...

Package iam

import "cloud.google.com/go/iam"
Overview
Index
Subdirectories

Overview ▾

Package iam supports the resource-specific operations of Google Cloud IAM (Identity and Access Management) for the Google Cloud Libraries. See https://cloud.google.com/iam for more about IAM.

Users of the Google Cloud Libraries will typically not use this package directly. Instead they will begin with some resource that supports IAM, like a pubsub topic, and call its IAM method to get a Handle for that resource.

Constants

const (
    // AllUsers is a special member that denotes all users, even unauthenticated ones.
    AllUsers = "allUsers"

    // AllAuthenticatedUsers is a special member that denotes all authenticated users.
    AllAuthenticatedUsers = "allAuthenticatedUsers"
)

type Handle

A Handle provides IAM operations for a resource. 

type Handle struct {
    // contains filtered or unexported fields
}

func InternalNewHandle 

func InternalNewHandle(conn grpc.ClientConnInterface, resource string) *Handle

InternalNewHandle is for use by the Google Cloud Libraries only.

InternalNewHandle returns a Handle for resource. The conn parameter refers to a server that must support the IAMPolicy service.

func InternalNewHandleClient 

func InternalNewHandleClient(c client, resource string) *Handle

InternalNewHandleClient is for use by the Google Cloud Libraries only.

InternalNewHandleClient returns a Handle for resource using the given client implementation.

func InternalNewHandleGRPCClient 

func InternalNewHandleGRPCClient(c pb.IAMPolicyClient, resource string) *Handle

InternalNewHandleGRPCClient is for use by the Google Cloud Libraries only.

InternalNewHandleClient returns a Handle for resource using the given grpc service that implements IAM as a mixin

func (*Handle) Policy 

func (h *Handle) Policy(ctx context.Context) (*Policy, error)

Policy retrieves the IAM policy for the resource.

func (*Handle) SetPolicy 

func (h *Handle) SetPolicy(ctx context.Context, policy *Policy) error

SetPolicy replaces the resource's current policy with the supplied Policy.

If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.

func (*Handle) TestPermissions 

func (h *Handle) TestPermissions(ctx context.Context, permissions []string) ([]string, error)

TestPermissions returns the subset of permissions that the caller has on the resource.

func (*Handle) V3 

func (h *Handle) V3() *Handle3

V3 returns a Handle3, which is like Handle except it sets requestedPolicyVersion to 3 when retrieving a policy and policy.version to 3 when storing a policy.

type Handle3

A Handle3 provides IAM operations for a resource. It is similar to a Handle, but provides access to newer IAM features (e.g., conditions). 

type Handle3 struct {
    // contains filtered or unexported fields
}

func (*Handle3) Policy 

func (h *Handle3) Policy(ctx context.Context) (*Policy3, error)

Policy retrieves the IAM policy for the resource.

requestedPolicyVersion is always set to 3.

func (*Handle3) SetPolicy 

func (h *Handle3) SetPolicy(ctx context.Context, policy *Policy3) error

SetPolicy replaces the resource's current policy with the supplied Policy.

If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.

func (*Handle3) TestPermissions 

func (h *Handle3) TestPermissions(ctx context.Context, permissions []string) ([]string, error)

TestPermissions returns the subset of permissions that the caller has on the resource.

type Policy

A Policy is a list of Bindings representing roles granted to members.

The zero Policy is a valid policy with no bindings. 

type Policy struct {

    // This field is exported for use by the Google Cloud Libraries only.
    // It may become unexported in a future release.
    InternalProto *pb.Policy
}

func (*Policy) Add 

func (p *Policy) Add(member string, r RoleName)

Add adds member member to role r if it is not already present. A new binding is created if there is no binding for the role.

func (*Policy) HasRole 

func (p *Policy) HasRole(member string, r RoleName) bool

HasRole reports whether member has role r.

func (*Policy) Members 

func (p *Policy) Members(r RoleName) []string

Members returns the list of members with the supplied role. The return value should not be modified. Use Add and Remove to modify the members of a role.

func (*Policy) Remove 

func (p *Policy) Remove(member string, r RoleName)

Remove removes member from role r if it is present.

func (*Policy) Roles 

func (p *Policy) Roles() []RoleName

Roles returns the names of all the roles that appear in the Policy.

type Policy3

A Policy3 is a list of Bindings representing roles granted to members.

The zero Policy3 is a valid policy with no bindings.

It is similar to a Policy, except a Policy3 provides direct access to the list of Bindings.

The policy version is always set to 3. 

type Policy3 struct {
    Bindings []*pb.Binding
    // contains filtered or unexported fields
}

type RoleName

A RoleName is a name representing a collection of permissions. 

type RoleName string

Common role names. 

const (
    Owner  RoleName = "roles/owner"
    Editor RoleName = "roles/editor"
    Viewer RoleName = "roles/viewer"
)

Subdirectories

Name Synopsis
..
admin
apiv1 Package admin is an auto-generated package for the Identity and Access Management (IAM) API.
adminpb
aliasshim Package aliasshim is used to keep the dependency on go-genproto during our go-genproto to google-cloud-go stubs migration window.
apiv1 Package iam is an auto-generated package for the IAM Meta API.
iampb
apiv2 Package iam is an auto-generated package for the Identity and Access Management (IAM) API.
iampb
credentials
apiv1 Package credentials is an auto-generated package for the IAM Service Account Credentials API.
credentialspb