members property
Specifies the principals requesting access for a Google Cloud resource.
members can have the following values: * allUsers: A special
identifier that represents anyone who is on the internet; with or without
a Google account. * allAuthenticatedUsers: A special identifier that
represents anyone who is authenticated with a Google account or a service
account. Does not include identities that come from external identity
providers (IdPs) through identity federation. * user:{emailid}: An email
address that represents a specific Google account. For example,
alice@example.com . * serviceAccount:{emailid}: An email address that
represents a Google service account. For example,
my-other-app@appspot.gserviceaccount.com. *
serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An
identifier for a
Kubernetes service account.
For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. *
group:{emailid}: An email address that represents a Google group. For
example, admins@example.com. * domain:{domain}: The G Suite domain
(primary) that represents all the users of that domain. For example,
google.com or example.com. *
principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}:
A single identity in a workforce identity pool. *
principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}:
All workforce identities in a group. *
principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}:
All workforce identities with a specific attribute value. *
principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id} / * : All identities in a workforce identity pool. *
principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}:
A single identity in a workload identity pool. *
principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}:
A workload identity pool group. *
principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}:
All identities in a workload identity pool with a certain attribute. *
principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id} / * : All identities in a workload identity pool. *
deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique
identifier) representing a user that has been recently deleted. For
example, alice@example.com?uid=123456789012345678901. If the user is
recovered, this value reverts to user:{emailid} and the recovered user
retains the role in the binding. *
deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus
unique identifier) representing a service account that has been recently
deleted. For example,
my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If
the service account is undeleted, this value reverts to
serviceAccount:{emailid} and the undeleted service account retains the
role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email
address (plus unique identifier) representing a Google group that has been
recently deleted. For example,
admins@example.com?uid=123456789012345678901. If the group is recovered,
this value reverts to group:{emailid} and the recovered group retains
the role in the binding. *
deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}:
Deleted single identity in a workforce identity pool. For example,
deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value.
Implementation
core.List<core.String>? members;