本主题包含可用于条件中资源特性的值列表,其中包括用于资源服务、资源类型和资源名称字符串格式的字符串值。
您可以使用资源特性来更改角色绑定提供的授权范围。如果角色包含适用于不同类型资源的权限,则条件可根据资源服务、资源类型和资源名称授予角色的一部分权限。
资源属性可用于本页面上列出的 Google Cloud 服务和资源类型。其他服务和资源类型不识别资源属性。
如需详细了解 Identity and Access Management (IAM) Conditions,请参阅以下内容:
资源服务值
下表列出了资源服务特性可以包含的值。
| 资源服务值 | REST 参考文档 |
|---|---|
apigee.googleapis.com |
API 参考文档 |
apihub.googleapis.com |
API 参考文档 |
backupdr.googleapis.com |
API 参考文档 |
bigquery.googleapis.com |
API 参考文档 |
bigqueryreservation.googleapis.com |
API 参考文档 |
bigtableadmin.googleapis.com |
API 参考文档 |
binaryauthorization.googleapis.com |
API 参考文档 |
clouddeploy.googleapis.com |
API 参考文档 |
cloudkms.googleapis.com |
API 参考文档 |
cloudresourcemanager.googleapis.com |
API 参考文档 |
compute.googleapis.com |
API 参考文档 |
container.googleapis.com |
API 参考文档 |
connectors.googleapis.com |
API 参考文档 |
dataform.googleapis.com |
API 参考文档 |
firestore.googleapis.com |
API 参考文档 |
iap.googleapis.com |
API 参考文档 |
integrations.googleapis.com |
API 参考文档 |
logging.googleapis.com |
API 参考文档 |
managedkafka.googleapis.com |
API 参考文档 |
parametermanager.googleapis.com |
API 参考文档 |
pubsublite.googleapis.com |
API 参考文档 |
secretmanager.googleapis.com |
API 参考文档 |
spanner.googleapis.com |
API 参考文档 |
sqladmin.googleapis.com |
API 参考文档 |
storage.googleapis.com |
API 参考文档 |
资源类型值
下表列出了资源类型特性可以包含的值。
| 资源类型值 | 参考 |
|---|---|
apigee.googleapis.com/ApiProduct |
了解详情 |
apigee.googleapis.com/ApiProductAttribute |
了解详情 |
apigee.googleapis.com/Cache |
了解详情 |
apigee.googleapis.com/Developer |
了解详情 |
apigee.googleapis.com/DeveloperApp |
了解详情 |
apigee.googleapis.com/DeveloperAppAttribute |
了解详情 |
apigee.googleapis.com/DeveloperAttribute |
了解详情 |
apigee.googleapis.com/Export |
了解详情 |
apigee.googleapis.com/FlowHook |
了解详情 |
apigee.googleapis.com/KeyStore |
了解详情 |
apigee.googleapis.com/KeyStoreAlias |
了解详情 |
apigee.googleapis.com/KeyValueEntry |
了解详情 |
apigee.googleapis.com/KeyValueMap |
了解详情 |
apigee.googleapis.com/Proxy |
了解详情 |
apigee.googleapis.com/ProxyRevision |
了解详情 |
apigee.googleapis.com/Query |
了解详情 |
apigee.googleapis.com/RatePlan |
了解详情 |
apigee.googleapis.com/Reference |
了解详情 |
apigee.googleapis.com/SharedFlow |
了解详情 |
apigee.googleapis.com/SharedFlowRevision |
了解详情 |
apigee.googleapis.com/TargetServer |
了解详情 |
apigee.googleapis.com/TraceSession |
了解详情 |
apihub.googleapis.com/Api |
了解详情 |
apihub.googleapis.com/Deployment |
了解详情 |
apihub.googleapis.com/Version |
了解详情 |
apihub.googleapis.com/Spec |
了解详情 |
apihub.googleapis.com/ApiOperation |
了解详情 |
apihub.googleapis.com/Definition |
了解详情 |
backupdr.googleapis.com/BackupVaults |
了解详情 |
bigquery.googleapis.com/Dataset |
了解详情 |
bigquery.googleapis.com/Model |
了解详情 |
bigquery.googleapis.com/Routine |
了解详情 |
bigquery.googleapis.com/Table |
了解详情 |
bigqueryreservation.googleapis.com/Assignment |
了解详情 |
bigqueryreservation.googleapis.com/BiReservation |
了解详情 |
bigqueryreservation.googleapis.com/CapacityCommitment |
了解详情 |
bigqueryreservation.googleapis.com/Location |
了解详情 |
bigqueryreservation.googleapis.com/Reservation |
了解详情 |
bigtableadmin.googleapis.com/AppProfile |
了解详情 |
bigtableadmin.googleapis.com/Backup |
了解详情 |
bigtableadmin.googleapis.com/Cluster |
了解详情 |
bigtableadmin.googleapis.com/Instance |
了解详情 |
bigtableadmin.googleapis.com/Table |
了解详情 |
binaryauthorization.googleapis.com/Attestor |
了解详情 |
binaryauthorization.googleapis.com/ContinuousValidationConfig |
了解详情 |
binaryauthorization.googleapis.com/Policy |
了解详情 |
cloud.googleapis.com/Location1 |
了解详情 |
cloudkms.googleapis.com/CryptoKey |
了解详情 |
cloudkms.googleapis.com/CryptoKeyVersion |
了解详情 |
cloudkms.googleapis.com/KeyRing |
了解详情 |
cloudresourcemanager.googleapis.com/Project2 |
了解详情 |
compute.googleapis.com/BackendService |
了解详情 |
compute.googleapis.com/Disk |
了解详情 |
compute.googleapis.com/Firewall |
了解详情 |
compute.googleapis.com/ForwardingRule |
了解详情 |
compute.googleapis.com/GlobalForwardingRule |
了解详情 |
compute.googleapis.com/Image |
了解详情 |
compute.googleapis.com/Instance |
了解详情 |
compute.googleapis.com/InstanceTemplate |
了解详情 |
compute.googleapis.com/Snapshot |
了解详情 |
compute.googleapis.com/TargetHttpProxy |
了解详情 |
compute.googleapis.com/TargetHttpsProxy |
了解详情 |
compute.googleapis.com/TargetSslProxy |
了解详情 |
compute.googleapis.com/TargetTcpProxy |
了解详情 |
connectors.googleapis.com/Connection |
了解详情 |
connectors.googleapis.com/ConnectionSchemaMetadata |
了解详情 |
connectors.googleapis.com/EndpointAttachment |
了解详情 |
connectors.googleapis.com/EventSubscription |
了解详情 |
connectors.googleapis.com/ManagedZone |
了解详情 |
container.googleapis.com/Clusters |
了解详情 |
dataform.googleapis.com/CompilationResult |
了解详情 |
dataform.googleapis.com/Location |
了解详情 |
dataform.googleapis.com/ReleaseConfig |
了解详情 |
dataform.googleapis.com/Repository |
了解详情 |
dataform.googleapis.com/WorkflowConfig |
了解详情 |
dataform.googleapis.com/WorkflowInvocation |
了解详情 |
dataform.googleapis.com/Workspace |
了解详情 |
firestore.googleapis.com/Database |
了解详情 |
iap.googleapis.com/Tunnel |
了解详情 |
iap.googleapis.com/TunnelInstance |
了解详情 |
iap.googleapis.com/TunnelZone |
了解详情 |
iap.googleapis.com/Web |
了解详情 |
iap.googleapis.com/WebService |
了解详情 |
iap.googleapis.com/WebServiceVersion |
了解详情 |
iap.googleapis.com/WebType |
了解详情 |
integrations.googleapis.com/AuthConfig |
了解详情 |
integrations.googleapis.com/Execution |
了解详情 |
integrations.googleapis.com/Integration |
了解详情 |
integrations.googleapis.com/IntegrationVersion |
了解详情 |
integrations.googleapis.com/Location |
不适用 |
integrations.googleapis.com/Suspension |
了解详情 |
logging.googleapis.com/LogBucket |
了解详情 |
logging.googleapis.com/LogView |
了解详情 |
managedkafka.googleapis.com/Cluster |
了解详情 |
managedkafka.googleapis.com/ConsumerGroup |
了解详情 |
managedkafka.googleapis.com/Operation |
了解详情 |
managedkafka.googleapis.com/Topic |
了解详情 |
parametermanager.googleapis.com/Parameter |
了解详情 |
parametermanager.googleapis.com/ParameterVersion |
了解详情 |
pubsublite.googleapis.com/Location |
了解详情 |
pubsublite.googleapis.com/Subscription |
了解详情 |
pubsublite.googleapis.com/Topic |
了解详情 |
secretmanager.googleapis.com/Secret |
了解详情 |
secretmanager.googleapis.com/SecretVersion |
了解详情 |
spanner.googleapis.com/Backup |
了解详情 |
spanner.googleapis.com/Database |
了解详情 |
spanner.googleapis.com/Instance |
了解详情 |
sqladmin.googleapis.com/BackupRun |
了解详情 |
sqladmin.googleapis.com/Instance |
了解详情 |
storage.googleapis.com/Bucket |
了解详情 |
storage.googleapis.com/ManagedFolder |
了解详情 |
storage.googleapis.com/Object |
了解详情 |
1 Cloud Key Management Service 将此资源类型用作密钥环资源的父级。
2 Apigee 会将此资源类型用作属于 Apigee 组织的任何资源的父级。资源名称格式
下表列出了每种资源名称特性的格式。
| 资源参考文档 | 资源名称格式模板 |
|---|---|
| Apigee API 产品属性 | organizations/organization-name/apiproducts/product-id/attributes/attribute-id |
| Apigee API 产品 | organizations/organization-name/apiproducts/product-id |
| Apigee API 代理 | organizations/organization-name/apis/proxy-id |
| Apigee API 代理键值对映射条目 | organizations/organization-name/api/proxy-id/keyvaluemaps/keyvaluemap-id/entries/entry-id |
| Apigee API 代理键值对映射 | organizations/organization-name/apis/proxy-id/keyvaluemaps/key-value-map-id |
| Apigee API 代理修订版本 | organizations/organization-name/apis/proxy-id/revisions/revision-id |
| Apigee 缓存 | organizations/organization-name/environments/environment-id/caches/cache-id |
| Apigee 开发者应用属性 | organizations/organization-name/developers/developer-id/apps/app-id/attributes/attribute-id |
| Apigee 开发者应用 | organizations/organization-name/developers/developer-id/apps/app-id |
| Apigee 开发者属性 | organizations/organization-name/developers/developer-id/attributes/attribute-id |
| Apigee 开发者 | organizations/organization-name/developers/developer-id |
| Apigee 环境键值对映射条目 | organizations/organization-name/environments/environment-id/keyvaluemaps/keyvaluemap-id/entries/entry-id |
| Apigee 环境键值对映射 | organizations/organization-name/environments/environment/keyvaluemaps/key-value-map-id |
| Apigee 导出 | organizations/organization-name/environments/environment-id/analytics/exports/export-id |
| Apigee 流钩子 | organizations/organization-name/environments/environment-id/flowhooks/flowhook-id |
| Apigee 密钥库别名 | organizations/organization-name/environments/environment-id/keystores/keystore-id/aliases/alias-id |
| Apigee 密钥库 | organizations/organization-name/environments/environment-id/keystores/keystore-id |
| Apigee 查询 | organizations/organization-name/environments/environment-id/queries/query-id |
| Apigee 费率方案 | organizations/organization-name/apiproducts/product-id/rateplans/rate-plan-id |
| Apigee 参考文档 | organizations/organization-name/environments/environment-id/references/reference-id |
| Apigee 共享流修订版本 | organizations/organization-name/sharedflows/shared-flow-id/revisions/revision-id |
| Apigee 共享流 | organizations/organization-name/sharedflows/shared-flow-id |
| Apigee 目标服务器 | organizations/organization-name/environments/environment-id/targetservers/targetserver-id |
| Apigee 跟踪(调试)会话 | organizations/organization-name/environments/environment-id/apis/proxy-id/revisions/revision-id/debugsessions/session-id |
| Apigee API Hub API | projects/project-id/locations/location-id/apis/api-id |
| Apigee API Hub 部署 | projects/project-id/locations/location-id/deployments/deployment-id |
| Apigee API Hub 版本 | projects/project-id/locations/location-id/apis/api-id/versions/version-id |
| Apigee API Hub 规范 | projects/project-id/locations/location-id/apis/api-id/versions/version-id/specs/spec-id |
| Apigee API Hub 操作 | projects/project-id/locations/location-id/apis/api-id/versions/version-id/operations/operation-id |
| Apigee API Hub 定义 | projects/project-id/locations/location-id/apis/api-id/versions/version-id/definitions/definition-id |
| Backup and DR Service backupVaults | projects/project-id/locations/location-id/backupVaults/backup-vault-id |
| BigQuery 数据集 | projects/project-id/datasets/dataset-id |
| BigQuery 模型 | projects/project-id/datasets/dataset-id/models/model-id |
| BigQuery 例程 | projects/project-id/datasets/dataset-id/routines/routine-id |
| BigQuery 表 | projects/project-id/datasets/dataset-id/tables/table-id |
| BigQuery Reservation API 分配 | projects/project-id/locations/location-id/reservations/reservation-id/assignments/assignment-id |
| BigQuery Reservation API BI 预留 | projects/project-id/locations/location-id/biReservation |
| BigQuery Reservation API 容量承诺 | projects/project-id/locations/location-id/capacityCommitments/capacity-commitment-id |
| BigQuery Reservation API 位置 | projects/project-id/locations/location-id |
| BigQuery Reservation API 预留 | projects/project-id/locations/location-id/reservations/reservation-id |
| Binary Authorization 证明者 | projects/project-number/attestors/attestor-id |
| Binary Authorization 持续验证配置 | projects/project-number/continuousValidationConfig |
| Binary Authorization 政策 | projects/project-number/policy |
| Bigtable appProfiles | projects/project-id/instances/instance-id/appProfiles/appProfile-id |
| Bigtable 备份 | projects/project-id/instances/instance-id/clusters/cluster-id/backups/backup-id |
| Bigtable 集群 | projects/project-id/instances/instance-id/clusters/cluster-id |
| Bigtable 实例 | projects/project-id/instances/instance-id |
| Bigtable 表 | projects/project-id/instances/instance-id/tables/table-id |
| Cloud Deploy 自动化运行 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/automationRuns/automation-run-id |
| Cloud Deploy 自动化 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/automations/automation-id |
| Cloud Deploy 自定义目标类型 | projects/project-id/locations/location-id/customTargetTypes/custom-target-type-id |
| Cloud Deploy 交付流水线 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id |
| Cloud Deploy 作业运行 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/releases/release-id/rollouts/rollout-id/jobRuns/job-run-id |
| Cloud Deploy 发布版本 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/releases/release-id |
| Cloud Deploy 发布 | projects/project-id/locations/location-id/deliveryPipelines/delivery-pipeline-id/releases/release-id/rollouts/rollout-id |
| Cloud Deploy 目标 | projects/project-id/locations/location-id/targets/target-id |
| Firestore 数据库 | projects/project-id/databases/database-id |
| Cloud Key Management Service 加密密钥 | projects/project-id/locations/location-id/keyRings/keyring-id/cryptoKeys/cryptokey-id |
| Cloud Key Management Service 加密密钥版本 | projects/project-id/locations/location-id/keyRings/keyring-id/cryptoKeys/cryptokey-id/cryptoKeyVersions/cryptokeyversion-id |
| Cloud Key Management Service 密钥环 | projects/project-id/locations/location-id/keyRings/keyring-id |
| Cloud Logging 日志存储桶 | projects/project-id/locations/location-id/buckets/bucket-id |
| Cloud Logging 日志视图 | projects/project-id/locations/location-id/buckets/bucket-id/views/view-id |
| Spanner 备份 | projects/project-id/instances/instance-id/backups/backup-id |
| Spanner 数据库 | projects/project-id/instances/instance-id/databases/database-id |
| Spanner 实例 | projects/project-id/instances/instance-id |
| Cloud SQL 备份作业 | projects/project-id/instances/instance-id/backupRuns/backup-id |
| Cloud SQL 实例 | projects/project-id/instances/instance-id |
| Cloud Storage 存储桶1 | projects/_/buckets/bucket-name |
| Cloud Storage 托管式文件夹1、2 | projects/_/buckets/bucket-name/managedFolders/managed-folder-name |
| Cloud Storage 对象1、3 | projects/_/buckets/bucket-name/objects/object-name |
| Compute Engine 全局后端服务 | projects/project-id/global/backendServices/backend-service-id |
| Compute Engine 地区后端服务 | projects/project-id/regions/region-id/backendServices/backend-service-id |
| Compute Engine 防火墙 | projects/project-id/global/firewalls/firewall-id |
| Compute Engine 全局转发规则 | projects/project-id/global/forwardingRules/forwarding-rule-id |
| Compute Engine 地区转发规则 | projects/project-id/regions/region-id/forwardingRules/forwarding-rule-id |
| Compute Engine 映像 | projects/project-id/global/images/image-id |
| Compute Engine 实例模板 | projects/project-id/global/instanceTemplates/instance-template-id |
| Compute Engine 实例 | projects/project-id/zones/zone-id/instances/instance-id |
| Compute Engine 地区永久性磁盘 | projects/project-id/regions/region-id/disks/disk-id |
| Compute Engine 区域永久性磁盘 | projects/project-id/zones/zone-id/disks/disk-id |
| Compute Engine 快照 | projects/project-id/global/snapshots/snapshot-id |
| Compute Engine 全局目标 HTTP 代理 | projects/project-id/global/targetHttpProxies/target-http-proxy-id |
| Compute Engine 地区目标 HTTP 代理 | projects/project-id/regions/region-id/targetHttpProxies/target-http-proxy-id |
| Compute Engine 全局目标 HTTPS 代理 | projects/project-id/global/targetHttpsProxies/target-https-proxy-id |
| Compute Engine 地区目标 HTTPS 代理 | projects/project-id/regions/region-id/targetHttpsProxies/target-https-proxy-id |
| Compute Engine 目标 SSL 代理 | projects/project-id/global/targetSslProxies/target-ssl-proxy-id |
| Compute Engine 目标 TCP 代理 | projects/project-id/global/targetTcpProxies/target-tcp-proxy-id |
| Google Kubernetes Engine 可用区级集群 | projects/project-id/zones/zone/clusters/cluster-id |
| Google Kubernetes Engine 区域级集群 | projects/project-id/locations/location/clusters/cluster-id |
| Dataform 编译结果 | projects/project-id/locations/location/repositories/repository/compilationResults/compilation-result |
| Dataform 位置 | projects/project-id/locations/location |
| Dataform 版本配置 | projects/project-id/locations/location/repositories/repository/releaseConfigs/release-config |
| Dataform 代码库 | projects/project-id/locations/location/repositories/repository |
| Dataform 工作流配置 | projects/project-id/locations/location/repositories/repository/workflowConfigs/workflow-config |
| Dataform 工作流调用 | projects/project-id/locations/location/repositories/repository/workflowInvocations/workflow-invocation |
| Dataform 工作区 | projects/project-id/locations/location/repositories/repository/workspaces/workspace |
| Integration Connectors 连接 | projects/project-id/locations/location/connections/connection-name |
| Integration Connectors 连接架构元数据 | projects/project-id/locations/location/connections/connection-name/connectionSchemaMetadata |
| Integration Connectors 端点连接 | projects/project-id/locations/location/endpointAttachments/endpoint-attachment-name |
| Integration Connectors 事件订阅 | projects/project-id/locations/location/eventSubscriptions/event-subscription-name |
| Integration Connectors 托管式区域 | projects/project-id/locations/global/managedZones/managed-zone-name |
| Google Cloud Managed Service for Apache Kafka 集群 | projects/project-number/locations/location/clusters/cluster-name |
| Google Cloud Managed Service for Apache Kafka 消费者群组 | projects/project-number/locations/location/clusters/cluster-name/consumerGroups/consumer-group |
| Google Cloud Managed Service for Apache Kafka 操作 | projects/project-number/locations/location/operations/operation |
| Google Cloud Managed Service for Apache Kafka 主题 | projects/project-number/locations/location/clusters/cluster-name/topics/topic-name |
| Parameter Manager 参数 | projects/project-number/locations/location/parameters/parameter-id |
| Parameter Manager 参数版本 | projects/project-number/locations/location/parameters/parameter-id/versions/version-id |
| Pub/Sub Lite 位置 | projects/project-number/locations/location |
| Pub/Sub Lite 订阅 | projects/project-number/locations/location/subscriptions/subscription-id |
| Pub/Sub Lite 主题 | projects/project-number/locations/location/topics/topic-id |
| Resource Manager 组织4 | organizations/organization-name |
| Secret Manager 密文 | projects/project-number/secrets/secret-id |
| Secret Manager Secret 版本5 | projects/project-number/secrets/secret-id/versions/secret-version |
1 对于 Cloud Storage,资源名称包含下划线 (_),而不是项目 ID。您不能将下划线替换为项目 ID、项目名称或项目编号。
2 使用整个托管式文件夹名称,包括正斜杠。在 Cloud Storage 中,这些字符是托管式文件夹名称的一部分,而不是路径分隔符。
3 使用完整的对象名称,包括正斜杠。在 Cloud Storage 中,这些字符是对象名称的一部分,而不是路径分隔符。
4 当您列出属于 Apigee 组织的任何类型的资源时,Apigee 会使用此格式。 5 如果条件评估 Secret 版本的资源名称,则请求中的 Secret 版本必须与条件中的 Secret 版本完全匹配才能满足条件。例如,如果条件中的版本为latest,则只有版本为 latest 的请求才满足条件;即使 3 为最新版本,版本为 3 的请求也不满足条件。
资源标记
您可以将标记添加到组织、项目和文件夹。任何 Google Cloud 资源都可以沿用这些更高级别资源的标记。
您可以使用几种不同类型的标识符来引用标记键和值:
-
永久 ID,它是全局唯一的,并且永远不能重复使用。例如,标记键可以具有永久 ID
tagKeys/123456789012,而标记值可以是永久 IDtagValues/567890123456。 -
短名称。每个键的短名称必须在定义键的项目或组织内具有唯一性,并且每个值的短名称对于关联的键而言必须是唯一的。例如,标记键可以具有短名称
env,标记值可以简称为prod。 -
命名空间名称,将组织的数字 ID 或项目的 ID 添加到标记键的短名称。例如,为组织创建的标记键可以具有命名空间名称
123456789012/env。如需了解如何获取组织 ID,请参阅获取组织资源 ID。为项目创建的标记键可以具有命名空间名称myproject/env。如需了解如何获取项目 ID,请参阅识别项目。
具体标识符取决于您为组织创建的标记键和值。如需了解如何列出可用的标记键和值,请参阅列出标记键和列出标记值。