Package google.cloud.iap.v1

Index

IdentityAwareProxyAdminService

APIs for Identity-Aware Proxy Admin configurations.

GetIamPolicy

rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy)

Gets the access control policy for an Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetIapSettings

rpc GetIapSettings(GetIapSettingsRequest) returns (IapSettings)

Gets the IAP settings on a particular IAP protected resource.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

SetIamPolicy

rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy)

Sets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

TestIamPermissions

rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse)

Returns permissions that a caller has on the Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateIapSettings

rpc UpdateIapSettings(UpdateIapSettingsRequest) returns (IapSettings)

Updates the IAP settings on a particular IAP protected resource. It replaces all fields unless the update_mask is set.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IdentityAwareProxyRedirectService

API to handle requests during OAuth handshake for Identity-Aware Proxy protected resources.

AccessSettings

Access related settings for IAP protected apps.

Fields
gcip_settings

GcipSettings

GCIP claims and endpoint configurations for 3p identity providers.

cors_settings

CorsSettings

Configuration to allow cross-origin requests via IAP.

oauth_settings

OAuthSettings

Settings to configure IAP's OAuth behavior.

ApplicationSettings

Wrapper over application specific settings for IAP.

Fields
csm_settings

CsmSettings

Settings to configure IAP's behavior for a CSM mesh.

CorsSettings

Allows customers to configure HTTP request paths that'll allow HTTP OPTIONS call to bypass authentication and authorization.

Fields
allow_http_options

BoolValue

Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.

CsmSettings

Configuration for RCTokens generated for CSM workloads protected by IAP. RCTokens are IAP generated JWTs that can be verified at the application. The RCToken is primarily used for ISTIO deployments, and can be scoped to a single mesh by configuring the audience field accordingly

Fields
rctoken_aud

StringValue

Audience claim set in the generated RCToken. This value is not validated by IAP.

GcipSettings

Allows customers to configure tenant_id for GCIP instance per-app.

Fields
tenant_ids[]

string

GCIP tenant ids that are linked to the IAP resource. tenant_ids could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenant_ids should only contain one single element, while for tenant flow, tenant_ids can contain multiple elements.

login_page_uri

StringValue

Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.

GetIapSettingsRequest

The request sent to GetIapSettings.

Fields
name

string

Required. The resource name for which to retrieve the settings. Authorization: Requires the getSettings permission for the associated resource.

Authorization requires one or more of the following Google IAM permissions on the specified resource name:

  • iap.organizations.getSettings
  • iap.folders.getSettings
  • iap.projects.getSettings
  • iap.web.getSettings
  • iap.webTypes.getSettings
  • iap.webServices.getSettings
  • iap.webServiceVersions.getSettings

IapSettings

The IAP configurable settings.

Fields
name

string

Required. The resource name of the IAP protected resource.

access_settings

AccessSettings

Top level wrapper for all access related setting in IAP

application_settings

ApplicationSettings

Top level wrapper for all application related settings in IAP

OAuthSettings

Configuration for OAuth login&consent flow behavior.

Fields
login_hint

StringValue

Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. https://developers.google.com/identity/protocols/OpenIDConnect#hd-param Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.

UpdateIapSettingsRequest

The request sent to UpdateIapSettings.

Fields
iap_settings

IapSettings

Required. The new values for the IAP settings to be updated. Authorization: Requires the updateSettings permission for the associated resource.

Authorization requires one or more of the following Google IAM permissions on the specified resource iapSettings:

  • iap.organizations.updateSettings
  • iap.folders.updateSettings
  • iap.projects.updateSettings
  • iap.web.updateSettings
  • iap.webTypes.updateSettings
  • iap.webServices.updateSettings
  • iap.webServiceVersions.updateSettings

update_mask

FieldMask

The field mask specifying which IAP settings should be updated. If omitted, the all of the settings are updated. See https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

이 페이지가 도움이 되었나요? 평가를 부탁드립니다.

다음에 대한 의견 보내기...

Identity-Aware Proxy Documentation