com.pulumi.googlenative.storage.v1.outputs.ObjectIamPolicyBindingsItemResponse Maven / Gradle / Ivy
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.googlenative.storage.v1.outputs;
import com.pulumi.core.annotations.CustomType;
import com.pulumi.googlenative.storage.v1.outputs.ExprResponse;
import java.lang.String;
import java.util.List;
import java.util.Objects;
@CustomType
public final class ObjectIamPolicyBindingsItemResponse {
/**
* @return The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
*
*/
private ExprResponse condition;
/**
* @return A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
* - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
* - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
* - user:emailid — An email address that represents a specific account. For example, user:[email protected] or user:[email protected].
* - serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:[email protected] .
* - group:emailid — An email address that represents a Google group. For example, group:[email protected].
* - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
* - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
* - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
* - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
*
*/
private List members;
/**
* @return The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
* The new IAM roles are:
* - roles/storage.admin — Full control of Google Cloud Storage resources.
* - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
* - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
* - roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
* - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
* - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
* - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
* - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
* - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
*
*/
private String role;
private ObjectIamPolicyBindingsItemResponse() {}
/**
* @return The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
*
*/
public ExprResponse condition() {
return this.condition;
}
/**
* @return A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
* - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
* - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
* - user:emailid — An email address that represents a specific account. For example, user:[email protected] or user:[email protected].
* - serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:[email protected] .
* - group:emailid — An email address that represents a Google group. For example, group:[email protected].
* - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
* - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
* - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
* - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
*
*/
public List members() {
return this.members;
}
/**
* @return The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
* The new IAM roles are:
* - roles/storage.admin — Full control of Google Cloud Storage resources.
* - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
* - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
* - roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
* - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
* - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
* - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
* - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
* - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
*
*/
public String role() {
return this.role;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(ObjectIamPolicyBindingsItemResponse defaults) {
return new Builder(defaults);
}
@CustomType.Builder
public static final class Builder {
private ExprResponse condition;
private List members;
private String role;
public Builder() {}
public Builder(ObjectIamPolicyBindingsItemResponse defaults) {
Objects.requireNonNull(defaults);
this.condition = defaults.condition;
this.members = defaults.members;
this.role = defaults.role;
}
@CustomType.Setter
public Builder condition(ExprResponse condition) {
this.condition = Objects.requireNonNull(condition);
return this;
}
@CustomType.Setter
public Builder members(List members) {
this.members = Objects.requireNonNull(members);
return this;
}
public Builder members(String... members) {
return members(List.of(members));
}
@CustomType.Setter
public Builder role(String role) {
this.role = Objects.requireNonNull(role);
return this;
}
public ObjectIamPolicyBindingsItemResponse build() {
final var o = new ObjectIamPolicyBindingsItemResponse();
o.condition = condition;
o.members = members;
o.role = role;
return o;
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy