是否可以设置 IAM 策略并作为条件,在帐户消失时将其删除
Is it possible to set an IAM policy and as a condition, remove it when the account is gone
正在查找 setIamPolicy,发现可以为策略设置条件。例如:
bindings:
- members:
- serviceAccount:my-project-id@appspot.gserviceaccount.com
role: roles/resourcemanager.organizationAdmin
condition:
title: expirable access
description: Does not grant access after Sep 2020
expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
来源:https://cloud.google.com/kms/docs/reference/rest/v1/Policy
我想创建一个自定义条件,该条件将在帐户删除后删除。可能吗?在下面的 link 中未找到任何示例:
https://cloud.google.com/iam/docs/conditions-overview#attributes
Cloud IAM Conditions 目前处于私人测试阶段,社区成员因该功能而被列入白名单的可能性极低。
如果支持将 IAM 策略设置为条件的功能,我建议您ask directly to Google
正在查找 setIamPolicy,发现可以为策略设置条件。例如:
bindings:
- members:
- serviceAccount:my-project-id@appspot.gserviceaccount.com
role: roles/resourcemanager.organizationAdmin
condition:
title: expirable access
description: Does not grant access after Sep 2020
expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
来源:https://cloud.google.com/kms/docs/reference/rest/v1/Policy
我想创建一个自定义条件,该条件将在帐户删除后删除。可能吗?在下面的 link 中未找到任何示例:
https://cloud.google.com/iam/docs/conditions-overview#attributes
Cloud IAM Conditions 目前处于私人测试阶段,社区成员因该功能而被列入白名单的可能性极低。
如果支持将 IAM 策略设置为条件的功能,我建议您ask directly to Google