Documentation

Overview

    Package iam supports the resource-specific operations of Google Cloud IAM (Identity and Access Management) for the Google Cloud Libraries. See https://cloud.google.com/iam for more about IAM.

    Users of the Google Cloud Libraries will typically not use this package directly. Instead they will begin with some resource that supports IAM, like a pubsub topic, and call its IAM method to get a Handle for that resource.

    Index

    Constants

    View Source
    const (
    	// AllUsers is a special member that denotes all users, even unauthenticated ones.
    	AllUsers = "allUsers"
    
    	// AllAuthenticatedUsers is a special member that denotes all authenticated users.
    	AllAuthenticatedUsers = "allAuthenticatedUsers"
    )

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type Handle

    type Handle struct {
    	// contains filtered or unexported fields
    }

      A Handle provides IAM operations for a resource.

      func InternalNewHandle

      func InternalNewHandle(conn grpc.ClientConnInterface, resource string) *Handle

        InternalNewHandle is for use by the Google Cloud Libraries only.

        InternalNewHandle returns a Handle for resource. The conn parameter refers to a server that must support the IAMPolicy service.

        func InternalNewHandleClient

        func InternalNewHandleClient(c client, resource string) *Handle

          InternalNewHandleClient is for use by the Google Cloud Libraries only.

          InternalNewHandleClient returns a Handle for resource using the given client implementation.

          func InternalNewHandleGRPCClient

          func InternalNewHandleGRPCClient(c pb.IAMPolicyClient, resource string) *Handle

            InternalNewHandleGRPCClient is for use by the Google Cloud Libraries only.

            InternalNewHandleClient returns a Handle for resource using the given grpc service that implements IAM as a mixin

            func (*Handle) Policy

            func (h *Handle) Policy(ctx context.Context) (*Policy, error)

              Policy retrieves the IAM policy for the resource.

              func (*Handle) SetPolicy

              func (h *Handle) SetPolicy(ctx context.Context, policy *Policy) error

                SetPolicy replaces the resource's current policy with the supplied Policy.

                If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.

                func (*Handle) TestPermissions

                func (h *Handle) TestPermissions(ctx context.Context, permissions []string) ([]string, error)

                  TestPermissions returns the subset of permissions that the caller has on the resource.

                  func (*Handle) V3

                  func (h *Handle) V3() *Handle3

                    V3 returns a Handle3, which is like Handle except it sets requestedPolicyVersion to 3 when retrieving a policy and policy.version to 3 when storing a policy.

                    type Handle3

                    type Handle3 struct {
                    	// contains filtered or unexported fields
                    }

                      A Handle3 provides IAM operations for a resource. It is similar to a Handle, but provides access to newer IAM features (e.g., conditions).

                      func (*Handle3) Policy

                      func (h *Handle3) Policy(ctx context.Context) (*Policy3, error)

                        Policy retrieves the IAM policy for the resource.

                        requestedPolicyVersion is always set to 3.

                        func (*Handle3) SetPolicy

                        func (h *Handle3) SetPolicy(ctx context.Context, policy *Policy3) error

                          SetPolicy replaces the resource's current policy with the supplied Policy.

                          If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.

                          func (*Handle3) TestPermissions

                          func (h *Handle3) TestPermissions(ctx context.Context, permissions []string) ([]string, error)

                            TestPermissions returns the subset of permissions that the caller has on the resource.

                            type Policy

                            type Policy struct {
                            
                            	// This field is exported for use by the Google Cloud Libraries only.
                            	// It may become unexported in a future release.
                            	InternalProto *pb.Policy
                            }

                              A Policy is a list of Bindings representing roles granted to members.

                              The zero Policy is a valid policy with no bindings.

                              func (*Policy) Add

                              func (p *Policy) Add(member string, r RoleName)

                                Add adds member member to role r if it is not already present. A new binding is created if there is no binding for the role.

                                func (*Policy) HasRole

                                func (p *Policy) HasRole(member string, r RoleName) bool

                                  HasRole reports whether member has role r.

                                  func (*Policy) Members

                                  func (p *Policy) Members(r RoleName) []string

                                    Members returns the list of members with the supplied role. The return value should not be modified. Use Add and Remove to modify the members of a role.

                                    func (*Policy) Remove

                                    func (p *Policy) Remove(member string, r RoleName)

                                      Remove removes member from role r if it is present.

                                      func (*Policy) Roles

                                      func (p *Policy) Roles() []RoleName

                                        Roles returns the names of all the roles that appear in the Policy.

                                        type Policy3

                                        type Policy3 struct {
                                        	Bindings []*pb.Binding
                                        	// contains filtered or unexported fields
                                        }

                                          A Policy3 is a list of Bindings representing roles granted to members.

                                          The zero Policy3 is a valid policy with no bindings.

                                          It is similar to a Policy, except a Policy3 provides direct access to the list of Bindings.

                                          The policy version is always set to 3.

                                          type RoleName

                                          type RoleName string

                                            A RoleName is a name representing a collection of permissions.

                                            const (
                                            	Owner  RoleName = "roles/owner"
                                            	Editor RoleName = "roles/editor"
                                            	Viewer RoleName = "roles/viewer"
                                            )

                                              Common role names.

                                              Source Files

                                              Directories

                                              Path Synopsis
                                              admin
                                              apiv1
                                              Package admin is an auto-generated package for the Google Identity and Access Management (IAM) API.
                                              Package admin is an auto-generated package for the Google Identity and Access Management (IAM) API.
                                              credentials
                                              apiv1
                                              Package credentials is an auto-generated package for the IAM Service Account Credentials API.
                                              Package credentials is an auto-generated package for the IAM Service Account Credentials API.