google-cloud-storage 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/storage/bucket.rb +135 -0
- data/lib/google/cloud/storage/policy.rb +206 -0
- data/lib/google/cloud/storage/service.rb +24 -0
- data/lib/google/cloud/storage/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e44e7736db1ba058142ad9933e6f70c772271040
|
4
|
+
data.tar.gz: a0c1b589a1b27c357c96764767fcb99ce2c52bf2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fceeaf2cf0932e5d65cb104ca34d72c994d3571c7c39e20c1493d40cb758ac81806f349b77f6833133bf9a131d8b7292e9b61434530f83018c416ecd9c8247a9
|
7
|
+
data.tar.gz: 67d37d87e36555c2f7fb7193d717dedb499447bf014d1b6f34c96b5a4b554ed85c227e3baa4b14ba469346991ddd93df2e700d7f18be49b21a5818f38fb647ff
|
@@ -16,6 +16,7 @@
|
|
16
16
|
require "google/cloud/storage/bucket/acl"
|
17
17
|
require "google/cloud/storage/bucket/list"
|
18
18
|
require "google/cloud/storage/bucket/cors"
|
19
|
+
require "google/cloud/storage/policy"
|
19
20
|
require "google/cloud/storage/post_object"
|
20
21
|
require "google/cloud/storage/file"
|
21
22
|
require "pathname"
|
@@ -888,6 +889,140 @@ module Google
|
|
888
889
|
@default_acl ||= Bucket::DefaultAcl.new self
|
889
890
|
end
|
890
891
|
|
892
|
+
##
|
893
|
+
# Gets and updates the [Cloud IAM](https://cloud.google.com/iam/) access
|
894
|
+
# control policy for this bucket.
|
895
|
+
#
|
896
|
+
# @see https://cloud.google.com/iam/docs/managing-policies Managing
|
897
|
+
# Policies
|
898
|
+
# @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
|
899
|
+
# Buckets: setIamPolicy
|
900
|
+
#
|
901
|
+
# @param [Boolean] force Force load the latest policy when `true`.
|
902
|
+
# Otherwise the policy will be memoized to reduce the number of API
|
903
|
+
# calls made. The default is `false`.
|
904
|
+
#
|
905
|
+
# @yield [policy] A block for updating the policy. The latest policy
|
906
|
+
# will be read from the service and passed to the block. After the
|
907
|
+
# block completes, the modified policy will be written to the service.
|
908
|
+
# @yieldparam [Policy] policy the current Cloud IAM Policy for this
|
909
|
+
# bucket
|
910
|
+
#
|
911
|
+
# @return [Policy] the current Cloud IAM Policy for this bucket
|
912
|
+
#
|
913
|
+
# @example Policy values are memoized to reduce the number of API calls:
|
914
|
+
# require "google/cloud/storage"
|
915
|
+
#
|
916
|
+
# storage = Google::Cloud::Storage.new
|
917
|
+
#
|
918
|
+
# bucket = storage.bucket "my-todo-app"
|
919
|
+
#
|
920
|
+
# policy = bucket.policy # API call
|
921
|
+
# policy_2 = bucket.policy # No API call
|
922
|
+
#
|
923
|
+
# @example Use `force` to retrieve the latest policy from the service:
|
924
|
+
# require "google/cloud/storage"
|
925
|
+
#
|
926
|
+
# storage = Google::Cloud::Storage.new
|
927
|
+
#
|
928
|
+
# bucket = storage.bucket "my-todo-app"
|
929
|
+
#
|
930
|
+
# policy = bucket.policy force: true # API call
|
931
|
+
# policy_2 = bucket.policy force: true # API call
|
932
|
+
#
|
933
|
+
# @example Update the policy by passing a block:
|
934
|
+
# require "google/cloud/storage"
|
935
|
+
#
|
936
|
+
# storage = Google::Cloud::Storage.new
|
937
|
+
#
|
938
|
+
# bucket = storage.bucket "my-todo-app"
|
939
|
+
#
|
940
|
+
# bucket.policy do |p|
|
941
|
+
# p.add "roles/owner", "user:owner@example.com"
|
942
|
+
# end # 2 API calls
|
943
|
+
#
|
944
|
+
def policy force: false
|
945
|
+
@policy = nil if force || block_given?
|
946
|
+
@policy ||= begin
|
947
|
+
ensure_service!
|
948
|
+
gapi = service.get_bucket_policy name
|
949
|
+
Policy.from_gapi gapi
|
950
|
+
end
|
951
|
+
return @policy unless block_given?
|
952
|
+
p = @policy.deep_dup
|
953
|
+
yield p
|
954
|
+
self.policy = p
|
955
|
+
end
|
956
|
+
|
957
|
+
##
|
958
|
+
# Updates the [Cloud IAM](https://cloud.google.com/iam/) access control
|
959
|
+
# policy for this bucket. The policy should be read from {#policy}. See
|
960
|
+
# {Google::Cloud::Storage::Policy} for an explanation of the
|
961
|
+
# policy `etag` property and how to modify policies.
|
962
|
+
#
|
963
|
+
# You can also update the policy by passing a block to {#policy}, which
|
964
|
+
# will call this method internally after the block completes.
|
965
|
+
#
|
966
|
+
# @see https://cloud.google.com/iam/docs/managing-policies Managing
|
967
|
+
# Policies
|
968
|
+
# @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
|
969
|
+
# Buckets: setIamPolicy
|
970
|
+
#
|
971
|
+
# @param [Policy] new_policy a new or modified Cloud IAM Policy for this
|
972
|
+
# bucket
|
973
|
+
#
|
974
|
+
# @example
|
975
|
+
# require "google/cloud/storage"
|
976
|
+
#
|
977
|
+
# storage = Google::Cloud::Storage.new
|
978
|
+
#
|
979
|
+
# bucket = storage.bucket "my-todo-app"
|
980
|
+
#
|
981
|
+
# policy = bucket.policy # API call
|
982
|
+
#
|
983
|
+
# policy.add "roles/owner", "user:owner@example.com"
|
984
|
+
#
|
985
|
+
# bucket.policy = policy # API call
|
986
|
+
#
|
987
|
+
def policy= new_policy
|
988
|
+
ensure_service!
|
989
|
+
gapi = service.set_bucket_policy name, new_policy.to_gapi
|
990
|
+
@policy = Policy.from_gapi gapi
|
991
|
+
end
|
992
|
+
|
993
|
+
##
|
994
|
+
# Tests the specified permissions against the [Cloud
|
995
|
+
# IAM](https://cloud.google.com/iam/) access control policy.
|
996
|
+
#
|
997
|
+
# @see https://cloud.google.com/iam/docs/managing-policies Managing
|
998
|
+
# Policies
|
999
|
+
#
|
1000
|
+
# @param [String, Array<String>] permissions The set of permissions
|
1001
|
+
# against which to check access. Permissions must be of the format
|
1002
|
+
# `storage.resource.capability`, where resource is one of `buckets` or
|
1003
|
+
# `objects`.
|
1004
|
+
#
|
1005
|
+
# @return [Array<String>] The permissions held by the caller.
|
1006
|
+
#
|
1007
|
+
# @example
|
1008
|
+
# require "google/cloud/storage"
|
1009
|
+
#
|
1010
|
+
# storage = Google::Cloud::Storage.new
|
1011
|
+
#
|
1012
|
+
# bucket = storage.bucket "my-todo-app"
|
1013
|
+
#
|
1014
|
+
# permissions = bucket.test_permissions "storage.buckets.get",
|
1015
|
+
# "storage.buckets.delete"
|
1016
|
+
# permissions.include? "storage.buckets.get" #=> true
|
1017
|
+
# permissions.include? "storage.buckets.delete" #=> false
|
1018
|
+
#
|
1019
|
+
def test_permissions *permissions
|
1020
|
+
permissions = Array(permissions).flatten
|
1021
|
+
ensure_service!
|
1022
|
+
gapi = service.test_bucket_permissions name, permissions
|
1023
|
+
gapi.permissions
|
1024
|
+
end
|
1025
|
+
|
891
1026
|
##
|
892
1027
|
# Reloads the bucket with current data from the Storage service.
|
893
1028
|
def reload!
|
@@ -0,0 +1,206 @@
|
|
1
|
+
# Copyright 2017 Google Inc. All rights reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
|
16
|
+
require "google/cloud/errors"
|
17
|
+
require "google/apis/storage_v1"
|
18
|
+
|
19
|
+
module Google
|
20
|
+
module Cloud
|
21
|
+
module Storage
|
22
|
+
##
|
23
|
+
# # Policy
|
24
|
+
#
|
25
|
+
# Represents a Cloud IAM Policy for the Cloud Storage service.
|
26
|
+
#
|
27
|
+
# A common pattern for updating a resource's metadata, such as its Policy,
|
28
|
+
# is to read the current data from the service, update the data locally,
|
29
|
+
# and then send the modified data for writing. This pattern may result in
|
30
|
+
# a conflict if two or more processes attempt the sequence simultaneously.
|
31
|
+
# IAM solves this problem with the
|
32
|
+
# {Google::Cloud::Storage::Policy#etag} property, which is used to
|
33
|
+
# verify whether the policy has changed since the last request. When you
|
34
|
+
# make a request to with an `etag` value, Cloud IAM compares the `etag`
|
35
|
+
# value in the request with the existing `etag` value associated with the
|
36
|
+
# policy. It writes the policy only if the `etag` values match.
|
37
|
+
#
|
38
|
+
# When you update a policy, first read the policy (and its current `etag`)
|
39
|
+
# from the service, then modify the policy locally, and then write the
|
40
|
+
# modified policy to the service. See
|
41
|
+
# {Google::Cloud::Storage::Bucket#policy} and
|
42
|
+
# {Google::Cloud::Storage::Bucket#policy=}.
|
43
|
+
#
|
44
|
+
# @see https://cloud.google.com/iam/docs/managing-policies Managing
|
45
|
+
# policies
|
46
|
+
# @see https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy
|
47
|
+
# Buckets: setIamPolicy
|
48
|
+
#
|
49
|
+
# @attr [String] etag Used to verify whether the policy has changed since
|
50
|
+
# the last request. The policy will be written only if the `etag` values
|
51
|
+
# match.
|
52
|
+
# @attr [Hash{String => Array<String>}] roles The bindings that associate
|
53
|
+
# roles with an array of members. See [Understanding
|
54
|
+
# Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
|
55
|
+
# listing of primitive and curated roles. See [Buckets:
|
56
|
+
# setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
|
57
|
+
# for a listing of values and patterns for members.
|
58
|
+
#
|
59
|
+
# @example
|
60
|
+
# require "google/cloud/storage"
|
61
|
+
#
|
62
|
+
# storage = Google::Cloud::Storage.new
|
63
|
+
#
|
64
|
+
# bucket = storage.bucket "my-todo-app"
|
65
|
+
#
|
66
|
+
# bucket.policy do |p|
|
67
|
+
# p.remove "roles/storage.admin", "user:owner@example.com"
|
68
|
+
# p.add "roles/storage.admin", "user:newowner@example.com"
|
69
|
+
# p.roles["roles/storage.objectViewer"] = ["allUsers"]
|
70
|
+
# end
|
71
|
+
#
|
72
|
+
class Policy
|
73
|
+
attr_reader :etag, :roles
|
74
|
+
|
75
|
+
##
|
76
|
+
# @private Creates a Policy object.
|
77
|
+
def initialize etag, roles
|
78
|
+
@etag = etag
|
79
|
+
@roles = roles
|
80
|
+
end
|
81
|
+
|
82
|
+
##
|
83
|
+
# Convenience method for adding a member to a binding on this policy.
|
84
|
+
# See [Understanding
|
85
|
+
# Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
|
86
|
+
# listing of primitive and curated roles. See [Buckets:
|
87
|
+
# setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
|
88
|
+
# for a listing of values and patterns for members.
|
89
|
+
#
|
90
|
+
# @param [String] role_name A Cloud IAM role, such as
|
91
|
+
# `"roles/storage.admin"`.
|
92
|
+
# @param [String] member A Cloud IAM identity, such as
|
93
|
+
# `"user:owner@example.com"`.
|
94
|
+
#
|
95
|
+
# @example
|
96
|
+
# require "google/cloud/storage"
|
97
|
+
#
|
98
|
+
# storage = Google::Cloud::Storage.new
|
99
|
+
#
|
100
|
+
# bucket = storage.bucket "my-todo-app"
|
101
|
+
#
|
102
|
+
# bucket.policy do |p|
|
103
|
+
# p.add "roles/storage.admin", "user:newowner@example.com"
|
104
|
+
# end
|
105
|
+
#
|
106
|
+
def add role_name, member
|
107
|
+
role(role_name) << member
|
108
|
+
end
|
109
|
+
|
110
|
+
##
|
111
|
+
# Convenience method for removing a member from a binding on this
|
112
|
+
# policy. See [Understanding
|
113
|
+
# Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
|
114
|
+
# listing of primitive and curated roles. See [Buckets:
|
115
|
+
# setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
|
116
|
+
# for a listing of values and patterns for members.
|
117
|
+
#
|
118
|
+
# @param [String] role_name A Cloud IAM role, such as
|
119
|
+
# `"roles/storage.admin"`.
|
120
|
+
# @param [String] member A Cloud IAM identity, such as
|
121
|
+
# `"user:owner@example.com"`.
|
122
|
+
#
|
123
|
+
# @example
|
124
|
+
# require "google/cloud/storage"
|
125
|
+
#
|
126
|
+
# storage = Google::Cloud::Storage.new
|
127
|
+
#
|
128
|
+
# bucket = storage.bucket "my-todo-app"
|
129
|
+
#
|
130
|
+
# bucket.policy do |p|
|
131
|
+
# p.remove "roles/storage.admin", "user:owner@example.com"
|
132
|
+
# end
|
133
|
+
#
|
134
|
+
def remove role_name, member
|
135
|
+
role(role_name).delete member
|
136
|
+
end
|
137
|
+
|
138
|
+
##
|
139
|
+
# Convenience method returning the array of members bound to a role in
|
140
|
+
# this policy, or an empty array if no value is present for the role in
|
141
|
+
# {#roles}. See [Understanding
|
142
|
+
# Roles](https://cloud.google.com/iam/docs/understanding-roles) for a
|
143
|
+
# listing of primitive and curated roles. See [Buckets:
|
144
|
+
# setIamPolicy](https://cloud.google.com/storage/docs/json_api/v1/buckets/setIamPolicy)
|
145
|
+
# for a listing of values and patterns for members.
|
146
|
+
#
|
147
|
+
# @return [Array<String>] The members strings, or an empty array.
|
148
|
+
#
|
149
|
+
# @example
|
150
|
+
# require "google/cloud/storage"
|
151
|
+
#
|
152
|
+
# storage = Google::Cloud::Storage.new
|
153
|
+
#
|
154
|
+
# bucket = storage.bucket "my-todo-app"
|
155
|
+
#
|
156
|
+
# bucket.policy do |p|
|
157
|
+
# p.role("roles/storage.admin") << "user:owner@example.com"
|
158
|
+
# end
|
159
|
+
#
|
160
|
+
def role role_name
|
161
|
+
roles[role_name] ||= []
|
162
|
+
end
|
163
|
+
|
164
|
+
##
|
165
|
+
# Returns a deep copy of the policy.
|
166
|
+
#
|
167
|
+
# @return [Policy]
|
168
|
+
#
|
169
|
+
def deep_dup
|
170
|
+
dup.tap do |p|
|
171
|
+
roles_dup = p.roles.each_with_object({}) do |(k, v), memo|
|
172
|
+
memo[k] = v.dup rescue value
|
173
|
+
end
|
174
|
+
p.instance_variable_set "@roles", roles_dup
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
##
|
179
|
+
# @private Convert the Policy to a
|
180
|
+
# Google::Apis::StorageV1::Policy.
|
181
|
+
def to_gapi
|
182
|
+
Google::Apis::StorageV1::Policy.new(
|
183
|
+
etag: etag,
|
184
|
+
bindings: roles.keys.map do |role_name|
|
185
|
+
next if roles[role_name].empty?
|
186
|
+
Google::Apis::StorageV1::Policy::Binding.new(
|
187
|
+
role: role_name,
|
188
|
+
members: roles[role_name]
|
189
|
+
)
|
190
|
+
end
|
191
|
+
)
|
192
|
+
end
|
193
|
+
|
194
|
+
##
|
195
|
+
# @private New Policy from a
|
196
|
+
# Google::Apis::StorageV1::Policy object.
|
197
|
+
def self.from_gapi gapi
|
198
|
+
roles = gapi.bindings.each_with_object({}) do |binding, memo|
|
199
|
+
memo[binding.role] = binding.members.to_a
|
200
|
+
end
|
201
|
+
new gapi.etag, roles
|
202
|
+
end
|
203
|
+
end
|
204
|
+
end
|
205
|
+
end
|
206
|
+
end
|
@@ -156,6 +156,30 @@ module Google
|
|
156
156
|
end
|
157
157
|
end
|
158
158
|
|
159
|
+
##
|
160
|
+
# Returns Google::Apis::StorageV1::Policy
|
161
|
+
def get_bucket_policy bucket_name
|
162
|
+
# get_bucket_iam_policy(bucket, fields: nil, quota_user: nil,
|
163
|
+
# user_ip: nil, options: nil)
|
164
|
+
execute { service.get_bucket_iam_policy bucket_name }
|
165
|
+
end
|
166
|
+
|
167
|
+
##
|
168
|
+
# Returns Google::Apis::StorageV1::Policy
|
169
|
+
def set_bucket_policy bucket_name, new_policy
|
170
|
+
execute do
|
171
|
+
service.set_bucket_iam_policy bucket_name, new_policy
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
##
|
176
|
+
# Returns Google::Apis::StorageV1::TestIamPermissionsResponse
|
177
|
+
def test_bucket_permissions bucket_name, permissions
|
178
|
+
execute do
|
179
|
+
service.test_bucket_iam_permissions bucket_name, permissions
|
180
|
+
end
|
181
|
+
end
|
182
|
+
|
159
183
|
##
|
160
184
|
# Retrieves a list of files matching the criteria.
|
161
185
|
def list_files bucket_name, options = {}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-storage
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Moore
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-04-
|
12
|
+
date: 2017-04-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: google-cloud-core
|
@@ -203,6 +203,7 @@ files:
|
|
203
203
|
- lib/google/cloud/storage/file/list.rb
|
204
204
|
- lib/google/cloud/storage/file/signer.rb
|
205
205
|
- lib/google/cloud/storage/file/verifier.rb
|
206
|
+
- lib/google/cloud/storage/policy.rb
|
206
207
|
- lib/google/cloud/storage/post_object.rb
|
207
208
|
- lib/google/cloud/storage/project.rb
|
208
209
|
- lib/google/cloud/storage/service.rb
|