- HTTP request
- Request body
- Response body
- Authorization scopes
- Permission
- PermissionLaunchStage
- CustomRolesSupportLevel
- Examples
- Try it!
Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.
HTTP request
POST https://iam.googleapis.com/v1/permissions:queryTestablePermissions
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "fullResourceName": string, "pageSize": integer, "pageToken": string } |
Fields | |
---|---|
full |
Required. The full resource name to query from the list of testable permissions. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id |
page |
Optional limit on the number of permissions to include in the response. The default is 100, and the maximum is 1,000. |
page |
Optional pagination token returned in an earlier QueryTestablePermissionsRequest. |
Response body
The response containing permissions which can be tested on a resource.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"permissions": [
{
object ( |
Fields | |
---|---|
permissions[] |
The Permissions testable on the requested resource. |
next |
To retrieve the next page of results, set |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
Permission
A permission which can be included by a role.
JSON representation |
---|
{ "name": string, "title": string, "description": string, "onlyInPredefinedRoles": boolean, "stage": enum ( |
Fields | |
---|---|
name |
The name of this Permission. |
title |
The title of this Permission. |
description |
A brief description of what this Permission is used for. |
onlyInPredefinedRoles |
|
stage |
The current launch stage of the permission. |
custom |
The current custom role support level. |
api |
The service API associated with the permission is not enabled. |
primary |
The preferred name for this permission. If present, then this permission is an alias of, and equivalent to, the listed primaryPermission. |
PermissionLaunchStage
A stage representing a permission's lifecycle phase.
Enums | |
---|---|
ALPHA |
The permission is currently in an alpha phase. |
BETA |
The permission is currently in a beta phase. |
GA |
The permission is generally available. |
DEPRECATED |
The permission is being deprecated. |
CustomRolesSupportLevel
The state of the permission with regards to custom roles.
Enums | |
---|---|
SUPPORTED |
Default state. Permission is fully supported for custom role use. |
TESTING |
Permission is being tested to check custom role compatibility. |
NOT_SUPPORTED |
Permission is not supported for custom role use. |
.NET client library を使用します。 Go client library を使用します。 Java client library を使用します。 Node.js client library を使用します。 PHP client library を使用します。 Python client library を使用します。 Ruby client library を使用します。例
// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the C# client library by adding a dependency on the relevant NuGet
// package. Libraries published by Google are owned by google-apis-packages:
// https://www.nuget.org/profiles/google-apis-packages
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
using Google.Apis.Iam.v1;
using Newtonsoft.Json;
using System;
using System.Threading.Tasks;
using Data = Google.Apis.Iam.v1.Data;
namespace IamSample
{
public class IamExample
{
public static void Main(string[] args)
{
IamService iamService = new IamService(new BaseClientService.Initializer
{
HttpClientInitializer = GetCredential(),
ApplicationName = "Google-iamSample/0.1",
});
// TODO: Assign values to desired properties of `requestBody`:
Data.QueryTestablePermissionsRequest requestBody = new Data.QueryTestablePermissionsRequest();
PermissionsResource.QueryTestablePermissionsRequest request = iamService.Permissions.QueryTestablePermissions(requestBody);
Data.QueryTestablePermissionsResponse response;
do
{
// To execute asynchronously in an async method, replace `request.Execute()` as shown:
response = request.Execute();
// response = await request.ExecuteAsync();
if (response.Permissions == null)
{
continue;
}
foreach (Data.Permission permission in response.Permissions)
{
// TODO: Change code below to process each `permission` resource:
Console.WriteLine(JsonConvert.SerializeObject(permission));
}
requestBody.PageToken = response.NextPageToken;
} while (response.NextPageToken != null);
}
public static GoogleCredential GetCredential()
{
GoogleCredential credential = Task.Run(() => GoogleCredential.GetApplicationDefaultAsync()).Result;
if (credential.IsCreateScopedRequired)
{
credential = credential.CreateScoped("https://www.googleapis.com/auth/cloud-platform");
}
return credential;
}
}
}package main
// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk/ and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install and update the Go dependencies by running `go get -u` in the
// project directory.
import (
"fmt"
"log"
"golang.org/x/net/context"
"golang.org/x/oauth2/google"
"google.golang.org/api/iam/v1"
)
func main() {
ctx := context.Background()
iamService, err := iam.NewService(ctx)
if err != nil {
log.Fatal(err)
}
rb := &iam.QueryTestablePermissionsRequest{
// TODO: Add desired fields of the request body.
}
req := iamService.Permissions.QueryTestablePermissions(rb)
if err := req.Pages(ctx, func(page *iam.QueryTestablePermissionsResponse) error {
for _, permission := range page.Permissions {
// TODO: Change code below to process each `permission` resource:
fmt.Printf("%#v\n", permission)
}
return nil
}); err != nil {
log.Fatal(err)
}
}/*
* BEFORE RUNNING:
* ---------------
* 1. If not already done, enable the Identity and Access Management (IAM) API
* and check the quota for your project at
* https://console.developers.google.com/apis/api/iam
* 2. This sample uses Application Default Credentials for authentication.
* If not already done, install the gcloud CLI from
* https://cloud.google.com/sdk and run
* `gcloud beta auth application-default login`.
* For more information, see
* https://developers.google.com/identity/protocols/application-default-credentials
* 3. Install the Java client library on Maven or Gradle. Check installation
* instructions at https://github.com/google/google-api-java-client.
* On other build systems, you can add the jar files to your project from
* https://developers.google.com/resources/api-libraries/download/iam/v1/java
*/
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.model.Permission;
import com.google.api.services.iam.v1.model.QueryTestablePermissionsRequest;
import com.google.api.services.iam.v1.model.QueryTestablePermissionsResponse;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
public class IamExample {
public static void main(String args[]) throws IOException, GeneralSecurityException {
// TODO: Assign values to desired fields of `requestBody`:
QueryTestablePermissionsRequest requestBody = new QueryTestablePermissionsRequest();
Iam iamService = createIamService();
Iam.Permissions.QueryTestablePermissions request =
iamService.permissions().queryTestablePermissions(requestBody);
QueryTestablePermissionsResponse response;
do {
response = request.execute();
if (response.getPermissions() == null) {
continue;
}
for (Permission permission : response.getPermissions()) {
// TODO: Change code below to process each `permission` resource:
System.out.println(permission);
}
requestBody.setPageToken(response.getNextPageToken());
} while (response.getNextPageToken() != null);
}
public static Iam createIamService() throws IOException, GeneralSecurityException {
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
GoogleCredential credential = GoogleCredential.getApplicationDefault();
if (credential.createScopedRequired()) {
credential =
credential.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
}
return new Iam.Builder(httpTransport, jsonFactory, credential)
.setApplicationName("Google-iamSample/0.1")
.build();
}
}// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
// `npm install googleapis --save`
const {google} = require('googleapis');
const iam = google.iam('v1');
async function main () {
const authClient = await authorize();
const request = {
resource: {
// TODO: Add desired properties to the request body.
},
auth: authClient,
};
let response;
do {
if (response && response.nextPageToken) {
request.resource.pageToken = response.nextPageToken;
}
response = (await iam.permissions.queryTestablePermissions(request)).data;
const permissionsPage = response.permissions;
if (permissionsPage) {
for (let i = 0; i < permissionsPage.length; i++) {
// TODO: Change code below to process each resource in `permissionsPage`:
console.log(JSON.stringify(permissionsPage[i], null, 2));
}
}
} while (response.nextPageToken);
}
main();
async function authorize() {
const auth = new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/cloud-platform']
});
return await auth.getClient();
}<?php
/*
* BEFORE RUNNING:
* ---------------
* 1. If not already done, enable the Identity and Access Management (IAM) API
* and check the quota for your project at
* https://console.developers.google.com/apis/api/iam
* 2. This sample uses Application Default Credentials for authentication.
* If not already done, install the gcloud CLI from
* https://cloud.google.com/sdk and run
* `gcloud beta auth application-default login`.
* For more information, see
* https://developers.google.com/identity/protocols/application-default-credentials
* 3. Install the PHP client library with Composer. Check installation
* instructions at https://github.com/google/google-api-php-client.
*/
// Autoload Composer.
require_once __DIR__ . '/vendor/autoload.php';
$client = new Google_Client();
$client->setApplicationName('Google-iamSample/0.1');
$client->useApplicationDefaultCredentials();
$client->addScope('https://www.googleapis.com/auth/cloud-platform');
$service = new Google_Service_Iam($client);
// TODO: Assign values to desired properties of `requestBody`:
$requestBody = new Google_Service_Iam_QueryTestablePermissionsRequest();
do {
$response = $service->permissions->queryTestablePermissions($requestBody);
foreach ($response['permissions'] as $permission) {
// TODO: Change code below to process each `permission` resource:
echo '<pre>', var_export($permission, true), '</pre>', "\n";
}
$requestBody->setPageToken($response->getNextPageToken());
} while ($requestBody->getPageToken());
?>"""
BEFORE RUNNING:
---------------
1. If not already done, enable the Identity and Access Management (IAM) API
and check the quota for your project at
https://console.developers.google.com/apis/api/iam
2. This sample uses Application Default Credentials for authentication.
If not already done, install the gcloud CLI from
https://cloud.google.com/sdk and run
`gcloud beta auth application-default login`.
For more information, see
https://developers.google.com/identity/protocols/application-default-credentials
3. Install the Python client library for Google APIs by running
`pip install --upgrade google-api-python-client`
4. Install the OAuth 2.0 client for Google APIs by running
`pip install --upgrade oauth2client`
"""
from pprint import pprint
from googleapiclient import discovery
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
service = discovery.build('iam', 'v1', credentials=credentials)
query_testable_permissions_request_body = {
# TODO: Add desired entries to the request body.
}
while True:
request = service.permissions().queryTestablePermissions(body=query_testable_permissions_request_body)
response = request.execute()
for permission in response.get('permissions', []):
# TODO: Change code below to process each `permission` resource:
pprint(permission)
if 'nextPageToken' not in response:
break
query_testable_permissions_request_body['pageToken'] = response['nextPageToken']# BEFORE RUNNING:
# ---------------
# 1. If not already done, enable the Identity and Access Management (IAM) API
# and check the quota for your project at
# https://console.developers.google.com/apis/api/iam
# 2. This sample uses Application Default Credentials for authentication.
# If not already done, install the gcloud CLI from
# https://cloud.google.com/sdk and run
# `gcloud beta auth application-default login`.
# For more information, see
# https://developers.google.com/identity/protocols/application-default-credentials
# 3. Install the Ruby client library and Application Default Credentials
# library by running `gem install google-api-client` and
# `gem install googleauth`
require 'googleauth'
require 'google/apis/iam_v1'
service = Google::Apis::IamV1::IamService.new
service.authorization = \
Google::Auth.get_application_default(['https://www.googleapis.com/auth/cloud-platform'])
# TODO: Assign values to desired members of `request_body`:
request_body = Google::Apis::IamV1::QueryTestablePermissionsRequest.new
permissions = service.fetch_all(items: :permissions) do |token|
request_body.page_token = token
service.query_testable_permissions(request_body)
end
permissions.each do |permission|
# TODO: Change code below to process each `permission` resource:
puts permission.to_json
end