Documentation ¶
Overview ¶
Package iap provides access to the Cloud Identity-Aware Proxy API.
For product documentation, see: https://cloud.google.com/iap
Creating a client ¶
Usage example:
import "google.golang.org/api/iap/v1beta1" ... ctx := context.Background() iapService, err := iap.NewService(ctx)
In this example, Google Application Default Credentials are used for authentication.
For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
Other authentication options ¶
To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
iapService, err := iap.NewService(ctx, option.WithAPIKey("AIza..."))
To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
config := &oauth2.Config{...} // ... token, err := config.Exchange(ctx, ...) iapService, err := iap.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
See https://godoc.org/google.golang.org/api/option/ for details on options.
Index ¶
- Constants
- type Binding
- type Expr
- type GetIamPolicyRequest
- type GetPolicyOptions
- type Policy
- type Service
- type SetIamPolicyRequest
- type TestIamPermissionsRequest
- type TestIamPermissionsResponse
- type V1beta1GetIamPolicyCall
- func (c *V1beta1GetIamPolicyCall) Context(ctx context.Context) *V1beta1GetIamPolicyCall
- func (c *V1beta1GetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
- func (c *V1beta1GetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1GetIamPolicyCall
- func (c *V1beta1GetIamPolicyCall) Header() http.Header
- type V1beta1Service
- func (r *V1beta1Service) GetIamPolicy(resource string, getiampolicyrequest *GetIamPolicyRequest) *V1beta1GetIamPolicyCall
- func (r *V1beta1Service) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *V1beta1SetIamPolicyCall
- func (r *V1beta1Service) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *V1beta1TestIamPermissionsCall
- type V1beta1SetIamPolicyCall
- func (c *V1beta1SetIamPolicyCall) Context(ctx context.Context) *V1beta1SetIamPolicyCall
- func (c *V1beta1SetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
- func (c *V1beta1SetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1SetIamPolicyCall
- func (c *V1beta1SetIamPolicyCall) Header() http.Header
- type V1beta1TestIamPermissionsCall
- func (c *V1beta1TestIamPermissionsCall) Context(ctx context.Context) *V1beta1TestIamPermissionsCall
- func (c *V1beta1TestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error)
- func (c *V1beta1TestIamPermissionsCall) Fields(s ...googleapi.Field) *V1beta1TestIamPermissionsCall
- func (c *V1beta1TestIamPermissionsCall) Header() http.Header
Constants ¶
const (
// View and manage your data across Google Cloud Platform services
CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
)
OAuth2 scopes used by this API.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Binding ¶
type Binding struct { // Condition: The condition that is associated with this binding. // NOTE: An unsatisfied condition will not allow user access via // current // binding. Different bindings, including their conditions, are // examined // independently. Condition *Expr `json:"condition,omitempty"` // Members: Specifies the identities requesting access for a Cloud // Platform resource. // `members` can have the following values: // // * `allUsers`: A special identifier that represents anyone who is // on the internet; with or without a Google account. // // * `allAuthenticatedUsers`: A special identifier that represents // anyone // who is authenticated with a Google account or a service // account. // // * `user:{emailid}`: An email address that represents a specific // Google // account. For example, `alice@example.com` . // // // * `serviceAccount:{emailid}`: An email address that represents a // service // account. For example, // `my-other-app@appspot.gserviceaccount.com`. // // * `group:{emailid}`: An email address that represents a Google // group. // For example, `admins@example.com`. // // // * `domain:{domain}`: The G Suite domain (primary) that represents all // the // users of that domain. For example, `google.com` or // `example.com`. // // Members []string `json:"members,omitempty"` // Role: Role that is assigned to `members`. // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role string `json:"role,omitempty"` // ForceSendFields is a list of field names (e.g. "Condition") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the // server regardless of whether the field is empty or not. This may be // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "Condition") to include in // API requests with the JSON null value. By default, fields with empty // values are omitted from API requests. However, any field with an // empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` }
Binding: Associates `members` with a `role`.
func (*Binding) MarshalJSON ¶
type Expr ¶
type Expr struct { // Description: An optional description of the expression. This is a // longer text which // describes the expression, e.g. when hovered over it in a UI. Description string `json:"description,omitempty"` // Expression: Textual representation of an expression in // Common Expression Language syntax. // // The application context of the containing message determines // which // well-known feature set of CEL is supported. Expression string `json:"expression,omitempty"` // Location: An optional string indicating the location of the // expression for error // reporting, e.g. a file name and a position in the file. Location string `json:"location,omitempty"` // Title: An optional title for the expression, i.e. a short string // describing // its purpose. This can be used e.g. in UIs which allow to enter // the // expression. Title string `json:"title,omitempty"` // ForceSendFields is a list of field names (e.g. "Description") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the // server regardless of whether the field is empty or not. This may be // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "Description") to include // in API requests with the JSON null value. By default, fields with // empty values are omitted from API requests. However, any field with // an empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` }
Expr: Represents an expression text. Example:
title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0"
func (*Expr) MarshalJSON ¶
type GetIamPolicyRequest ¶
type GetIamPolicyRequest struct { // Options: OPTIONAL: A `GetPolicyOptions` object for specifying options // to // `GetIamPolicy`. This field is only used by Cloud IAM. Options *GetPolicyOptions `json:"options,omitempty"` // ForceSendFields is a list of field names (e.g. "Options") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the // server regardless of whether the field is empty or not. This may be // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "Options") to include in // API requests with the JSON null value. By default, fields with empty // values are omitted from API requests. However, any field with an // empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` }
GetIamPolicyRequest: Request message for `GetIamPolicy` method.
func (*GetIamPolicyRequest) MarshalJSON ¶ added in v0.8.0
func (s *GetIamPolicyRequest) MarshalJSON() ([]byte, error)
type GetPolicyOptions ¶ added in v0.8.0
type GetPolicyOptions struct { // RequestedPolicyVersion: Optional. The policy format version to be // returned. // // Valid values are 0, 1, and 3. Requests specifying an invalid value // will be // rejected. // // Requests for policies with any conditional bindings must specify // version 3. // Policies without any conditional bindings may specify any valid value // or // leave the field unset. RequestedPolicyVersion int64 `json:"requestedPolicyVersion,omitempty"` // ForceSendFields is a list of field names (e.g. // "RequestedPolicyVersion") to unconditionally include in API requests. // By default, fields with empty values are omitted from API requests. // However, any non-pointer, non-interface field appearing in // ForceSendFields will be sent to the server regardless of whether the // field is empty or not. This may be used to include empty fields in // Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "RequestedPolicyVersion") // to include in API requests with the JSON null value. By default, // fields with empty values are omitted from API requests. However, any // field with an empty value appearing in NullFields will be sent to the // server as null. It is an error if a field in this list has a // non-empty value. This may be used to include null fields in Patch // requests. NullFields []string `json:"-"` }
GetPolicyOptions: Encapsulates settings provided to GetIamPolicy.
func (*GetPolicyOptions) MarshalJSON ¶ added in v0.8.0
func (s *GetPolicyOptions) MarshalJSON() ([]byte, error)
type Policy ¶
type Policy struct { // Bindings: Associates a list of `members` to a `role`. Optionally may // specify a // `condition` that determines when binding is in effect. // `bindings` with no members will result in an error. Bindings []*Binding `json:"bindings,omitempty"` // Etag: `etag` is used for optimistic concurrency control as a way to // help // prevent simultaneous updates of a policy from overwriting each // other. // It is strongly suggested that systems make use of the `etag` in // the // read-modify-write cycle to perform policy updates in order to avoid // race // conditions: An `etag` is returned in the response to `getIamPolicy`, // and // systems are expected to put that etag in the request to // `setIamPolicy` to // ensure that their change will be applied to the same version of the // policy. // // If no `etag` is provided in the call to `setIamPolicy`, then the // existing // policy is overwritten. Due to blind-set semantics of an etag-less // policy, // 'setIamPolicy' will not fail even if either of incoming or stored // policy // does not meet the version requirements. Etag string `json:"etag,omitempty"` // Version: Specifies the format of the policy. // // Valid values are 0, 1, and 3. Requests specifying an invalid value // will be // rejected. // // Operations affecting conditional bindings must specify version 3. // This can // be either setting a conditional policy, modifying a conditional // binding, // or removing a conditional binding from the stored conditional // policy. // Operations on non-conditional policies may specify any valid value // or // leave the field unset. // // If no etag is provided in the call to `setIamPolicy`, any // version // compliance checks on the incoming and/or stored policy is skipped. Version int64 `json:"version,omitempty"` // ServerResponse contains the HTTP response code and headers from the // server. googleapi.ServerResponse `json:"-"` // ForceSendFields is a list of field names (e.g. "Bindings") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the // server regardless of whether the field is empty or not. This may be // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "Bindings") to include in // API requests with the JSON null value. By default, fields with empty // values are omitted from API requests. However, any field with an // empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` }
Policy: Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions (defined by IAM or configured by users). A `binding` can optionally specify a `condition`, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource.
**JSON Example**
{ "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com"
] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ] }
**YAML Example**
bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time <
timestamp('2020-10-01T00:00:00.000Z')
For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam/docs).
func (*Policy) MarshalJSON ¶
type Service ¶
type Service struct { BasePath string // API endpoint base URL UserAgent string // optional additional User-Agent fragment V1beta1 *V1beta1Service // contains filtered or unexported fields }
func New
deprecated
New creates a new Service. It uses the provided http.Client for requests.
Deprecated: please use NewService instead. To provide a custom HTTP client, use option.WithHTTPClient. If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
func NewService ¶ added in v0.3.0
NewService creates a new Service.
type SetIamPolicyRequest ¶
type SetIamPolicyRequest struct { // Policy: REQUIRED: The complete policy to be applied to the // `resource`. The size of // the policy is limited to a few 10s of KB. An empty policy is a // valid policy but certain Cloud Platform services (such as // Projects) // might reject them. Policy *Policy `json:"policy,omitempty"` // ForceSendFields is a list of field names (e.g. "Policy") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the // server regardless of whether the field is empty or not. This may be // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "Policy") to include in API // requests with the JSON null value. By default, fields with empty // values are omitted from API requests. However, any field with an // empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` }
SetIamPolicyRequest: Request message for `SetIamPolicy` method.
func (*SetIamPolicyRequest) MarshalJSON ¶
func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error)
type TestIamPermissionsRequest ¶
type TestIamPermissionsRequest struct { // Permissions: The set of permissions to check for the `resource`. // Permissions with // wildcards (such as '*' or 'storage.*') are not allowed. For // more // information see // [IAM // Overview](https://cloud.google.com/iam/docs/overview#permissions). Permissions []string `json:"permissions,omitempty"` // ForceSendFields is a list of field names (e.g. "Permissions") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the // server regardless of whether the field is empty or not. This may be // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "Permissions") to include // in API requests with the JSON null value. By default, fields with // empty values are omitted from API requests. However, any field with // an empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` }
TestIamPermissionsRequest: Request message for `TestIamPermissions` method.
func (*TestIamPermissionsRequest) MarshalJSON ¶
func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error)
type TestIamPermissionsResponse ¶
type TestIamPermissionsResponse struct { // Permissions: A subset of `TestPermissionsRequest.permissions` that // the caller is // allowed. Permissions []string `json:"permissions,omitempty"` // ServerResponse contains the HTTP response code and headers from the // server. googleapi.ServerResponse `json:"-"` // ForceSendFields is a list of field names (e.g. "Permissions") to // unconditionally include in API requests. By default, fields with // empty values are omitted from API requests. However, any non-pointer, // non-interface field appearing in ForceSendFields will be sent to the // server regardless of whether the field is empty or not. This may be // used to include empty fields in Patch requests. ForceSendFields []string `json:"-"` // NullFields is a list of field names (e.g. "Permissions") to include // in API requests with the JSON null value. By default, fields with // empty values are omitted from API requests. However, any field with // an empty value appearing in NullFields will be sent to the server as // null. It is an error if a field in this list has a non-empty value. // This may be used to include null fields in Patch requests. NullFields []string `json:"-"` }
TestIamPermissionsResponse: Response message for `TestIamPermissions` method.
func (*TestIamPermissionsResponse) MarshalJSON ¶
func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error)
type V1beta1GetIamPolicyCall ¶ added in v0.2.0
type V1beta1GetIamPolicyCall struct {
// contains filtered or unexported fields
}
func (*V1beta1GetIamPolicyCall) Context ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Context(ctx context.Context) *V1beta1GetIamPolicyCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*V1beta1GetIamPolicyCall) Do ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
Do executes the "iap.getIamPolicy" call. Exactly one of *Policy or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *Policy.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*V1beta1GetIamPolicyCall) Fields ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1GetIamPolicyCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*V1beta1GetIamPolicyCall) Header ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type V1beta1Service ¶ added in v0.2.0
type V1beta1Service struct {
// contains filtered or unexported fields
}
func NewV1beta1Service ¶ added in v0.2.0
func NewV1beta1Service(s *Service) *V1beta1Service
func (*V1beta1Service) GetIamPolicy ¶ added in v0.2.0
func (r *V1beta1Service) GetIamPolicy(resource string, getiampolicyrequest *GetIamPolicyRequest) *V1beta1GetIamPolicyCall
GetIamPolicy: Gets the access control policy for an Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api
func (*V1beta1Service) SetIamPolicy ¶ added in v0.2.0
func (r *V1beta1Service) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *V1beta1SetIamPolicyCall
SetIamPolicy: Sets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api
func (*V1beta1Service) TestIamPermissions ¶ added in v0.2.0
func (r *V1beta1Service) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *V1beta1TestIamPermissionsCall
TestIamPermissions: Returns permissions that a caller has on the Identity-Aware Proxy protected resource. If the resource does not exist or the caller does not have Identity-Aware Proxy permissions a [google.rpc.Code.PERMISSION_DENIED] will be returned. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api
type V1beta1SetIamPolicyCall ¶ added in v0.2.0
type V1beta1SetIamPolicyCall struct {
// contains filtered or unexported fields
}
func (*V1beta1SetIamPolicyCall) Context ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Context(ctx context.Context) *V1beta1SetIamPolicyCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*V1beta1SetIamPolicyCall) Do ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
Do executes the "iap.setIamPolicy" call. Exactly one of *Policy or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *Policy.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*V1beta1SetIamPolicyCall) Fields ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1SetIamPolicyCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*V1beta1SetIamPolicyCall) Header ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type V1beta1TestIamPermissionsCall ¶ added in v0.2.0
type V1beta1TestIamPermissionsCall struct {
// contains filtered or unexported fields
}
func (*V1beta1TestIamPermissionsCall) Context ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Context(ctx context.Context) *V1beta1TestIamPermissionsCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*V1beta1TestIamPermissionsCall) Do ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error)
Do executes the "iap.testIamPermissions" call. Exactly one of *TestIamPermissionsResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *TestIamPermissionsResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*V1beta1TestIamPermissionsCall) Fields ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Fields(s ...googleapi.Field) *V1beta1TestIamPermissionsCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*V1beta1TestIamPermissionsCall) Header ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.