Viewing the IAM Roles
Use the post /v1/cckm/google/get-iam-roles
API to get the list of IAM roles that can be granted to a Google Cloud key.
Syntax
curl -k '<IP>/api/v1/cckm/google/get-iam-roles' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "key_id": "<key-id>"\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
key_id | string | Resource ID of the Google Cloud key on the CipherTrust Manager. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/get-iam-roles' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIyYTNhODM5Ny1hNzg3LTQ0NzctOGE0MS1jODA0MjAyYTdiMzIiLCJzdWIiOiJsb2NhbHw1NWU1NzQ1OC1kNWU0LTQ2OTUtOWEwOC1mYTNjZGUzNzAyNWEiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJjbGllbnRfaWQiOiI4MzdjODQwZC03NWRkLTRiNGYtYTMxOC03OWNiMTZjYTI0OGQiLCJjbGllbnRfbmFtZSI6ImFwaS1wbGF5Z3JvdW5kIiwiY2xpZW50X3R5cGUiOiJwdWJsaWMiLCJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMjZiODdkZTAtZTYxZS00MTFmLTg0NDMtZTNkNzA0YTI2ZmJhIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjgwOTcyNWZiLTMwM2MtNGFkMC05M2EyLTI0YzZkMDUwNWVlZiIsImlhdCI6MTY4NTQ0MjQzMiwiZXhwIjoxNjg1NDQyNzMyfQ.q23aSRM3Qf1Kzu0Bi5tYFTU44FOcVKWUVQOqfwzVe6Q' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "key_id": "2f18eade-2fd9-4c48-85f7-550107729299"\n}' --compressed
Example Response
{
"roles": [
{
"description": "Enables management of crypto resources.",
"name": "roles/cloudkms.admin",
"title": "Cloud KMS Admin"
},
{
"description": "Enables Decrypt operations",
"name": "roles/cloudkms.cryptoKeyDecrypter",
"title": "Cloud KMS CryptoKey Decrypter"
},
{
"description": "Enables Decrypt operations via other GCP services",
"name": "roles/cloudkms.cryptoKeyDecrypterViaDelegation",
"title": "Cloud KMS CryptoKey Decrypter Via Delegation"
},
{
"description": "Enables Encrypt operations",
"name": "roles/cloudkms.cryptoKeyEncrypter",
"title": "Cloud KMS CryptoKey Encrypter"
},
{
"description": "Created on: 2020-12-10",
"etag": "BwXO2Ui2+EY=",
"name": "projects/gemalto-kyloeng/roles/KMSAPIAdmin",
"title": "KMS_API Admin"
}
]
}
The output shows the IAM roles that can be granted to a Google Cloud key.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.