Copyright | (c) 2015-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- OAuth Scopes
- API Declaration
- Resources
- iam.projects.serviceAccounts.create
- iam.projects.serviceAccounts.delete
- iam.projects.serviceAccounts.get
- iam.projects.serviceAccounts.getIamPolicy
- iam.projects.serviceAccounts.keys.create
- iam.projects.serviceAccounts.keys.delete
- iam.projects.serviceAccounts.keys.get
- iam.projects.serviceAccounts.keys.list
- iam.projects.serviceAccounts.list
- iam.projects.serviceAccounts.setIamPolicy
- iam.projects.serviceAccounts.signBlob
- iam.projects.serviceAccounts.testIamPermissions
- iam.projects.serviceAccounts.update
- iam.roles.queryGrantableRoles
- Types
- Empty
- AuditData
- ServiceAccountKey
- CreateServiceAccountKeyRequest
- SetIAMPolicyRequest
- BindingDelta
- SignBlobRequest
- ListServiceAccountKeysResponse
- Role
- ServiceAccount
- QueryGrantableRolesResponse
- TestIAMPermissionsRequest
- TestIAMPermissionsResponse
- Policy
- PolicyDelta
- QueryGrantableRolesRequest
- SignBlobResponse
- ListServiceAccountsResponse
- CreateServiceAccountRequest
- Binding
Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.
See: Google Identity and Access Management (IAM) API Reference
- iAMService :: ServiceConfig
- cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"]
- type IAMAPI = RolesQueryGrantableRolesResource :<|> (ProjectsServiceAccountsKeysListResource :<|> (ProjectsServiceAccountsKeysGetResource :<|> (ProjectsServiceAccountsKeysCreateResource :<|> (ProjectsServiceAccountsKeysDeleteResource :<|> (ProjectsServiceAccountsListResource :<|> (ProjectsServiceAccountsGetIAMPolicyResource :<|> (ProjectsServiceAccountsGetResource :<|> (ProjectsServiceAccountsCreateResource :<|> (ProjectsServiceAccountsSetIAMPolicyResource :<|> (ProjectsServiceAccountsSignBlobResource :<|> (ProjectsServiceAccountsTestIAMPermissionsResource :<|> (ProjectsServiceAccountsDeleteResource :<|> ProjectsServiceAccountsUpdateResource))))))))))))
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Create
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Delete
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Get
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.GetIAMPolicy
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.Create
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.Delete
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.Get
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Keys.List
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.List
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.SetIAMPolicy
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.SignBlob
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.TestIAMPermissions
- module Network.Google.Resource.IAM.Projects.ServiceAccounts.Update
- module Network.Google.Resource.IAM.Roles.QueryGrantableRoles
- data Empty
- empty :: Empty
- data AuditData
- auditData :: AuditData
- adPolicyDelta :: Lens' AuditData (Maybe PolicyDelta)
- data ServiceAccountKey
- serviceAccountKey :: ServiceAccountKey
- sakValidAfterTime :: Lens' ServiceAccountKey (Maybe Text)
- sakPrivateKeyData :: Lens' ServiceAccountKey (Maybe ByteString)
- sakPublicKeyData :: Lens' ServiceAccountKey (Maybe ByteString)
- sakName :: Lens' ServiceAccountKey (Maybe Text)
- sakPrivateKeyType :: Lens' ServiceAccountKey (Maybe Text)
- sakValidBeforeTime :: Lens' ServiceAccountKey (Maybe Text)
- sakKeyAlgorithm :: Lens' ServiceAccountKey (Maybe Text)
- data CreateServiceAccountKeyRequest
- createServiceAccountKeyRequest :: CreateServiceAccountKeyRequest
- csakrPrivateKeyType :: Lens' CreateServiceAccountKeyRequest (Maybe Text)
- csakrKeyAlgorithm :: Lens' CreateServiceAccountKeyRequest (Maybe Text)
- data SetIAMPolicyRequest
- setIAMPolicyRequest :: SetIAMPolicyRequest
- siprPolicy :: Lens' SetIAMPolicyRequest (Maybe Policy)
- data BindingDelta
- bindingDelta :: BindingDelta
- bdAction :: Lens' BindingDelta (Maybe Text)
- bdRole :: Lens' BindingDelta (Maybe Text)
- bdMember :: Lens' BindingDelta (Maybe Text)
- data SignBlobRequest
- signBlobRequest :: SignBlobRequest
- sbrBytesToSign :: Lens' SignBlobRequest (Maybe ByteString)
- data ListServiceAccountKeysResponse
- listServiceAccountKeysResponse :: ListServiceAccountKeysResponse
- lsakrKeys :: Lens' ListServiceAccountKeysResponse [ServiceAccountKey]
- data Role
- role' :: Role
- rName :: Lens' Role (Maybe Text)
- rTitle :: Lens' Role (Maybe Text)
- rDescription :: Lens' Role (Maybe Text)
- data ServiceAccount
- serviceAccount :: ServiceAccount
- saEmail :: Lens' ServiceAccount (Maybe Text)
- saEtag :: Lens' ServiceAccount (Maybe ByteString)
- saUniqueId :: Lens' ServiceAccount (Maybe Text)
- saName :: Lens' ServiceAccount (Maybe Text)
- saDisplayName :: Lens' ServiceAccount (Maybe Text)
- saProjectId :: Lens' ServiceAccount (Maybe Text)
- saOAuth2ClientId :: Lens' ServiceAccount (Maybe Text)
- data QueryGrantableRolesResponse
- queryGrantableRolesResponse :: QueryGrantableRolesResponse
- qgrrRoles :: Lens' QueryGrantableRolesResponse [Role]
- data TestIAMPermissionsRequest
- testIAMPermissionsRequest :: TestIAMPermissionsRequest
- tiprPermissions :: Lens' TestIAMPermissionsRequest [Text]
- data TestIAMPermissionsResponse
- testIAMPermissionsResponse :: TestIAMPermissionsResponse
- tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text]
- data Policy
- policy :: Policy
- pEtag :: Lens' Policy (Maybe ByteString)
- pVersion :: Lens' Policy (Maybe Int32)
- pBindings :: Lens' Policy [Binding]
- data PolicyDelta
- policyDelta :: PolicyDelta
- pdBindingDeltas :: Lens' PolicyDelta [BindingDelta]
- data QueryGrantableRolesRequest
- queryGrantableRolesRequest :: QueryGrantableRolesRequest
- qgrrFullResourceName :: Lens' QueryGrantableRolesRequest (Maybe Text)
- data SignBlobResponse
- signBlobResponse :: SignBlobResponse
- sbrSignature :: Lens' SignBlobResponse (Maybe ByteString)
- sbrKeyId :: Lens' SignBlobResponse (Maybe Text)
- data ListServiceAccountsResponse
- listServiceAccountsResponse :: ListServiceAccountsResponse
- lsarNextPageToken :: Lens' ListServiceAccountsResponse (Maybe Text)
- lsarAccounts :: Lens' ListServiceAccountsResponse [ServiceAccount]
- data CreateServiceAccountRequest
- createServiceAccountRequest :: CreateServiceAccountRequest
- csarServiceAccount :: Lens' CreateServiceAccountRequest (Maybe ServiceAccount)
- csarAccountId :: Lens' CreateServiceAccountRequest (Maybe Text)
- data Binding
- binding :: Binding
- bMembers :: Lens' Binding [Text]
- bRole :: Lens' Binding (Maybe Text)
Service Configuration
iAMService :: ServiceConfig Source #
Default request referring to version v1
of the Google Identity and Access Management (IAM) API. This contains the host and root path used as a starting point for constructing service requests.
OAuth Scopes
cloudPlatformScope :: Proxy '["https://www.googleapis.com/auth/cloud-platform"] Source #
View and manage your data across Google Cloud Platform services
API Declaration
type IAMAPI = RolesQueryGrantableRolesResource :<|> (ProjectsServiceAccountsKeysListResource :<|> (ProjectsServiceAccountsKeysGetResource :<|> (ProjectsServiceAccountsKeysCreateResource :<|> (ProjectsServiceAccountsKeysDeleteResource :<|> (ProjectsServiceAccountsListResource :<|> (ProjectsServiceAccountsGetIAMPolicyResource :<|> (ProjectsServiceAccountsGetResource :<|> (ProjectsServiceAccountsCreateResource :<|> (ProjectsServiceAccountsSetIAMPolicyResource :<|> (ProjectsServiceAccountsSignBlobResource :<|> (ProjectsServiceAccountsTestIAMPermissionsResource :<|> (ProjectsServiceAccountsDeleteResource :<|> ProjectsServiceAccountsUpdateResource)))))))))))) Source #
Represents the entirety of the methods and resources available for the Google Identity and Access Management (IAM) API service.
Resources
iam.projects.serviceAccounts.create
iam.projects.serviceAccounts.delete
iam.projects.serviceAccounts.get
iam.projects.serviceAccounts.getIamPolicy
iam.projects.serviceAccounts.keys.create
iam.projects.serviceAccounts.keys.delete
iam.projects.serviceAccounts.keys.get
iam.projects.serviceAccounts.keys.list
iam.projects.serviceAccounts.list
iam.projects.serviceAccounts.setIamPolicy
iam.projects.serviceAccounts.signBlob
iam.projects.serviceAccounts.testIamPermissions
iam.projects.serviceAccounts.update
iam.roles.queryGrantableRoles
Types
Empty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
See: empty
smart constructor.
AuditData
Audit log information specific to Cloud IAM. This message is serialized as an `Any` type in the `ServiceData` message of an `AuditLog` message.
See: auditData
smart constructor.
auditData :: AuditData Source #
Creates a value of AuditData
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
adPolicyDelta :: Lens' AuditData (Maybe PolicyDelta) Source #
Policy delta between the original policy and the newly set policy.
ServiceAccountKey
data ServiceAccountKey Source #
Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed key-pairs are managed automatically by Google, and rotated daily without user intervention. The private key never leaves Google's servers to maximize security. Public keys for all service accounts are also published at the OAuth2 Service Account API.
See: serviceAccountKey
smart constructor.
serviceAccountKey :: ServiceAccountKey Source #
Creates a value of ServiceAccountKey
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sakValidAfterTime :: Lens' ServiceAccountKey (Maybe Text) Source #
The key can be used after this timestamp.
sakPrivateKeyData :: Lens' ServiceAccountKey (Maybe ByteString) Source #
The private key data. Only provided in `CreateServiceAccountKey` responses.
sakPublicKeyData :: Lens' ServiceAccountKey (Maybe ByteString) Source #
The public key data. Only provided in `GetServiceAccountKey` responses.
sakName :: Lens' ServiceAccountKey (Maybe Text) Source #
The resource name of the service account key in the following format `projects/{project}/serviceAccounts/{account}/keys/{key}`.
sakPrivateKeyType :: Lens' ServiceAccountKey (Maybe Text) Source #
The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
sakValidBeforeTime :: Lens' ServiceAccountKey (Maybe Text) Source #
The key can be used before this timestamp.
sakKeyAlgorithm :: Lens' ServiceAccountKey (Maybe Text) Source #
Specifies the algorithm (and possibly key size) for the key.
CreateServiceAccountKeyRequest
data CreateServiceAccountKeyRequest Source #
The service account key create request.
See: createServiceAccountKeyRequest
smart constructor.
createServiceAccountKeyRequest :: CreateServiceAccountKeyRequest Source #
Creates a value of CreateServiceAccountKeyRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
csakrPrivateKeyType :: Lens' CreateServiceAccountKeyRequest (Maybe Text) Source #
The output format of the private key. `GOOGLE_CREDENTIALS_FILE` is the default output format.
csakrKeyAlgorithm :: Lens' CreateServiceAccountKeyRequest (Maybe Text) Source #
Which type of key and algorithm to use for the key. The default is currently a 4K RSA key. However this may change in the future.
SetIAMPolicyRequest
data SetIAMPolicyRequest Source #
Request message for `SetIamPolicy` method.
See: setIAMPolicyRequest
smart constructor.
setIAMPolicyRequest :: SetIAMPolicyRequest Source #
Creates a value of SetIAMPolicyRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
siprPolicy :: Lens' SetIAMPolicyRequest (Maybe Policy) Source #
REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
BindingDelta
data BindingDelta Source #
One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.
See: bindingDelta
smart constructor.
bindingDelta :: BindingDelta Source #
Creates a value of BindingDelta
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bdAction :: Lens' BindingDelta (Maybe Text) Source #
The action that was performed on a Binding. Required
bdRole :: Lens' BindingDelta (Maybe Text) Source #
Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
bdMember :: Lens' BindingDelta (Maybe Text) Source #
A single identity requesting access for a Cloud Platform resource. Follows the same format of Binding.members. Required
SignBlobRequest
data SignBlobRequest Source #
The service account sign blob request.
See: signBlobRequest
smart constructor.
signBlobRequest :: SignBlobRequest Source #
Creates a value of SignBlobRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sbrBytesToSign :: Lens' SignBlobRequest (Maybe ByteString) Source #
The bytes to sign.
ListServiceAccountKeysResponse
data ListServiceAccountKeysResponse Source #
The service account keys list response.
See: listServiceAccountKeysResponse
smart constructor.
listServiceAccountKeysResponse :: ListServiceAccountKeysResponse Source #
Creates a value of ListServiceAccountKeysResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lsakrKeys :: Lens' ListServiceAccountKeysResponse [ServiceAccountKey] Source #
The public keys for the service account.
Role
A role in the Identity and Access Management API.
See: role'
smart constructor.
Creates a value of Role
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rName :: Lens' Role (Maybe Text) Source #
The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for curated roles and organizations/{organization-id}/roles/logging.viewer for custom roles.
rTitle :: Lens' Role (Maybe Text) Source #
Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
rDescription :: Lens' Role (Maybe Text) Source #
Optional. A human-readable description for the role.
ServiceAccount
data ServiceAccount Source #
A service account in the Identity and Access Management API. To create a service account, specify the `project_id` and the `account_id` for the account. The `account_id` is unique within the project, and is used to generate the service account email address and a stable `unique_id`. If the account already exists, the account's resource name is returned in util::Status's ResourceInfo.resource_name in the format of projects/{project}/serviceAccounts/{email}. The caller can use the name in other methods to access the account. All other methods can identify the service account using the format `projects/{project}/serviceAccounts/{account}`. Using `-` as a wildcard for the project will infer the project from the account. The `account` value can be the `email` address or the `unique_id` of the service account.
See: serviceAccount
smart constructor.
serviceAccount :: ServiceAccount Source #
Creates a value of ServiceAccount
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
saEmail :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly The email address of the service account.
saEtag :: Lens' ServiceAccount (Maybe ByteString) Source #
Used to perform a consistent read-modify-write.
saUniqueId :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly The unique and stable id of the service account.
saName :: Lens' ServiceAccount (Maybe Text) Source #
The resource name of the service account in the following format: `projects/{project}/serviceAccounts/{account}`. Requests using `-` as a wildcard for the project will infer the project from the `account` and the `account` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/{project}/serviceAccounts/{email}`.
saDisplayName :: Lens' ServiceAccount (Maybe Text) Source #
Optional. A user-specified description of the service account. Must be fewer than 100 UTF-8 bytes.
saProjectId :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly The id of the project that owns the service account.
saOAuth2ClientId :: Lens' ServiceAccount (Maybe Text) Source #
'OutputOnly. The OAuth2 client id for the service account. This is used in conjunction with the OAuth2 clientconfig API to make three legged OAuth2 (3LO) flows to access the data of Google users.
QueryGrantableRolesResponse
data QueryGrantableRolesResponse Source #
The grantable role query response.
See: queryGrantableRolesResponse
smart constructor.
queryGrantableRolesResponse :: QueryGrantableRolesResponse Source #
Creates a value of QueryGrantableRolesResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
TestIAMPermissionsRequest
data TestIAMPermissionsRequest Source #
Request message for `TestIamPermissions` method.
See: testIAMPermissionsRequest
smart constructor.
testIAMPermissionsRequest :: TestIAMPermissionsRequest Source #
Creates a value of TestIAMPermissionsRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
tiprPermissions :: Lens' TestIAMPermissionsRequest [Text] Source #
The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see IAM Overview.
TestIAMPermissionsResponse
data TestIAMPermissionsResponse Source #
Response message for `TestIamPermissions` method.
See: testIAMPermissionsResponse
smart constructor.
testIAMPermissionsResponse :: TestIAMPermissionsResponse Source #
Creates a value of TestIAMPermissionsResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
tiamprPermissions :: Lens' TestIAMPermissionsResponse [Text] Source #
A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
Policy
Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike'example.com", "group:admins'example.com", "domain:google.com", "serviceAccount:my-other-app'appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean'example.com"] } ] } For a description of IAM and its features, see the IAM developer's guide.
See: policy
smart constructor.
pEtag :: Lens' Policy (Maybe ByteString) Source #
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
pBindings :: Lens' Policy [Binding] Source #
Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with no members will result in an error.
PolicyDelta
data PolicyDelta Source #
The difference delta between two policies.
See: policyDelta
smart constructor.
policyDelta :: PolicyDelta Source #
Creates a value of PolicyDelta
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pdBindingDeltas :: Lens' PolicyDelta [BindingDelta] Source #
The delta for Bindings between two policies.
QueryGrantableRolesRequest
data QueryGrantableRolesRequest Source #
The grantable role query request.
See: queryGrantableRolesRequest
smart constructor.
queryGrantableRolesRequest :: QueryGrantableRolesRequest Source #
Creates a value of QueryGrantableRolesRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
qgrrFullResourceName :: Lens' QueryGrantableRolesRequest (Maybe Text) Source #
Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
SignBlobResponse
data SignBlobResponse Source #
The service account sign blob response.
See: signBlobResponse
smart constructor.
signBlobResponse :: SignBlobResponse Source #
Creates a value of SignBlobResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sbrSignature :: Lens' SignBlobResponse (Maybe ByteString) Source #
The signed blob.
ListServiceAccountsResponse
data ListServiceAccountsResponse Source #
The service account list response.
See: listServiceAccountsResponse
smart constructor.
listServiceAccountsResponse :: ListServiceAccountsResponse Source #
Creates a value of ListServiceAccountsResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lsarNextPageToken :: Lens' ListServiceAccountsResponse (Maybe Text) Source #
To retrieve the next page of results, set ListServiceAccountsRequest.page_token to this value.
lsarAccounts :: Lens' ListServiceAccountsResponse [ServiceAccount] Source #
The list of matching service accounts.
CreateServiceAccountRequest
data CreateServiceAccountRequest Source #
The service account create request.
See: createServiceAccountRequest
smart constructor.
createServiceAccountRequest :: CreateServiceAccountRequest Source #
Creates a value of CreateServiceAccountRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
csarServiceAccount :: Lens' CreateServiceAccountRequest (Maybe ServiceAccount) Source #
The ServiceAccount resource to create. Currently, only the following values are user assignable: `display_name` .
csarAccountId :: Lens' CreateServiceAccountRequest (Maybe Text) Source #
Required. The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
Binding
Associates `members` with a `role`.
See: binding
smart constructor.
bMembers :: Lens' Binding [Text] Source #
Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice'gmail.com` or `joe'example.com`. * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app'appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins'example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.