OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-27 12:20:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f4bb79d2d629ee5166f17b80ca2aa0e621d1c837
google-apis-rs/google_cloudresourcemanager1_cli/build_html/projects_set-iam-policy/index.html
Sebastian Thiel f4bb79d2d6 Update documentation
2024-03-05 21:06:01 +01:00

349 lines
20 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="canonical" href="http://byron.github.io/google-apis-rs/google-cloudresourcemanager1-cli/projects_set-iam-policy/" />
<link rel="shortcut icon" href="../img/favicon.ico" />
<title>Set Iam Policy - Cloud Resource Manager v5.0.4+20240303</title>
<link rel="stylesheet" href="../css/theme.css" />
<link rel="stylesheet" href="../css/theme_extra.css" />
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.5.0/styles/github.min.css" />
<script>
// Current page data
var mkdocs_page_name = "Set Iam Policy";
var mkdocs_page_input_path = "projects_set-iam-policy.md";
var mkdocs_page_url = "/google-apis-rs/google-cloudresourcemanager1-cli/projects_set-iam-policy/";
</script>
<script src="../js/jquery-3.6.0.min.js" defer></script>
<!--[if lt IE 9]>
<script src="../js/html5shiv.min.js"></script>
<![endif]-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.5.0/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href=".." class="icon icon-home"> Cloud Resource Manager v5.0.4+20240303
</a><div role="search">
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" title="Type search term here" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul>
<li class="toctree-l1"><a class="reference internal" href="..">Home</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Folders</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../folders_clear-org-policy/">Clear Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../folders_get-effective-org-policy/">Get Effective Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../folders_get-org-policy/">Get Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../folders_list-available-org-policy-constraints/">List Available Org Policy Constraints</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../folders_list-org-policies/">List Org Policies</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../folders_set-org-policy/">Set Org Policy</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Liens</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../liens_create/">Create</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../liens_delete/">Delete</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../liens_get/">Get</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../liens_list/">List</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Operations</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../operations_get/">Get</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Organizations</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../organizations_clear-org-policy/">Clear Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_get/">Get</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_get-effective-org-policy/">Get Effective Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_get-iam-policy/">Get Iam Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_get-org-policy/">Get Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_list-available-org-policy-constraints/">List Available Org Policy Constraints</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_list-org-policies/">List Org Policies</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_search/">Search</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_set-iam-policy/">Set Iam Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_set-org-policy/">Set Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../organizations_test-iam-permissions/">Test Iam Permissions</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Projects</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../projects_clear-org-policy/">Clear Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_create/">Create</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_delete/">Delete</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_get/">Get</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_get-ancestry/">Get Ancestry</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_get-effective-org-policy/">Get Effective Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_get-iam-policy/">Get Iam Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_get-org-policy/">Get Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_list/">List</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_list-available-org-policy-constraints/">List Available Org Policy Constraints</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_list-org-policies/">List Org Policies</a>
</li>
<li class="toctree-l1 current"><a class="reference internal current" href="./">Set Iam Policy</a>
<ul class="current">
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_set-org-policy/">Set Org Policy</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_test-iam-permissions/">Test Iam Permissions</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_undelete/">Undelete</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../projects_update/">Update</a>
</li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="Mobile navigation menu">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="..">Cloud Resource Manager v5.0.4+20240303</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content"><div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href=".." class="icon icon-home" alt="Docs"></a> &raquo;</li>
<li>Projects &raquo;</li>
<li>Set Iam Policy</li>
<li class="wy-breadcrumbs-aside">
<a href="https://github.com/Byron/google-apis-rs/tree/main/gen/cloudresourcemanager1-cli/edit/master/docs/projects_set-iam-policy.md"
class="icon icon-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div class="section" itemprop="articleBody">
<p>Sets the IAM access control policy for the specified Project. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. NOTE: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. For additional information about <code>resource</code> (e.g. my-project-id) structure and identification, see <a href="https://cloud.google.com/apis/design/resource_names">Resource Names</a>. The following constraints apply when using <code>setIamPolicy()</code>: + Project does not support <code>allUsers</code> and <code>allAuthenticatedUsers</code> as <code>members</code> in a <code>Binding</code> of a <code>Policy</code>. + The owner role can be granted to a <code>user</code>, <code>serviceAccount</code>, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited via Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using <code>setIamPolicy()</code>. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + You can only grant ownership of a project to a member by using the Google Cloud console. Inviting a member will deliver an invitation email that they must accept. An invitation email is not generated if you are granting a role other than owner, or if both the member you are inviting and the project are part of your organization. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling <code>setIamPolicy()</code> to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible. Authorization requires the Google IAM permission <code>resourcemanager.projects.setIamPolicy</code> on the project</p>
<h1 id="scopes">Scopes</h1>
<p>You will need authorization for the <em>https://www.googleapis.com/auth/cloud-platform</em> scope to make a valid call.</p>
<p>If unset, the scope for this method defaults to <em>https://www.googleapis.com/auth/cloud-platform</em>.
You can set the scope for this method like this: <code>cloudresourcemanager1 --scope &lt;scope&gt; projects set-iam-policy ...</code></p>
<h1 id="required-scalar-argument">Required Scalar Argument</h1>
<ul>
<li><strong>&lt;resource&gt;</strong> <em>(string)</em><ul>
<li>REQUIRED: The resource for which the policy is being specified. See <a href="https://cloud.google.com/apis/design/resource_names">Resource names</a> for the appropriate value for this field.</li>
</ul>
</li>
</ul>
<h1 id="required-request-value">Required Request Value</h1>
<p>The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure.
In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely.</p>
<p>For example, a structure like this:</p>
<pre><code>SetIamPolicyRequest:
policy:
etag: string
version: integer
update-mask: string
</code></pre>
<p>can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.</p>
<ul>
<li><code>-r .policy etag=elitr</code><ul>
<li><code>etag</code> is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the <code>etag</code> in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An <code>etag</code> is returned in the response to <code>getIamPolicy</code>, and systems are expected to put that etag in the request to <code>setIamPolicy</code> to ensure that their change will be applied to the same version of the policy. <strong>Important:</strong> If you use IAM Conditions, you must include the <code>etag</code> field whenever you call <code>setIamPolicy</code>. If you omit this field, then IAM allows you to overwrite a version <code>3</code> policy with a version <code>1</code> policy, and all of the conditions in the version <code>3</code> policy are lost.</li>
</ul>
</li>
<li>
<p><code>version=95</code></p>
<ul>
<li>Specifies the format of the policy. Valid values are <code>0</code>, <code>1</code>, and <code>3</code>. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version <code>3</code>. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions <strong>Important:</strong> If you use IAM Conditions, you must include the <code>etag</code> field whenever you call <code>setIamPolicy</code>. If you omit this field, then IAM allows you to overwrite a version <code>3</code> policy with a version <code>1</code> policy, and all of the conditions in the version <code>3</code> policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the <a href="https://cloud.google.com/iam/help/conditions/resource-policies">IAM documentation</a>.</li>
</ul>
</li>
<li>
<p><code>.. update-mask=diam</code></p>
<ul>
<li>OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: <code>paths: &amp;#34;bindings, etag&amp;#34;</code></li>
</ul>
</li>
</ul>
<h3 id="about-cursors">About Cursors</h3>
<p>The cursor position is key to comfortably set complex nested structures. The following rules apply:</p>
<ul>
<li>The cursor position is always set relative to the current one, unless the field name starts with the <code>.</code> character. Fields can be nested such as in <code>-r f.s.o</code> .</li>
<li>The cursor position is set relative to the top-level structure if it starts with <code>.</code>, e.g. <code>-r .s.s</code></li>
<li>You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify <code>-r struct.sub_struct=bar</code>.</li>
<li>You can move the cursor one level up by using <code>..</code>. Each additional <code>.</code> moves it up one additional level. E.g. <code>...</code> would go three levels up.</li>
</ul>
<h1 id="optional-output-flags">Optional Output Flags</h1>
<p>The method's return value a JSON encoded structure, which will be written to standard output by default.</p>
<ul>
<li><strong>-o out</strong><ul>
<li><em>out</em> specifies the <em>destination</em> to which to write the server's result to.
It will be a JSON-encoded structure.
The <em>destination</em> may be <code>-</code> to indicate standard output, or a filepath that is to contain the received bytes.
If unset, it defaults to standard output.</li>
</ul>
</li>
</ul>
<h1 id="optional-general-properties">Optional General Properties</h1>
<p>The following properties can configure any call, and are not specific to this method.</p>
<ul>
<li>
<p><strong>-p $-xgafv=string</strong></p>
<ul>
<li>V1 error format.</li>
</ul>
</li>
<li>
<p><strong>-p access-token=string</strong></p>
<ul>
<li>OAuth access token.</li>
</ul>
</li>
<li>
<p><strong>-p alt=string</strong></p>
<ul>
<li>Data format for response.</li>
</ul>
</li>
<li>
<p><strong>-p callback=string</strong></p>
<ul>
<li>JSONP</li>
</ul>
</li>
<li>
<p><strong>-p fields=string</strong></p>
<ul>
<li>Selector specifying which fields to include in a partial response.</li>
</ul>
</li>
<li>
<p><strong>-p key=string</strong></p>
<ul>
<li>API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.</li>
</ul>
</li>
<li>
<p><strong>-p oauth-token=string</strong></p>
<ul>
<li>OAuth 2.0 token for the current user.</li>
</ul>
</li>
<li>
<p><strong>-p pretty-print=boolean</strong></p>
<ul>
<li>Returns response with indentations and line breaks.</li>
</ul>
</li>
<li>
<p><strong>-p quota-user=string</strong></p>
<ul>
<li>Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.</li>
</ul>
</li>
<li>
<p><strong>-p upload-type=string</strong></p>
<ul>
<li>Legacy upload protocol for media (e.g. &#34;media&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
<li>
<p><strong>-p upload-protocol=string</strong></p>
<ul>
<li>Upload protocol for media (e.g. &#34;raw&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
</ul>
</div>
</div><footer>
<div class="rst-footer-buttons" role="navigation" aria-label="Footer Navigation">
<a href="../projects_list-org-policies/" class="btn btn-neutral float-left" title="List Org Policies"><span class="icon icon-circle-arrow-left"></span> Previous</a>
<a href="../projects_set-org-policy/" class="btn btn-neutral float-right" title="Set Org Policy">Next <span class="icon icon-circle-arrow-right"></span></a>
</div>
<hr/>
<div role="contentinfo">
<!-- Copyright etc -->
<p>Copyright &copy; 2015-2020, `Sebastian Thiel`</p>
</div>
Built with <a href="https://www.mkdocs.org/">MkDocs</a> using a <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" aria-label="Versions">
<span class="rst-current-version" data-toggle="rst-current-version">
<span>
<a href="https://github.com/Byron/google-apis-rs/tree/main/gen/cloudresourcemanager1-cli" class="fa fa-github" style="color: #fcfcfc"> GitHub</a>
</span>
<span><a href="../projects_list-org-policies/" style="color: #fcfcfc">&laquo; Previous</a></span>
<span><a href="../projects_set-org-policy/" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
<script>var base_url = '..';</script>
<script src="../js/theme_extra.js" defer></script>
<script src="../js/theme.js" defer></script>
<script src="../search/main.js" defer></script>
<script defer>
window.onload = function () {
SphinxRtdTheme.Navigation.enable(true);
};
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink