Documentation ¶
Overview ¶
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Package iam defines operations in the declarative SDK.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Package iam includes tools for setting and getting policies, bindings, and members of IAM policies in the DCL.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2022 Google LLC. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func EncodeIAMCreateRequest(m map[string]interface{}, resourceName, idField string) map[string]interface{}
- func EncodeRoleCreateRequest(m map[string]interface{}) map[string]interface{}
- func EncodeServiceAccountCreateRequest(m map[string]interface{}) map[string]interface{}
- type Binding
- type Client
- func (c *Client) ApplyBinding(ctx context.Context, binding *Binding, opts ...dcl.ApplyOption) (*Binding, error)
- func (c *Client) ApplyMember(ctx context.Context, member *Member, opts ...dcl.ApplyOption) (*Member, error)
- func (c *Client) ApplyRole(ctx context.Context, rawDesired *Role, opts ...dcl.ApplyOption) (*Role, error)
- func (c *Client) ApplyServiceAccount(ctx context.Context, rawDesired *ServiceAccount, opts ...dcl.ApplyOption) (*ServiceAccount, error)
- func (c *Client) ApplyWorkloadIdentityPool(ctx context.Context, rawDesired *WorkloadIdentityPool, opts ...dcl.ApplyOption) (*WorkloadIdentityPool, error)
- func (c *Client) ApplyWorkloadIdentityPoolProvider(ctx context.Context, rawDesired *WorkloadIdentityPoolProvider, ...) (*WorkloadIdentityPoolProvider, error)
- func (c *Client) DeleteAllRole(ctx context.Context, parent string, filter func(*Role) bool) error
- func (c *Client) DeleteAllServiceAccount(ctx context.Context, project string, filter func(*ServiceAccount) bool) error
- func (c *Client) DeleteAllWorkloadIdentityPool(ctx context.Context, project, location string, ...) error
- func (c *Client) DeleteAllWorkloadIdentityPoolProvider(ctx context.Context, project, location, workloadIdentityPool string, ...) error
- func (c *Client) DeleteBinding(ctx context.Context, binding *Binding) error
- func (c *Client) DeleteMember(ctx context.Context, member *Member) error
- func (c *Client) DeleteRole(ctx context.Context, r *Role) error
- func (c *Client) DeleteServiceAccount(ctx context.Context, r *ServiceAccount) error
- func (c *Client) DeleteWorkloadIdentityPool(ctx context.Context, r *WorkloadIdentityPool) error
- func (c *Client) DeleteWorkloadIdentityPoolProvider(ctx context.Context, r *WorkloadIdentityPoolProvider) error
- func (c *Client) GetBinding(ctx context.Context, r ResourceWithPolicy, role string) (*Binding, error)
- func (c *Client) GetMember(ctx context.Context, r ResourceWithPolicy, role, member string) (*Member, error)
- func (c *Client) GetPolicy(ctx context.Context, r ResourceWithPolicy) (*Policy, error)
- func (c *Client) GetRole(ctx context.Context, r *Role) (*Role, error)
- func (c *Client) GetServiceAccount(ctx context.Context, r *ServiceAccount) (*ServiceAccount, error)
- func (c *Client) GetWorkloadIdentityPool(ctx context.Context, r *WorkloadIdentityPool) (*WorkloadIdentityPool, error)
- func (c *Client) GetWorkloadIdentityPoolProvider(ctx context.Context, r *WorkloadIdentityPoolProvider) (*WorkloadIdentityPoolProvider, error)
- func (c *Client) ListRole(ctx context.Context, parent string) (*RoleList, error)
- func (c *Client) ListRoleWithMaxResults(ctx context.Context, parent string, pageSize int32) (*RoleList, error)
- func (c *Client) ListServiceAccount(ctx context.Context, project string) (*ServiceAccountList, error)
- func (c *Client) ListServiceAccountWithMaxResults(ctx context.Context, project string, pageSize int32) (*ServiceAccountList, error)
- func (c *Client) ListWorkloadIdentityPool(ctx context.Context, project, location string) (*WorkloadIdentityPoolList, error)
- func (c *Client) ListWorkloadIdentityPoolProvider(ctx context.Context, project, location, workloadIdentityPool string) (*WorkloadIdentityPoolProviderList, error)
- func (c *Client) ListWorkloadIdentityPoolProviderWithMaxResults(ctx context.Context, project, location, workloadIdentityPool string, ...) (*WorkloadIdentityPoolProviderList, error)
- func (c *Client) ListWorkloadIdentityPoolWithMaxResults(ctx context.Context, project, location string, pageSize int32) (*WorkloadIdentityPoolList, error)
- func (c *Client) SetBinding(ctx context.Context, b *Binding) (*Policy, error)
- func (c *Client) SetMember(ctx context.Context, m *Member) (*Policy, error)
- func (c *Client) SetPolicy(ctx context.Context, p *Policy) (*Policy, error)
- type Condition
- type Member
- type Policy
- type ResourceWithPolicy
- type Role
- type RoleList
- type RoleLocalizedValues
- type RoleStageEnum
- type ServiceAccount
- func (r *ServiceAccount) Describe() dcl.ServiceTypeVersion
- func (r *ServiceAccount) GetPolicy(basePath string) (string, string, *bytes.Buffer, error)
- func (r *ServiceAccount) IAMPolicyVersion() int
- func (r *ServiceAccount) ID() (string, error)
- func (r *ServiceAccount) SetPolicyURL(userBasePath string) string
- func (r *ServiceAccount) SetPolicyVerb() string
- func (r *ServiceAccount) String() string
- type ServiceAccountActasResources
- type ServiceAccountActasResourcesResources
- type ServiceAccountList
- type WorkloadIdentityPool
- type WorkloadIdentityPoolList
- type WorkloadIdentityPoolProvider
- type WorkloadIdentityPoolProviderAws
- type WorkloadIdentityPoolProviderList
- type WorkloadIdentityPoolProviderOidc
- type WorkloadIdentityPoolProviderStateEnum
- type WorkloadIdentityPoolStateEnum
Constants ¶
const RoleMaxPage = -1
const ServiceAccountMaxPage = -1
const WorkloadIdentityPoolMaxPage = -1
const WorkloadIdentityPoolProviderMaxPage = -1
Variables ¶
var YAML_role = []byte("info:\n title: Iam/Role\n description: The Iam Role resource\n x-dcl-struct-name: Role\n x-dcl-has-iam: false\npaths:\n get:\n description: The function used to get information about a Role\n parameters:\n - name: Role\n required: true\n description: A full instance of a Role\n apply:\n description: The function used to apply information about a Role\n parameters:\n - name: Role\n required: true\n description: A full instance of a Role\n delete:\n description: The function used to delete a Role\n parameters:\n - name: Role\n required: true\n description: A full instance of a Role\n deleteAll:\n description: The function used to delete all Role\n parameters:\n - name: parent\n required: true\n schema:\n type: string\n list:\n description: The function used to list information about many Role\n parameters:\n - name: parent\n required: true\n schema:\n type: string\ncomponents:\n schemas:\n Role:\n title: Role\n x-dcl-id: '{{parent}}/roles/{{name}}'\n x-dcl-has-iam: false\n type: object\n properties:\n deleted:\n type: boolean\n x-dcl-go-name: Deleted\n description: The current deleted state of the role. This field is read only.\n It will be ignored in calls to CreateRole and UpdateRole.\n x-kubernetes-immutable: true\n description:\n type: string\n x-dcl-go-name: Description\n description: Optional. A human-readable description for the role.\n x-kubernetes-immutable: true\n etag:\n type: string\n x-dcl-go-name: Etag\n description: Used to perform a consistent read-modify-write.\n x-kubernetes-immutable: true\n groupName:\n type: string\n x-dcl-go-name: GroupName\n x-kubernetes-immutable: true\n groupTitle:\n type: string\n x-dcl-go-name: GroupTitle\n x-kubernetes-immutable: true\n includedPermissions:\n type: array\n x-dcl-go-name: IncludedPermissions\n description: The names of the permissions this role grants when bound in\n an IAM policy.\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n includedRoles:\n type: array\n x-dcl-go-name: IncludedRoles\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n lifecyclePhase:\n type: string\n x-dcl-go-name: LifecyclePhase\n x-kubernetes-immutable: true\n localizedValues:\n type: object\n x-dcl-go-name: LocalizedValues\n x-dcl-go-type: RoleLocalizedValues\n x-kubernetes-immutable: true\n properties:\n localizedDescription:\n type: string\n x-dcl-go-name: LocalizedDescription\n description: Will be English by default or if an error occurred during\n translation.\n x-kubernetes-immutable: true\n localizedTitle:\n type: string\n x-dcl-go-name: LocalizedTitle\n description: Will be English by default or if an error occurred during\n translation.\n x-kubernetes-immutable: true\n name:\n type: string\n x-dcl-go-name: Name\n description: The name of the role. When Role is used in CreateRole, the\n role name must not be set. When Role is used in output and other input\n such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer\n for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer\n for custom roles.\n x-kubernetes-immutable: true\n parent:\n type: string\n x-dcl-go-name: Parent\n description: 'The parent parameter''s value depends on the target resource\n for the request, namely projects or organizations. Each resource type''s\n parent value format is described below: projects.roles.create(): projects/{PROJECT_ID}.\n This method creates project-level custom roles. Example request URL: https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles\n organizations.roles.create(): organizations/{ORGANIZATION_ID}. This method\n creates organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles\n Note: Wildcard (*) values are invalid; you must specify a complete project\n ID or organization ID. Authorization requires the following IAM permission\n on the specified resource parent: iam.roles.create'\n x-kubernetes-immutable: true\n x-dcl-forward-slash-allowed: true\n x-dcl-references:\n - resource: Cloudresourcemanager/Project\n field: name\n parent: true\n - resource: Cloudresourcemanager/Organization\n field: name\n parent: true\n stage:\n type: string\n x-dcl-go-name: Stage\n x-dcl-go-type: RoleStageEnum\n description: The current launch stage of the role. If the `ALPHA` launch\n stage has been selected for a role, the `stage` field will not be included\n in the returned definition for the role.\n x-kubernetes-immutable: true\n enum:\n - ALPHA\n - BETA\n - GA\n - DEPRECATED\n - DISABLED\n - EAP\n title:\n type: string\n x-dcl-go-name: Title\n description: Optional. A human-readable title for the role. Typically this\n is limited to 100 UTF-8 bytes.\n x-kubernetes-immutable: true\n")
blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/role.yaml
var YAML_service_account = []byte("info:\n title: Iam/ServiceAccount\n description: The Iam ServiceAccount resource\n x-dcl-struct-name: ServiceAccount\n x-dcl-has-iam: true\npaths:\n get:\n description: The function used to get information about a ServiceAccount\n parameters:\n - name: ServiceAccount\n required: true\n description: A full instance of a ServiceAccount\n apply:\n description: The function used to apply information about a ServiceAccount\n parameters:\n - name: ServiceAccount\n required: true\n description: A full instance of a ServiceAccount\n delete:\n description: The function used to delete a ServiceAccount\n parameters:\n - name: ServiceAccount\n required: true\n description: A full instance of a ServiceAccount\n deleteAll:\n description: The function used to delete all ServiceAccount\n parameters:\n - name: project\n required: true\n schema:\n type: string\n list:\n description: The function used to list information about many ServiceAccount\n parameters:\n - name: project\n required: true\n schema:\n type: string\ncomponents:\n schemas:\n ServiceAccount:\n title: ServiceAccount\n x-dcl-id: projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com\n x-dcl-parent-container: project\n x-dcl-has-iam: true\n type: object\n properties:\n actasResources:\n type: object\n x-dcl-go-name: ActasResources\n x-dcl-go-type: ServiceAccountActasResources\n description: Optional.\n x-kubernetes-immutable: true\n properties:\n resources:\n type: array\n x-dcl-go-name: Resources\n x-kubernetes-immutable: true\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: object\n x-dcl-go-type: ServiceAccountActasResourcesResources\n properties:\n fullResourceName:\n type: string\n x-dcl-go-name: FullResourceName\n x-kubernetes-immutable: true\n description:\n type: string\n x-dcl-go-name: Description\n description: Optional. A user-specified, human-readable description of the\n service account. The maximum length is 256 UTF-8 bytes.\n disabled:\n type: boolean\n x-dcl-go-name: Disabled\n readOnly: true\n description: Output only. Whether the service account is disabled.\n x-kubernetes-immutable: true\n displayName:\n type: string\n x-dcl-go-name: DisplayName\n description: Optional. A user-specified, human-readable name for the service\n account. The maximum length is 100 UTF-8 bytes.\n email:\n type: string\n x-dcl-go-name: Email\n readOnly: true\n description: Output only. The email address of the service account.\n x-kubernetes-immutable: true\n name:\n type: string\n x-dcl-go-name: Name\n description: 'The resource name of the service account. Use one of the following\n formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`\n As an alternative, you can use the `-` wildcard character instead of the\n project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}`\n When possible, avoid using the `-` wildcard character, because it can\n cause response messages to contain misleading error codes. For example,\n if you try to get the service account `projects/-/serviceAccounts/fake@example.com`,\n which does not exist, the response contains an HTTP `403 Forbidden` error\n instead of a `404 Not Found` error.'\n x-kubernetes-immutable: true\n oauth2ClientId:\n type: string\n x-dcl-go-name: OAuth2ClientId\n readOnly: true\n description: Output only. The OAuth 2.0 client ID for the service account.\n x-kubernetes-immutable: true\n project:\n type: string\n x-dcl-go-name: Project\n description: The ID of the project that owns the service account.\n x-kubernetes-immutable: true\n x-dcl-references:\n - resource: Cloudresourcemanager/Project\n field: name\n parent: true\n uniqueId:\n type: string\n x-dcl-go-name: UniqueId\n readOnly: true\n description: Output only. The unique, stable numeric ID for the service\n account. Each service account retains its unique ID even if you delete\n the service account. For example, if you delete a service account, then\n create a new service account with the same name, the new service account\n has a different unique ID than the deleted service account.\n x-kubernetes-immutable: true\n")
blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/service_account.yaml
var YAML_workload_identity_pool = []byte("info:\n title: Iam/WorkloadIdentityPool\n description: The Iam WorkloadIdentityPool resource\n x-dcl-struct-name: WorkloadIdentityPool\n x-dcl-has-iam: false\npaths:\n get:\n description: The function used to get information about a WorkloadIdentityPool\n parameters:\n - name: WorkloadIdentityPool\n required: true\n description: A full instance of a WorkloadIdentityPool\n apply:\n description: The function used to apply information about a WorkloadIdentityPool\n parameters:\n - name: WorkloadIdentityPool\n required: true\n description: A full instance of a WorkloadIdentityPool\n delete:\n description: The function used to delete a WorkloadIdentityPool\n parameters:\n - name: WorkloadIdentityPool\n required: true\n description: A full instance of a WorkloadIdentityPool\n deleteAll:\n description: The function used to delete all WorkloadIdentityPool\n parameters:\n - name: project\n required: true\n schema:\n type: string\n - name: location\n required: true\n schema:\n type: string\n list:\n description: The function used to list information about many WorkloadIdentityPool\n parameters:\n - name: project\n required: true\n schema:\n type: string\n - name: location\n required: true\n schema:\n type: string\ncomponents:\n schemas:\n WorkloadIdentityPool:\n title: WorkloadIdentityPool\n x-dcl-id: projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}\n x-dcl-parent-container: project\n x-dcl-has-iam: false\n type: object\n required:\n - name\n - project\n - location\n properties:\n description:\n type: string\n x-dcl-go-name: Description\n description: A description of the pool. Cannot exceed 256 characters.\n disabled:\n type: boolean\n x-dcl-go-name: Disabled\n description: Whether the pool is disabled. You cannot use a disabled pool\n to exchange tokens, or use existing tokens to access resources. If the\n pool is re-enabled, existing tokens grant access again.\n displayName:\n type: string\n x-dcl-go-name: DisplayName\n description: A display name for the pool. Cannot exceed 32 characters.\n location:\n type: string\n x-dcl-go-name: Location\n description: The location for the resource\n x-kubernetes-immutable: true\n name:\n type: string\n x-dcl-go-name: Name\n description: Output only. The resource name of the pool.\n x-kubernetes-immutable: true\n project:\n type: string\n x-dcl-go-name: Project\n description: The project for the resource\n x-kubernetes-immutable: true\n x-dcl-references:\n - resource: Cloudresourcemanager/Project\n field: name\n parent: true\n state:\n type: string\n x-dcl-go-name: State\n x-dcl-go-type: WorkloadIdentityPoolStateEnum\n readOnly: true\n description: 'Output only. The state of the pool. Possible values: STATE_UNSPECIFIED,\n ACTIVE, DELETED'\n x-kubernetes-immutable: true\n enum:\n - STATE_UNSPECIFIED\n - ACTIVE\n - DELETED\n")
blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/workload_identity_pool.yaml
var YAML_workload_identity_pool_provider = []byte("info:\n title: Iam/WorkloadIdentityPoolProvider\n description: The Iam WorkloadIdentityPoolProvider resource\n x-dcl-struct-name: WorkloadIdentityPoolProvider\n x-dcl-has-iam: false\npaths:\n get:\n description: The function used to get information about a WorkloadIdentityPoolProvider\n parameters:\n - name: WorkloadIdentityPoolProvider\n required: true\n description: A full instance of a WorkloadIdentityPoolProvider\n apply:\n description: The function used to apply information about a WorkloadIdentityPoolProvider\n parameters:\n - name: WorkloadIdentityPoolProvider\n required: true\n description: A full instance of a WorkloadIdentityPoolProvider\n delete:\n description: The function used to delete a WorkloadIdentityPoolProvider\n parameters:\n - name: WorkloadIdentityPoolProvider\n required: true\n description: A full instance of a WorkloadIdentityPoolProvider\n deleteAll:\n description: The function used to delete all WorkloadIdentityPoolProvider\n parameters:\n - name: project\n required: true\n schema:\n type: string\n - name: location\n required: true\n schema:\n type: string\n - name: workloadidentitypool\n required: true\n schema:\n type: string\n list:\n description: The function used to list information about many WorkloadIdentityPoolProvider\n parameters:\n - name: project\n required: true\n schema:\n type: string\n - name: location\n required: true\n schema:\n type: string\n - name: workloadidentitypool\n required: true\n schema:\n type: string\ncomponents:\n schemas:\n WorkloadIdentityPoolProvider:\n title: WorkloadIdentityPoolProvider\n x-dcl-id: projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{workload_identity_pool}}/providers/{{name}}\n x-dcl-uses-state-hint: true\n x-dcl-parent-container: project\n x-dcl-has-iam: false\n type: object\n required:\n - name\n - project\n - location\n - workloadIdentityPool\n properties:\n attributeCondition:\n type: string\n x-dcl-go-name: AttributeCondition\n description: '[A Common Expression Language](https://opensource.google/projects/cel)\n expression, in plain text, to restrict what otherwise valid authentication\n credentials issued by the provider should not be accepted. The expression\n must output a boolean representing whether to allow the federation. The\n following keywords may be referenced in the expressions: * `assertion`:\n JSON representing the authentication credential issued by the provider.\n * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`.\n * `attribute`: The custom attributes mapped from the assertion in the\n `attribute_mappings`. The maximum length of the attribute condition expression\n is 4096 characters. If unspecified, all valid authentication credential\n are accepted. The following example shows how to only allow credentials\n with a mapped `google.groups` value of `admins`: ``` \"''admins'' in google.groups\"\n ```'\n attributeMapping:\n type: object\n additionalProperties:\n type: string\n x-dcl-go-name: AttributeMapping\n description: 'Maps attributes from authentication credentials issued by\n an external identity provider to Google Cloud attributes, such as `subject`\n and `segment`. Each key must be a string specifying the Google Cloud IAM\n attribute to map to. The following keys are supported: * `google.subject`:\n The principal IAM is authenticating. You can reference this value in IAM\n bindings. This is also the subject that appears in Cloud Logging logs.\n Cannot exceed 127 characters. * `google.groups`: Groups the external identity\n belongs to. You can grant groups access to resources using an IAM `principalSet`\n binding; access applies to all members of the group. You can also provide\n custom attributes by specifying `attribute.{custom_attribute}`, where\n `{custom_attribute}` is the name of the custom attribute to be mapped.\n You can define a maximum of 50 custom attributes. The maximum length of\n a mapped attribute key is 100 characters, and the key may only contain\n the characters [a-z0-9_]. You can reference these attributes in IAM policies\n to define fine-grained access for a workload to Google Cloud resources.\n For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`\n * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`\n * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`\n Each value must be a [Common Expression Language] (https://opensource.google/projects/cel)\n function that maps an identity provider credential to the normalized attribute\n specified by the corresponding map key. You can use the `assertion` keyword\n in the expression to access a JSON representation of the authentication\n credential issued by the provider. The maximum length of an attribute\n mapping expression is 2048 characters. When evaluated, the total size\n of all mapped attributes must not exceed 8KB. For AWS providers, if no\n attribute mapping is defined, the following default mapping applies: ```\n { \"google.subject\":\"assertion.arn\", \"attribute.aws_role\": \"assertion.arn.contains(''assumed-role'')\"\n \" ? assertion.arn.extract(''{account_arn}assumed-role/'')\" \" + ''assumed-role/''\"\n \" + assertion.arn.extract(''assumed-role/{role_name}/'')\" \" : assertion.arn\",\n } ``` If any custom attribute mappings are defined, they must include\n a mapping to the `google.subject` attribute. For OIDC providers, you must\n supply a custom mapping, which must include the `google.subject` attribute.\n For example, the following maps the `sub` claim of the incoming credential\n to the `subject` attribute on a Google token: ``` {\"google.subject\": \"assertion.sub\"}\n ```'\n aws:\n type: object\n x-dcl-go-name: Aws\n x-dcl-go-type: WorkloadIdentityPoolProviderAws\n description: An Amazon Web Services identity provider.\n x-dcl-conflicts:\n - oidc\n required:\n - accountId\n properties:\n accountId:\n type: string\n x-dcl-go-name: AccountId\n description: Required. The AWS account ID.\n stsUri:\n type: array\n x-dcl-go-name: StsUri\n description: A list of AWS STS URIs that can be used when exchanging\n credentials. If not provided, any valid AWS STS URI is allowed. URIs\n must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`,\n where {region} is a valid AWS region. You can specify a maximum of\n 25 URIs.\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n x-dcl-mutable-unreadable: true\n description:\n type: string\n x-dcl-go-name: Description\n description: A description for the provider. Cannot exceed 256 characters.\n disabled:\n type: boolean\n x-dcl-go-name: Disabled\n description: Whether the provider is disabled. You cannot use a disabled\n provider to exchange tokens. However, existing tokens still grant access.\n displayName:\n type: string\n x-dcl-go-name: DisplayName\n description: A display name for the provider. Cannot exceed 32 characters.\n location:\n type: string\n x-dcl-go-name: Location\n description: The location for the resource\n x-kubernetes-immutable: true\n name:\n type: string\n x-dcl-go-name: Name\n description: Output only. The resource name of the provider.\n x-kubernetes-immutable: true\n oidc:\n type: object\n x-dcl-go-name: Oidc\n x-dcl-go-type: WorkloadIdentityPoolProviderOidc\n description: An OpenId Connect 1.0 identity provider.\n x-dcl-conflicts:\n - aws\n required:\n - issuerUri\n properties:\n allowedAudiences:\n type: array\n x-dcl-go-name: AllowedAudiences\n description: 'Acceptable values for the `aud` field (audience) in the\n OIDC token. Token exchange requests are rejected if the token audience\n does not match one of the configured values. Each audience may be\n at most 256 characters. A maximum of 10 audiences may be configured.\n If this list is empty, the OIDC token audience must be equal to the\n full canonical resource name of the WorkloadIdentityPoolProvider,\n with or without the HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/\n https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/\n ```'\n x-dcl-send-empty: true\n x-dcl-list-type: list\n items:\n type: string\n x-dcl-go-type: string\n issuerUri:\n type: string\n x-dcl-go-name: IssuerUri\n description: Required. The OIDC issuer URL. Must be an HTTPS endpoint.\n project:\n type: string\n x-dcl-go-name: Project\n description: The project for the resource\n x-kubernetes-immutable: true\n x-dcl-references:\n - resource: Cloudresourcemanager/Project\n field: name\n parent: true\n state:\n type: string\n x-dcl-go-name: State\n x-dcl-go-type: WorkloadIdentityPoolProviderStateEnum\n readOnly: true\n description: 'Output only. The state of the provider. Possible values: STATE_UNSPECIFIED,\n ACTIVE, DELETED'\n x-kubernetes-immutable: true\n enum:\n - STATE_UNSPECIFIED\n - ACTIVE\n - DELETED\n workloadIdentityPool:\n type: string\n x-dcl-go-name: WorkloadIdentityPool\n description: The workloadIdentityPool for the resource\n x-kubernetes-immutable: true\n x-dcl-references:\n - resource: Iam/WorkloadIdentityPool\n field: name\n parent: true\n")
blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/workload_identity_pool_provider.yaml
Functions ¶
func EncodeIAMCreateRequest ¶
func EncodeIAMCreateRequest(m map[string]interface{}, resourceName, idField string) map[string]interface{}
EncodeIAMCreateRequest encodes the create request for an iam resource.
func EncodeRoleCreateRequest ¶
EncodeRoleCreateRequest properly encodes the create request for an iam role.
func EncodeServiceAccountCreateRequest ¶
EncodeServiceAccountCreateRequest properly encodes the create request for an iam service account.
Types ¶
type Binding ¶
type Binding struct { Role *string `json:"role"` Members []string `json:"members"` Condition *Condition `json:"condition,omitempty"` Resource ResourceWithPolicy `json:"resource"` }
Binding maps a single role to all of its members.
type Client ¶
The Client is the base struct of all operations. This will receive the Get, Delete, List, and Apply operations on all resources.
func (*Client) ApplyBinding ¶
func (c *Client) ApplyBinding(ctx context.Context, binding *Binding, opts ...dcl.ApplyOption) (*Binding, error)
ApplyBinding is a convenience method to create a binding if it does not exist. It supports BlockAcquire and BlockCreation but ignores other lifecycle parameters as they are not relevant to IAM bindings.
func (*Client) ApplyMember ¶
func (c *Client) ApplyMember(ctx context.Context, member *Member, opts ...dcl.ApplyOption) (*Member, error)
ApplyMember is a convenience method to create a member if it does not exist. It supports BlockAcquire and BlockCreation but ignores other lifecycle parameters as they are not relevant to IAM members.
func (*Client) ApplyServiceAccount ¶
func (c *Client) ApplyServiceAccount(ctx context.Context, rawDesired *ServiceAccount, opts ...dcl.ApplyOption) (*ServiceAccount, error)
func (*Client) ApplyWorkloadIdentityPool ¶
func (c *Client) ApplyWorkloadIdentityPool(ctx context.Context, rawDesired *WorkloadIdentityPool, opts ...dcl.ApplyOption) (*WorkloadIdentityPool, error)
func (*Client) ApplyWorkloadIdentityPoolProvider ¶
func (c *Client) ApplyWorkloadIdentityPoolProvider(ctx context.Context, rawDesired *WorkloadIdentityPoolProvider, opts ...dcl.ApplyOption) (*WorkloadIdentityPoolProvider, error)
func (*Client) DeleteAllRole ¶
DeleteAllRole deletes all resources that the filter functions returns true on.
func (*Client) DeleteAllServiceAccount ¶
func (c *Client) DeleteAllServiceAccount(ctx context.Context, project string, filter func(*ServiceAccount) bool) error
DeleteAllServiceAccount deletes all resources that the filter functions returns true on.
func (*Client) DeleteAllWorkloadIdentityPool ¶
func (c *Client) DeleteAllWorkloadIdentityPool(ctx context.Context, project, location string, filter func(*WorkloadIdentityPool) bool) error
DeleteAllWorkloadIdentityPool deletes all resources that the filter functions returns true on.
func (*Client) DeleteAllWorkloadIdentityPoolProvider ¶
func (c *Client) DeleteAllWorkloadIdentityPoolProvider(ctx context.Context, project, location, workloadIdentityPool string, filter func(*WorkloadIdentityPoolProvider) bool) error
DeleteAllWorkloadIdentityPoolProvider deletes all resources that the filter functions returns true on.
func (*Client) DeleteBinding ¶
DeleteBinding deletes a binding from its specified resource.
func (*Client) DeleteMember ¶
DeleteMember deletes a member from its specified binding.
func (*Client) DeleteServiceAccount ¶
func (c *Client) DeleteServiceAccount(ctx context.Context, r *ServiceAccount) error
func (*Client) DeleteWorkloadIdentityPool ¶
func (c *Client) DeleteWorkloadIdentityPool(ctx context.Context, r *WorkloadIdentityPool) error
func (*Client) DeleteWorkloadIdentityPoolProvider ¶
func (c *Client) DeleteWorkloadIdentityPoolProvider(ctx context.Context, r *WorkloadIdentityPoolProvider) error
func (*Client) GetBinding ¶
func (c *Client) GetBinding(ctx context.Context, r ResourceWithPolicy, role string) (*Binding, error)
GetBinding returns the binding for the given role, or nil if there is no such binding.
func (*Client) GetMember ¶
func (c *Client) GetMember(ctx context.Context, r ResourceWithPolicy, role, member string) (*Member, error)
GetMember returns a Member struct if the role/member pair exists on the resource's policy, or nil if they do not.
func (*Client) GetServiceAccount ¶
func (c *Client) GetServiceAccount(ctx context.Context, r *ServiceAccount) (*ServiceAccount, error)
func (*Client) GetWorkloadIdentityPool ¶
func (c *Client) GetWorkloadIdentityPool(ctx context.Context, r *WorkloadIdentityPool) (*WorkloadIdentityPool, error)
func (*Client) GetWorkloadIdentityPoolProvider ¶
func (c *Client) GetWorkloadIdentityPoolProvider(ctx context.Context, r *WorkloadIdentityPoolProvider) (*WorkloadIdentityPoolProvider, error)
func (*Client) ListRoleWithMaxResults ¶
func (*Client) ListServiceAccount ¶
func (*Client) ListServiceAccountWithMaxResults ¶
func (*Client) ListWorkloadIdentityPool ¶
func (*Client) ListWorkloadIdentityPoolProvider ¶
func (*Client) ListWorkloadIdentityPoolProviderWithMaxResults ¶
func (*Client) ListWorkloadIdentityPoolWithMaxResults ¶
func (*Client) SetBinding ¶
SetBinding sets one binding, authoritatively on the role, for the given resource.
type Condition ¶
type Condition struct { Title *string `json:"title"` Description *string `json:"description"` Expression *string `json:"expression"` }
Condition represents an IAM condition. See https://cloud.google.com/iam/docs/conditions-overview#resources for details.
type Member ¶
type Member struct { Role *string `json:"role"` Member *string `json:"member"` Resource ResourceWithPolicy `json:"resource"` }
Member maps a single IAM member to one of its roles.
type Policy ¶
type Policy struct { Bindings []Binding `json:"bindings"` Etag *string `json:"etag"` Version *int `json:"version"` Resource ResourceWithPolicy `json:"resource"` }
Policy is the core resource of an IAM policy.
type ResourceWithPolicy ¶
type ResourceWithPolicy interface { SetPolicyURL(string) string SetPolicyVerb() string GetPolicy(string) (string, string, *bytes.Buffer, error) IAMPolicyVersion() int }
ResourceWithPolicy is any DCL resource which has an IAM policy.
type Role ¶
type Role struct { Name *string `json:"name"` Title *string `json:"title"` Description *string `json:"description"` LocalizedValues *RoleLocalizedValues `json:"localizedValues"` LifecyclePhase *string `json:"lifecyclePhase"` GroupName *string `json:"groupName"` GroupTitle *string `json:"groupTitle"` IncludedPermissions []string `json:"includedPermissions"` Stage *RoleStageEnum `json:"stage"` Etag *string `json:"etag"` Deleted *bool `json:"deleted"` IncludedRoles []string `json:"includedRoles"` Parent *string `json:"parent"` }
func (*Role) Describe ¶
func (r *Role) Describe() dcl.ServiceTypeVersion
Describe returns a simple description of this resource to ensure that automated tools can identify it.
type RoleLocalizedValues ¶
type RoleLocalizedValues struct { LocalizedTitle *string `json:"localizedTitle"` LocalizedDescription *string `json:"localizedDescription"` // contains filtered or unexported fields }
var EmptyRoleLocalizedValues *RoleLocalizedValues = &RoleLocalizedValues{empty: true}
This object is used to assert a desired state where this RoleLocalizedValues is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.
func (*RoleLocalizedValues) Empty ¶
func (r *RoleLocalizedValues) Empty() bool
func (*RoleLocalizedValues) HashCode ¶
func (r *RoleLocalizedValues) HashCode() string
func (*RoleLocalizedValues) String ¶
func (r *RoleLocalizedValues) String() string
func (*RoleLocalizedValues) UnmarshalJSON ¶
func (r *RoleLocalizedValues) UnmarshalJSON(data []byte) error
type RoleStageEnum ¶
type RoleStageEnum string
The enum RoleStageEnum.
func RoleStageEnumRef ¶
func RoleStageEnumRef(s string) *RoleStageEnum
RoleStageEnumRef returns a *RoleStageEnum with the value of string s If the empty string is provided, nil is returned.
func (RoleStageEnum) Validate ¶
func (v RoleStageEnum) Validate() error
type ServiceAccount ¶
type ServiceAccount struct { Name *string `json:"name"` Project *string `json:"project"` UniqueId *string `json:"uniqueId"` Email *string `json:"email"` DisplayName *string `json:"displayName"` Description *string `json:"description"` OAuth2ClientId *string `json:"oauth2ClientId"` ActasResources *ServiceAccountActasResources `json:"actasResources"` Disabled *bool `json:"disabled"` }
func (*ServiceAccount) Describe ¶
func (r *ServiceAccount) Describe() dcl.ServiceTypeVersion
Describe returns a simple description of this resource to ensure that automated tools can identify it.
func (*ServiceAccount) IAMPolicyVersion ¶
func (r *ServiceAccount) IAMPolicyVersion() int
func (*ServiceAccount) ID ¶
func (r *ServiceAccount) ID() (string, error)
func (*ServiceAccount) SetPolicyURL ¶
func (r *ServiceAccount) SetPolicyURL(userBasePath string) string
func (*ServiceAccount) SetPolicyVerb ¶
func (r *ServiceAccount) SetPolicyVerb() string
func (*ServiceAccount) String ¶
func (r *ServiceAccount) String() string
type ServiceAccountActasResources ¶
type ServiceAccountActasResources struct { Resources []ServiceAccountActasResourcesResources `json:"resources"` // contains filtered or unexported fields }
var EmptyServiceAccountActasResources *ServiceAccountActasResources = &ServiceAccountActasResources{empty: true}
This object is used to assert a desired state where this ServiceAccountActasResources is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.
func (*ServiceAccountActasResources) Empty ¶
func (r *ServiceAccountActasResources) Empty() bool
func (*ServiceAccountActasResources) HashCode ¶
func (r *ServiceAccountActasResources) HashCode() string
func (*ServiceAccountActasResources) String ¶
func (r *ServiceAccountActasResources) String() string
func (*ServiceAccountActasResources) UnmarshalJSON ¶
func (r *ServiceAccountActasResources) UnmarshalJSON(data []byte) error
type ServiceAccountActasResourcesResources ¶
type ServiceAccountActasResourcesResources struct { FullResourceName *string `json:"fullResourceName"` // contains filtered or unexported fields }
var EmptyServiceAccountActasResourcesResources *ServiceAccountActasResourcesResources = &ServiceAccountActasResourcesResources{empty: true}
This object is used to assert a desired state where this ServiceAccountActasResourcesResources is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.
func (*ServiceAccountActasResourcesResources) Empty ¶
func (r *ServiceAccountActasResourcesResources) Empty() bool
func (*ServiceAccountActasResourcesResources) HashCode ¶
func (r *ServiceAccountActasResourcesResources) HashCode() string
func (*ServiceAccountActasResourcesResources) String ¶
func (r *ServiceAccountActasResourcesResources) String() string
func (*ServiceAccountActasResourcesResources) UnmarshalJSON ¶
func (r *ServiceAccountActasResourcesResources) UnmarshalJSON(data []byte) error
type ServiceAccountList ¶
type ServiceAccountList struct { Items []*ServiceAccount // contains filtered or unexported fields }
func (*ServiceAccountList) HasNext ¶
func (l *ServiceAccountList) HasNext() bool
type WorkloadIdentityPool ¶
type WorkloadIdentityPool struct { Name *string `json:"name"` DisplayName *string `json:"displayName"` Description *string `json:"description"` State *WorkloadIdentityPoolStateEnum `json:"state"` Disabled *bool `json:"disabled"` Project *string `json:"project"` Location *string `json:"location"` }
func (*WorkloadIdentityPool) Describe ¶
func (r *WorkloadIdentityPool) Describe() dcl.ServiceTypeVersion
Describe returns a simple description of this resource to ensure that automated tools can identify it.
func (*WorkloadIdentityPool) ID ¶
func (r *WorkloadIdentityPool) ID() (string, error)
func (*WorkloadIdentityPool) String ¶
func (r *WorkloadIdentityPool) String() string
type WorkloadIdentityPoolList ¶
type WorkloadIdentityPoolList struct { Items []*WorkloadIdentityPool // contains filtered or unexported fields }
func (*WorkloadIdentityPoolList) HasNext ¶
func (l *WorkloadIdentityPoolList) HasNext() bool
type WorkloadIdentityPoolProvider ¶
type WorkloadIdentityPoolProvider struct { Name *string `json:"name"` DisplayName *string `json:"displayName"` Description *string `json:"description"` State *WorkloadIdentityPoolProviderStateEnum `json:"state"` Disabled *bool `json:"disabled"` AttributeMapping map[string]string `json:"attributeMapping"` AttributeCondition *string `json:"attributeCondition"` Aws *WorkloadIdentityPoolProviderAws `json:"aws"` Oidc *WorkloadIdentityPoolProviderOidc `json:"oidc"` Project *string `json:"project"` Location *string `json:"location"` WorkloadIdentityPool *string `json:"workloadIdentityPool"` }
func (*WorkloadIdentityPoolProvider) Describe ¶
func (r *WorkloadIdentityPoolProvider) Describe() dcl.ServiceTypeVersion
Describe returns a simple description of this resource to ensure that automated tools can identify it.
func (*WorkloadIdentityPoolProvider) ID ¶
func (r *WorkloadIdentityPoolProvider) ID() (string, error)
func (*WorkloadIdentityPoolProvider) String ¶
func (r *WorkloadIdentityPoolProvider) String() string
type WorkloadIdentityPoolProviderAws ¶
type WorkloadIdentityPoolProviderAws struct { AccountId *string `json:"accountId"` StsUri []string `json:"stsUri"` // contains filtered or unexported fields }
var EmptyWorkloadIdentityPoolProviderAws *WorkloadIdentityPoolProviderAws = &WorkloadIdentityPoolProviderAws{empty: true}
This object is used to assert a desired state where this WorkloadIdentityPoolProviderAws is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.
func (*WorkloadIdentityPoolProviderAws) Empty ¶
func (r *WorkloadIdentityPoolProviderAws) Empty() bool
func (*WorkloadIdentityPoolProviderAws) HashCode ¶
func (r *WorkloadIdentityPoolProviderAws) HashCode() string
func (*WorkloadIdentityPoolProviderAws) String ¶
func (r *WorkloadIdentityPoolProviderAws) String() string
func (*WorkloadIdentityPoolProviderAws) UnmarshalJSON ¶
func (r *WorkloadIdentityPoolProviderAws) UnmarshalJSON(data []byte) error
type WorkloadIdentityPoolProviderList ¶
type WorkloadIdentityPoolProviderList struct { Items []*WorkloadIdentityPoolProvider // contains filtered or unexported fields }
func (*WorkloadIdentityPoolProviderList) HasNext ¶
func (l *WorkloadIdentityPoolProviderList) HasNext() bool
type WorkloadIdentityPoolProviderOidc ¶
type WorkloadIdentityPoolProviderOidc struct { IssuerUri *string `json:"issuerUri"` AllowedAudiences []string `json:"allowedAudiences"` // contains filtered or unexported fields }
var EmptyWorkloadIdentityPoolProviderOidc *WorkloadIdentityPoolProviderOidc = &WorkloadIdentityPoolProviderOidc{empty: true}
This object is used to assert a desired state where this WorkloadIdentityPoolProviderOidc is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.
func (*WorkloadIdentityPoolProviderOidc) Empty ¶
func (r *WorkloadIdentityPoolProviderOidc) Empty() bool
func (*WorkloadIdentityPoolProviderOidc) HashCode ¶
func (r *WorkloadIdentityPoolProviderOidc) HashCode() string
func (*WorkloadIdentityPoolProviderOidc) String ¶
func (r *WorkloadIdentityPoolProviderOidc) String() string
func (*WorkloadIdentityPoolProviderOidc) UnmarshalJSON ¶
func (r *WorkloadIdentityPoolProviderOidc) UnmarshalJSON(data []byte) error
type WorkloadIdentityPoolProviderStateEnum ¶
type WorkloadIdentityPoolProviderStateEnum string
The enum WorkloadIdentityPoolProviderStateEnum.
func WorkloadIdentityPoolProviderStateEnumRef ¶
func WorkloadIdentityPoolProviderStateEnumRef(s string) *WorkloadIdentityPoolProviderStateEnum
WorkloadIdentityPoolProviderStateEnumRef returns a *WorkloadIdentityPoolProviderStateEnum with the value of string s If the empty string is provided, nil is returned.
func (WorkloadIdentityPoolProviderStateEnum) Validate ¶
func (v WorkloadIdentityPoolProviderStateEnum) Validate() error
type WorkloadIdentityPoolStateEnum ¶
type WorkloadIdentityPoolStateEnum string
The enum WorkloadIdentityPoolStateEnum.
func WorkloadIdentityPoolStateEnumRef ¶
func WorkloadIdentityPoolStateEnumRef(s string) *WorkloadIdentityPoolStateEnum
WorkloadIdentityPoolStateEnumRef returns a *WorkloadIdentityPoolStateEnum with the value of string s If the empty string is provided, nil is returned.
func (WorkloadIdentityPoolStateEnum) Validate ¶
func (v WorkloadIdentityPoolStateEnum) Validate() error
Source Files ¶
- client.go
- iam.go
- iam_utils.go
- role.go
- role_internal.go
- role_yaml_embed.go
- service_account.go
- service_account_internal.go
- service_account_yaml_embed.go
- workload_identity_pool.go
- workload_identity_pool_internal.go
- workload_identity_pool_provider.go
- workload_identity_pool_provider_internal.go
- workload_identity_pool_provider_yaml_embed.go
- workload_identity_pool_yaml_embed.go