# Copyright 2018 Google Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. resources: - name: iam-v1 type: deploymentmanager.local.typeProvider properties: descriptorUrl: https://iam.googleapis.com/$discovery/rest?version=v1 options: inputMappings: - fieldName: Authorization location: HEADER value: > $.concat("Bearer ", $.googleOauth2AccessToken()) collectionOverrides: - collection: projects.serviceAccounts options: virtualProperties: | schema: http://json-schema.org/draft-04/schema# type: object properties: displayName: type : string accountId: type : string required: - displayName - accountId inputMappings: # name parameter during create is different during update. - fieldName: name location: PATH methodMatch: ^create$ value: concat("projects/", $.project) # accountId only applies for create - fieldName: accountId location: BODY methodMatch: ^create$ value: $.resource.properties.accountId # displayName comes in different location for update/create - fieldName: serviceAccount.displayName location: BODY methodMatch: ^create$ value: $.resource.properties.displayName - fieldName: displayName location: BODY methodMatch: ^update$ value: $.resource.properties.displayName - fieldName: name location: PATH methodMatch: ^(get|update|delete)$ value: $.resource.self.name # self is the resource after a get, this mapping will automatically # get the serviceAccount etag property and inject it on update # so user does not need to write etag in the template. - fieldName: etag location: BODY methodMatch: ^update$ value: $.resource.self.etag - fieldName: resource methodMatch: ^setIamPolicy$ location: PATH value: $.resource.self.name - collection: projects.serviceAccounts.keys options: virtualProperties: | schema: http://json-schema.org/draft-04/schema# type: object properties: parent: type : string required: - parent inputMappings: - fieldName: name location: PATH methodMatch: ^create$ value: $.resource.properties.parent - fieldName: name methodMatch: ^(get|update|delete)$ location: PATH value: $.resource.self.name - collection: projects.roles options: &ROLE_OPTIONS virtualProperties: | schema: http://json-schema.org/draft-04/schema# type: object properties: parent: type : string required: - parent inputMappings: - fieldName: parent location: PATH methodMatch: ^create$ value: $.resource.properties.parent - fieldName: updateMask location: QUERY methodMatch: ^patch$ value: $.joinKeys($.resource.properties.role, $.resource.self) - fieldName: name methodMatch: ^(get|update|delete|patch)$ location: PATH value: &ROLE_NAME $.concat($.resource.properties.parent, "/roles/", $.resource.properties.roleId) - fieldName: name methodMatch: ^patch$ location: BODY value: *ROLE_NAME - fieldName: etag location: BODY methodMatch: ^(patch|update)$ value: $.resource.self.etag methodMappings: - pathSelector: fieldName: role behavior: field: set: patch - collection: organizations.roles options: *ROLE_OPTIONS