OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-23 15:49:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
37ba635de2b0340299e6a35431c2efd0ca3aa555
google-apis-rs/google_iam1_cli/projects_locations-workload-identity-pools-providers-patch/index.html
Sebastian Thiel 37ba635de2 Update documentation
2021-04-02 00:20:57 +08:00

613 lines
27 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Locations Workload Identity Pools Providers Patch - Iam v2.0.0+20210325</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
<link rel="stylesheet" href="../css/highlight.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js"></script>
<script type="text/javascript" src="../js/highlight.pack.js"></script>
<script src="../js/theme.js"></script>
<style>
body {font-size: 90%;}
pre, code {font-size: 100%;}
h3, h4, h5, h6 {color: #2980b9; font-weight: 300}
</style>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-nav-search">
<a href=".." class="icon icon-home"> Iam v2.0.0+20210325</a>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<span>Iam Policies</span>
<li class="toctree-l1 ">
<a class="" href="../iam-policies_lint-policy">Lint Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../iam-policies_query-auditable-services">Query Auditable Services</a>
</li>
<span>Organizations</span>
<li class="toctree-l1 ">
<a class="" href="../organizations_roles-create">Roles Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_roles-delete">Roles Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_roles-get">Roles Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_roles-list">Roles List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_roles-patch">Roles Patch</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_roles-undelete">Roles Undelete</a>
</li>
<span>Permissions</span>
<li class="toctree-l1 ">
<a class="" href="../permissions_query-testable-permissions">Query Testable Permissions</a>
</li>
<span>Projects</span>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-create">Locations Workload Identity Pools Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-delete">Locations Workload Identity Pools Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-get">Locations Workload Identity Pools Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-list">Locations Workload Identity Pools List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-operations-get">Locations Workload Identity Pools Operations Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-patch">Locations Workload Identity Pools Patch</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-providers-create">Locations Workload Identity Pools Providers Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-providers-delete">Locations Workload Identity Pools Providers Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-providers-get">Locations Workload Identity Pools Providers Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-providers-list">Locations Workload Identity Pools Providers List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-providers-operations-get">Locations Workload Identity Pools Providers Operations Get</a>
</li>
<li class="toctree-l1 current">
<a class="current" href=".">Locations Workload Identity Pools Providers Patch</a>
<ul>
<li class="toctree-l2"><a href="#scopes">Scopes</a></li>
<li class="toctree-l2"><a href="#required-scalar-argument">Required Scalar Argument</a></li>
<li class="toctree-l2"><a href="#required-request-value">Required Request Value</a></li>
<li><a class="toctree-l3" href="#about-cursors">About Cursors</a></li>
<li class="toctree-l2"><a href="#optional-output-flags">Optional Output Flags</a></li>
<li class="toctree-l2"><a href="#optional-method-properties">Optional Method Properties</a></li>
<li class="toctree-l2"><a href="#optional-general-properties">Optional General Properties</a></li>
</ul>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-providers-undelete">Locations Workload Identity Pools Providers Undelete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_locations-workload-identity-pools-undelete">Locations Workload Identity Pools Undelete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_roles-create">Roles Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_roles-delete">Roles Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_roles-get">Roles Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_roles-list">Roles List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_roles-patch">Roles Patch</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_roles-undelete">Roles Undelete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-create">Service Accounts Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-delete">Service Accounts Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-disable">Service Accounts Disable</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-enable">Service Accounts Enable</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-get">Service Accounts Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-get-iam-policy">Service Accounts Get Iam Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-keys-create">Service Accounts Keys Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-keys-delete">Service Accounts Keys Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-keys-get">Service Accounts Keys Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-keys-list">Service Accounts Keys List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-keys-upload">Service Accounts Keys Upload</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-list">Service Accounts List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-patch">Service Accounts Patch</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-set-iam-policy">Service Accounts Set Iam Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-sign-blob">Service Accounts Sign Blob</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-sign-jwt">Service Accounts Sign Jwt</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-test-iam-permissions">Service Accounts Test Iam Permissions</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-undelete">Service Accounts Undelete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../projects_service-accounts-update">Service Accounts Update</a>
</li>
<span>Roles</span>
<li class="toctree-l1 ">
<a class="" href="../roles_get">Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../roles_list">List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../roles_query-grantable-roles">Query Grantable Roles</a>
</li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="icon icon-reorder"></i>
<a href=".."></a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="..">Docs</a> &raquo;</li>
<li>Locations Workload Identity Pools Providers Patch</li>
<li class="wy-breadcrumbs-aside">
<a href="https://github.com/Byron/google-apis-rs/tree/master/gen/iam1-cli" class="icon icon-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section">
<p>Updates an existing WorkloadIdentityPoolProvider.</p>
<h1 id="scopes">Scopes</h1>
<p>You will need authorization for the <em>https://www.googleapis.com/auth/cloud-platform</em> scope to make a valid call.</p>
<p>If unset, the scope for this method defaults to <em>https://www.googleapis.com/auth/cloud-platform</em>.
You can set the scope for this method like this: <code>iam1 --scope &lt;scope&gt; projects locations-workload-identity-pools-providers-patch ...</code></p>
<h1 id="required-scalar-argument">Required Scalar Argument</h1>
<ul>
<li><strong>&lt;name&gt;</strong> <em>(string)</em><ul>
<li>Output only. The resource name of the provider.</li>
</ul>
</li>
</ul>
<h1 id="required-request-value">Required Request Value</h1>
<p>The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure.
In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely.</p>
<p>For example, a structure like this:</p>
<pre><code>WorkloadIdentityPoolProvider:
attribute-condition: string
attribute-mapping: { string: string }
aws:
account-id: string
description: string
disabled: boolean
display-name: string
name: string
oidc:
allowed-audiences: [string]
issuer-uri: string
state: string
</code></pre>
<p>can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.</p>
<ul>
<li><code>-r . attribute-condition=duo</code><ul>
<li><a href="https://opensource.google/projects/cel">A Common Expression Language</a> expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * <code>assertion</code>: JSON representing the authentication credential issued by the provider. * <code>google</code>: The Google attributes mapped from the assertion in the <code>attribute_mappings</code>. * <code>attribute</code>: The custom attributes mapped from the assertion in the <code>attribute_mappings</code>. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped <code>google.groups</code> value of <code>admins</code>: <code>&amp;#34;&amp;#39;admins&amp;#39; in google.groups&amp;#34;</code></li>
</ul>
</li>
<li><code>attribute-mapping=key=dolore</code><ul>
<li>Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as <code>subject</code> and <code>segment</code>. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * <code>google.subject</code>: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters. * <code>google.groups</code>: Groups the external identity belongs to. You can grant groups access to resources using an IAM <code>principalSet</code> binding; access applies to all members of the group. You can also provide custom attributes by specifying <code>attribute.{custom_attribute}</code>, where <code>{custom_attribute}</code> is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * <code>google.subject</code>: <code>principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}</code> * <code>google.groups</code>: <code>principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}</code> * <code>attribute.{custom_attribute}</code>: <code>principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}</code> Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the <code>assertion</code> keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: <code>{ &amp;#34;google.subject&amp;#34;:&amp;#34;assertion.arn&amp;#34;, &amp;#34;attribute.aws_role&amp;#34;: &amp;#34;assertion.arn.contains(&amp;#39;assumed-role&amp;#39;)&amp;#34; &amp;#34; ? assertion.arn.extract(&amp;#39;{account_arn}assumed-role/&amp;#39;)&amp;#34; &amp;#34; + &amp;#39;assumed-role/&amp;#39;&amp;#34; &amp;#34; + assertion.arn.extract(&amp;#39;assumed-role/{role_name}/&amp;#39;)&amp;#34; &amp;#34; : assertion.arn&amp;#34;, }</code> If any custom attribute mappings are defined, they must include a mapping to the <code>google.subject</code> attribute. For OIDC providers, you must supply a custom mapping, which must include the <code>google.subject</code> attribute. For example, the following maps the <code>sub</code> claim of the incoming credential to the <code>subject</code> attribute on a Google token: <code>{&amp;#34;google.subject&amp;#34;: &amp;#34;assertion.sub&amp;#34;}</code></li>
<li>the value will be associated with the given <code>key</code></li>
</ul>
</li>
<li>
<p><code>aws account-id=et</code></p>
<ul>
<li>Required. The AWS account ID.</li>
</ul>
</li>
<li>
<p><code>.. description=voluptua.</code></p>
<ul>
<li>A description for the provider. Cannot exceed 256 characters.</li>
</ul>
</li>
<li><code>disabled=false</code><ul>
<li>Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.</li>
</ul>
</li>
<li><code>display-name=diam</code><ul>
<li>A display name for the provider. Cannot exceed 32 characters.</li>
</ul>
</li>
<li><code>name=dolor</code><ul>
<li>Output only. The resource name of the provider.</li>
</ul>
</li>
<li><code>oidc allowed-audiences=et</code><ul>
<li>Acceptable values for the <code>aud</code> field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: <code>//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/</code></li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li>
<p><code>issuer-uri=et</code></p>
<ul>
<li>Required. The OIDC issuer URL.</li>
</ul>
</li>
<li>
<p><code>.. state=sadipscing</code></p>
<ul>
<li>Output only. The state of the provider.</li>
</ul>
</li>
</ul>
<h3 id="about-cursors">About Cursors</h3>
<p>The cursor position is key to comfortably set complex nested structures. The following rules apply:</p>
<ul>
<li>The cursor position is always set relative to the current one, unless the field name starts with the <code>.</code> character. Fields can be nested such as in <code>-r f.s.o</code> .</li>
<li>The cursor position is set relative to the top-level structure if it starts with <code>.</code>, e.g. <code>-r .s.s</code></li>
<li>You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify <code>-r struct.sub_struct=bar</code>.</li>
<li>You can move the cursor one level up by using <code>..</code>. Each additional <code>.</code> moves it up one additional level. E.g. <code>...</code> would go three levels up.</li>
</ul>
<h1 id="optional-output-flags">Optional Output Flags</h1>
<p>The method's return value a JSON encoded structure, which will be written to standard output by default.</p>
<ul>
<li><strong>-o out</strong><ul>
<li><em>out</em> specifies the <em>destination</em> to which to write the server's result to.
It will be a JSON-encoded structure.
The <em>destination</em> may be <code>-</code> to indicate standard output, or a filepath that is to contain the received bytes.
If unset, it defaults to standard output.</li>
</ul>
</li>
</ul>
<h1 id="optional-method-properties">Optional Method Properties</h1>
<p>You may set the following properties to further configure the call. Please note that <code>-p</code> is followed by one
or more key-value-pairs, and is called like this <code>-p k1=v1 k2=v2</code> even though the listing below repeats the
<code>-p</code> for completeness.</p>
<ul>
<li><strong>-p update-mask=string</strong><ul>
<li>Required. The list of fields to update.</li>
</ul>
</li>
</ul>
<h1 id="optional-general-properties">Optional General Properties</h1>
<p>The following properties can configure any call, and are not specific to this method.</p>
<ul>
<li>
<p><strong>-p $-xgafv=string</strong></p>
<ul>
<li>V1 error format.</li>
</ul>
</li>
<li>
<p><strong>-p access-token=string</strong></p>
<ul>
<li>OAuth access token.</li>
</ul>
</li>
<li>
<p><strong>-p alt=string</strong></p>
<ul>
<li>Data format for response.</li>
</ul>
</li>
<li>
<p><strong>-p callback=string</strong></p>
<ul>
<li>JSONP</li>
</ul>
</li>
<li>
<p><strong>-p fields=string</strong></p>
<ul>
<li>Selector specifying which fields to include in a partial response.</li>
</ul>
</li>
<li>
<p><strong>-p key=string</strong></p>
<ul>
<li>API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.</li>
</ul>
</li>
<li>
<p><strong>-p oauth-token=string</strong></p>
<ul>
<li>OAuth 2.0 token for the current user.</li>
</ul>
</li>
<li>
<p><strong>-p pretty-print=boolean</strong></p>
<ul>
<li>Returns response with indentations and line breaks.</li>
</ul>
</li>
<li>
<p><strong>-p quota-user=string</strong></p>
<ul>
<li>Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.</li>
</ul>
</li>
<li>
<p><strong>-p upload-type=string</strong></p>
<ul>
<li>Legacy upload protocol for media (e.g. &#34;media&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
<li>
<p><strong>-p upload-protocol=string</strong></p>
<ul>
<li>Upload protocol for media (e.g. &#34;raw&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
</ul>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../projects_locations-workload-identity-pools-providers-undelete" class="btn btn-neutral float-right" title="Locations Workload Identity Pools Providers Undelete"/>Next <span class="icon icon-circle-arrow-right"></span></a>
<a href="../projects_locations-workload-identity-pools-providers-operations-get" class="btn btn-neutral" title="Locations Workload Identity Pools Providers Operations Get"><span class="icon icon-circle-arrow-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
<!-- Copyright etc -->
</p>
</div>
Built with <a href="http://www.mkdocs.org">MkDocs</a>, using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" style="cursor: pointer">
<span class="rst-current-version" data-toggle="rst-current-version">
<a class="icon icon-github" style="float: left; color: #fcfcfc"> GitHub</a>
<span><a href="../projects_locations-workload-identity-pools-providers-operations-get" style="color: #fcfcfc;">&laquo; Previous</a></span>
<span style="margin-left: 15px"><a href="../projects_locations-workload-identity-pools-providers-undelete" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink