managed_identities
Creates, updates, deletes, gets or lists a managed_identities resource.
Overview
| Name | managed_identities |
| Type | Resource |
| Id | google.iam.managed_identities |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. The resource name of the managed identity. |
description | string | Optional. A description of the managed identity. Cannot exceed 256 characters. |
disabled | boolean | Optional. Whether the managed identity is disabled. If disabled, credentials may no longer be issued for the identity, however existing credentials will still be accepted until they expire. |
expireTime | string (google-datetime) | Output only. Time after which the managed identity will be permanently purged and cannot be recovered. |
state | string | Output only. The state of the managed identity. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. The resource name of the managed identity. |
description | string | Optional. A description of the managed identity. Cannot exceed 256 characters. |
disabled | boolean | Optional. Whether the managed identity is disabled. If disabled, credentials may no longer be issued for the identity, however existing credentials will still be accepted until they expire. |
expireTime | string (google-datetime) | Output only. Time after which the managed identity will be permanently purged and cannot be recovered. |
state | string | Output only. The state of the managed identity. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, locationsId, workloadIdentityPoolsId, namespacesId, managedIdentitiesId | Gets an individual WorkloadIdentityPoolManagedIdentity. | |
list | select | projectsId, locationsId, workloadIdentityPoolsId, namespacesId | pageSize, pageToken, showDeleted | Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If show_deleted is set to true, then deleted managed identities are also listed. |
create | insert | projectsId, locationsId, workloadIdentityPoolsId, namespacesId | workloadIdentityPoolManagedIdentityId | Creates a new WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace. |
patch | update | projectsId, locationsId, workloadIdentityPoolsId, namespacesId, managedIdentitiesId | updateMask | Updates an existing WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace. |
delete | delete | projectsId, locationsId, workloadIdentityPoolsId, namespacesId, managedIdentitiesId | Deletes a WorkloadIdentityPoolManagedIdentity. You can undelete a managed identity for 30 days. After 30 days, deletion is permanent. | |
undelete | exec | projectsId, locationsId, workloadIdentityPoolsId, namespacesId, managedIdentitiesId | Undeletes a WorkloadIdentityPoolManagedIdentity, as long as it was deleted fewer than 30 days ago. | |
set_attestation_rules | exec | projectsId, locationsId, workloadIdentityPoolsId, namespacesId, managedIdentitiesId | Set all AttestationRule on a WorkloadIdentityPoolManagedIdentity. A maximum of 50 AttestationRules can be set. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
locationsId | string | |
managedIdentitiesId | string | |
namespacesId | string | |
projectsId | string | |
workloadIdentityPoolsId | string | |
pageSize | integer (int32) | |
pageToken | string | |
showDeleted | boolean | |
updateMask | string (google-fieldmask) | |
workloadIdentityPoolManagedIdentityId | string |
SELECT examples
- get
- list
Gets an individual WorkloadIdentityPoolManagedIdentity.
SELECT
name,
description,
disabled,
expireTime,
state
FROM google.iam.managed_identities
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND workloadIdentityPoolsId = '{{ workloadIdentityPoolsId }}' -- required
AND namespacesId = '{{ namespacesId }}' -- required
AND managedIdentitiesId = '{{ managedIdentitiesId }}' -- required;
Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If show_deleted is set to true, then deleted managed identities are also listed.
SELECT
name,
description,
disabled,
expireTime,
state
FROM google.iam.managed_identities
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND workloadIdentityPoolsId = '{{ workloadIdentityPoolsId }}' -- required
AND namespacesId = '{{ namespacesId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND showDeleted = '{{ showDeleted }}';
INSERT examples
- create
- Manifest
Creates a new WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace.
INSERT INTO google.iam.managed_identities (
data__name,
data__description,
data__disabled,
projectsId,
locationsId,
workloadIdentityPoolsId,
namespacesId,
workloadIdentityPoolManagedIdentityId
)
SELECT
'{{ name }}',
'{{ description }}',
{{ disabled }},
'{{ projectsId }}',
'{{ locationsId }}',
'{{ workloadIdentityPoolsId }}',
'{{ namespacesId }}',
'{{ workloadIdentityPoolManagedIdentityId }}'
RETURNING
name,
done,
error,
metadata,
response
;
# Description fields are for documentation purposes
- name: managed_identities
props:
- name: projectsId
value: string
description: Required parameter for the managed_identities resource.
- name: locationsId
value: string
description: Required parameter for the managed_identities resource.
- name: workloadIdentityPoolsId
value: string
description: Required parameter for the managed_identities resource.
- name: namespacesId
value: string
description: Required parameter for the managed_identities resource.
- name: name
value: string
description: >
Identifier. The resource name of the managed identity.
- name: description
value: string
description: >
Optional. A description of the managed identity. Cannot exceed 256 characters.
- name: disabled
value: boolean
description: >
Optional. Whether the managed identity is disabled. If disabled, credentials may no longer be issued for the identity, however existing credentials will still be accepted until they expire.
- name: workloadIdentityPoolManagedIdentityId
value: string
UPDATE examples
- patch
Updates an existing WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace.
UPDATE google.iam.managed_identities
SET
data__name = '{{ name }}',
data__description = '{{ description }}',
data__disabled = {{ disabled }}
WHERE
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND workloadIdentityPoolsId = '{{ workloadIdentityPoolsId }}' --required
AND namespacesId = '{{ namespacesId }}' --required
AND managedIdentitiesId = '{{ managedIdentitiesId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
done,
error,
metadata,
response;
DELETE examples
- delete
Deletes a WorkloadIdentityPoolManagedIdentity. You can undelete a managed identity for 30 days. After 30 days, deletion is permanent.
DELETE FROM google.iam.managed_identities
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND workloadIdentityPoolsId = '{{ workloadIdentityPoolsId }}' --required
AND namespacesId = '{{ namespacesId }}' --required
AND managedIdentitiesId = '{{ managedIdentitiesId }}' --required;
Lifecycle Methods
- undelete
- set_attestation_rules
Undeletes a WorkloadIdentityPoolManagedIdentity, as long as it was deleted fewer than 30 days ago.
EXEC google.iam.managed_identities.undelete
@projectsId='{{ projectsId }}' --required,
@locationsId='{{ locationsId }}' --required,
@workloadIdentityPoolsId='{{ workloadIdentityPoolsId }}' --required,
@namespacesId='{{ namespacesId }}' --required,
@managedIdentitiesId='{{ managedIdentitiesId }}' --required;
Set all AttestationRule on a WorkloadIdentityPoolManagedIdentity. A maximum of 50 AttestationRules can be set.
EXEC google.iam.managed_identities.set_attestation_rules
@projectsId='{{ projectsId }}' --required,
@locationsId='{{ locationsId }}' --required,
@workloadIdentityPoolsId='{{ workloadIdentityPoolsId }}' --required,
@namespacesId='{{ namespacesId }}' --required,
@managedIdentitiesId='{{ managedIdentitiesId }}' --required
@@json=
'{
"attestationRules": "{{ attestationRules }}"
}';