Namespace Google.Apis.Iam.v1
Classes
IamBaseServiceRequest<TResponse>
A base abstract class for Iam requests.
IamPoliciesResource
The "iamPolicies" collection of methods.
IamPoliciesResource.LintPolicyRequest
Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field,
which contains a condition expression for a role binding. Successful calls to this method always return an
HTTP 200 OK status code, even if the linter detects an issue in the IAM policy.
IamPoliciesResource.QueryAuditableServicesRequest
Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the Logging documentation.
IamService
The Iam Service.
IamService.Scope
Available OAuth 2.0 scopes for use with the Identity and Access Management (IAM) API.
IamService.ScopeConstants
Available OAuth 2.0 scope constants for use with the Identity and Access Management (IAM) API.
OrganizationsResource
The "organizations" collection of methods.
OrganizationsResource.RolesResource
The "roles" collection of methods.
OrganizationsResource.RolesResource.CreateRequest
Creates a new custom Role.
OrganizationsResource.RolesResource.DeleteRequest
Deletes a custom Role. When you delete a custom role, the following changes occur immediately:
- You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.
OrganizationsResource.RolesResource.GetRequest
Gets the definition of a Role.
OrganizationsResource.RolesResource.ListRequest
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
OrganizationsResource.RolesResource.PatchRequest
Updates the definition of a custom Role.
OrganizationsResource.RolesResource.UndeleteRequest
Undeletes a custom Role.
PermissionsResource
The "permissions" collection of methods.
PermissionsResource.QueryTestablePermissionsRequest
Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource.
ProjectsResource
The "projects" collection of methods.
ProjectsResource.RolesResource
The "roles" collection of methods.
ProjectsResource.RolesResource.CreateRequest
Creates a new custom Role.
ProjectsResource.RolesResource.DeleteRequest
Deletes a custom Role. When you delete a custom role, the following changes occur immediately:
- You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.
ProjectsResource.RolesResource.GetRequest
Gets the definition of a Role.
ProjectsResource.RolesResource.ListRequest
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
ProjectsResource.RolesResource.PatchRequest
Updates the definition of a custom Role.
ProjectsResource.RolesResource.UndeleteRequest
Undeletes a custom Role.
ProjectsResource.ServiceAccountsResource
The "serviceAccounts" collection of methods.
ProjectsResource.ServiceAccountsResource.CreateRequest
Creates a ServiceAccount.
ProjectsResource.ServiceAccountsResource.DeleteRequest
Deletes a ServiceAccount. Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.
ProjectsResource.ServiceAccountsResource.DisableRequest
Disables a ServiceAccount immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re- enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.
ProjectsResource.ServiceAccountsResource.EnableRequest
Enables a ServiceAccount that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.
ProjectsResource.ServiceAccountsResource.GetIamPolicyRequest
Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which
members have access to the service account. This method does not tell you whether the service account
has been granted any roles on other resources. To check whether a service account has role grants on a
resource, use the getIamPolicy method for that resource. For example, to view the role grants for a
project, call the Resource Manager API's [projects.getIamPolicy](https://cloud.google.com/resource-
manager/reference/rest/v1/projects/getIamPolicy) method.
ProjectsResource.ServiceAccountsResource.GetRequest
Gets a ServiceAccount.
ProjectsResource.ServiceAccountsResource.KeysResource
The "keys" collection of methods.
ProjectsResource.ServiceAccountsResource.KeysResource.CreateRequest
Creates a ServiceAccountKey.
ProjectsResource.ServiceAccountsResource.KeysResource.DeleteRequest
Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.
ProjectsResource.ServiceAccountsResource.KeysResource.GetRequest
Gets a ServiceAccountKey.
ProjectsResource.ServiceAccountsResource.KeysResource.ListRequest
Lists every ServiceAccountKey for a service account.
ProjectsResource.ServiceAccountsResource.KeysResource.UploadRequest
Creates a ServiceAccountKey, using a public key that you provide.
ProjectsResource.ServiceAccountsResource.ListRequest
Lists every ServiceAccount that belongs to a specific project.
ProjectsResource.ServiceAccountsResource.PatchRequest
Patches a ServiceAccount.
ProjectsResource.ServiceAccountsResource.SetIamPolicyRequest
Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke
access to the service account. For example, you could grant a member the ability to impersonate the
service account. This method does not enable the service account to access other resources. To grant
roles to a service account on a resource, follow these steps: 1. Call the resource's getIamPolicy
method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM
role for the resource. 3. Call the resource's setIamPolicy method to update its IAM policy. For
detailed instructions, see [Granting roles to a service account for specific
resources](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-
accounts).
ProjectsResource.ServiceAccountsResource.SignBlobRequest
Note: This method is deprecated and will stop working on July 1, 2021. Use the
signBlob
method in the IAM Service Account Credentials API instead. If you currently use this method, see the
migration guide for instructions. Signs a
blob using the system-managed private key for a ServiceAccount.
ProjectsResource.ServiceAccountsResource.SignJwtRequest
Note: This method is deprecated and will stop working on July 1, 2021. Use the
signJwt
method in the IAM Service Account Credentials API instead. If you currently use this method, see the
migration guide for instructions. Signs a
JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
ProjectsResource.ServiceAccountsResource.TestIamPermissionsRequest
Tests whether the caller has the specified permissions on a ServiceAccount.
ProjectsResource.ServiceAccountsResource.UndeleteRequest
Restores a deleted ServiceAccount. Important: It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.
ProjectsResource.ServiceAccountsResource.UpdateRequest
Note: We are in the process of deprecating this method. Use PatchServiceAccount instead.
Updates a ServiceAccount. You can update only the display_name and description fields.
RolesResource
The "roles" collection of methods.
RolesResource.GetRequest
Gets the definition of a Role.
RolesResource.ListRequest
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
RolesResource.QueryGrantableRolesRequest
Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.
Enums
IamBaseServiceRequest<TResponse>.AltEnum
Data format for response.
IamBaseServiceRequest<TResponse>.XgafvEnum
V1 error format.
OrganizationsResource.RolesResource.ListRequest.ViewEnum
Optional view for the returned Role objects. When FULL is specified, the
includedPermissions field is returned, which includes a list of all permissions in the role. The
default value is BASIC, which does not return the includedPermissions field.
ProjectsResource.RolesResource.ListRequest.ViewEnum
Optional view for the returned Role objects. When FULL is specified, the
includedPermissions field is returned, which includes a list of all permissions in the role. The
default value is BASIC, which does not return the includedPermissions field.
ProjectsResource.ServiceAccountsResource.KeysResource.GetRequest.PublicKeyTypeEnum
The output format of the public key requested. X509_PEM is the default output format.
ProjectsResource.ServiceAccountsResource.KeysResource.ListRequest.KeyTypesEnum
Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.
RolesResource.ListRequest.ViewEnum
Optional view for the returned Role objects. When FULL is specified, the
includedPermissions field is returned, which includes a list of all permissions in the role. The
default value is BASIC, which does not return the includedPermissions field.