iap
import { iap } from "https://googleapis.deno.dev/v1/iap:v1.ts";
Controls access to cloud applications running on Google Cloud Platform.
§Methods
Constructs a new OAuth brand for the project if one does not exist. The created brand is "internal only", meaning that OAuth clients created under it only accept requests from users who belong to the same Google Workspace organization as the project. The brand is created in an un-reviewed status. NOTE: The "internal only" status can be manually changed in the Google Cloud Console. Requires that a brand does not already exist for the project, and that the specified support email is owned by the caller.
Required. GCP Project number/id under which the brand is to be created. In the following format: projects/{project_number/id}.
Creates an Identity Aware Proxy (IAP) OAuth client. The client is owned by IAP. Requires that the brand for the project exists and that it is set for internal-only use.
Required. Path to create the client in. In the following format: projects/{project_number/id}/brands/{brand}. The project must belong to a G Suite account.
Deletes an Identity Aware Proxy (IAP) OAuth client. Useful for removing obsolete clients, managing the number of clients in a given project, and cleaning up after tests. Requires that the client is owned by IAP.
Required. Name of the Identity Aware Proxy client to be deleted. In the following format: projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}.
Retrieves an Identity Aware Proxy (IAP) OAuth client. Requires that the client is owned by IAP.
Required. Name of the Identity Aware Proxy client to be fetched. In the following format: projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}.
Lists the existing clients for the brand.
Required. Full brand path. In the following format: projects/{project_number/id}/brands/{brand}.
Resets an Identity Aware Proxy (IAP) OAuth client secret. Useful if the secret was compromised. Requires that the client is owned by IAP.
Required. Name of the Identity Aware Proxy client to that will have its secret reset. In the following format: projects/{project_number/id}/brands/{brand}/identityAwareProxyClients/{client_id}.
Lists the existing brands for the project.
Required. GCP Project number/id. In the following format: projects/{project_number/id}.
Creates a new TunnelDestGroup.
Required. Google Cloud Project ID and location. In the following format: projects/{project_number/id}/iap_tunnel/locations/{location}
.
Retrieves an existing TunnelDestGroup.
Required. Name of the TunnelDestGroup to be fetched. In the following format: projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}
.
Lists the existing TunnelDestGroups. To group across all locations, use a
-
as the location ID. For example:
/v1/projects/123/iap_tunnel/locations/-/destGroups
Required. Google Cloud Project ID and location. In the following format: projects/{project_number/id}/iap_tunnel/locations/{location}
. A -
can be used for the location to group across all locations.
Updates a TunnelDestGroup.
Required. Immutable. Identifier for the TunnelDestGroup. Must be unique within the project and contain only lower case letters (a-z) and dashes (-).
Gets the access control policy for an Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field.
Gets the IAP settings on a particular IAP protected resource.
Required. The resource name for which to retrieve the settings. Authorization: Requires the getSettings
permission for the associated resource.
Sets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.
Returns permissions that a caller has on the Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Updates the IAP settings on a particular IAP protected resource. It
replaces all fields unless the update_mask
is set.
Required. The resource name of the IAP protected resource.
Validates that a given CEL expression conforms to IAP restrictions.
Required. The resource name of the IAP protected resource.