List Policies
const url = 'https://example.com/iam/v1/workspaces/example/policies';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/iam/v1/workspaces/example/policiesReturns a paginated list of policies within a workspace
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”The workspace to list policies for
Query Parameters
Section titled “Query Parameters ”The maximum number of policies to return. The service may return fewer than this value. If unspecified, at most 20 policies will be returned. The maximum value is 100; values above 100 will be coerced to 100.
A page token, received from a previous ListPolicies call.
Provide this to retrieve the subsequent page. When paginating,
all other parameters provided to ListPolicies must match the call
that provided the page token.
AIP-160 filter expression
AIP-132 order_by expression, e.g. ‘name asc’
Responses
Section titled “ Responses ”OK
ListPoliciesResponse
Response message for ListPolicies.
Note: This API intentionally omits total_size from list responses.
Keyset pagination does not support efficient total count computation
(COUNT(*) requires a full table scan). Per AIP-158, total_size is optional.
object
The list of policies
Policy resource — a set of conditions that constrain when an IAM binding is effective
object
The unique identifier of the policy
The workspace this policy belongs to
The display name of the policy
An optional description of the policy
The conditions that must be satisfied for the policy to apply
Condition — a polymorphic condition within a policy
object
Source IP address condition
object
The comparison operator for the IP check
The CIDR ranges to match against
IpAddress — an IP address (IPv4 or IPv6) with its CIDR prefix length
object
The IP address (e.g. “10.0.0.0” or “2001:db8::1”)
The CIDR prefix length (e.g. 8 for /8, 24 for /24)
Time window condition
object
The comparison operator for the time check
Start time of the window
object
Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
End time of the window
object
Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value “24:00:00” for scenarios like business closing time.
Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
IANA timezone identifier (e.g. “America/New_York”)
Role delegation condition
object
The comparison operator for the role check
The service names that the delegated role’s permissions must belong to
Location condition
object
The comparison operator for the location check
The set of allowed location ids (weak references to topology Locations)
Created Timestamp
The timestamp when the policy was created
Updated Timestamp
Timestamp when the Policy was last updated
A token, which can be sent as page_token to retrieve the next page.
If this field is empty, there are no subsequent pages.
Example
{ "policies": [ { "conditions": [ { "source_ip": { "operator": "SOURCE_IP_OPERATOR_UNSPECIFIED" }, "time_window": { "operator": "TIME_WINDOW_OPERATOR_UNSPECIFIED" }, "role": { "operator": "ROLE_CONDITION_OPERATOR_UNSPECIFIED" }, "location": { "operator": "LOCATION_CONDITION_OPERATOR_UNSPECIFIED" } } ] } ]}default
Section titled “default ”Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
object
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
A list of messages that carry the error details. There is a common set of message types for APIs to use.
Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.
object
The type of the serialized message.
Example generated
{ "code": 1, "message": "example", "details": [ { "@type": "example" } ]}