{-# LANGUAGE DataKinds #-}
{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE FlexibleInstances #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE TypeOperators #-}
{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
module Network.Google.Resource.CloudResourceManager.Projects.SetIAMPolicy
(
ProjectsSetIAMPolicyResource
, projectsSetIAMPolicy
, ProjectsSetIAMPolicy
, psipXgafv
, psipUploadProtocol
, psipPp
, psipAccessToken
, psipUploadType
, psipPayload
, psipBearerToken
, psipResource
, psipCallback
) where
import Network.Google.Prelude
import Network.Google.ResourceManager.Types
type ProjectsSetIAMPolicyResource =
"v1" :>
"projects" :>
CaptureMode "resource" "setIamPolicy" Text :>
QueryParam "$.xgafv" Text :>
QueryParam "upload_protocol" Text :>
QueryParam "pp" Bool :>
QueryParam "access_token" Text :>
QueryParam "uploadType" Text :>
QueryParam "bearer_token" Text :>
QueryParam "callback" Text :>
QueryParam "alt" AltJSON :>
ReqBody '[JSON] SetIAMPolicyRequest :>
Post '[JSON] Policy
-- | Sets the IAM access control policy for the specified Project. Replaces
-- any existing policy. The following constraints apply when using
-- \`setIamPolicy()\`: + Project does not support \`allUsers\` and
-- \`allAuthenticatedUsers\` as \`members\` in a \`Binding\` of a
-- \`Policy\`. + The owner role can be granted only to \`user\` and
-- \`serviceAccount\`. + Service accounts can be made owners of a project
-- directly without any restrictions. However, to be added as an owner, a
-- user must be invited via Cloud Platform console and must accept the
-- invitation. + A user cannot be granted the owner role using
-- \`setIamPolicy()\`. The user must be granted the owner role using the
-- Cloud Platform Console and must explicitly accept the invitation. +
-- Invitations to grant the owner role cannot be sent using
-- \`setIamPolicy()\`; they must be sent only using the Cloud Platform
-- Console. + Membership changes that leave the project without any owners
-- that have accepted the Terms of Service (ToS) will be rejected. + There
-- must be at least one owner who has accepted the Terms of Service (ToS)
-- agreement in the policy. Calling \`setIamPolicy()\` to to remove the
-- last ToS-accepted owner from the policy will fail. This restriction also
-- applies to legacy projects that no longer have owners who have accepted
-- the ToS. Edits to IAM policies will be rejected until the lack of a
-- ToS-accepting owner is rectified. + Calling this method requires
-- enabling the App Engine Admin API. Note: Removing service accounts from
-- policies or changing their roles can render services completely
-- inoperable. It is important to understand how the service account is
-- being used before removing or updating its roles.
--
-- /See:/ 'projectsSetIAMPolicy' smart constructor.
data ProjectsSetIAMPolicy = ProjectsSetIAMPolicy'
{ _psipXgafv :: !(Maybe Text)
, _psipUploadProtocol :: !(Maybe Text)
, _psipPp :: !Bool
, _psipAccessToken :: !(Maybe Text)
, _psipUploadType :: !(Maybe Text)
, _psipPayload :: !SetIAMPolicyRequest
, _psipBearerToken :: !(Maybe Text)
, _psipResource :: !Text
, _psipCallback :: !(Maybe Text)
} deriving (Eq,Show,Data,Typeable,Generic)
-- | Creates a value of 'ProjectsSetIAMPolicy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'psipXgafv'
--
-- * 'psipUploadProtocol'
--
-- * 'psipPp'
--
-- * 'psipAccessToken'
--
-- * 'psipUploadType'
--
-- * 'psipPayload'
--
-- * 'psipBearerToken'
--
-- * 'psipResource'
--
-- * 'psipCallback'
projectsSetIAMPolicy
:: SetIAMPolicyRequest -- ^ 'psipPayload'
-> Text -- ^ 'psipResource'
-> ProjectsSetIAMPolicy
projectsSetIAMPolicy pPsipPayload_ pPsipResource_ =
ProjectsSetIAMPolicy'
{ _psipXgafv = Nothing
, _psipUploadProtocol = Nothing
, _psipPp = True
, _psipAccessToken = Nothing
, _psipUploadType = Nothing
, _psipPayload = pPsipPayload_
, _psipBearerToken = Nothing
, _psipResource = pPsipResource_
, _psipCallback = Nothing
}
-- | V1 error format.
psipXgafv :: Lens' ProjectsSetIAMPolicy (Maybe Text)
psipXgafv
= lens _psipXgafv (\ s a -> s{_psipXgafv = a})
-- | Upload protocol for media (e.g. \"raw\", \"multipart\").
psipUploadProtocol :: Lens' ProjectsSetIAMPolicy (Maybe Text)
psipUploadProtocol
= lens _psipUploadProtocol
(\ s a -> s{_psipUploadProtocol = a})
-- | Pretty-print response.
psipPp :: Lens' ProjectsSetIAMPolicy Bool
psipPp = lens _psipPp (\ s a -> s{_psipPp = a})
-- | OAuth access token.
psipAccessToken :: Lens' ProjectsSetIAMPolicy (Maybe Text)
psipAccessToken
= lens _psipAccessToken
(\ s a -> s{_psipAccessToken = a})
-- | Legacy upload protocol for media (e.g. \"media\", \"multipart\").
psipUploadType :: Lens' ProjectsSetIAMPolicy (Maybe Text)
psipUploadType
= lens _psipUploadType
(\ s a -> s{_psipUploadType = a})
-- | Multipart request metadata.
psipPayload :: Lens' ProjectsSetIAMPolicy SetIAMPolicyRequest
psipPayload
= lens _psipPayload (\ s a -> s{_psipPayload = a})
-- | OAuth bearer token.
psipBearerToken :: Lens' ProjectsSetIAMPolicy (Maybe Text)
psipBearerToken
= lens _psipBearerToken
(\ s a -> s{_psipBearerToken = a})
-- | REQUIRED: The resource for which the policy is being specified.
-- \`resource\` is usually specified as a path. For example, a Project
-- resource is specified as \`projects\/{project}\`.
psipResource :: Lens' ProjectsSetIAMPolicy Text
psipResource
= lens _psipResource (\ s a -> s{_psipResource = a})
-- | JSONP
psipCallback :: Lens' ProjectsSetIAMPolicy (Maybe Text)
psipCallback
= lens _psipCallback (\ s a -> s{_psipCallback = a})
instance GoogleRequest ProjectsSetIAMPolicy where
type Rs ProjectsSetIAMPolicy = Policy
type Scopes ProjectsSetIAMPolicy =
'["https://www.googleapis.com/auth/cloud-platform"]
requestClient ProjectsSetIAMPolicy'{..}
= go _psipResource _psipXgafv _psipUploadProtocol
(Just _psipPp)
_psipAccessToken
_psipUploadType
_psipBearerToken
_psipCallback
(Just AltJSON)
_psipPayload
resourceManagerService
where go
= buildClient
(Proxy :: Proxy ProjectsSetIAMPolicyResource)
mempty