Reference documentation and code samples for the Google Cloud PHP shared dependency, providing functionality useful to all components. Client class PolicyBuilder.
Helper class for creating valid IAM policies
Example:
use Google\Cloud\Core\Iam\PolicyBuilder;
$builder = new PolicyBuilder();
$builder->addBinding('roles/admin', [ 'user:admin@domain.com' ]);
$result = $builder->result();
Namespace
Google \ Cloud \ Core \ IamMethods
__construct
See also:
Example: ``` $policy = [ 'etag' => 'AgIc==', 'version' => 3, 'bindings' => [ [ 'role' => 'roles/admin', 'members' => [ 'user:admin@domain.com', 'user2:admin@domain.com' ], 'condition' => [ 'title' => 'match-prefix', 'description' => 'Applies to objects matching a prefix', 'expression' => 'resource.name.startsWith("projects/_/buckets/bucket-name/objects/prefix-a-")' ] ] ], ];
$builder = new PolicyBuilder($policy); ```
policy
array
A policy array
setBindings
Override all stored bindings on the policy.
Example:
$builder->setBindings([
[
'role' => 'roles/admin',
'members' => [
'user:admin@domain.com'
],
'condition' => [
'expression' =>
'request.time < timestamp("2020-07-01T00:00:00.000Z")'
]
]
]);
bindings
array
[optional] An array of bindings
addBinding
Add a new binding to the policy.
This method will fail with an InvalidOpereationException if it is called on a Policy with a version greater than 1 as that indicates a more complicated policy than this method is prepared to handle. Changes to such policies must be made manually by the setBindings() method.
Example:
$builder->addBinding('roles/admin', [ 'user:admin@domain.com' ]);
role
string
A valid role for the service
members
array
An array of members to assign to the binding
removeBinding
Remove a binding from the policy.
This method will fail with a BadMethodCallException if it is called on a Policy with a version greater than 1 as that indicates a more complicated policy than this method is prepared to handle. Changes to such policies must be made manually by the setBindings() method.
Example:
$builder->setBindings([
[
'role' => 'roles/admin',
'members' => [
'user:admin@domain.com',
'user2:admin@domain.com'
]
]
]);
$builder->removeBinding('roles/admin', [ 'user:admin@domain.com' ]);
role
string
A valid role for the service
members
array
An array of members to remove from the role
setEtag
Update the etag on the policy.
Example:
$builder->setEtag($oldPolicy['etag']);
etag
string
used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that updates to existing policies make use of the etag to avoid race conditions.
setVersion
Update the version of the policy.
Example:
$builder->setVersion(1);
version
int
Version of the Policy. Defaults to 0
.
result
Create a policy array with data in the correct format.
Example:
$policy = $builder->result();
array