api: google.golang.org/api/iap/v1beta1 Index | Files

package iap

import "google.golang.org/api/iap/v1beta1"

Package iap provides access to the Cloud Identity-Aware Proxy API.

For product documentation, see: https://cloud.google.com/iap

Creating a client

Usage example:

import "google.golang.org/api/iap/v1beta1"
...
ctx := context.Background()
iapService, err := iap.NewService(ctx)

In this example, Google Application Default Credentials are used for authentication.

For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.

Other authentication options

To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:

iapService, err := iap.NewService(ctx, option.WithAPIKey("AIza..."))

To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:

config := &oauth2.Config{...}
// ...
token, err := config.Exchange(ctx, ...)
iapService, err := iap.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))

See https://godoc.org/google.golang.org/api/option/ for details on options.

Index

Package Files

iap-gen.go

Constants

const (
    // View and manage your data across Google Cloud Platform services
    CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
)

OAuth2 scopes used by this API.

type Binding Uses

type Binding struct {
    // Condition: The condition that is associated with this binding.
    // NOTE: An unsatisfied condition will not allow user access via
    // current
    // binding. Different bindings, including their conditions, are
    // examined
    // independently.
    Condition *Expr `json:"condition,omitempty"`

    // Members: Specifies the identities requesting access for a Cloud
    // Platform resource.
    // `members` can have the following values:
    //
    // * `allUsers`: A special identifier that represents anyone who is
    //    on the internet; with or without a Google account.
    //
    // * `allAuthenticatedUsers`: A special identifier that represents
    // anyone
    //    who is authenticated with a Google account or a service
    // account.
    //
    // * `user:{emailid}`: An email address that represents a specific
    // Google
    //    account. For example, `alice@example.com` .
    //
    //
    // * `serviceAccount:{emailid}`: An email address that represents a
    // service
    //    account. For example,
    // `my-other-app@appspot.gserviceaccount.com`.
    //
    // * `group:{emailid}`: An email address that represents a Google
    // group.
    //    For example, `admins@example.com`.
    //
    // * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
    // unique
    //    identifier) representing a user that has been recently deleted.
    // For
    //    example, `alice@example.com?uid=123456789012345678901`. If the
    // user is
    //    recovered, this value reverts to `user:{emailid}` and the
    // recovered user
    //    retains the role in the binding.
    //
    // * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address
    // (plus
    //    unique identifier) representing a service account that has been
    // recently
    //    deleted. For example,
    //
    // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
    //
    //    If the service account is undeleted, this value reverts to
    //    `serviceAccount:{emailid}` and the undeleted service account
    // retains the
    //    role in the binding.
    //
    // * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus
    // unique
    //    identifier) representing a Google group that has been recently
    //    deleted. For example,
    // `admins@example.com?uid=123456789012345678901`. If
    //    the group is recovered, this value reverts to `group:{emailid}`
    // and the
    //    recovered group retains the role in the binding.
    //
    //
    // * `domain:{domain}`: The G Suite domain (primary) that represents all
    // the
    //    users of that domain. For example, `google.com` or
    // `example.com`.
    //
    //
    Members []string `json:"members,omitempty"`

    // Role: Role that is assigned to `members`.
    // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
    Role string `json:"role,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Condition") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Condition") to include in
    // API requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

Binding: Associates `members` with a `role`.

func (*Binding) MarshalJSON Uses

func (s *Binding) MarshalJSON() ([]byte, error)

type Expr Uses

type Expr struct {
    // Description: An optional description of the expression. This is a
    // longer text which
    // describes the expression, e.g. when hovered over it in a UI.
    Description string `json:"description,omitempty"`

    // Expression: Textual representation of an expression in
    // Common Expression Language syntax.
    //
    // The application context of the containing message determines
    // which
    // well-known feature set of CEL is supported.
    Expression string `json:"expression,omitempty"`

    // Location: An optional string indicating the location of the
    // expression for error
    // reporting, e.g. a file name and a position in the file.
    Location string `json:"location,omitempty"`

    // Title: An optional title for the expression, i.e. a short string
    // describing
    // its purpose. This can be used e.g. in UIs which allow to enter
    // the
    // expression.
    Title string `json:"title,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Description") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Description") to include
    // in API requests with the JSON null value. By default, fields with
    // empty values are omitted from API requests. However, any field with
    // an empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

Expr: Represents an expression text. Example:

title: "User account presence"
description: "Determines whether the request has a user account"
expression: "size(request.user) > 0"

func (*Expr) MarshalJSON Uses

func (s *Expr) MarshalJSON() ([]byte, error)

type GetIamPolicyRequest Uses

type GetIamPolicyRequest struct {
    // Options: OPTIONAL: A `GetPolicyOptions` object for specifying options
    // to
    // `GetIamPolicy`. This field is only used by Cloud IAM.
    Options *GetPolicyOptions `json:"options,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Options") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Options") to include in
    // API requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

GetIamPolicyRequest: Request message for `GetIamPolicy` method.

func (*GetIamPolicyRequest) MarshalJSON Uses

func (s *GetIamPolicyRequest) MarshalJSON() ([]byte, error)

type GetPolicyOptions Uses

type GetPolicyOptions struct {
    // RequestedPolicyVersion: Optional. The policy format version to be
    // returned.
    //
    // Valid values are 0, 1, and 3. Requests specifying an invalid value
    // will be
    // rejected.
    //
    // Requests for policies with any conditional bindings must specify
    // version 3.
    // Policies without any conditional bindings may specify any valid value
    // or
    // leave the field unset.
    RequestedPolicyVersion int64 `json:"requestedPolicyVersion,omitempty"`

    // ForceSendFields is a list of field names (e.g.
    // "RequestedPolicyVersion") to unconditionally include in API requests.
    // By default, fields with empty values are omitted from API requests.
    // However, any non-pointer, non-interface field appearing in
    // ForceSendFields will be sent to the server regardless of whether the
    // field is empty or not. This may be used to include empty fields in
    // Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "RequestedPolicyVersion")
    // to include in API requests with the JSON null value. By default,
    // fields with empty values are omitted from API requests. However, any
    // field with an empty value appearing in NullFields will be sent to the
    // server as null. It is an error if a field in this list has a
    // non-empty value. This may be used to include null fields in Patch
    // requests.
    NullFields []string `json:"-"`
}

GetPolicyOptions: Encapsulates settings provided to GetIamPolicy.

func (*GetPolicyOptions) MarshalJSON Uses

func (s *GetPolicyOptions) MarshalJSON() ([]byte, error)

type Policy Uses

type Policy struct {
    // Bindings: Associates a list of `members` to a `role`. Optionally, may
    // specify a
    // `condition` that determines how and when the `bindings` are applied.
    // Each
    // of the `bindings` must contain at least one member.
    Bindings []*Binding `json:"bindings,omitempty"`

    // Etag: `etag` is used for optimistic concurrency control as a way to
    // help
    // prevent simultaneous updates of a policy from overwriting each
    // other.
    // It is strongly suggested that systems make use of the `etag` in
    // the
    // read-modify-write cycle to perform policy updates in order to avoid
    // race
    // conditions: An `etag` is returned in the response to `getIamPolicy`,
    // and
    // systems are expected to put that etag in the request to
    // `setIamPolicy` to
    // ensure that their change will be applied to the same version of the
    // policy.
    //
    // **Important:** If you use IAM Conditions, you must include the `etag`
    // field
    // whenever you call `setIamPolicy`. If you omit this field, then IAM
    // allows
    // you to overwrite a version `3` policy with a version `1` policy, and
    // all of
    // the conditions in the version `3` policy are lost.
    Etag string `json:"etag,omitempty"`

    // Version: Specifies the format of the policy.
    //
    // Valid values are `0`, `1`, and `3`. Requests that specify an invalid
    // value
    // are rejected.
    //
    // Any operation that affects conditional role bindings must specify
    // version
    // `3`. This requirement applies to the following operations:
    //
    // * Getting a policy that includes a conditional role binding
    // * Adding a conditional role binding to a policy
    // * Changing a conditional role binding in a policy
    // * Removing any role binding, with or without a condition, from a
    // policy
    //   that includes conditions
    //
    // **Important:** If you use IAM Conditions, you must include the `etag`
    // field
    // whenever you call `setIamPolicy`. If you omit this field, then IAM
    // allows
    // you to overwrite a version `3` policy with a version `1` policy, and
    // all of
    // the conditions in the version `3` policy are lost.
    //
    // If a policy does not include any conditions, operations on that
    // policy may
    // specify any valid version or leave the field unset.
    Version int64 `json:"version,omitempty"`

    // ServerResponse contains the HTTP response code and headers from the
    // server.
    googleapi.ServerResponse `json:"-"`

    // ForceSendFields is a list of field names (e.g. "Bindings") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Bindings") to include in
    // API requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

Policy: An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role.

Optionally, a `binding` can specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both.

**JSON example:**

{
  "bindings": [
    {
      "role": "roles/resourcemanager.organizationAdmin",
      "members": [
        "user:mike@example.com",
        "group:admins@example.com",
        "domain:google.com",

"serviceAccount:my-project-id@appspot.gserviceaccount.com"

  ]
},
{
  "role": "roles/resourcemanager.organizationViewer",
  "members": ["user:eve@example.com"],
  "condition": {
    "title": "expirable access",
    "description": "Does not grant access after Sep 2020",
    "expression": "request.time <

timestamp('2020-10-01T00:00:00.000Z')",

      }
    }
  ],
  "etag": "BwWWja0YfJA=",
  "version": 3
}

**YAML example:**

bindings:
- members:
  - user:mike@example.com
  - group:admins@example.com
  - domain:google.com
  - serviceAccount:my-project-id@appspot.gserviceaccount.com
  role: roles/resourcemanager.organizationAdmin
- members:
  - user:eve@example.com
  role: roles/resourcemanager.organizationViewer
  condition:
    title: expirable access
    description: Does not grant access after Sep 2020
    expression: request.time <

timestamp('2020-10-01T00:00:00.000Z')

- etag: BwWWja0YfJA=
- version: 3

For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).

func (*Policy) MarshalJSON Uses

func (s *Policy) MarshalJSON() ([]byte, error)

type Service Uses

type Service struct {
    BasePath  string // API endpoint base URL
    UserAgent string // optional additional User-Agent fragment

    V1beta1 *V1beta1Service
    // contains filtered or unexported fields
}

func New Uses

func New(client *http.Client) (*Service, error)

New creates a new Service. It uses the provided http.Client for requests.

Deprecated: please use NewService instead. To provide a custom HTTP client, use option.WithHTTPClient. If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.

func NewService Uses

func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error)

NewService creates a new Service.

type SetIamPolicyRequest Uses

type SetIamPolicyRequest struct {
    // Policy: REQUIRED: The complete policy to be applied to the
    // `resource`. The size of
    // the policy is limited to a few 10s of KB. An empty policy is a
    // valid policy but certain Cloud Platform services (such as
    // Projects)
    // might reject them.
    Policy *Policy `json:"policy,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Policy") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Policy") to include in API
    // requests with the JSON null value. By default, fields with empty
    // values are omitted from API requests. However, any field with an
    // empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

SetIamPolicyRequest: Request message for `SetIamPolicy` method.

func (*SetIamPolicyRequest) MarshalJSON Uses

func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error)

type TestIamPermissionsRequest Uses

type TestIamPermissionsRequest struct {
    // Permissions: The set of permissions to check for the `resource`.
    // Permissions with
    // wildcards (such as '*' or 'storage.*') are not allowed. For
    // more
    // information see
    // [IAM
    // Overview](https://cloud.google.com/iam/docs/overview#permissions).
    Permissions []string `json:"permissions,omitempty"`

    // ForceSendFields is a list of field names (e.g. "Permissions") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Permissions") to include
    // in API requests with the JSON null value. By default, fields with
    // empty values are omitted from API requests. However, any field with
    // an empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

TestIamPermissionsRequest: Request message for `TestIamPermissions` method.

func (*TestIamPermissionsRequest) MarshalJSON Uses

func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error)

type TestIamPermissionsResponse Uses

type TestIamPermissionsResponse struct {
    // Permissions: A subset of `TestPermissionsRequest.permissions` that
    // the caller is
    // allowed.
    Permissions []string `json:"permissions,omitempty"`

    // ServerResponse contains the HTTP response code and headers from the
    // server.
    googleapi.ServerResponse `json:"-"`

    // ForceSendFields is a list of field names (e.g. "Permissions") to
    // unconditionally include in API requests. By default, fields with
    // empty values are omitted from API requests. However, any non-pointer,
    // non-interface field appearing in ForceSendFields will be sent to the
    // server regardless of whether the field is empty or not. This may be
    // used to include empty fields in Patch requests.
    ForceSendFields []string `json:"-"`

    // NullFields is a list of field names (e.g. "Permissions") to include
    // in API requests with the JSON null value. By default, fields with
    // empty values are omitted from API requests. However, any field with
    // an empty value appearing in NullFields will be sent to the server as
    // null. It is an error if a field in this list has a non-empty value.
    // This may be used to include null fields in Patch requests.
    NullFields []string `json:"-"`
}

TestIamPermissionsResponse: Response message for `TestIamPermissions` method.

func (*TestIamPermissionsResponse) MarshalJSON Uses

func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error)

type V1beta1GetIamPolicyCall Uses

type V1beta1GetIamPolicyCall struct {
    // contains filtered or unexported fields
}

func (*V1beta1GetIamPolicyCall) Context Uses

func (c *V1beta1GetIamPolicyCall) Context(ctx context.Context) *V1beta1GetIamPolicyCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*V1beta1GetIamPolicyCall) Do Uses

func (c *V1beta1GetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)

Do executes the "iap.getIamPolicy" call. Exactly one of *Policy or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *Policy.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*V1beta1GetIamPolicyCall) Fields Uses

func (c *V1beta1GetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1GetIamPolicyCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*V1beta1GetIamPolicyCall) Header Uses

func (c *V1beta1GetIamPolicyCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type V1beta1Service Uses

type V1beta1Service struct {
    // contains filtered or unexported fields
}

func NewV1beta1Service Uses

func NewV1beta1Service(s *Service) *V1beta1Service

func (*V1beta1Service) GetIamPolicy Uses

func (r *V1beta1Service) GetIamPolicy(resource string, getiampolicyrequest *GetIamPolicyRequest) *V1beta1GetIamPolicyCall

GetIamPolicy: Gets the access control policy for an Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api

func (*V1beta1Service) SetIamPolicy Uses

func (r *V1beta1Service) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *V1beta1SetIamPolicyCall

SetIamPolicy: Sets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api

func (*V1beta1Service) TestIamPermissions Uses

func (r *V1beta1Service) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *V1beta1TestIamPermissionsCall

TestIamPermissions: Returns permissions that a caller has on the Identity-Aware Proxy protected resource. If the resource does not exist or the caller does not have Identity-Aware Proxy permissions a [google.rpc.Code.PERMISSION_DENIED] will be returned. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_ via_the_api

type V1beta1SetIamPolicyCall Uses

type V1beta1SetIamPolicyCall struct {
    // contains filtered or unexported fields
}

func (*V1beta1SetIamPolicyCall) Context Uses

func (c *V1beta1SetIamPolicyCall) Context(ctx context.Context) *V1beta1SetIamPolicyCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*V1beta1SetIamPolicyCall) Do Uses

func (c *V1beta1SetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error)

Do executes the "iap.setIamPolicy" call. Exactly one of *Policy or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *Policy.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*V1beta1SetIamPolicyCall) Fields Uses

func (c *V1beta1SetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1SetIamPolicyCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*V1beta1SetIamPolicyCall) Header Uses

func (c *V1beta1SetIamPolicyCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

type V1beta1TestIamPermissionsCall Uses

type V1beta1TestIamPermissionsCall struct {
    // contains filtered or unexported fields
}

func (*V1beta1TestIamPermissionsCall) Context Uses

func (c *V1beta1TestIamPermissionsCall) Context(ctx context.Context) *V1beta1TestIamPermissionsCall

Context sets the context to be used in this call's Do method. Any pending HTTP request will be aborted if the provided context is canceled.

func (*V1beta1TestIamPermissionsCall) Do Uses

func (c *V1beta1TestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error)

Do executes the "iap.testIamPermissions" call. Exactly one of *TestIamPermissionsResponse or error will be non-nil. Any non-2xx status code is an error. Response headers are in either *TestIamPermissionsResponse.ServerResponse.Header or (if a response was returned at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check whether the returned error was because http.StatusNotModified was returned.

func (*V1beta1TestIamPermissionsCall) Fields Uses

func (c *V1beta1TestIamPermissionsCall) Fields(s ...googleapi.Field) *V1beta1TestIamPermissionsCall

Fields allows partial responses to be retrieved. See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.

func (*V1beta1TestIamPermissionsCall) Header Uses

func (c *V1beta1TestIamPermissionsCall) Header() http.Header

Header returns an http.Header that can be modified by the caller to add HTTP headers to the request.

Package iap imports 14 packages (graph) and is imported by 1 packages. Updated 2020-01-17. Refresh now. Tools for package owners.