Class: Google::Apis::IamV1::IamService

Inherits:
Core::BaseService
  • Object
show all
Defined in:
generated/google/apis/iam_v1/service.rb

Overview

Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Examples:

require 'google/apis/iam_v1'

Iam = Google::Apis::IamV1 # Alias the module
service = Iam::IamService.new

See Also:

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeIamService

Returns a new instance of IamService.



47
48
49
50
# File 'generated/google/apis/iam_v1/service.rb', line 47

def initialize
  super('https://iam.googleapis.com/', '')
  @batch_path = 'batch'
end

Instance Attribute Details

#keyString

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

  • (String)

    API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.



40
41
42
# File 'generated/google/apis/iam_v1/service.rb', line 40

def key
  @key
end

#quota_userString

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

  • (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.



45
46
47
# File 'generated/google/apis/iam_v1/service.rb', line 45

def quota_user
  @quota_user
end

Instance Method Details

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Creates a new custom Role.

Parameters:

  • parent (String)

    The parent parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's parent value format is described below: * projects.roles.create(): projects/PROJECT_ID. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ create): `organizations/`ORGANIZATION_ID. This method creates organization- level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



150
151
152
153
154
155
156
157
158
159
160
# File 'generated/google/apis/iam_v1/service.rb', line 150

def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Creates a new custom Role.

Parameters:

  • parent (String)

    The parent parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's parent value format is described below: * projects.roles.create(): projects/PROJECT_ID. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ create): `organizations/`ORGANIZATION_ID. This method creates organization- level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



550
551
552
553
554
555
556
557
558
559
560
# File 'generated/google/apis/iam_v1/service.rb', line 550

def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Creates a ServiceAccount.

Parameters:

  • name (String)

    Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.

  • create_service_account_request_object (Google::Apis::IamV1::CreateServiceAccountRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



846
847
848
849
850
851
852
853
854
855
856
# File 'generated/google/apis/iam_v1/service.rb', line 846

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

Creates a ServiceAccountKey.

Parameters:

  • name (String)

    Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • create_service_account_key_request_object (Google::Apis::IamV1::CreateServiceAccountKeyRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
# File 'generated/google/apis/iam_v1/service.rb', line 1421

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.delete(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.delete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • etag (String) (defaults to: nil)

    Used to perform a consistent read-modify-write.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



205
206
207
208
209
210
211
212
213
214
# File 'generated/google/apis/iam_v1/service.rb', line 205

def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.delete(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.delete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • etag (String) (defaults to: nil)

    Used to perform a consistent read-modify-write.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



605
606
607
608
609
610
611
612
613
614
# File 'generated/google/apis/iam_v1/service.rb', line 605

def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Deletes a ServiceAccount. Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.

Parameters:

  • name (String)

    Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



890
891
892
893
894
895
896
897
898
# File 'generated/google/apis/iam_v1/service.rb', line 890

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.

Parameters:

  • name (String)

    Required. The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. The ACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1458
1459
1460
1461
1462
1463
1464
1465
1466
# File 'generated/google/apis/iam_v1/service.rb', line 1458

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Disables a ServiceAccount immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for the PROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • disable_service_account_request_object (Google::Apis::IamV1::DisableServiceAccountRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



934
935
936
937
938
939
940
941
942
943
944
# File 'generated/google/apis/iam_v1/service.rb', line 934

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:disable', options)
  command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Enables a ServiceAccount that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for the PROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • enable_service_account_request_object (Google::Apis::IamV1::EnableServiceAccountRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



974
975
976
977
978
979
980
981
982
983
984
# File 'generated/google/apis/iam_v1/service.rb', line 974

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:enable', options)
  command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets the definition of a Role.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below: * roles.get(): roles/ROLE_NAME . This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME * projects.roles.get(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.get(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



254
255
256
257
258
259
260
261
262
# File 'generated/google/apis/iam_v1/service.rb', line 254

def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Operation

Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.

Parameters:

  • name (String)

    The name of the operation resource.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



476
477
478
479
480
481
482
483
484
# File 'generated/google/apis/iam_v1/service.rb', line 476

def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Operation

Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.

Parameters:

  • name (String)

    The name of the operation resource.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



507
508
509
510
511
512
513
514
515
# File 'generated/google/apis/iam_v1/service.rb', line 507

def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets the definition of a Role.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below: * roles.get(): roles/ROLE_NAME . This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME * projects.roles.get(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.get(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



654
655
656
657
658
659
660
661
662
# File 'generated/google/apis/iam_v1/service.rb', line 654

def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Gets a ServiceAccount.

Parameters:

  • name (String)

    Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1009
1010
1011
1012
1013
1014
1015
1016
1017
# File 'generated/google/apis/iam_v1/service.rb', line 1009

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which members have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the getIamPolicy method for that resource. For example, to view the role grants for a project, call the Resource Manager API's projects.getIamPolicy method.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

  • options_requested_policy_version (Fixnum) (defaults to: nil)

    Optional. The policy format version to be returned. Valid values are 0, 1, and

    1. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
# File 'generated/google/apis/iam_v1/service.rb', line 1055

def (resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

Gets a ServiceAccountKey.

Parameters:

  • name (String)

    Required. The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. The ACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • public_key_type (String) (defaults to: nil)

    The output format of the public key requested. X509_PEM is the default output format.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
# File 'generated/google/apis/iam_v1/service.rb', line 1495

def (name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets the definition of a Role.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below: * roles.get(): roles/ROLE_NAME . This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME * projects.roles.get(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.get(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1618
1619
1620
1621
1622
1623
1624
1625
1626
# File 'generated/google/apis/iam_v1/service.rb', line 1618

def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::LintPolicyResponse

Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding. condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP 200 OK status code, even if the linter detects an issue in the IAM policy.

Parameters:

  • lint_policy_request_object (Google::Apis::IamV1::LintPolicyRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



74
75
76
77
78
79
80
81
82
83
# File 'generated/google/apis/iam_v1/service.rb', line 74

def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
  command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
  command.request_object = lint_policy_request_object
  command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
  command.response_class = Google::Apis::IamV1::LintPolicyResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Parameters:

  • parent (String)

    The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below: * roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles * projects.roles.list(): projects/PROJECT_ID. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID. This method lists all organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • page_size (Fixnum) (defaults to: nil)

    Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.

  • page_token (String) (defaults to: nil)

    Optional pagination token returned in an earlier ListRolesResponse.

  • show_deleted (Boolean) (defaults to: nil)

    Include Roles that have been deleted.

  • view (String) (defaults to: nil)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



313
314
315
316
317
318
319
320
321
322
323
324
325
# File 'generated/google/apis/iam_v1/service.rb', line 313

def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Parameters:

  • parent (String)

    The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below: * roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles * projects.roles.list(): projects/PROJECT_ID. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID. This method lists all organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • page_size (Fixnum) (defaults to: nil)

    Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.

  • page_token (String) (defaults to: nil)

    Optional pagination token returned in an earlier ListRolesResponse.

  • show_deleted (Boolean) (defaults to: nil)

    Include Roles that have been deleted.

  • view (String) (defaults to: nil)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



713
714
715
716
717
718
719
720
721
722
723
724
725
# File 'generated/google/apis/iam_v1/service.rb', line 713

def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountKeysResponse

Lists every ServiceAccountKey for a service account.

Parameters:

  • name (String)

    Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_ID, will infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • key_types (Array<String>, String) (defaults to: nil)

    Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
# File 'generated/google/apis/iam_v1/service.rb', line 1533

def (name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/keys', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
  command.params['name'] = name unless name.nil?
  command.query['keyTypes'] = key_types unless key_types.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountsResponse

Lists every ServiceAccount that belongs to a specific project.

Parameters:

  • name (String)

    Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.

  • page_size (Fixnum) (defaults to: nil)

    Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request. The default is 20, and the maximum is 100.

  • page_token (String) (defaults to: nil)

    Optional pagination token returned in an earlier ListServiceAccountsResponse. next_page_token.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
# File 'generated/google/apis/iam_v1/service.rb', line 1095

def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
  command.params['name'] = name unless name.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Parameters:

  • page_size (Fixnum) (defaults to: nil)

    Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.

  • page_token (String) (defaults to: nil)

    Optional pagination token returned in an earlier ListRolesResponse.

  • parent (String) (defaults to: nil)

    The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below: * roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles * projects.roles.list(): projects/PROJECT_ID. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID. This method lists all organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • show_deleted (Boolean) (defaults to: nil)

    Include Roles that have been deleted.

  • view (String) (defaults to: nil)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
# File 'generated/google/apis/iam_v1/service.rb', line 1677

def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['parent'] = parent unless parent.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Updates the definition of a custom Role.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.patch(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.patch() : organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • role_object (Google::Apis::IamV1::Role) (defaults to: nil)
  • update_mask (String) (defaults to: nil)

    A mask describing which fields in the Role have changed.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



364
365
366
367
368
369
370
371
372
373
374
375
# File 'generated/google/apis/iam_v1/service.rb', line 364

def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Updates the definition of a custom Role.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.patch(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.patch() : organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • role_object (Google::Apis::IamV1::Role) (defaults to: nil)
  • update_mask (String) (defaults to: nil)

    A mask describing which fields in the Role have changed.

  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



764
765
766
767
768
769
770
771
772
773
774
775
# File 'generated/google/apis/iam_v1/service.rb', line 764

def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Patches a ServiceAccount.

Parameters:

  • name (String)

    The resource name of the service account. Use one of the following formats: * projects/PROJECT_ID/serviceAccounts/EMAIL_ADDRESS* `projects/`PROJECT_ID` /serviceAccounts/`UNIQUE_ID As an alternative, you can use the - wildcard character instead of the project ID: * projects/-/serviceAccounts/ EMAIL_ADDRESS* `projects/-/serviceAccounts/`UNIQUE_ID When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

  • patch_service_account_request_object (Google::Apis::IamV1::PatchServiceAccountRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
# File 'generated/google/apis/iam_v1/service.rb', line 1137

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryGrantableRolesResponse

Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.

Parameters:

  • query_grantable_roles_request_object (Google::Apis::IamV1::QueryGrantableRolesRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
# File 'generated/google/apis/iam_v1/service.rb', line 1711

def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
  command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
  command.request_object = query_grantable_roles_request_object
  command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryAuditableServicesResponse

Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the Logging documentation.

Parameters:

  • query_auditable_services_request_object (Google::Apis::IamV1::QueryAuditableServicesRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



106
107
108
109
110
111
112
113
114
115
# File 'generated/google/apis/iam_v1/service.rb', line 106

def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
  command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
  command.request_object = query_auditable_services_request_object
  command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryTestablePermissionsResponse

Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource.

Parameters:

  • query_testable_permissions_request_object (Google::Apis::IamV1::QueryTestablePermissionsRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



444
445
446
447
448
449
450
451
452
453
# File 'generated/google/apis/iam_v1/service.rb', line 444

def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
  command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
  command.request_object = query_testable_permissions_request_object
  command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a member the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's getIamPolicy method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's setIamPolicy method to update its IAM policy. For detailed instructions, see Granting roles to a service account for specific resources.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

  • set_iam_policy_request_object (Google::Apis::IamV1::SetIamPolicyRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
# File 'generated/google/apis/iam_v1/service.rb', line 1181

def (resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
  command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
  command.request_object = set_iam_policy_request_object
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignBlobResponse

Note: This method is deprecated and will stop working on July 1, 2021. Use the signBlob method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions. Signs a blob using the system-managed private key for a ServiceAccount.

Parameters:

  • name (String)

    Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format: projects/PROJECT_ID/ serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemail address or theunique_id` of the service account.

  • sign_blob_request_object (Google::Apis::IamV1::SignBlobRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
# File 'generated/google/apis/iam_v1/service.rb', line 1225

def (name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
  command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
  command.request_object = sign_blob_request_object
  command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
  command.response_class = Google::Apis::IamV1::SignBlobResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignJwtResponse

Note: This method is deprecated and will stop working on July 1, 2021. Use the signJwt method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.

Parameters:

  • name (String)

    Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format: projects/PROJECT_ID/ serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemail address or theunique_id` of the service account.

  • sign_jwt_request_object (Google::Apis::IamV1::SignJwtRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
# File 'generated/google/apis/iam_v1/service.rb', line 1268

def (name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
  command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
  command.request_object = sign_jwt_request_object
  command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
  command.response_class = Google::Apis::IamV1::SignJwtResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::TestIamPermissionsResponse

Tests whether the caller has the specified permissions on a ServiceAccount.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

  • test_iam_permissions_request_object (Google::Apis::IamV1::TestIamPermissionsRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
# File 'generated/google/apis/iam_v1/service.rb', line 1302

def (resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
  command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
  command.request_object = test_iam_permissions_request_object
  command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Undeletes a custom Role.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.undelete(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.undelete(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



412
413
414
415
416
417
418
419
420
421
422
# File 'generated/google/apis/iam_v1/service.rb', line 412

def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Undeletes a custom Role.

Parameters:

  • name (String)

    The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.undelete(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.undelete(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

  • undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



812
813
814
815
816
817
818
819
820
821
822
# File 'generated/google/apis/iam_v1/service.rb', line 812

def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::UndeleteServiceAccountResponse

Restores a deleted ServiceAccount. Important: It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT_UNIQUE_ID`. Using-as a wildcard for thePROJECT_ID` will infer the project from the account.

  • undelete_service_account_request_object (Google::Apis::IamV1::UndeleteServiceAccountRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
# File 'generated/google/apis/iam_v1/service.rb', line 1341

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
  command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Note: We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount. You can update only the display_name and description fields.

Parameters:

  • name (String)

    The resource name of the service account. Use one of the following formats: * projects/PROJECT_ID/serviceAccounts/EMAIL_ADDRESS* `projects/`PROJECT_ID` /serviceAccounts/`UNIQUE_ID As an alternative, you can use the - wildcard character instead of the project ID: * projects/-/serviceAccounts/ EMAIL_ADDRESS* `projects/-/serviceAccounts/`UNIQUE_ID When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

  • service_account_object (Google::Apis::IamV1::ServiceAccount) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
# File 'generated/google/apis/iam_v1/service.rb', line 1385

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:put, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

Creates a ServiceAccountKey, using a public key that you provide.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for the PROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.

  • upload_service_account_key_request_object (Google::Apis::IamV1::UploadServiceAccountKeyRequest) (defaults to: nil)
  • fields (String) (defaults to: nil)

    Selector specifying which fields to include in a partial response.

  • quota_user (String) (defaults to: nil)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions) (defaults to: nil)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:

  • (Google::Apis::ServerError)

    An error occurred on the server and the request can be retried

  • (Google::Apis::ClientError)

    The request is invalid and should not be retried without modification

  • (Google::Apis::AuthorizationError)

    Authorization is required



1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
# File 'generated/google/apis/iam_v1/service.rb', line 1568

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys:upload', options)
  command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end