google-cloud-storage 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e2f69d45d27d36cc09db5b968a09cbbecf4d8354
4
- data.tar.gz: 62b776735c66856f21cfc352541c87c3452f1dc5
3
+ metadata.gz: e44e7736db1ba058142ad9933e6f70c772271040
4
+ data.tar.gz: a0c1b589a1b27c357c96764767fcb99ce2c52bf2
5
5
  SHA512:
6
- metadata.gz: 93933194f259974df44e8961ed44f72d03e666dd15ad65aa082c05546f50438417811619f74e17ba8dc0c2b30a48ec7fa6ec706cd9e93cae454a03aa19965b26
7
- data.tar.gz: 825b6a69664ce2c0fab0910234b7b512f430369102db779b627b4083a8b14b9e2e1c50636a0bb74437e07f929f14bebe22539f34a84655325e239aa4bf83661c
6
+ metadata.gz: fceeaf2cf0932e5d65cb104ca34d72c994d3571c7c39e20c1493d40cb758ac81806f349b77f6833133bf9a131d8b7292e9b61434530f83018c416ecd9c8247a9
7
+ data.tar.gz: 67d37d87e36555c2f7fb7193d717dedb499447bf014d1b6f34c96b5a4b554ed85c227e3baa4b14ba469346991ddd93df2e700d7f18be49b21a5818f38fb647ff
@@ -16,6 +16,7 @@
16
16
  require "google/cloud/storage/bucket/acl"
17
17
  require "google/cloud/storage/bucket/list"
18
18
  require "google/cloud/storage/bucket/cors"
19
+ require "google/cloud/storage/policy"
19
20
  require "google/cloud/storage/post_object"
20
21
  require "google/cloud/storage/file"
21
22
  require "pathname"
@@ -888,6 +889,140 @@ module Google
888
889
  @default_acl ||= Bucket::DefaultAcl.new self
889
890
  end
890
891
 
892
+ ##
893
+ # Gets and updates the [Cloud IAM](https://cloud.google.com/iam/) access
894
+ # control policy for this bucket.
895
+ #
896
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
897
+ # Policies
898
+ # @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
899
+ # Buckets: setIamPolicy
900
+ #
901
+ # @param [Boolean] force Force load the latest policy when `true`.
902
+ # Otherwise the policy will be memoized to reduce the number of API
903
+ # calls made. The default is `false`.
904
+ #
905
+ # @yield [policy] A block for updating the policy. The latest policy
906
+ # will be read from the service and passed to the block. After the
907
+ # block completes, the modified policy will be written to the service.
908
+ # @yieldparam [Policy] policy the current Cloud IAM Policy for this
909
+ # bucket
910
+ #
911
+ # @return [Policy] the current Cloud IAM Policy for this bucket
912
+ #
913
+ # @example Policy values are memoized to reduce the number of API calls:
914
+ # require "google/cloud/storage"
915
+ #
916
+ # storage = Google::Cloud::Storage.new
917
+ #
918
+ # bucket = storage.bucket "my-todo-app"
919
+ #
920
+ # policy = bucket.policy # API call
921
+ # policy_2 = bucket.policy # No API call
922
+ #
923
+ # @example Use `force` to retrieve the latest policy from the service:
924
+ # require "google/cloud/storage"
925
+ #
926
+ # storage = Google::Cloud::Storage.new
927
+ #
928
+ # bucket = storage.bucket "my-todo-app"
929
+ #
930
+ # policy = bucket.policy force: true # API call
931
+ # policy_2 = bucket.policy force: true # API call
932
+ #
933
+ # @example Update the policy by passing a block:
934
+ # require "google/cloud/storage"
935
+ #
936
+ # storage = Google::Cloud::Storage.new
937
+ #
938
+ # bucket = storage.bucket "my-todo-app"
939
+ #
940
+ # bucket.policy do |p|
941
+ # p.add "roles/owner", "user:owner@example.com"
942
+ # end # 2 API calls
943
+ #
944
+ def policy force: false
945
+ @policy = nil if force || block_given?
946
+ @policy ||= begin
947
+ ensure_service!
948
+ gapi = service.get_bucket_policy name
949
+ Policy.from_gapi gapi
950
+ end
951
+ return @policy unless block_given?
952
+ p = @policy.deep_dup
953
+ yield p
954
+ self.policy = p
955
+ end
956
+
957
+ ##
958
+ # Updates the [Cloud IAM](https://cloud.google.com/iam/) access control
959
+ # policy for this bucket. The policy should be read from {#policy}. See
960
+ # {Google::Cloud::Storage::Policy} for an explanation of the
961
+ # policy `etag` property and how to modify policies.
962
+ #
963
+ # You can also update the policy by passing a block to {#policy}, which
964
+ # will call this method internally after the block completes.
965
+ #
966
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
967
+ # Policies
968
+ # @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
969
+ # Buckets: setIamPolicy
970
+ #
971
+ # @param [Policy] new_policy a new or modified Cloud IAM Policy for this
972
+ # bucket
973
+ #
974
+ # @example
975
+ # require "google/cloud/storage"
976
+ #
977
+ # storage = Google::Cloud::Storage.new
978
+ #
979
+ # bucket = storage.bucket "my-todo-app"
980
+ #
981
+ # policy = bucket.policy # API call
982
+ #
983
+ # policy.add "roles/owner", "user:owner@example.com"
984
+ #
985
+ # bucket.policy = policy # API call
986
+ #
987
+ def policy= new_policy
988
+ ensure_service!
989
+ gapi = service.set_bucket_policy name, new_policy.to_gapi
990
+ @policy = Policy.from_gapi gapi
991
+ end
992
+
993
+ ##
994
+ # Tests the specified permissions against the [Cloud
995
+ # IAM](https://cloud.google.com/iam/) access control policy.
996
+ #
997
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
998
+ # Policies
999
+ #
1000
+ # @param [String, Array<String>] permissions The set of permissions
1001
+ # against which to check access. Permissions must be of the format
1002
+ # `storage.resource.capability`, where resource is one of `buckets` or
1003
+ # `objects`.
1004
+ #
1005
+ # @return [Array<String>] The permissions held by the caller.
1006
+ #
1007
+ # @example
1008
+ # require "google/cloud/storage"
1009
+ #
1010
+ # storage = Google::Cloud::Storage.new
1011
+ #
1012
+ # bucket = storage.bucket "my-todo-app"
1013
+ #
1014
+ # permissions = bucket.test_permissions "storage.buckets.get",
1015
+ # "storage.buckets.delete"
1016
+ # permissions.include? "storage.buckets.get" #=> true
1017
+ # permissions.include? "storage.buckets.delete" #=> false
1018
+ #
1019
+ def test_permissions *permissions
1020
+ permissions = Array(permissions).flatten
1021
+ ensure_service!
1022
+ gapi = service.test_bucket_permissions name, permissions
1023
+ gapi.permissions
1024
+ end
1025
+
891
1026
  ##
892
1027
  # Reloads the bucket with current data from the Storage service.
893
1028
  def reload!
@@ -0,0 +1,206 @@
1
+ # Copyright 2017 Google Inc. All rights reserved.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+
16
+ require "google/cloud/errors"
17
+ require "google/apis/storage_v1"
18
+
19
+ module Google
20
+ module Cloud
21
+ module Storage
22
+ ##
23
+ # # Policy
24
+ #
25
+ # Represents a Cloud IAM Policy for the Cloud Storage service.
26
+ #
27
+ # A common pattern for updating a resource's metadata, such as its Policy,
28
+ # is to read the current data from the service, update the data locally,
29
+ # and then send the modified data for writing. This pattern may result in
30
+ # a conflict if two or more processes attempt the sequence simultaneously.
31
+ # IAM solves this problem with the
32
+ # {Google::Cloud::Storage::Policy#etag} property, which is used to
33
+ # verify whether the policy has changed since the last request. When you
34
+ # make a request to with an `etag` value, Cloud IAM compares the `etag`
35
+ # value in the request with the existing `etag` value associated with the
36
+ # policy. It writes the policy only if the `etag` values match.
37
+ #
38
+ # When you update a policy, first read the policy (and its current `etag`)
39
+ # from the service, then modify the policy locally, and then write the
40
+ # modified policy to the service. See
41
+ # {Google::Cloud::Storage::Bucket#policy} and
42
+ # {Google::Cloud::Storage::Bucket#policy=}.
43
+ #
44
+ # @see https://cloud.google.com/iam/docs/managing-policies Managing
45
+ # policies
46
+ # @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
47
+ # Buckets: setIamPolicy
48
+ #
49
+ # @attr [String] etag Used to verify whether the policy has changed since
50
+ # the last request. The policy will be written only if the `etag` values
51
+ # match.
52
+ # @attr [Hash{String => Array<String>}] roles The bindings that associate
53
+ # roles with an array of members. See [Understanding
54
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
55
+ # listing of primitive and curated roles. See [Buckets:
56
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
57
+ # for a listing of values and patterns for members.
58
+ #
59
+ # @example
60
+ # require "google/cloud/storage"
61
+ #
62
+ # storage = Google::Cloud::Storage.new
63
+ #
64
+ # bucket = storage.bucket "my-todo-app"
65
+ #
66
+ # bucket.policy do |p|
67
+ # p.remove "roles/storage.admin", "user:owner@example.com"
68
+ # p.add "roles/storage.admin", "user:newowner@example.com"
69
+ # p.roles["roles/storage.objectViewer"] = ["allUsers"]
70
+ # end
71
+ #
72
+ class Policy
73
+ attr_reader :etag, :roles
74
+
75
+ ##
76
+ # @private Creates a Policy object.
77
+ def initialize etag, roles
78
+ @etag = etag
79
+ @roles = roles
80
+ end
81
+
82
+ ##
83
+ # Convenience method for adding a member to a binding on this policy.
84
+ # See [Understanding
85
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
86
+ # listing of primitive and curated roles. See [Buckets:
87
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
88
+ # for a listing of values and patterns for members.
89
+ #
90
+ # @param [String] role_name A Cloud IAM role, such as
91
+ # `"roles/storage.admin"`.
92
+ # @param [String] member A Cloud IAM identity, such as
93
+ # `"user:owner@example.com"`.
94
+ #
95
+ # @example
96
+ # require "google/cloud/storage"
97
+ #
98
+ # storage = Google::Cloud::Storage.new
99
+ #
100
+ # bucket = storage.bucket "my-todo-app"
101
+ #
102
+ # bucket.policy do |p|
103
+ # p.add "roles/storage.admin", "user:newowner@example.com"
104
+ # end
105
+ #
106
+ def add role_name, member
107
+ role(role_name) << member
108
+ end
109
+
110
+ ##
111
+ # Convenience method for removing a member from a binding on this
112
+ # policy. See [Understanding
113
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
114
+ # listing of primitive and curated roles. See [Buckets:
115
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
116
+ # for a listing of values and patterns for members.
117
+ #
118
+ # @param [String] role_name A Cloud IAM role, such as
119
+ # `"roles/storage.admin"`.
120
+ # @param [String] member A Cloud IAM identity, such as
121
+ # `"user:owner@example.com"`.
122
+ #
123
+ # @example
124
+ # require "google/cloud/storage"
125
+ #
126
+ # storage = Google::Cloud::Storage.new
127
+ #
128
+ # bucket = storage.bucket "my-todo-app"
129
+ #
130
+ # bucket.policy do |p|
131
+ # p.remove "roles/storage.admin", "user:owner@example.com"
132
+ # end
133
+ #
134
+ def remove role_name, member
135
+ role(role_name).delete member
136
+ end
137
+
138
+ ##
139
+ # Convenience method returning the array of members bound to a role in
140
+ # this policy, or an empty array if no value is present for the role in
141
+ # {#roles}. See [Understanding
142
+ # Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
143
+ # listing of primitive and curated roles. See [Buckets:
144
+ # setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
145
+ # for a listing of values and patterns for members.
146
+ #
147
+ # @return [Array<String>] The members strings, or an empty array.
148
+ #
149
+ # @example
150
+ # require "google/cloud/storage"
151
+ #
152
+ # storage = Google::Cloud::Storage.new
153
+ #
154
+ # bucket = storage.bucket "my-todo-app"
155
+ #
156
+ # bucket.policy do |p|
157
+ # p.role("roles/storage.admin") << "user:owner@example.com"
158
+ # end
159
+ #
160
+ def role role_name
161
+ roles[role_name] ||= []
162
+ end
163
+
164
+ ##
165
+ # Returns a deep copy of the policy.
166
+ #
167
+ # @return [Policy]
168
+ #
169
+ def deep_dup
170
+ dup.tap do |p|
171
+ roles_dup = p.roles.each_with_object({}) do |(k, v), memo|
172
+ memo[k] = v.dup rescue value
173
+ end
174
+ p.instance_variable_set "@roles", roles_dup
175
+ end
176
+ end
177
+
178
+ ##
179
+ # @private Convert the Policy to a
180
+ # Google::Apis::StorageV1::Policy.
181
+ def to_gapi
182
+ Google::Apis::StorageV1::Policy.new(
183
+ etag: etag,
184
+ bindings: roles.keys.map do |role_name|
185
+ next if roles[role_name].empty?
186
+ Google::Apis::StorageV1::Policy::Binding.new(
187
+ role: role_name,
188
+ members: roles[role_name]
189
+ )
190
+ end
191
+ )
192
+ end
193
+
194
+ ##
195
+ # @private New Policy from a
196
+ # Google::Apis::StorageV1::Policy object.
197
+ def self.from_gapi gapi
198
+ roles = gapi.bindings.each_with_object({}) do |binding, memo|
199
+ memo[binding.role] = binding.members.to_a
200
+ end
201
+ new gapi.etag, roles
202
+ end
203
+ end
204
+ end
205
+ end
206
+ end
@@ -156,6 +156,30 @@ module Google
156
156
  end
157
157
  end
158
158
 
159
+ ##
160
+ # Returns Google::Apis::StorageV1::Policy
161
+ def get_bucket_policy bucket_name
162
+ # get_bucket_iam_policy(bucket, fields: nil, quota_user: nil,
163
+ # user_ip: nil, options: nil)
164
+ execute { service.get_bucket_iam_policy bucket_name }
165
+ end
166
+
167
+ ##
168
+ # Returns Google::Apis::StorageV1::Policy
169
+ def set_bucket_policy bucket_name, new_policy
170
+ execute do
171
+ service.set_bucket_iam_policy bucket_name, new_policy
172
+ end
173
+ end
174
+
175
+ ##
176
+ # Returns Google::Apis::StorageV1::TestIamPermissionsResponse
177
+ def test_bucket_permissions bucket_name, permissions
178
+ execute do
179
+ service.test_bucket_iam_permissions bucket_name, permissions
180
+ end
181
+ end
182
+
159
183
  ##
160
184
  # Retrieves a list of files matching the criteria.
161
185
  def list_files bucket_name, options = {}
@@ -16,7 +16,7 @@
16
16
  module Google
17
17
  module Cloud
18
18
  module Storage
19
- VERSION = "1.0.0"
19
+ VERSION = "1.0.1"
20
20
  end
21
21
  end
22
22
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-storage
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Moore
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2017-04-05 00:00:00.000000000 Z
12
+ date: 2017-04-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: google-cloud-core
@@ -203,6 +203,7 @@ files:
203
203
  - lib/google/cloud/storage/file/list.rb
204
204
  - lib/google/cloud/storage/file/signer.rb
205
205
  - lib/google/cloud/storage/file/verifier.rb
206
+ - lib/google/cloud/storage/policy.rb
206
207
  - lib/google/cloud/storage/post_object.rb
207
208
  - lib/google/cloud/storage/project.rb
208
209
  - lib/google/cloud/storage/service.rb