google-cloud-storage 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e2f69d45d27d36cc09db5b968a09cbbecf4d8354
4
- data.tar.gz: 62b776735c66856f21cfc352541c87c3452f1dc5
3
+ metadata.gz: e44e7736db1ba058142ad9933e6f70c772271040
4
+ data.tar.gz: a0c1b589a1b27c357c96764767fcb99ce2c52bf2
5
5
  SHA512:
6
- metadata.gz: 93933194f259974df44e8961ed44f72d03e666dd15ad65aa082c05546f50438417811619f74e17ba8dc0c2b30a48ec7fa6ec706cd9e93cae454a03aa19965b26
7
- data.tar.gz: 825b6a69664ce2c0fab0910234b7b512f430369102db779b627b4083a8b14b9e2e1c50636a0bb74437e07f929f14bebe22539f34a84655325e239aa4bf83661c
6
+ metadata.gz: fceeaf2cf0932e5d65cb104ca34d72c994d3571c7c39e20c1493d40cb758ac81806f349b77f6833133bf9a131d8b7292e9b61434530f83018c416ecd9c8247a9
7
+ data.tar.gz: 67d37d87e36555c2f7fb7193d717dedb499447bf014d1b6f34c96b5a4b554ed85c227e3baa4b14ba469346991ddd93df2e700d7f18be49b21a5818f38fb647ff
@@ -16,6 +16,7 @@
16
16
  require "google/cloud/storage/bucket/acl"
17
17
  require "google/cloud/storage/bucket/list"
18
18
  require "google/cloud/storage/bucket/cors"
19
+ require "google/cloud/storage/policy"
19
20
  require "google/cloud/storage/post_object"
20
21
  require "google/cloud/storage/file"
21
22
  require "pathname"
@@ -888,6 +889,140 @@ module Google
888
889
  @default_acl ||= Bucket::DefaultAcl.new self
889
890
  end
890
891
 
892
+ ##
893
+ # Gets and updates the [Cloud IAM](https://cloud.google.com/iam/) access
894
+ # control policy for this bucket.
895
+ #
896
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
897
+ # Policies
898
+ # @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
899
+ # Buckets: setIamPolicy
900
+ #
901
+ # @param [Boolean] force Force load the latest policy when `true`.
902
+ # Otherwise the policy will be memoized to reduce the number of API
903
+ # calls made. The default is `false`.
904
+ #
905
+ # @yield [policy] A block for updating the policy. The latest policy
906
+ # will be read from the service and passed to the block. After the
907
+ # block completes, the modified policy will be written to the service.
908
+ # @yieldparam [Policy] policy the current Cloud IAM Policy for this
909
+ # bucket
910
+ #
911
+ # @return [Policy] the current Cloud IAM Policy for this bucket
912
+ #
913
+ # @example Policy values are memoized to reduce the number of API calls:
914
+ # require "google/cloud/storage"
915
+ #
916
+ # storage = Google::Cloud::Storage.new
917
+ #
918
+ # bucket = storage.bucket "my-todo-app"
919
+ #
920
+ # policy = bucket.policy # API call
921
+ # policy_2 = bucket.policy # No API call
922
+ #
923
+ # @example Use `force` to retrieve the latest policy from the service:
924
+ # require "google/cloud/storage"
925
+ #
926
+ # storage = Google::Cloud::Storage.new
927
+ #
928
+ # bucket = storage.bucket "my-todo-app"
929
+ #
930
+ # policy = bucket.policy force: true # API call
931
+ # policy_2 = bucket.policy force: true # API call
932
+ #
933
+ # @example Update the policy by passing a block:
934
+ # require "google/cloud/storage"
935
+ #
936
+ # storage = Google::Cloud::Storage.new
937
+ #
938
+ # bucket = storage.bucket "my-todo-app"
939
+ #
940
+ # bucket.policy do |p|
941
+ # p.add "roles/owner", "user:owner@example.com"
942
+ # end # 2 API calls
943
+ #
944
+ def policy force: false
945
+ @policy = nil if force || block_given?
946
+ @policy ||= begin
947
+ ensure_service!
948
+ gapi = service.get_bucket_policy name
949
+ Policy.from_gapi gapi
950
+ end
951
+ return @policy unless block_given?
952
+ p = @policy.deep_dup
953
+ yield p
954
+ self.policy = p
955
+ end
956
+
957
+ ##
958
+ # Updates the [Cloud IAM](https://cloud.google.com/iam/) access control
959
+ # policy for this bucket. The policy should be read from {#policy}. See
960
+ # {Google::Cloud::Storage::Policy} for an explanation of the
961
+ # policy `etag` property and how to modify policies.
962
+ #
963
+ # You can also update the policy by passing a block to {#policy}, which
964
+ # will call this method internally after the block completes.
965
+ #
966
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
967
+ # Policies
968
+ # @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
969
+ # Buckets: setIamPolicy
970
+ #
971
+ # @param [Policy] new_policy a new or modified Cloud IAM Policy for this
972
+ # bucket
973
+ #
974
+ # @example
975
+ # require "google/cloud/storage"
976
+ #
977
+ # storage = Google::Cloud::Storage.new
978
+ #
979
+ # bucket = storage.bucket "my-todo-app"
980
+ #
981
+ # policy = bucket.policy # API call
982
+ #
983
+ # policy.add "roles/owner", "user:owner@example.com"
984
+ #
985
+ # bucket.policy = policy # API call
986
+ #
987
+ def policy= new_policy
988
+ ensure_service!
989
+ gapi = service.set_bucket_policy name, new_policy.to_gapi
990
+ @policy = Policy.from_gapi gapi
991
+ end
992
+
993
+ ##
994
+ # Tests the specified permissions against the [Cloud
995
+ # IAM](https://cloud.google.com/iam/) access control policy.
996
+ #
997
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
998
+ # Policies
999
+ #
1000
+ # @param [String, Array<String>] permissions The set of permissions
1001
+ # against which to check access. Permissions must be of the format
1002
+ # `storage.resource.capability`, where resource is one of `buckets` or
1003
+ # `objects`.
1004
+ #
1005
+ # @return [Array<String>] The permissions held by the caller.
1006
+ #
1007
+ # @example
1008
+ # require "google/cloud/storage"
1009
+ #
1010
+ # storage = Google::Cloud::Storage.new
1011
+ #
1012
+ # bucket = storage.bucket "my-todo-app"
1013
+ #
1014
+ # permissions = bucket.test_permissions "storage.buckets.get",
1015
+ # "storage.buckets.delete"
1016
+ # permissions.include? "storage.buckets.get" #=> true
1017
+ # permissions.include? "storage.buckets.delete" #=> false
1018
+ #
1019
+ def test_permissions *permissions
1020
+ permissions = Array(permissions).flatten
1021
+ ensure_service!
1022
+ gapi = service.test_bucket_permissions name, permissions
1023
+ gapi.permissions
1024
+ end
1025
+
891
1026
  ##
892
1027
  # Reloads the bucket with current data from the Storage service.
893
1028
  def reload!
@@ -0,0 +1,206 @@
1
+ # Copyright 2017 Google Inc. All rights reserved.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+
16
+ require "google/cloud/errors"
17
+ require "google/apis/storage_v1"
18
+
19
+ module Google
20
+ module Cloud
21
+ module Storage
22
+ ##
23
+ # # Policy
24
+ #
25
+ # Represents a Cloud IAM Policy for the Cloud Storage service.
26
+ #
27
+ # A common pattern for updating a resource's metadata, such as its Policy,
28
+ # is to read the current data from the service, update the data locally,
29
+ # and then send the modified data for writing. This pattern may result in
30
+ # a conflict if two or more processes attempt the sequence simultaneously.
31
+ # IAM solves this problem with the
32
+ # {Google::Cloud::Storage::Policy#etag} property, which is used to
33
+ # verify whether the policy has changed since the last request. When you
34
+ # make a request to with an `etag` value, Cloud IAM compares the `etag`
35
+ # value in the request with the existing `etag` value associated with the
36
+ # policy. It writes the policy only if the `etag` values match.
37
+ #
38
+ # When you update a policy, first read the policy (and its current `etag`)
39
+ # from the service, then modify the policy locally, and then write the
40
+ # modified policy to the service. See
41
+ # {Google::Cloud::Storage::Bucket#policy} and
42
+ # {Google::Cloud::Storage::Bucket#policy=}.
43
+ #
44
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
45
+ # policies
46
+ # @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
47
+ # Buckets: setIamPolicy
48
+ #
49
+ # @attr [String] etag Used to verify whether the policy has changed since
50
+ # the last request. The policy will be written only if the `etag` values
51
+ # match.
52
+ # @attr [Hash{String => Array<String>}] roles The bindings that associate
53
+ # roles with an array of members. See [Understanding
54
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
55
+ # listing of primitive and curated roles. See [Buckets:
56
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
57
+ # for a listing of values and patterns for members.
58
+ #
59
+ # @example
60
+ # require "google/cloud/storage"
61
+ #
62
+ # storage = Google::Cloud::Storage.new
63
+ #
64
+ # bucket = storage.bucket "my-todo-app"
65
+ #
66
+ # bucket.policy do |p|
67
+ # p.remove "roles/storage.admin", "user:owner@example.com"
68
+ # p.add "roles/storage.admin", "user:newowner@example.com"
69
+ # p.roles["roles/storage.objectViewer"] = ["allUsers"]
70
+ # end
71
+ #
72
+ class Policy
73
+ attr_reader :etag, :roles
74
+
75
+ ##
76
+ # @private Creates a Policy object.
77
+ def initialize etag, roles
78
+ @etag = etag
79
+ @roles = roles
80
+ end
81
+
82
+ ##
83
+ # Convenience method for adding a member to a binding on this policy.
84
+ # See [Understanding
85
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
86
+ # listing of primitive and curated roles. See [Buckets:
87
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
88
+ # for a listing of values and patterns for members.
89
+ #
90
+ # @param [String] role_name A Cloud IAM role, such as
91
+ # `"roles/storage.admin"`.
92
+ # @param [String] member A Cloud IAM identity, such as
93
+ # `"user:owner@example.com"`.
94
+ #
95
+ # @example
96
+ # require "google/cloud/storage"
97
+ #
98
+ # storage = Google::Cloud::Storage.new
99
+ #
100
+ # bucket = storage.bucket "my-todo-app"
101
+ #
102
+ # bucket.policy do |p|
103
+ # p.add "roles/storage.admin", "user:newowner@example.com"
104
+ # end
105
+ #
106
+ def add role_name, member
107
+ role(role_name) << member
108
+ end
109
+
110
+ ##
111
+ # Convenience method for removing a member from a binding on this
112
+ # policy. See [Understanding
113
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
114
+ # listing of primitive and curated roles. See [Buckets:
115
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
116
+ # for a listing of values and patterns for members.
117
+ #
118
+ # @param [String] role_name A Cloud IAM role, such as
119
+ # `"roles/storage.admin"`.
120
+ # @param [String] member A Cloud IAM identity, such as
121
+ # `"user:owner@example.com"`.
122
+ #
123
+ # @example
124
+ # require "google/cloud/storage"
125
+ #
126
+ # storage = Google::Cloud::Storage.new
127
+ #
128
+ # bucket = storage.bucket "my-todo-app"
129
+ #
130
+ # bucket.policy do |p|
131
+ # p.remove "roles/storage.admin", "user:owner@example.com"
132
+ # end
133
+ #
134
+ def remove role_name, member
135
+ role(role_name).delete member
136
+ end
137
+
138
+ ##
139
+ # Convenience method returning the array of members bound to a role in
140
+ # this policy, or an empty array if no value is present for the role in
141
+ # {#roles}. See [Understanding
142
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
143
+ # listing of primitive and curated roles. See [Buckets:
144
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
145
+ # for a listing of values and patterns for members.
146
+ #
147
+ # @return [Array<String>] The members strings, or an empty array.
148
+ #
149
+ # @example
150
+ # require "google/cloud/storage"
151
+ #
152
+ # storage = Google::Cloud::Storage.new
153
+ #
154
+ # bucket = storage.bucket "my-todo-app"
155
+ #
156
+ # bucket.policy do |p|
157
+ # p.role("roles/storage.admin") << "user:owner@example.com"
158
+ # end
159
+ #
160
+ def role role_name
161
+ roles[role_name] ||= []
162
+ end
163
+
164
+ ##
165
+ # Returns a deep copy of the policy.
166
+ #
167
+ # @return [Policy]
168
+ #
169
+ def deep_dup
170
+ dup.tap do |p|
171
+ roles_dup = p.roles.each_with_object({}) do |(k, v), memo|
172
+ memo[k] = v.dup rescue value
173
+ end
174
+ p.instance_variable_set "@roles", roles_dup
175
+ end
176
+ end
177
+
178
+ ##
179
+ # @private Convert the Policy to a
180
+ # Google::Apis::StorageV1::Policy.
181
+ def to_gapi
182
+ Google::Apis::StorageV1::Policy.new(
183
+ etag: etag,
184
+ bindings: roles.keys.map do |role_name|
185
+ next if roles[role_name].empty?
186
+ Google::Apis::StorageV1::Policy::Binding.new(
187
+ role: role_name,
188
+ members: roles[role_name]
189
+ )
190
+ end
191
+ )
192
+ end
193
+
194
+ ##
195
+ # @private New Policy from a
196
+ # Google::Apis::StorageV1::Policy object.
197
+ def self.from_gapi gapi
198
+ roles = gapi.bindings.each_with_object({}) do |binding, memo|
199
+ memo[binding.role] = binding.members.to_a
200
+ end
201
+ new gapi.etag, roles
202
+ end
203
+ end
204
+ end
205
+ end
206
+ end
@@ -156,6 +156,30 @@ module Google
156
156
  end
157
157
  end
158
158
 
159
+ ##
160
+ # Returns Google::Apis::StorageV1::Policy
161
+ def get_bucket_policy bucket_name
162
+ # get_bucket_iam_policy(bucket, fields: nil, quota_user: nil,
163
+ # user_ip: nil, options: nil)
164
+ execute { service.get_bucket_iam_policy bucket_name }
165
+ end
166
+
167
+ ##
168
+ # Returns Google::Apis::StorageV1::Policy
169
+ def set_bucket_policy bucket_name, new_policy
170
+ execute do
171
+ service.set_bucket_iam_policy bucket_name, new_policy
172
+ end
173
+ end
174
+
175
+ ##
176
+ # Returns Google::Apis::StorageV1::TestIamPermissionsResponse
177
+ def test_bucket_permissions bucket_name, permissions
178
+ execute do
179
+ service.test_bucket_iam_permissions bucket_name, permissions
180
+ end
181
+ end
182
+
159
183
  ##
160
184
  # Retrieves a list of files matching the criteria.
161
185
  def list_files bucket_name, options = {}
@@ -16,7 +16,7 @@
16
16
  module Google
17
17
  module Cloud
18
18
  module Storage
19
- VERSION = "1.0.0"
19
+ VERSION = "1.0.1"
20
20
  end
21
21
  end
22
22
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-storage
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Moore
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2017-04-05 00:00:00.000000000 Z
12
+ date: 2017-04-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: google-cloud-core
@@ -203,6 +203,7 @@ files:
203
203
  - lib/google/cloud/storage/file/list.rb
204
204
  - lib/google/cloud/storage/file/signer.rb
205
205
  - lib/google/cloud/storage/file/verifier.rb
206
+ - lib/google/cloud/storage/policy.rb
206
207
  - lib/google/cloud/storage/post_object.rb
207
208
  - lib/google/cloud/storage/project.rb
208
209
  - lib/google/cloud/storage/service.rb