iam

package
v1.50.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 22, 2023 License: Apache-2.0 Imports: 13 Imported by: 1

Documentation

Overview

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Package iam defines operations in the declarative SDK.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Package iam includes tools for setting and getting policies, bindings, and members of IAM policies in the DCL.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2023 Google LLC. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const RoleMaxPage = -1
View Source
const ServiceAccountMaxPage = -1
View Source
const WorkforcePoolMaxPage = -1
View Source
const WorkforcePoolProviderMaxPage = -1
View Source
const WorkloadIdentityPoolMaxPage = -1
View Source
const WorkloadIdentityPoolProviderMaxPage = -1

Variables

View Source
var YAML_role = []byte("info:\n  title: Iam/Role\n  description: The Iam Role resource\n  x-dcl-struct-name: Role\n  x-dcl-has-iam: false\npaths:\n  get:\n    description: The function used to get information about a Role\n    parameters:\n    - name: role\n      required: true\n      description: A full instance of a Role\n  apply:\n    description: The function used to apply information about a Role\n    parameters:\n    - name: role\n      required: true\n      description: A full instance of a Role\n  delete:\n    description: The function used to delete a Role\n    parameters:\n    - name: role\n      required: true\n      description: A full instance of a Role\n  deleteAll:\n    description: The function used to delete all Role\n    parameters:\n    - name: parent\n      required: true\n      schema:\n        type: string\n  list:\n    description: The function used to list information about many Role\n    parameters:\n    - name: parent\n      required: true\n      schema:\n        type: string\ncomponents:\n  schemas:\n    Role:\n      title: Role\n      x-dcl-id: '{{parent}}/roles/{{name}}'\n      x-dcl-has-create: true\n      x-dcl-has-iam: false\n      x-dcl-read-timeout: 0\n      x-dcl-apply-timeout: 0\n      x-dcl-delete-timeout: 0\n      type: object\n      properties:\n        deleted:\n          type: boolean\n          x-dcl-go-name: Deleted\n          description: The current deleted state of the role. This field is read only.\n            It will be ignored in calls to CreateRole and UpdateRole.\n          x-kubernetes-immutable: true\n        description:\n          type: string\n          x-dcl-go-name: Description\n          description: Optional. A human-readable description for the role.\n          x-kubernetes-immutable: true\n        etag:\n          type: string\n          x-dcl-go-name: Etag\n          description: Used to perform a consistent read-modify-write.\n          x-kubernetes-immutable: true\n        groupName:\n          type: string\n          x-dcl-go-name: GroupName\n          x-kubernetes-immutable: true\n        groupTitle:\n          type: string\n          x-dcl-go-name: GroupTitle\n          x-kubernetes-immutable: true\n        includedPermissions:\n          type: array\n          x-dcl-go-name: IncludedPermissions\n          description: The names of the permissions this role grants when bound in\n            an IAM policy.\n          x-kubernetes-immutable: true\n          x-dcl-send-empty: true\n          x-dcl-list-type: list\n          items:\n            type: string\n            x-dcl-go-type: string\n        includedRoles:\n          type: array\n          x-dcl-go-name: IncludedRoles\n          x-kubernetes-immutable: true\n          x-dcl-send-empty: true\n          x-dcl-list-type: list\n          items:\n            type: string\n            x-dcl-go-type: string\n        lifecyclePhase:\n          type: string\n          x-dcl-go-name: LifecyclePhase\n          x-kubernetes-immutable: true\n        localizedValues:\n          type: object\n          x-dcl-go-name: LocalizedValues\n          x-dcl-go-type: RoleLocalizedValues\n          x-kubernetes-immutable: true\n          properties:\n            localizedDescription:\n              type: string\n              x-dcl-go-name: LocalizedDescription\n              description: Will be English by default or if an error occurred during\n                translation.\n              x-kubernetes-immutable: true\n            localizedTitle:\n              type: string\n              x-dcl-go-name: LocalizedTitle\n              description: Will be English by default or if an error occurred during\n                translation.\n              x-kubernetes-immutable: true\n        name:\n          type: string\n          x-dcl-go-name: Name\n          description: The name of the role. When Role is used in CreateRole, the\n            role name must not be set. When Role is used in output and other input\n            such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer\n            for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer\n            for custom roles.\n          x-kubernetes-immutable: true\n        parent:\n          type: string\n          x-dcl-go-name: Parent\n          description: 'The parent parameter''s value depends on the target resource\n            for the request, namely projects or organizations. Each resource type''s\n            parent value format is described below: projects.roles.create(): projects/{PROJECT_ID}.\n            This method creates project-level custom roles. Example request URL: https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles\n            organizations.roles.create(): organizations/{ORGANIZATION_ID}. This method\n            creates organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles\n            Note: Wildcard (*) values are invalid; you must specify a complete project\n            ID or organization ID. Authorization requires the following IAM permission\n            on the specified resource parent: iam.roles.create'\n          x-kubernetes-immutable: true\n          x-dcl-forward-slash-allowed: true\n          x-dcl-references:\n          - resource: Cloudresourcemanager/Project\n            field: name\n            parent: true\n          - resource: Cloudresourcemanager/Organization\n            field: name\n            parent: true\n        stage:\n          type: string\n          x-dcl-go-name: Stage\n          x-dcl-go-type: RoleStageEnum\n          description: The current launch stage of the role. If the `ALPHA` launch\n            stage has been selected for a role, the `stage` field will not be included\n            in the returned definition for the role.\n          x-kubernetes-immutable: true\n          enum:\n          - ALPHA\n          - BETA\n          - GA\n          - DEPRECATED\n          - DISABLED\n          - EAP\n        title:\n          type: string\n          x-dcl-go-name: Title\n          description: Optional. A human-readable title for the role. Typically this\n            is limited to 100 UTF-8 bytes.\n          x-kubernetes-immutable: true\n")

blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/role.yaml

View Source
var YAML_service_account = []byte("info:\n  title: Iam/ServiceAccount\n  description: The Iam ServiceAccount resource\n  x-dcl-struct-name: ServiceAccount\n  x-dcl-has-iam: true\npaths:\n  get:\n    description: The function used to get information about a ServiceAccount\n    parameters:\n    - name: serviceAccount\n      required: true\n      description: A full instance of a ServiceAccount\n  apply:\n    description: The function used to apply information about a ServiceAccount\n    parameters:\n    - name: serviceAccount\n      required: true\n      description: A full instance of a ServiceAccount\n  delete:\n    description: The function used to delete a ServiceAccount\n    parameters:\n    - name: serviceAccount\n      required: true\n      description: A full instance of a ServiceAccount\n  deleteAll:\n    description: The function used to delete all ServiceAccount\n    parameters:\n    - name: project\n      required: true\n      schema:\n        type: string\n  list:\n    description: The function used to list information about many ServiceAccount\n    parameters:\n    - name: project\n      required: true\n      schema:\n        type: string\ncomponents:\n  schemas:\n    ServiceAccount:\n      title: ServiceAccount\n      x-dcl-id: projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com\n      x-dcl-parent-container: project\n      x-dcl-has-create: true\n      x-dcl-has-iam: true\n      x-dcl-read-timeout: 0\n      x-dcl-apply-timeout: 0\n      x-dcl-delete-timeout: 0\n      type: object\n      properties:\n        actasResources:\n          type: object\n          x-dcl-go-name: ActasResources\n          x-dcl-go-type: ServiceAccountActasResources\n          description: Optional.\n          x-kubernetes-immutable: true\n          properties:\n            resources:\n              type: array\n              x-dcl-go-name: Resources\n              x-kubernetes-immutable: true\n              x-dcl-send-empty: true\n              x-dcl-list-type: list\n              items:\n                type: object\n                x-dcl-go-type: ServiceAccountActasResourcesResources\n                properties:\n                  fullResourceName:\n                    type: string\n                    x-dcl-go-name: FullResourceName\n                    x-kubernetes-immutable: true\n        description:\n          type: string\n          x-dcl-go-name: Description\n          description: Optional. A user-specified, human-readable description of the\n            service account. The maximum length is 256 UTF-8 bytes.\n        disabled:\n          type: boolean\n          x-dcl-go-name: Disabled\n          readOnly: true\n          description: Output only. Whether the service account is disabled.\n          x-kubernetes-immutable: true\n        displayName:\n          type: string\n          x-dcl-go-name: DisplayName\n          description: Optional. A user-specified, human-readable name for the service\n            account. The maximum length is 100 UTF-8 bytes.\n        email:\n          type: string\n          x-dcl-go-name: Email\n          readOnly: true\n          description: Output only. The email address of the service account.\n          x-kubernetes-immutable: true\n        name:\n          type: string\n          x-dcl-go-name: Name\n          description: 'The resource name of the service account. Use one of the following\n            formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`\n            As an alternative, you can use the `-` wildcard character instead of the\n            project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}`\n            When possible, avoid using the `-` wildcard character, because it can\n            cause response messages to contain misleading error codes. For example,\n            if you try to get the service account `projects/-/serviceAccounts/fake@example.com`,\n            which does not exist, the response contains an HTTP `403 Forbidden` error\n            instead of a `404 Not Found` error.'\n          x-kubernetes-immutable: true\n        oauth2ClientId:\n          type: string\n          x-dcl-go-name: OAuth2ClientId\n          readOnly: true\n          description: Output only. The OAuth 2.0 client ID for the service account.\n          x-kubernetes-immutable: true\n        project:\n          type: string\n          x-dcl-go-name: Project\n          description: The ID of the project that owns the service account.\n          x-kubernetes-immutable: true\n          x-dcl-references:\n          - resource: Cloudresourcemanager/Project\n            field: name\n            parent: true\n        uniqueId:\n          type: string\n          x-dcl-go-name: UniqueId\n          readOnly: true\n          description: Output only. The unique, stable numeric ID for the service\n            account. Each service account retains its unique ID even if you delete\n            the service account. For example, if you delete a service account, then\n            create a new service account with the same name, the new service account\n            has a different unique ID than the deleted service account.\n          x-kubernetes-immutable: true\n")

blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/service_account.yaml

View Source
var YAML_workforce_pool = []byte("info:\n  title: Iam/WorkforcePool\n  description: The Iam WorkforcePool resource\n  x-dcl-struct-name: WorkforcePool\n  x-dcl-has-iam: true\npaths:\n  get:\n    description: The function used to get information about a WorkforcePool\n    parameters:\n    - name: workforcePool\n      required: true\n      description: A full instance of a WorkforcePool\n  apply:\n    description: The function used to apply information about a WorkforcePool\n    parameters:\n    - name: workforcePool\n      required: true\n      description: A full instance of a WorkforcePool\n  delete:\n    description: The function used to delete a WorkforcePool\n    parameters:\n    - name: workforcePool\n      required: true\n      description: A full instance of a WorkforcePool\n  deleteAll:\n    description: The function used to delete all WorkforcePool\n    parameters:\n    - name: location\n      required: true\n      schema:\n        type: string\n    - name: parent\n      required: true\n      schema:\n        type: string\n  list:\n    description: The function used to list information about many WorkforcePool\n    parameters:\n    - name: location\n      required: true\n      schema:\n        type: string\n    - name: parent\n      required: true\n      schema:\n        type: string\ncomponents:\n  schemas:\n    WorkforcePool:\n      title: WorkforcePool\n      x-dcl-id: locations/{{location}}/workforcePools/{{name}}\n      x-dcl-has-create: true\n      x-dcl-has-iam: true\n      x-dcl-read-timeout: 0\n      x-dcl-apply-timeout: 0\n      x-dcl-delete-timeout: 0\n      type: object\n      required:\n      - name\n      - parent\n      - location\n      properties:\n        description:\n          type: string\n          x-dcl-go-name: Description\n          description: A user-specified description of the pool. Cannot exceed 256\n            characters.\n        disabled:\n          type: boolean\n          x-dcl-go-name: Disabled\n          description: Whether the pool is disabled. You cannot use a disabled pool\n            to exchange tokens, or use existing tokens to access resources. If the\n            pool is re-enabled, existing tokens grant access again.\n        displayName:\n          type: string\n          x-dcl-go-name: DisplayName\n          description: A user-specified display name of the pool in Google Cloud Console.\n            Cannot exceed 32 characters.\n        location:\n          type: string\n          x-dcl-go-name: Location\n          description: The location for the resource\n          x-kubernetes-immutable: true\n        name:\n          type: string\n          x-dcl-go-name: Name\n          description: The name of the pool. The ID must be a globally unique string\n            of 6 to 63 lowercase letters, digits, or hyphens. It must start with a\n            letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved\n            for use by Google, and may not be specified.\n          x-kubernetes-immutable: true\n        parent:\n          type: string\n          x-dcl-go-name: Parent\n          description: 'Immutable. The resource name of the parent. Format: `organizations/{org-id}`.'\n          x-kubernetes-immutable: true\n          x-dcl-forward-slash-allowed: true\n          x-dcl-references:\n          - resource: Cloudresourcemanager/Organization\n            field: name\n            parent: true\n        selfLink:\n          type: string\n          x-dcl-go-name: SelfLink\n          readOnly: true\n          description: 'Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`'\n          x-kubernetes-immutable: true\n        sessionDuration:\n          type: string\n          x-dcl-go-name: SessionDuration\n          description: How long the Google Cloud access tokens, console sign-in sessions,\n            and gcloud sign-in sessions from this pool are valid. Must be greater\n            than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration`\n            is not configured, minted credentials will have a default duration of\n            one hour (3600s).\n          x-dcl-server-default: true\n        state:\n          type: string\n          x-dcl-go-name: State\n          x-dcl-go-type: WorkforcePoolStateEnum\n          readOnly: true\n          description: 'Output only. The state of the pool. Possible values: STATE_UNSPECIFIED,\n            ACTIVE, DELETED'\n          x-kubernetes-immutable: true\n          enum:\n          - STATE_UNSPECIFIED\n          - ACTIVE\n          - DELETED\n")

blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/workforce_pool.yaml

View Source
var YAML_workforce_pool_provider = []byte("info:\n  title: Iam/WorkforcePoolProvider\n  description: The Iam WorkforcePoolProvider resource\n  x-dcl-struct-name: WorkforcePoolProvider\n  x-dcl-has-iam: false\npaths:\n  get:\n    description: The function used to get information about a WorkforcePoolProvider\n    parameters:\n    - name: workforcePoolProvider\n      required: true\n      description: A full instance of a WorkforcePoolProvider\n  apply:\n    description: The function used to apply information about a WorkforcePoolProvider\n    parameters:\n    - name: workforcePoolProvider\n      required: true\n      description: A full instance of a WorkforcePoolProvider\n  delete:\n    description: The function used to delete a WorkforcePoolProvider\n    parameters:\n    - name: workforcePoolProvider\n      required: true\n      description: A full instance of a WorkforcePoolProvider\n  deleteAll:\n    description: The function used to delete all WorkforcePoolProvider\n    parameters:\n    - name: location\n      required: true\n      schema:\n        type: string\n    - name: workforcePool\n      required: true\n      schema:\n        type: string\n  list:\n    description: The function used to list information about many WorkforcePoolProvider\n    parameters:\n    - name: location\n      required: true\n      schema:\n        type: string\n    - name: workforcePool\n      required: true\n      schema:\n        type: string\ncomponents:\n  schemas:\n    WorkforcePoolProvider:\n      title: WorkforcePoolProvider\n      x-dcl-id: locations/{{location}}/workforcePools/{{workforce_pool}}/providers/{{name}}\n      x-dcl-uses-state-hint: true\n      x-dcl-has-create: true\n      x-dcl-has-iam: false\n      x-dcl-read-timeout: 0\n      x-dcl-apply-timeout: 0\n      x-dcl-delete-timeout: 0\n      type: object\n      required:\n      - name\n      - attributeMapping\n      - location\n      - workforcePool\n      properties:\n        attributeCondition:\n          type: string\n          x-dcl-go-name: AttributeCondition\n          description: 'A [Common Expression Language](https://opensource.google/projects/cel)\n            expression, in plain text, to restrict what otherwise valid authentication\n            credentials issued by the provider should not be accepted. The expression\n            must output a boolean representing whether to allow the federation. The\n            following keywords may be referenced in the expressions: * `assertion`:\n            JSON representing the authentication credential issued by the provider.\n            * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`.\n            `google.profile_photo` and `google.display_name` are not supported. *\n            `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`.\n            The maximum length of the attribute condition expression is 4096 characters.\n            If unspecified, all valid authentication credentials will be accepted.\n            The following example shows how to only allow credentials with a mapped\n            `google.groups` value of `admins`: ``` \"''admins'' in google.groups\" ```'\n        attributeMapping:\n          type: object\n          additionalProperties:\n            type: string\n          x-dcl-go-name: AttributeMapping\n          description: 'Required. Maps attributes from the authentication credentials\n            issued by an external identity provider to Google Cloud attributes, such\n            as `subject` and `segment`. Each key must be a string specifying the Google\n            Cloud IAM attribute to map to. The following keys are supported: * `google.subject`:\n            The principal IAM is authenticating. You can reference this value in IAM\n            bindings. This is also the subject that appears in Cloud Logging logs.\n            This is a required field and the mapped subject cannot exceed 127 bytes.\n            * `google.groups`: Groups the authenticating user belongs to. You can\n            grant groups access to resources using an IAM `principalSet` binding;\n            access applies to all members of the group. * `google.display_name`: The\n            name of the authenticated user. This is an optional field and the mapped\n            display name cannot exceed 100 bytes. If not set, `google.subject` will\n            be displayed instead. This attribute cannot be referenced in IAM bindings.\n            * `google.profile_photo`: The URL that specifies the authenticated user''s\n            thumbnail photo. This is an optional field. When set, the image will be\n            visible as the user''s profile picture. If not set, a generic user icon\n            will be displayed instead. This attribute cannot be referenced in IAM\n            bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`,\n            where {custom_attribute} is the name of the custom attribute to be mapped.\n            You can define a maximum of 50 custom attributes. The maximum length of\n            a mapped attribute key is 100 characters, and the key may only contain\n            the characters [a-z0-9_]. You can reference these attributes in IAM policies\n            to define fine-grained access for a workforce pool to Google Cloud resources.\n            For example:'\n        description:\n          type: string\n          x-dcl-go-name: Description\n          description: A user-specified description of the provider. Cannot exceed\n            256 characters.\n        disabled:\n          type: boolean\n          x-dcl-go-name: Disabled\n          description: Whether the provider is disabled. You cannot use a disabled\n            provider to exchange tokens. However, existing tokens still grant access.\n        displayName:\n          type: string\n          x-dcl-go-name: DisplayName\n          description: A user-specified display name for the provider. Cannot exceed\n            32 characters.\n        location:\n          type: string\n          x-dcl-go-name: Location\n          description: The location for the resource\n          x-kubernetes-immutable: true\n        name:\n          type: string\n          x-dcl-go-name: Name\n          description: 'Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`'\n          x-kubernetes-immutable: true\n        oidc:\n          type: object\n          x-dcl-go-name: Oidc\n          x-dcl-go-type: WorkforcePoolProviderOidc\n          description: An OpenId Connect 1.0 identity provider configuration.\n          x-dcl-conflicts:\n          - saml\n          required:\n          - issuerUri\n          - clientId\n          - webSsoConfig\n          properties:\n            clientId:\n              type: string\n              x-dcl-go-name: ClientId\n              description: Required. The client ID. Must match the audience claim\n                of the JWT issued by the identity provider.\n            clientSecret:\n              type: object\n              x-dcl-go-name: ClientSecret\n              x-dcl-go-type: WorkforcePoolProviderOidcClientSecret\n              description: The optional client secret. Required to enable Authorization\n                Code flow for web sign-in.\n              properties:\n                value:\n                  type: object\n                  x-dcl-go-name: Value\n                  x-dcl-go-type: WorkforcePoolProviderOidcClientSecretValue\n                  description: The value of the client secret.\n                  properties:\n                    plainText:\n                      type: string\n                      x-dcl-go-name: PlainText\n                      description: Input only. The plain text of the client secret\n                        value.\n                      x-dcl-sensitive: true\n                      x-dcl-mutable-unreadable: true\n                    thumbprint:\n                      type: string\n                      x-dcl-go-name: Thumbprint\n                      readOnly: true\n                      description: Output only. A thumbprint to represent the current\n                        client secret value.\n            issuerUri:\n              type: string\n              x-dcl-go-name: IssuerUri\n              description: Required. The OIDC issuer URI. Must be a valid URI using\n                the 'https' scheme.\n            jwksJson:\n              type: string\n              x-dcl-go-name: JwksJson\n              description: 'OIDC JWKs in JSON String format. For details on definition\n                of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then\n                we use the `jwks_uri` from the discovery document fetched from the\n                .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric\n                keys are supported. The JWK must use following format and include\n                only the following fields: ```{\"keys\": [{\"kty\": \"RSA/EC\", \"alg\": \"<algorithm>\",\n                \"use\": \"sig\", \"kid\": \"<key-id>\", \"n\": \"\", \"e\": \"\", \"x\": \"\", \"y\": \"\",\n                \"crv\": \"\"}]}```'\n            webSsoConfig:\n              type: object\n              x-dcl-go-name: WebSsoConfig\n              x-dcl-go-type: WorkforcePoolProviderOidcWebSsoConfig\n              description: Required. Configuration for web single sign-on for the\n                OIDC provider. Here, web sign-in refers to console sign-in and gcloud\n                sign-in through the browser.\n              required:\n              - responseType\n              - assertionClaimsBehavior\n              properties:\n                additionalScopes:\n                  type: array\n                  x-dcl-go-name: AdditionalScopes\n                  description: Additional scopes to request for in the OIDC authentication\n                    request on top of scopes requested by default. By default, the\n                    `openid`, `profile` and `email` scopes that are supported by the\n                    identity provider are requested. Each additional scope may be\n                    at most 256 characters. A maximum of 10 additional scopes may\n                    be configured.\n                  x-dcl-send-empty: true\n                  x-dcl-list-type: list\n                  items:\n                    type: string\n                    x-dcl-go-type: string\n                assertionClaimsBehavior:\n                  type: string\n                  x-dcl-go-name: AssertionClaimsBehavior\n                  x-dcl-go-type: WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum\n                  description: 'Required. The behavior for how OIDC Claims are included\n                    in the `assertion` object used for attribute mapping and attribute\n                    condition. Possible values: ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED,\n                    MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS, ONLY_ID_TOKEN_CLAIMS'\n                  enum:\n                  - ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED\n                  - MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS\n                  - ONLY_ID_TOKEN_CLAIMS\n                responseType:\n                  type: string\n                  x-dcl-go-name: ResponseType\n                  x-dcl-go-type: WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum\n                  description: 'Required. The Response Type to request for in the\n                    OIDC Authorization Request for web sign-in. The `CODE` Response\n                    Type is recommended to avoid the Implicit Flow, for security reasons.\n                    Possible values: RESPONSE_TYPE_UNSPECIFIED, CODE, ID_TOKEN'\n                  enum:\n                  - RESPONSE_TYPE_UNSPECIFIED\n                  - CODE\n                  - ID_TOKEN\n        saml:\n          type: object\n          x-dcl-go-name: Saml\n          x-dcl-go-type: WorkforcePoolProviderSaml\n          description: A SAML identity provider configuration.\n          x-dcl-conflicts:\n          - oidc\n          required:\n          - idpMetadataXml\n          properties:\n            idpMetadataXml:\n              type: string\n              x-dcl-go-name: IdpMetadataXml\n              description: 'Required. SAML Identity provider configuration metadata\n                xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).\n                The max size of the acceptable xml document will be bounded to 128k\n                characters. The metadata xml document should satisfy the following\n                constraints: 1) Must contain an Identity Provider Entity ID. 2) Must\n                contain at least one non-expired signing key certificate. 3) For each\n                signing key: a) Valid from should be no more than 7 days from now.\n                b) Valid to should be no more than 10 years in the future. 4) Up to\n                3 IdP signing keys are allowed in the metadata xml. When updating\n                the provider''s metadata xml, at least one non-expired signing key\n                must overlap with the existing metadata. This requirement is skipped\n                if there are no non-expired signing keys present in the existing metadata.'\n        state:\n          type: string\n          x-dcl-go-name: State\n          x-dcl-go-type: WorkforcePoolProviderStateEnum\n          readOnly: true\n          description: 'Output only. The state of the provider. Possible values: STATE_UNSPECIFIED,\n            ACTIVE, DELETED'\n          x-kubernetes-immutable: true\n          enum:\n          - STATE_UNSPECIFIED\n          - ACTIVE\n          - DELETED\n        workforcePool:\n          type: string\n          x-dcl-go-name: WorkforcePool\n          description: The workforce_pool for the resource\n          x-kubernetes-immutable: true\n          x-dcl-references:\n          - resource: Iam/WorkforcePool\n            field: name\n            parent: true\n")

blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/workforce_pool_provider.yaml

View Source
var YAML_workload_identity_pool = []byte("info:\n  title: Iam/WorkloadIdentityPool\n  description: The Iam WorkloadIdentityPool resource\n  x-dcl-struct-name: WorkloadIdentityPool\n  x-dcl-has-iam: false\npaths:\n  get:\n    description: The function used to get information about a WorkloadIdentityPool\n    parameters:\n    - name: workloadIdentityPool\n      required: true\n      description: A full instance of a WorkloadIdentityPool\n  apply:\n    description: The function used to apply information about a WorkloadIdentityPool\n    parameters:\n    - name: workloadIdentityPool\n      required: true\n      description: A full instance of a WorkloadIdentityPool\n  delete:\n    description: The function used to delete a WorkloadIdentityPool\n    parameters:\n    - name: workloadIdentityPool\n      required: true\n      description: A full instance of a WorkloadIdentityPool\n  deleteAll:\n    description: The function used to delete all WorkloadIdentityPool\n    parameters:\n    - name: project\n      required: true\n      schema:\n        type: string\n    - name: location\n      required: true\n      schema:\n        type: string\n  list:\n    description: The function used to list information about many WorkloadIdentityPool\n    parameters:\n    - name: project\n      required: true\n      schema:\n        type: string\n    - name: location\n      required: true\n      schema:\n        type: string\ncomponents:\n  schemas:\n    WorkloadIdentityPool:\n      title: WorkloadIdentityPool\n      x-dcl-id: projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}\n      x-dcl-parent-container: project\n      x-dcl-has-create: true\n      x-dcl-has-iam: false\n      x-dcl-read-timeout: 0\n      x-dcl-apply-timeout: 0\n      x-dcl-delete-timeout: 0\n      type: object\n      required:\n      - name\n      - project\n      - location\n      properties:\n        description:\n          type: string\n          x-dcl-go-name: Description\n          description: A description of the pool. Cannot exceed 256 characters.\n        disabled:\n          type: boolean\n          x-dcl-go-name: Disabled\n          description: Whether the pool is disabled. You cannot use a disabled pool\n            to exchange tokens, or use existing tokens to access resources. If the\n            pool is re-enabled, existing tokens grant access again.\n        displayName:\n          type: string\n          x-dcl-go-name: DisplayName\n          description: A display name for the pool. Cannot exceed 32 characters.\n        location:\n          type: string\n          x-dcl-go-name: Location\n          description: The location for the resource\n          x-kubernetes-immutable: true\n        name:\n          type: string\n          x-dcl-go-name: Name\n          description: Output only. The resource name of the pool.\n          x-kubernetes-immutable: true\n        project:\n          type: string\n          x-dcl-go-name: Project\n          description: The project for the resource\n          x-kubernetes-immutable: true\n          x-dcl-references:\n          - resource: Cloudresourcemanager/Project\n            field: name\n            parent: true\n        state:\n          type: string\n          x-dcl-go-name: State\n          x-dcl-go-type: WorkloadIdentityPoolStateEnum\n          readOnly: true\n          description: 'Output only. The state of the pool. Possible values: STATE_UNSPECIFIED,\n            ACTIVE, DELETED'\n          x-kubernetes-immutable: true\n          enum:\n          - STATE_UNSPECIFIED\n          - ACTIVE\n          - DELETED\n")

blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/workload_identity_pool.yaml

View Source
var YAML_workload_identity_pool_provider = []byte("info:\n  title: Iam/WorkloadIdentityPoolProvider\n  description: The Iam WorkloadIdentityPoolProvider resource\n  x-dcl-struct-name: WorkloadIdentityPoolProvider\n  x-dcl-has-iam: false\npaths:\n  get:\n    description: The function used to get information about a WorkloadIdentityPoolProvider\n    parameters:\n    - name: workloadIdentityPoolProvider\n      required: true\n      description: A full instance of a WorkloadIdentityPoolProvider\n  apply:\n    description: The function used to apply information about a WorkloadIdentityPoolProvider\n    parameters:\n    - name: workloadIdentityPoolProvider\n      required: true\n      description: A full instance of a WorkloadIdentityPoolProvider\n  delete:\n    description: The function used to delete a WorkloadIdentityPoolProvider\n    parameters:\n    - name: workloadIdentityPoolProvider\n      required: true\n      description: A full instance of a WorkloadIdentityPoolProvider\n  deleteAll:\n    description: The function used to delete all WorkloadIdentityPoolProvider\n    parameters:\n    - name: project\n      required: true\n      schema:\n        type: string\n    - name: location\n      required: true\n      schema:\n        type: string\n    - name: workloadIdentityPool\n      required: true\n      schema:\n        type: string\n  list:\n    description: The function used to list information about many WorkloadIdentityPoolProvider\n    parameters:\n    - name: project\n      required: true\n      schema:\n        type: string\n    - name: location\n      required: true\n      schema:\n        type: string\n    - name: workloadIdentityPool\n      required: true\n      schema:\n        type: string\ncomponents:\n  schemas:\n    WorkloadIdentityPoolProvider:\n      title: WorkloadIdentityPoolProvider\n      x-dcl-id: projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{workload_identity_pool}}/providers/{{name}}\n      x-dcl-uses-state-hint: true\n      x-dcl-parent-container: project\n      x-dcl-has-create: true\n      x-dcl-has-iam: false\n      x-dcl-read-timeout: 0\n      x-dcl-apply-timeout: 0\n      x-dcl-delete-timeout: 0\n      type: object\n      required:\n      - name\n      - project\n      - location\n      - workloadIdentityPool\n      properties:\n        attributeCondition:\n          type: string\n          x-dcl-go-name: AttributeCondition\n          description: '[A Common Expression Language](https://opensource.google/projects/cel)\n            expression, in plain text, to restrict what otherwise valid authentication\n            credentials issued by the provider should not be accepted. The expression\n            must output a boolean representing whether to allow the federation. The\n            following keywords may be referenced in the expressions: * `assertion`:\n            JSON representing the authentication credential issued by the provider.\n            * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`.\n            * `attribute`: The custom attributes mapped from the assertion in the\n            `attribute_mappings`. The maximum length of the attribute condition expression\n            is 4096 characters. If unspecified, all valid authentication credential\n            are accepted. The following example shows how to only allow credentials\n            with a mapped `google.groups` value of `admins`: ``` \"''admins'' in google.groups\"\n            ```'\n        attributeMapping:\n          type: object\n          additionalProperties:\n            type: string\n          x-dcl-go-name: AttributeMapping\n          description: 'Maps attributes from authentication credentials issued by\n            an external identity provider to Google Cloud attributes, such as `subject`\n            and `segment`. Each key must be a string specifying the Google Cloud IAM\n            attribute to map to. The following keys are supported: * `google.subject`:\n            The principal IAM is authenticating. You can reference this value in IAM\n            bindings. This is also the subject that appears in Cloud Logging logs.\n            Cannot exceed 127 characters. * `google.groups`: Groups the external identity\n            belongs to. You can grant groups access to resources using an IAM `principalSet`\n            binding; access applies to all members of the group. You can also provide\n            custom attributes by specifying `attribute.{custom_attribute}`, where\n            `{custom_attribute}` is the name of the custom attribute to be mapped.\n            You can define a maximum of 50 custom attributes. The maximum length of\n            a mapped attribute key is 100 characters, and the key may only contain\n            the characters [a-z0-9_]. You can reference these attributes in IAM policies\n            to define fine-grained access for a workload to Google Cloud resources.\n            For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`\n            * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`\n            * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`\n            Each value must be a [Common Expression Language] (https://opensource.google/projects/cel)\n            function that maps an identity provider credential to the normalized attribute\n            specified by the corresponding map key. You can use the `assertion` keyword\n            in the expression to access a JSON representation of the authentication\n            credential issued by the provider. The maximum length of an attribute\n            mapping expression is 2048 characters. When evaluated, the total size\n            of all mapped attributes must not exceed 8KB. For AWS providers, if no\n            attribute mapping is defined, the following default mapping applies: ```\n            { \"google.subject\":\"assertion.arn\", \"attribute.aws_role\": \"assertion.arn.contains(''assumed-role'')\"\n            \" ? assertion.arn.extract(''{account_arn}assumed-role/'')\" \" + ''assumed-role/''\"\n            \" + assertion.arn.extract(''assumed-role/{role_name}/'')\" \" : assertion.arn\",\n            } ``` If any custom attribute mappings are defined, they must include\n            a mapping to the `google.subject` attribute. For OIDC providers, you must\n            supply a custom mapping, which must include the `google.subject` attribute.\n            For example, the following maps the `sub` claim of the incoming credential\n            to the `subject` attribute on a Google token: ``` {\"google.subject\": \"assertion.sub\"}\n            ```'\n        aws:\n          type: object\n          x-dcl-go-name: Aws\n          x-dcl-go-type: WorkloadIdentityPoolProviderAws\n          description: An Amazon Web Services identity provider.\n          x-dcl-conflicts:\n          - oidc\n          required:\n          - accountId\n          properties:\n            accountId:\n              type: string\n              x-dcl-go-name: AccountId\n              description: Required. The AWS account ID.\n            stsUri:\n              type: array\n              x-dcl-go-name: StsUri\n              description: A list of AWS STS URIs that can be used when exchanging\n                credentials. If not provided, any valid AWS STS URI is allowed. URIs\n                must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`,\n                where {region} is a valid AWS region. You can specify a maximum of\n                25 URIs.\n              x-dcl-send-empty: true\n              x-dcl-list-type: list\n              items:\n                type: string\n                x-dcl-go-type: string\n              x-dcl-mutable-unreadable: true\n        description:\n          type: string\n          x-dcl-go-name: Description\n          description: A description for the provider. Cannot exceed 256 characters.\n        disabled:\n          type: boolean\n          x-dcl-go-name: Disabled\n          description: Whether the provider is disabled. You cannot use a disabled\n            provider to exchange tokens. However, existing tokens still grant access.\n        displayName:\n          type: string\n          x-dcl-go-name: DisplayName\n          description: A display name for the provider. Cannot exceed 32 characters.\n        location:\n          type: string\n          x-dcl-go-name: Location\n          description: The location for the resource\n          x-kubernetes-immutable: true\n        name:\n          type: string\n          x-dcl-go-name: Name\n          description: Output only. The resource name of the provider.\n          x-kubernetes-immutable: true\n        oidc:\n          type: object\n          x-dcl-go-name: Oidc\n          x-dcl-go-type: WorkloadIdentityPoolProviderOidc\n          description: An OpenId Connect 1.0 identity provider.\n          x-dcl-conflicts:\n          - aws\n          required:\n          - issuerUri\n          properties:\n            allowedAudiences:\n              type: array\n              x-dcl-go-name: AllowedAudiences\n              description: 'Acceptable values for the `aud` field (audience) in the\n                OIDC token. Token exchange requests are rejected if the token audience\n                does not match one of the configured values. Each audience may be\n                at most 256 characters. A maximum of 10 audiences may be configured.\n                If this list is empty, the OIDC token audience must be equal to the\n                full canonical resource name of the WorkloadIdentityPoolProvider,\n                with or without the HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/\n                https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/\n                ```'\n              x-dcl-send-empty: true\n              x-dcl-list-type: list\n              items:\n                type: string\n                x-dcl-go-type: string\n            issuerUri:\n              type: string\n              x-dcl-go-name: IssuerUri\n              description: Required. The OIDC issuer URL. Must be an HTTPS endpoint.\n        project:\n          type: string\n          x-dcl-go-name: Project\n          description: The project for the resource\n          x-kubernetes-immutable: true\n          x-dcl-references:\n          - resource: Cloudresourcemanager/Project\n            field: name\n            parent: true\n        state:\n          type: string\n          x-dcl-go-name: State\n          x-dcl-go-type: WorkloadIdentityPoolProviderStateEnum\n          readOnly: true\n          description: 'Output only. The state of the provider. Possible values: STATE_UNSPECIFIED,\n            ACTIVE, DELETED'\n          x-kubernetes-immutable: true\n          enum:\n          - STATE_UNSPECIFIED\n          - ACTIVE\n          - DELETED\n        workloadIdentityPool:\n          type: string\n          x-dcl-go-name: WorkloadIdentityPool\n          description: The workloadIdentityPool for the resource\n          x-kubernetes-immutable: true\n          x-dcl-references:\n          - resource: Iam/WorkloadIdentityPool\n            field: name\n            parent: true\n")

blaze-out/k8-fastbuild/genfiles/cloud/graphite/mmv2/services/google/iam/workload_identity_pool_provider.yaml

Functions

func DCLRoleSchema added in v1.10.3

func DCLRoleSchema() *dcl.Schema

func DCLServiceAccountSchema added in v1.10.3

func DCLServiceAccountSchema() *dcl.Schema

func DCLWorkforcePoolProviderSchema added in v1.14.0

func DCLWorkforcePoolProviderSchema() *dcl.Schema

func DCLWorkforcePoolSchema added in v1.14.0

func DCLWorkforcePoolSchema() *dcl.Schema

func DCLWorkloadIdentityPoolProviderSchema added in v1.10.3

func DCLWorkloadIdentityPoolProviderSchema() *dcl.Schema

func DCLWorkloadIdentityPoolSchema added in v1.10.3

func DCLWorkloadIdentityPoolSchema() *dcl.Schema

func EncodeIAMCreateRequest

func EncodeIAMCreateRequest(m map[string]interface{}, resourceName, idField string) map[string]interface{}

EncodeIAMCreateRequest encodes the create request for an iam resource.

func EncodeRoleCreateRequest

func EncodeRoleCreateRequest(m map[string]interface{}) map[string]interface{}

EncodeRoleCreateRequest properly encodes the create request for an iam role.

func EncodeServiceAccountCreateRequest

func EncodeServiceAccountCreateRequest(m map[string]interface{}) map[string]interface{}

EncodeServiceAccountCreateRequest properly encodes the create request for an iam service account.

Types

type Binding

type Binding struct {
	Role      *string            `json:"role"`
	Members   []string           `json:"members"`
	Condition *Condition         `json:"condition,omitempty"`
	Resource  ResourceWithPolicy `json:"resource"`
}

Binding maps a single role to all of its members.

func (*Binding) Encode

func (b *Binding) Encode() (map[string]interface{}, error)

Encode encodes the members and role of an IAM binding.

type Client

type Client struct {
	Config *dcl.Config
}

The Client is the base struct of all operations. This will receive the Get, Delete, List, and Apply operations on all resources.

func NewClient

func NewClient(c *dcl.Config) *Client

NewClient creates a client that retries all operations a few times each.

func (*Client) ApplyBinding

func (c *Client) ApplyBinding(ctx context.Context, binding *Binding, opts ...dcl.ApplyOption) (*Binding, error)

ApplyBinding is a convenience method to create a binding if it does not exist. It supports BlockAcquire and BlockCreation but ignores other lifecycle parameters as they are not relevant to IAM bindings.

func (*Client) ApplyMember

func (c *Client) ApplyMember(ctx context.Context, member *Member, opts ...dcl.ApplyOption) (*Member, error)

ApplyMember is a convenience method to create a member if it does not exist. It supports BlockAcquire and BlockCreation but ignores other lifecycle parameters as they are not relevant to IAM members.

func (*Client) ApplyRole

func (c *Client) ApplyRole(ctx context.Context, rawDesired *Role, opts ...dcl.ApplyOption) (*Role, error)

func (*Client) ApplyServiceAccount

func (c *Client) ApplyServiceAccount(ctx context.Context, rawDesired *ServiceAccount, opts ...dcl.ApplyOption) (*ServiceAccount, error)

func (*Client) ApplyWorkforcePool added in v1.14.0

func (c *Client) ApplyWorkforcePool(ctx context.Context, rawDesired *WorkforcePool, opts ...dcl.ApplyOption) (*WorkforcePool, error)

func (*Client) ApplyWorkforcePoolProvider added in v1.14.0

func (c *Client) ApplyWorkforcePoolProvider(ctx context.Context, rawDesired *WorkforcePoolProvider, opts ...dcl.ApplyOption) (*WorkforcePoolProvider, error)

func (*Client) ApplyWorkloadIdentityPool

func (c *Client) ApplyWorkloadIdentityPool(ctx context.Context, rawDesired *WorkloadIdentityPool, opts ...dcl.ApplyOption) (*WorkloadIdentityPool, error)

func (*Client) ApplyWorkloadIdentityPoolProvider

func (c *Client) ApplyWorkloadIdentityPoolProvider(ctx context.Context, rawDesired *WorkloadIdentityPoolProvider, opts ...dcl.ApplyOption) (*WorkloadIdentityPoolProvider, error)

func (*Client) DeleteAllRole

func (c *Client) DeleteAllRole(ctx context.Context, parent string, filter func(*Role) bool) error

DeleteAllRole deletes all resources that the filter functions returns true on.

func (*Client) DeleteAllServiceAccount

func (c *Client) DeleteAllServiceAccount(ctx context.Context, project string, filter func(*ServiceAccount) bool) error

DeleteAllServiceAccount deletes all resources that the filter functions returns true on.

func (*Client) DeleteAllWorkforcePool added in v1.14.0

func (c *Client) DeleteAllWorkforcePool(ctx context.Context, location, parent string, filter func(*WorkforcePool) bool) error

DeleteAllWorkforcePool deletes all resources that the filter functions returns true on.

func (*Client) DeleteAllWorkforcePoolProvider added in v1.14.0

func (c *Client) DeleteAllWorkforcePoolProvider(ctx context.Context, location, workforcePool string, filter func(*WorkforcePoolProvider) bool) error

DeleteAllWorkforcePoolProvider deletes all resources that the filter functions returns true on.

func (*Client) DeleteAllWorkloadIdentityPool

func (c *Client) DeleteAllWorkloadIdentityPool(ctx context.Context, project, location string, filter func(*WorkloadIdentityPool) bool) error

DeleteAllWorkloadIdentityPool deletes all resources that the filter functions returns true on.

func (*Client) DeleteAllWorkloadIdentityPoolProvider

func (c *Client) DeleteAllWorkloadIdentityPoolProvider(ctx context.Context, project, location, workloadIdentityPool string, filter func(*WorkloadIdentityPoolProvider) bool) error

DeleteAllWorkloadIdentityPoolProvider deletes all resources that the filter functions returns true on.

func (*Client) DeleteBinding

func (c *Client) DeleteBinding(ctx context.Context, binding *Binding) error

DeleteBinding deletes a binding from its specified resource.

func (*Client) DeleteMember

func (c *Client) DeleteMember(ctx context.Context, member *Member) error

DeleteMember deletes a member from its specified binding.

func (*Client) DeleteRole

func (c *Client) DeleteRole(ctx context.Context, r *Role) error

func (*Client) DeleteServiceAccount

func (c *Client) DeleteServiceAccount(ctx context.Context, r *ServiceAccount) error

func (*Client) DeleteWorkforcePool added in v1.14.0

func (c *Client) DeleteWorkforcePool(ctx context.Context, r *WorkforcePool) error

func (*Client) DeleteWorkforcePoolProvider added in v1.14.0

func (c *Client) DeleteWorkforcePoolProvider(ctx context.Context, r *WorkforcePoolProvider) error

func (*Client) DeleteWorkloadIdentityPool

func (c *Client) DeleteWorkloadIdentityPool(ctx context.Context, r *WorkloadIdentityPool) error

func (*Client) DeleteWorkloadIdentityPoolProvider

func (c *Client) DeleteWorkloadIdentityPoolProvider(ctx context.Context, r *WorkloadIdentityPoolProvider) error

func (*Client) GetBinding

func (c *Client) GetBinding(ctx context.Context, r ResourceWithPolicy, role string) (*Binding, error)

GetBinding returns the binding for the given role, or nil if there is no such binding.

func (*Client) GetMember

func (c *Client) GetMember(ctx context.Context, r ResourceWithPolicy, role, member string) (*Member, error)

GetMember returns a Member struct if the role/member pair exists on the resource's policy, or nil if they do not.

func (*Client) GetPolicy

func (c *Client) GetPolicy(ctx context.Context, r ResourceWithPolicy) (*Policy, error)

GetPolicy returns the policy for the given resource.

func (*Client) GetRole

func (c *Client) GetRole(ctx context.Context, r *Role) (*Role, error)

func (*Client) GetServiceAccount

func (c *Client) GetServiceAccount(ctx context.Context, r *ServiceAccount) (*ServiceAccount, error)

func (*Client) GetWorkforcePool added in v1.14.0

func (c *Client) GetWorkforcePool(ctx context.Context, r *WorkforcePool) (*WorkforcePool, error)

func (*Client) GetWorkforcePoolProvider added in v1.14.0

func (c *Client) GetWorkforcePoolProvider(ctx context.Context, r *WorkforcePoolProvider) (*WorkforcePoolProvider, error)

func (*Client) GetWorkloadIdentityPool

func (c *Client) GetWorkloadIdentityPool(ctx context.Context, r *WorkloadIdentityPool) (*WorkloadIdentityPool, error)

func (*Client) GetWorkloadIdentityPoolProvider

func (c *Client) GetWorkloadIdentityPoolProvider(ctx context.Context, r *WorkloadIdentityPoolProvider) (*WorkloadIdentityPoolProvider, error)

func (*Client) ListRole

func (c *Client) ListRole(ctx context.Context, parent string) (*RoleList, error)

func (*Client) ListRoleWithMaxResults

func (c *Client) ListRoleWithMaxResults(ctx context.Context, parent string, pageSize int32) (*RoleList, error)

func (*Client) ListServiceAccount

func (c *Client) ListServiceAccount(ctx context.Context, project string) (*ServiceAccountList, error)

func (*Client) ListServiceAccountWithMaxResults

func (c *Client) ListServiceAccountWithMaxResults(ctx context.Context, project string, pageSize int32) (*ServiceAccountList, error)

func (*Client) ListWorkforcePool added in v1.14.0

func (c *Client) ListWorkforcePool(ctx context.Context, location, parent string) (*WorkforcePoolList, error)

func (*Client) ListWorkforcePoolProvider added in v1.14.0

func (c *Client) ListWorkforcePoolProvider(ctx context.Context, location, workforcePool string) (*WorkforcePoolProviderList, error)

func (*Client) ListWorkforcePoolProviderWithMaxResults added in v1.14.0

func (c *Client) ListWorkforcePoolProviderWithMaxResults(ctx context.Context, location, workforcePool string, pageSize int32) (*WorkforcePoolProviderList, error)

func (*Client) ListWorkforcePoolWithMaxResults added in v1.14.0

func (c *Client) ListWorkforcePoolWithMaxResults(ctx context.Context, location, parent string, pageSize int32) (*WorkforcePoolList, error)

func (*Client) ListWorkloadIdentityPool

func (c *Client) ListWorkloadIdentityPool(ctx context.Context, project, location string) (*WorkloadIdentityPoolList, error)

func (*Client) ListWorkloadIdentityPoolProvider

func (c *Client) ListWorkloadIdentityPoolProvider(ctx context.Context, project, location, workloadIdentityPool string) (*WorkloadIdentityPoolProviderList, error)

func (*Client) ListWorkloadIdentityPoolProviderWithMaxResults

func (c *Client) ListWorkloadIdentityPoolProviderWithMaxResults(ctx context.Context, project, location, workloadIdentityPool string, pageSize int32) (*WorkloadIdentityPoolProviderList, error)

func (*Client) ListWorkloadIdentityPoolWithMaxResults

func (c *Client) ListWorkloadIdentityPoolWithMaxResults(ctx context.Context, project, location string, pageSize int32) (*WorkloadIdentityPoolList, error)

func (*Client) SetBinding

func (c *Client) SetBinding(ctx context.Context, b *Binding) (*Policy, error)

SetBinding sets one binding, authoritatively on the role, for the given resource.

func (*Client) SetMember

func (c *Client) SetMember(ctx context.Context, m *Member) (*Policy, error)

SetMember adds a member to the binding for its role if not already present.

func (*Client) SetPolicy

func (c *Client) SetPolicy(ctx context.Context, p *Policy) (*Policy, error)

SetPolicy sets the policy for the given resource.

func (*Client) SetPolicyWithEtag added in v1.1.0

func (c *Client) SetPolicyWithEtag(ctx context.Context, p *Policy) (*Policy, error)

SetPolicyWithEtag sets the policy for the given resource using the etag contained in the Policy.

type Condition

type Condition struct {
	Title       *string `json:"title"`
	Description *string `json:"description"`
	Expression  *string `json:"expression"`
}

Condition represents an IAM condition. See https://cloud.google.com/iam/docs/conditions-overview#resources for details.

type Member

type Member struct {
	Role     *string            `json:"role"`
	Member   *string            `json:"member"`
	Resource ResourceWithPolicy `json:"resource"`
}

Member maps a single IAM member to one of its roles.

func (*Member) Encode

func (m *Member) Encode() (map[string]interface{}, error)

Encode encodes the role and member of a single IAM member.

func (*Member) String

func (m *Member) String() string

type Policy

type Policy struct {
	Bindings []Binding          `json:"bindings"`
	Etag     *string            `json:"etag"`
	Version  *int               `json:"version"`
	Resource ResourceWithPolicy `json:"resource"`
}

Policy is the core resource of an IAM policy.

func (*Policy) Encode

func (p *Policy) Encode() (map[string]interface{}, error)

Encode encodes the bindings, tag, and version of an IAM policy.

func (*Policy) String

func (p *Policy) String() string

type ResourceWithPolicy

type ResourceWithPolicy interface {
	SetPolicyURL(string) string
	SetPolicyVerb() string
	GetPolicy(string) (string, string, *bytes.Buffer, error)
	IAMPolicyVersion() int
}

ResourceWithPolicy is any DCL resource which has an IAM policy.

type Role

type Role struct {
	Name                *string              `json:"name"`
	Title               *string              `json:"title"`
	Description         *string              `json:"description"`
	LocalizedValues     *RoleLocalizedValues `json:"localizedValues"`
	LifecyclePhase      *string              `json:"lifecyclePhase"`
	GroupName           *string              `json:"groupName"`
	GroupTitle          *string              `json:"groupTitle"`
	IncludedPermissions []string             `json:"includedPermissions"`
	Stage               *RoleStageEnum       `json:"stage"`
	Etag                *string              `json:"etag"`
	Deleted             *bool                `json:"deleted"`
	IncludedRoles       []string             `json:"includedRoles"`
	Parent              *string              `json:"parent"`
}

func (*Role) Describe

func (r *Role) Describe() dcl.ServiceTypeVersion

Describe returns a simple description of this resource to ensure that automated tools can identify it.

func (*Role) ID

func (r *Role) ID() (string, error)

func (*Role) String

func (r *Role) String() string

type RoleList

type RoleList struct {
	Items []*Role
	// contains filtered or unexported fields
}

func (*RoleList) HasNext

func (l *RoleList) HasNext() bool

func (*RoleList) Next

func (l *RoleList) Next(ctx context.Context, c *Client) error

type RoleLocalizedValues

type RoleLocalizedValues struct {
	LocalizedTitle       *string `json:"localizedTitle"`
	LocalizedDescription *string `json:"localizedDescription"`
	// contains filtered or unexported fields
}
var EmptyRoleLocalizedValues *RoleLocalizedValues = &RoleLocalizedValues{empty: true}

This object is used to assert a desired state where this RoleLocalizedValues is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*RoleLocalizedValues) Empty

func (r *RoleLocalizedValues) Empty() bool

func (*RoleLocalizedValues) HashCode

func (r *RoleLocalizedValues) HashCode() string

func (*RoleLocalizedValues) String

func (r *RoleLocalizedValues) String() string

func (*RoleLocalizedValues) UnmarshalJSON

func (r *RoleLocalizedValues) UnmarshalJSON(data []byte) error

type RoleStageEnum

type RoleStageEnum string

The enum RoleStageEnum.

func RoleStageEnumRef

func RoleStageEnumRef(s string) *RoleStageEnum

RoleStageEnumRef returns a *RoleStageEnum with the value of string s If the empty string is provided, nil is returned.

func (RoleStageEnum) Validate

func (v RoleStageEnum) Validate() error

type ServiceAccount

type ServiceAccount struct {
	Name           *string                       `json:"name"`
	Project        *string                       `json:"project"`
	UniqueId       *string                       `json:"uniqueId"`
	Email          *string                       `json:"email"`
	DisplayName    *string                       `json:"displayName"`
	Description    *string                       `json:"description"`
	OAuth2ClientId *string                       `json:"oauth2ClientId"`
	ActasResources *ServiceAccountActasResources `json:"actasResources"`
	Disabled       *bool                         `json:"disabled"`
}

func (*ServiceAccount) Describe

func (r *ServiceAccount) Describe() dcl.ServiceTypeVersion

Describe returns a simple description of this resource to ensure that automated tools can identify it.

func (*ServiceAccount) GetPolicy

func (r *ServiceAccount) GetPolicy(basePath string) (string, string, *bytes.Buffer, error)

GetPolicy gets the IAM policy.

func (*ServiceAccount) IAMPolicyVersion

func (r *ServiceAccount) IAMPolicyVersion() int

IAMPolicyVersion defines version for IAMPolicy.

func (*ServiceAccount) ID

func (r *ServiceAccount) ID() (string, error)

func (*ServiceAccount) SetPolicyURL

func (r *ServiceAccount) SetPolicyURL(userBasePath string) string

SetPolicyURL constructs url for setting IAM Policy.

func (*ServiceAccount) SetPolicyVerb

func (r *ServiceAccount) SetPolicyVerb() string

SetPolicyVerb sets the verb for SetPolicy.

func (*ServiceAccount) String

func (r *ServiceAccount) String() string

type ServiceAccountActasResources

type ServiceAccountActasResources struct {
	Resources []ServiceAccountActasResourcesResources `json:"resources"`
	// contains filtered or unexported fields
}
var EmptyServiceAccountActasResources *ServiceAccountActasResources = &ServiceAccountActasResources{empty: true}

This object is used to assert a desired state where this ServiceAccountActasResources is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*ServiceAccountActasResources) Empty

func (*ServiceAccountActasResources) HashCode

func (r *ServiceAccountActasResources) HashCode() string

func (*ServiceAccountActasResources) String

func (*ServiceAccountActasResources) UnmarshalJSON

func (r *ServiceAccountActasResources) UnmarshalJSON(data []byte) error

type ServiceAccountActasResourcesResources

type ServiceAccountActasResourcesResources struct {
	FullResourceName *string `json:"fullResourceName"`
	// contains filtered or unexported fields
}
var EmptyServiceAccountActasResourcesResources *ServiceAccountActasResourcesResources = &ServiceAccountActasResourcesResources{empty: true}

This object is used to assert a desired state where this ServiceAccountActasResourcesResources is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*ServiceAccountActasResourcesResources) Empty

func (*ServiceAccountActasResourcesResources) HashCode

func (*ServiceAccountActasResourcesResources) String

func (*ServiceAccountActasResourcesResources) UnmarshalJSON

func (r *ServiceAccountActasResourcesResources) UnmarshalJSON(data []byte) error

type ServiceAccountList

type ServiceAccountList struct {
	Items []*ServiceAccount
	// contains filtered or unexported fields
}

func (*ServiceAccountList) HasNext

func (l *ServiceAccountList) HasNext() bool

func (*ServiceAccountList) Next

func (l *ServiceAccountList) Next(ctx context.Context, c *Client) error

type WorkforcePool added in v1.14.0

type WorkforcePool struct {
	Name            *string                 `json:"name"`
	SelfLink        *string                 `json:"selfLink"`
	Parent          *string                 `json:"parent"`
	DisplayName     *string                 `json:"displayName"`
	Description     *string                 `json:"description"`
	State           *WorkforcePoolStateEnum `json:"state"`
	Disabled        *bool                   `json:"disabled"`
	SessionDuration *string                 `json:"sessionDuration"`
	Location        *string                 `json:"location"`
}

func (*WorkforcePool) Describe added in v1.14.0

func (r *WorkforcePool) Describe() dcl.ServiceTypeVersion

Describe returns a simple description of this resource to ensure that automated tools can identify it.

func (*WorkforcePool) GetPolicy added in v1.14.0

func (r *WorkforcePool) GetPolicy(basePath string) (string, string, *bytes.Buffer, error)

func (*WorkforcePool) IAMPolicyVersion added in v1.14.0

func (r *WorkforcePool) IAMPolicyVersion() int

func (*WorkforcePool) ID added in v1.14.0

func (r *WorkforcePool) ID() (string, error)

func (*WorkforcePool) SetPolicyURL added in v1.14.0

func (r *WorkforcePool) SetPolicyURL(userBasePath string) string

func (*WorkforcePool) SetPolicyVerb added in v1.14.0

func (r *WorkforcePool) SetPolicyVerb() string

func (*WorkforcePool) String added in v1.14.0

func (r *WorkforcePool) String() string

type WorkforcePoolList added in v1.14.0

type WorkforcePoolList struct {
	Items []*WorkforcePool
	// contains filtered or unexported fields
}

func (*WorkforcePoolList) HasNext added in v1.14.0

func (l *WorkforcePoolList) HasNext() bool

func (*WorkforcePoolList) Next added in v1.14.0

func (l *WorkforcePoolList) Next(ctx context.Context, c *Client) error

type WorkforcePoolProvider added in v1.14.0

type WorkforcePoolProvider struct {
	Name               *string                         `json:"name"`
	DisplayName        *string                         `json:"displayName"`
	Description        *string                         `json:"description"`
	State              *WorkforcePoolProviderStateEnum `json:"state"`
	Disabled           *bool                           `json:"disabled"`
	AttributeMapping   map[string]string               `json:"attributeMapping"`
	AttributeCondition *string                         `json:"attributeCondition"`
	Saml               *WorkforcePoolProviderSaml      `json:"saml"`
	Oidc               *WorkforcePoolProviderOidc      `json:"oidc"`
	Location           *string                         `json:"location"`
	WorkforcePool      *string                         `json:"workforcePool"`
}

func (*WorkforcePoolProvider) Describe added in v1.14.0

Describe returns a simple description of this resource to ensure that automated tools can identify it.

func (*WorkforcePoolProvider) ID added in v1.14.0

func (r *WorkforcePoolProvider) ID() (string, error)

func (*WorkforcePoolProvider) String added in v1.14.0

func (r *WorkforcePoolProvider) String() string

type WorkforcePoolProviderList added in v1.14.0

type WorkforcePoolProviderList struct {
	Items []*WorkforcePoolProvider
	// contains filtered or unexported fields
}

func (*WorkforcePoolProviderList) HasNext added in v1.14.0

func (l *WorkforcePoolProviderList) HasNext() bool

func (*WorkforcePoolProviderList) Next added in v1.14.0

type WorkforcePoolProviderOidc added in v1.14.0

type WorkforcePoolProviderOidc struct {
	IssuerUri    *string                                `json:"issuerUri"`
	ClientId     *string                                `json:"clientId"`
	JwksJson     *string                                `json:"jwksJson"`
	WebSsoConfig *WorkforcePoolProviderOidcWebSsoConfig `json:"webSsoConfig"`
	ClientSecret *WorkforcePoolProviderOidcClientSecret `json:"clientSecret"`
	// contains filtered or unexported fields
}
var EmptyWorkforcePoolProviderOidc *WorkforcePoolProviderOidc = &WorkforcePoolProviderOidc{empty: true}

This object is used to assert a desired state where this WorkforcePoolProviderOidc is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*WorkforcePoolProviderOidc) Empty added in v1.14.0

func (r *WorkforcePoolProviderOidc) Empty() bool

func (*WorkforcePoolProviderOidc) HashCode added in v1.14.0

func (r *WorkforcePoolProviderOidc) HashCode() string

func (*WorkforcePoolProviderOidc) String added in v1.14.0

func (r *WorkforcePoolProviderOidc) String() string

func (*WorkforcePoolProviderOidc) UnmarshalJSON added in v1.14.0

func (r *WorkforcePoolProviderOidc) UnmarshalJSON(data []byte) error

type WorkforcePoolProviderOidcClientSecret added in v1.45.0

type WorkforcePoolProviderOidcClientSecret struct {
	Value *WorkforcePoolProviderOidcClientSecretValue `json:"value"`
	// contains filtered or unexported fields
}
var EmptyWorkforcePoolProviderOidcClientSecret *WorkforcePoolProviderOidcClientSecret = &WorkforcePoolProviderOidcClientSecret{empty: true}

This object is used to assert a desired state where this WorkforcePoolProviderOidcClientSecret is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*WorkforcePoolProviderOidcClientSecret) Empty added in v1.45.0

func (*WorkforcePoolProviderOidcClientSecret) HashCode added in v1.45.0

func (*WorkforcePoolProviderOidcClientSecret) String added in v1.45.0

func (*WorkforcePoolProviderOidcClientSecret) UnmarshalJSON added in v1.45.0

func (r *WorkforcePoolProviderOidcClientSecret) UnmarshalJSON(data []byte) error

type WorkforcePoolProviderOidcClientSecretValue added in v1.45.0

type WorkforcePoolProviderOidcClientSecretValue struct {
	PlainText  *string `json:"plainText"`
	Thumbprint *string `json:"thumbprint"`
	// contains filtered or unexported fields
}
var EmptyWorkforcePoolProviderOidcClientSecretValue *WorkforcePoolProviderOidcClientSecretValue = &WorkforcePoolProviderOidcClientSecretValue{empty: true}

This object is used to assert a desired state where this WorkforcePoolProviderOidcClientSecretValue is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*WorkforcePoolProviderOidcClientSecretValue) Empty added in v1.45.0

func (*WorkforcePoolProviderOidcClientSecretValue) HashCode added in v1.45.0

func (*WorkforcePoolProviderOidcClientSecretValue) String added in v1.45.0

func (*WorkforcePoolProviderOidcClientSecretValue) UnmarshalJSON added in v1.45.0

func (r *WorkforcePoolProviderOidcClientSecretValue) UnmarshalJSON(data []byte) error

type WorkforcePoolProviderOidcWebSsoConfig added in v1.38.0

type WorkforcePoolProviderOidcWebSsoConfig struct {
	ResponseType            *WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum            `json:"responseType"`
	AssertionClaimsBehavior *WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum `json:"assertionClaimsBehavior"`
	AdditionalScopes        []string                                                          `json:"additionalScopes"`
	// contains filtered or unexported fields
}
var EmptyWorkforcePoolProviderOidcWebSsoConfig *WorkforcePoolProviderOidcWebSsoConfig = &WorkforcePoolProviderOidcWebSsoConfig{empty: true}

This object is used to assert a desired state where this WorkforcePoolProviderOidcWebSsoConfig is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*WorkforcePoolProviderOidcWebSsoConfig) Empty added in v1.38.0

func (*WorkforcePoolProviderOidcWebSsoConfig) HashCode added in v1.38.0

func (*WorkforcePoolProviderOidcWebSsoConfig) String added in v1.38.0

func (*WorkforcePoolProviderOidcWebSsoConfig) UnmarshalJSON added in v1.38.0

func (r *WorkforcePoolProviderOidcWebSsoConfig) UnmarshalJSON(data []byte) error

type WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum added in v1.38.0

type WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum string

The enum WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum.

func WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnumRef added in v1.38.0

func WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnumRef(s string) *WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum

WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnumRef returns a *WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum with the value of string s If the empty string is provided, nil is returned.

func (WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorEnum) Validate added in v1.38.0

type WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum added in v1.38.0

type WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum string

The enum WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum.

func WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnumRef added in v1.38.0

func WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnumRef(s string) *WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum

WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnumRef returns a *WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum with the value of string s If the empty string is provided, nil is returned.

func (WorkforcePoolProviderOidcWebSsoConfigResponseTypeEnum) Validate added in v1.38.0

type WorkforcePoolProviderSaml added in v1.14.0

type WorkforcePoolProviderSaml struct {
	IdpMetadataXml *string `json:"idpMetadataXml"`
	// contains filtered or unexported fields
}
var EmptyWorkforcePoolProviderSaml *WorkforcePoolProviderSaml = &WorkforcePoolProviderSaml{empty: true}

This object is used to assert a desired state where this WorkforcePoolProviderSaml is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*WorkforcePoolProviderSaml) Empty added in v1.14.0

func (r *WorkforcePoolProviderSaml) Empty() bool

func (*WorkforcePoolProviderSaml) HashCode added in v1.14.0

func (r *WorkforcePoolProviderSaml) HashCode() string

func (*WorkforcePoolProviderSaml) String added in v1.14.0

func (r *WorkforcePoolProviderSaml) String() string

func (*WorkforcePoolProviderSaml) UnmarshalJSON added in v1.14.0

func (r *WorkforcePoolProviderSaml) UnmarshalJSON(data []byte) error

type WorkforcePoolProviderStateEnum added in v1.14.0

type WorkforcePoolProviderStateEnum string

The enum WorkforcePoolProviderStateEnum.

func WorkforcePoolProviderStateEnumRef added in v1.14.0

func WorkforcePoolProviderStateEnumRef(s string) *WorkforcePoolProviderStateEnum

WorkforcePoolProviderStateEnumRef returns a *WorkforcePoolProviderStateEnum with the value of string s If the empty string is provided, nil is returned.

func (WorkforcePoolProviderStateEnum) Validate added in v1.14.0

type WorkforcePoolStateEnum added in v1.14.0

type WorkforcePoolStateEnum string

The enum WorkforcePoolStateEnum.

func WorkforcePoolStateEnumRef added in v1.14.0

func WorkforcePoolStateEnumRef(s string) *WorkforcePoolStateEnum

WorkforcePoolStateEnumRef returns a *WorkforcePoolStateEnum with the value of string s If the empty string is provided, nil is returned.

func (WorkforcePoolStateEnum) Validate added in v1.14.0

func (v WorkforcePoolStateEnum) Validate() error

type WorkloadIdentityPool

type WorkloadIdentityPool struct {
	Name        *string                        `json:"name"`
	DisplayName *string                        `json:"displayName"`
	Description *string                        `json:"description"`
	State       *WorkloadIdentityPoolStateEnum `json:"state"`
	Disabled    *bool                          `json:"disabled"`
	Project     *string                        `json:"project"`
	Location    *string                        `json:"location"`
}

func (*WorkloadIdentityPool) Describe

Describe returns a simple description of this resource to ensure that automated tools can identify it.

func (*WorkloadIdentityPool) ID

func (r *WorkloadIdentityPool) ID() (string, error)

func (*WorkloadIdentityPool) String

func (r *WorkloadIdentityPool) String() string

type WorkloadIdentityPoolList

type WorkloadIdentityPoolList struct {
	Items []*WorkloadIdentityPool
	// contains filtered or unexported fields
}

func (*WorkloadIdentityPoolList) HasNext

func (l *WorkloadIdentityPoolList) HasNext() bool

func (*WorkloadIdentityPoolList) Next

type WorkloadIdentityPoolProvider

type WorkloadIdentityPoolProvider struct {
	Name                 *string                                `json:"name"`
	DisplayName          *string                                `json:"displayName"`
	Description          *string                                `json:"description"`
	State                *WorkloadIdentityPoolProviderStateEnum `json:"state"`
	Disabled             *bool                                  `json:"disabled"`
	AttributeMapping     map[string]string                      `json:"attributeMapping"`
	AttributeCondition   *string                                `json:"attributeCondition"`
	Aws                  *WorkloadIdentityPoolProviderAws       `json:"aws"`
	Oidc                 *WorkloadIdentityPoolProviderOidc      `json:"oidc"`
	Project              *string                                `json:"project"`
	Location             *string                                `json:"location"`
	WorkloadIdentityPool *string                                `json:"workloadIdentityPool"`
}

func (*WorkloadIdentityPoolProvider) Describe

Describe returns a simple description of this resource to ensure that automated tools can identify it.

func (*WorkloadIdentityPoolProvider) ID

func (*WorkloadIdentityPoolProvider) String

type WorkloadIdentityPoolProviderAws

type WorkloadIdentityPoolProviderAws struct {
	AccountId *string  `json:"accountId"`
	StsUri    []string `json:"stsUri"`
	// contains filtered or unexported fields
}
var EmptyWorkloadIdentityPoolProviderAws *WorkloadIdentityPoolProviderAws = &WorkloadIdentityPoolProviderAws{empty: true}

This object is used to assert a desired state where this WorkloadIdentityPoolProviderAws is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*WorkloadIdentityPoolProviderAws) Empty

func (*WorkloadIdentityPoolProviderAws) HashCode

func (*WorkloadIdentityPoolProviderAws) String

func (*WorkloadIdentityPoolProviderAws) UnmarshalJSON

func (r *WorkloadIdentityPoolProviderAws) UnmarshalJSON(data []byte) error

type WorkloadIdentityPoolProviderList

type WorkloadIdentityPoolProviderList struct {
	Items []*WorkloadIdentityPoolProvider
	// contains filtered or unexported fields
}

func (*WorkloadIdentityPoolProviderList) HasNext

func (*WorkloadIdentityPoolProviderList) Next

type WorkloadIdentityPoolProviderOidc

type WorkloadIdentityPoolProviderOidc struct {
	IssuerUri        *string  `json:"issuerUri"`
	AllowedAudiences []string `json:"allowedAudiences"`
	// contains filtered or unexported fields
}
var EmptyWorkloadIdentityPoolProviderOidc *WorkloadIdentityPoolProviderOidc = &WorkloadIdentityPoolProviderOidc{empty: true}

This object is used to assert a desired state where this WorkloadIdentityPoolProviderOidc is empty. Go lacks global const objects, but this object should be treated as one. Modifying this object will have undesirable results.

func (*WorkloadIdentityPoolProviderOidc) Empty

func (*WorkloadIdentityPoolProviderOidc) HashCode

func (*WorkloadIdentityPoolProviderOidc) String

func (*WorkloadIdentityPoolProviderOidc) UnmarshalJSON

func (r *WorkloadIdentityPoolProviderOidc) UnmarshalJSON(data []byte) error

type WorkloadIdentityPoolProviderStateEnum

type WorkloadIdentityPoolProviderStateEnum string

The enum WorkloadIdentityPoolProviderStateEnum.

func WorkloadIdentityPoolProviderStateEnumRef

func WorkloadIdentityPoolProviderStateEnumRef(s string) *WorkloadIdentityPoolProviderStateEnum

WorkloadIdentityPoolProviderStateEnumRef returns a *WorkloadIdentityPoolProviderStateEnum with the value of string s If the empty string is provided, nil is returned.

func (WorkloadIdentityPoolProviderStateEnum) Validate

type WorkloadIdentityPoolStateEnum

type WorkloadIdentityPoolStateEnum string

The enum WorkloadIdentityPoolStateEnum.

func WorkloadIdentityPoolStateEnumRef

func WorkloadIdentityPoolStateEnumRef(s string) *WorkloadIdentityPoolStateEnum

WorkloadIdentityPoolStateEnumRef returns a *WorkloadIdentityPoolStateEnum with the value of string s If the empty string is provided, nil is returned.

func (WorkloadIdentityPoolStateEnum) Validate

func (v WorkloadIdentityPoolStateEnum) Validate() error

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL