- HTTP request
- Request body
- Response body
- Authorization scopes
- LintResult
- Level
- Severity
- Examples
- Try it!
Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition
field, which contains a condition expression for a role binding.
Successful calls to this method always return an HTTP 200 OK
status code, even if the linter detects an issue in the IAM policy.
HTTP request
POST https://iam.googleapis.com/v1/iamPolicies:lintPolicy
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "fullResourceName": string, // Union field |
Fields | |
---|---|
full |
The full resource name of the policy this lint request is about. The name follows the Google Cloud format for full resource names. For example, a Google Cloud project with ID The resource name is not used to read a policy from IAM. Only the data in the request object is linted. |
Union field lint_object . Required. The IAM object to be linted. lint_object can be only one of the following: |
|
condition |
|
Response body
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"lintResults": [
{
object ( |
Fields | |
---|---|
lint |
List of lint results sorted by |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
LintResult
Structured response of a single validation unit.
Fields | |
---|---|
level |
The validation unit level. |
validation |
The validation unit name, for instance "lintValidationUnits/ConditionComplexityCheck". |
severity |
The validation unit severity. |
field |
The name of the field for which this lint result is about. For nested messages |
location |
0-based character position of problematic construct within the object identified by |
debug |
Human readable debug message associated with the issue. |
Level
Possible Level values of a validation unit corresponding to its domain of discourse.
Enums | |
---|---|
LEVEL_UNSPECIFIED |
Level is unspecified. |
CONDITION |
A validation unit which operates on an individual condition within a binding. |
Severity
Possible Severity values of an issued result.
Enums | |
---|---|
SEVERITY_UNSPECIFIED |
Severity is unspecified. |
ERROR |
A validation unit returns an error only for critical issues. If an attempt is made to set the problematic policy without rectifying the critical issue, it causes the setPolicy operation to fail. |
WARNING |
Any issue which is severe enough but does not cause an error. For example, suspicious constructs in the input object will not necessarily fail
|
NOTICE |
Reserved for the issues that are not severe as ERROR /WARNING , but need special handling. For instance, messages about skipped validation units are issued as NOTICE . |
INFO |
Any informative statement which is not severe enough to raise ERROR /WARNING /NOTICE , like auto-correction recommendations on the input content. Note that current version of the linter does not utilize INFO . |
DEPRECATED |
Deprecated severity level. |
.NET client library を使用します。 Go client library を使用します。 Java client library を使用します。 Node.js client library を使用します。 PHP client library を使用します。 Python client library を使用します。 Ruby client library を使用します。例
// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the C# client library by adding a dependency on the relevant NuGet
// package. Libraries published by Google are owned by google-apis-packages:
// https://www.nuget.org/profiles/google-apis-packages
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
using Google.Apis.Iam.v1;
using Newtonsoft.Json;
using System;
using System.Threading.Tasks;
using Data = Google.Apis.Iam.v1.Data;
namespace IamSample
{
public class IamExample
{
public static void Main(string[] args)
{
IamService iamService = new IamService(new BaseClientService.Initializer
{
HttpClientInitializer = GetCredential(),
ApplicationName = "Google-iamSample/0.1",
});
// TODO: Assign values to desired properties of `requestBody`:
Data.LintPolicyRequest requestBody = new Data.LintPolicyRequest();
IamPoliciesResource.LintPolicyRequest request = iamService.IamPolicies.LintPolicy(requestBody);
// To execute asynchronously in an async method, replace `request.Execute()` as shown:
Data.LintPolicyResponse response = request.Execute();
// Data.LintPolicyResponse response = await request.ExecuteAsync();
// TODO: Change code below to process the `response` object:
Console.WriteLine(JsonConvert.SerializeObject(response));
}
public static GoogleCredential GetCredential()
{
GoogleCredential credential = Task.Run(() => GoogleCredential.GetApplicationDefaultAsync()).Result;
if (credential.IsCreateScopedRequired)
{
credential = credential.CreateScoped("https://www.googleapis.com/auth/cloud-platform");
}
return credential;
}
}
}package main
// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk/ and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install and update the Go dependencies by running `go get -u` in the
// project directory.
import (
"fmt"
"log"
"golang.org/x/net/context"
"golang.org/x/oauth2/google"
"google.golang.org/api/iam/v1"
)
func main() {
ctx := context.Background()
iamService, err := iam.NewService(ctx)
if err != nil {
log.Fatal(err)
}
rb := &iam.LintPolicyRequest{
// TODO: Add desired fields of the request body.
}
resp, err := iamService.IamPolicies.LintPolicy(rb).Context(ctx).Do()
if err != nil {
log.Fatal(err)
}
// TODO: Change code below to process the `resp` object:
fmt.Printf("%#v\n", resp)
}/*
* BEFORE RUNNING:
* ---------------
* 1. If not already done, enable the Identity and Access Management (IAM) API
* and check the quota for your project at
* https://console.developers.google.com/apis/api/iam
* 2. This sample uses Application Default Credentials for authentication.
* If not already done, install the gcloud CLI from
* https://cloud.google.com/sdk and run
* `gcloud beta auth application-default login`.
* For more information, see
* https://developers.google.com/identity/protocols/application-default-credentials
* 3. Install the Java client library on Maven or Gradle. Check installation
* instructions at https://github.com/google/google-api-java-client.
* On other build systems, you can add the jar files to your project from
* https://developers.google.com/resources/api-libraries/download/iam/v1/java
*/
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.model.LintPolicyRequest;
import com.google.api.services.iam.v1.model.LintPolicyResponse;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
public class IamExample {
public static void main(String args[]) throws IOException, GeneralSecurityException {
// TODO: Assign values to desired fields of `requestBody`:
LintPolicyRequest requestBody = new LintPolicyRequest();
Iam iamService = createIamService();
Iam.IamPolicies.LintPolicy request = iamService.iamPolicies().lintPolicy(requestBody);
LintPolicyResponse response = request.execute();
// TODO: Change code below to process the `response` object:
System.out.println(response);
}
public static Iam createIamService() throws IOException, GeneralSecurityException {
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
GoogleCredential credential = GoogleCredential.getApplicationDefault();
if (credential.createScopedRequired()) {
credential =
credential.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
}
return new Iam.Builder(httpTransport, jsonFactory, credential)
.setApplicationName("Google-iamSample/0.1")
.build();
}
}// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
// `npm install googleapis --save`
const {google} = require('googleapis');
const iam = google.iam('v1');
async function main () {
const authClient = await authorize();
const request = {
resource: {
// TODO: Add desired properties to the request body.
},
auth: authClient,
};
try {
const response = (await iam.iamPolicies.lintPolicy(request)).data;
// TODO: Change code below to process the `response` object:
console.log(JSON.stringify(response, null, 2));
} catch (err) {
console.error(err);
}
}
main();
async function authorize() {
const auth = new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/cloud-platform']
});
return await auth.getClient();
}<?php
/*
* BEFORE RUNNING:
* ---------------
* 1. If not already done, enable the Identity and Access Management (IAM) API
* and check the quota for your project at
* https://console.developers.google.com/apis/api/iam
* 2. This sample uses Application Default Credentials for authentication.
* If not already done, install the gcloud CLI from
* https://cloud.google.com/sdk and run
* `gcloud beta auth application-default login`.
* For more information, see
* https://developers.google.com/identity/protocols/application-default-credentials
* 3. Install the PHP client library with Composer. Check installation
* instructions at https://github.com/google/google-api-php-client.
*/
// Autoload Composer.
require_once __DIR__ . '/vendor/autoload.php';
$client = new Google_Client();
$client->setApplicationName('Google-iamSample/0.1');
$client->useApplicationDefaultCredentials();
$client->addScope('https://www.googleapis.com/auth/cloud-platform');
$service = new Google_Service_Iam($client);
// TODO: Assign values to desired properties of `requestBody`:
$requestBody = new Google_Service_Iam_LintPolicyRequest();
$response = $service->iamPolicies->lintPolicy($requestBody);
// TODO: Change code below to process the `response` object:
echo '<pre>', var_export($response, true), '</pre>', "\n";
?>"""
BEFORE RUNNING:
---------------
1. If not already done, enable the Identity and Access Management (IAM) API
and check the quota for your project at
https://console.developers.google.com/apis/api/iam
2. This sample uses Application Default Credentials for authentication.
If not already done, install the gcloud CLI from
https://cloud.google.com/sdk and run
`gcloud beta auth application-default login`.
For more information, see
https://developers.google.com/identity/protocols/application-default-credentials
3. Install the Python client library for Google APIs by running
`pip install --upgrade google-api-python-client`
4. Install the OAuth 2.0 client for Google APIs by running
`pip install --upgrade oauth2client`
"""
from pprint import pprint
from googleapiclient import discovery
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
service = discovery.build('iam', 'v1', credentials=credentials)
lint_policy_request_body = {
# TODO: Add desired entries to the request body.
}
request = service.iamPolicies().lintPolicy(body=lint_policy_request_body)
response = request.execute()
# TODO: Change code below to process the `response` dict:
pprint(response)# BEFORE RUNNING:
# ---------------
# 1. If not already done, enable the Identity and Access Management (IAM) API
# and check the quota for your project at
# https://console.developers.google.com/apis/api/iam
# 2. This sample uses Application Default Credentials for authentication.
# If not already done, install the gcloud CLI from
# https://cloud.google.com/sdk and run
# `gcloud beta auth application-default login`.
# For more information, see
# https://developers.google.com/identity/protocols/application-default-credentials
# 3. Install the Ruby client library and Application Default Credentials
# library by running `gem install google-api-client` and
# `gem install googleauth`
require 'googleauth'
require 'google/apis/iam_v1'
service = Google::Apis::IamV1::IamService.new
service.authorization = \
Google::Auth.get_application_default(['https://www.googleapis.com/auth/cloud-platform'])
# TODO: Assign values to desired members of `request_body`:
request_body = Google::Apis::IamV1::LintPolicyRequest.new
response = service.lint_iam_policy_policy(request_body)
# TODO: Change code below to process the `response` object:
puts response.to_json