Copyright	(c) 2015-2016 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None
Language	Haskell2010

Network.Google.Resource.CloudResourceManager.Projects.SetIAMPolicy

Contents

REST Resource
Creating a Request
Request Lenses

Description

Sets the IAM access control policy for the specified Project. Replaces any existing policy. The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted only to `user` and `serviceAccount`. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited via Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using `setIamPolicy()`; they must be sent only using the Cloud Platform Console. + Membership changes that leave the project without any owners that have accepted the Terms of Service (ToS) will be rejected. + There must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. + Calling this method requires enabling the App Engine Admin API. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles.

See: Google Cloud Resource Manager API Reference for cloudresourcemanager.projects.setIamPolicy.

Synopsis

REST Resource

type ProjectsSetIAMPolicyResource = "v1" :> ("projects" :> (CaptureMode "resource" "setIamPolicy" Text :> (QueryParam "$.xgafv" Text :> (QueryParam "upload_protocol" Text :> (QueryParam "pp" Bool :> (QueryParam "access_token" Text :> (QueryParam "uploadType" Text :> (QueryParam "bearer_token" Text :> (QueryParam "callback" Text :> (QueryParam "alt" AltJSON :> (ReqBody '[JSON] SetIAMPolicyRequest :> Post '[JSON] Policy))))))))))) Source #

A resource alias for cloudresourcemanager.projects.setIamPolicy method which the ProjectsSetIAMPolicy request conforms to.

Creating a Request

projectsSetIAMPolicy Source #

Arguments

:: SetIAMPolicyRequest	`psipPayload`
-> Text	`psipResource`
-> ProjectsSetIAMPolicy

Creates a value of ProjectsSetIAMPolicy with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

data ProjectsSetIAMPolicy Source #

Sets the IAM access control policy for the specified Project. Replaces any existing policy. The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted only to `user` and `serviceAccount`. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited via Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using `setIamPolicy()`; they must be sent only using the Cloud Platform Console. + Membership changes that leave the project without any owners that have accepted the Terms of Service (ToS) will be rejected. + There must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. + Calling this method requires enabling the App Engine Admin API. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles.

See: projectsSetIAMPolicy smart constructor.

Instances

Eq ProjectsSetIAMPolicy Source #
Methods (==) :: ProjectsSetIAMPolicy -> ProjectsSetIAMPolicy -> Bool # (/=) :: ProjectsSetIAMPolicy -> ProjectsSetIAMPolicy -> Bool #
Data ProjectsSetIAMPolicy Source #
Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> ProjectsSetIAMPolicy -> c ProjectsSetIAMPolicy # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c ProjectsSetIAMPolicy # toConstr :: ProjectsSetIAMPolicy -> Constr # dataTypeOf :: ProjectsSetIAMPolicy -> DataType # dataCast1 :: Typeable (* -> ) t => (forall d. Data d => c (t d)) -> Maybe (c ProjectsSetIAMPolicy) # dataCast2 :: Typeable ( -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c ProjectsSetIAMPolicy) # gmapT :: (forall b. Data b => b -> b) -> ProjectsSetIAMPolicy -> ProjectsSetIAMPolicy # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> ProjectsSetIAMPolicy -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> ProjectsSetIAMPolicy -> r # gmapQ :: (forall d. Data d => d -> u) -> ProjectsSetIAMPolicy -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> ProjectsSetIAMPolicy -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> ProjectsSetIAMPolicy -> m ProjectsSetIAMPolicy # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> ProjectsSetIAMPolicy -> m ProjectsSetIAMPolicy # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> ProjectsSetIAMPolicy -> m ProjectsSetIAMPolicy #
Show ProjectsSetIAMPolicy Source #
Methods showsPrec :: Int -> ProjectsSetIAMPolicy -> ShowS # show :: ProjectsSetIAMPolicy -> String # showList :: [ProjectsSetIAMPolicy] -> ShowS #
Generic ProjectsSetIAMPolicy Source #
Associated Types type Rep ProjectsSetIAMPolicy :: * -> * # Methods from :: ProjectsSetIAMPolicy -> Rep ProjectsSetIAMPolicy x # to :: Rep ProjectsSetIAMPolicy x -> ProjectsSetIAMPolicy #
GoogleRequest ProjectsSetIAMPolicy Source #
Associated Types type Rs ProjectsSetIAMPolicy :: * # type Scopes ProjectsSetIAMPolicy :: [Symbol] # Methods requestClient :: ProjectsSetIAMPolicy -> Client (Rs ProjectsSetIAMPolicy) #
type Rep ProjectsSetIAMPolicy Source #
type Rep ProjectsSetIAMPolicy = D1 (MetaData "ProjectsSetIAMPolicy" "Network.Google.Resource.CloudResourceManager.Projects.SetIAMPolicy" "gogol-resourcemanager-0.1.1-AEz0f6mUx4eCqjXGxlj0rQ" False) (C1 (MetaCons "ProjectsSetIAMPolicy'" PrefixI True) ((::) ((::) ((::) (S1 (MetaSel (Just Symbol "_psipXgafv") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "_psipUploadProtocol") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)))) ((::) (S1 (MetaSel (Just Symbol "_psipPp") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Bool)) (S1 (MetaSel (Just Symbol "_psipAccessToken") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))))) ((::) ((::) (S1 (MetaSel (Just Symbol "_psipUploadType") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "_psipPayload") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 SetIAMPolicyRequest))) ((::) (S1 (MetaSel (Just Symbol "_psipBearerToken") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) ((::) (S1 (MetaSel (Just Symbol "_psipResource") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text)) (S1 (MetaSel (Just Symbol "_psipCallback") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))))))))
type Scopes ProjectsSetIAMPolicy Source #
type Scopes ProjectsSetIAMPolicy = (:) Symbol "https://www.googleapis.com/auth/cloud-platform" ([] Symbol)
type Rs ProjectsSetIAMPolicy Source #
type Rs ProjectsSetIAMPolicy = Policy

Request Lenses

psipXgafv :: Lens' ProjectsSetIAMPolicy (Maybe Text) Source #

V1 error format.

psipUploadProtocol :: Lens' ProjectsSetIAMPolicy (Maybe Text) Source #

Upload protocol for media (e.g. "raw", "multipart").

psipPp :: Lens' ProjectsSetIAMPolicy Bool Source #

Pretty-print response.

psipAccessToken :: Lens' ProjectsSetIAMPolicy (Maybe Text) Source #

OAuth access token.

psipUploadType :: Lens' ProjectsSetIAMPolicy (Maybe Text) Source #

Legacy upload protocol for media (e.g. "media", "multipart").

psipPayload :: Lens' ProjectsSetIAMPolicy SetIAMPolicyRequest Source #

Multipart request metadata.

psipBearerToken :: Lens' ProjectsSetIAMPolicy (Maybe Text) Source #

OAuth bearer token.

psipResource :: Lens' ProjectsSetIAMPolicy Text Source #

REQUIRED: The resource for which the policy is being specified. `resource` is usually specified as a path. For example, a Project resource is specified as `projects/{project}`.

psipCallback :: Lens' ProjectsSetIAMPolicy (Maybe Text) Source #

JSONP