Google Cloud IAM C++ Client  2.2.1
A C++ Client Library for Google Cloud IAM
iam_client.h
Go to the documentation of this file.
1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 // Generated by the Codegen C++ plugin.
16 // If you make any local changes, they will be lost.
17 // source: google/iam/admin/v1/iam.proto
18 
19 #ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_IAM_IAM_CLIENT_H
20 #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_IAM_IAM_CLIENT_H
21 
22 #include "google/cloud/iam/iam_connection.h"
23 #include "google/cloud/future.h"
24 #include "google/cloud/iam_updater.h"
25 #include "google/cloud/options.h"
26 #include "google/cloud/polling_policy.h"
27 #include "google/cloud/status_or.h"
28 #include "google/cloud/version.h"
29 #include <memory>
30 
31 namespace google {
32 namespace cloud {
33 namespace iam {
35 
36 ///
37 /// Creates and manages Identity and Access Management (IAM) resources.
38 ///
39 /// You can use this service to work with all of the following resources:
40 ///
41 /// * **Service accounts**, which identify an application or a virtual machine
42 /// (VM) instance rather than a person
43 /// * **Service account keys**, which service accounts use to authenticate with
44 /// Google APIs
45 /// * **IAM policies for service accounts**, which specify the roles that a
46 /// member has for the service account
47 /// * **IAM custom roles**, which help you limit the number of permissions that
48 /// you grant to members
49 ///
50 /// In addition, you can use this service to complete the following tasks, among
51 /// others:
52 ///
53 /// * Test whether a service account can use specific permissions
54 /// * Check which roles you can grant for a specific resource
55 /// * Lint, or validate, condition expressions in an IAM policy
56 ///
57 /// @par Equality
58 ///
59 /// Instances of this class created via copy-construction or copy-assignment
60 /// always compare equal. Instances created with equal
61 /// `std::shared_ptr<*Connection>` objects compare equal. Objects that compare
62 /// equal share the same underlying resources.
63 ///
64 /// @par Performance
65 ///
66 /// Creating a new instance of this class is a relatively expensive operation,
67 /// new objects establish new connections to the service. In contrast,
68 /// copy-construction, move-construction, and the corresponding assignment
69 /// operations are relatively efficient as the copies share all underlying
70 /// resources.
71 ///
72 /// @par Thread Safety
73 ///
74 /// Concurrent access to different instances of this class, even if they compare
75 /// equal, is guaranteed to work. Two or more threads operating on the same
76 /// instance of this class is not guaranteed to work. Since copy-construction
77 /// and move-construction is a relatively efficient operation, consider using
78 /// such a copy when using this class from multiple threads.
79 ///
80 class IAMClient {
81  public:
82  explicit IAMClient(std::shared_ptr<IAMConnection> connection,
83  Options opts = {});
85 
86  //@{
87  // @name Copy and move support
88  IAMClient(IAMClient const&) = default;
89  IAMClient& operator=(IAMClient const&) = default;
90  IAMClient(IAMClient&&) = default;
91  IAMClient& operator=(IAMClient&&) = default;
92  //@}
93 
94  //@{
95  // @name Equality
96  friend bool operator==(IAMClient const& a, IAMClient const& b) {
97  return a.connection_ == b.connection_;
98  }
99  friend bool operator!=(IAMClient const& a, IAMClient const& b) {
100  return !(a == b);
101  }
102  //@}
103 
104  ///
105  /// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that
106  /// belongs to a specific project.
107  ///
108  /// @param name Required. The resource name of the project associated with
109  /// the service
110  /// accounts, such as `projects/my-project-123`.
111  /// @param opts Optional. Override the class-level options, such as retry and
112  /// backoff policies.
113  /// @return
114  /// @googleapis_link{google::iam::admin::v1::ServiceAccount,google/iam/admin/v1/iam.proto#L459}
115  ///
116  /// [google.iam.admin.v1.ListServiceAccountsRequest]:
117  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L542}
118  /// [google.iam.admin.v1.ServiceAccount]:
119  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L459}
120  ///
121  StreamRange<google::iam::admin::v1::ServiceAccount> ListServiceAccounts(
122  std::string const& name, Options opts = {});
123 
124  ///
125  /// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that
126  /// belongs to a specific project.
127  ///
128  /// @param request
129  /// @googleapis_link{google::iam::admin::v1::ListServiceAccountsRequest,google/iam/admin/v1/iam.proto#L542}
130  /// @param opts Optional. Override the class-level options, such as retry and
131  /// backoff policies.
132  /// @return
133  /// @googleapis_link{google::iam::admin::v1::ServiceAccount,google/iam/admin/v1/iam.proto#L459}
134  ///
135  /// [google.iam.admin.v1.ListServiceAccountsRequest]:
136  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L542}
137  /// [google.iam.admin.v1.ServiceAccount]:
138  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L459}
139  ///
140  StreamRange<google::iam::admin::v1::ServiceAccount> ListServiceAccounts(
141  google::iam::admin::v1::ListServiceAccountsRequest request,
142  Options opts = {});
143 
144  ///
145  /// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
146  ///
147  /// @param name Required. The resource name of the service account in the
148  /// following format:
149  /// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
150  /// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
151  /// the account. The `ACCOUNT` value can be the `email` address or the
152  /// `unique_id` of the service account.
153  /// @param opts Optional. Override the class-level options, such as retry and
154  /// backoff policies.
155  /// @return
156  /// @googleapis_link{google::iam::admin::v1::ServiceAccount,google/iam/admin/v1/iam.proto#L459}
157  ///
158  /// [google.iam.admin.v1.GetServiceAccountRequest]:
159  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L577}
160  /// [google.iam.admin.v1.ServiceAccount]:
161  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L459}
162  ///
163  StatusOr<google::iam::admin::v1::ServiceAccount> GetServiceAccount(
164  std::string const& name, Options opts = {});
165 
166  ///
167  /// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
168  ///
169  /// @param request
170  /// @googleapis_link{google::iam::admin::v1::GetServiceAccountRequest,google/iam/admin/v1/iam.proto#L577}
171  /// @param opts Optional. Override the class-level options, such as retry and
172  /// backoff policies.
173  /// @return
174  /// @googleapis_link{google::iam::admin::v1::ServiceAccount,google/iam/admin/v1/iam.proto#L459}
175  ///
176  /// [google.iam.admin.v1.GetServiceAccountRequest]:
177  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L577}
178  /// [google.iam.admin.v1.ServiceAccount]:
179  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L459}
180  ///
181  StatusOr<google::iam::admin::v1::ServiceAccount> GetServiceAccount(
182  google::iam::admin::v1::GetServiceAccountRequest const& request,
183  Options opts = {});
184 
185  ///
186  /// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
187  ///
188  /// @param name Required. The resource name of the project associated with
189  /// the service
190  /// accounts, such as `projects/my-project-123`.
191  /// @param account_id Required. The account id that is used to generate the
192  /// service account
193  /// email address and a stable unique id. It is unique within a project,
194  /// must be 6-30 characters long, and match the regular expression
195  /// `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
196  /// @param service_account The
197  /// [ServiceAccount][google.iam.admin.v1.ServiceAccount] resource to
198  /// create. Currently, only the following values are user assignable:
199  /// `display_name` and `description`.
200  /// @param opts Optional. Override the class-level options, such as retry and
201  /// backoff policies.
202  /// @return
203  /// @googleapis_link{google::iam::admin::v1::ServiceAccount,google/iam/admin/v1/iam.proto#L459}
204  ///
205  /// [google.iam.admin.v1.CreateServiceAccountRequest]:
206  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L519}
207  /// [google.iam.admin.v1.ServiceAccount]:
208  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L459}
209  ///
210  StatusOr<google::iam::admin::v1::ServiceAccount> CreateServiceAccount(
211  std::string const& name, std::string const& account_id,
212  google::iam::admin::v1::ServiceAccount const& service_account,
213  Options opts = {});
214 
215  ///
216  /// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
217  ///
218  /// @param request
219  /// @googleapis_link{google::iam::admin::v1::CreateServiceAccountRequest,google/iam/admin/v1/iam.proto#L519}
220  /// @param opts Optional. Override the class-level options, such as retry and
221  /// backoff policies.
222  /// @return
223  /// @googleapis_link{google::iam::admin::v1::ServiceAccount,google/iam/admin/v1/iam.proto#L459}
224  ///
225  /// [google.iam.admin.v1.CreateServiceAccountRequest]:
226  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L519}
227  /// [google.iam.admin.v1.ServiceAccount]:
228  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L459}
229  ///
230  StatusOr<google::iam::admin::v1::ServiceAccount> CreateServiceAccount(
231  google::iam::admin::v1::CreateServiceAccountRequest const& request,
232  Options opts = {});
233 
234  ///
235  /// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
236  ///
237  /// @param request
238  /// @googleapis_link{google::iam::admin::v1::PatchServiceAccountRequest,google/iam/admin/v1/iam.proto#L614}
239  /// @param opts Optional. Override the class-level options, such as retry and
240  /// backoff policies.
241  /// @return
242  /// @googleapis_link{google::iam::admin::v1::ServiceAccount,google/iam/admin/v1/iam.proto#L459}
243  ///
244  /// [google.iam.admin.v1.PatchServiceAccountRequest]:
245  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L614}
246  /// [google.iam.admin.v1.ServiceAccount]:
247  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L459}
248  ///
249  StatusOr<google::iam::admin::v1::ServiceAccount> PatchServiceAccount(
250  google::iam::admin::v1::PatchServiceAccountRequest const& request,
251  Options opts = {});
252 
253  ///
254  /// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
255  ///
256  /// **Warning:** After you delete a service account, you might not be able to
257  /// undelete it. If you know that you need to re-enable the service account in
258  /// the future, use
259  /// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount]
260  /// instead.
261  ///
262  /// If you delete a service account, IAM permanently removes the service
263  /// account 30 days later. Google Cloud cannot recover the service account
264  /// after it is permanently removed, even if you file a support request.
265  ///
266  /// To help avoid unplanned outages, we recommend that you disable the service
267  /// account before you delete it. Use
268  /// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to
269  /// disable the service account, then wait at least 24 hours and watch for
270  /// unintended consequences. If there are no unintended consequences, you can
271  /// delete the service account.
272  ///
273  /// @param name Required. The resource name of the service account in the
274  /// following format:
275  /// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
276  /// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
277  /// the account. The `ACCOUNT` value can be the `email` address or the
278  /// `unique_id` of the service account.
279  /// @param opts Optional. Override the class-level options, such as retry and
280  /// backoff policies.
281  ///
282  /// [google.iam.admin.v1.DeleteServiceAccountRequest]:
283  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L592}
284  ///
285  Status DeleteServiceAccount(std::string const& name, Options opts = {});
286 
287  ///
288  /// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
289  ///
290  /// **Warning:** After you delete a service account, you might not be able to
291  /// undelete it. If you know that you need to re-enable the service account in
292  /// the future, use
293  /// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount]
294  /// instead.
295  ///
296  /// If you delete a service account, IAM permanently removes the service
297  /// account 30 days later. Google Cloud cannot recover the service account
298  /// after it is permanently removed, even if you file a support request.
299  ///
300  /// To help avoid unplanned outages, we recommend that you disable the service
301  /// account before you delete it. Use
302  /// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to
303  /// disable the service account, then wait at least 24 hours and watch for
304  /// unintended consequences. If there are no unintended consequences, you can
305  /// delete the service account.
306  ///
307  /// @param request
308  /// @googleapis_link{google::iam::admin::v1::DeleteServiceAccountRequest,google/iam/admin/v1/iam.proto#L592}
309  /// @param opts Optional. Override the class-level options, such as retry and
310  /// backoff policies.
311  ///
312  /// [google.iam.admin.v1.DeleteServiceAccountRequest]:
313  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L592}
314  ///
316  google::iam::admin::v1::DeleteServiceAccountRequest const& request,
317  Options opts = {});
318 
319  ///
320  /// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
321  ///
322  /// **Important:** It is not always possible to restore a deleted service
323  /// account. Use this method only as a last resort.
324  ///
325  /// After you delete a service account, IAM permanently removes the service
326  /// account 30 days later. There is no way to restore a deleted service
327  /// account that has been permanently removed.
328  ///
329  /// @param request
330  /// @googleapis_link{google::iam::admin::v1::UndeleteServiceAccountRequest,google/iam/admin/v1/iam.proto#L621}
331  /// @param opts Optional. Override the class-level options, such as retry and
332  /// backoff policies.
333  /// @return
334  /// @googleapis_link{google::iam::admin::v1::UndeleteServiceAccountResponse,google/iam/admin/v1/iam.proto#L629}
335  ///
336  /// [google.iam.admin.v1.UndeleteServiceAccountRequest]:
337  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L621}
338  /// [google.iam.admin.v1.UndeleteServiceAccountResponse]:
339  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L629}
340  ///
341  StatusOr<google::iam::admin::v1::UndeleteServiceAccountResponse>
343  google::iam::admin::v1::UndeleteServiceAccountRequest const& request,
344  Options opts = {});
345 
346  ///
347  /// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was
348  /// disabled by
349  /// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
350  ///
351  /// If the service account is already enabled, then this method has no effect.
352  ///
353  /// If the service account was disabled by other means—for example, if Google
354  /// disabled the service account because it was compromised—you cannot use
355  /// this method to enable the service account.
356  ///
357  /// @param request
358  /// @googleapis_link{google::iam::admin::v1::EnableServiceAccountRequest,google/iam/admin/v1/iam.proto#L635}
359  /// @param opts Optional. Override the class-level options, such as retry and
360  /// backoff policies.
361  ///
362  /// [google.iam.admin.v1.EnableServiceAccountRequest]:
363  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L635}
364  ///
366  google::iam::admin::v1::EnableServiceAccountRequest const& request,
367  Options opts = {});
368 
369  ///
370  /// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount]
371  /// immediately.
372  ///
373  /// If an application uses the service account to authenticate, that
374  /// application can no longer call Google APIs or access Google Cloud
375  /// resources. Existing access tokens for the service account are rejected,
376  /// and requests for new access tokens will fail.
377  ///
378  /// To re-enable the service account, use
379  /// [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount].
380  /// After you re-enable the service account, its existing access tokens will
381  /// be accepted, and you can request new access tokens.
382  ///
383  /// To help avoid unplanned outages, we recommend that you disable the service
384  /// account before you delete it. Use this method to disable the service
385  /// account, then wait at least 24 hours and watch for unintended
386  /// consequences. If there are no unintended consequences, you can delete the
387  /// service account with
388  /// [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
389  ///
390  /// @param request
391  /// @googleapis_link{google::iam::admin::v1::DisableServiceAccountRequest,google/iam/admin/v1/iam.proto#L645}
392  /// @param opts Optional. Override the class-level options, such as retry and
393  /// backoff policies.
394  ///
395  /// [google.iam.admin.v1.DisableServiceAccountRequest]:
396  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L645}
397  ///
399  google::iam::admin::v1::DisableServiceAccountRequest const& request,
400  Options opts = {});
401 
402  ///
403  /// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for
404  /// a service account.
405  ///
406  /// @param name Required. The resource name of the service account in the
407  /// following format:
408  /// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
409  /// Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from
410  /// the account. The `ACCOUNT` value can be the `email` address or the
411  /// `unique_id` of the service account.
412  /// @param key_types Filters the types of keys the user wants to include in
413  /// the list
414  /// response. Duplicate key types are not allowed. If no key type
415  /// is provided, all keys are returned.
416  /// @param opts Optional. Override the class-level options, such as retry and
417  /// backoff policies.
418  /// @return
419  /// @googleapis_link{google::iam::admin::v1::ListServiceAccountKeysResponse,google/iam/admin/v1/iam.proto#L690}
420  ///
421  /// [google.iam.admin.v1.ListServiceAccountKeysRequest]:
422  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L655}
423  /// [google.iam.admin.v1.ListServiceAccountKeysResponse]:
424  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L690}
425  ///
426  StatusOr<google::iam::admin::v1::ListServiceAccountKeysResponse>
428  std::string const& name,
429  std::vector<
430  google::iam::admin::v1::ListServiceAccountKeysRequest::KeyType> const&
431  key_types,
432  Options opts = {});
433 
434  ///
435  /// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for
436  /// a service account.
437  ///
438  /// @param request
439  /// @googleapis_link{google::iam::admin::v1::ListServiceAccountKeysRequest,google/iam/admin/v1/iam.proto#L655}
440  /// @param opts Optional. Override the class-level options, such as retry and
441  /// backoff policies.
442  /// @return
443  /// @googleapis_link{google::iam::admin::v1::ListServiceAccountKeysResponse,google/iam/admin/v1/iam.proto#L690}
444  ///
445  /// [google.iam.admin.v1.ListServiceAccountKeysRequest]:
446  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L655}
447  /// [google.iam.admin.v1.ListServiceAccountKeysResponse]:
448  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L690}
449  ///
450  StatusOr<google::iam::admin::v1::ListServiceAccountKeysResponse>
452  google::iam::admin::v1::ListServiceAccountKeysRequest const& request,
453  Options opts = {});
454 
455  ///
456  /// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
457  ///
458  /// @param name Required. The resource name of the service account key in the
459  /// following format:
460  /// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
461  /// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
462  /// the account. The `ACCOUNT` value can be the `email` address or the
463  /// `unique_id` of the service account.
464  /// @param public_key_type The output format of the public key requested.
465  /// X509_PEM is the default output format.
466  /// @param opts Optional. Override the class-level options, such as retry and
467  /// backoff policies.
468  /// @return
469  /// @googleapis_link{google::iam::admin::v1::ServiceAccountKey,google/iam/admin/v1/iam.proto#L739}
470  ///
471  /// [google.iam.admin.v1.GetServiceAccountKeyRequest]:
472  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L696}
473  /// [google.iam.admin.v1.ServiceAccountKey]:
474  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L739}
475  ///
476  StatusOr<google::iam::admin::v1::ServiceAccountKey> GetServiceAccountKey(
477  std::string const& name,
478  google::iam::admin::v1::ServiceAccountPublicKeyType public_key_type,
479  Options opts = {});
480 
481  ///
482  /// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
483  ///
484  /// @param request
485  /// @googleapis_link{google::iam::admin::v1::GetServiceAccountKeyRequest,google/iam/admin/v1/iam.proto#L696}
486  /// @param opts Optional. Override the class-level options, such as retry and
487  /// backoff policies.
488  /// @return
489  /// @googleapis_link{google::iam::admin::v1::ServiceAccountKey,google/iam/admin/v1/iam.proto#L739}
490  ///
491  /// [google.iam.admin.v1.GetServiceAccountKeyRequest]:
492  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L696}
493  /// [google.iam.admin.v1.ServiceAccountKey]:
494  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L739}
495  ///
496  StatusOr<google::iam::admin::v1::ServiceAccountKey> GetServiceAccountKey(
497  google::iam::admin::v1::GetServiceAccountKeyRequest const& request,
498  Options opts = {});
499 
500  ///
501  /// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
502  ///
503  /// @param name Required. The resource name of the service account in the
504  /// following format:
505  /// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
506  /// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
507  /// the account. The `ACCOUNT` value can be the `email` address or the
508  /// `unique_id` of the service account.
509  /// @param private_key_type The output format of the private key. The default
510  /// value is
511  /// `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File
512  /// format.
513  /// @param key_algorithm Which type of key and algorithm to use for the key.
514  /// The default is currently a 2K RSA key. However this may change in the
515  /// future.
516  /// @param opts Optional. Override the class-level options, such as retry and
517  /// backoff policies.
518  /// @return
519  /// @googleapis_link{google::iam::admin::v1::ServiceAccountKey,google/iam/admin/v1/iam.proto#L739}
520  ///
521  /// [google.iam.admin.v1.CreateServiceAccountKeyRequest]:
522  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L789}
523  /// [google.iam.admin.v1.ServiceAccountKey]:
524  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L739}
525  ///
526  StatusOr<google::iam::admin::v1::ServiceAccountKey> CreateServiceAccountKey(
527  std::string const& name,
528  google::iam::admin::v1::ServiceAccountPrivateKeyType private_key_type,
529  google::iam::admin::v1::ServiceAccountKeyAlgorithm key_algorithm,
530  Options opts = {});
531 
532  ///
533  /// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
534  ///
535  /// @param request
536  /// @googleapis_link{google::iam::admin::v1::CreateServiceAccountKeyRequest,google/iam/admin/v1/iam.proto#L789}
537  /// @param opts Optional. Override the class-level options, such as retry and
538  /// backoff policies.
539  /// @return
540  /// @googleapis_link{google::iam::admin::v1::ServiceAccountKey,google/iam/admin/v1/iam.proto#L739}
541  ///
542  /// [google.iam.admin.v1.CreateServiceAccountKeyRequest]:
543  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L789}
544  /// [google.iam.admin.v1.ServiceAccountKey]:
545  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L739}
546  ///
547  StatusOr<google::iam::admin::v1::ServiceAccountKey> CreateServiceAccountKey(
548  google::iam::admin::v1::CreateServiceAccountKeyRequest const& request,
549  Options opts = {});
550 
551  ///
552  /// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey],
553  /// using a public key that you provide.
554  ///
555  /// @param request
556  /// @googleapis_link{google::iam::admin::v1::UploadServiceAccountKeyRequest,google/iam/admin/v1/iam.proto#L814}
557  /// @param opts Optional. Override the class-level options, such as retry and
558  /// backoff policies.
559  /// @return
560  /// @googleapis_link{google::iam::admin::v1::ServiceAccountKey,google/iam/admin/v1/iam.proto#L739}
561  ///
562  /// [google.iam.admin.v1.UploadServiceAccountKeyRequest]:
563  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L814}
564  /// [google.iam.admin.v1.ServiceAccountKey]:
565  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L739}
566  ///
567  StatusOr<google::iam::admin::v1::ServiceAccountKey> UploadServiceAccountKey(
568  google::iam::admin::v1::UploadServiceAccountKeyRequest const& request,
569  Options opts = {});
570 
571  ///
572  /// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
573  /// Deleting a service account key does not revoke short-lived credentials
574  /// that have been issued based on the service account key.
575  ///
576  /// @param name Required. The resource name of the service account key in the
577  /// following format:
578  /// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
579  /// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
580  /// the account. The `ACCOUNT` value can be the `email` address or the
581  /// `unique_id` of the service account.
582  /// @param opts Optional. Override the class-level options, such as retry and
583  /// backoff policies.
584  ///
585  /// [google.iam.admin.v1.DeleteServiceAccountKeyRequest]:
586  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L830}
587  ///
588  Status DeleteServiceAccountKey(std::string const& name, Options opts = {});
589 
590  ///
591  /// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
592  /// Deleting a service account key does not revoke short-lived credentials
593  /// that have been issued based on the service account key.
594  ///
595  /// @param request
596  /// @googleapis_link{google::iam::admin::v1::DeleteServiceAccountKeyRequest,google/iam/admin/v1/iam.proto#L830}
597  /// @param opts Optional. Override the class-level options, such as retry and
598  /// backoff policies.
599  ///
600  /// [google.iam.admin.v1.DeleteServiceAccountKeyRequest]:
601  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L830}
602  ///
604  google::iam::admin::v1::DeleteServiceAccountKeyRequest const& request,
605  Options opts = {});
606 
607  ///
608  /// Gets the IAM policy that is attached to a
609  /// [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM policy
610  /// specifies which members have access to the service account.
611  ///
612  /// This method does not tell you whether the service account has been granted
613  /// any roles on other resources. To check whether a service account has role
614  /// grants on a resource, use the `getIamPolicy` method for that resource. For
615  /// example, to view the role grants for a project, call the Resource Manager
616  /// API's
617  /// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
618  /// method.
619  ///
620  /// @param resource REQUIRED: The resource for which the policy is being
621  /// requested.
622  /// See the operation documentation for the appropriate value for this field.
623  /// @param opts Optional. Override the class-level options, such as retry and
624  /// backoff policies.
625  /// @return
626  /// @googleapis_link{google::iam::v1::Policy,google/iam/v1/policy.proto#L96}
627  ///
628  /// [google.iam.v1.GetIamPolicyRequest]:
629  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L123}
630  /// [google.iam.v1.Policy]:
631  /// @googleapis_reference_link{google/iam/v1/policy.proto#L96}
632  ///
633  StatusOr<google::iam::v1::Policy> GetIamPolicy(std::string const& resource,
634  Options opts = {});
635 
636  ///
637  /// Gets the IAM policy that is attached to a
638  /// [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM policy
639  /// specifies which members have access to the service account.
640  ///
641  /// This method does not tell you whether the service account has been granted
642  /// any roles on other resources. To check whether a service account has role
643  /// grants on a resource, use the `getIamPolicy` method for that resource. For
644  /// example, to view the role grants for a project, call the Resource Manager
645  /// API's
646  /// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
647  /// method.
648  ///
649  /// @param request
650  /// @googleapis_link{google::iam::v1::GetIamPolicyRequest,google/iam/v1/iam_policy.proto#L123}
651  /// @param opts Optional. Override the class-level options, such as retry and
652  /// backoff policies.
653  /// @return
654  /// @googleapis_link{google::iam::v1::Policy,google/iam/v1/policy.proto#L96}
655  ///
656  /// [google.iam.v1.GetIamPolicyRequest]:
657  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L123}
658  /// [google.iam.v1.Policy]:
659  /// @googleapis_reference_link{google/iam/v1/policy.proto#L96}
660  ///
661  StatusOr<google::iam::v1::Policy> GetIamPolicy(
662  google::iam::v1::GetIamPolicyRequest const& request, Options opts = {});
663 
664  ///
665  /// Sets the IAM policy that is attached to a
666  /// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
667  ///
668  /// Use this method to grant or revoke access to the service account. For
669  /// example, you could grant a member the ability to impersonate the service
670  /// account.
671  ///
672  /// This method does not enable the service account to access other resources.
673  /// To grant roles to a service account on a resource, follow these steps:
674  ///
675  /// 1. Call the resource's `getIamPolicy` method to get its current IAM
676  /// policy.
677  /// 2. Edit the policy so that it binds the service account to an IAM role for
678  /// the resource.
679  /// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
680  ///
681  /// For detailed instructions, see
682  /// [Granting roles to a service account for specific
683  /// resources](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts).
684  ///
685  /// @param resource REQUIRED: The resource for which the policy is being
686  /// specified.
687  /// See the operation documentation for the appropriate value for this field.
688  /// @param policy REQUIRED: The complete policy to be applied to the
689  /// `resource`. The size of
690  /// the policy is limited to a few 10s of KB. An empty policy is a
691  /// valid policy but certain Cloud Platform services (such as Projects)
692  /// might reject them.
693  /// @param opts Optional. Override the class-level options, such as retry and
694  /// backoff policies.
695  /// @return
696  /// @googleapis_link{google::iam::v1::Policy,google/iam/v1/policy.proto#L96}
697  ///
698  /// [google.iam.v1.SetIamPolicyRequest]:
699  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L101}
700  /// [google.iam.v1.Policy]:
701  /// @googleapis_reference_link{google/iam/v1/policy.proto#L96}
702  ///
703  StatusOr<google::iam::v1::Policy> SetIamPolicy(
704  std::string const& resource, google::iam::v1::Policy const& policy,
705  Options opts = {});
706 
707  /**
708  * Updates the IAM policy for @p resource using an optimistic concurrency
709  * control loop.
710  *
711  * The loop fetches the current policy for @p resource, and passes it to @p
712  * updater, which should return the new policy. This new policy should use the
713  * current etag so that the read-modify-write cycle can detect races and rerun
714  * the update when there is a mismatch. If the new policy does not have an
715  * etag, the existing policy will be blindly overwritten. If @p updater does
716  * not yield a policy, the control loop is terminated and kCancelled is
717  * returned.
718  *
719  * @param resource Required. The resource for which the policy is being
720  * specified. See the operation documentation for the appropriate value for
721  * this field.
722  * @param updater Required. Functor to map the current policy to a new one.
723  * @param opts Optional. Override the class-level options, such as retry and
724  * backoff policies.
725  * @return google::iam::v1::Policy
726  */
727  StatusOr<google::iam::v1::Policy> SetIamPolicy(std::string const& resource,
728  IamUpdater const& updater,
729  Options opts = {});
730 
731  ///
732  /// Sets the IAM policy that is attached to a
733  /// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
734  ///
735  /// Use this method to grant or revoke access to the service account. For
736  /// example, you could grant a member the ability to impersonate the service
737  /// account.
738  ///
739  /// This method does not enable the service account to access other resources.
740  /// To grant roles to a service account on a resource, follow these steps:
741  ///
742  /// 1. Call the resource's `getIamPolicy` method to get its current IAM
743  /// policy.
744  /// 2. Edit the policy so that it binds the service account to an IAM role for
745  /// the resource.
746  /// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
747  ///
748  /// For detailed instructions, see
749  /// [Granting roles to a service account for specific
750  /// resources](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts).
751  ///
752  /// @param request
753  /// @googleapis_link{google::iam::v1::SetIamPolicyRequest,google/iam/v1/iam_policy.proto#L101}
754  /// @param opts Optional. Override the class-level options, such as retry and
755  /// backoff policies.
756  /// @return
757  /// @googleapis_link{google::iam::v1::Policy,google/iam/v1/policy.proto#L96}
758  ///
759  /// [google.iam.v1.SetIamPolicyRequest]:
760  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L101}
761  /// [google.iam.v1.Policy]:
762  /// @googleapis_reference_link{google/iam/v1/policy.proto#L96}
763  ///
764  StatusOr<google::iam::v1::Policy> SetIamPolicy(
765  google::iam::v1::SetIamPolicyRequest const& request, Options opts = {});
766 
767  ///
768  /// Tests whether the caller has the specified permissions on a
769  /// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
770  ///
771  /// @param resource REQUIRED: The resource for which the policy detail is
772  /// being requested.
773  /// See the operation documentation for the appropriate value for this field.
774  /// @param permissions The set of permissions to check for the `resource`.
775  /// Permissions with
776  /// wildcards (such as '*' or 'storage.*') are not allowed. For more
777  /// information see
778  /// [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
779  /// @param opts Optional. Override the class-level options, such as retry and
780  /// backoff policies.
781  /// @return
782  /// @googleapis_link{google::iam::v1::TestIamPermissionsResponse,google/iam/v1/iam_policy.proto#L151}
783  ///
784  /// [google.iam.v1.TestIamPermissionsRequest]:
785  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L136}
786  /// [google.iam.v1.TestIamPermissionsResponse]:
787  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L151}
788  ///
789  StatusOr<google::iam::v1::TestIamPermissionsResponse> TestIamPermissions(
790  std::string const& resource, std::vector<std::string> const& permissions,
791  Options opts = {});
792 
793  ///
794  /// Tests whether the caller has the specified permissions on a
795  /// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
796  ///
797  /// @param request
798  /// @googleapis_link{google::iam::v1::TestIamPermissionsRequest,google/iam/v1/iam_policy.proto#L136}
799  /// @param opts Optional. Override the class-level options, such as retry and
800  /// backoff policies.
801  /// @return
802  /// @googleapis_link{google::iam::v1::TestIamPermissionsResponse,google/iam/v1/iam_policy.proto#L151}
803  ///
804  /// [google.iam.v1.TestIamPermissionsRequest]:
805  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L136}
806  /// [google.iam.v1.TestIamPermissionsResponse]:
807  /// @googleapis_reference_link{google/iam/v1/iam_policy.proto#L151}
808  ///
809  StatusOr<google::iam::v1::TestIamPermissionsResponse> TestIamPermissions(
810  google::iam::v1::TestIamPermissionsRequest const& request,
811  Options opts = {});
812 
813  ///
814  /// Lists roles that can be granted on a Google Cloud resource. A role is
815  /// grantable if the IAM policy for the resource can contain bindings to the
816  /// role.
817  ///
818  /// @param full_resource_name Required. The full resource name to query from
819  /// the list of grantable roles.
820  /// The name follows the Google Cloud Platform resource format.
821  /// For example, a Cloud Platform project with id `my-project` will be named
822  /// `//cloudresourcemanager.googleapis.com/projects/my-project`.
823  /// @param opts Optional. Override the class-level options, such as retry and
824  /// backoff policies.
825  /// @return
826  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
827  ///
828  /// [google.iam.admin.v1.QueryGrantableRolesRequest]:
829  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1060}
830  /// [google.iam.admin.v1.Role]:
831  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
832  ///
833  StreamRange<google::iam::admin::v1::Role> QueryGrantableRoles(
834  std::string const& full_resource_name, Options opts = {});
835 
836  ///
837  /// Lists roles that can be granted on a Google Cloud resource. A role is
838  /// grantable if the IAM policy for the resource can contain bindings to the
839  /// role.
840  ///
841  /// @param request
842  /// @googleapis_link{google::iam::admin::v1::QueryGrantableRolesRequest,google/iam/admin/v1/iam.proto#L1060}
843  /// @param opts Optional. Override the class-level options, such as retry and
844  /// backoff policies.
845  /// @return
846  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
847  ///
848  /// [google.iam.admin.v1.QueryGrantableRolesRequest]:
849  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1060}
850  /// [google.iam.admin.v1.Role]:
851  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
852  ///
853  StreamRange<google::iam::admin::v1::Role> QueryGrantableRoles(
854  google::iam::admin::v1::QueryGrantableRolesRequest request,
855  Options opts = {});
856 
857  ///
858  /// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports,
859  /// or every custom role that is defined for an organization or project.
860  ///
861  /// @param request
862  /// @googleapis_link{google::iam::admin::v1::ListRolesRequest,google/iam/admin/v1/iam.proto#L1091}
863  /// @param opts Optional. Override the class-level options, such as retry and
864  /// backoff policies.
865  /// @return
866  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
867  ///
868  /// [google.iam.admin.v1.ListRolesRequest]:
869  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1091}
870  /// [google.iam.admin.v1.Role]:
871  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
872  ///
873  StreamRange<google::iam::admin::v1::Role> ListRoles(
874  google::iam::admin::v1::ListRolesRequest request, Options opts = {});
875 
876  ///
877  /// Gets the definition of a [Role][google.iam.admin.v1.Role].
878  ///
879  /// @param request
880  /// @googleapis_link{google::iam::admin::v1::GetRoleRequest,google/iam/admin/v1/iam.proto#L1150}
881  /// @param opts Optional. Override the class-level options, such as retry and
882  /// backoff policies.
883  /// @return
884  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
885  ///
886  /// [google.iam.admin.v1.GetRoleRequest]:
887  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1150}
888  /// [google.iam.admin.v1.Role]:
889  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
890  ///
891  StatusOr<google::iam::admin::v1::Role> GetRole(
892  google::iam::admin::v1::GetRoleRequest const& request, Options opts = {});
893 
894  ///
895  /// Creates a new custom [Role][google.iam.admin.v1.Role].
896  ///
897  /// @param request
898  /// @googleapis_link{google::iam::admin::v1::CreateRoleRequest,google/iam/admin/v1/iam.proto#L1182}
899  /// @param opts Optional. Override the class-level options, such as retry and
900  /// backoff policies.
901  /// @return
902  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
903  ///
904  /// [google.iam.admin.v1.CreateRoleRequest]:
905  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1182}
906  /// [google.iam.admin.v1.Role]:
907  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
908  ///
909  StatusOr<google::iam::admin::v1::Role> CreateRole(
910  google::iam::admin::v1::CreateRoleRequest const& request,
911  Options opts = {});
912 
913  ///
914  /// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
915  ///
916  /// @param request
917  /// @googleapis_link{google::iam::admin::v1::UpdateRoleRequest,google/iam/admin/v1/iam.proto#L1217}
918  /// @param opts Optional. Override the class-level options, such as retry and
919  /// backoff policies.
920  /// @return
921  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
922  ///
923  /// [google.iam.admin.v1.UpdateRoleRequest]:
924  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1217}
925  /// [google.iam.admin.v1.Role]:
926  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
927  ///
928  StatusOr<google::iam::admin::v1::Role> UpdateRole(
929  google::iam::admin::v1::UpdateRoleRequest const& request,
930  Options opts = {});
931 
932  ///
933  /// Deletes a custom [Role][google.iam.admin.v1.Role].
934  ///
935  /// When you delete a custom role, the following changes occur immediately:
936  ///
937  /// * You cannot bind a member to the custom role in an IAM
938  /// [Policy][google.iam.v1.Policy].
939  /// * Existing bindings to the custom role are not changed, but they have no
940  /// effect.
941  /// * By default, the response from
942  /// [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
943  /// role.
944  ///
945  /// You have 7 days to undelete the custom role. After 7 days, the following
946  /// changes occur:
947  ///
948  /// * The custom role is permanently deleted and cannot be recovered.
949  /// * If an IAM policy contains a binding to the custom role, the binding is
950  /// permanently removed.
951  ///
952  /// @param request
953  /// @googleapis_link{google::iam::admin::v1::DeleteRoleRequest,google/iam/admin/v1/iam.proto#L1248}
954  /// @param opts Optional. Override the class-level options, such as retry and
955  /// backoff policies.
956  /// @return
957  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
958  ///
959  /// [google.iam.admin.v1.DeleteRoleRequest]:
960  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1248}
961  /// [google.iam.admin.v1.Role]:
962  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
963  ///
964  StatusOr<google::iam::admin::v1::Role> DeleteRole(
965  google::iam::admin::v1::DeleteRoleRequest const& request,
966  Options opts = {});
967 
968  ///
969  /// Undeletes a custom [Role][google.iam.admin.v1.Role].
970  ///
971  /// @param request
972  /// @googleapis_link{google::iam::admin::v1::UndeleteRoleRequest,google/iam/admin/v1/iam.proto#L1276}
973  /// @param opts Optional. Override the class-level options, such as retry and
974  /// backoff policies.
975  /// @return
976  /// @googleapis_link{google::iam::admin::v1::Role,google/iam/admin/v1/iam.proto#L1002}
977  ///
978  /// [google.iam.admin.v1.UndeleteRoleRequest]:
979  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1276}
980  /// [google.iam.admin.v1.Role]:
981  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1002}
982  ///
983  StatusOr<google::iam::admin::v1::Role> UndeleteRole(
984  google::iam::admin::v1::UndeleteRoleRequest const& request,
985  Options opts = {});
986 
987  ///
988  /// Lists every permission that you can test on a resource. A permission is
989  /// testable if you can check whether a member has that permission on the
990  /// resource.
991  ///
992  /// @param request
993  /// @googleapis_link{google::iam::admin::v1::QueryTestablePermissionsRequest,google/iam/admin/v1/iam.proto#L1359}
994  /// @param opts Optional. Override the class-level options, such as retry and
995  /// backoff policies.
996  /// @return
997  /// @googleapis_link{google::iam::admin::v1::Permission,google/iam/admin/v1/iam.proto#L1304}
998  ///
999  /// [google.iam.admin.v1.QueryTestablePermissionsRequest]:
1000  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1359}
1001  /// [google.iam.admin.v1.Permission]:
1002  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1304}
1003  ///
1004  StreamRange<google::iam::admin::v1::Permission> QueryTestablePermissions(
1005  google::iam::admin::v1::QueryTestablePermissionsRequest request,
1006  Options opts = {});
1007 
1008  ///
1009  /// Returns a list of services that allow you to opt into audit logs that are
1010  /// not generated by default.
1011  ///
1012  /// To learn more about audit logs, see the [Logging
1013  /// documentation](https://cloud.google.com/logging/docs/audit).
1014  ///
1015  /// @param request
1016  /// @googleapis_link{google::iam::admin::v1::QueryAuditableServicesRequest,google/iam/admin/v1/iam.proto#L1389}
1017  /// @param opts Optional. Override the class-level options, such as retry and
1018  /// backoff policies.
1019  /// @return
1020  /// @googleapis_link{google::iam::admin::v1::QueryAuditableServicesResponse,google/iam/admin/v1/iam.proto#L1400}
1021  ///
1022  /// [google.iam.admin.v1.QueryAuditableServicesRequest]:
1023  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1389}
1024  /// [google.iam.admin.v1.QueryAuditableServicesResponse]:
1025  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1400}
1026  ///
1027  StatusOr<google::iam::admin::v1::QueryAuditableServicesResponse>
1029  google::iam::admin::v1::QueryAuditableServicesRequest const& request,
1030  Options opts = {});
1031 
1032  ///
1033  /// Lints, or validates, an IAM policy. Currently checks the
1034  /// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field,
1035  /// which contains a condition expression for a role binding.
1036  ///
1037  /// Successful calls to this method always return an HTTP `200 OK` status
1038  /// code, even if the linter detects an issue in the IAM policy.
1039  ///
1040  /// @param request
1041  /// @googleapis_link{google::iam::admin::v1::LintPolicyRequest,google/iam/admin/v1/iam.proto#L1413}
1042  /// @param opts Optional. Override the class-level options, such as retry and
1043  /// backoff policies.
1044  /// @return
1045  /// @googleapis_link{google::iam::admin::v1::LintPolicyResponse,google/iam/admin/v1/iam.proto#L1511}
1046  ///
1047  /// [google.iam.admin.v1.LintPolicyRequest]:
1048  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1413}
1049  /// [google.iam.admin.v1.LintPolicyResponse]:
1050  /// @googleapis_reference_link{google/iam/admin/v1/iam.proto#L1511}
1051  ///
1052  StatusOr<google::iam::admin::v1::LintPolicyResponse> LintPolicy(
1053  google::iam::admin::v1::LintPolicyRequest const& request,
1054  Options opts = {});
1055 
1056  private:
1057  std::shared_ptr<IAMConnection> connection_;
1058  Options options_;
1059 };
1060 
1062 namespace gcpcxxV1 = GOOGLE_CLOUD_CPP_NS; // NOLINT(misc-unused-alias-decls)
1063 } // namespace iam
1064 } // namespace cloud
1065 } // namespace google
1066 
1067 #endif // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_IAM_IAM_CLIENT_H