Index
Policies
(interface)CreatePolicyRequest
(message)DeletePolicyRequest
(message)DenyRule
(message)GetPolicyRequest
(message)ListPoliciesRequest
(message)ListPoliciesResponse
(message)Policy
(message)PolicyOperationMetadata
(message)PolicyRule
(message)UpdatePolicyRequest
(message)
Policies
An interface for managing Identity and Access Management (IAM) policies.
CreatePolicy |
---|
Creates a policy.
|
DeletePolicy |
---|
Deletes a policy. This action is permanent.
|
GetPolicy |
---|
Gets a policy.
|
ListPolicies |
---|
Retrieves the policies of the specified kind that are attached to a resource. The response lists only policy metadata. In particular, policy rules are omitted.
|
UpdatePolicy |
---|
Updates the specified policy. You can update only the rules and the display name for the policy. To update a policy, you should use a read-modify-write loop:
This pattern helps prevent conflicts between concurrent updates.
|
CreatePolicyRequest
Request message for CreatePolicy
.
Fields | |
---|---|
parent |
Required. The resource that the policy is attached to, along with the kind of policy to create. Format: The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. |
policy |
Required. The policy to create. |
policy_id |
The ID to use for this policy, which will become the final component of the policy's resource name. The ID must contain 3 to 63 characters. It can contain lowercase letters and numbers, as well as dashes ( |
DeletePolicyRequest
Request message for DeletePolicy
.
Fields | |
---|---|
name |
Required. The resource name of the policy to delete. Format: Use the URL-encoded full resource name, which means that the forward-slash character, For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. |
etag |
Optional. The expected If you omit this field, the policy is deleted regardless of its current |
DenyRule
A deny rule in an IAM deny policy.
Fields | |
---|---|
denied_principals[] |
The identities that are prevented from using one or more permissions on Google Cloud resources. This field can contain the following values:
|
exception_principals[] |
The identities that are excluded from the deny rule, even if they are listed in the This field can contain the same values as the |
denied_permissions[] |
The permissions that are explicitly denied by this rule. Each permission uses the format |
exception_permissions[] |
Specifies the permissions that this rule excludes from the set of denied permissions given by The excluded permissions can be specified using the same syntax as |
denial_condition |
The condition that determines whether this deny rule applies to a request. If the condition expression evaluates to Each deny rule is evaluated independently. If this deny rule does not apply to a request, other deny rules might still apply. The condition can use CEL functions that evaluate resource tags. Other functions and operators are not supported. |
GetPolicyRequest
Request message for GetPolicy
.
Fields | |
---|---|
name |
Required. The resource name of the policy to retrieve. Format: Use the URL-encoded full resource name, which means that the forward-slash character, For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. |
ListPoliciesRequest
Request message for ListPolicies
.
Fields | |
---|---|
parent |
Required. The resource that the policy is attached to, along with the kind of policy to list. Format: The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID. |
page_size |
The maximum number of policies to return. IAM ignores this value and uses the value 1000. |
page_token |
A page token received in a |
ListPoliciesResponse
Response message for ListPolicies
.
Fields | |
---|---|
policies[] |
Metadata for the policies that are attached to the resource. |
next_page_token |
A page token that you can use in a |
Policy
Data for an IAM policy.
Fields | |
---|---|
name |
Immutable. The resource name of the The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID. |
uid |
Immutable. The globally unique ID of the |
kind |
Output only. The kind of the |
display_name |
A user-specified description of the |
annotations |
A key-value map to store arbitrary metadata for the |
etag |
An opaque tag that identifies the current version of the If this field is present in a |
create_time |
Output only. The time when the |
update_time |
Output only. The time when the |
delete_time |
Output only. The time when the |
rules[] |
A list of rules that specify the behavior of the |
PolicyOperationMetadata
Metadata for long-running Policy
operations.
Fields | |
---|---|
create_time |
Timestamp when the |
PolicyRule
A single rule in a Policy
.
Fields | |
---|---|
description |
A user-specified description of the rule. This value can be up to 256 characters. |
Union field
|
|
deny_rule |
A rule for a deny policy. |
UpdatePolicyRequest
Request message for UpdatePolicy
.
Fields | |
---|---|
policy |
Required. The policy to update. To prevent conflicting updates, the |