- HTTP request
- Request body
- Response body
- Authorization scopes
- LintResult
- Level
- Severity
- Examples
- Try it!
Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition
field, which contains a condition expression for a role binding.
Successful calls to this method always return an HTTP 200 OK
status code, even if the linter detects an issue in the IAM policy.
HTTP request
POST https://iam.googleapis.com/v1/iamPolicies:lintPolicy
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "fullResourceName": string, // Union field |
Fields | |
---|---|
full |
The full resource name of the policy this lint request is about. The name follows the Google Cloud format for full resource names. For example, a Google Cloud project with ID The resource name is not used to read a policy from IAM. Only the data in the request object is linted. |
Union field lint_object . Required. The IAM object to be linted. lint_object can be only one of the following: |
|
condition |
|
Response body
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"lintResults": [
{
object ( |
Fields | |
---|---|
lint |
List of lint results sorted by |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
LintResult
Structured response of a single validation unit.
JSON representation |
---|
{ "level": enum ( |
Fields | |
---|---|
level |
The validation unit level. |
validation |
The validation unit name, for instance "lintValidationUnits/ConditionComplexityCheck". |
severity |
The validation unit severity. |
field |
The name of the field for which this lint result is about. For nested messages |
location |
0-based character position of problematic construct within the object identified by |
debug |
Human readable debug message associated with the issue. |
Level
Possible Level values of a validation unit corresponding to its domain of discourse.
Enums | |
---|---|
LEVEL_UNSPECIFIED |
Level is unspecified. |
CONDITION |
A validation unit which operates on an individual condition within a binding. |
Severity
Possible Severity values of an issued result.
Enums | |
---|---|
SEVERITY_UNSPECIFIED |
Severity is unspecified. |
ERROR |
A validation unit returns an error only for critical issues. If an attempt is made to set the problematic policy without rectifying the critical issue, it causes the setPolicy operation to fail. |
WARNING |
Any issue which is severe enough but does not cause an error. For example, suspicious constructs in the input object will not necessarily fail
|
NOTICE |
Reserved for the issues that are not severe as ERROR /WARNING , but need special handling. For instance, messages about skipped validation units are issued as NOTICE . |
INFO |
Any informative statement which is not severe enough to raise ERROR /WARNING /NOTICE , like auto-correction recommendations on the input content. Note that current version of the linter does not utilize INFO . |
DEPRECATED |
Deprecated severity level. |