Last active
August 7, 2024 14:23
-
-
Save Wintus/c09dbeaaf6e661127f23ede1e4dde05d to your computer and use it in GitHub Desktop.
GCP IAM model diagram
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| digraph IAM { | |
| rankdir="LR"; | |
| node [shape="component"]; | |
| subgraph cluster_policy { | |
| cluster="true"; | |
| style="dashed"; | |
| label="Policy"; | |
| URL="https://cloud.google.com/iam/docs/policy-types"; | |
| role [label="Role"]; | |
| perm [label="Permission"]; | |
| // URL="https://cloud.google.com/resource-manager/reference/rest/Shared.Types/Policy" | |
| // URL="https://cloud.google.com/iam/docs/reference/rest/v1/Policy" | |
| ap [label="Allow Policy", URL="https://cloud.google.com/iam/docs/policies"]; | |
| dp [label="Deny Policy", URL="https://cloud.google.com/iam/docs/deny-overview"]; | |
| pab [label="PAB Policy", URL="https://cloud.google.com/iam/docs/principal-access-boundary-policies"]; | |
| binding; | |
| condition; | |
| dr [label="DenyRule", URL="https://cloud.google.com/iam/docs/reference/rest/v2/policies#denyrule"]; | |
| rule [label="Rule", URL="https://cloud.google.com/iam/docs/reference/rest/v3beta/organizations.locations.principalAccessBoundaryPolicies#principalaccessboundarypolicyrule"]; | |
| } | |
| subgraph cluster_members { | |
| style="dashed"; | |
| label="Principals"; | |
| URL="https://cloud.google.com/iam/docs/principal-identifiers"; | |
| member [shape="box"]; | |
| sa [label="Service Account", URL="https://cloud.google.com/iam/docs/service-account-overview"]; | |
| member -> { | |
| sa; | |
| user; | |
| group; | |
| k8s [label="Kubernetes resource", URL="https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#kubernetes-resources-iam-policies"]; | |
| PrincipalSet; | |
| allUsers; | |
| allAuthenticatedUsers; | |
| } [dir="back", arrowtail="empty"]; | |
| PrincipalSet [shape="box"]; | |
| } | |
| subgraph cluster_svc { | |
| style="dashed"; | |
| label="Service"; | |
| res [label="Resource"]; | |
| } | |
| subgraph composition { | |
| edge [dir="back", arrowtail="diamond"]; | |
| ap -> binding -> { | |
| role; | |
| // has many | |
| member; | |
| /* optional */ | |
| condition; | |
| }; | |
| role -> perm; | |
| dp -> dr -> member; | |
| res -> dp [label="has many"]; | |
| pab -> { | |
| PrincipalSet; | |
| rule; | |
| } [label="containts"]; | |
| PrincipalSet -> member [label="contains"]; | |
| } | |
| subgraph cluster_resource_manager { | |
| style="dashed"; | |
| label="Resource Manager"; | |
| URL="https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy"; | |
| parent [shape="box", label="container", URL="https://cloud.google.com/iam/docs/resource-hierarchy-access-control"]; | |
| parent -> { | |
| subgraph hierarchy { | |
| org -> folder -> project -> res [dir="back", arrowtail="diamond", label="inherits"]; | |
| } | |
| } [dir="back", arrowtail="empty"]; | |
| } | |
| subgraph policy_bindings { | |
| URL="https://cloud.google.com/iam/docs/manage-access-other-resources"; | |
| URL="https://cloud.google.com/resource-manager/reference/rest/Shared.Types/Binding"; | |
| edge [label="policy binding", dir="both"]; | |
| ap -> { | |
| parent; | |
| res; | |
| }; | |
| } | |
| perm -> res [label="verb"]; | |
| sa -> res [arrowhead="empty", label="is-a"]; | |
| rule -> res [label="allow effect"]; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" standalone="no"?> | |
| <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" | |
| "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> | |
| <!-- Generated by graphviz version 11.0.0 (20240428.1522) | |
| --> | |
| <!-- Title: IAM Pages: 1 --> | |
| <svg width="862pt" height="818pt" | |
| viewBox="0.00 0.00 862.25 817.75" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> | |
| <g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 813.75)"> | |
| <title>IAM</title> | |
| <polygon fill="white" stroke="none" points="-4,4 -4,-813.75 858.25,-813.75 858.25,4 -4,4"/> | |
| <g id="clust1" class="cluster"> | |
| <title>cluster_policy</title> | |
| <g id="a_clust1"><a xlink:href="https://cloud.google.com/iam/docs/policy-types" xlink:title="Policy"> | |
| <polygon fill="none" stroke="black" stroke-dasharray="5,2" points="8,-614 8,-798 671.62,-798 671.62,-614 8,-614"/> | |
| <text text-anchor="middle" x="339.81" y="-780.7" font-family="Times New Roman,serif" font-size="14.00">Policy</text> | |
| </a> | |
| </g> | |
| </g> | |
| <g id="clust2" class="cluster"> | |
| <title>cluster_members</title> | |
| <g id="a_clust2"><a xlink:href="https://cloud.google.com/iam/docs/principal-identifiers" xlink:title="Principals"> | |
| <polygon fill="none" stroke="black" stroke-dasharray="5,2" points="377.75,-206 377.75,-606 701.25,-606 701.25,-206 377.75,-206"/> | |
| <text text-anchor="middle" x="539.5" y="-588.7" font-family="Times New Roman,serif" font-size="14.00">Principals</text> | |
| </a> | |
| </g> | |
| </g> | |
| <g id="clust4" class="cluster"> | |
| <title>cluster_svc</title> | |
| <polygon fill="none" stroke="black" stroke-dasharray="5,2" points="761,-368 761,-444 846.25,-444 846.25,-368 761,-368"/> | |
| <text text-anchor="middle" x="803.62" y="-426.7" font-family="Times New Roman,serif" font-size="14.00">Service</text> | |
| </g> | |
| <g id="clust8" class="cluster"> | |
| <title>cluster_resource_manager</title> | |
| <g id="a_clust8"><a xlink:href="https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy" xlink:title="Resource Manager"> | |
| <polygon fill="none" stroke="black" stroke-dasharray="5,2" points="213.38,-8 213.38,-140 839.12,-140 839.12,-8 213.38,-8"/> | |
| <text text-anchor="middle" x="526.25" y="-122.7" font-family="Times New Roman,serif" font-size="14.00">Resource Manager</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- role --> | |
| <g id="node1" class="node"> | |
| <title>role</title> | |
| <polygon fill="none" stroke="black" points="443.25,-658 389.25,-658 389.25,-654 385.25,-654 385.25,-650 389.25,-650 389.25,-630 385.25,-630 385.25,-626 389.25,-626 389.25,-622 443.25,-622 443.25,-658"/> | |
| <polyline fill="none" stroke="black" points="389.25,-654 393.25,-654 393.25,-650 389.25,-650"/> | |
| <polyline fill="none" stroke="black" points="389.25,-630 393.25,-630 393.25,-626 389.25,-626"/> | |
| <text text-anchor="middle" x="416.25" y="-634.58" font-family="Times New Roman,serif" font-size="14.00">Role</text> | |
| </g> | |
| <!-- perm --> | |
| <g id="node2" class="node"> | |
| <title>perm</title> | |
| <polygon fill="none" stroke="black" points="663.62,-658 586.12,-658 586.12,-654 582.12,-654 582.12,-650 586.12,-650 586.12,-630 582.12,-630 582.12,-626 586.12,-626 586.12,-622 663.62,-622 663.62,-658"/> | |
| <polyline fill="none" stroke="black" points="586.12,-654 590.12,-654 590.12,-650 586.12,-650"/> | |
| <polyline fill="none" stroke="black" points="586.12,-630 590.12,-630 590.12,-626 586.12,-626"/> | |
| <text text-anchor="middle" x="624.88" y="-634.58" font-family="Times New Roman,serif" font-size="14.00">Permission</text> | |
| </g> | |
| <!-- role->perm --> | |
| <g id="edge12" class="edge"> | |
| <title>role->perm</title> | |
| <path fill="none" stroke="black" d="M456.18,-640C493.28,-640 548.78,-640 585.64,-640"/> | |
| <polygon fill="black" stroke="black" points="456.32,-640 450.32,-644 444.32,-640 450.32,-636 456.32,-640"/> | |
| </g> | |
| <!-- res --> | |
| <g id="node18" class="node"> | |
| <title>res</title> | |
| <polygon fill="none" stroke="black" points="838.25,-412 769,-412 769,-408 765,-408 765,-404 769,-404 769,-384 765,-384 765,-380 769,-380 769,-376 838.25,-376 838.25,-412"/> | |
| <polyline fill="none" stroke="black" points="769,-408 773,-408 773,-404 769,-404"/> | |
| <polyline fill="none" stroke="black" points="769,-384 773,-384 773,-380 769,-380"/> | |
| <text text-anchor="middle" x="803.62" y="-388.57" font-family="Times New Roman,serif" font-size="14.00">Resource</text> | |
| </g> | |
| <!-- perm->res --> | |
| <g id="edge28" class="edge"> | |
| <title>perm->res</title> | |
| <path fill="none" stroke="black" d="M663.92,-631.05C676.98,-626.48 690.89,-619.75 701.25,-610 756.73,-557.75 784.83,-469.04 796.24,-423.26"/> | |
| <polygon fill="black" stroke="black" points="799.58,-424.34 798.5,-413.8 792.77,-422.72 799.58,-424.34"/> | |
| <text text-anchor="middle" x="731.12" y="-598.45" font-family="Times New Roman,serif" font-size="14.00">verb</text> | |
| </g> | |
| <!-- ap --> | |
| <g id="node3" class="node"> | |
| <title>ap</title> | |
| <g id="a_node3"><a xlink:href="https://cloud.google.com/iam/docs/policies" xlink:title="Allow Policy"> | |
| <polygon fill="none" stroke="black" points="104,-658 16,-658 16,-654 12,-654 12,-650 16,-650 16,-630 12,-630 12,-626 16,-626 16,-622 104,-622 104,-658"/> | |
| <polyline fill="none" stroke="black" points="16,-654 20,-654 20,-650 16,-650"/> | |
| <polyline fill="none" stroke="black" points="16,-630 20,-630 20,-626 16,-626"/> | |
| <text text-anchor="middle" x="60" y="-634.58" font-family="Times New Roman,serif" font-size="14.00">Allow Policy</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- binding --> | |
| <g id="node6" class="node"> | |
| <title>binding</title> | |
| <polygon fill="none" stroke="black" points="283.5,-712 226.25,-712 226.25,-708 222.25,-708 222.25,-704 226.25,-704 226.25,-684 222.25,-684 222.25,-680 226.25,-680 226.25,-676 283.5,-676 283.5,-712"/> | |
| <polyline fill="none" stroke="black" points="226.25,-708 230.25,-708 230.25,-704 226.25,-704"/> | |
| <polyline fill="none" stroke="black" points="226.25,-684 230.25,-684 230.25,-680 226.25,-680"/> | |
| <text text-anchor="middle" x="254.88" y="-688.58" font-family="Times New Roman,serif" font-size="14.00">binding</text> | |
| </g> | |
| <!-- ap->binding --> | |
| <g id="edge8" class="edge"> | |
| <title>ap->binding</title> | |
| <path fill="none" stroke="black" d="M116.53,-655.55C152.35,-665.58 197.41,-678.19 225.94,-686.18"/> | |
| <polygon fill="black" stroke="black" points="116.71,-655.6 109.85,-657.83 105.15,-652.36 112.01,-650.13 116.71,-655.6"/> | |
| </g> | |
| <!-- ap->res --> | |
| <g id="edge26" class="edge"> | |
| <title>ap->res</title> | |
| <path fill="none" stroke="black" d="M66.7,-610.58C87.14,-509.42 160.5,-182 253.88,-182 253.88,-182 253.88,-182 625.88,-182 660.53,-182 674.13,-180.42 701.25,-202 754.5,-244.37 783.06,-322.46 795.27,-364.82"/> | |
| <polygon fill="black" stroke="black" points="63.29,-609.79 64.77,-620.28 70.16,-611.16 63.29,-609.79"/> | |
| <polygon fill="black" stroke="black" points="791.85,-365.6 797.89,-374.31 798.6,-363.74 791.85,-365.6"/> | |
| <text text-anchor="middle" x="416.25" y="-184.45" font-family="Times New Roman,serif" font-size="14.00">policy binding</text> | |
| </g> | |
| <!-- parent --> | |
| <g id="node19" class="node"> | |
| <title>parent</title> | |
| <g id="a_node19"><a xlink:href="https://cloud.google.com/iam/docs/resource-hierarchy-access-control" xlink:title="container"> | |
| <polygon fill="none" stroke="black" points="288.38,-108 221.38,-108 221.38,-72 288.38,-72 288.38,-108"/> | |
| <text text-anchor="middle" x="254.88" y="-84.58" font-family="Times New Roman,serif" font-size="14.00">container</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- ap->parent --> | |
| <g id="edge27" class="edge"> | |
| <title>ap->parent</title> | |
| <path fill="none" stroke="black" d="M61.07,-610.13C61.83,-515.76 68.56,-225.99 122,-152.25 142.81,-123.53 180.34,-107.6 210.06,-99.06"/> | |
| <polygon fill="black" stroke="black" points="57.57,-610.08 61.01,-620.1 64.57,-610.12 57.57,-610.08"/> | |
| <polygon fill="black" stroke="black" points="210.79,-102.49 219.55,-96.53 208.99,-95.73 210.79,-102.49"/> | |
| <text text-anchor="middle" x="161.75" y="-154.45" font-family="Times New Roman,serif" font-size="14.00">policy binding</text> | |
| </g> | |
| <!-- dp --> | |
| <g id="node4" class="node"> | |
| <title>dp</title> | |
| <g id="a_node4"><a xlink:href="https://cloud.google.com/iam/docs/deny-overview" xlink:title="Deny Policy"> | |
| <polygon fill="none" stroke="black" points="102.12,-766 17.88,-766 17.88,-762 13.88,-762 13.88,-758 17.88,-758 17.88,-738 13.88,-738 13.88,-734 17.88,-734 17.88,-730 102.12,-730 102.12,-766"/> | |
| <polyline fill="none" stroke="black" points="17.88,-762 21.88,-762 21.88,-758 17.88,-758"/> | |
| <polyline fill="none" stroke="black" points="17.88,-738 21.88,-738 21.88,-734 17.88,-734"/> | |
| <text text-anchor="middle" x="60" y="-742.58" font-family="Times New Roman,serif" font-size="14.00">Deny Policy</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- dr --> | |
| <g id="node8" class="node"> | |
| <title>dr</title> | |
| <g id="a_node8"><a xlink:href="https://cloud.google.com/iam/docs/reference/rest/v2/policies#denyrule" xlink:title="DenyRule"> | |
| <polygon fill="none" stroke="black" points="290.25,-658 219.5,-658 219.5,-654 215.5,-654 215.5,-650 219.5,-650 219.5,-630 215.5,-630 215.5,-626 219.5,-626 219.5,-622 290.25,-622 290.25,-658"/> | |
| <polyline fill="none" stroke="black" points="219.5,-654 223.5,-654 223.5,-650 219.5,-650"/> | |
| <polyline fill="none" stroke="black" points="219.5,-630 223.5,-630 223.5,-626 219.5,-626"/> | |
| <text text-anchor="middle" x="254.88" y="-634.58" font-family="Times New Roman,serif" font-size="14.00">DenyRule</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- dp->dr --> | |
| <g id="edge13" class="edge"> | |
| <title>dp->dr</title> | |
| <path fill="none" stroke="black" d="M102.94,-718.87C117.78,-690.91 100.8,-671.05 122,-653 148.54,-630.41 189.85,-630 219.16,-633.44"/> | |
| <polygon fill="black" stroke="black" points="103,-718.77 103.03,-725.99 96.39,-728.79 96.36,-721.58 103,-718.77"/> | |
| </g> | |
| <!-- pab --> | |
| <g id="node5" class="node"> | |
| <title>pab</title> | |
| <g id="a_node5"><a xlink:href="https://cloud.google.com/iam/docs/principal-access-boundary-policies" xlink:title="PAB Policy"> | |
| <polygon fill="none" stroke="black" points="101,-712 19,-712 19,-708 15,-708 15,-704 19,-704 19,-684 15,-684 15,-680 19,-680 19,-676 101,-676 101,-712"/> | |
| <polyline fill="none" stroke="black" points="19,-708 23,-708 23,-704 19,-704"/> | |
| <polyline fill="none" stroke="black" points="19,-684 23,-684 23,-680 19,-680"/> | |
| <text text-anchor="middle" x="60" y="-688.58" font-family="Times New Roman,serif" font-size="14.00">PAB Policy</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- rule --> | |
| <g id="node9" class="node"> | |
| <title>rule</title> | |
| <g id="a_node9"><a xlink:href="https://cloud.google.com/iam/docs/reference/rest/v3beta/organizations.locations.principalAccessBoundaryPolicies#principalaccessboundarypolicyrule" xlink:title="Rule"> | |
| <polygon fill="none" stroke="black" points="281.88,-766 227.88,-766 227.88,-762 223.88,-762 223.88,-758 227.88,-758 227.88,-738 223.88,-738 223.88,-734 227.88,-734 227.88,-730 281.88,-730 281.88,-766"/> | |
| <polyline fill="none" stroke="black" points="227.88,-762 231.88,-762 231.88,-758 227.88,-758"/> | |
| <polyline fill="none" stroke="black" points="227.88,-738 231.88,-738 231.88,-734 227.88,-734"/> | |
| <text text-anchor="middle" x="254.88" y="-742.58" font-family="Times New Roman,serif" font-size="14.00">Rule</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- pab->rule --> | |
| <g id="edge16" class="edge"> | |
| <title>pab->rule</title> | |
| <path fill="none" stroke="black" d="M113.96,-708.83C150.78,-719.14 198.29,-732.44 227.4,-740.59"/> | |
| <polygon fill="black" stroke="black" points="113.86,-708.8 107,-711.03 102.3,-705.56 109.16,-703.33 113.86,-708.8"/> | |
| <text text-anchor="middle" x="161.75" y="-734.45" font-family="Times New Roman,serif" font-size="14.00">containts</text> | |
| </g> | |
| <!-- PrincipalSet --> | |
| <g id="node15" class="node"> | |
| <title>PrincipalSet</title> | |
| <polygon fill="none" stroke="black" points="666.25,-250 583.5,-250 583.5,-214 666.25,-214 666.25,-250"/> | |
| <text text-anchor="middle" x="624.88" y="-226.57" font-family="Times New Roman,serif" font-size="14.00">PrincipalSet</text> | |
| </g> | |
| <!-- pab->PrincipalSet --> | |
| <g id="edge17" class="edge"> | |
| <title>pab->PrincipalSet</title> | |
| <path fill="none" stroke="black" d="M102.75,-666.22C115.5,-649.45 112.79,-640.81 122,-627 248.86,-436.84 270.7,-356.51 474,-252 507.97,-234.54 551.74,-230.46 583.2,-230.2"/> | |
| <polygon fill="black" stroke="black" points="102.93,-666.02 102.06,-673.18 95.12,-675.13 95.98,-667.97 102.93,-666.02"/> | |
| <text text-anchor="middle" x="333.38" y="-366.45" font-family="Times New Roman,serif" font-size="14.00">containts</text> | |
| </g> | |
| <!-- binding->role --> | |
| <g id="edge9" class="edge"> | |
| <title>binding->role</title> | |
| <path fill="none" stroke="black" d="M295.86,-680.45C324.96,-670.59 363.54,-657.52 388.87,-648.94"/> | |
| <polygon fill="black" stroke="black" points="295.86,-680.45 291.46,-686.17 284.49,-684.3 288.89,-678.59 295.86,-680.45"/> | |
| </g> | |
| <!-- condition --> | |
| <g id="node7" class="node"> | |
| <title>condition</title> | |
| <polygon fill="none" stroke="black" points="450.5,-712 382,-712 382,-708 378,-708 378,-704 382,-704 382,-684 378,-684 378,-680 382,-680 382,-676 450.5,-676 450.5,-712"/> | |
| <polyline fill="none" stroke="black" points="382,-708 386,-708 386,-704 382,-704"/> | |
| <polyline fill="none" stroke="black" points="382,-684 386,-684 386,-680 382,-680"/> | |
| <text text-anchor="middle" x="416.25" y="-688.58" font-family="Times New Roman,serif" font-size="14.00">condition</text> | |
| </g> | |
| <!-- binding->condition --> | |
| <g id="edge10" class="edge"> | |
| <title>binding->condition</title> | |
| <path fill="none" stroke="black" d="M296.65,-694C323.02,-694 356.93,-694 381.73,-694"/> | |
| <polygon fill="black" stroke="black" points="296.54,-694 290.54,-698 284.54,-694 290.54,-690 296.54,-694"/> | |
| </g> | |
| <!-- member --> | |
| <g id="node10" class="node"> | |
| <title>member</title> | |
| <polygon fill="none" stroke="black" points="446.75,-439 385.75,-439 385.75,-403 446.75,-403 446.75,-439"/> | |
| <text text-anchor="middle" x="416.25" y="-415.57" font-family="Times New Roman,serif" font-size="14.00">member</text> | |
| </g> | |
| <!-- binding->member --> | |
| <g id="edge11" class="edge"> | |
| <title>binding->member</title> | |
| <path fill="none" stroke="black" d="M290,-666.25C328.09,-625.35 335.03,-610.68 358.5,-566 381.38,-522.44 400.41,-467.53 409.5,-439.42"/> | |
| <polygon fill="black" stroke="black" points="289.94,-666.31 288.74,-673.42 281.71,-675.04 282.92,-667.93 289.94,-666.31"/> | |
| </g> | |
| <!-- dr->member --> | |
| <g id="edge14" class="edge"> | |
| <title>dr->member</title> | |
| <path fill="none" stroke="black" d="M275.94,-611.37C285.64,-597.6 297.48,-580.9 308.25,-566 341.42,-520.1 381.17,-466.62 401.62,-439.23"/> | |
| <polygon fill="black" stroke="black" points="276.11,-611.13 275.93,-618.34 269.21,-620.94 269.39,-613.74 276.11,-611.13"/> | |
| </g> | |
| <!-- rule->res --> | |
| <g id="edge30" class="edge"> | |
| <title>rule->res</title> | |
| <path fill="none" stroke="black" d="M282.17,-748.91C354.14,-750.24 558.54,-746.32 701.25,-667 788.07,-618.75 801.34,-483.77 802.81,-423.6"/> | |
| <polygon fill="black" stroke="black" points="806.31,-423.84 802.95,-413.79 799.31,-423.74 806.31,-423.84"/> | |
| <text text-anchor="middle" x="506.25" y="-738.45" font-family="Times New Roman,serif" font-size="14.00">allow effect</text> | |
| </g> | |
| <!-- sa --> | |
| <g id="node11" class="node"> | |
| <title>sa</title> | |
| <g id="a_node11"><a xlink:href="https://cloud.google.com/iam/docs/service-account-overview" xlink:title="Service Account"> | |
| <polygon fill="none" stroke="black" points="679.38,-412 570.38,-412 570.38,-408 566.38,-408 566.38,-404 570.38,-404 570.38,-384 566.38,-384 566.38,-380 570.38,-380 570.38,-376 679.38,-376 679.38,-412"/> | |
| <polyline fill="none" stroke="black" points="570.38,-408 574.38,-408 574.38,-404 570.38,-404"/> | |
| <polyline fill="none" stroke="black" points="570.38,-384 574.38,-384 574.38,-380 570.38,-380"/> | |
| <text text-anchor="middle" x="624.88" y="-388.57" font-family="Times New Roman,serif" font-size="14.00">Service Account</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- member->sa --> | |
| <g id="edge1" class="edge"> | |
| <title>member->sa</title> | |
| <path fill="none" stroke="black" d="M458.03,-415.67C490.05,-411.49 534.92,-405.62 569.92,-401.05"/> | |
| <polygon fill="none" stroke="black" points="457.82,-412.17 448.36,-416.94 458.72,-419.11 457.82,-412.17"/> | |
| </g> | |
| <!-- user --> | |
| <g id="node12" class="node"> | |
| <title>user</title> | |
| <polygon fill="none" stroke="black" points="651.88,-466 597.88,-466 597.88,-462 593.88,-462 593.88,-458 597.88,-458 597.88,-438 593.88,-438 593.88,-434 597.88,-434 597.88,-430 651.88,-430 651.88,-466"/> | |
| <polyline fill="none" stroke="black" points="597.88,-462 601.88,-462 601.88,-458 597.88,-458"/> | |
| <polyline fill="none" stroke="black" points="597.88,-438 601.88,-438 601.88,-434 597.88,-434"/> | |
| <text text-anchor="middle" x="624.88" y="-442.57" font-family="Times New Roman,serif" font-size="14.00">user</text> | |
| </g> | |
| <!-- member->user --> | |
| <g id="edge2" class="edge"> | |
| <title>member->user</title> | |
| <path fill="none" stroke="black" d="M458.19,-426.35C499.61,-431.76 562.41,-439.97 597.6,-444.57"/> | |
| <polygon fill="none" stroke="black" points="458.72,-422.89 448.36,-425.06 457.82,-429.83 458.72,-422.89"/> | |
| </g> | |
| <!-- group --> | |
| <g id="node13" class="node"> | |
| <title>group</title> | |
| <polygon fill="none" stroke="black" points="651.88,-520 597.88,-520 597.88,-516 593.88,-516 593.88,-512 597.88,-512 597.88,-492 593.88,-492 593.88,-488 597.88,-488 597.88,-484 651.88,-484 651.88,-520"/> | |
| <polyline fill="none" stroke="black" points="597.88,-516 601.88,-516 601.88,-512 597.88,-512"/> | |
| <polyline fill="none" stroke="black" points="597.88,-492 601.88,-492 601.88,-488 597.88,-488"/> | |
| <text text-anchor="middle" x="624.88" y="-496.57" font-family="Times New Roman,serif" font-size="14.00">group</text> | |
| </g> | |
| <!-- member->group --> | |
| <g id="edge3" class="edge"> | |
| <title>member->group</title> | |
| <path fill="none" stroke="black" d="M457.39,-436.74C498.8,-452.97 562.18,-477.81 597.6,-491.7"/> | |
| <polygon fill="none" stroke="black" points="458.85,-433.55 448.26,-433.16 456.3,-440.07 458.85,-433.55"/> | |
| </g> | |
| <!-- k8s --> | |
| <g id="node14" class="node"> | |
| <title>k8s</title> | |
| <g id="a_node14"><a xlink:href="https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#kubernetes-resources-iam-policies" xlink:title="Kubernetes resource"> | |
| <polygon fill="none" stroke="black" points="690.25,-574 559.5,-574 559.5,-570 555.5,-570 555.5,-566 559.5,-566 559.5,-546 555.5,-546 555.5,-542 559.5,-542 559.5,-538 690.25,-538 690.25,-574"/> | |
| <polyline fill="none" stroke="black" points="559.5,-570 563.5,-570 563.5,-566 559.5,-566"/> | |
| <polyline fill="none" stroke="black" points="559.5,-546 563.5,-546 563.5,-542 559.5,-542"/> | |
| <text text-anchor="middle" x="624.88" y="-550.58" font-family="Times New Roman,serif" font-size="14.00">Kubernetes resource</text> | |
| </a> | |
| </g> | |
| </g> | |
| <!-- member->k8s --> | |
| <g id="edge4" class="edge"> | |
| <title>member->k8s</title> | |
| <path fill="none" stroke="black" d="M445.06,-446.92C471.91,-470.84 514.55,-506.03 556.5,-529 562.03,-532.03 567.96,-534.9 573.94,-537.57"/> | |
| <polygon fill="none" stroke="black" points="447.48,-444.39 437.71,-440.29 442.79,-449.59 447.48,-444.39"/> | |
| </g> | |
| <!-- member->PrincipalSet --> | |
| <g id="edge5" class="edge"> | |
| <title>member->PrincipalSet</title> | |
| <path fill="none" stroke="black" d="M422.45,-391.48C429.26,-361.14 444.05,-314.43 474,-286 490.05,-270.77 544.58,-253.48 583.22,-242.66"/> | |
| <polygon fill="none" stroke="black" points="419.05,-390.63 420.45,-401.13 425.9,-392.05 419.05,-390.63"/> | |
| </g> | |
| <!-- allUsers --> | |
| <g id="node16" class="node"> | |
| <title>allUsers</title> | |
| <polygon fill="none" stroke="black" points="655,-304 594.75,-304 594.75,-300 590.75,-300 590.75,-296 594.75,-296 594.75,-276 590.75,-276 590.75,-272 594.75,-272 594.75,-268 655,-268 655,-304"/> | |
| <polyline fill="none" stroke="black" points="594.75,-300 598.75,-300 598.75,-296 594.75,-296"/> | |
| <polyline fill="none" stroke="black" points="594.75,-276 598.75,-276 598.75,-272 594.75,-272"/> | |
| <text text-anchor="middle" x="624.88" y="-280.57" font-family="Times New Roman,serif" font-size="14.00">allUsers</text> | |
| </g> | |
| <!-- member->allUsers --> | |
| <g id="edge6" class="edge"> | |
| <title>member->allUsers</title> | |
| <path fill="none" stroke="black" d="M445.41,-394.86C454.34,-386.93 464.39,-378.38 474,-371 501.32,-350.01 510.89,-348.61 538.5,-328 546.84,-321.77 547.56,-318.34 556.5,-313 568.3,-305.96 582.26,-300.02 594.41,-295.52"/> | |
| <polygon fill="none" stroke="black" points="443.13,-392.2 438.04,-401.49 447.82,-397.4 443.13,-392.2"/> | |
| </g> | |
| <!-- allAuthenticatedUsers --> | |
| <g id="node17" class="node"> | |
| <title>allAuthenticatedUsers</title> | |
| <polygon fill="none" stroke="black" points="693.25,-358 556.5,-358 556.5,-354 552.5,-354 552.5,-350 556.5,-350 556.5,-330 552.5,-330 552.5,-326 556.5,-326 556.5,-322 693.25,-322 693.25,-358"/> | |
| <polyline fill="none" stroke="black" points="556.5,-354 560.5,-354 560.5,-350 556.5,-350"/> | |
| <polyline fill="none" stroke="black" points="556.5,-330 560.5,-330 560.5,-326 556.5,-326"/> | |
| <text text-anchor="middle" x="624.88" y="-334.57" font-family="Times New Roman,serif" font-size="14.00">allAuthenticatedUsers</text> | |
| </g> | |
| <!-- member->allAuthenticatedUsers --> | |
| <g id="edge7" class="edge"> | |
| <title>member->allAuthenticatedUsers</title> | |
| <path fill="none" stroke="black" d="M457.39,-405.26C491.57,-391.87 540.72,-372.6 576.76,-358.47"/> | |
| <polygon fill="none" stroke="black" points="456.3,-401.93 448.26,-408.84 458.85,-408.45 456.3,-401.93"/> | |
| </g> | |
| <!-- sa->res --> | |
| <g id="edge29" class="edge"> | |
| <title>sa->res</title> | |
| <path fill="none" stroke="black" d="M679.87,-394C704.62,-394 733.63,-394 757.24,-394"/> | |
| <polygon fill="none" stroke="black" points="757.18,-397.5 767.18,-394 757.18,-390.5 757.18,-397.5"/> | |
| <text text-anchor="middle" x="731.12" y="-396.45" font-family="Times New Roman,serif" font-size="14.00">is-a</text> | |
| </g> | |
| <!-- PrincipalSet->member --> | |
| <g id="edge18" class="edge"> | |
| <title>PrincipalSet->member</title> | |
| <path fill="none" stroke="black" d="M571.41,-249.28C566.11,-252.1 561.02,-255.33 556.5,-259 545.3,-268.09 549.92,-277.19 538.5,-286 514.5,-304.53 496.83,-288.29 474,-308.25 444.8,-333.78 428.85,-377.9 421.78,-402.71"/> | |
| <polygon fill="black" stroke="black" points="571.55,-249.21 575.28,-243.04 582.41,-244.11 578.68,-250.28 571.55,-249.21"/> | |
| <text text-anchor="middle" x="506.25" y="-310.45" font-family="Times New Roman,serif" font-size="14.00">contains</text> | |
| </g> | |
| <!-- res->dp --> | |
| <g id="edge15" class="edge"> | |
| <title>res->dp</title> | |
| <path fill="none" stroke="black" d="M803.02,-425.27C802.43,-519.45 786.9,-794 625.88,-794 253.88,-794 253.88,-794 253.88,-794 200.52,-794 141.07,-777.14 102.46,-763.83"/> | |
| <polygon fill="black" stroke="black" points="803.02,-425.39 799.02,-419.39 803.01,-413.39 807.02,-419.39 803.02,-425.39"/> | |
| <text text-anchor="middle" x="416.25" y="-796.45" font-family="Times New Roman,serif" font-size="14.00">has many</text> | |
| </g> | |
| <!-- parent->res --> | |
| <g id="edge22" class="edge"> | |
| <title>parent->res</title> | |
| <path fill="none" stroke="black" d="M300.15,-96.31C420.07,-113.47 742.72,-160.27 751,-168 781.52,-196.5 796.48,-327.28 801.05,-375.81"/> | |
| <polygon fill="none" stroke="black" points="300.76,-92.86 290.37,-94.91 299.77,-99.79 300.76,-92.86"/> | |
| </g> | |
| <!-- org --> | |
| <g id="node20" class="node"> | |
| <title>org</title> | |
| <polygon fill="none" stroke="black" points="443.25,-52 389.25,-52 389.25,-48 385.25,-48 385.25,-44 389.25,-44 389.25,-24 385.25,-24 385.25,-20 389.25,-20 389.25,-16 443.25,-16 443.25,-52"/> | |
| <polyline fill="none" stroke="black" points="389.25,-48 393.25,-48 393.25,-44 389.25,-44"/> | |
| <polyline fill="none" stroke="black" points="389.25,-24 393.25,-24 393.25,-20 389.25,-20"/> | |
| <text text-anchor="middle" x="416.25" y="-28.57" font-family="Times New Roman,serif" font-size="14.00">org</text> | |
| </g> | |
| <!-- parent->org --> | |
| <g id="edge23" class="edge"> | |
| <title>parent->org</title> | |
| <path fill="none" stroke="black" d="M299.08,-74.82C327.8,-64.73 364.58,-51.8 388.98,-43.23"/> | |
| <polygon fill="none" stroke="black" points="298.21,-71.41 289.94,-78.03 300.53,-78.02 298.21,-71.41"/> | |
| </g> | |
| <!-- folder --> | |
| <g id="node21" class="node"> | |
| <title>folder</title> | |
| <polygon fill="none" stroke="black" points="651.88,-88 597.88,-88 597.88,-84 593.88,-84 593.88,-80 597.88,-80 597.88,-60 593.88,-60 593.88,-56 597.88,-56 597.88,-52 651.88,-52 651.88,-88"/> | |
| <polyline fill="none" stroke="black" points="597.88,-84 601.88,-84 601.88,-80 597.88,-80"/> | |
| <polyline fill="none" stroke="black" points="597.88,-60 601.88,-60 601.88,-56 597.88,-56"/> | |
| <text text-anchor="middle" x="624.88" y="-64.58" font-family="Times New Roman,serif" font-size="14.00">folder</text> | |
| </g> | |
| <!-- parent->folder --> | |
| <g id="edge24" class="edge"> | |
| <title>parent->folder</title> | |
| <path fill="none" stroke="black" d="M300.11,-87.6C377.43,-83.39 534.88,-74.84 597.42,-71.44"/> | |
| <polygon fill="none" stroke="black" points="300.16,-84.09 290.37,-88.13 300.54,-91.08 300.16,-84.09"/> | |
| </g> | |
| <!-- project --> | |
| <g id="node22" class="node"> | |
| <title>project</title> | |
| <polygon fill="none" stroke="black" points="831.12,-108 776.12,-108 776.12,-104 772.12,-104 772.12,-100 776.12,-100 776.12,-80 772.12,-80 772.12,-76 776.12,-76 776.12,-72 831.12,-72 831.12,-108"/> | |
| <polyline fill="none" stroke="black" points="776.12,-104 780.12,-104 780.12,-100 776.12,-100"/> | |
| <polyline fill="none" stroke="black" points="776.12,-80 780.12,-80 780.12,-76 776.12,-76"/> | |
| <text text-anchor="middle" x="803.62" y="-84.58" font-family="Times New Roman,serif" font-size="14.00">project</text> | |
| </g> | |
| <!-- parent->project --> | |
| <g id="edge25" class="edge"> | |
| <title>parent->project</title> | |
| <path fill="none" stroke="black" d="M300,-91.55C381.32,-94.32 560.32,-100.01 711.25,-102 728.92,-102.23 733.45,-104.01 751,-102 759.14,-101.07 767.85,-99.33 775.77,-97.47"/> | |
| <polygon fill="none" stroke="black" points="300.35,-88.06 290.24,-91.21 300.11,-95.06 300.35,-88.06"/> | |
| </g> | |
| <!-- org->folder --> | |
| <g id="edge19" class="edge"> | |
| <title>org->folder</title> | |
| <path fill="none" stroke="black" d="M456.24,-40.79C497.62,-48 561.84,-59.19 597.59,-65.42"/> | |
| <polygon fill="black" stroke="black" points="456.13,-40.77 449.53,-43.68 444.31,-38.71 450.9,-35.8 456.13,-40.77"/> | |
| <text text-anchor="middle" x="506.25" y="-56.45" font-family="Times New Roman,serif" font-size="14.00">inherits</text> | |
| </g> | |
| <!-- folder->project --> | |
| <g id="edge20" class="edge"> | |
| <title>folder->project</title> | |
| <path fill="none" stroke="black" d="M664.91,-74.42C698.53,-78.22 746.17,-83.61 775.69,-86.95"/> | |
| <polygon fill="black" stroke="black" points="665.16,-74.44 658.74,-77.74 653.23,-73.1 659.64,-69.8 665.16,-74.44"/> | |
| <text text-anchor="middle" x="731.12" y="-86.45" font-family="Times New Roman,serif" font-size="14.00">inherits</text> | |
| </g> | |
| <!-- project->res --> | |
| <g id="edge21" class="edge"> | |
| <title>project->res</title> | |
| <path fill="none" stroke="black" d="M803.62,-120.97C803.62,-183.92 803.62,-325.11 803.62,-375.6"/> | |
| <polygon fill="black" stroke="black" points="803.63,-121.01 799.63,-115.01 803.63,-109.01 807.63,-115.01 803.63,-121.01"/> | |
| <text text-anchor="middle" x="792.75" y="-236.57" font-family="Times New Roman,serif" font-size="14.00">inherits</text> | |
| </g> | |
| </g> | |
| </svg> |
dot gcp-iam.graphviz.dot -Tsvg -o GCP-IAM.svg
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
rendered