searchAllIamPolicies method
Searches all IAM policies within the specified scope, such as a project, folder, or organization.
The caller must be granted the cloudasset.assets.searchAllIamPolicies
permission on the desired scope, otherwise the request will be rejected.
Request parameters:
scope - Required. A scope can be a project, a folder, or an
organization. The search is limited to the IAM policies within the
scope. The caller must be granted the
[cloudasset.assets.searchAllIamPolicies](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
permission on the desired scope. The allowed values are: *
projects/{PROJECT_ID} (e.g., "projects/foo-bar") *
projects/{PROJECT_NUMBER} (e.g., "projects/12345678") *
folders/{FOLDER_NUMBER} (e.g., "folders/1234567") *
organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
Value must have pattern ^\[^/\]+/\[^/\]+$.
assetTypes - Optional. A list of asset types that the IAM policies are
attached to. If empty, it will search the IAM policies that are attached
to all the asset types
supported by search APIs
Regular expressions are also supported. For example: *
"compute.googleapis.com.*" snapshots IAM policies attached to asset type
starts with "compute.googleapis.com". * ".*Instance" snapshots IAM
policies attached to asset type ends with "Instance". * ".Instance."
snapshots IAM policies attached to asset type contains "Instance". See
RE2 for all supported regular
expression syntax. If the regular expression does not match any supported
asset type, an INVALID_ARGUMENT error will be returned.
orderBy - Optional. A comma-separated list of fields specifying the
sorting order of the results. The default order is ascending. Add " DESC"
after the field name to indicate descending order. Redundant space
characters are ignored. Example: "assetType DESC, resource". Only singular
primitive fields in the response are sortable: * resource * assetType *
project All the other fields such as repeated fields (e.g., folders) and
non-primitive fields (e.g., policy) are not supported.
pageSize - Optional. The page size for search result pagination. Page
size is capped at 500 even if a larger value is given. If set to zero or a
negative value, server will pick an appropriate default. Returned results
may be fewer than requested. When this happens, there could be more
results as long as next_page_token is returned.
pageToken - Optional. If present, retrieve the next batch of results
from the preceding call to this method. page_token must be the value of
next_page_token from the previous response. The values of all other
method parameters must be identical to those in the previous call.
query - Optional. The query statement. See
how to construct a query
for more information. If not specified or empty, it will search all the
IAM policies within the specified scope. Note that the query string is
compared against each IAM policy binding, including its principals, roles,
and IAM conditions. The returned IAM policies will only contain the
bindings that match your query. To learn more about the IAM policy
structure, see the
IAM policy documentation.
Examples: * policy:amy@gmail.com to find IAM policy bindings that
specify user "amy@gmail.com". * policy:roles/compute.admin to find IAM
policy bindings that specify the Compute Admin role. * policy:comp* to
find IAM policy bindings that contain "comp" as a prefix of any word in
the binding. * policy.role.permissions:storage.buckets.update to find
IAM policy bindings that specify a role containing
"storage.buckets.update" permission. Note that if callers don't have
iam.roles.get access to a role's included permissions, policy bindings
that specify this role will be dropped from the search results. *
policy.role.permissions:upd* to find IAM policy bindings that specify a
role containing "upd" as a prefix of any word in the role permission. Note
that if callers don't have iam.roles.get access to a role's included
permissions, policy bindings that specify this role will be dropped from
the search results. * resource:organizations/123456 to find IAM policy
bindings that are set on "organizations/123456". *
resource=//cloudresourcemanager.googleapis.com/projects/myproject to
find IAM policy bindings that are set on the project named "myproject". *
Important to find IAM policy bindings that contain "Important" as a word
in any of the searchable fields (except for the included permissions). *
resource:(instance1 OR instance2) policy:amy to find IAM policy bindings
that are set on resources "instance1" or "instance2" and also specify user
"amy". * roles:roles/compute.admin to find IAM policy bindings that
specify the Compute Admin role. * memberTypes:user to find IAM policy
bindings that contain the principal type "user".
$fields - Selector specifying which fields to include in a partial
response.
Completes with a SearchAllIamPoliciesResponse.
Completes with a commons.ApiRequestError if the API endpoint returned an error.
If the used http.Client completes with an error when making a REST call,
this method will complete with the same error.
Implementation
async.Future<SearchAllIamPoliciesResponse> searchAllIamPolicies(
core.String scope, {
core.List<core.String>? assetTypes,
core.String? orderBy,
core.int? pageSize,
core.String? pageToken,
core.String? query,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
if (assetTypes != null) 'assetTypes': assetTypes,
if (orderBy != null) 'orderBy': [orderBy],
if (pageSize != null) 'pageSize': ['${pageSize}'],
if (pageToken != null) 'pageToken': [pageToken],
if (query != null) 'query': [query],
if ($fields != null) 'fields': [$fields],
};
final url_ =
'v1/' + core.Uri.encodeFull('$scope') + ':searchAllIamPolicies';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return SearchAllIamPoliciesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>);
}