principal.type != <principal type string>
- principal.type in [<list of principal types>]
Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of: - iam.googleapis.com/WorkspaceIdentity - iam.googleapis.com/WorkforcePoolIdentity - iam.googleapis.com/WorkloadPoolIdentity - iam.googleapis.com/ServiceAccount
↳ create_time
↳ update_time
getName
Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
.
The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format:
-
projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id} -
projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id} -
folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id} -
organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
string
setName
Identifier. The name of the policy binding, in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
.
The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format:
-
projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id} -
projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id} -
folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id} -
organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}
var
string
$this
getUid
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
string
setUid
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
var
string
$this
getEtag
Optional. The etag for the policy binding.
If this is provided on update, it must match the server's etag.
string
setEtag
Optional. The etag for the policy binding.
If this is provided on update, it must match the server's etag.
var
string
$this
getDisplayName
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
string
setDisplayName
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
var
string
$this
getAnnotations
Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
setAnnotations
Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
$this
getTarget
Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
hasTarget
clearTarget
setTarget
Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
$this
getPolicyKind
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
setPolicyKind
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
- Left empty (will be automatically set to the policy kind)
- The input policy kind
$this
getPolicy
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.
string
setPolicy
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.
var
string
$this
getPolicyUid
Output only. The globally unique ID of the policy to be bound.
string
setPolicyUid
Output only. The globally unique ID of the policy to be bound.
var
string
$this
getCondition
Optional. The condition to apply to the policy binding. When set, the expression
field in the Expr
must include from 1 to 10 subexpressions,
joined by the
"||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and
cannot contain more than 250 characters.
The condition is currently only supported when bound to policies of kind
principal access boundary.
When the bound policy is a principal access boundary policy, the only
supported attributes in any subexpression are principal.type
and principal.subject
. An example expression is: "principal.type ==
'iam.googleapis.com/ServiceAccount'" or "principal.subject ==
'bob@example.com'".
Allowed operations for principal.subject
:
-
principal.subject == <principal subject string> -
principal.subject != <principal subject string> -
principal.subject in [<list of principal subjects>] -
principal.subject.startsWith(<string>) -
principal.subject.endsWith(<string>)Allowed operations forprincipal.type: -
principal.type == <principal type string> -
principal.type != <principal type string> -
principal.type in [<list of principal types>]Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of: - iam.googleapis.com/WorkspaceIdentity
- iam.googleapis.com/WorkforcePoolIdentity
- iam.googleapis.com/WorkloadPoolIdentity
- iam.googleapis.com/ServiceAccount
hasCondition
clearCondition
setCondition
Optional. The condition to apply to the policy binding. When set, the expression
field in the Expr
must include from 1 to 10 subexpressions,
joined by the
"||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and
cannot contain more than 250 characters.
The condition is currently only supported when bound to policies of kind
principal access boundary.
When the bound policy is a principal access boundary policy, the only
supported attributes in any subexpression are principal.type
and principal.subject
. An example expression is: "principal.type ==
'iam.googleapis.com/ServiceAccount'" or "principal.subject ==
'bob@example.com'".
Allowed operations for principal.subject
:
-
principal.subject == <principal subject string> -
principal.subject != <principal subject string> -
principal.subject in [<list of principal subjects>] -
principal.subject.startsWith(<string>) -
principal.subject.endsWith(<string>)Allowed operations forprincipal.type: -
principal.type == <principal type string> -
principal.type != <principal type string> -
principal.type in [<list of principal types>]Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of: - iam.googleapis.com/WorkspaceIdentity
- iam.googleapis.com/WorkforcePoolIdentity
- iam.googleapis.com/WorkloadPoolIdentity
- iam.googleapis.com/ServiceAccount
$this
getCreateTime
Output only. The time when the policy binding was created.
hasCreateTime
clearCreateTime
setCreateTime
Output only. The time when the policy binding was created.
$this
getUpdateTime
Output only. The time when the policy binding was most recently updated.
hasUpdateTime
clearUpdateTime
setUpdateTime
Output only. The time when the policy binding was most recently updated.
$this
