members property
Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: * allUsers
: A special
identifier that represents anyone who is on the internet; with or without
a Google account. * allAuthenticatedUsers
: A special identifier that
represents anyone who is authenticated with a Google account or a service
account. Does not include identities that come from external identity
providers (IdPs) through identity federation. * user:{emailid}
: An email
address that represents a specific Google account. For example,
alice@example.com
. * serviceAccount:{emailid}
: An email address that
represents a Google service account. For example,
my-other-app@appspot.gserviceaccount.com
. *
serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An
identifier for a
Kubernetes service account.
For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *
group:{emailid}
: An email address that represents a Google group. For
example, admins@example.com
. * domain:{domain}
: The G Suite domain
(primary) that represents all the users of that domain. For example,
google.com
or example.com
. *
principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}
:
A single identity in a workforce identity pool. *
principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}
:
All workforce identities in a group. *
principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}
:
All workforce identities with a specific attribute value. *
principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id} / *
: All identities in a workforce identity pool. *
principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}
:
A single identity in a workload identity pool. *
principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}
:
A workload identity pool group. *
principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}
:
All identities in a workload identity pool with a certain attribute. *
principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id} / *
: All identities in a workload identity pool. *
deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique
identifier) representing a user that has been recently deleted. For
example, alice@example.com?uid=123456789012345678901
. If the user is
recovered, this value reverts to user:{emailid}
and the recovered user
retains the role in the binding. *
deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus
unique identifier) representing a service account that has been recently
deleted. For example,
my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If
the service account is undeleted, this value reverts to
serviceAccount:{emailid}
and the undeleted service account retains the
role in the binding. * deleted:group:{emailid}?uid={uniqueid}
: An email
address (plus unique identifier) representing a Google group that has been
recently deleted. For example,
admins@example.com?uid=123456789012345678901
. If the group is recovered,
this value reverts to group:{emailid}
and the recovered group retains
the role in the binding. *
deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}
:
Deleted single identity in a workforce identity pool. For example,
deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value
.
Implementation
core.List<core.String>? members;