Copyright | (c) 2015-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- OAuth Scopes
- API Declaration
- Resources
- iam.iamPolicies.lintPolicy
- iam.iamPolicies.queryAuditableServices
- iam.organizations.roles.create
- iam.organizations.roles.delete
- iam.organizations.roles.get
- iam.organizations.roles.list
- iam.organizations.roles.patch
- iam.organizations.roles.undelete
- iam.permissions.queryTestablePermissions
- iam.projects.roles.create
- iam.projects.roles.delete
- iam.projects.roles.get
- iam.projects.roles.list
- iam.projects.roles.patch
- iam.projects.roles.undelete
- iam.projects.serviceAccounts.create
- iam.projects.serviceAccounts.delete
- iam.projects.serviceAccounts.get
- iam.projects.serviceAccounts.getIamPolicy
- iam.projects.serviceAccounts.keys.create
- iam.projects.serviceAccounts.keys.delete
- iam.projects.serviceAccounts.keys.get
- iam.projects.serviceAccounts.keys.list
- iam.projects.serviceAccounts.list
- iam.projects.serviceAccounts.setIamPolicy
- iam.projects.serviceAccounts.signBlob
- iam.projects.serviceAccounts.signJwt
- iam.projects.serviceAccounts.testIamPermissions
- iam.projects.serviceAccounts.update
- iam.roles.get
- iam.roles.list
- iam.roles.queryGrantableRoles
- Types
- LintPolicyResponse
- CreateServiceAccountKeyRequestPrivateKeyType
- UndeleteRoleRequest
- AuditConfig
- Expr
- PermissionStage
- AuditableService
- QueryAuditableServicesRequest
- QueryGrantableRolesRequestView
- Empty
- QueryTestablePermissionsResponse
- AuditData
- QueryAuditableServicesResponse
- ServiceAccountKey
- LintResult
- CreateServiceAccountKeyRequest
- SetIAMPolicyRequest
- SignJwtResponse
- BindingDelta
- LintPolicyRequestContext
- SignBlobRequest
- ListServiceAccountKeysResponse
- Role
- ServiceAccount
- QueryTestablePermissionsRequest
- BindingDeltaAction
- AuditLogConfigLogType
- QueryGrantableRolesResponse
- Xgafv
- TestIAMPermissionsRequest
- LintResultSeverity
- TestIAMPermissionsResponse
- LintResultLevel
- Policy
- RoleStage
- PolicyDelta
- QueryGrantableRolesRequest
- SignJwtRequest
- ServiceAccountKeyKeyAlgorithm
- AuditLogConfig
- Permission
- SignBlobResponse
- ListServiceAccountsResponse
- LintPolicyRequest
- ListRolesResponse
- CreateServiceAccountKeyRequestKeyAlgorithm
- PermissionCustomRolesSupportLevel
- CreateServiceAccountRequest
- CreateRoleRequest
- ServiceAccountKeyPrivateKeyType
- Binding
Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.
Synopsis
- iAMService :: ServiceConfig
- cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"]
- type IAMAPI = RolesListResource :<|> (RolesGetResource :<|> (RolesQueryGrantableRolesResource :<|> (IAMPoliciesLintPolicyResource :<|> (IAMPoliciesQueryAuditableServicesResource :<|> (PermissionsQueryTestablePermissionsResource :<|> (OrganizationsRolesListResource :<|> (OrganizationsRolesUndeleteResource :<|> (OrganizationsRolesPatchResource :<|> (OrganizationsRolesGetResource :<|> (OrganizationsRolesCreateResource :<|> (OrganizationsRolesDeleteResource :<|> (ProjectsRolesListResource :<|> (ProjectsRolesUndeleteResource :<|> (ProjectsRolesPatchResource :<|> (ProjectsRolesGetResource :<|> (ProjectsRolesCreateResource :<|> (ProjectsRolesDeleteResource :<|> (ProjectsServiceAccountsKeysListResource :<|> (ProjectsServiceAccountsKeysGetResource :<|> (ProjectsServiceAccountsKeysCreateResource :<|> (ProjectsServiceAccountsKeysDeleteResource :<|> (ProjectsServiceAccountsListResource :<|> (ProjectsServiceAccountsSignJwtResource :<|> (ProjectsServiceAccountsGetIAMPolicyResource :<|> (ProjectsServiceAccountsGetResource :<|> (ProjectsServiceAccountsCreateResource :<|> (ProjectsServiceAccountsSetIAMPolicyResource :<|> (ProjectsServiceAccountsSignBlobResource :<|> (ProjectsServiceAccountsTestIAMPermissionsResource :<|> (ProjectsServiceAccountsDeleteResource :<|> ProjectsServiceAccountsUpdateResource))))))))))))))))))))))))))))))
- module Network.Google.Resource.IAM.IAMPolicies.LintPolicy
- module Network.Google.Resource.IAM.IAMPolicies.QueryAuditableServices
- module Network.Google.Resource.IAM.Organizations.Roles.Create
- module Network.Google.Resource.IAM.Organizations.Roles.Delete
- module Network.Google.Resource.IAM.Organizations.Roles.Get
- module Network.Google.Resource.IAM.Organizations.Roles.List
- module Network.Google.Resource.IAM.Organizations.Roles.Patch
- module Network.Google.Resource.IAM.Organizations.Roles.Undelete
- module Network.Google.Resource.IAM.Permissions.QueryTestablePermissions
- module Network.Google.Resource.IAM.Projects.Roles.Create
- module Network.Google.Resource.IAM.Projects.Roles.Delete
- module Network.Google.Resource.IAM.Projects.Roles.Get
- module Network.Google.Resource.IAM.Projects.Roles.List
- module Network.Google.Resource.IAM.Projects.Roles.Patch
- module Network.Google.Resource.IAM.Projects.Roles.Undelete
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Create
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Delete
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Get
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.GetIAMPolicy
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.Create
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.Delete
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.Get
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.List
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.List
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.SetIAMPolicy
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.SignBlob
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.SignJwt
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.TestIAMPermissions
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Update
- module Network.Google.Resource.IAM.Roles.Get
- module Network.Google.Resource.IAM.Roles.List
- module Network.Google.Resource.IAM.Roles.QueryGrantableRoles
- data LintPolicyResponse
- lintPolicyResponse :: LintPolicyResponse
- lprLintResults :: Lens' LintPolicyResponse [LintResult]
- data CreateServiceAccountKeyRequestPrivateKeyType
- data UndeleteRoleRequest
- undeleteRoleRequest :: UndeleteRoleRequest
- urrEtag :: Lens' UndeleteRoleRequest (Maybe ByteString)
- data AuditConfig
- auditConfig :: AuditConfig
- acService :: Lens' AuditConfig (Maybe Text)
- acAuditLogConfigs :: Lens' AuditConfig [AuditLogConfig]
- data Expr
- expr :: Expr
- eLocation :: Lens' Expr (Maybe Text)
- eExpression :: Lens' Expr (Maybe Text)
- eTitle :: Lens' Expr (Maybe Text)
- eDescription :: Lens' Expr (Maybe Text)
- data PermissionStage
- = Alpha
- | Beta
- | GA
- | Deprecated
- data AuditableService
- auditableService :: AuditableService
- asName :: Lens' AuditableService (Maybe Text)
- data QueryAuditableServicesRequest
- queryAuditableServicesRequest :: QueryAuditableServicesRequest
- qasrFullResourceName :: Lens' QueryAuditableServicesRequest (Maybe Text)
- data QueryGrantableRolesRequestView
- data Empty
- empty :: Empty
- data QueryTestablePermissionsResponse
- queryTestablePermissionsResponse :: QueryTestablePermissionsResponse
- qtprNextPageToken :: Lens' QueryTestablePermissionsResponse (Maybe Text)
- qtprPermissions :: Lens' QueryTestablePermissionsResponse [Permission]
- data AuditData
- auditData :: AuditData
- adPolicyDelta :: Lens' AuditData (Maybe PolicyDelta)
- data QueryAuditableServicesResponse
- queryAuditableServicesResponse :: QueryAuditableServicesResponse
- qasrServices :: Lens' QueryAuditableServicesResponse [AuditableService]
- data ServiceAccountKey
- serviceAccountKey :: ServiceAccountKey
- sakValidAfterTime :: Lens' ServiceAccountKey (Maybe UTCTime)
- sakPrivateKeyData :: Lens' ServiceAccountKey (Maybe ByteString)
- sakPublicKeyData :: Lens' ServiceAccountKey (Maybe ByteString)
- sakName :: Lens' ServiceAccountKey (Maybe Text)
- sakPrivateKeyType :: Lens' ServiceAccountKey (Maybe ServiceAccountKeyPrivateKeyType)
- sakValidBeforeTime :: Lens' ServiceAccountKey (Maybe UTCTime)
- sakKeyAlgorithm :: Lens' ServiceAccountKey (Maybe ServiceAccountKeyKeyAlgorithm)
- data LintResult
- lintResult :: LintResult
- lrValidationUnitName :: Lens' LintResult (Maybe Text)
- lrDebugMessage :: Lens' LintResult (Maybe Text)
- lrLocationOffSet :: Lens' LintResult (Maybe Int32)
- lrSeverity :: Lens' LintResult (Maybe LintResultSeverity)
- lrBindingOrdinal :: Lens' LintResult (Maybe Int32)
- lrFieldName :: Lens' LintResult (Maybe Text)
- lrLevel :: Lens' LintResult (Maybe LintResultLevel)
- data CreateServiceAccountKeyRequest
- createServiceAccountKeyRequest :: CreateServiceAccountKeyRequest
- csakrPrivateKeyType :: Lens' CreateServiceAccountKeyRequest (Maybe CreateServiceAccountKeyRequestPrivateKeyType)
- csakrKeyAlgorithm :: Lens' CreateServiceAccountKeyRequest (Maybe CreateServiceAccountKeyRequestKeyAlgorithm)
- data SetIAMPolicyRequest
- setIAMPolicyRequest :: SetIAMPolicyRequest
- siprUpdateMask :: Lens' SetIAMPolicyRequest (Maybe GFieldMask)
- siprPolicy :: Lens' SetIAMPolicyRequest (Maybe Policy)
- data SignJwtResponse
- signJwtResponse :: SignJwtResponse
- sjrKeyId :: Lens' SignJwtResponse (Maybe Text)
- sjrSignedJwt :: Lens' SignJwtResponse (Maybe Text)
- data BindingDelta
- bindingDelta :: BindingDelta
- bdAction :: Lens' BindingDelta (Maybe BindingDeltaAction)
- bdRole :: Lens' BindingDelta (Maybe Text)
- bdMember :: Lens' BindingDelta (Maybe Text)
- bdCondition :: Lens' BindingDelta (Maybe Expr)
- data LintPolicyRequestContext
- lintPolicyRequestContext :: HashMap Text JSONValue -> LintPolicyRequestContext
- lprcAddtional :: Lens' LintPolicyRequestContext (HashMap Text JSONValue)
- data SignBlobRequest
- signBlobRequest :: SignBlobRequest
- sbrBytesToSign :: Lens' SignBlobRequest (Maybe ByteString)
- data ListServiceAccountKeysResponse
- listServiceAccountKeysResponse :: ListServiceAccountKeysResponse
- lsakrKeys :: Lens' ListServiceAccountKeysResponse [ServiceAccountKey]
- data Role
- role' :: Role
- rStage :: Lens' Role (Maybe RoleStage)
- rEtag :: Lens' Role (Maybe ByteString)
- rIncludedPermissions :: Lens' Role [Text]
- rName :: Lens' Role (Maybe Text)
- rDeleted :: Lens' Role (Maybe Bool)
- rTitle :: Lens' Role (Maybe Text)
- rDescription :: Lens' Role (Maybe Text)
- data ServiceAccount
- serviceAccount :: ServiceAccount
- saEmail :: Lens' ServiceAccount (Maybe Text)
- saEtag :: Lens' ServiceAccount (Maybe ByteString)
- saUniqueId :: Lens' ServiceAccount (Maybe Text)
- saName :: Lens' ServiceAccount (Maybe Text)
- saDisplayName :: Lens' ServiceAccount (Maybe Text)
- saProjectId :: Lens' ServiceAccount (Maybe Text)
- saOAuth2ClientId :: Lens' ServiceAccount (Maybe Text)
- data QueryTestablePermissionsRequest
- queryTestablePermissionsRequest :: QueryTestablePermissionsRequest
- qtprFullResourceName :: Lens' QueryTestablePermissionsRequest (Maybe Text)
- qtprPageToken :: Lens' QueryTestablePermissionsRequest (Maybe Text)
- qtprPageSize :: Lens' QueryTestablePermissionsRequest (Maybe Int32)
- data BindingDeltaAction
- data AuditLogConfigLogType
- data QueryGrantableRolesResponse
- queryGrantableRolesResponse :: QueryGrantableRolesResponse
- qgrrRoles :: Lens' QueryGrantableRolesResponse [Role]
- qgrrNextPageToken :: Lens' QueryGrantableRolesResponse (Maybe Text)
- data Xgafv
- data TestIAMPermissionsRequest
- testIAMPermissionsRequest :: TestIAMPermissionsRequest
- tiprPermissions :: Lens' TestIAMPermissionsRequest [Text]
- data LintResultSeverity
- data TestIAMPermissionsResponse
- testIAMPermissionsResponse :: TestIAMPermissionsResponse
- tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text]
- data LintResultLevel
- data Policy
- policy :: Policy
- pAuditConfigs :: Lens' Policy [AuditConfig]
- pEtag :: Lens' Policy (Maybe ByteString)
- pVersion :: Lens' Policy (Maybe Int32)
- pBindings :: Lens' Policy [Binding]
- data RoleStage
- = RSAlpha
- | RSBeta
- | RSGA
- | RSDeprecated
- | RSDisabled
- | RSEap
- data PolicyDelta
- policyDelta :: PolicyDelta
- pdBindingDeltas :: Lens' PolicyDelta [BindingDelta]
- data QueryGrantableRolesRequest
- queryGrantableRolesRequest :: QueryGrantableRolesRequest
- qgrrFullResourceName :: Lens' QueryGrantableRolesRequest (Maybe Text)
- qgrrView :: Lens' QueryGrantableRolesRequest (Maybe QueryGrantableRolesRequestView)
- qgrrPageToken :: Lens' QueryGrantableRolesRequest (Maybe Text)
- qgrrPageSize :: Lens' QueryGrantableRolesRequest (Maybe Int32)
- data SignJwtRequest
- signJwtRequest :: SignJwtRequest
- sjrPayload :: Lens' SignJwtRequest (Maybe Text)
- data ServiceAccountKeyKeyAlgorithm
- data AuditLogConfig
- auditLogConfig :: AuditLogConfig
- alcLogType :: Lens' AuditLogConfig (Maybe AuditLogConfigLogType)
- alcExemptedMembers :: Lens' AuditLogConfig [Text]
- data Permission
- permission :: Permission
- pStage :: Lens' Permission (Maybe PermissionStage)
- pOnlyInPredefinedRoles :: Lens' Permission (Maybe Bool)
- pCustomRolesSupportLevel :: Lens' Permission (Maybe PermissionCustomRolesSupportLevel)
- pName :: Lens' Permission (Maybe Text)
- pTitle :: Lens' Permission (Maybe Text)
- pAPIdisabled :: Lens' Permission (Maybe Bool)
- pDescription :: Lens' Permission (Maybe Text)
- data SignBlobResponse
- signBlobResponse :: SignBlobResponse
- sbrSignature :: Lens' SignBlobResponse (Maybe ByteString)
- sbrKeyId :: Lens' SignBlobResponse (Maybe Text)
- data ListServiceAccountsResponse
- listServiceAccountsResponse :: ListServiceAccountsResponse
- lsarNextPageToken :: Lens' ListServiceAccountsResponse (Maybe Text)
- lsarAccounts :: Lens' ListServiceAccountsResponse [ServiceAccount]
- data LintPolicyRequest
- lintPolicyRequest :: LintPolicyRequest
- lprContext :: Lens' LintPolicyRequest (Maybe LintPolicyRequestContext)
- lprFullResourceName :: Lens' LintPolicyRequest (Maybe Text)
- lprPolicy :: Lens' LintPolicyRequest (Maybe Policy)
- lprCondition :: Lens' LintPolicyRequest (Maybe Expr)
- lprBinding :: Lens' LintPolicyRequest (Maybe Binding)
- data ListRolesResponse
- listRolesResponse :: ListRolesResponse
- lrrRoles :: Lens' ListRolesResponse [Role]
- lrrNextPageToken :: Lens' ListRolesResponse (Maybe Text)
- data CreateServiceAccountKeyRequestKeyAlgorithm
- data PermissionCustomRolesSupportLevel
- data CreateServiceAccountRequest
- createServiceAccountRequest :: CreateServiceAccountRequest
- csarServiceAccount :: Lens' CreateServiceAccountRequest (Maybe ServiceAccount)
- csarAccountId :: Lens' CreateServiceAccountRequest (Maybe Text)
- data CreateRoleRequest
- createRoleRequest :: CreateRoleRequest
- crrRoleId :: Lens' CreateRoleRequest (Maybe Text)
- crrRole :: Lens' CreateRoleRequest (Maybe Role)
- data ServiceAccountKeyPrivateKeyType
- data Binding
- binding :: Binding
- bMembers :: Lens' Binding [Text]
- bRole :: Lens' Binding (Maybe Text)
- bCondition :: Lens' Binding (Maybe Expr)
Service Configuration
iAMService :: ServiceConfig Source #
Default request referring to version v1
of the Identity and Access Management (IAM) API. This contains the host and root path used as a starting point for constructing service requests.
OAuth Scopes
cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"] Source #
View and manage your data across Google Cloud Platform services
API Declaration
type IAMAPI = RolesListResource :<|> (RolesGetResource :<|> (RolesQueryGrantableRolesResource :<|> (IAMPoliciesLintPolicyResource :<|> (IAMPoliciesQueryAuditableServicesResource :<|> (PermissionsQueryTestablePermissionsResource :<|> (OrganizationsRolesListResource :<|> (OrganizationsRolesUndeleteResource :<|> (OrganizationsRolesPatchResource :<|> (OrganizationsRolesGetResource :<|> (OrganizationsRolesCreateResource :<|> (OrganizationsRolesDeleteResource :<|> (ProjectsRolesListResource :<|> (ProjectsRolesUndeleteResource :<|> (ProjectsRolesPatchResource :<|> (ProjectsRolesGetResource :<|> (ProjectsRolesCreateResource :<|> (ProjectsRolesDeleteResource :<|> (ProjectsServiceAccountsKeysListResource :<|> (ProjectsServiceAccountsKeysGetResource :<|> (ProjectsServiceAccountsKeysCreateResource :<|> (ProjectsServiceAccountsKeysDeleteResource :<|> (ProjectsServiceAccountsListResource :<|> (ProjectsServiceAccountsSignJwtResource :<|> (ProjectsServiceAccountsGetIAMPolicyResource :<|> (ProjectsServiceAccountsGetResource :<|> (ProjectsServiceAccountsCreateResource :<|> (ProjectsServiceAccountsSetIAMPolicyResource :<|> (ProjectsServiceAccountsSignBlobResource :<|> (ProjectsServiceAccountsTestIAMPermissionsResource :<|> (ProjectsServiceAccountsDeleteResource :<|> ProjectsServiceAccountsUpdateResource)))))))))))))))))))))))))))))) Source #
Represents the entirety of the methods and resources available for the Identity and Access Management (IAM) API service.
Resources
iam.iamPolicies.lintPolicy
iam.iamPolicies.queryAuditableServices
iam.organizations.roles.create
iam.organizations.roles.delete
iam.organizations.roles.get
iam.organizations.roles.list
iam.organizations.roles.patch
iam.organizations.roles.undelete
iam.permissions.queryTestablePermissions
iam.projects.roles.create
iam.projects.roles.delete
iam.projects.roles.get
iam.projects.roles.list
iam.projects.roles.patch
iam.projects.roles.undelete
iam.projects.serviceAccounts.create
iam.projects.serviceAccounts.delete
iam.projects.serviceAccounts.get
iam.projects.serviceAccounts.getIamPolicy
iam.projects.serviceAccounts.keys.create
iam.projects.serviceAccounts.keys.delete
iam.projects.serviceAccounts.keys.get
iam.projects.serviceAccounts.keys.list
iam.projects.serviceAccounts.list
iam.projects.serviceAccounts.setIamPolicy
iam.projects.serviceAccounts.signBlob
iam.projects.serviceAccounts.signJwt
iam.projects.serviceAccounts.testIamPermissions
iam.projects.serviceAccounts.update
iam.roles.get
iam.roles.list
iam.roles.queryGrantableRoles
Types
LintPolicyResponse
data LintPolicyResponse Source #
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
See: lintPolicyResponse
smart constructor.
Instances
lintPolicyResponse :: LintPolicyResponse Source #
Creates a value of LintPolicyResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lprLintResults :: Lens' LintPolicyResponse [LintResult] Source #
List of lint results sorted by a composite key, descending order of severity and ascending order of binding_ordinal. There is no certain order among the same keys. For cross-binding results (only if the input object to lint is instance of google.iam.v1.Policy), there will be a google.iam.admin.v1.LintResult for each of the involved bindings, and the associated debug_message may enumerate the other involved binding ordinal number(s).
CreateServiceAccountKeyRequestPrivateKeyType
data CreateServiceAccountKeyRequestPrivateKeyType Source #
The output format of the private key. The default value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format.
TypeUnspecified |
|
TypePKCS12File |
|
TypeGoogleCredentialsFile |
|
Instances
UndeleteRoleRequest
data UndeleteRoleRequest Source #
The request to undelete an existing role.
See: undeleteRoleRequest
smart constructor.
Instances
undeleteRoleRequest :: UndeleteRoleRequest Source #
Creates a value of UndeleteRoleRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
urrEtag :: Lens' UndeleteRoleRequest (Maybe ByteString) Source #
Used to perform a consistent read-modify-write.
AuditConfig
data AuditConfig Source #
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices" "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:foo'gmail.com" ] }, { "log_type": "DATA_WRITE", }, { "log_type": "ADMIN_READ", } ] }, { "service": "fooservice.googleapis.com" "audit_log_configs": [ { "log_type": "DATA_READ", }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:bar'gmail.com" ] } ] } ] } For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts foo'gmail.com from DATA_READ logging, and bar'gmail.com from DATA_WRITE logging.
See: auditConfig
smart constructor.
Instances
auditConfig :: AuditConfig Source #
Creates a value of AuditConfig
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
acService :: Lens' AuditConfig (Maybe Text) Source #
Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
acAuditLogConfigs :: Lens' AuditConfig [AuditLogConfig] Source #
The configuration for logging of each type of permission.
Expr
Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0"
See: expr
smart constructor.
Instances
Eq Expr Source # | |
Data Expr Source # | |
Defined in Network.Google.IAM.Types.Product gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Expr -> c Expr # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Expr # dataTypeOf :: Expr -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Expr) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Expr) # gmapT :: (forall b. Data b => b -> b) -> Expr -> Expr # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Expr -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Expr -> r # gmapQ :: (forall d. Data d => d -> u) -> Expr -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Expr -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Expr -> m Expr # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Expr -> m Expr # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Expr -> m Expr # | |
Show Expr Source # | |
Generic Expr Source # | |
ToJSON Expr Source # | |
Defined in Network.Google.IAM.Types.Product | |
FromJSON Expr Source # | |
type Rep Expr Source # | |
Defined in Network.Google.IAM.Types.Product type Rep Expr = D1 (MetaData "Expr" "Network.Google.IAM.Types.Product" "gogol-iam-0.4.0-IBWwIZHvdU38fPF72JMuUn" False) (C1 (MetaCons "Expr'" PrefixI True) ((S1 (MetaSel (Just "_eLocation") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: S1 (MetaSel (Just "_eExpression") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) :*: (S1 (MetaSel (Just "_eTitle") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: S1 (MetaSel (Just "_eDescription") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))))) |
Creates a value of Expr
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
eLocation :: Lens' Expr (Maybe Text) Source #
An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
eExpression :: Lens' Expr (Maybe Text) Source #
Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
eTitle :: Lens' Expr (Maybe Text) Source #
An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
eDescription :: Lens' Expr (Maybe Text) Source #
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
PermissionStage
data PermissionStage Source #
The current launch stage of the permission.
Alpha |
|
Beta |
|
GA |
|
Deprecated |
|
Instances
AuditableService
data AuditableService Source #
Contains information about an auditable service.
See: auditableService
smart constructor.
Instances
auditableService :: AuditableService Source #
Creates a value of AuditableService
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
asName :: Lens' AuditableService (Maybe Text) Source #
Public name of the service. For example, the service name for Cloud IAM is 'iam.googleapis.com'.
QueryAuditableServicesRequest
data QueryAuditableServicesRequest Source #
A request to get the list of auditable services for a resource.
See: queryAuditableServicesRequest
smart constructor.
Instances
queryAuditableServicesRequest :: QueryAuditableServicesRequest Source #
Creates a value of QueryAuditableServicesRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
qasrFullResourceName :: Lens' QueryAuditableServicesRequest (Maybe Text) Source #
Required. The full resource name to query from the list of auditable services. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
QueryGrantableRolesRequestView
data QueryGrantableRolesRequestView Source #
Basic |
|
Full |
|
Instances
Empty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
See: empty
smart constructor.
Instances
Eq Empty Source # | |
Data Empty Source # | |
Defined in Network.Google.IAM.Types.Product gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Empty -> c Empty # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Empty # dataTypeOf :: Empty -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Empty) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Empty) # gmapT :: (forall b. Data b => b -> b) -> Empty -> Empty # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Empty -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Empty -> r # gmapQ :: (forall d. Data d => d -> u) -> Empty -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Empty -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Empty -> m Empty # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Empty -> m Empty # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Empty -> m Empty # | |
Show Empty Source # | |
Generic Empty Source # | |
ToJSON Empty Source # | |
Defined in Network.Google.IAM.Types.Product | |
FromJSON Empty Source # | |
type Rep Empty Source # | |
QueryTestablePermissionsResponse
data QueryTestablePermissionsResponse Source #
The response containing permissions which can be tested on a resource.
See: queryTestablePermissionsResponse
smart constructor.
Instances
queryTestablePermissionsResponse :: QueryTestablePermissionsResponse Source #
Creates a value of QueryTestablePermissionsResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
qtprNextPageToken :: Lens' QueryTestablePermissionsResponse (Maybe Text) Source #
To retrieve the next page of results, set `QueryTestableRolesRequest.page_token` to this value.
qtprPermissions :: Lens' QueryTestablePermissionsResponse [Permission] Source #
The Permissions testable on the requested resource.
AuditData
Audit log information specific to Cloud IAM. This message is serialized as an `Any` type in the `ServiceData` message of an `AuditLog` message.
See: auditData
smart constructor.
Instances
Eq AuditData Source # | |
Data AuditData Source # | |
Defined in Network.Google.IAM.Types.Product gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> AuditData -> c AuditData # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c AuditData # toConstr :: AuditData -> Constr # dataTypeOf :: AuditData -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c AuditData) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c AuditData) # gmapT :: (forall b. Data b => b -> b) -> AuditData -> AuditData # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> AuditData -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> AuditData -> r # gmapQ :: (forall d. Data d => d -> u) -> AuditData -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> AuditData -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> AuditData -> m AuditData # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> AuditData -> m AuditData # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> AuditData -> m AuditData # | |
Show AuditData Source # | |
Generic AuditData Source # | |
ToJSON AuditData Source # | |
Defined in Network.Google.IAM.Types.Product | |
FromJSON AuditData Source # | |
type Rep AuditData Source # | |
Defined in Network.Google.IAM.Types.Product type Rep AuditData = D1 (MetaData "AuditData" "Network.Google.IAM.Types.Product" "gogol-iam-0.4.0-IBWwIZHvdU38fPF72JMuUn" True) (C1 (MetaCons "AuditData'" PrefixI True) (S1 (MetaSel (Just "_adPolicyDelta") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 (Maybe PolicyDelta)))) |
auditData :: AuditData Source #
Creates a value of AuditData
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
adPolicyDelta :: Lens' AuditData (Maybe PolicyDelta) Source #
Policy delta between the original policy and the newly set policy.
QueryAuditableServicesResponse
data QueryAuditableServicesResponse Source #
A response containing a list of auditable services for a resource.
See: queryAuditableServicesResponse
smart constructor.
Instances
queryAuditableServicesResponse :: QueryAuditableServicesResponse Source #
Creates a value of QueryAuditableServicesResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
qasrServices :: Lens' QueryAuditableServicesResponse [AuditableService] Source #
The auditable services for a resource.
ServiceAccountKey
data ServiceAccountKey Source #
Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. We recommend caching the public key set for a service account for no more than 24 hours to ensure you have access to the latest keys. Public keys for all service accounts are also published at the OAuth2 Service Account API.
See: serviceAccountKey
smart constructor.
Instances
serviceAccountKey :: ServiceAccountKey Source #
Creates a value of ServiceAccountKey
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sakValidAfterTime :: Lens' ServiceAccountKey (Maybe UTCTime) Source #
The key can be used after this timestamp.
sakPrivateKeyData :: Lens' ServiceAccountKey (Maybe ByteString) Source #
The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
sakPublicKeyData :: Lens' ServiceAccountKey (Maybe ByteString) Source #
The public key data. Only provided in `GetServiceAccountKey` responses.
sakName :: Lens' ServiceAccountKey (Maybe Text) Source #
The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
sakPrivateKeyType :: Lens' ServiceAccountKey (Maybe ServiceAccountKeyPrivateKeyType) Source #
The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
sakValidBeforeTime :: Lens' ServiceAccountKey (Maybe UTCTime) Source #
The key can be used before this timestamp.
sakKeyAlgorithm :: Lens' ServiceAccountKey (Maybe ServiceAccountKeyKeyAlgorithm) Source #
Specifies the algorithm (and possibly key size) for the key.
LintResult
data LintResult Source #
Structured response of a single validation unit.
See: lintResult
smart constructor.
Instances
lintResult :: LintResult Source #
Creates a value of LintResult
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lrValidationUnitName :: Lens' LintResult (Maybe Text) Source #
The validation unit name, for instance “lintValidationUnits/ConditionComplexityCheck”.
lrDebugMessage :: Lens' LintResult (Maybe Text) Source #
Human readable debug message associated with the issue.
lrLocationOffSet :: Lens' LintResult (Maybe Int32) Source #
0-based character position of problematic construct within the object identified by `field_name`. Currently, this is populated only for condition expression.
lrSeverity :: Lens' LintResult (Maybe LintResultSeverity) Source #
The validation unit severity.
lrBindingOrdinal :: Lens' LintResult (Maybe Int32) Source #
0-based index ordinality of the binding in the input object associated with this result. This field is populated only if the input object to lint is of type google.iam.v1.Policy, which can comprise more than one binding. It is set to -1 if the result is not associated with any particular binding and only targets the policy as a whole, such as results about policy size violations.
lrFieldName :: Lens' LintResult (Maybe Text) Source #
The name of the field for which this lint result is about. For nested messages, `field_name` consists of names of the embedded fields separated by period character. The top-level qualifier is the input object to lint in the request. For instance, if the lint request is on a google.iam.v1.Policy and this lint result is about a condition expression of one of the input policy bindings, the field would be populated as `policy.bindings.condition.expression`. This field does not identify the ordinality of the repetitive fields (for instance bindings in a policy).
lrLevel :: Lens' LintResult (Maybe LintResultLevel) Source #
The validation unit level.
CreateServiceAccountKeyRequest
data CreateServiceAccountKeyRequest Source #
The service account key create request.
See: createServiceAccountKeyRequest
smart constructor.
Instances
createServiceAccountKeyRequest :: CreateServiceAccountKeyRequest Source #
Creates a value of CreateServiceAccountKeyRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
csakrPrivateKeyType :: Lens' CreateServiceAccountKeyRequest (Maybe CreateServiceAccountKeyRequestPrivateKeyType) Source #
The output format of the private key. The default value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format.
csakrKeyAlgorithm :: Lens' CreateServiceAccountKeyRequest (Maybe CreateServiceAccountKeyRequestKeyAlgorithm) Source #
Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
SetIAMPolicyRequest
data SetIAMPolicyRequest Source #
Request message for `SetIamPolicy` method.
See: setIAMPolicyRequest
smart constructor.
Instances
setIAMPolicyRequest :: SetIAMPolicyRequest Source #
Creates a value of SetIAMPolicyRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
siprUpdateMask :: Lens' SetIAMPolicyRequest (Maybe GFieldMask) Source #
OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag" This field is only used by Cloud IAM.
siprPolicy :: Lens' SetIAMPolicyRequest (Maybe Policy) Source #
REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
SignJwtResponse
data SignJwtResponse Source #
The service account sign JWT response.
See: signJwtResponse
smart constructor.
Instances
signJwtResponse :: SignJwtResponse Source #
Creates a value of SignJwtResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sjrSignedJwt :: Lens' SignJwtResponse (Maybe Text) Source #
The signed JWT.
BindingDelta
data BindingDelta Source #
One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.
See: bindingDelta
smart constructor.
Instances
bindingDelta :: BindingDelta Source #
Creates a value of BindingDelta
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bdAction :: Lens' BindingDelta (Maybe BindingDeltaAction) Source #
The action that was performed on a Binding. Required
bdRole :: Lens' BindingDelta (Maybe Text) Source #
Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
bdMember :: Lens' BindingDelta (Maybe Text) Source #
A single identity requesting access for a Cloud Platform resource. Follows the same format of Binding.members. Required
bdCondition :: Lens' BindingDelta (Maybe Expr) Source #
Unimplemented. The condition that is associated with this binding. This field is logged only for Cloud Audit Logging.
LintPolicyRequestContext
data LintPolicyRequestContext Source #
`context` contains additional *permission-controlled* data that any lint unit may depend on, in form of `{key: value}` pairs. Currently, this field is non-operational and it will not be used during the lint operation.
See: lintPolicyRequestContext
smart constructor.
Instances
lintPolicyRequestContext Source #
Creates a value of LintPolicyRequestContext
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lprcAddtional :: Lens' LintPolicyRequestContext (HashMap Text JSONValue) Source #
Properties of the object.
SignBlobRequest
data SignBlobRequest Source #
The service account sign blob request.
See: signBlobRequest
smart constructor.
Instances
signBlobRequest :: SignBlobRequest Source #
Creates a value of SignBlobRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sbrBytesToSign :: Lens' SignBlobRequest (Maybe ByteString) Source #
The bytes to sign.
ListServiceAccountKeysResponse
data ListServiceAccountKeysResponse Source #
The service account keys list response.
See: listServiceAccountKeysResponse
smart constructor.
Instances
listServiceAccountKeysResponse :: ListServiceAccountKeysResponse Source #
Creates a value of ListServiceAccountKeysResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lsakrKeys :: Lens' ListServiceAccountKeysResponse [ServiceAccountKey] Source #
The public keys for the service account.
Role
A role in the Identity and Access Management API.
See: role'
smart constructor.
Instances
Eq Role Source # | |
Data Role Source # | |
Defined in Network.Google.IAM.Types.Product gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Role -> c Role # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Role # dataTypeOf :: Role -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Role) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Role) # gmapT :: (forall b. Data b => b -> b) -> Role -> Role # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Role -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Role -> r # gmapQ :: (forall d. Data d => d -> u) -> Role -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Role -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Role -> m Role # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Role -> m Role # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Role -> m Role # | |
Show Role Source # | |
Generic Role Source # | |
ToJSON Role Source # | |
Defined in Network.Google.IAM.Types.Product | |
FromJSON Role Source # | |
type Rep Role Source # | |
Defined in Network.Google.IAM.Types.Product type Rep Role = D1 (MetaData "Role" "Network.Google.IAM.Types.Product" "gogol-iam-0.4.0-IBWwIZHvdU38fPF72JMuUn" False) (C1 (MetaCons "Role'" PrefixI True) ((S1 (MetaSel (Just "_rStage") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe RoleStage)) :*: (S1 (MetaSel (Just "_rEtag") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Bytes)) :*: S1 (MetaSel (Just "_rIncludedPermissions") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Text])))) :*: ((S1 (MetaSel (Just "_rName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: S1 (MetaSel (Just "_rDeleted") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Bool))) :*: (S1 (MetaSel (Just "_rTitle") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: S1 (MetaSel (Just "_rDescription") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)))))) |
Creates a value of Role
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rStage :: Lens' Role (Maybe RoleStage) Source #
The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
rIncludedPermissions :: Lens' Role [Text] Source #
The names of the permissions this role grants when bound in an IAM policy.
rName :: Lens' Role (Maybe Text) Source #
The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for curated roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
rDeleted :: Lens' Role (Maybe Bool) Source #
The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
rTitle :: Lens' Role (Maybe Text) Source #
Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
rDescription :: Lens' Role (Maybe Text) Source #
Optional. A human-readable description for the role.
ServiceAccount
data ServiceAccount Source #
A service account in the Identity and Access Management API. To create a service account, specify the `project_id` and the `account_id` for the account. The `account_id` is unique within the project, and is used to generate the service account email address and a stable `unique_id`. If the account already exists, the account's resource name is returned in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller can use the name in other methods to access the account. All other methods can identify the service account using the format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
See: serviceAccount
smart constructor.
Instances
serviceAccount :: ServiceAccount Source #
Creates a value of ServiceAccount
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
saEmail :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly The email address of the service account.
saEtag :: Lens' ServiceAccount (Maybe ByteString) Source #
Optional. Note: `etag` is an inoperable legacy field that is only returned for backwards compatibility.
saUniqueId :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly The unique and stable id of the service account.
saName :: Lens' ServiceAccount (Maybe Text) Source #
The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Requests using `-` as a wildcard for the `PROJECT_ID` will infer the project from the `account` and the `ACCOUNT` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
saDisplayName :: Lens' ServiceAccount (Maybe Text) Source #
Optional. A user-specified name for the service account. Must be less than or equal to 100 UTF-8 bytes.
saProjectId :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly The id of the project that owns the service account.
saOAuth2ClientId :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly The OAuth2 client id for the service account. This is used in conjunction with the OAuth2 clientconfig API to make three legged OAuth2 (3LO) flows to access the data of Google users.
QueryTestablePermissionsRequest
data QueryTestablePermissionsRequest Source #
A request to get permissions which can be tested on a resource.
See: queryTestablePermissionsRequest
smart constructor.
Instances
queryTestablePermissionsRequest :: QueryTestablePermissionsRequest Source #
Creates a value of QueryTestablePermissionsRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
qtprFullResourceName :: Lens' QueryTestablePermissionsRequest (Maybe Text) Source #
Required. The full resource name to query from the list of testable permissions. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
qtprPageToken :: Lens' QueryTestablePermissionsRequest (Maybe Text) Source #
Optional pagination token returned in an earlier QueryTestablePermissionsRequest.
qtprPageSize :: Lens' QueryTestablePermissionsRequest (Maybe Int32) Source #
Optional limit on the number of permissions to include in the response.
BindingDeltaAction
data BindingDeltaAction Source #
The action that was performed on a Binding. Required
ActionUnspecified |
|
Add |
|
Remove |
|
Instances
AuditLogConfigLogType
data AuditLogConfigLogType Source #
The log type that this config enables.
LogTypeUnspecified |
|
AdminRead |
|
DataWrite |
|
DataRead |
|
Instances
QueryGrantableRolesResponse
data QueryGrantableRolesResponse Source #
The grantable role query response.
See: queryGrantableRolesResponse
smart constructor.
Instances
queryGrantableRolesResponse :: QueryGrantableRolesResponse Source #
Creates a value of QueryGrantableRolesResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
qgrrNextPageToken :: Lens' QueryGrantableRolesResponse (Maybe Text) Source #
To retrieve the next page of results, set `QueryGrantableRolesRequest.page_token` to this value.
Xgafv
V1 error format.
Instances
TestIAMPermissionsRequest
data TestIAMPermissionsRequest Source #
Request message for `TestIamPermissions` method.
See: testIAMPermissionsRequest
smart constructor.
Instances
testIAMPermissionsRequest :: TestIAMPermissionsRequest Source #
Creates a value of TestIAMPermissionsRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
tiprPermissions :: Lens' TestIAMPermissionsRequest [Text] Source #
The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see IAM Overview.
LintResultSeverity
data LintResultSeverity Source #
The validation unit severity.
LRSSeverityUnspecified |
|
LRSError' |
|
LRSWarning |
|
LRSNotice |
|
LRSInfo |
|
LRSDeprecated |
|
Instances
TestIAMPermissionsResponse
data TestIAMPermissionsResponse Source #
Response message for `TestIamPermissions` method.
See: testIAMPermissionsResponse
smart constructor.
Instances
testIAMPermissionsResponse :: TestIAMPermissionsResponse Source #
Creates a value of TestIAMPermissionsResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text] Source #
A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
LintResultLevel
data LintResultLevel Source #
The validation unit level.
LRLLevelUnspecified |
|
LRLPolicy |
|
LRLBinding |
|
LRLCondition |
|
Instances
Policy
Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **JSON Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike'example.com", "group:admins'example.com", "domain:google.com", "serviceAccount:my-other-app'appspot.gserviceaccount.com" ] }, { "role": "roles/viewer", "members": ["user:sean'example.com"] } ] } **YAML Example** bindings: - members: - user:mike'example.com - group:admins'example.com - domain:google.com - serviceAccount:my-other-app'appspot.gserviceaccount.com role: roles/owner - members: - user:sean'example.com role: roles/viewer For a description of IAM and its features, see the IAM developer's guide.
See: policy
smart constructor.
Instances
Eq Policy Source # | |
Data Policy Source # | |
Defined in Network.Google.IAM.Types.Product gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Policy -> c Policy # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Policy # toConstr :: Policy -> Constr # dataTypeOf :: Policy -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Policy) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Policy) # gmapT :: (forall b. Data b => b -> b) -> Policy -> Policy # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Policy -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Policy -> r # gmapQ :: (forall d. Data d => d -> u) -> Policy -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Policy -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Policy -> m Policy # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Policy -> m Policy # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Policy -> m Policy # | |
Show Policy Source # | |
Generic Policy Source # | |
ToJSON Policy Source # | |
Defined in Network.Google.IAM.Types.Product | |
FromJSON Policy Source # | |
type Rep Policy Source # | |
Defined in Network.Google.IAM.Types.Product type Rep Policy = D1 (MetaData "Policy" "Network.Google.IAM.Types.Product" "gogol-iam-0.4.0-IBWwIZHvdU38fPF72JMuUn" False) (C1 (MetaCons "Policy'" PrefixI True) ((S1 (MetaSel (Just "_pAuditConfigs") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [AuditConfig])) :*: S1 (MetaSel (Just "_pEtag") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Bytes))) :*: (S1 (MetaSel (Just "_pVersion") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe (Textual Int32))) :*: S1 (MetaSel (Just "_pBindings") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Binding]))))) |
Creates a value of Policy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pAuditConfigs :: Lens' Policy [AuditConfig] Source #
Specifies cloud audit logging configuration for this policy.
pEtag :: Lens' Policy (Maybe ByteString) Source #
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
pBindings :: Lens' Policy [Binding] Source #
Associates a list of `members` to a `role`. `bindings` with no members will result in an error.
RoleStage
The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
RSAlpha |
|
RSBeta |
|
RSGA |
|
RSDeprecated |
|
RSDisabled |
|
RSEap |
|
Instances
PolicyDelta
data PolicyDelta Source #
The difference delta between two policies.
See: policyDelta
smart constructor.
Instances
policyDelta :: PolicyDelta Source #
Creates a value of PolicyDelta
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pdBindingDeltas :: Lens' PolicyDelta [BindingDelta] Source #
The delta for Bindings between two policies.
QueryGrantableRolesRequest
data QueryGrantableRolesRequest Source #
The grantable role query request.
See: queryGrantableRolesRequest
smart constructor.
Instances
queryGrantableRolesRequest :: QueryGrantableRolesRequest Source #
Creates a value of QueryGrantableRolesRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
qgrrFullResourceName :: Lens' QueryGrantableRolesRequest (Maybe Text) Source #
Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
qgrrPageToken :: Lens' QueryGrantableRolesRequest (Maybe Text) Source #
Optional pagination token returned in an earlier QueryGrantableRolesResponse.
qgrrPageSize :: Lens' QueryGrantableRolesRequest (Maybe Int32) Source #
Optional limit on the number of roles to include in the response.
SignJwtRequest
data SignJwtRequest Source #
The service account sign JWT request.
See: signJwtRequest
smart constructor.
Instances
signJwtRequest :: SignJwtRequest Source #
Creates a value of SignJwtRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sjrPayload :: Lens' SignJwtRequest (Maybe Text) Source #
The JWT payload to sign, a JSON JWT Claim set.
ServiceAccountKeyKeyAlgorithm
data ServiceAccountKeyKeyAlgorithm Source #
Specifies the algorithm (and possibly key size) for the key.
KeyAlgUnspecified |
|
KeyAlgRsa1024 |
|
KeyAlgRsa2048 |
|
Instances
AuditLogConfig
data AuditLogConfig Source #
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:foo'gmail.com" ] }, { "log_type": "DATA_WRITE", } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting foo'gmail.com from DATA_READ logging.
See: auditLogConfig
smart constructor.
Instances
auditLogConfig :: AuditLogConfig Source #
Creates a value of AuditLogConfig
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
alcLogType :: Lens' AuditLogConfig (Maybe AuditLogConfigLogType) Source #
The log type that this config enables.
alcExemptedMembers :: Lens' AuditLogConfig [Text] Source #
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
Permission
data Permission Source #
A permission which can be included by a role.
See: permission
smart constructor.
Instances
permission :: Permission Source #
Creates a value of Permission
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pStage :: Lens' Permission (Maybe PermissionStage) Source #
The current launch stage of the permission.
pOnlyInPredefinedRoles :: Lens' Permission (Maybe Bool) Source #
This permission can ONLY be used in predefined roles.
pCustomRolesSupportLevel :: Lens' Permission (Maybe PermissionCustomRolesSupportLevel) Source #
The current custom role support level.
pAPIdisabled :: Lens' Permission (Maybe Bool) Source #
The service API associated with the permission is not enabled.
pDescription :: Lens' Permission (Maybe Text) Source #
A brief description of what this Permission is used for.
SignBlobResponse
data SignBlobResponse Source #
The service account sign blob response.
See: signBlobResponse
smart constructor.
Instances
signBlobResponse :: SignBlobResponse Source #
Creates a value of SignBlobResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sbrSignature :: Lens' SignBlobResponse (Maybe ByteString) Source #
The signed blob.
ListServiceAccountsResponse
data ListServiceAccountsResponse Source #
The service account list response.
See: listServiceAccountsResponse
smart constructor.
Instances
listServiceAccountsResponse :: ListServiceAccountsResponse Source #
Creates a value of ListServiceAccountsResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lsarNextPageToken :: Lens' ListServiceAccountsResponse (Maybe Text) Source #
To retrieve the next page of results, set ListServiceAccountsRequest.page_token to this value.
lsarAccounts :: Lens' ListServiceAccountsResponse [ServiceAccount] Source #
The list of matching service accounts.
LintPolicyRequest
data LintPolicyRequest Source #
The request to lint a Cloud IAM policy object. LintPolicy is currently functional only for `lint_object` of type `condition`.
See: lintPolicyRequest
smart constructor.
Instances
lintPolicyRequest :: LintPolicyRequest Source #
Creates a value of LintPolicyRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lprContext :: Lens' LintPolicyRequest (Maybe LintPolicyRequestContext) Source #
`context` contains additional *permission-controlled* data that any lint unit may depend on, in form of `{key: value}` pairs. Currently, this field is non-operational and it will not be used during the lint operation.
lprFullResourceName :: Lens' LintPolicyRequest (Maybe Text) Source #
The full resource name of the policy this lint request is about. The name follows the Google Cloud Platform (GCP) resource format. For example, a GCP project with ID `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`. The resource name is not used to read the policy instance from the Cloud IAM database. The candidate policy for lint has to be provided in the same request object.
lprPolicy :: Lens' LintPolicyRequest (Maybe Policy) Source #
Policy object to be linted. The functionality of linting a policy is not yet implemented and if this field is set, it returns NOT_IMPLEMENTED error.
lprCondition :: Lens' LintPolicyRequest (Maybe Expr) Source #
google.iam.v1.Binding.condition object to be linted.
lprBinding :: Lens' LintPolicyRequest (Maybe Binding) Source #
Binding object to be linted. The functionality of linting a binding is not yet implemented and if this field is set, it returns NOT_IMPLEMENTED error.
ListRolesResponse
data ListRolesResponse Source #
The response containing the roles defined under a resource.
See: listRolesResponse
smart constructor.
Instances
listRolesResponse :: ListRolesResponse Source #
Creates a value of ListRolesResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lrrNextPageToken :: Lens' ListRolesResponse (Maybe Text) Source #
To retrieve the next page of results, set `ListRolesRequest.page_token` to this value.
CreateServiceAccountKeyRequestKeyAlgorithm
data CreateServiceAccountKeyRequestKeyAlgorithm Source #
Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
CSAKRKAKeyAlgUnspecified |
|
CSAKRKAKeyAlgRsa1024 |
|
CSAKRKAKeyAlgRsa2048 |
|
Instances
PermissionCustomRolesSupportLevel
data PermissionCustomRolesSupportLevel Source #
The current custom role support level.
Supported |
|
Testing |
|
NotSupported |
|
Instances
CreateServiceAccountRequest
data CreateServiceAccountRequest Source #
The service account create request.
See: createServiceAccountRequest
smart constructor.
Instances
createServiceAccountRequest :: CreateServiceAccountRequest Source #
Creates a value of CreateServiceAccountRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
csarServiceAccount :: Lens' CreateServiceAccountRequest (Maybe ServiceAccount) Source #
The ServiceAccount resource to create. Currently, only the following values are user assignable: `display_name` .
csarAccountId :: Lens' CreateServiceAccountRequest (Maybe Text) Source #
Required. The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
CreateRoleRequest
data CreateRoleRequest Source #
The request to create a new role.
See: createRoleRequest
smart constructor.
Instances
createRoleRequest :: CreateRoleRequest Source #
Creates a value of CreateRoleRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ServiceAccountKeyPrivateKeyType
data ServiceAccountKeyPrivateKeyType Source #
The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
SAKPKTTypeUnspecified |
|
SAKPKTTypePKCS12File |
|
SAKPKTTypeGoogleCredentialsFile |
|
Instances
Binding
Associates `members` with a `role`.
See: binding
smart constructor.
Instances
Eq Binding Source # | |
Data Binding Source # | |
Defined in Network.Google.IAM.Types.Product gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Binding -> c Binding # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Binding # toConstr :: Binding -> Constr # dataTypeOf :: Binding -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Binding) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Binding) # gmapT :: (forall b. Data b => b -> b) -> Binding -> Binding # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Binding -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Binding -> r # gmapQ :: (forall d. Data d => d -> u) -> Binding -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Binding -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Binding -> m Binding # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Binding -> m Binding # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Binding -> m Binding # | |
Show Binding Source # | |
Generic Binding Source # | |
ToJSON Binding Source # | |
Defined in Network.Google.IAM.Types.Product | |
FromJSON Binding Source # | |
type Rep Binding Source # | |
Defined in Network.Google.IAM.Types.Product type Rep Binding = D1 (MetaData "Binding" "Network.Google.IAM.Types.Product" "gogol-iam-0.4.0-IBWwIZHvdU38fPF72JMuUn" False) (C1 (MetaCons "Binding'" PrefixI True) (S1 (MetaSel (Just "_bMembers") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [Text])) :*: (S1 (MetaSel (Just "_bRole") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: S1 (MetaSel (Just "_bCondition") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Expr))))) |
Creates a value of Binding
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bMembers :: Lens' Binding [Text] Source #
Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice'gmail.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app'appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins'example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.