Documentation
¶
Overview ¶
Package iap provides access to the Cloud Identity-Aware Proxy API.
For product documentation, see: https://cloud.google.com/iap
Creating a client ¶
Usage example:
import "google.golang.org/api/iap/v1beta1" ... ctx := context.Background() iapService, err := iap.NewService(ctx)
In this example, Google Application Default Credentials are used for authentication.
For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
Other authentication options ¶
To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
iapService, err := iap.NewService(ctx, option.WithAPIKey("AIza..."))
To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
config := &oauth2.Config{...}
// ...
token, err := config.Exchange(ctx, ...)
iapService, err := iap.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
See https://godoc.org/google.golang.org/api/option/ for details on options.
Index ¶
- Constants
- type Binding
- type Expr
- type GetIamPolicyRequest
- type Policy
- type Service
- type SetIamPolicyRequest
- type TestIamPermissionsRequest
- type TestIamPermissionsResponse
- type V1beta1GetIamPolicyCall
- func (c *V1beta1GetIamPolicyCall) Context(ctx context.Context) *V1beta1GetIamPolicyCall
- func (c *V1beta1GetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
- func (c *V1beta1GetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1GetIamPolicyCall
- func (c *V1beta1GetIamPolicyCall) Header() http.Header
- type V1beta1Service
- func (r *V1beta1Service) GetIamPolicy(resource string, getiampolicyrequest *GetIamPolicyRequest) *V1beta1GetIamPolicyCall
- func (r *V1beta1Service) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *V1beta1SetIamPolicyCall
- func (r *V1beta1Service) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *V1beta1TestIamPermissionsCall
- type V1beta1SetIamPolicyCall
- func (c *V1beta1SetIamPolicyCall) Context(ctx context.Context) *V1beta1SetIamPolicyCall
- func (c *V1beta1SetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
- func (c *V1beta1SetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1SetIamPolicyCall
- func (c *V1beta1SetIamPolicyCall) Header() http.Header
- type V1beta1TestIamPermissionsCall
- func (c *V1beta1TestIamPermissionsCall) Context(ctx context.Context) *V1beta1TestIamPermissionsCall
- func (c *V1beta1TestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error)
- func (c *V1beta1TestIamPermissionsCall) Fields(s ...googleapi.Field) *V1beta1TestIamPermissionsCall
- func (c *V1beta1TestIamPermissionsCall) Header() http.Header
Constants ¶
const (
// View and manage your data across Google Cloud Platform services
CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
)
OAuth2 scopes used by this API.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Binding ¶
type Binding struct {
// Condition: The condition that is associated with this binding.
// NOTE: an unsatisfied condition will not allow user access via
// current
// binding. Different bindings, including their conditions, are
// examined
// independently.
Condition *Expr `json:"condition,omitempty"`
// Members: Specifies the identities requesting access for a Cloud
// Platform resource.
// `members` can have the following values:
//
// * `allUsers`: A special identifier that represents anyone who is
// on the internet; with or without a Google account.
//
// * `allAuthenticatedUsers`: A special identifier that represents
// anyone
// who is authenticated with a Google account or a service
// account.
//
// * `user:{emailid}`: An email address that represents a specific
// Google
// account. For example, `alice@gmail.com` .
//
//
// * `serviceAccount:{emailid}`: An email address that represents a
// service
// account. For example,
// `my-other-app@appspot.gserviceaccount.com`.
//
// * `group:{emailid}`: An email address that represents a Google
// group.
// For example, `admins@example.com`.
//
//
// * `domain:{domain}`: The G Suite domain (primary) that represents all
// the
// users of that domain. For example, `google.com` or
// `example.com`.
//
//
Members []string `json:"members,omitempty"`
// Role: Role that is assigned to `members`.
// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Role string `json:"role,omitempty"`
// ForceSendFields is a list of field names (e.g. "Condition") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Condition") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
Binding: Associates `members` with a `role`.
func (*Binding) MarshalJSON ¶
type Expr ¶
type Expr struct {
// Description: An optional description of the expression. This is a
// longer text which
// describes the expression, e.g. when hovered over it in a UI.
Description string `json:"description,omitempty"`
// Expression: Textual representation of an expression in
// Common Expression Language syntax.
//
// The application context of the containing message determines
// which
// well-known feature set of CEL is supported.
Expression string `json:"expression,omitempty"`
// Location: An optional string indicating the location of the
// expression for error
// reporting, e.g. a file name and a position in the file.
Location string `json:"location,omitempty"`
// Title: An optional title for the expression, i.e. a short string
// describing
// its purpose. This can be used e.g. in UIs which allow to enter
// the
// expression.
Title string `json:"title,omitempty"`
// ForceSendFields is a list of field names (e.g. "Description") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Description") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
Expr: Represents an expression text. Example:
title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0"
func (*Expr) MarshalJSON ¶
type GetIamPolicyRequest ¶
type GetIamPolicyRequest struct {
}
GetIamPolicyRequest: Request message for `GetIamPolicy` method.
type Policy ¶
type Policy struct {
// Bindings: Associates a list of `members` to a `role`.
// `bindings` with no members will result in an error.
Bindings []*Binding `json:"bindings,omitempty"`
// Etag: `etag` is used for optimistic concurrency control as a way to
// help
// prevent simultaneous updates of a policy from overwriting each
// other.
// It is strongly suggested that systems make use of the `etag` in
// the
// read-modify-write cycle to perform policy updates in order to avoid
// race
// conditions: An `etag` is returned in the response to `getIamPolicy`,
// and
// systems are expected to put that etag in the request to
// `setIamPolicy` to
// ensure that their change will be applied to the same version of the
// policy.
//
// If no `etag` is provided in the call to `setIamPolicy`, then the
// existing
// policy is overwritten blindly.
Etag string `json:"etag,omitempty"`
// Version: Deprecated.
Version int64 `json:"version,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Bindings") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Bindings") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
Policy: Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A `Policy` consists of a list of `bindings`. A `binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM.
**JSON Example**
{
"bindings": [
{
"role": "roles/owner",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-other-app@appspot.gserviceaccount.com"
]
},
{
"role": "roles/viewer",
"members": ["user:sean@example.com"]
}
]
}
**YAML Example**
bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-other-app@appspot.gserviceaccount.com role: roles/owner - members: - user:sean@example.com role: roles/viewer
For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam/docs).
func (*Policy) MarshalJSON ¶
type Service ¶
type Service struct {
BasePath string // API endpoint base URL
UserAgent string // optional additional User-Agent fragment
V1beta1 *V1beta1Service
// contains filtered or unexported fields
}
func New
deprecated
New creates a new Service. It uses the provided http.Client for requests.
Deprecated: please use NewService instead. To provide a custom HTTP client, use option.WithHTTPClient. If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
func NewService ¶ added in v0.3.0
NewService creates a new Service.
type SetIamPolicyRequest ¶
type SetIamPolicyRequest struct {
// Policy: REQUIRED: The complete policy to be applied to the
// `resource`. The size of
// the policy is limited to a few 10s of KB. An empty policy is a
// valid policy but certain Cloud Platform services (such as
// Projects)
// might reject them.
Policy *Policy `json:"policy,omitempty"`
// ForceSendFields is a list of field names (e.g. "Policy") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Policy") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
SetIamPolicyRequest: Request message for `SetIamPolicy` method.
func (*SetIamPolicyRequest) MarshalJSON ¶
func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error)
type TestIamPermissionsRequest ¶
type TestIamPermissionsRequest struct {
// Permissions: The set of permissions to check for the `resource`.
// Permissions with
// wildcards (such as '*' or 'storage.*') are not allowed. For
// more
// information see
// [IAM
// Overview](https://cloud.google.com/iam/docs/overview#permissions).
Permissions []string `json:"permissions,omitempty"`
// ForceSendFields is a list of field names (e.g. "Permissions") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Permissions") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
TestIamPermissionsRequest: Request message for `TestIamPermissions` method.
func (*TestIamPermissionsRequest) MarshalJSON ¶
func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error)
type TestIamPermissionsResponse ¶
type TestIamPermissionsResponse struct {
// Permissions: A subset of `TestPermissionsRequest.permissions` that
// the caller is
// allowed.
Permissions []string `json:"permissions,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Permissions") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Permissions") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
TestIamPermissionsResponse: Response message for `TestIamPermissions` method.
func (*TestIamPermissionsResponse) MarshalJSON ¶
func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error)
type V1beta1GetIamPolicyCall ¶ added in v0.2.0
type V1beta1GetIamPolicyCall struct {
// contains filtered or unexported fields
}
func (*V1beta1GetIamPolicyCall) Context ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Context(ctx context.Context) *V1beta1GetIamPolicyCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*V1beta1GetIamPolicyCall) Do ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
Do executes the "iap.getIamPolicy" call. Exactly one of *Policy or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *Policy.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*V1beta1GetIamPolicyCall) Fields ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1GetIamPolicyCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*V1beta1GetIamPolicyCall) Header ¶ added in v0.2.0
func (c *V1beta1GetIamPolicyCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type V1beta1Service ¶ added in v0.2.0
type V1beta1Service struct {
// contains filtered or unexported fields
}
func NewV1beta1Service ¶ added in v0.2.0
func NewV1beta1Service(s *Service) *V1beta1Service
func (*V1beta1Service) GetIamPolicy ¶ added in v0.2.0
func (r *V1beta1Service) GetIamPolicy(resource string, getiampolicyrequest *GetIamPolicyRequest) *V1beta1GetIamPolicyCall
GetIamPolicy: Gets the access control policy for an Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api
func (*V1beta1Service) SetIamPolicy ¶ added in v0.2.0
func (r *V1beta1Service) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *V1beta1SetIamPolicyCall
SetIamPolicy: Sets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api
func (*V1beta1Service) TestIamPermissions ¶ added in v0.2.0
func (r *V1beta1Service) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *V1beta1TestIamPermissionsCall
TestIamPermissions: Returns permissions that a caller has on the Identity-Aware Proxy protected resource. If the resource does not exist or the caller does not have Identity-Aware Proxy permissions a [google.rpc.Code.PERMISSION_DENIED] will be returned. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api
type V1beta1SetIamPolicyCall ¶ added in v0.2.0
type V1beta1SetIamPolicyCall struct {
// contains filtered or unexported fields
}
func (*V1beta1SetIamPolicyCall) Context ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Context(ctx context.Context) *V1beta1SetIamPolicyCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*V1beta1SetIamPolicyCall) Do ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)
Do executes the "iap.setIamPolicy" call. Exactly one of *Policy or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *Policy.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*V1beta1SetIamPolicyCall) Fields ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1SetIamPolicyCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*V1beta1SetIamPolicyCall) Header ¶ added in v0.2.0
func (c *V1beta1SetIamPolicyCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
type V1beta1TestIamPermissionsCall ¶ added in v0.2.0
type V1beta1TestIamPermissionsCall struct {
// contains filtered or unexported fields
}
func (*V1beta1TestIamPermissionsCall) Context ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Context(ctx context.Context) *V1beta1TestIamPermissionsCall
Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.
func (*V1beta1TestIamPermissionsCall) Do ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error)
Do executes the "iap.testIamPermissions" call. Exactly one of *TestIamPermissionsResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *TestIamPermissionsResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.
func (*V1beta1TestIamPermissionsCall) Fields ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Fields(s ...googleapi.Field) *V1beta1TestIamPermissionsCall
Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
func (*V1beta1TestIamPermissionsCall) Header ¶ added in v0.2.0
func (c *V1beta1TestIamPermissionsCall) Header() http.Header
Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.
Source Files