Package iam supports the resource-specific operations of Google Cloud IAM (Identity and Access Management) for the Google Cloud Libraries. See https://cloud.google.com/iam for more about IAM.
Users of the Google Cloud Libraries will typically not use this package directly. Instead they will begin with some resource that supports IAM, like a pubsub topic, and call its IAM method to get a Handle for that resource.
Constants
AllUsers, AllAuthenticatedUsers
const
(
// AllUsers is a special member that denotes all users, even unauthenticated ones.
AllUsers
=
"allUsers"
// AllAuthenticatedUsers is a special member that denotes all authenticated users.
AllAuthenticatedUsers
=
"allAuthenticatedUsers"
)
Handle
type
Handle
struct
{
// contains filtered or unexported fields
}
A Handle provides IAM operations for a resource.
func InternalNewHandle
func
InternalNewHandle
(
conn
grpc
.
ClientConnInterface
,
resource
string
)
*
Handle
InternalNewHandle is for use by the Google Cloud Libraries only.
InternalNewHandle returns a Handle for resource. The conn parameter refers to a server that must support the IAMPolicy service.
func InternalNewHandleClient
InternalNewHandleClient is for use by the Google Cloud Libraries only.
InternalNewHandleClient returns a Handle for resource using the given client implementation.
func InternalNewHandleGRPCClient
func
InternalNewHandleGRPCClient
(
c
pb
.
IAMPolicyClient
,
resource
string
)
*
Handle
InternalNewHandleGRPCClient is for use by the Google Cloud Libraries only.
InternalNewHandleClient returns a Handle for resource using the given grpc service that implements IAM as a mixin
func (*Handle) Policy
Policy retrieves the IAM policy for the resource.
func (*Handle) SetPolicy
SetPolicy replaces the resource's current policy with the supplied Policy.
If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.
func (*Handle) TestPermissions
func
(
h
*
Handle
)
TestPermissions
(
ctx
context
.
Context
,
permissions
[]
string
)
([]
string
,
error
)
TestPermissions returns the subset of permissions that the caller has on the resource.
func (*Handle) V3
V3 returns a Handle3, which is like Handle except it sets requestedPolicyVersion to 3 when retrieving a policy and policy.version to 3 when storing a policy.
Handle3
type
Handle3
struct
{
// contains filtered or unexported fields
}
A Handle3 provides IAM operations for a resource. It is similar to a Handle, but provides access to newer IAM features (e.g., conditions).
func (*Handle3) Policy
Policy retrieves the IAM policy for the resource.
requestedPolicyVersion is always set to 3.
func (*Handle3) SetPolicy
SetPolicy replaces the resource's current policy with the supplied Policy.
If policy was created from a prior call to Get, then the modification will only succeed if the policy has not changed since the Get.
func (*Handle3) TestPermissions
func
(
h
*
Handle3
)
TestPermissions
(
ctx
context
.
Context
,
permissions
[]
string
)
([]
string
,
error
)
TestPermissions returns the subset of permissions that the caller has on the resource.
Policy
type
Policy
struct
{
// This field is exported for use by the Google Cloud Libraries only.
// It may become unexported in a future release.
InternalProto
*
pb
.
Policy
}
A Policy is a list of Bindings representing roles granted to members.
The zero Policy is a valid policy with no bindings.
func (*Policy) Add
Add adds member member to role r if it is not already present. A new binding is created if there is no binding for the role.
func (*Policy) HasRole
HasRole reports whether member has role r.
func (*Policy) Members
Members returns the list of members with the supplied role. The return value should not be modified. Use Add and Remove to modify the members of a role.
func (*Policy) Remove
Remove removes member from role r if it is present.
func (*Policy) Roles
Roles returns the names of all the roles that appear in the Policy.
Policy3
A Policy3 is a list of Bindings representing roles granted to members.
The zero Policy3 is a valid policy with no bindings.
It is similar to a Policy, except a Policy3 provides direct access to the list of Bindings.
The policy version is always set to 3.
RoleName
type
RoleName
string
A RoleName is a name representing a collection of permissions.
Owner, Editor, Viewer
const
(
Owner
RoleName
=
"roles/owner"
Editor
RoleName
=
"roles/editor"
Viewer
RoleName
=
"roles/viewer"
)
Common role names.
