Back to Genai Toolbox

cloud-storage-get-bucket-iam-policy

docs/en/integrations/cloud-storage/tools/cloud-storage-get-bucket-iam-policy.md

1.6.02.0 KB
Original Source

About

A cloud-storage-get-bucket-iam-policy tool returns the IAM policy bindings for a Cloud Storage bucket. Use it to inspect which principals have roles on a bucket without modifying access.

You can set bucket in the tool configuration. When set, bucket is removed from the runtime parameter schema and the configured bucket is always used. A configured bucket must be a non-empty string.

Compatible Sources

{{< compatible-sources >}}

Requirements

The Cloud Storage credentials must be able to read the IAM policy for the target bucket.

Parameters

parametertyperequireddescription
bucketstringtrueName of the Cloud Storage bucket whose IAM policy should be returned.

Example

yaml
kind: tool
name: get_bucket_iam_policy
type: cloud-storage-get-bucket-iam-policy
source: my-gcs-source
description: Use this tool to inspect IAM bindings for a Cloud Storage bucket.
yaml
kind: tool
name: get_app_bucket_iam_policy
type: cloud-storage-get-bucket-iam-policy
source: my-gcs-source
description: Use this tool to inspect IAM bindings for the application bucket.
bucket: my-app-bucket

Output Format

The tool returns a JSON object with:

fieldtypedescription
bucketstringCloud Storage bucket whose policy was read.
bindingsarrayIAM bindings with role, members, and optional condition fields.

Reference

fieldtyperequireddescription
typestringtrueMust be "cloud-storage-get-bucket-iam-policy".
sourcestringtrueName of the Cloud Storage source to get bucket IAM policies from.
descriptionstringtrueDescription of the tool that is passed to the LLM.
bucketstringfalseBucket whose IAM policy is always returned. When set, the runtime bucket parameter is hidden. Must not be empty.