public static final class Policy.Builder extends GeneratedMessageV3.Builder<Policy.Builder> implements PolicyOrBuilder
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform resources.
A `Policy` is a collection of `bindings`. A `binding` binds one or more
`members` to a single `role`. Members can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A `role` is a named list of
permissions (defined by IAM or configured by users). A `binding` can
optionally specify a `condition`, which is a logic expression that further
constrains the role binding based on attributes about the request and/or
target resource.
**JSON Example**
{
"bindings": [
{
"role": "roles/resourcemanager.organizationAdmin",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com"
]
},
{
"role": "roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"condition": {
"title": "expirable access",
"description": "Does not grant access after Sep 2020",
"expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')",
}
}
]
}
**YAML Example**
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-project-id@appspot.gserviceaccount.com
role: roles/resourcemanager.organizationAdmin
- members:
- user:eve@example.com
role: roles/resourcemanager.organizationViewer
condition:
title: expirable access
description: Does not grant access after Sep 2020
expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
For a description of IAM and its features, see the
[IAM developer's guide](https://cloud.google.com/iam/docs).
Protobuf type google.iam.v1.Policy| Modifier and Type | Method and Description |
|---|---|
Policy.Builder |
addAllBindings(java.lang.Iterable<? extends Binding> values)
Associates a list of `members` to a `role`.
|
Policy.Builder |
addBindings(Binding.Builder builderForValue)
Associates a list of `members` to a `role`.
|
Policy.Builder |
addBindings(Binding value)
Associates a list of `members` to a `role`.
|
Policy.Builder |
addBindings(int index,
Binding.Builder builderForValue)
Associates a list of `members` to a `role`.
|
Policy.Builder |
addBindings(int index,
Binding value)
Associates a list of `members` to a `role`.
|
Binding.Builder |
addBindingsBuilder()
Associates a list of `members` to a `role`.
|
Binding.Builder |
addBindingsBuilder(int index)
Associates a list of `members` to a `role`.
|
Policy.Builder |
addRepeatedField(Descriptors.FieldDescriptor field,
java.lang.Object value) |
Policy |
build() |
Policy |
buildPartial() |
Policy.Builder |
clear() |
Policy.Builder |
clearBindings()
Associates a list of `members` to a `role`.
|
Policy.Builder |
clearEtag()
`etag` is used for optimistic concurrency control as a way to help
prevent simultaneous updates of a policy from overwriting each other.
|
Policy.Builder |
clearField(Descriptors.FieldDescriptor field) |
Policy.Builder |
clearOneof(Descriptors.OneofDescriptor oneof) |
Policy.Builder |
clearVersion()
Specifies the format of the policy.
|
Policy.Builder |
clone() |
Binding |
getBindings(int index)
Associates a list of `members` to a `role`.
|
Binding.Builder |
getBindingsBuilder(int index)
Associates a list of `members` to a `role`.
|
java.util.List<Binding.Builder> |
getBindingsBuilderList()
Associates a list of `members` to a `role`.
|
int |
getBindingsCount()
Associates a list of `members` to a `role`.
|
java.util.List<Binding> |
getBindingsList()
Associates a list of `members` to a `role`.
|
BindingOrBuilder |
getBindingsOrBuilder(int index)
Associates a list of `members` to a `role`.
|
java.util.List<? extends BindingOrBuilder> |
getBindingsOrBuilderList()
Associates a list of `members` to a `role`.
|
Policy |
getDefaultInstanceForType() |
static Descriptors.Descriptor |
getDescriptor() |
Descriptors.Descriptor |
getDescriptorForType() |
ByteString |
getEtag()
`etag` is used for optimistic concurrency control as a way to help
prevent simultaneous updates of a policy from overwriting each other.
|
int |
getVersion()
Specifies the format of the policy.
|
protected GeneratedMessageV3.FieldAccessorTable |
internalGetFieldAccessorTable() |
boolean |
isInitialized() |
Policy.Builder |
mergeFrom(CodedInputStream input,
ExtensionRegistryLite extensionRegistry) |
Policy.Builder |
mergeFrom(Message other) |
Policy.Builder |
mergeFrom(Policy other) |
Policy.Builder |
mergeUnknownFields(UnknownFieldSet unknownFields) |
Policy.Builder |
removeBindings(int index)
Associates a list of `members` to a `role`.
|
Policy.Builder |
setBindings(int index,
Binding.Builder builderForValue)
Associates a list of `members` to a `role`.
|
Policy.Builder |
setBindings(int index,
Binding value)
Associates a list of `members` to a `role`.
|
Policy.Builder |
setEtag(ByteString value)
`etag` is used for optimistic concurrency control as a way to help
prevent simultaneous updates of a policy from overwriting each other.
|
Policy.Builder |
setField(Descriptors.FieldDescriptor field,
java.lang.Object value) |
Policy.Builder |
setRepeatedField(Descriptors.FieldDescriptor field,
int index,
java.lang.Object value) |
Policy.Builder |
setUnknownFields(UnknownFieldSet unknownFields) |
Policy.Builder |
setVersion(int value)
Specifies the format of the policy.
|
getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, newBuilderForField, onBuilt, onChanged, setUnknownFieldsProto3findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toStringaddAll, addAll, mergeFrom, newUninitializedMessageExceptionequals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitfindInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneofmergeFrompublic static final Descriptors.Descriptor getDescriptor()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
internalGetFieldAccessorTable in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder clear()
clear in interface Message.Builderclear in interface MessageLite.Builderclear in class GeneratedMessageV3.Builder<Policy.Builder>public Descriptors.Descriptor getDescriptorForType()
getDescriptorForType in interface Message.BuildergetDescriptorForType in interface MessageOrBuildergetDescriptorForType in class GeneratedMessageV3.Builder<Policy.Builder>public Policy getDefaultInstanceForType()
getDefaultInstanceForType in interface MessageLiteOrBuildergetDefaultInstanceForType in interface MessageOrBuilderpublic Policy build()
build in interface Message.Builderbuild in interface MessageLite.Builderpublic Policy buildPartial()
buildPartial in interface Message.BuilderbuildPartial in interface MessageLite.Builderpublic Policy.Builder clone()
clone in interface Message.Builderclone in interface MessageLite.Builderclone in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder setField(Descriptors.FieldDescriptor field, java.lang.Object value)
setField in interface Message.BuildersetField in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder clearField(Descriptors.FieldDescriptor field)
clearField in interface Message.BuilderclearField in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder clearOneof(Descriptors.OneofDescriptor oneof)
clearOneof in interface Message.BuilderclearOneof in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, java.lang.Object value)
setRepeatedField in interface Message.BuildersetRepeatedField in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder addRepeatedField(Descriptors.FieldDescriptor field, java.lang.Object value)
addRepeatedField in interface Message.BuilderaddRepeatedField in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder mergeFrom(Message other)
mergeFrom in interface Message.BuildermergeFrom in class AbstractMessage.Builder<Policy.Builder>public Policy.Builder mergeFrom(Policy other)
public final boolean isInitialized()
isInitialized in interface MessageLiteOrBuilderisInitialized in class GeneratedMessageV3.Builder<Policy.Builder>public Policy.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry) throws java.io.IOException
mergeFrom in interface Message.BuildermergeFrom in interface MessageLite.BuildermergeFrom in class AbstractMessage.Builder<Policy.Builder>java.io.IOExceptionpublic int getVersion()
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Operations affecting conditional bindings must specify version 3. This can be either setting a conditional policy, modifying a conditional binding, or removing a conditional binding from the stored conditional policy. Operations on non-conditional policies may specify any valid value or leave the field unset. If no etag is provided in the call to `setIamPolicy`, any version compliance checks on the incoming and/or stored policy is skipped.
int32 version = 1;getVersion in interface PolicyOrBuilderpublic Policy.Builder setVersion(int value)
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Operations affecting conditional bindings must specify version 3. This can be either setting a conditional policy, modifying a conditional binding, or removing a conditional binding from the stored conditional policy. Operations on non-conditional policies may specify any valid value or leave the field unset. If no etag is provided in the call to `setIamPolicy`, any version compliance checks on the incoming and/or stored policy is skipped.
int32 version = 1;public Policy.Builder clearVersion()
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Operations affecting conditional bindings must specify version 3. This can be either setting a conditional policy, modifying a conditional binding, or removing a conditional binding from the stored conditional policy. Operations on non-conditional policies may specify any valid value or leave the field unset. If no etag is provided in the call to `setIamPolicy`, any version compliance checks on the incoming and/or stored policy is skipped.
int32 version = 1;public java.util.List<Binding> getBindingsList()
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;getBindingsList in interface PolicyOrBuilderpublic int getBindingsCount()
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;getBindingsCount in interface PolicyOrBuilderpublic Binding getBindings(int index)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;getBindings in interface PolicyOrBuilderpublic Policy.Builder setBindings(int index, Binding value)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder setBindings(int index, Binding.Builder builderForValue)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder addBindings(Binding value)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder addBindings(int index, Binding value)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder addBindings(Binding.Builder builderForValue)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder addBindings(int index, Binding.Builder builderForValue)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder addAllBindings(java.lang.Iterable<? extends Binding> values)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder clearBindings()
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Policy.Builder removeBindings(int index)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Binding.Builder getBindingsBuilder(int index)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public BindingOrBuilder getBindingsOrBuilder(int index)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;getBindingsOrBuilder in interface PolicyOrBuilderpublic java.util.List<? extends BindingOrBuilder> getBindingsOrBuilderList()
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;getBindingsOrBuilderList in interface PolicyOrBuilderpublic Binding.Builder addBindingsBuilder()
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public Binding.Builder addBindingsBuilder(int index)
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public java.util.List<Binding.Builder> getBindingsBuilderList()
Associates a list of `members` to a `role`. Optionally may specify a `condition` that determines when binding is in effect. `bindings` with no members will result in an error.
repeated .google.iam.v1.Binding bindings = 4;public ByteString getEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail even if either of incoming or stored policy does not meet the version requirements.
bytes etag = 3;getEtag in interface PolicyOrBuilderpublic Policy.Builder setEtag(ByteString value)
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail even if either of incoming or stored policy does not meet the version requirements.
bytes etag = 3;public Policy.Builder clearEtag()
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail even if either of incoming or stored policy does not meet the version requirements.
bytes etag = 3;public final Policy.Builder setUnknownFields(UnknownFieldSet unknownFields)
setUnknownFields in interface Message.BuildersetUnknownFields in class GeneratedMessageV3.Builder<Policy.Builder>public final Policy.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
mergeUnknownFields in interface Message.BuildermergeUnknownFields in class GeneratedMessageV3.Builder<Policy.Builder>