@datafire/google_iap
v3.0.0
Published
DataFire integration for Cloud Identity-Aware Proxy API
Downloads
2
Readme
@datafire/google_iap
Client library for Cloud Identity-Aware Proxy API
Installation and Usage
npm install --save @datafire/google_iap
let google_iap = require('@datafire/google_iap').create({
access_token: "",
refresh_token: "",
client_id: "",
client_secret: "",
redirect_uri: ""
});
.then(data => {
console.log(data);
});
Description
Controls access to cloud applications running on Google Cloud Platform.
Actions
oauthCallback
Exchange the code passed to your redirect URI for an access_token
google_iap.oauthCallback({
"code": ""
}, context)
Input
- input
object
- code required
string
- code required
Output
- output
object
- access_token
string
- refresh_token
string
- token_type
string
- scope
string
- expiration
string
- access_token
oauthRefresh
Exchange a refresh_token for an access_token
google_iap.oauthRefresh(null, context)
Input
This action has no parameters
Output
- output
object
- access_token
string
- refresh_token
string
- token_type
string
- scope
string
- expiration
string
- access_token
iap.getIamPolicy
Gets the access control policy for an Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
google_iap.iap.getIamPolicy({
"resource": ""
}, context)
Input
- input
object
- resource required
string
: REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. - body GetIamPolicyRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- resource required
Output
- output Policy
iap.setIamPolicy
Sets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
google_iap.iap.setIamPolicy({
"resource": ""
}, context)
Input
- input
object
- resource required
string
: REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. - body SetIamPolicyRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- resource required
Output
- output Policy
iap.testIamPermissions
Returns permissions that a caller has on the Identity-Aware Proxy protected resource. If the resource does not exist or the caller does not have Identity-Aware Proxy permissions a [google.rpc.Code.PERMISSION_DENIED] will be returned. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
google_iap.iap.testIamPermissions({
"resource": ""
}, context)
Input
- input
object
- resource required
string
: REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. - body TestIamPermissionsRequest
- $.xgafv
string
(values: 1, 2): V1 error format. - access_token
string
: OAuth access token. - alt
string
(values: json, media, proto): Data format for response. - callback
string
: JSONP - fields
string
: Selector specifying which fields to include in a partial response. - key
string
: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. - oauth_token
string
: OAuth 2.0 token for the current user. - prettyPrint
boolean
: Returns response with indentations and line breaks. - quotaUser
string
: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. - upload_protocol
string
: Upload protocol for media (e.g. "raw", "multipart"). - uploadType
string
: Legacy upload protocol for media (e.g. "media", "multipart").
- resource required
Output
- output TestIamPermissionsResponse
Definitions
Binding
- Binding
object
: Associatesmembers
with arole
.- condition Expr
- members
array
: Specifies the identities requesting access for a Cloud Platform resource.members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. *user:{emailid}
: An email address that represents a specific Google account. For example,[email protected]
. *serviceAccount:{emailid}
: An email address that represents a service account. For example,[email protected]
. *group:{emailid}
: An email address that represents a Google group. For example,[email protected]
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,[email protected]?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,[email protected]?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,[email protected]?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
.- items
string
- items
- role
string
: Role that is assigned tomembers
. For example,roles/viewer
,roles/editor
, orroles/owner
.
Expr
- Expr
object
: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.- description
string
: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. - expression
string
: Textual representation of an expression in Common Expression Language syntax. - location
string
: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. - title
string
: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description
GetIamPolicyRequest
- GetIamPolicyRequest
object
: Request message forGetIamPolicy
method.- options GetPolicyOptions
GetPolicyOptions
- GetPolicyOptions
object
: Encapsulates settings provided to GetIamPolicy.- requestedPolicyVersion
integer
: Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
- requestedPolicyVersion
Policy
- Policy
object
: An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. APolicy
is a collection ofbindings
. Abinding
binds one or moremembers
to a singlerole
. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). Arole
is a named list of permissions; eachrole
can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, abinding
can also specify acondition
, which is a logical expression that allows access to a resource only if the expression evaluates totrue
. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:[email protected]" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:[email protected]" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } YAML example: bindings: - members: - user:[email protected] - group:[email protected] - domain:google.com - serviceAccount:[email protected] role: roles/resourcemanager.organizationAdmin - members: - user:[email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the IAM documentation.- bindings
array
: Associates a list ofmembers
to arole
. Optionally, may specify acondition
that determines how and when thebindings
are applied. Each of thebindings
must contain at least one member.- items Binding
- etag
string
:etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. - version
integer
: Specifies the format of the policy. Valid values are0
,1
, and3
. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version3
. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
- bindings
SetIamPolicyRequest
- SetIamPolicyRequest
object
: Request message forSetIamPolicy
method.- policy Policy
TestIamPermissionsRequest
- TestIamPermissionsRequest
object
: Request message forTestIamPermissions
method.- permissions
array
: The set of permissions to check for theresource
. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.- items
string
- items
- permissions
TestIamPermissionsResponse
- TestIamPermissionsResponse
object
: Response message forTestIamPermissions
method.- permissions
array
: A subset ofTestPermissionsRequest.permissions
that the caller is allowed.- items
string
- items
- permissions