The Identity and Access Management (IAM) API uses Kubernetes custom resources to manage the control access for identity providers.
To use the IAM API, use the GDC console. If your application uses your own libraries to call the API, adopt the example service endpoint in the following section, and the full API definitions to build your requests:
Service endpoint and discovery document
The IAM APIs are provided in two packages depending on zonal deployment or global deployment.
The API endpoints for the zonal and global IAM APIs are the following, respectively:
https://MANAGEMENT_API_SERVER_ENDPOINT/apis/iam.gdc.goog/v1https://MANAGEMENT_API_SERVER_ENDPOINT/apis/iam.global.gdc.goog/v1
The MANAGEMENT_API_SERVER_ENDPOINT variable is the
endpoint of the Management API server.
Using the kubectl proxy command, access the URL in your browser to
obtain the discovery document for the IAM API. The kubectl proxy command opens
up a proxy on 127.0.0.1:8001 to the Kubernetes API server on your local
machine. After that command is running, access the documents at the
following URLs:
http://127.0.0.1:8001/apis/iam.gdc.goog/v1http://127.0.0.1:8001/apis/iam.global.gdc.goog/v1
Example resources
The following is a sample IdentityProviderConfig resource:
apiVersion: iam.gdc.goog/v1
kind: IdentityProviderConfig
metadata:
name: example-provider
namespace: platform
spec:
- oidc:
clientID: clientID
clientSecret: clientSecret
groupPrefix: example-
groupsClaim: groups
issuerURI: https://test-oidc-provider.example.com
scopes: openid email profile
userClaim: user-email@example.com
userPrefix: example-