target.apidocs.com.google.api.services.servicemanagement.model.Policy.html Maven / Gradle / Ivy
Policy (Service Management API v1-rev20240823-2.0.0)
com.google.api.services.servicemanagement.model
Class Policy
- java.lang.Object
-
- java.util.AbstractMap<String,Object>
-
- com.google.api.client.util.GenericData
-
- com.google.api.client.json.GenericJson
-
- com.google.api.services.servicemanagement.model.Policy
-
public final class Policy
extends com.google.api.client.json.GenericJson
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud
resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or
principals, to a single `role`. Principals can be user accounts, service accounts, Google groups,
and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM
predefined role or a user-created custom role. For some types of Google Cloud resources, a
`binding` can also specify a `condition`, which is a logical expression that allows access to a
resource only if the expression evaluates to `true`. A condition can add constraints based on
attributes of the request, the resource, or both. To learn which resources support conditions in
their IAM policies, see the [IAM
documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:**
``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [
"user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:my-
[email protected]" ] }, { "role":
"roles/resourcemanager.organizationViewer", "members": [ "user:[email protected]" ], "condition": {
"title": "expirable access", "description": "Does not grant access after Sep 2020", "expression":
"request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version":
3 } ``` **YAML example:** ``` bindings: - members: - user:[email protected] -
group:[email protected] - domain:google.com - serviceAccount:my-project-
[email protected] role: roles/resourcemanager.organizationAdmin - members: -
user:[email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression: request.time <
timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM
and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
This is the Java data model class that specifies how to parse/serialize into the JSON that is
transmitted over HTTP when working with the Service Management API. For a detailed explanation
see:
https://developers.google.com/api-client-library/java/google-http-java-client/json
- Author:
- Google, Inc.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class com.google.api.client.util.GenericData
com.google.api.client.util.GenericData.Flags
-
Nested classes/interfaces inherited from class java.util.AbstractMap
AbstractMap.SimpleEntry<K,V>, AbstractMap.SimpleImmutableEntry<K,V>
-
Constructor Summary
Constructors
Constructor and Description
Policy()
-
Method Summary
All Methods Instance Methods Concrete Methods
Modifier and Type
Method and Description
Policy
clone()
byte[]
decodeEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other.
Policy
encodeEtag(byte[] etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other.
List<AuditConfig>
getAuditConfigs()
Specifies cloud audit logging configuration for this policy.
List<Binding>
getBindings()
Associates a list of `members`, or principals, with a `role`.
String
getEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other.
Integer
getVersion()
Specifies the format of the policy.
Policy
set(String fieldName,
Object value)
Policy
setAuditConfigs(List<AuditConfig> auditConfigs)
Specifies cloud audit logging configuration for this policy.
Policy
setBindings(List<Binding> bindings)
Associates a list of `members`, or principals, with a `role`.
Policy
setEtag(String etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other.
Policy
setVersion(Integer version)
Specifies the format of the policy.
-
Methods inherited from class com.google.api.client.json.GenericJson
getFactory, setFactory, toPrettyString, toString
-
Methods inherited from class com.google.api.client.util.GenericData
entrySet, equals, get, getClassInfo, getUnknownKeys, hashCode, put, putAll, remove, setUnknownKeys
-
Methods inherited from class java.util.AbstractMap
clear, containsKey, containsValue, isEmpty, keySet, size, values
-
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface java.util.Map
compute, computeIfAbsent, computeIfPresent, forEach, getOrDefault, merge, putIfAbsent, remove, replace, replace, replaceAll
-
-
Method Detail
-
getAuditConfigs
public List<AuditConfig> getAuditConfigs()
Specifies cloud audit logging configuration for this policy.
- Returns:
- value or
null
for none
-
setAuditConfigs
public Policy setAuditConfigs(List<AuditConfig> auditConfigs)
Specifies cloud audit logging configuration for this policy.
- Parameters:
auditConfigs
- auditConfigs or null
for none
-
getBindings
public List<Binding> getBindings()
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
`condition` that determines how and when the `bindings` are applied. Each of the `bindings`
must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
counts towards these limits. For example, if the `bindings` grant 50 different roles to
`user:[email protected]`, and not to any other principal, then you can add another 1,450
principals to the `bindings` in the `Policy`.
- Returns:
- value or
null
for none
-
setBindings
public Policy setBindings(List<Binding> bindings)
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
`condition` that determines how and when the `bindings` are applied. Each of the `bindings`
must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
counts towards these limits. For example, if the `bindings` grant 50 different roles to
`user:[email protected]`, and not to any other principal, then you can add another 1,450
principals to the `bindings` in the `Policy`.
- Parameters:
bindings
- bindings or null
for none
-
getEtag
public String getEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other. It is strongly suggested that systems make use of the
`etag` in the read-modify-write cycle to perform policy updates in order to avoid race
conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
to the same version of the policy. **Important:** If you use IAM Conditions, you must include
the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
version `3` policy are lost.
- Returns:
- value or
null
for none
- See Also:
decodeEtag()
-
decodeEtag
public byte[] decodeEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other. It is strongly suggested that systems make use of the
`etag` in the read-modify-write cycle to perform policy updates in order to avoid race
conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
to the same version of the policy. **Important:** If you use IAM Conditions, you must include
the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
version `3` policy are lost.
- Returns:
- Base64 decoded value or
null
for none
- Since:
- 1.14
- See Also:
getEtag()
-
setEtag
public Policy setEtag(String etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other. It is strongly suggested that systems make use of the
`etag` in the read-modify-write cycle to perform policy updates in order to avoid race
conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
to the same version of the policy. **Important:** If you use IAM Conditions, you must include
the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
version `3` policy are lost.
- Parameters:
etag
- etag or null
for none
- See Also:
#encodeEtag()
-
encodeEtag
public Policy encodeEtag(byte[] etag)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
of a policy from overwriting each other. It is strongly suggested that systems make use of the
`etag` in the read-modify-write cycle to perform policy updates in order to avoid race
conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
to the same version of the policy. **Important:** If you use IAM Conditions, you must include
the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
version `3` policy are lost.
- Since:
- 1.14
- See Also:
The value is encoded Base64 or {@code null} for none.
-
getVersion
public Integer getVersion()
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
an invalid value are rejected. Any operation that affects conditional role bindings must
specify version `3`. This requirement applies to the following operations: * Getting a policy
that includes a conditional role binding * Adding a conditional role binding to a policy *
Changing a conditional role binding in a policy * Removing any role binding, with or without a
condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
conditions in the version `3` policy are lost. If a policy does not include any conditions,
operations on that policy may specify any valid version or leave the field unset. To learn
which resources support conditions in their IAM policies, see the [IAM
documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
- Returns:
- value or
null
for none
-
setVersion
public Policy setVersion(Integer version)
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
an invalid value are rejected. Any operation that affects conditional role bindings must
specify version `3`. This requirement applies to the following operations: * Getting a policy
that includes a conditional role binding * Adding a conditional role binding to a policy *
Changing a conditional role binding in a policy * Removing any role binding, with or without a
condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
conditions in the version `3` policy are lost. If a policy does not include any conditions,
operations on that policy may specify any valid version or leave the field unset. To learn
which resources support conditions in their IAM policies, see the [IAM
documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
- Parameters:
version
- version or null
for none
-
set
public Policy set(String fieldName,
Object value)
- Overrides:
set
in class com.google.api.client.json.GenericJson
-
clone
public Policy clone()
- Overrides:
clone
in class com.google.api.client.json.GenericJson
Copyright © 2011–2024 Google. All rights reserved.
© 2015 - 2024 Weber Informatics LLC | Privacy Policy