queues_iam_policies
Overview
Name | queues_iam_policies |
Type | Resource |
Id | google.cloudtasks.queues_iam_policies |
Fields
Name | Datatype | Description |
---|---|---|
condition | object | Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. |
members | array | Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers : A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers : A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid} : An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid} : An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com . serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}] : An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa] . group:{emailid} : An email address that represents a Google group. For example, admins@example.com . domain:{domain} : The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com . deleted:user:{emailid}?uid={uniqueid} : An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901 . If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid} : An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901 . If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid} : An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901 . If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding. |
role | string | Role that is assigned to the list of members , or principals. For example, roles/viewer , roles/editor , or roles/owner . |
Methods
Name | Accessible by | Required Params | Description |
---|---|---|---|
get_iam_policy | SELECT | locationsId, projectsId, queuesId | Gets the access control policy for a Queue. Returns an empty policy if the resource exists and does not have a policy set. Authorization requires the following Google IAM permission on the specified resource parent: * cloudtasks.queues.getIamPolicy |
_get_iam_policy | EXEC | locationsId, projectsId, queuesId | Gets the access control policy for a Queue. Returns an empty policy if the resource exists and does not have a policy set. Authorization requires the following Google IAM permission on the specified resource parent: * cloudtasks.queues.getIamPolicy |
set_iam_policy | EXEC | locationsId, projectsId, queuesId | Sets the access control policy for a Queue. Replaces any existing policy. Note: The Cloud Console does not check queue-level IAM permissions yet. Project-level permissions are required to use the Cloud Console. Authorization requires the following Google IAM permission on the specified resource parent: * cloudtasks.queues.setIamPolicy |
test_iam_permissions | EXEC | locationsId, projectsId, queuesId | Returns permissions that a caller has on a Queue. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. |