Package com.google.cloud.compute.v1

Class Policy

  • All Implemented Interfaces:
    PolicyOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    public final class Policy
extends com.google.protobuf.GeneratedMessageV3
implements PolicyOrBuilder
     An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
    Protobuf type google.cloud.compute.v1.Policy
    See Also:
    Serialized Form

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  Policy.Builder
      An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

      • Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

        com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>,​BuilderT extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT,​BuilderT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

      • Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

        com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getAuditConfigsList

        public List<AuditConfig> getAuditConfigsList()
         Specifies cloud audit logging configuration for this policy.
        repeated .google.cloud.compute.v1.AuditConfig audit_configs = 328080653;
        Specified by:
        getAuditConfigsList in interface PolicyOrBuilder

      • getAuditConfigsCount

        public int getAuditConfigsCount()
         Specifies cloud audit logging configuration for this policy.
        repeated .google.cloud.compute.v1.AuditConfig audit_configs = 328080653;
        Specified by:
        getAuditConfigsCount in interface PolicyOrBuilder

      • getAuditConfigs

        public AuditConfig getAuditConfigs​(int index)
         Specifies cloud audit logging configuration for this policy.
        repeated .google.cloud.compute.v1.AuditConfig audit_configs = 328080653;
        Specified by:
        getAuditConfigs in interface PolicyOrBuilder

      • getAuditConfigsOrBuilder

        public AuditConfigOrBuilder getAuditConfigsOrBuilder​(int index)
         Specifies cloud audit logging configuration for this policy.
        repeated .google.cloud.compute.v1.AuditConfig audit_configs = 328080653;
        Specified by:
        getAuditConfigsOrBuilder in interface PolicyOrBuilder

      • getBindingsList

        public List<Binding> getBindingsList()
         Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
        repeated .google.cloud.compute.v1.Binding bindings = 403251854;
        Specified by:
        getBindingsList in interface PolicyOrBuilder

      • getBindingsOrBuilderList

        public List<? extends BindingOrBuilder> getBindingsOrBuilderList()
         Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
        repeated .google.cloud.compute.v1.Binding bindings = 403251854;
        Specified by:
        getBindingsOrBuilderList in interface PolicyOrBuilder

      • getBindingsCount

        public int getBindingsCount()
         Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
        repeated .google.cloud.compute.v1.Binding bindings = 403251854;
        Specified by:
        getBindingsCount in interface PolicyOrBuilder

      • getBindings

        public Binding getBindings​(int index)
         Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
        repeated .google.cloud.compute.v1.Binding bindings = 403251854;
        Specified by:
        getBindings in interface PolicyOrBuilder

      • getBindingsOrBuilder

        public BindingOrBuilder getBindingsOrBuilder​(int index)
         Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
        repeated .google.cloud.compute.v1.Binding bindings = 403251854;
        Specified by:
        getBindingsOrBuilder in interface PolicyOrBuilder

      • hasEtag

        public boolean hasEtag()
         `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
        optional string etag = 3123477;
        Specified by:
        hasEtag in interface PolicyOrBuilder
        Returns:
        Whether the etag field is set.

      • getEtag

        public String getEtag()
         `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
        optional string etag = 3123477;
        Specified by:
        getEtag in interface PolicyOrBuilder
        Returns:
        The etag.

      • getEtagBytes

        public com.google.protobuf.ByteString getEtagBytes()
         `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
        optional string etag = 3123477;
        Specified by:
        getEtagBytes in interface PolicyOrBuilder
        Returns:
        The bytes for etag.

      • hasIamOwned

        public boolean hasIamOwned()
        optional bool iam_owned = 450566203;
        Specified by:
        hasIamOwned in interface PolicyOrBuilder
        Returns:
        Whether the iamOwned field is set.

      • getIamOwned

        public boolean getIamOwned()
        optional bool iam_owned = 450566203;
        Specified by:
        getIamOwned in interface PolicyOrBuilder
        Returns:
        The iamOwned.

      • getRulesList

        public List<Rule> getRulesList()
         This is deprecated and has no effect. Do not use.
        repeated .google.cloud.compute.v1.Rule rules = 108873975;
        Specified by:
        getRulesList in interface PolicyOrBuilder

      • getRulesCount

        public int getRulesCount()
         This is deprecated and has no effect. Do not use.
        repeated .google.cloud.compute.v1.Rule rules = 108873975;
        Specified by:
        getRulesCount in interface PolicyOrBuilder

      • getRules

        public Rule getRules​(int index)
         This is deprecated and has no effect. Do not use.
        repeated .google.cloud.compute.v1.Rule rules = 108873975;
        Specified by:
        getRules in interface PolicyOrBuilder

      • getRulesOrBuilder

        public RuleOrBuilder getRulesOrBuilder​(int index)
         This is deprecated and has no effect. Do not use.
        repeated .google.cloud.compute.v1.Rule rules = 108873975;
        Specified by:
        getRulesOrBuilder in interface PolicyOrBuilder

      • hasVersion

        public boolean hasVersion()
         Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
        optional int32 version = 351608024;
        Specified by:
        hasVersion in interface PolicyOrBuilder
        Returns:
        Whether the version field is set.

      • getVersion

        public int getVersion()
         Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
        optional int32 version = 351608024;
        Specified by:
        getVersion in interface PolicyOrBuilder
        Returns:
        The version.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static Policy parseFrom​(ByteBuffer data)
                        throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy parseFrom​(ByteBuffer data,
                               com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                        throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy parseFrom​(com.google.protobuf.ByteString data)
                        throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy parseFrom​(com.google.protobuf.ByteString data,
                               com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                        throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy parseFrom​(byte[] data)
                        throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy parseFrom​(byte[] data,
                               com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                        throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static Policy parseFrom​(com.google.protobuf.CodedInputStream input,
                               com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                        throws IOException
        Throws:
        IOException

      • newBuilderForType

        public Policy.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public Policy.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected Policy.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstance

        public static Policy getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<Policy> parser()

      • getParserForType

        public com.google.protobuf.Parser<Policy> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public Policy getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder