Policy class

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.

For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation.

JSON example:

{
  "bindings": [
    {
      "role": "roles/resourcemanager.organizationAdmin",
      "members": [
        "user:mike@example.com",
        "group:admins@example.com",
        "domain:google.com",
        "serviceAccount:my-project-id@appspot.gserviceaccount.com"
      ]
    },
    {
      "role": "roles/resourcemanager.organizationViewer",
      "members": [
        "user:eve@example.com"
      ],
      "condition": {
        "title": "expirable access",
        "description": "Does not grant access after Sep 2020",
        "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
      }
    }
  ],
  "etag": "BwWWja0YfJA=",
  "version": 3
}

YAML example:

bindings:
- members:
  - user:mike@example.com
  - group:admins@example.com
  - domain:google.com
  - serviceAccount:my-project-id@appspot.gserviceaccount.com
  role: roles/resourcemanager.organizationAdmin
- members:
  - user:eve@example.com
  role: roles/resourcemanager.organizationViewer
  condition:
    title: expirable access
    description: Does not grant access after Sep 2020
    expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
etag: BwWWja0YfJA=
version: 3

For a description of IAM and its features, see the IAM documentation.

Available extensions

GeneratedMessageGenericExtensions

Constructors

Policy({int? version, List<int>? etag, Iterable<Binding>? bindings, Iterable<AuditConfig>? auditConfigs}): factory
Policy.fromBuffer(List<int> data, [ExtensionRegistry registry = $pb.ExtensionRegistry.EMPTY]): factory
Policy.fromJson(String json, [ExtensionRegistry registry = $pb.ExtensionRegistry.EMPTY]): factory

Properties

auditConfigs → PbList<AuditConfig>: Specifies cloud audit logging configuration for this policy.
no setter
bindings → PbList<Binding>: Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal.
no setter
etag ↔ List<int>: etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy.
getter/setter pair
hashCode → int: Calculates a hash code based on the contents of the protobuf.
no setterinherited
info_ → BuilderInfo: no setter
isFrozen → bool: Returns true if this message is marked read-only. Otherwise false.
no setterinherited
runtimeType → Type: A representation of the runtime type of the object.
no setterinherited
unknownFields → UnknownFieldSet: no setterinherited
version ↔ int: Specifies the format of the policy.
getter/setter pair

Methods

addExtension(Extension extension, Object? value) → void: Adds an extension field value to a repeated field.
inherited
check() → void: Throws a StateError if the message has required fields without a value.
inherited
clear() → void: Clears all data that was set in this message.
inherited
clearEtag() → void
clearExtension(Extension extension) → void: Clears an extension field and also removes the extension.
inherited
clearField(int tagNumber) → void: Clears the contents of a given field.
inherited
clearVersion() → void
clone() → Policy: Creates a deep copy of the fields in this message. (The generated code uses mergeFromMessage.)
copyWith(void updates(Policy)) → Policy: Apply updates to a copy of this message.
createEmptyInstance() → Policy: Creates an empty instance of the same message type as this.
deepCopy() → T: Available on T, provided by the GeneratedMessageGenericExtensions extension
Returns a writable deep copy of this message.
extensionsAreInitialized() → bool: inherited
freeze() → GeneratedMessage: Make this message read-only.
inherited
getDefaultForField(int tagNumber) → dynamic: Returns the default value for the given field.
inherited
getExtension(Extension extension) → dynamic: Returns the value of extension.
inherited
getField(int tagNumber) → dynamic: Returns the value of the field associated with tagNumber, or the default value if it is not set.
inherited
getFieldOrNull(int tagNumber) → dynamic: Returns the value of a field, ignoring any defaults.
inherited
getTagNumber(String fieldName) → int?: inherited
hasEtag() → bool
hasExtension(Extension extension) → bool: Returns true if a value of extension is present.
inherited
hasField(int tagNumber) → bool: Whether this message has a field associated with tagNumber.
inherited
hasRequiredFields() → bool: Whether the message has required fields.
inherited
hasVersion() → bool
isInitialized() → bool: Whether all required fields in the message and embedded messages are set.
inherited
mergeFromBuffer(List<int> input, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Merges serialized protocol buffer data into this message.
inherited
mergeFromCodedBufferReader(CodedBufferReader input, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Same as mergeFromBuffer, but takes a CodedBufferReader input.
inherited
mergeFromJson(String data, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Merges field values from data, a JSON object, encoded as described by GeneratedMessage.writeToJson.
inherited
mergeFromJsonMap(Map<String, dynamic> json, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Merges field values from a JSON object represented as a Dart map.
inherited
mergeFromMessage(GeneratedMessage other) → void: Merges the contents of the other into this message.
inherited
mergeFromProto3Json(Object? json, {TypeRegistry typeRegistry = const TypeRegistry.empty(), bool ignoreUnknownFields = false, bool supportNamesWithUnderscores = true, bool permissiveEnums = false}) → void: Merges field values from json, a JSON object using proto3 encoding.
inherited
mergeUnknownFields(UnknownFieldSet unknownFieldSet) → void: inherited
noSuchMethod(Invocation invocation) → dynamic: Invoked when a nonexistent method or property is accessed.
inherited
rebuild(void updates(T)) → T: Available on T, provided by the GeneratedMessageGenericExtensions extension
Apply updates to a copy of this message.
setExtension(Extension extension, Object value) → void: Sets the value of a non-repeated extension field to value.
inherited
setField(int tagNumber, Object value) → void: Sets the value of a field by its tagNumber.
inherited
toBuilder() → GeneratedMessage: Creates a writable, shallow copy of this message.
inherited
toDebugString() → String: Returns a String representation of this message.
inherited
toProto3Json({TypeRegistry typeRegistry = const TypeRegistry.empty()}) → Object?: Returns an Object representing Proto3 JSON serialization of this.
inherited
toString() → String: Returns a String representation of this message.
inherited
writeToBuffer() → Uint8List: Serialize the message as the protobuf binary format.
inherited
writeToCodedBufferWriter(CodedBufferWriter output) → void: Same as writeToBuffer, but serializes to the given CodedBufferWriter.
inherited
writeToJson() → String: Returns a JSON string that encodes this message.
inherited
writeToJsonMap() → Map<String, dynamic>: Returns the JSON encoding of this message as a Dart Map.
inherited

Operators

operator ==(Object other) → bool: The equality operator.
inherited

Static Methods

create() → Policy
createRepeated() → PbList<Policy>
getDefault() → Policy