[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eThe Identity and Access Management (IAM) API uses Kubernetes custom resources to manage access for identity providers.\u003c/p\u003e\n"],["\u003cp\u003eThe IAM API can be accessed through the GDC console or by using application-specific libraries, utilizing provided API endpoints and definitions.\u003c/p\u003e\n"],["\u003cp\u003eIAM APIs are available in zonal and global deployments, each with distinct API endpoint URLs, using the format \u003ccode\u003ehttps://MANAGEMENT_API_SERVER_ENDPOINT/apis/iam.gdc.goog/v1\u003c/code\u003e for zonal and \u003ccode\u003ehttps://MANAGEMENT_API_SERVER_ENDPOINT/apis/iam.global.gdc.goog/v1\u003c/code\u003e for global.\u003c/p\u003e\n"],["\u003cp\u003eThe discovery document for the IAM API can be obtained by using \u003ccode\u003ekubectl proxy\u003c/code\u003e which will allow accessing the API on \u003ccode\u003e127.0.0.1:8001\u003c/code\u003e from your local machine.\u003c/p\u003e\n"],["\u003cp\u003eA sample \u003ccode\u003eIdentityProviderConfig\u003c/code\u003e resource is provided, demonstrating the configuration for an identity provider with fields such as \u003ccode\u003eclientID\u003c/code\u003e, \u003ccode\u003eissuerURI\u003c/code\u003e, and \u003ccode\u003escopes\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Identity and Access Management API overview\n\nThe Identity and Access Management (IAM) API uses Kubernetes custom resources\nto manage the control access for identity providers.\n\nTo use the IAM API, use the GDC console. If\nyour application uses your own libraries to call the API, adopt the example\nservice endpoint in the following section, and the\nfull API definitions to build your requests:\n\n- [iam.gdc.goog](/distributed-cloud/hosted/docs/latest/gdch/apis/service/identity/v1/identity-v1)\n- [iam.global.gdc.goog](/distributed-cloud/hosted/docs/latest/gdch/apis/service/identity/v1/global-identity-v1)\n\nService endpoint and discovery document\n---------------------------------------\n\nThe IAM APIs are provided in two packages depending on zonal deployment or\nglobal deployment.\n\nThe API endpoints for the zonal and global IAM APIs are the following,\nrespectively:\n\n- `https://`\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/iam.gdc.goog/v1`\n- `https://`\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/iam.global.gdc.goog/v1`\n\nThe \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e variable is the\nendpoint of the Management API server.\n\nUsing the `kubectl proxy` command, access the URL in your browser to\nobtain the discovery document for the IAM API. The `kubectl proxy` command opens\nup a proxy on `127.0.0.1:8001` to the Kubernetes API server on your local\nmachine. After that command is running, access the documents at the\nfollowing URLs:\n\n- `http://127.0.0.1:8001/apis/iam.gdc.goog/v1`\n- `http://127.0.0.1:8001/apis/iam.global.gdc.goog/v1`\n\nExample resources\n-----------------\n\nThe following is a sample `IdentityProviderConfig` resource: \n\n apiVersion: iam.gdc.goog/v1\n kind: IdentityProviderConfig\n metadata:\n name: example-provider\n namespace: platform\n spec:\n - oidc:\n clientID: clientID\n clientSecret: clientSecret\n groupPrefix: example-\n groupsClaim: groups\n issuerURI: https://test-oidc-provider.example.com\n scopes: openid email profile\n userClaim: user-email@example.com\n userPrefix: example-"]]