/auth-method-update-gcpAsk AIpost https://api.akeyless.io/auth-method-update-gcpBody Paramsaccess-expiresint64Defaults to 0Access expiration date in Unix timestamp (select 0 for access without expiry date)allowed-client-typearray of stringslimit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]allowed-client-typeADD stringaudiencestringrequiredDefaults to akeyless.ioThe audience to verify in the JWT received by the clientaudit-logs-claimsarray of stringsSubclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"audit-logs-claimsADD stringbound-ipsarray of stringsA CIDR whitelist with the IPs that the access is restricted tobound-ipsADD stringbound-labelsarray of stringsA comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd ....bound-labelsADD stringbound-projectsarray of strings=== Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate.bound-projectsADD stringbound-regionsarray of stringsList of regions that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored.bound-regionsADD stringbound-service-accountsarray of stringsList of service accounts the service account must be part of in order to be authenticated.bound-service-accountsADD stringbound-zonesarray of strings=== Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a zonal group and the group must belong to this zone.bound-zonesADD stringdelete_protectionstringProtection from accidental deletion of this object [true/false]descriptionstringAuth Method descriptionexpiration-event-inarray of stringsHow many days before the expiration of the auth method would you like to be notified.expiration-event-inADD stringforce-sub-claimsbooleanif true: enforce role-association must include sub claimstruefalsegw-bound-ipsarray of stringsA CIDR whitelist with the GW IPs that the access is restricted togw-bound-ipsADD stringjsonbooleanDefaults to falseSet output format to JSONtruefalsejwt-ttlint64Defaults to 0Jwt TTLnamestringrequiredAuth Method namenew-namestringAuth Method new nameproduct-typearray of stringsChoose the relevant product type for the auth method [sm, sra, pm, dp, ca]product-typeADD stringservice-account-creds-datastringServiceAccount credentials data instead of giving a file path, base64 encodedtokenstringAuthentication token (see /auth and /configure)typestringrequiredType of the GCP Access Rulesuid-tokenstringThe universal identity token, Required only for universal_identity authenticationunique-identifierstringA unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.Responses 201authMethodUpdateGcpResponse wraps response body. defaulterrorResponse wraps any error to return it as a JSON object with one "error" field.Updated 7 months ago
