cloudasset_iam_policies
Creates, updates, deletes, gets or lists a cloudasset_iam_policies resource.
Overview
| Name | cloudasset_iam_policies |
| Type | Resource |
| Id | google.cloudasset.cloudasset_iam_policies |
Fields
The following fields are returned by SELECT queries:
- batch_get
| Name | Datatype | Description |
|---|---|---|
policyResults | array | The effective policies for a batch of resources. Note that the results order is the same as the order of BatchGetEffectiveIamPoliciesRequest.names. When a resource does not have any effective IAM policies, its corresponding policy_result will contain empty EffectiveIamPolicy.policies. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
batch_get | select | scope | names | Gets effective IAM policies for a batch of resources. |
search_all_iam_policies | exec | scope | query, pageToken, pageSize, assetTypes, orderBy | Searches all IAM policies within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope, otherwise the request will be rejected. |
analyze_iam_policy_longrunning | exec | scope | Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse. This method implements the google.longrunning.Operation, which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
scope | string | |
assetTypes | string | |
names | string | |
orderBy | string | |
pageSize | integer (int32) | |
pageToken | string | |
query | string |
SELECT examples
- batch_get
Gets effective IAM policies for a batch of resources.
SELECT
policyResults
FROM google.cloudasset.cloudasset_iam_policies
WHERE scope = '{{ scope }}' -- required
AND names = '{{ names }}'
;
Lifecycle Methods
- search_all_iam_policies
- analyze_iam_policy_longrunning
Searches all IAM policies within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope, otherwise the request will be rejected.
EXEC google.cloudasset.cloudasset_iam_policies.search_all_iam_policies
@scope='{{ scope }}' --required,
@query='{{ query }}',
@pageToken='{{ pageToken }}',
@pageSize='{{ pageSize }}',
@assetTypes='{{ assetTypes }}',
@orderBy='{{ orderBy }}'
;
Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse. This method implements the google.longrunning.Operation, which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation.
EXEC google.cloudasset.cloudasset_iam_policies.analyze_iam_policy_longrunning
@scope='{{ scope }}' --required
@@json=
'{
"analysisQuery": "{{ analysisQuery }}",
"savedAnalysisQuery": "{{ savedAnalysisQuery }}",
"outputConfig": "{{ outputConfig }}"
}'
;