iam

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 25, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package iam implements the GCP iam.googleapis.com v1 REST API as a server.Handler. Real google.golang.org/api/iam/v1 clients pointed at this server CRUD ServiceAccounts, custom Roles, and ServiceAccountKeys end-to-end.

MVP coverage (v1 REST): 

POST   /v1/projects/{p}/serviceAccounts                                       — Create SA
GET    /v1/projects/{p}/serviceAccounts/{email}                               — Get SA
GET    /v1/projects/{p}/serviceAccounts                                       — List SAs
DELETE /v1/projects/{p}/serviceAccounts/{email}                               — Delete SA
PATCH  /v1/projects/{p}/serviceAccounts/{email}                               — Update SA
POST   /v1/projects/{p}/serviceAccounts/{email}/keys                          — Create key
GET    /v1/projects/{p}/serviceAccounts/{email}/keys/{keyId}                  — Get key
GET    /v1/projects/{p}/serviceAccounts/{email}/keys                          — List keys
DELETE /v1/projects/{p}/serviceAccounts/{email}/keys/{keyId}                  — Delete key
POST   /v1/projects/{p}/roles                                                 — Create role
GET    /v1/projects/{p}/roles/{roleId}                                        — Get role
GET    /v1/projects/{p}/roles                                                 — List roles
DELETE /v1/projects/{p}/roles/{roleId}                                        — Delete role
PATCH  /v1/projects/{p}/roles/{roleId}                                        — Update role

All state lives in the shared iamdriver.IAM:

  • Driver Users back ServiceAccounts (driver User.Name == SA email).
  • Driver Roles back custom Roles (the SA-style Permissions list is stashed in AssumeRolePolicyDoc as JSON).
  • Driver AccessKeys back SA Keys (AccessKey.UserName == SA email, AccessKeyID == key id).

Resource-level IAM policy bindings (getIamPolicy / setIamPolicy on projects, buckets, etc.) are out of scope — those live on individual resources, not on iam.googleapis.com itself.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler serves iam.googleapis.com v1 REST requests against the IAM driver.

func New 

func New(drv iamdriver.IAM) *Handler

New returns an IAM handler backed by drv.

func (*Handler) Matches 

func (*Handler) Matches(r *http.Request) bool

Matches returns true for any /v1/projects/{p}/{serviceAccounts|roles}[/…] path. The catch-all match is safe because the GCP server registers more specific handlers (compute, networks, gcs, …) ahead of this one — there's no other IAM handler in the GCP namespace that this would shadow.

func (*Handler) ServeHTTP 

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP routes by URL shape and HTTP verb.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.