policy

API

Manages IoT Core roles and permissions

Methods
queryGrantableRoles	`GET /api/v/4/webhook/execute/{adminSystemKey}/policy?method=queryGrantableRoles` List all grantable roles on a specified resource.
getIamPolicy	`GET /api/v/4/webhook/execute/{adminSystemKey}/policy?method=getIamPolicy` Get a specified resource’s IAM policy.
setIamPolicy	`PUT /api/v/4/webhook/execute/{adminSystemKey}/policy?method=setIamPolicy` Set a specified resource’s IAM policy.
testIamPermissions	`POST /api/v/4/webhook/execute/{adminSystemKey}/policy?method=testIamPermissions` Test whether a user has a list of permissions for a specified resource.

CbPolicy

TYPESCRIPT

type CbPolicy = CbBinding[]

type CbBinding = {
  role_id: string;
  members: {
    principal_type: "user" | "serviceAccount";
    principal: string;    
  }[]
}

Fields

role_id

The role to which the list of members are assigned.

members[]

A list of principals that are assigned to the role in the binding.

principal is the principal’s email.

principal_type is the kind of principal, such as a user or a service account.

IOTRole

TYPESCRIPT

interface IOTRole {
  id: string;
  name: string;
  permissions: string[];
  is_custom: boolean;
  description?: string;
  project_id: string;
}

Fields
id	The role’s unique identifier.
name	The role’s user-readable label.
permissions	A list of permissions that principals receive when assigned this role.
is_custom	Whether the role is built-in to IoT Core or user-created. User-created roles are not yet supported.
description	An optional description of the capabilities the role allows for principals.
project_id	The project’s unique identifier where this role is assignable.