GS2-Identifier Deploy/CDK Reference
The template format used when creating stacks with GS2-Deploy, and implementation examples of template output in various languages using CDK
Entities
Resources targeted by the Deploy operation
Identifier
Credential
Credentials used to access the GS2 API. A credential consists of a client ID and a client secret, and access using the credential is restricted based on the privileges of the user who owns the credential.
Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| userName | string | ✓ | ~ 128 chars | User Name The name of the GS2-Identifier user who owns this credential. The credential inherits the permissions of this user based on the security policies attached to them. |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | Identifier | Created Credential |
| ClientSecret | string | Client Secret |
Implementation Example
Type: GS2::Identifier::Identifier
Properties:
UserName: user-0001import (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/identifier"
)
SampleStack := core.NewStack()
identifier.NewIdentifier(
&SampleStack,
"user-0001",
identifier.IdentifierOptions{},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Identifier\Model\Identifier(
stack: $this,
userName: "user-0001"
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.identifier.model.Identifier(
this,
"user-0001"
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Identifier.Model.Identifier(
stack: this,
userName: "user-0001"
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import identifier from "@/gs2cdk/identifier";
class SampleStack extends core.Stack
{
public constructor() {
super();
new identifier.model.Identifier(
this,
"user-0001"
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, identifier
class SampleStack(Stack):
def __init__(self):
super().__init__()
identifier.Identifier(
stack=self,
user_name='user-0001',
)
print(SampleStack().yaml()) # Generate TemplatePassword
Password
Password for logging into the Management Console based on user permissions. A password allows different accounts to log in to a single project and still limit the information they have access to.
Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| userName | string | ✓ | ~ 128 chars | User Name The name of the GS2-Identifier user who owns this password. The user logs into the management console with this user name and the corresponding password, and access is restricted based on the security policies attached to the user. | ||
| password | string | ✓ | ~ 1024 chars | Password The hashed password used for management console authentication. Set during password creation and verified against user input at login time. Stored internally and never returned through the API. |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | Password | Created Password |
Implementation Example
Type: GS2::Identifier::Password
Properties:
UserName: user-0001
Password: password-0001import (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/identifier"
)
SampleStack := core.NewStack()
identifier.NewPassword(
&SampleStack,
"user-0001",
"password-0001",
identifier.PasswordOptions{},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Identifier\Model\Password(
stack: $this,
userName: "user-0001",
password: "password-0001"
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.identifier.model.Password(
this,
"user-0001",
"password-0001"
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Identifier.Model.Password(
stack: this,
userName: "user-0001",
password: "password-0001"
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import identifier from "@/gs2cdk/identifier";
class SampleStack extends core.Stack
{
public constructor() {
super();
new identifier.model.Password(
this,
"user-0001",
"password-0001"
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, identifier
class SampleStack(Stack):
def __init__(self):
super().__init__()
identifier.Password(
stack=self,
user_name='user-0001',
password='password-0001',
)
print(SampleStack().yaml()) # Generate TemplateAttachSecurityPolicy
Attached Security Policy
Manages the association between a GS2-Identifier user and their security policies. Each user has one attachment record that contains the list of security policy GRNs applied to that user. When the user’s credentials are used for API access, all attached policies are evaluated to determine whether the requested operation is allowed or denied.
Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| userName | string | ✓ | ~ 128 chars | GS2-Identifier User name GS2-Identifier User-specific name. Specified using alphanumeric characters, hyphens (-), underscores (_), and periods (.). | ||
| securityPolicyId | string | ✓ | ~ 1024 chars | GRN of the Security Policy to assign |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Items | SecurityPolicy[] | List of Security Policies assigned to a user |
Implementation Example
Type: GS2::Identifier::AttachSecurityPolicy
Properties:
UserName: user-0001
SecurityPolicyId: securityPolicyId-0001import (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/identifier"
)
SampleStack := core.NewStack()
identifier.NewAttachSecurityPolicy(
&SampleStack,
"user-0001",
"securityPolicyId-0001",
identifier.AttachSecurityPolicyOptions{},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Identifier\Model\AttachSecurityPolicy(
stack: $this,
userName: "user-0001",
securityPolicyId: "securityPolicyId-0001"
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.identifier.model.AttachSecurityPolicy(
this,
"user-0001",
"securityPolicyId-0001"
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Identifier.Model.AttachSecurityPolicy(
stack: this,
userName: "user-0001",
securityPolicyId: "securityPolicyId-0001"
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import identifier from "@/gs2cdk/identifier";
class SampleStack extends core.Stack
{
public constructor() {
super();
new identifier.model.AttachSecurityPolicy(
this,
"user-0001",
"securityPolicyId-0001"
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, identifier
class SampleStack(Stack):
def __init__(self):
super().__init__()
identifier.AttachSecurityPolicy(
stack=self,
user_name='user-0001',
security_policy_id='securityPolicyId-0001',
)
print(SampleStack().yaml()) # Generate TemplateUser
GS2-Identifier User
This entity represents a game developer who has access to the project.
The user has credentials for programmatic access and A password can be registered that allows the user to log into the Management Console and manage the project based on the user’s permissions.
Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| name | string | ✓ | ~ 128 chars | GS2-Identifier User name GS2-Identifier User-specific name. Specified using alphanumeric characters, hyphens (-), underscores (_), and periods (.). | ||
| description | string | ~ 1024 chars | Description |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | User | Created User |
Implementation Example
Type: GS2::Identifier::User
Properties:
Name: user-0001
Description: nullimport (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/identifier"
)
SampleStack := core.NewStack()
identifier.NewUser(
&SampleStack,
"user-0001",
identifier.UserOptions{},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Identifier\Model\User(
stack: $this,
name: "user-0001"
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.identifier.model.User(
this,
"user-0001"
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Identifier.Model.User(
stack: this,
name: "user-0001"
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import identifier from "@/gs2cdk/identifier";
class SampleStack extends core.Stack
{
public constructor() {
super();
new identifier.model.User(
this,
"user-0001"
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, identifier
class SampleStack(Stack):
def __init__(self):
super().__init__()
identifier.User(
stack=self,
name='user-0001',
)
print(SampleStack().yaml()) # Generate TemplateSecurityPolicy
Security Policy
Define restrictions on the types of APIs that users can use and the resources they can access. Access restriction rules are defined using JSON format definition data called policy documents. For the specifications of policy documents, please refer to the explanation page on policy documents in the development documents.
Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| name | string | ✓ | ~ 128 chars | Security Policy Name Security Policy-specific name. Specified using alphanumeric characters, hyphens (-), underscores (_), and periods (.). | ||
| description | string | ~ 1024 chars | Description | |||
| policy | string | ✓ | ~ 524288 chars | Policy Document A JSON document that defines the access control rules for this security policy. The document specifies which GS2 API actions are allowed or denied, and which resources (identified by GRN patterns) the rules apply to. Multiple statements can be combined to create fine-grained access control. Maximum 512KB. |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | SecurityPolicy | Created security policy |
Implementation Example
Type: GS2::Identifier::SecurityPolicy
Properties:
Name: policy-0001
Description: null
Policy: {}import (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/identifier"
)
SampleStack := core.NewStack()
identifier.NewSecurityPolicy(
&SampleStack,
"policy-0001",
identifier.NewPolicy(
[]identifier.Statement{},
),
identifier.SecurityPolicyOptions{},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Identifier\Model\SecurityPolicy(
stack: $this,
name: "policy-0001",
policy: new \Gs2Cdk\Identifier\Model\Policy([])
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.identifier.model.SecurityPolicy(
this,
"policy-0001",
new Policy(
Arrays.asList(
Statement.allowAll()
)
)
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Identifier.Model.SecurityPolicy(
stack: this,
name: "policy-0001",
policy: new Policy(
new List<Statement> {
Statement.AllowAll()
}
)
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import identifier from "@/gs2cdk/identifier";
import Policy from "@/gs2cdk/identifier/model/Policy";
import Statement from "@/gs2cdk/identifier/model/Statement";
class SampleStack extends core.Stack
{
public constructor() {
super();
new identifier.model.SecurityPolicy(
this,
"policy-0001",
new Policy(
[
Statement.allowAll()
]
)
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, identifier
class SampleStack(Stack):
def __init__(self):
super().__init__()
identifier.SecurityPolicy(
stack=self,
name='policy-0001',
policy=identifier.Policy([
identifier.Statement.allow_all(),
]),
)
print(SampleStack().yaml()) # Generate Template