Skip to main content
POST
/
v1
/
regions
/
global
/
iam
/
policies
Create IAM policy binding
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: JSON.stringify({
    role: '<string>',
    principal: {id: '<string>'},
    scope: {resource: '<string>'},
    orgId: '<string>'
  })
};

fetch('https://api.k0rdent.ai/v1/regions/global/iam/policies', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
{
  "uid": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "id": "policy-g8h9i1",
  "role": "<string>",
  "principal": {
    "id": "<string>"
  },
  "scope": {
    "resource": "<string>"
  },
  "createdAt": "2023-11-07T05:31:56Z",
  "selfLink": "/v1/regions/global/iam/policies/policy-g8h9i1",
  "displayName": "<string>",
  "description": "<string>",
  "updatedAt": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Bearer token authentication using OAuth2/OIDC tokens

Body

application/json
role
string
required

Role identifier to bind

principal
object
required

User or group to bind role to

scope
object
required

Scope of the role binding (org, project, or resource level).

orgId
string

Organization identifier specified when creating policy as operator admin. When absent, it will be considered as the current user's organization.

Response

Policy binding successfully created

IAM policy binding (role binding to principal at scope).

uid
string<uuid>
required
read-only

Server-generated UUID.

id
string
required

Resource identifier. Provided by the client at creation or server-generated if omitted. Must be 1-63 lowercase characters matching a-z [blocked]?. Immutable after creation.

Required string length: 1 - 63
Pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$
Example:

"policy-g8h9i1"

role
string
required

Role identifier

principal
object
required

User, group, or service account to bind role to

scope
object
required

Scope of the role binding

createdAt
string<date-time>
required
read-only

Policy binding creation timestamp

selfLink
string<uri>
read-only

Server-defined URL for this resource.

Example:

"/v1/regions/global/iam/policies/policy-g8h9i1"

displayName
string

Optional human-readable name for the policy binding.

Maximum string length: 255
description
string

Optional explanation of why this binding exists.

Maximum string length: 1024
updatedAt
string<date-time>
read-only

Policy binding last update timestamp