iam

package module
Version: v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 23, 2022 License: Apache-2.0 Imports: 8 Imported by: 273

README

IAM API

Go Reference

Go Client Library for IAM API.

Install

go get cloud.google.com/go/iam

Stability

The stability of this module is indicated by SemVer.

However, a v1+ module may have breaking changes in two scenarios:

  • Packages with alpha or beta in the import path
  • The GoDoc has an explicit stability disclaimer (for example, for an experimental feature).

Go Version Support

See the Go Versions Supported section in the root directory's README.

Authorization

See the Authorization section in the root directory's README.

Contributing

Contributions are welcome. Please, see the CONTRIBUTING document for details.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. See Contributor Code of Conduct for more information.

Documentation

Overview

Package iam supports the resource-specific operations of Google Cloud IAM (Identity and Access Management) for the Google Cloud Libraries. See https://cloud.google.com/iam for more about IAM.

Users of the Google Cloud Libraries will typically not use this package directly. Instead they will begin with some resource that supports IAM, like a pubsub topic, and call its IAM method to get a Handle for that resource.

Index

Constants

View Source
const (
	// AllUsers is a special member that denotes all users, even unauthenticated ones.
	AllUsers = "allUsers"

	// AllAuthenticatedUsers is a special member that denotes all authenticated users.
	AllAuthenticatedUsers = "allAuthenticatedUsers"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Handle

type Handle struct {
	// contains filtered or unexported fields
}

A Handle provides IAM operations for a resource.

func InternalNewHandle

func InternalNewHandle(conn grpc.ClientConnInterface, resource string) *Handle

InternalNewHandle is for use by the Google Cloud Libraries only.

InternalNewHandle returns a Handle for resource. The conn parameter refers to a server that must support the IAMPolicy service.

func InternalNewHandleClient

func InternalNewHandleClient(c client, resource string) *Handle

InternalNewHandleClient is for use by the Google Cloud Libraries only.

InternalNewHandleClient returns a Handle for resource using the given client implementation.

func InternalNewHandleGRPCClient

func InternalNewHandleGRPCClient(c pb.IAMPolicyClient, resource string) *Handle

InternalNewHandleGRPCClient is for use by the Google Cloud Libraries only.

InternalNewHandleClient returns a Handle for resource using the given grpc service that implements IAM as a mixin

func (*Handle) Policy

func (h *Handle) Policy(ctx context.Context) (*Policy, error)

Policy retrieves the IAM policy for the resource.

func (*Handle) SetPolicy

func (h *Handle) SetPolicy(ctx context.Context, policy *Policy) error

SetPolicy replaces the resource's current policy with the supplied Policy.

If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.

func (*Handle) TestPermissions

func (h *Handle) TestPermissions(ctx context.Context, permissions []string) ([]string, error)

TestPermissions returns the subset of permissions that the caller has on the resource.

func (*Handle) V3

func (h *Handle) V3() *Handle3

V3 returns a Handle3, which is like Handle except it sets requestedPolicyVersion to 3 when retrieving a policy and policy.version to 3 when storing a policy.

type Handle3

type Handle3 struct {
	// contains filtered or unexported fields
}

A Handle3 provides IAM operations for a resource. It is similar to a Handle, but provides access to newer IAM features (e.g., conditions).

func (*Handle3) Policy

func (h *Handle3) Policy(ctx context.Context) (*Policy3, error)

Policy retrieves the IAM policy for the resource.

requestedPolicyVersion is always set to 3.

func (*Handle3) SetPolicy

func (h *Handle3) SetPolicy(ctx context.Context, policy *Policy3) error

SetPolicy replaces the resource's current policy with the supplied Policy.

If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.

func (*Handle3) TestPermissions

func (h *Handle3) TestPermissions(ctx context.Context, permissions []string) ([]string, error)

TestPermissions returns the subset of permissions that the caller has on the resource.

type Policy

type Policy struct {

	// This field is exported for use by the Google Cloud Libraries only.
	// It may become unexported in a future release.
	InternalProto *pb.Policy
}

A Policy is a list of Bindings representing roles granted to members.

The zero Policy is a valid policy with no bindings.

func (*Policy) Add

func (p *Policy) Add(member string, r RoleName)

Add adds member member to role r if it is not already present. A new binding is created if there is no binding for the role.

func (*Policy) HasRole

func (p *Policy) HasRole(member string, r RoleName) bool

HasRole reports whether member has role r.

func (*Policy) Members

func (p *Policy) Members(r RoleName) []string

Members returns the list of members with the supplied role. The return value should not be modified. Use Add and Remove to modify the members of a role.

func (*Policy) Remove

func (p *Policy) Remove(member string, r RoleName)

Remove removes member from role r if it is present.

func (*Policy) Roles

func (p *Policy) Roles() []RoleName

Roles returns the names of all the roles that appear in the Policy.

type Policy3

type Policy3 struct {
	Bindings []*pb.Binding
	// contains filtered or unexported fields
}

A Policy3 is a list of Bindings representing roles granted to members.

The zero Policy3 is a valid policy with no bindings.

It is similar to a Policy, except a Policy3 provides direct access to the list of Bindings.

The policy version is always set to 3.

type RoleName

type RoleName string

A RoleName is a name representing a collection of permissions.

const (
	Owner  RoleName = "roles/owner"
	Editor RoleName = "roles/editor"
	Viewer RoleName = "roles/viewer"
)

Common role names.

Source Files

Directories

Path Synopsis
admin
apiv1
Package admin is an auto-generated package for the Google Identity and Access Management (IAM) API.
Package admin is an auto-generated package for the Google Identity and Access Management (IAM) API.
credentials
apiv1
Package credentials is an auto-generated package for the IAM Service Account Credentials API.
Package credentials is an auto-generated package for the IAM Service Account Credentials API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL