google::cloud::iam_admin_v1::IAMClient Class Reference

Creates and manages Identity and Access Management (IAM) resources. More...

#include <google/cloud/iam/admin/v1/iam_client.h>

Public Member Functions
	IAMClient (std::shared_ptr< IAMConnection > connection, Options opts={})
	~IAMClient ()
StreamRange< google::iam::admin::v1::ServiceAccount >	ListServiceAccounts (std::string const &name, Options opts={})
	Lists every ServiceAccount that belongs to a specific project. More...
StreamRange< google::iam::admin::v1::ServiceAccount >	ListServiceAccounts (google::iam::admin::v1::ListServiceAccountsRequest request, Options opts={})
	Lists every ServiceAccount that belongs to a specific project. More...
StatusOr< google::iam::admin::v1::ServiceAccount >	GetServiceAccount (std::string const &name, Options opts={})
	Gets a ServiceAccount. More...
StatusOr< google::iam::admin::v1::ServiceAccount >	GetServiceAccount (google::iam::admin::v1::GetServiceAccountRequest const &request, Options opts={})
	Gets a ServiceAccount. More...
StatusOr< google::iam::admin::v1::ServiceAccount >	CreateServiceAccount (std::string const &name, std::string const &account_id, google::iam::admin::v1::ServiceAccount const &service_account, Options opts={})
	Creates a ServiceAccount. More...
StatusOr< google::iam::admin::v1::ServiceAccount >	CreateServiceAccount (google::iam::admin::v1::CreateServiceAccountRequest const &request, Options opts={})
	Creates a ServiceAccount. More...
StatusOr< google::iam::admin::v1::ServiceAccount >	PatchServiceAccount (google::iam::admin::v1::PatchServiceAccountRequest const &request, Options opts={})
	Patches a ServiceAccount. More...
Status	DeleteServiceAccount (std::string const &name, Options opts={})
	Deletes a ServiceAccount. More...
Status	DeleteServiceAccount (google::iam::admin::v1::DeleteServiceAccountRequest const &request, Options opts={})
	Deletes a ServiceAccount. More...
StatusOr< google::iam::admin::v1::UndeleteServiceAccountResponse >	UndeleteServiceAccount (google::iam::admin::v1::UndeleteServiceAccountRequest const &request, Options opts={})
	Restores a deleted ServiceAccount. More...
Status	EnableServiceAccount (google::iam::admin::v1::EnableServiceAccountRequest const &request, Options opts={})
	Enables a ServiceAccount that was disabled by DisableServiceAccount. More...
Status	DisableServiceAccount (google::iam::admin::v1::DisableServiceAccountRequest const &request, Options opts={})
	Disables a ServiceAccount immediately. More...
StatusOr< google::iam::admin::v1::ListServiceAccountKeysResponse >	ListServiceAccountKeys (std::string const &name, std::vector< google::iam::admin::v1::ListServiceAccountKeysRequest::KeyType > const &key_types, Options opts={})
	Lists every ServiceAccountKey for a service account. More...
StatusOr< google::iam::admin::v1::ListServiceAccountKeysResponse >	ListServiceAccountKeys (google::iam::admin::v1::ListServiceAccountKeysRequest const &request, Options opts={})
	Lists every ServiceAccountKey for a service account. More...
StatusOr< google::iam::admin::v1::ServiceAccountKey >	GetServiceAccountKey (std::string const &name, google::iam::admin::v1::ServiceAccountPublicKeyType public_key_type, Options opts={})
	Gets a ServiceAccountKey. More...
StatusOr< google::iam::admin::v1::ServiceAccountKey >	GetServiceAccountKey (google::iam::admin::v1::GetServiceAccountKeyRequest const &request, Options opts={})
	Gets a ServiceAccountKey. More...
StatusOr< google::iam::admin::v1::ServiceAccountKey >	CreateServiceAccountKey (std::string const &name, google::iam::admin::v1::ServiceAccountPrivateKeyType private_key_type, google::iam::admin::v1::ServiceAccountKeyAlgorithm key_algorithm, Options opts={})
	Creates a ServiceAccountKey. More...
StatusOr< google::iam::admin::v1::ServiceAccountKey >	CreateServiceAccountKey (google::iam::admin::v1::CreateServiceAccountKeyRequest const &request, Options opts={})
	Creates a ServiceAccountKey. More...
StatusOr< google::iam::admin::v1::ServiceAccountKey >	UploadServiceAccountKey (google::iam::admin::v1::UploadServiceAccountKeyRequest const &request, Options opts={})
	Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount. More...
Status	DeleteServiceAccountKey (std::string const &name, Options opts={})
	Deletes a ServiceAccountKey. More...
Status	DeleteServiceAccountKey (google::iam::admin::v1::DeleteServiceAccountKeyRequest const &request, Options opts={})
	Deletes a ServiceAccountKey. More...
Status	DisableServiceAccountKey (std::string const &name, Options opts={})
	Disable a ServiceAccountKey. More...
Status	DisableServiceAccountKey (google::iam::admin::v1::DisableServiceAccountKeyRequest const &request, Options opts={})
	Disable a ServiceAccountKey. More...
Status	EnableServiceAccountKey (std::string const &name, Options opts={})
	Enable a ServiceAccountKey. More...
Status	EnableServiceAccountKey (google::iam::admin::v1::EnableServiceAccountKeyRequest const &request, Options opts={})
	Enable a ServiceAccountKey. More...
StatusOr< google::iam::v1::Policy >	GetIamPolicy (std::string const &resource, Options opts={})
	Gets the IAM policy that is attached to a ServiceAccount. More...
StatusOr< google::iam::v1::Policy >	GetIamPolicy (google::iam::v1::GetIamPolicyRequest const &request, Options opts={})
	Gets the IAM policy that is attached to a ServiceAccount. More...
StatusOr< google::iam::v1::Policy >	SetIamPolicy (std::string const &resource, google::iam::v1::Policy const &policy, Options opts={})
	Sets the IAM policy that is attached to a ServiceAccount. More...
StatusOr< google::iam::v1::Policy >	SetIamPolicy (std::string const &resource, IamUpdater const &updater, Options opts={})
	Updates the IAM policy for resource using an optimistic concurrency control loop. More...
StatusOr< google::iam::v1::Policy >	SetIamPolicy (google::iam::v1::SetIamPolicyRequest const &request, Options opts={})
	Sets the IAM policy that is attached to a ServiceAccount. More...
StatusOr< google::iam::v1::TestIamPermissionsResponse >	TestIamPermissions (std::string const &resource, std::vector< std::string > const &permissions, Options opts={})
	Tests whether the caller has the specified permissions on a ServiceAccount. More...
StatusOr< google::iam::v1::TestIamPermissionsResponse >	TestIamPermissions (google::iam::v1::TestIamPermissionsRequest const &request, Options opts={})
	Tests whether the caller has the specified permissions on a ServiceAccount. More...
StreamRange< google::iam::admin::v1::Role >	QueryGrantableRoles (std::string const &full_resource_name, Options opts={})
	Lists roles that can be granted on a Google Cloud resource. More...
StreamRange< google::iam::admin::v1::Role >	QueryGrantableRoles (google::iam::admin::v1::QueryGrantableRolesRequest request, Options opts={})
	Lists roles that can be granted on a Google Cloud resource. More...
StreamRange< google::iam::admin::v1::Role >	ListRoles (google::iam::admin::v1::ListRolesRequest request, Options opts={})
	Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. More...
StatusOr< google::iam::admin::v1::Role >	GetRole (google::iam::admin::v1::GetRoleRequest const &request, Options opts={})
	Gets the definition of a Role. More...
StatusOr< google::iam::admin::v1::Role >	CreateRole (google::iam::admin::v1::CreateRoleRequest const &request, Options opts={})
	Creates a new custom Role. More...
StatusOr< google::iam::admin::v1::Role >	UpdateRole (google::iam::admin::v1::UpdateRoleRequest const &request, Options opts={})
	Updates the definition of a custom Role. More...
StatusOr< google::iam::admin::v1::Role >	DeleteRole (google::iam::admin::v1::DeleteRoleRequest const &request, Options opts={})
	Deletes a custom Role. More...
StatusOr< google::iam::admin::v1::Role >	UndeleteRole (google::iam::admin::v1::UndeleteRoleRequest const &request, Options opts={})
	Undeletes a custom Role. More...
StreamRange< google::iam::admin::v1::Permission >	QueryTestablePermissions (google::iam::admin::v1::QueryTestablePermissionsRequest request, Options opts={})
	Lists every permission that you can test on a resource. More...
StatusOr< google::iam::admin::v1::QueryAuditableServicesResponse >	QueryAuditableServices (google::iam::admin::v1::QueryAuditableServicesRequest const &request, Options opts={})
	Returns a list of services that allow you to opt into audit logs that are not generated by default. More...
StatusOr< google::iam::admin::v1::LintPolicyResponse >	LintPolicy (google::iam::admin::v1::LintPolicyRequest const &request, Options opts={})
	Lints, or validates, an IAM policy. More...
Copy and move support
	IAMClient (IAMClient const &)=default
IAMClient &	operator= (IAMClient const &)=default
	IAMClient (IAMClient &&)=default
IAMClient &	operator= (IAMClient &&)=default

Friends
Equality
bool	operator== (IAMClient const &a, IAMClient const &b)
bool	operator!= (IAMClient const &a, IAMClient const &b)

Detailed Description

Creates and manages Identity and Access Management (IAM) resources.

You can use this service to work with all of the following resources:

• Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
• Service account keys, which service accounts use to authenticate with Google APIs
• IAM policies for service accounts, which specify the roles that a principal has for the service account
• IAM custom roles, which help you limit the number of permissions that you grant to principals

In addition, you can use this service to complete the following tasks, among others:

• Test whether a service account can use specific permissions
• Check which roles you can grant for a specific resource
• Lint, or validate, condition expressions in an IAM policy

When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.

In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

Equality

Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection> objects compare equal. Objects that compare equal share the same underlying resources.

Performance

Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.

Thread Safety

Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.

Constructor & Destructor Documentation

IAMClient() [1/3]

google::cloud::iam_admin_v1::IAMClient::IAMClient ( std::shared_ptr< IAMConnection >  connection, Options  opts = {}  )

explicit

~IAMClient()

google::cloud::iam_admin_v1::IAMClient::~IAMClient

(

)

IAMClient() [2/3]

google::cloud::iam_admin_v1::IAMClient::IAMClient ( IAMClient const &  )

default

IAMClient() [3/3]

google::cloud::iam_admin_v1::IAMClient::IAMClient ( IAMClient &&  )

default

Member Function Documentation

CreateRole()

StatusOr< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::CreateRole	(	google::iam::admin::v1::CreateRoleRequest const &	request,
		Options	opts = {}
	)

Creates a new custom Role.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.CreateRoleRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.Role) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

CreateServiceAccount() [1/2]

StatusOr< google::iam::admin::v1::ServiceAccount > google::cloud::iam_admin_v1::IAMClient::CreateServiceAccount	(	google::iam::admin::v1::CreateServiceAccountRequest const &	request,
		Options	opts = {}
	)

Creates a ServiceAccount.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.CreateServiceAccountRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccount) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

CreateServiceAccount() [2/2]

StatusOr< google::iam::admin::v1::ServiceAccount > google::cloud::iam_admin_v1::IAMClient::CreateServiceAccount	(	std::string const &	name,
		std::string const &	account_id,
		google::iam::admin::v1::ServiceAccount const &	service_account,
		Options	opts = {}
	)

Creates a ServiceAccount.

Parameters

name	Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.
account_id	Required. The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035.
service_account	The ServiceAccount resource to create. Currently, only the following values are user assignable: display_name and description.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccount) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

CreateServiceAccountKey() [1/2]

StatusOr< google::iam::admin::v1::ServiceAccountKey > google::cloud::iam_admin_v1::IAMClient::CreateServiceAccountKey	(	google::iam::admin::v1::CreateServiceAccountKeyRequest const &	request,
		Options	opts = {}
	)

Creates a ServiceAccountKey.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.CreateServiceAccountKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccountKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

CreateServiceAccountKey() [2/2]

StatusOr< google::iam::admin::v1::ServiceAccountKey > google::cloud::iam_admin_v1::IAMClient::CreateServiceAccountKey	(	std::string const &	name,
		google::iam::admin::v1::ServiceAccountPrivateKeyType	private_key_type,
		google::iam::admin::v1::ServiceAccountKeyAlgorithm	key_algorithm,
		Options	opts = {}
	)

Creates a ServiceAccountKey.

Parameters

name	Required. The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
private_key_type	The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.
key_algorithm	Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccountKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

DeleteRole()

StatusOr< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::DeleteRole	(	google::iam::admin::v1::DeleteRoleRequest const &	request,
		Options	opts = {}
	)

Deletes a custom Role.

When you delete a custom role, the following changes occur immediately:

• You cannot bind a principal to the custom role in an IAM Policy.
• Existing bindings to the custom role are not changed, but they have no effect.
• By default, the response from ListRoles does not include the custom role.

You have 7 days to undelete the custom role. After 7 days, the following changes occur:

• The custom role is permanently deleted and cannot be recovered.
• If an IAM policy contains a binding to the custom role, the binding is permanently removed.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.DeleteRoleRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.Role) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

DeleteServiceAccount() [1/2]

Status google::cloud::iam_admin_v1::IAMClient::DeleteServiceAccount	(	google::iam::admin::v1::DeleteServiceAccountRequest const &	request,
		Options	opts = {}
	)

Deletes a ServiceAccount.

Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead.

If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.

To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.DeleteServiceAccountRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

DeleteServiceAccount() [2/2]

Status google::cloud::iam_admin_v1::IAMClient::DeleteServiceAccount	(	std::string const &	name,
		Options	opts = {}
	)

Deletes a ServiceAccount.

Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead.

If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.

To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.

Parameters

name	Required. The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

DeleteServiceAccountKey() [1/2]

Status google::cloud::iam_admin_v1::IAMClient::DeleteServiceAccountKey	(	google::iam::admin::v1::DeleteServiceAccountKeyRequest const &	request,
		Options	opts = {}
	)

Deletes a ServiceAccountKey.

Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.DeleteServiceAccountKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

DeleteServiceAccountKey() [2/2]

Status google::cloud::iam_admin_v1::IAMClient::DeleteServiceAccountKey	(	std::string const &	name,
		Options	opts = {}
	)

Deletes a ServiceAccountKey.

Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.

Parameters

name	Required. The resource name of the service account key in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

DisableServiceAccount()

Status google::cloud::iam_admin_v1::IAMClient::DisableServiceAccount	(	google::iam::admin::v1::DisableServiceAccountRequest const &	request,
		Options	opts = {}
	)

Disables a ServiceAccount immediately.

If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail.

To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens.

To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.DisableServiceAccountRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

DisableServiceAccountKey() [1/2]

Status google::cloud::iam_admin_v1::IAMClient::DisableServiceAccountKey	(	google::iam::admin::v1::DisableServiceAccountKeyRequest const &	request,
		Options	opts = {}
	)

Disable a ServiceAccountKey.

A disabled service account key can be re-enabled with EnableServiceAccountKey.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.DisableServiceAccountKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

DisableServiceAccountKey() [2/2]

Status google::cloud::iam_admin_v1::IAMClient::DisableServiceAccountKey	(	std::string const &	name,
		Options	opts = {}
	)

Disable a ServiceAccountKey.

A disabled service account key can be re-enabled with EnableServiceAccountKey.

Parameters

name	Required. The resource name of the service account key in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

EnableServiceAccount()

Status google::cloud::iam_admin_v1::IAMClient::EnableServiceAccount	(	google::iam::admin::v1::EnableServiceAccountRequest const &	request,
		Options	opts = {}
	)

Enables a ServiceAccount that was disabled by DisableServiceAccount.

If the service account is already enabled, then this method has no effect.

If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.EnableServiceAccountRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

EnableServiceAccountKey() [1/2]

Status google::cloud::iam_admin_v1::IAMClient::EnableServiceAccountKey	(	google::iam::admin::v1::EnableServiceAccountKeyRequest const &	request,
		Options	opts = {}
	)

Enable a ServiceAccountKey.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.EnableServiceAccountKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

EnableServiceAccountKey() [2/2]

Status google::cloud::iam_admin_v1::IAMClient::EnableServiceAccountKey	(	std::string const &	name,
		Options	opts = {}
	)

Enable a ServiceAccountKey.

Parameters

name	Required. The resource name of the service account key in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a `Status` object. If the request failed, the status contains the details of the failure.

GetIamPolicy() [1/2]

StatusOr< google::iam::v1::Policy > google::cloud::iam_admin_v1::IAMClient::GetIamPolicy	(	google::iam::v1::GetIamPolicyRequest const &	request,
		Options	opts = {}
	)

Gets the IAM policy that is attached to a ServiceAccount.

This IAM policy specifies which principals have access to the service account.

This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the getIamPolicy method for that resource. For example, to view the role grants for a project, call the Resource Manager API's projects.getIamPolicy method.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.v1.GetIamPolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

GetIamPolicy() [2/2]

StatusOr< google::iam::v1::Policy > google::cloud::iam_admin_v1::IAMClient::GetIamPolicy	(	std::string const &	resource,
		Options	opts = {}
	)

Gets the IAM policy that is attached to a ServiceAccount.

This IAM policy specifies which principals have access to the service account.

This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the getIamPolicy method for that resource. For example, to view the role grants for a project, call the Resource Manager API's projects.getIamPolicy method.

Parameters

resource	REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

GetRole()

StatusOr< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::GetRole	(	google::iam::admin::v1::GetRoleRequest const &	request,
		Options	opts = {}
	)

Gets the definition of a Role.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.GetRoleRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.Role) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

GetServiceAccount() [1/2]

StatusOr< google::iam::admin::v1::ServiceAccount > google::cloud::iam_admin_v1::IAMClient::GetServiceAccount	(	google::iam::admin::v1::GetServiceAccountRequest const &	request,
		Options	opts = {}
	)

Gets a ServiceAccount.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.GetServiceAccountRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccount) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

GetServiceAccount() [2/2]

StatusOr< google::iam::admin::v1::ServiceAccount > google::cloud::iam_admin_v1::IAMClient::GetServiceAccount	(	std::string const &	name,
		Options	opts = {}
	)

Gets a ServiceAccount.

Parameters

name	Required. The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccount) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

GetServiceAccountKey() [1/2]

StatusOr< google::iam::admin::v1::ServiceAccountKey > google::cloud::iam_admin_v1::IAMClient::GetServiceAccountKey	(	google::iam::admin::v1::GetServiceAccountKeyRequest const &	request,
		Options	opts = {}
	)

Gets a ServiceAccountKey.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.GetServiceAccountKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccountKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

GetServiceAccountKey() [2/2]

StatusOr< google::iam::admin::v1::ServiceAccountKey > google::cloud::iam_admin_v1::IAMClient::GetServiceAccountKey	(	std::string const &	name,
		google::iam::admin::v1::ServiceAccountPublicKeyType	public_key_type,
		Options	opts = {}
	)

Gets a ServiceAccountKey.

Parameters

name	Required. The resource name of the service account key in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
public_key_type	Optional. The output format of the public key. The default is TYPE_NONE, which means that the public key is not returned.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccountKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

LintPolicy()

StatusOr< google::iam::admin::v1::LintPolicyResponse > google::cloud::iam_admin_v1::IAMClient::LintPolicy	(	google::iam::admin::v1::LintPolicyRequest const &	request,
		Options	opts = {}
	)

Lints, or validates, an IAM policy.

Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding.

Successful calls to this method always return an HTTP 200 OK status code, even if the linter detects an issue in the IAM policy.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.LintPolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.LintPolicyResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

ListRoles()

StreamRange< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::ListRoles	(	google::iam::admin::v1::ListRolesRequest	request,
		Options	opts = {}
	)

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.ListRolesRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a `StatusOr` as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.iam.admin.v1.Role, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListServiceAccountKeys() [1/2]

StatusOr< google::iam::admin::v1::ListServiceAccountKeysResponse > google::cloud::iam_admin_v1::IAMClient::ListServiceAccountKeys	(	google::iam::admin::v1::ListServiceAccountKeysRequest const &	request,
		Options	opts = {}
	)

Lists every ServiceAccountKey for a service account.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.ListServiceAccountKeysRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ListServiceAccountKeysResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

ListServiceAccountKeys() [2/2]

StatusOr< google::iam::admin::v1::ListServiceAccountKeysResponse > google::cloud::iam_admin_v1::IAMClient::ListServiceAccountKeys	(	std::string const &	name,
		std::vector< google::iam::admin::v1::ListServiceAccountKeysRequest::KeyType > const &	key_types,
		Options	opts = {}
	)

Lists every ServiceAccountKey for a service account.

Parameters

name	Required. The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID, will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account.
key_types	Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ListServiceAccountKeysResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

ListServiceAccounts() [1/2]

StreamRange< google::iam::admin::v1::ServiceAccount > google::cloud::iam_admin_v1::IAMClient::ListServiceAccounts	(	google::iam::admin::v1::ListServiceAccountsRequest	request,
		Options	opts = {}
	)

Lists every ServiceAccount that belongs to a specific project.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.ListServiceAccountsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a `StatusOr` as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.iam.admin.v1.ServiceAccount, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListServiceAccounts() [2/2]

StreamRange< google::iam::admin::v1::ServiceAccount > google::cloud::iam_admin_v1::IAMClient::ListServiceAccounts	(	std::string const &	name,
		Options	opts = {}
	)

Lists every ServiceAccount that belongs to a specific project.

Parameters

name	Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a `StatusOr` as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.iam.admin.v1.ServiceAccount, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

operator=() [1/2]

IAMClient & google::cloud::iam_admin_v1::IAMClient::operator= ( IAMClient &&  )

default

operator=() [2/2]

IAMClient & google::cloud::iam_admin_v1::IAMClient::operator= ( IAMClient const &  )

default

PatchServiceAccount()

StatusOr< google::iam::admin::v1::ServiceAccount > google::cloud::iam_admin_v1::IAMClient::PatchServiceAccount	(	google::iam::admin::v1::PatchServiceAccountRequest const &	request,
		Options	opts = {}
	)

Patches a ServiceAccount.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.PatchServiceAccountRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccount) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

QueryAuditableServices()

StatusOr< google::iam::admin::v1::QueryAuditableServicesResponse > google::cloud::iam_admin_v1::IAMClient::QueryAuditableServices	(	google::iam::admin::v1::QueryAuditableServicesRequest const &	request,
		Options	opts = {}
	)

Returns a list of services that allow you to opt into audit logs that are not generated by default.

To learn more about audit logs, see the Logging documentation.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.QueryAuditableServicesRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.QueryAuditableServicesResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

QueryGrantableRoles() [1/2]

StreamRange< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::QueryGrantableRoles	(	google::iam::admin::v1::QueryGrantableRolesRequest	request,
		Options	opts = {}
	)

Lists roles that can be granted on a Google Cloud resource.

A role is grantable if the IAM policy for the resource can contain bindings to the role.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.QueryGrantableRolesRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a `StatusOr` as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.iam.admin.v1.Role, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

QueryGrantableRoles() [2/2]

StreamRange< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::QueryGrantableRoles	(	std::string const &	full_resource_name,
		Options	opts = {}
	)

Lists roles that can be granted on a Google Cloud resource.

A role is grantable if the IAM policy for the resource can contain bindings to the role.

Parameters

full_resource_name	Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id my-project will be named //cloudresourcemanager.googleapis.com/projects/my-project.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a `StatusOr` as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.iam.admin.v1.Role, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

QueryTestablePermissions()

StreamRange< google::iam::admin::v1::Permission > google::cloud::iam_admin_v1::IAMClient::QueryTestablePermissions	(	google::iam::admin::v1::QueryTestablePermissionsRequest	request,
		Options	opts = {}
	)

Lists every permission that you can test on a resource.

A permission is testable if you can check whether a principal has that permission on the resource.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.QueryTestablePermissionsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a `StatusOr` as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.iam.admin.v1.Permission, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

SetIamPolicy() [1/3]

StatusOr< google::iam::v1::Policy > google::cloud::iam_admin_v1::IAMClient::SetIamPolicy	(	google::iam::v1::SetIamPolicyRequest const &	request,
		Options	opts = {}
	)

Sets the IAM policy that is attached to a ServiceAccount.

Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account.

This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:

1. Call the resource's getIamPolicy method to get its current IAM policy.
2. Edit the policy so that it binds the service account to an IAM role for the resource.
3. Call the resource's setIamPolicy method to update its IAM policy.

For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.v1.SetIamPolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

SetIamPolicy() [2/3]

StatusOr< google::iam::v1::Policy > google::cloud::iam_admin_v1::IAMClient::SetIamPolicy	(	std::string const &	resource,
		google::iam::v1::Policy const &	policy,
		Options	opts = {}
	)

Sets the IAM policy that is attached to a ServiceAccount.

Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account.

This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:

1. Call the resource's getIamPolicy method to get its current IAM policy.
2. Edit the policy so that it binds the service account to an IAM role for the resource.
3. Call the resource's setIamPolicy method to update its IAM policy.

For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources.

Parameters

resource	REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
policy	REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

SetIamPolicy() [3/3]

StatusOr< google::iam::v1::Policy > google::cloud::iam_admin_v1::IAMClient::SetIamPolicy	(	std::string const &	resource,
		IamUpdater const &	updater,
		Options	opts = {}
	)

Updates the IAM policy for resource using an optimistic concurrency control loop.

The loop fetches the current policy for resource, and passes it to updater, which should return the new policy. This new policy should use the current etag so that the read-modify-write cycle can detect races and rerun the update when there is a mismatch. If the new policy does not have an etag, the existing policy will be blindly overwritten. If updater does not yield a policy, the control loop is terminated and kCancelled is returned.

Parameters

resource	Required. The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
updater	Required. Functor to map the current policy to a new one.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

google::iam::v1::Policy

TestIamPermissions() [1/2]

StatusOr< google::iam::v1::TestIamPermissionsResponse > google::cloud::iam_admin_v1::IAMClient::TestIamPermissions	(	google::iam::v1::TestIamPermissionsRequest const &	request,
		Options	opts = {}
	)

Tests whether the caller has the specified permissions on a ServiceAccount.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.v1.TestIamPermissionsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.v1.TestIamPermissionsResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

TestIamPermissions() [2/2]

StatusOr< google::iam::v1::TestIamPermissionsResponse > google::cloud::iam_admin_v1::IAMClient::TestIamPermissions	(	std::string const &	resource,
		std::vector< std::string > const &	permissions,
		Options	opts = {}
	)

Tests whether the caller has the specified permissions on a ServiceAccount.

Parameters

resource	REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
permissions	The set of permissions to check for the resource. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see IAM Overview.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.v1.TestIamPermissionsResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

UndeleteRole()

StatusOr< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::UndeleteRole	(	google::iam::admin::v1::UndeleteRoleRequest const &	request,
		Options	opts = {}
	)

Undeletes a custom Role.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.UndeleteRoleRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.Role) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

UndeleteServiceAccount()

StatusOr< google::iam::admin::v1::UndeleteServiceAccountResponse > google::cloud::iam_admin_v1::IAMClient::UndeleteServiceAccount	(	google::iam::admin::v1::UndeleteServiceAccountRequest const &	request,
		Options	opts = {}
	)

Restores a deleted ServiceAccount.

Important: It is not always possible to restore a deleted service account. Use this method only as a last resort.

After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.UndeleteServiceAccountRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.UndeleteServiceAccountResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

UpdateRole()

StatusOr< google::iam::admin::v1::Role > google::cloud::iam_admin_v1::IAMClient::UpdateRole	(	google::iam::admin::v1::UpdateRoleRequest const &	request,
		Options	opts = {}
	)

Updates the definition of a custom Role.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.UpdateRoleRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.Role) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

UploadServiceAccountKey()

StatusOr< google::iam::admin::v1::ServiceAccountKey > google::cloud::iam_admin_v1::IAMClient::UploadServiceAccountKey	(	google::iam::admin::v1::UploadServiceAccountKeyRequest const &	request,
		Options	opts = {}
	)

Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.

After you upload the public key, you can use the private key from the key pair as a service account key.

Parameters

request	Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.admin.v1.UploadServiceAccountKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.
opts	Optional. Override the class-level options, such as retry and backoff policies.

Returns

the result of the RPC. The response message type (google.iam.admin.v1.ServiceAccountKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the `StatusOr` contains the error details.

Friends And Related Function Documentation

operator!=

bool operator!= ( IAMClient const &  a, IAMClient const &  b  )

friend

operator==

bool operator== ( IAMClient const &  a, IAMClient const &  b  )

friend