target.apidocs.com.google.api.services.compute.model.Policy.html Maven / Gradle / Ivy

Go to download







Policy (Compute Engine API v1-rev20200104-1.30.8)











Skip navigation links




Overview
Package
Class
Use
Tree
Deprecated
Index
Help




Prev Class
Next Class


Frames
No Frames


All Classes






Summary: 
Nested | 
Field | 
Constr | 
Method


Detail: 
Field | 
Constr | 
Method








com.google.api.services.compute.model
Class Policy



java.lang.Object


java.util.AbstractMap<String,Object>


com.google.api.client.util.GenericData


com.google.api.client.json.GenericJson


com.google.api.services.compute.model.Policy













All Implemented Interfaces:
Cloneable, Map<String,Object>




public final class Policy
extends GenericJson
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud
 resources.

 A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single
 `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G
 Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a
 user-created custom role.

 Optionally, a `binding` can specify a `condition`, which is a logical expression that allows
 access to a resource only if the expression evaluates to `true`. A condition can add constraints
 based on attributes of the request, the resource, or both.

 **JSON example:**

 { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [
 "user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:my-
 [email protected]" ] }, { "role":
 "roles/resourcemanager.organizationViewer", "members": ["user:[email protected]"], "condition": {
 "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression":
 "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version":
 3 }

 **YAML example:**

 bindings: - members: - user:[email protected] - group:[email protected] - domain:google.com -
 serviceAccount:[email protected] role:
 roles/resourcemanager.organizationAdmin - members: - user:[email protected] role:
 roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not
 grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') -
 etag: BwWWja0YfJA= - version: 3

 For a description of IAM and its features, see the [IAM
 documentation](https://cloud.google.com/iam/docs/).

  This is the Java data model class that specifies how to parse/serialize into the JSON that is
 transmitted over HTTP when working with the Compute Engine API. For a detailed explanation see:
 https://developers.google.com/api-client-library/java/google-http-java-client/json
 

Author:
Google, Inc.












Nested Class Summary




Nested classes/interfaces inherited from class com.google.api.client.util.GenericData
GenericData.Flags





Nested classes/interfaces inherited from class java.util.AbstractMap
AbstractMap.SimpleEntry<K,V>, AbstractMap.SimpleImmutableEntry<K,V>





Nested classes/interfaces inherited from interface java.util.Map
Map.Entry<K,V>








Constructor Summary

Constructors 

Constructor and Description


Policy() 









Method Summary

All Methods Instance Methods Concrete Methods 

Modifier and Type
Method and Description


Policy
clone() 


byte[]
decodeEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other.



Policy
encodeEtag(byte[] etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other.



List<AuditConfig>
getAuditConfigs()
Specifies cloud audit logging configuration for this policy.



List<Binding>
getBindings()
Associates a list of `members` to a `role`.



String
getEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other.



Boolean
getIamOwned() 


List<Rule>
getRules()
If more than one rule is specified, the rules are applied in the following manner: - All
 matching LOG rules are always applied.



Integer
getVersion()
Specifies the format of the policy.



Policy
set(String fieldName,
   Object value) 


Policy
setAuditConfigs(List<AuditConfig> auditConfigs)
Specifies cloud audit logging configuration for this policy.



Policy
setBindings(List<Binding> bindings)
Associates a list of `members` to a `role`.



Policy
setEtag(String etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other.



Policy
setIamOwned(Boolean iamOwned) 


Policy
setRules(List<Rule> rules)
If more than one rule is specified, the rules are applied in the following manner: - All
 matching LOG rules are always applied.



Policy
setVersion(Integer version)
Specifies the format of the policy.







Methods inherited from class com.google.api.client.json.GenericJson
getFactory, setFactory, toPrettyString, toString





Methods inherited from class com.google.api.client.util.GenericData
entrySet, equals, get, getClassInfo, getUnknownKeys, hashCode, put, putAll, remove, setUnknownKeys





Methods inherited from class java.util.AbstractMap
clear, containsKey, containsValue, isEmpty, keySet, size, values





Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait





Methods inherited from interface java.util.Map
compute, computeIfAbsent, computeIfPresent, forEach, getOrDefault, merge, putIfAbsent, remove, replace, replace, replaceAll














Constructor Detail





Policy
public Policy()









Method Detail





getAuditConfigs
public List<AuditConfig> getAuditConfigs()
Specifies cloud audit logging configuration for this policy.

Returns:
value or null for none








setAuditConfigs
public Policy setAuditConfigs(List<AuditConfig> auditConfigs)
Specifies cloud audit logging configuration for this policy.

Parameters:
auditConfigs - auditConfigs or null for none








getBindings
public List<Binding> getBindings()
Associates a list of `members` to a `role`. Optionally, may specify a `condition` that
 determines how and when the `bindings` are applied. Each of the `bindings` must contain at
 least one member.

Returns:
value or null for none








setBindings
public Policy setBindings(List<Binding> bindings)
Associates a list of `members` to a `role`. Optionally, may specify a `condition` that
 determines how and when the `bindings` are applied. Each of the `bindings` must contain at
 least one member.

Parameters:
bindings - bindings or null for none








getEtag
public String getEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other. It is strongly suggested that systems make use of the
 `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
 conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
 to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
 to the same version of the policy.

 **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
 with a version `1` policy, and all of the conditions in the version `3` policy are lost.

Returns:
value or null for none
See Also:
decodeEtag()








decodeEtag
public byte[] decodeEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other. It is strongly suggested that systems make use of the
 `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
 conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
 to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
 to the same version of the policy.

 **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
 with a version `1` policy, and all of the conditions in the version `3` policy are lost.

Returns:
Base64 decoded value or null for none
Since:
1.14
See Also:
getEtag()








setEtag
public Policy setEtag(String etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other. It is strongly suggested that systems make use of the
 `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
 conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
 to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
 to the same version of the policy.

 **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
 with a version `1` policy, and all of the conditions in the version `3` policy are lost.

Parameters:
etag - etag or null for none
See Also:
#encodeEtag()








encodeEtag
public Policy encodeEtag(byte[] etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
 of a policy from overwriting each other. It is strongly suggested that systems make use of the
 `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
 conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
 to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
 to the same version of the policy.

 **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
 with a version `1` policy, and all of the conditions in the version `3` policy are lost.

Since:
1.14
See Also:

 The value is encoded Base64 or {@code null} for none.
 








getIamOwned
public Boolean getIamOwned()

Returns:
value or null for none








setIamOwned
public Policy setIamOwned(Boolean iamOwned)

Parameters:
iamOwned - iamOwned or null for none








getRules
public List<Rule> getRules()
If more than one rule is specified, the rules are applied in the following manner: - All
 matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is
 denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if
 any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or
 more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.

Returns:
value or null for none








setRules
public Policy setRules(List<Rule> rules)
If more than one rule is specified, the rules are applied in the following manner: - All
 matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is
 denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if
 any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or
 more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.

Parameters:
rules - rules or null for none








getVersion
public Integer getVersion()
Specifies the format of the policy.

 Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected.

 Any operation that affects conditional role bindings must specify version `3`. This requirement
 applies to the following operations:

 * Getting a policy that includes a conditional role binding * Adding a conditional role binding
 to a policy * Changing a conditional role binding in a policy * Removing any role binding, with
 or without a condition, from a policy that includes conditions

 **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
 with a version `1` policy, and all of the conditions in the version `3` policy are lost.

 If a policy does not include any conditions, operations on that policy may specify any valid
 version or leave the field unset.

Returns:
value or null for none








setVersion
public Policy setVersion(Integer version)
Specifies the format of the policy.

 Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected.

 Any operation that affects conditional role bindings must specify version `3`. This requirement
 applies to the following operations:

 * Getting a policy that includes a conditional role binding * Adding a conditional role binding
 to a policy * Changing a conditional role binding in a policy * Removing any role binding, with
 or without a condition, from a policy that includes conditions

 **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
 with a version `1` policy, and all of the conditions in the version `3` policy are lost.

 If a policy does not include any conditions, operations on that policy may specify any valid
 version or leave the field unset.

Parameters:
version - version or null for none








set
public Policy set(String fieldName,
                  Object value)

Overrides:
set in class GenericJson








clone
public Policy clone()

Overrides:
clone in class GenericJson














Skip navigation links




Overview
Package
Class
Use
Tree
Deprecated
Index
Help




Prev Class
Next Class


Frames
No Frames


All Classes






Summary: 
Nested | 
Field | 
Constr | 
Method


Detail: 
Field | 
Constr | 
Method






Copyright © 2011–2020 Google. All rights reserved.

Modifier and Type	Method and Description
`Policy`	`clone()`
`byte[]`	`decodeEtag()` `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
`Policy`	`encodeEtag(byte[] etag)` `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
`List<AuditConfig>`	`getAuditConfigs()` Specifies cloud audit logging configuration for this policy.
`List<Binding>`	`getBindings()` Associates a list of `members` to a `role`.
`String`	`getEtag()` `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
`Boolean`	`getIamOwned()`
`List<Rule>`	`getRules()` If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied.
`Integer`	`getVersion()` Specifies the format of the policy.
`Policy`	`set(String fieldName, Object value)`
`Policy`	`setAuditConfigs(List<AuditConfig> auditConfigs)` Specifies cloud audit logging configuration for this policy.
`Policy`	`setBindings(List<Binding> bindings)` Associates a list of `members` to a `role`.
`Policy`	`setEtag(String etag)` `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
`Policy`	`setIamOwned(Boolean iamOwned)`
`Policy`	`setRules(List<Rule> rules)` If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied.
`Policy`	`setVersion(Integer version)` Specifies the format of the policy.