public static final class AccessPolicyRule.Builder extends GeneratedMessage.Builder<AccessPolicyRule.Builder> implements AccessPolicyRuleOrBuilderAccess Policy Rule that determines the behavior of the policy.
Protobuf type google.iam.v3beta.AccessPolicyRule
Inheritance
java.lang.Object > AbstractMessageLite.Builder<MessageType,BuilderType> > AbstractMessage.Builder<BuilderType> > GeneratedMessage.Builder > AccessPolicyRule.BuilderImplements
AccessPolicyRuleOrBuilderStatic Methods
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()| Returns | |
|---|---|
| Type | Description |
Descriptor |
|
Methods
addAllExcludedPrincipals(Iterable<String> values)
public AccessPolicyRule.Builder addAllExcludedPrincipals(Iterable<String> values) Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
values |
Iterable<String>The excludedPrincipals to add. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
addAllPrincipals(Iterable<String> values)
public AccessPolicyRule.Builder addAllPrincipals(Iterable<String> values)Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
values |
Iterable<String>The principals to add. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
addExcludedPrincipals(String value)
public AccessPolicyRule.Builder addExcludedPrincipals(String value) Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
value |
StringThe excludedPrincipals to add. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
addExcludedPrincipalsBytes(ByteString value)
public AccessPolicyRule.Builder addExcludedPrincipalsBytes(ByteString value) Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
value |
ByteStringThe bytes of the excludedPrincipals to add. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
addPrincipals(String value)
public AccessPolicyRule.Builder addPrincipals(String value)Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
value |
StringThe principals to add. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
addPrincipalsBytes(ByteString value)
public AccessPolicyRule.Builder addPrincipalsBytes(ByteString value)Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
value |
ByteStringThe bytes of the principals to add. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
build()
public AccessPolicyRule build()| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule |
|
buildPartial()
public AccessPolicyRule buildPartial()| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule |
|
clear()
public AccessPolicyRule.Builder clear()| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
clearConditions()
public AccessPolicyRule.Builder clearConditions()| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
clearDescription()
public AccessPolicyRule.Builder clearDescription()Optional. Customer specified description of the rule. Must be less than or equal to 256 characters.
optional string description = 1 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
clearEffect()
public AccessPolicyRule.Builder clearEffect()Required. The effect of the rule.
optional .google.iam.v3beta.AccessPolicyRule.Effect effect = 2 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
clearExcludedPrincipals()
public AccessPolicyRule.Builder clearExcludedPrincipals() Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
clearOperation()
public AccessPolicyRule.Builder clearOperation()Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
clearPrincipals()
public AccessPolicyRule.Builder clearPrincipals()Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
containsConditions(String key)
public boolean containsConditions(String key)Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
key |
String |
| Returns | |
|---|---|
| Type | Description |
boolean |
|
getConditions() (deprecated)
public Map<String,Expr> getConditions()Use #getConditionsMap() instead.
| Returns | |
|---|---|
| Type | Description |
Map<String,com.google.type.Expr> |
|
getConditionsCount()
public int getConditionsCount()Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
int |
|
getConditionsMap()
public Map<String,Expr> getConditionsMap()Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
Map<String,com.google.type.Expr> |
|
getConditionsOrDefault(String key, Expr defaultValue)
public Expr getConditionsOrDefault(String key, Expr defaultValue)Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameters | |
|---|---|
| Name | Description |
key |
String |
defaultValue |
com.google.type.Expr |
| Returns | |
|---|---|
| Type | Description |
com.google.type.Expr |
|
getConditionsOrThrow(String key)
public Expr getConditionsOrThrow(String key)Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
key |
String |
| Returns | |
|---|---|
| Type | Description |
com.google.type.Expr |
|
getDefaultInstanceForType()
public AccessPolicyRule getDefaultInstanceForType()| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule |
|
getDescription()
public String getDescription()Optional. Customer specified description of the rule. Must be less than or equal to 256 characters.
optional string description = 1 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
String |
The description. |
getDescriptionBytes()
public ByteString getDescriptionBytes()Optional. Customer specified description of the rule. Must be less than or equal to 256 characters.
optional string description = 1 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
ByteString |
The bytes for description. |
getDescriptorForType()
public Descriptors.Descriptor getDescriptorForType()| Returns | |
|---|---|
| Type | Description |
Descriptor |
|
getEffect()
public AccessPolicyRule.Effect getEffect()Required. The effect of the rule.
optional .google.iam.v3beta.AccessPolicyRule.Effect effect = 2 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Effect |
The effect. |
getEffectValue()
public int getEffectValue()Required. The effect of the rule.
optional .google.iam.v3beta.AccessPolicyRule.Effect effect = 2 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
int |
The enum numeric value on the wire for effect. |
getExcludedPrincipals(int index)
public String getExcludedPrincipals(int index) Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
index |
intThe index of the element to return. |
| Returns | |
|---|---|
| Type | Description |
String |
The excludedPrincipals at the given index. |
getExcludedPrincipalsBytes(int index)
public ByteString getExcludedPrincipalsBytes(int index) Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
index |
intThe index of the value to return. |
| Returns | |
|---|---|
| Type | Description |
ByteString |
The bytes of the excludedPrincipals at the given index. |
getExcludedPrincipalsCount()
public int getExcludedPrincipalsCount() Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
int |
The count of excludedPrincipals. |
getExcludedPrincipalsList()
public ProtocolStringList getExcludedPrincipalsList() Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
ProtocolStringList |
A list containing the excludedPrincipals. |
getMutableConditions() (deprecated)
public Map<String,Expr> getMutableConditions()Use alternate mutation accessors instead.
| Returns | |
|---|---|
| Type | Description |
Map<String,com.google.type.Expr> |
|
getOperation()
public AccessPolicyRule.Operation getOperation()Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Operation |
The operation. |
getOperationBuilder()
public AccessPolicyRule.Operation.Builder getOperationBuilder()Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Operation.Builder |
|
getOperationOrBuilder()
public AccessPolicyRule.OperationOrBuilder getOperationOrBuilder()Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.OperationOrBuilder |
|
getPrincipals(int index)
public String getPrincipals(int index)Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
index |
intThe index of the element to return. |
| Returns | |
|---|---|
| Type | Description |
String |
The principals at the given index. |
getPrincipalsBytes(int index)
public ByteString getPrincipalsBytes(int index)Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
index |
intThe index of the value to return. |
| Returns | |
|---|---|
| Type | Description |
ByteString |
The bytes of the principals at the given index. |
getPrincipalsCount()
public int getPrincipalsCount()Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
int |
The count of principals. |
getPrincipalsList()
public ProtocolStringList getPrincipalsList()Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
ProtocolStringList |
A list containing the principals. |
hasDescription()
public boolean hasDescription()Optional. Customer specified description of the rule. Must be less than or equal to 256 characters.
optional string description = 1 [(.google.api.field_behavior) = OPTIONAL];
| Returns | |
|---|---|
| Type | Description |
boolean |
Whether the description field is set. |
hasEffect()
public boolean hasEffect()Required. The effect of the rule.
optional .google.iam.v3beta.AccessPolicyRule.Effect effect = 2 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
boolean |
Whether the effect field is set. |
hasOperation()
public boolean hasOperation()Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Returns | |
|---|---|
| Type | Description |
boolean |
Whether the operation field is set. |
internalGetFieldAccessorTable()
protected GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()| Returns | |
|---|---|
| Type | Description |
FieldAccessorTable |
|
internalGetMapFieldReflection(int number)
protected MapFieldReflectionAccessor internalGetMapFieldReflection(int number)| Parameter | |
|---|---|
| Name | Description |
number |
int |
| Returns | |
|---|---|
| Type | Description |
com.google.protobuf.MapFieldReflectionAccessor |
|
internalGetMutableMapFieldReflection(int number)
protected MapFieldReflectionAccessor internalGetMutableMapFieldReflection(int number)| Parameter | |
|---|---|
| Name | Description |
number |
int |
| Returns | |
|---|---|
| Type | Description |
com.google.protobuf.MapFieldReflectionAccessor |
|
isInitialized()
public final boolean isInitialized()| Returns | |
|---|---|
| Type | Description |
boolean |
|
mergeFrom(AccessPolicyRule other)
public AccessPolicyRule.Builder mergeFrom(AccessPolicyRule other)| Parameter | |
|---|---|
| Name | Description |
other |
AccessPolicyRule |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public AccessPolicyRule.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)| Parameters | |
|---|---|
| Name | Description |
input |
CodedInputStream |
extensionRegistry |
ExtensionRegistryLite |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
| Exceptions | |
|---|---|
| Type | Description |
IOException |
|
mergeFrom(Message other)
public AccessPolicyRule.Builder mergeFrom(Message other)| Parameter | |
|---|---|
| Name | Description |
other |
Message |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
mergeOperation(AccessPolicyRule.Operation value)
public AccessPolicyRule.Builder mergeOperation(AccessPolicyRule.Operation value)Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
value |
AccessPolicyRule.Operation |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
putAllConditions(Map<String,Expr> values)
public AccessPolicyRule.Builder putAllConditions(Map<String,Expr> values)Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
values |
Map<String,com.google.type.Expr> |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
putConditions(String key, Expr value)
public AccessPolicyRule.Builder putConditions(String key, Expr value)Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameters | |
|---|---|
| Name | Description |
key |
String |
value |
com.google.type.Expr |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
putConditionsBuilderIfAbsent(String key)
public Expr.Builder putConditionsBuilderIfAbsent(String key)Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
key |
String |
| Returns | |
|---|---|
| Type | Description |
com.google.type.Expr.Builder |
|
removeConditions(String key)
public AccessPolicyRule.Builder removeConditions(String key)Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example:
`
"conditions": {
"iam.googleapis.com": {
"expression": <cel expression>
}
}
Each rule is evaluated independently. If this rule does not apply
to a request, other rules might still apply.
Currently supported keys are as follows:
eventarc.googleapis.com: Can use CEL functions that evaluate
resource fields.
iam.googleapis.com: Can use CEL` functions that evaluate
resource
tags and
combine them using boolean and logical operators. Other functions and
operators are not supported.
map<string, .google.type.Expr> conditions = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
key |
String |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
setDescription(String value)
public AccessPolicyRule.Builder setDescription(String value)Optional. Customer specified description of the rule. Must be less than or equal to 256 characters.
optional string description = 1 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
value |
StringThe description to set. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
setDescriptionBytes(ByteString value)
public AccessPolicyRule.Builder setDescriptionBytes(ByteString value)Optional. Customer specified description of the rule. Must be less than or equal to 256 characters.
optional string description = 1 [(.google.api.field_behavior) = OPTIONAL];
| Parameter | |
|---|---|
| Name | Description |
value |
ByteStringThe bytes for description to set. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
setEffect(AccessPolicyRule.Effect value)
public AccessPolicyRule.Builder setEffect(AccessPolicyRule.Effect value)Required. The effect of the rule.
optional .google.iam.v3beta.AccessPolicyRule.Effect effect = 2 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
value |
AccessPolicyRule.EffectThe effect to set. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
setEffectValue(int value)
public AccessPolicyRule.Builder setEffectValue(int value)Required. The effect of the rule.
optional .google.iam.v3beta.AccessPolicyRule.Effect effect = 2 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
value |
intThe enum numeric value on the wire for effect to set. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
setExcludedPrincipals(int index, String value)
public AccessPolicyRule.Builder setExcludedPrincipals(int index, String value) Optional. The identities that are excluded from the access policy rule,
even if they are listed in the principals. For example, you could add a
Google group to the principals, then exclude specific users who belong to
that group.
repeated string excluded_principals = 4 [(.google.api.field_behavior) = OPTIONAL];
| Parameters | |
|---|---|
| Name | Description |
index |
intThe index to set the value at. |
value |
StringThe excludedPrincipals to set. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |
setOperation(AccessPolicyRule.Operation value)
public AccessPolicyRule.Builder setOperation(AccessPolicyRule.Operation value)Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
value |
AccessPolicyRule.Operation |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
setOperation(AccessPolicyRule.Operation.Builder builderForValue)
public AccessPolicyRule.Builder setOperation(AccessPolicyRule.Operation.Builder builderForValue)Required. Attributes that are used to determine whether this rule applies to a request.
.google.iam.v3beta.AccessPolicyRule.Operation operation = 10 [(.google.api.field_behavior) = REQUIRED];
| Parameter | |
|---|---|
| Name | Description |
builderForValue |
AccessPolicyRule.Operation.Builder |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
|
setPrincipals(int index, String value)
public AccessPolicyRule.Builder setPrincipals(int index, String value)Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values:
principal://goog/subject/{email_id}: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example,principal://goog/subject/alice@example.com.principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}: A Google Cloud service account. For example,principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com.principalSet://goog/group/{group_id}: A Google group. For example,principalSet://goog/group/admins@example.com.principalSet://goog/cloudIdentityCustomerId/{customer_id}: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example,principalSet://goog/cloudIdentityCustomerId/C01Abc35.
If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax.
deleted:principal://goog/subject/{email_id}?uid={uid}: A specific Google Account that was deleted recently. For example,deleted:principal://goog/subject/alice@example.com?uid=1234567890. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account.deleted:principalSet://goog/group/{group_id}?uid={uid}: A Google group that was deleted recently. For example,deleted:principalSet://goog/group/admins@example.com?uid=1234567890. If the Google group is restored, this identifier reverts to the standard identifier for a Google group.deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}: A Google Cloud service account that was deleted recently. For example,deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.
repeated string principals = 3 [(.google.api.field_behavior) = REQUIRED];
| Parameters | |
|---|---|
| Name | Description |
index |
intThe index to set the value at. |
value |
StringThe principals to set. |
| Returns | |
|---|---|
| Type | Description |
AccessPolicyRule.Builder |
This builder for chaining. |