iam_policies
Creates, updates, deletes, gets or lists an iam_policies resource.
Overview
| Name | iam_policies |
| Type | Resource |
| Id | google.iam.iam_policies |
Fields
The following fields are returned by SELECT queries:
SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
query_auditable_services | exec | Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the Logging documentation. | ||
lint_policy | exec | Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP 200 OK status code, even if the linter detects an issue in the IAM policy. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|
Lifecycle Methods
- query_auditable_services
- lint_policy
Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the Logging documentation.
EXEC google.iam.iam_policies.query_auditable_services
@@json=
'{
"fullResourceName": "{{ fullResourceName }}"
}'
;
Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP 200 OK status code, even if the linter detects an issue in the IAM policy.
EXEC google.iam.iam_policies.lint_policy
@@json=
'{
"fullResourceName": "{{ fullResourceName }}",
"condition": "{{ condition }}"
}'
;