ManagedZones: getiampolicy

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

See a code example.

Try it now!

See a code example.
Try it now!

Request

HTTP request

POST https://dns.googleapis.com/dns/v1/managedZones/getiampolicy

Authorization

This request requires authorization with at least one of the following scopes:

Scope
`https://www.googleapis.com/auth/ndev.clouddns.readonly`
`https://www.googleapis.com/auth/ndev.clouddns.readwrite`
`https://www.googleapis.com/auth/cloud-platform`
`https://www.googleapis.com/auth/cloud-platform.read-only`

Request body

In the request body, supply data with the following structure:

{
  "resource": string,
  "options": {
    "requestedPolicyVersion": integer
  }
}

Property name	Value	Description	Notes
`resource`	`string`
`options`	`nested object`
`options.requestedPolicyVersion`	`integer`

Response

If successful, this method returns a response body with the following structure:

{
  "version": integer,
  "bindings": [
    {
      "role": string,
      "members": [
        string
      ],
      "condition": {
        "expression": string,
        "title": string,
        "description": string,
        "location": string
      },
      "bindingId": string
    }
  ],
  "auditConfigs": [
    {
      "service": string,
      "auditLogConfigs": [
        {
          "logType": string,
          "exemptedMembers": [
            string
          ],
          "ignoreChildExemptions": boolean
        }
      ]
    }
  ],
  "rules": [
    {
      "description": string,
      "permissions": [
        string
      ],
      "action": string,
      "ins": [
        string
      ],
      "notIns": [
        string
      ],
      "conditions": [
        {
          "iam": string,
          "sys": string,
          "svc": string,
          "op": string,
          "values": [
            string
          ]
        }
      ],
      "logConfigs": [
        {
          "counter": {
            "metric": string,
            "field": string,
            "customFields": [
              {
                "name": string,
                "value": string
              }
            ]
          },
          "dataAccess": {
            "logMode": string
          },
          "cloudAudit": {
            "logName": string,
            "authorizationLoggingOptions": {
              "permissionType": string
            }
          }
        }
      ]
    }
  ],
  "etag": bytes
}

Property name	Value	Description
`version`	`integer`
`bindings[]`	`list`
`bindings[].role`	`string`
`bindings[].members[]`	`list`
`bindings[].condition`	`nested object`
`bindings[].condition.expression`	`string`
`bindings[].condition.title`	`string`
`bindings[].condition.description`	`string`
`bindings[].condition.location`	`string`
`bindings[].bindingId`	`string`
`auditConfigs[]`	`list`
`auditConfigs[].service`	`string`
`auditConfigs[].auditLogConfigs[]`	`list`
`auditConfigs[].auditLogConfigs[].logType`	`string`	Acceptable values are: "`adminRead`" "`dataRead`" "`dataWrite`" "`logTypeUnspecified`"
`auditConfigs[].auditLogConfigs[].exemptedMembers[]`	`list`
`auditConfigs[].auditLogConfigs[].ignoreChildExemptions`	`boolean`
`rules[]`	`list`
`rules[].description`	`string`
`rules[].permissions[]`	`list`
`rules[].action`	`string`	Acceptable values are: "`allow`" "`allowWithLog`" "`deny`" "`denyWithLog`" "`log`" "`noAction`"
`rules[].ins[]`	`list`
`rules[].notIns[]`	`list`
`rules[].conditions[]`	`list`
`rules[].conditions[].iam`	`string`	Acceptable values are: "`approver`" "`attribution`" "`authority`" "`credentialsType`" "`credsAssertion`" "`justificationType`" "`noAttr`" "`securityRealm`"
`rules[].conditions[].sys`	`string`	Acceptable values are: "`ip`" "`name`" "`noAttr`" "`region`" "`service`"
`rules[].conditions[].svc`	`string`
`rules[].conditions[].op`	`string`	Acceptable values are: "`discharged`" "`equals`" "`in`" "`noOp`" "`notEquals`" "`notIn`"
`rules[].conditions[].values[]`	`list`
`rules[].logConfigs[]`	`list`
`rules[].logConfigs[].counter`	`nested object`
`rules[].logConfigs[].counter.metric`	`string`
`rules[].logConfigs[].counter.field`	`string`
`rules[].logConfigs[].counter.customFields[]`	`list`
`rules[].logConfigs[].counter.customFields[].name`	`string`
`rules[].logConfigs[].counter.customFields[].value`	`string`
`rules[].logConfigs[].dataAccess`	`nested object`
`rules[].logConfigs[].dataAccess.logMode`	`string`	Acceptable values are: "`logFailClosed`" "`logModeUnspecified`"
`rules[].logConfigs[].cloudAudit`	`nested object`
`rules[].logConfigs[].cloudAudit.logName`	`string`	Acceptable values are: "`adminActivity`" "`dataAccess`" "`unspecifiedLogName`"
`rules[].logConfigs[].cloudAudit.authorizationLoggingOptions`	`nested object`
`rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType`	`string`	Acceptable values are: "`adminRead`" "`adminWrite`" "`dataRead`" "`dataWrite`" "`permissionTypeUnspecified`"
`etag`	`bytes`