Policy types for @turbot/gcp-oauth
- GCP > OAuth > Enabled
- GCP > OAuth > Permissions
- GCP > OAuth > Permissions > Levels
- GCP > OAuth > Permissions > Levels > Modifiers
- GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-oauth
- GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-oauth
GCP > OAuth > Enabled
Enabled OAuth.
tmod:@turbot/gcp-oauth#/policy/types/oauthEnabled
[ "Enabled", "Enabled: Metadata Only", "Disabled"]
{ "type": "string", "enum": [ "Enabled", "Enabled: Metadata Only", "Disabled" ], "example": [ "Enabled" ], "default": "Disabled"}
GCP > OAuth > Permissions
Configure whether permissions policies are in effect for GCP OAuth.
This setting does not affect Project level permissions (GCP/Admin, GCP/Owner, etc).
Note: The behavior of this policy depends on the value of GCP > Permissions.
tmod:@turbot/gcp-oauth#/policy/types/oauthPermissions
[ "Enabled", "Disabled", "Enabled if GCP > OAuth > Enabled"]
{ "type": "string", "enum": [ "Enabled", "Disabled", "Enabled if GCP > OAuth > Enabled" ], "example": [ "Enabled" ], "default": "Enabled if GCP > OAuth > Enabled"}
GCP > OAuth > Permissions > Levels
Define the permissions levels that can be used to grant access to OAuth
an GCP project. Permissions levels defined will appear in the UI to assign access to Guardrails users.
Note: Some services do not use all permissions levels, and any permissions level that has
no permissions associated will not be created even if it is selected here.
tmod:@turbot/gcp-oauth#/policy/types/oauthPermissionsLevels
[ "{\n item: project {\n turbot{\n id\n }\n }\n}\n", "{\n availableLevels: policyValues(filter:\"policyTypeLevel:self resourceId:{{ $.item.turbot.id }} policyTypeId:'tmod:@turbot/gcp-iam#/policy/types/permissionsLevelsDefault'\") {\n items {\n value\n }\n }\n}\n"]
"{% if $.availableLevels.items[0].value | length == 0 %} [] {% endif %}{% for item in $.availableLevels.items[0].value %}- {{ item }}\n{% endfor %}"
{ "type": "array", "items": { "type": "string", "enum": [ "Metadata", "ReadOnly", "Operator", "Admin", "Owner" ] }}
GCP > OAuth > Permissions > Levels > Modifiers
A map of GCP API to Guardrails Permission Level used to customize Guardrails' standard permissions.
You can add, remove or redefine the mapping of GCP API operations to Guardrails permissions levels here.
Note: Modifiers are cumulative - if you add a permission to the metadata level, it is also added
to readOnly, operator and admin. Modifier policies set here will “roll up” to the GCP level too - if
you add a permission to Admin, it will be granted to GCP/Storage/Admin and also GCP/Admin<br />example:<br /> - "storage.bucket.create": admin<br /> - "sql.database.create": metadata<br />
tmod:@turbot/gcp-oauth#/policy/types/oauthPermissionsLevelsModifiers
GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-oauth
A calculated policy that Guardrails uses to create a compiled list of ALL permission
levels for GCP OAuth that is used as input to
the stack that manages the Guardrails IAM permissions objects.
tmod:@turbot/gcp-oauth#/policy/types/gcpLevelsCompiled
GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-oauth
A calculated policy that Guardrails uses to create a compiled list of ALL
permissions for GCP OAuth that is used as
input to the control that manages the IAM stack.
tmod:@turbot/gcp-oauth#/policy/types/gcpCompiledServicePermissions