Resource: PolicyBinding
IAM policy binding
JSON representation |
---|
{ "name": string, "uid": string, "etag": string, "displayName": string, "annotations": { string: string, ... }, "target": { object ( |
Fields | |
---|---|
name |
Identifier. The name of the policy binding, in the format Format:
|
uid |
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. |
etag |
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. |
displayName |
Optional. The description of the policy binding. Must be less than or equal to 63 characters. |
annotations |
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations An object containing a list of |
target |
Required. Immutable. Target is the full resource name of the resource to which the policy will be bound. Immutable once set. |
policyKind |
Immutable. The kind of the policy to attach in this binding. This field must be one of the following:
|
policy |
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). |
policyUid |
Output only. The globally unique ID of the policy to be bound. |
condition |
Optional. Condition can either be a principal condition or a resource condition. It depends on the type of target, the policy it is attached to, and/or the expression itself. When set, the
Allowed operations for principal.type:
Supported principal types are Workspace, Workforce Pool, Workload Pool and Service Account. Allowed string must be one of:
When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are |
createTime |
Output only. The time when the policy binding was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
Output only. The time when the policy binding was most recently updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Target
Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field
|
|
principalSet |
Immutable. Full Resource Name used for principal access boundary policy bindings Examples:
|
PolicyKind
Different policy kinds supported in this binding.
Enums | |
---|---|
POLICY_KIND_UNSPECIFIED |
Unspecified policy kind; Not a valid state |
PRINCIPAL_ACCESS_BOUNDARY |
Principal access boundary policy kind |
ACCESS |
Access policy kind. Keep behind visibility label until Access Policy launch. |
Expr
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
Example (Equality):
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
Example (Logic):
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation):
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
JSON representation |
---|
{ "expression": string, "title": string, "description": string, "location": string } |
Fields | |
---|---|
expression |
Textual representation of an expression in Common Expression Language syntax. |
title |
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. |
description |
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. |
location |
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. |
Methods |
|
---|---|
|
Creates a policy binding and returns a long-running operation. |
|
Deletes a policy binding and returns a long-running operation. |
|
Gets a policy binding. |
|
Lists policy bindings. |
|
Updates a policy binding and returns a long-running operation. |
|
Search policy bindings by target. |