package iam

Import Path
	cloud.google.com/go/iam (on go.dev)

Dependency Relation
	imports 8 packages, and imported by 2 packages


Involved Source Files

	
		Package iam supports the resource-specific operations of Google Cloud
		IAM (Identity and Access Management) for the Google Cloud Libraries.
		See https://cloud.google.com/iam for more about IAM.

		Users of the Google Cloud Libraries will typically not use this package
		directly. Instead they will begin with some resource that supports IAM, like
		a pubsub topic, and call its IAM method to get a Handle for that resource.


Package-Level Type Names (total 7, in which 5 are exported)


	/* sort exporteds by:  |  */
	
		A Handle provides IAM operations for a resource.

		
			
		
			
				Policy retrieves the IAM policy for the resource.

			
				SetPolicy replaces the resource's current policy with the supplied Policy.

				If policy was created from a prior call to Get, then the modification will
				only succeed if the policy has not changed since the Get.

			
				TestPermissions returns the subset of permissions that the caller has on the resource.

			
				V3 returns a Handle3, which is like Handle except it sets
				requestedPolicyVersion to 3 when retrieving a policy and policy.version to 3
				when storing a policy.

		
			func InternalNewHandle(conn grpc.ClientConnInterface, resource string) *Handle
			func InternalNewHandleClient(c client, resource string) *Handle
			func InternalNewHandleGRPCClient(c pb.IAMPolicyClient, resource string) *Handle
			func cloud.google.com/go/secretmanager/apiv1.(*Client).IAM(name string) *Handle
			func cloud.google.com/go/storage.(*BucketHandle).IAM() *Handle


	
		A Handle3 provides IAM operations for a resource. It is similar to a Handle, but provides access to newer IAM features (e.g., conditions).

		
			
		
			
				Policy retrieves the IAM policy for the resource.

				requestedPolicyVersion is always set to 3.

			
				SetPolicy replaces the resource's current policy with the supplied Policy.

				If policy was created from a prior call to Get, then the modification will
				only succeed if the policy has not changed since the Get.

			
				TestPermissions returns the subset of permissions that the caller has on the resource.

		
			func (*Handle).V3() *Handle3


	
		A Policy is a list of Bindings representing roles
		granted to members.

		The zero Policy is a valid policy with no bindings.

		
			
				This field is exported for use by the Google Cloud Libraries only.
				It may become unexported in a future release.

		
			
				Add adds member member to role r if it is not already present.
				A new binding is created if there is no binding for the role.

			
				HasRole reports whether member has role r.

			
				Members returns the list of members with the supplied role.
				The return value should not be modified. Use Add and Remove
				to modify the members of a role.

			
				Remove removes member from role r if it is present.

			
				Roles returns the names of all the roles that appear in the Policy.

			
		
			func (*Handle).Policy(ctx context.Context) (*Policy, error)
		
			func (*Handle).SetPolicy(ctx context.Context, policy *Policy) error


	
		A Policy3 is a list of Bindings representing roles granted to members.

		The zero Policy3 is a valid policy with no bindings.

		It is similar to a Policy, except a Policy3 provides direct access to the
		list of Bindings.

		The policy version is always set to 3.

		
			Bindings []*pb.Binding
			
		
			func (*Handle3).Policy(ctx context.Context) (*Policy3, error)
		
			func (*Handle3).SetPolicy(ctx context.Context, policy *Policy3) error


	
		A RoleName is a name representing a collection of permissions.

		
			func (*Policy).Roles() []RoleName
		
			func (*Policy).Add(member string, r RoleName)
			func (*Policy).HasRole(member string, r RoleName) bool
			func (*Policy).Members(r RoleName) []string
			func (*Policy).Remove(member string, r RoleName)
			
		
			const Editor
			const Owner
			const Viewer


	


Package-Level Functions (total 5, in which 3 are exported)


	
		InternalNewHandle is for use by the Google Cloud Libraries only.

		InternalNewHandle returns a Handle for resource.
		The conn parameter refers to a server that must support the IAMPolicy service.


	
		InternalNewHandleClient is for use by the Google Cloud Libraries only.

		InternalNewHandleClient returns a Handle for resource using the given
		client implementation.


	
		InternalNewHandleGRPCClient is for use by the Google Cloud Libraries only.

		InternalNewHandleClient returns a Handle for resource using the given
		grpc service that implements IAM as a mixin


	


Package-Level Variables (only one, which is unexported)

	


Package-Level Constants (total 5, all are exported)


	
		AllAuthenticatedUsers is a special member that denotes all authenticated users.


	
		AllUsers is a special member that denotes all users, even unauthenticated ones.


	
		Common role names.


	
		Common role names.


	
		Common role names.