The Identity and Access Management (IAM) API uses Kubernetes custom resources to manage the control access for identity providers.
To use the IAM API, use the GDC console. If your application uses your own libraries to call the API, adopt the example service endpoint in the following section, and the full API definition to build your requests.
Service endpoint and discovery document
The API endpoint for the IAM API is
https://GDCH_API_SERVER_ENDPOINT/apis/iam.gdc.goog/v1
,
where GDCH_API_SERVER_ENDPOINT
is the endpoint of
the GDC API server.
Using the kubectl proxy
command, access the URL in your browser to
obtain the discovery document for the IAM API. The kubectl proxy
command opens
up a proxy on 127.0.0.1:8001
to the Kubernetes API server on your local
machine. Once that command is running, access the document at the
following URL:
http://127.0.0.1:8001/apis/iam.gdc.goog/v1
Example resources
The following is a sample resource:
apiVersion: iam.gdc.goog/v1
kind: IdentityProviderConfig
metadata:
name: example-provider
namespace: platform
spec:
- oidc:
clientID: clientID
clientSecret: clientSecret
groupPrefix: example-
groupsClaim: groups
issuerURI: https://test-oidc-provider.example.com
scopes: openid email profile
userClaim: user-email@example.com
userPrefix: example-