Class: Google::Apis::IamV1::IamService

Inherits:

Core::BaseService

Object
Core::BaseService
Google::Apis::IamV1::IamService

show all

Defined in:: generated/google/apis/iam_v1/service.rb

Overview

Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Examples:

require 'google/apis/iam_v1'

Iam = Google::Apis::IamV1 # Alias the module
service = Iam::IamService.new

Instance Attribute Summary collapse

#key ⇒ String
API key.
#quota_user ⇒ String
Available to use for quota purposes for server-side applications.

Instance Method Summary collapse

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Creates a new custom Role.
#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Creates a new custom Role.
#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Creates a ServiceAccount.
#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey
Creates a ServiceAccountKey.
#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Deletes a custom Role.
#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Deletes a custom Role.
#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
Deletes a ServiceAccount.
#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
Deletes a ServiceAccountKey.
#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
Disables a ServiceAccount immediately.
#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
Enables a ServiceAccount that was disabled by DisableServiceAccount.
#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Gets the definition of a Role.
#get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Operation
Gets the latest state of a long-running operation.
#get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Operation
Gets the latest state of a long-running operation.
#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Gets the definition of a Role.
#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Gets a ServiceAccount.
#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy
Gets the IAM policy that is attached to a ServiceAccount.
#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey
Gets a ServiceAccountKey.
#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Gets the definition of a Role.
#initialize ⇒ IamService constructor
A new instance of IamService.
#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::LintPolicyResponse
Lints, or validates, an IAM policy.
#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountKeysResponse
Lists every ServiceAccountKey for a service account.
#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountsResponse
Lists every ServiceAccount that belongs to a specific project.
#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Updates the definition of a custom Role.
#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Updates the definition of a custom Role.
#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Patches a ServiceAccount.
#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryGrantableRolesResponse
Lists roles that can be granted on a Google Cloud resource.
#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryAuditableServicesResponse
Returns a list of services that allow you to opt into audit logs that are not generated by default.
#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryTestablePermissionsResponse
Lists every permission that you can test on a resource.
#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy
Sets the IAM policy that is attached to a ServiceAccount.
#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignBlobResponse
Note: This method is deprecated and will stop working on July 1, 2021.
#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignJwtResponse
Note: This method is deprecated and will stop working on July 1, 2021.
#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::TestIamPermissionsResponse
Tests whether the caller has the specified permissions on a ServiceAccount.
#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Undeletes a custom Role.
#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Undeletes a custom Role.
#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::UndeleteServiceAccountResponse
Restores a deleted ServiceAccount.
#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Note: We are in the process of deprecating this method.
#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey
Creates a ServiceAccountKey, using a public key that you provide.

Constructor Details

#initialize ⇒ `IamService`

Returns a new instance of IamService.

# File 'generated/google/apis/iam_v1/service.rb', line 47

def initialize
  super('https://iam.googleapis.com/', '')
  @batch_path = 'batch'
end

Instance Attribute Details

#key ⇒ `String`

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

(String) —
API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.



40
41
42

# File 'generated/google/apis/iam_v1/service.rb', line 40

def key
  @key
end

#quota_user ⇒ `String`

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

(String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.



45
46
47

# File 'generated/google/apis/iam_v1/service.rb', line 45

def quota_user
  @quota_user
end

Instance Method Details

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Creates a new custom Role.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's parent value format is described below: * projects.roles.create(): projects/PROJECT_ID. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ create): `organizations/`ORGANIZATION_ID. This method creates organization- level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 150

def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Creates a new custom Role.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's parent value format is described below: * projects.roles.create(): projects/PROJECT_ID. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ create): `organizations/`ORGANIZATION_ID. This method creates organization- level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 550

def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Creates a ServiceAccount.

Parameters:

name (String) —
Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.
create_service_account_request_object (Google::Apis::IamV1::CreateServiceAccountRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 846

def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
  command.request_object = create_service_account_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

Creates a ServiceAccountKey.

Parameters:

name (String) —
Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
create_service_account_key_request_object (Google::Apis::IamV1::CreateServiceAccountKeyRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccountKey) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccountKey)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1421

def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
  command.request_object = create_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.delete(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.delete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
etag (String) (defaults to: nil) —
Used to perform a consistent read-modify-write.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 205

def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.delete(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.delete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
etag (String) (defaults to: nil) —
Used to perform a consistent read-modify-write.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 605

def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

Deletes a ServiceAccount. Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.

Parameters:

name (String) —
Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 890

def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.

Parameters:

name (String) —
Required. The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. The ACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1458

def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

Disables a ServiceAccount immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for the PROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
disable_service_account_request_object (Google::Apis::IamV1::DisableServiceAccountRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 934

def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:disable', options)
  command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
  command.request_object = disable_service_account_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

Enables a ServiceAccount that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for the PROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
enable_service_account_request_object (Google::Apis::IamV1::EnableServiceAccountRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 974

def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:enable', options)
  command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
  command.request_object = enable_service_account_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Gets the definition of a Role.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below: * roles.get(): roles/ROLE_NAME. This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME * projects.roles.get(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.get(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 254

def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Operation`

Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.

Parameters:

name (String) —
The name of the operation resource.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Operation) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Operation)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 476

def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Operation`

Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.

Parameters:

name (String) —
The name of the operation resource.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Operation) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Operation)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 507

def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Gets the definition of a Role.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below: * roles.get(): roles/ROLE_NAME. This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME * projects.roles.get(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.get(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 654

def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Gets a ServiceAccount.

Parameters:

name (String) —
Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1009

def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which members have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the getIamPolicy method for that resource. For example, to view the role grants for a project, call the Resource Manager API's projects.getIamPolicy method.

Parameters:

resource (String) —
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
options_requested_policy_version (Fixnum) (defaults to: nil) —
Optional. The policy format version to be returned. Valid values are 0, 1, and
1. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Policy) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Policy)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1055

def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

Gets a ServiceAccountKey.

Parameters:

name (String) —
Required. The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. The ACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
public_key_type (String) (defaults to: nil) —
The output format of the public key requested. X509_PEM is the default output format.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccountKey) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccountKey)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1495

def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Gets the definition of a Role.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below: * roles.get(): roles/ROLE_NAME. This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME * projects.roles.get(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.get(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1618

def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::LintPolicyResponse`

Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding. condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP 200 OK status code, even if the linter detects an issue in the IAM policy.

Parameters:

lint_policy_request_object (Google::Apis::IamV1::LintPolicyRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::LintPolicyResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::LintPolicyResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 74

def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
  command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
  command.request_object = lint_policy_request_object
  command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
  command.response_class = Google::Apis::IamV1::LintPolicyResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below: * roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles * projects.roles.list(): projects/PROJECT_ID. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID. This method lists all organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
page_size (Fixnum) (defaults to: nil) —
Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
page_token (String) (defaults to: nil) —
Optional pagination token returned in an earlier ListRolesResponse.
show_deleted (Boolean) (defaults to: nil) —
Include Roles that have been deleted.
view (String) (defaults to: nil) —
Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 313

def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below: * roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles * projects.roles.list(): projects/PROJECT_ID. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID. This method lists all organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
page_size (Fixnum) (defaults to: nil) —
Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
page_token (String) (defaults to: nil) —
Optional pagination token returned in an earlier ListRolesResponse.
show_deleted (Boolean) (defaults to: nil) —
Include Roles that have been deleted.
view (String) (defaults to: nil) —
Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 713

def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountKeysResponse`

Lists every ServiceAccountKey for a service account.

Parameters:

name (String) —
Required. The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_ID, will infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
key_types (Array<String>, String) (defaults to: nil) —
Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListServiceAccountKeysResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListServiceAccountKeysResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1533

def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/keys', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
  command.params['name'] = name unless name.nil?
  command.query['keyTypes'] = key_types unless key_types.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountsResponse`

Lists every ServiceAccount that belongs to a specific project.

Parameters:

name (String) —
Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.
page_size (Fixnum) (defaults to: nil) —
Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request. The default is 20, and the maximum is 100.
page_token (String) (defaults to: nil) —
Optional pagination token returned in an earlier ListServiceAccountsResponse. next_page_token.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListServiceAccountsResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListServiceAccountsResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1095

def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
  command.params['name'] = name unless name.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Parameters:

page_size (Fixnum) (defaults to: nil) —
Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
page_token (String) (defaults to: nil) —
Optional pagination token returned in an earlier ListRolesResponse.
parent (String) (defaults to: nil) —
The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below: * roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles * projects.roles.list(): projects/PROJECT_ID. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID. This method lists all organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/ ORGANIZATION_ID/roles Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
show_deleted (Boolean) (defaults to: nil) —
Include Roles that have been deleted.
view (String) (defaults to: nil) —
Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1677

def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['parent'] = parent unless parent.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Updates the definition of a custom Role.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.patch(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.patch() : organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
role_object (Google::Apis::IamV1::Role) (defaults to: nil)
update_mask (String) (defaults to: nil) —
A mask describing which fields in the Role have changed.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 364

def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Updates the definition of a custom Role.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.patch(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID * organizations.roles.patch() : organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
role_object (Google::Apis::IamV1::Role) (defaults to: nil)
update_mask (String) (defaults to: nil) —
A mask describing which fields in the Role have changed.
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 764

def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Patches a ServiceAccount.

Parameters:

name (String) —
The resource name of the service account. Use one of the following formats: * projects/PROJECT_ID/serviceAccounts/EMAIL_ADDRESS* `projects/`PROJECT_ID` /serviceAccounts/`UNIQUE_ID As an alternative, you can use the - wildcard character instead of the project ID: * projects/-/serviceAccounts/ EMAIL_ADDRESS* `projects/-/serviceAccounts/`UNIQUE_ID When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.
patch_service_account_request_object (Google::Apis::IamV1::PatchServiceAccountRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1137

def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
  command.request_object = patch_service_account_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryGrantableRolesResponse`

Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.

Parameters:

query_grantable_roles_request_object (Google::Apis::IamV1::QueryGrantableRolesRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::QueryGrantableRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::QueryGrantableRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1711

def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
  command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
  command.request_object = query_grantable_roles_request_object
  command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryAuditableServicesResponse`

Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the Logging documentation.

Parameters:

query_auditable_services_request_object (Google::Apis::IamV1::QueryAuditableServicesRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::QueryAuditableServicesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::QueryAuditableServicesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 106

def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
  command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
  command.request_object = query_auditable_services_request_object
  command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryTestablePermissionsResponse`

Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource.

Parameters:

query_testable_permissions_request_object (Google::Apis::IamV1::QueryTestablePermissionsRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::QueryTestablePermissionsResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::QueryTestablePermissionsResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 444

def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
  command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
  command.request_object = query_testable_permissions_request_object
  command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a member the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's getIamPolicy method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's setIamPolicy method to update its IAM policy. For detailed instructions, see Granting roles to a service account for specific resources.

Parameters:

resource (String) —
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
set_iam_policy_request_object (Google::Apis::IamV1::SetIamPolicyRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Policy) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Policy)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1181

def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
  command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
  command.request_object = set_iam_policy_request_object
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignBlobResponse`

Note: This method is deprecated and will stop working on July 1, 2021. Use the signBlob method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions. Signs a blob using the system-managed private key for a ServiceAccount.

Parameters:

name (String) —
Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format: projects/PROJECT_ID/ serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
sign_blob_request_object (Google::Apis::IamV1::SignBlobRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::SignBlobResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::SignBlobResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1225

def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
  command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
  command.request_object = sign_blob_request_object
  command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
  command.response_class = Google::Apis::IamV1::SignBlobResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignJwtResponse`

Note: This method is deprecated and will stop working on July 1, 2021. Use the signJwt method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.

Parameters:

name (String) —
Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format: projects/PROJECT_ID/ serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
sign_jwt_request_object (Google::Apis::IamV1::SignJwtRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::SignJwtResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::SignJwtResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1268

def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
  command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
  command.request_object = sign_jwt_request_object
  command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
  command.response_class = Google::Apis::IamV1::SignJwtResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::TestIamPermissionsResponse`

Tests whether the caller has the specified permissions on a ServiceAccount.

Parameters:

resource (String) —
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
test_iam_permissions_request_object (Google::Apis::IamV1::TestIamPermissionsRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::TestIamPermissionsResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::TestIamPermissionsResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1302

def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
  command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
  command.request_object = test_iam_permissions_request_object
  command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Undeletes a custom Role.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.undelete(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.undelete(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 412

def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Undeletes a custom Role.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below: * projects.roles.undelete(): projects/PROJECT_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID * organizations.roles.undelete(): organizations/ORGANIZATION_ID/roles/ CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 812

def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::UndeleteServiceAccountResponse`

Restores a deleted ServiceAccount. Important: It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT_UNIQUE_ID`. Using-as a wildcard for thePROJECT_ID` will infer the project from the account.
undelete_service_account_request_object (Google::Apis::IamV1::UndeleteServiceAccountRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::UndeleteServiceAccountResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::UndeleteServiceAccountResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1341

def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
  command.request_object = undelete_service_account_request_object
  command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
  command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Note: We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount. You can update only the display_name and description fields.

Parameters:

name (String) —
The resource name of the service account. Use one of the following formats: * projects/PROJECT_ID/serviceAccounts/EMAIL_ADDRESS* `projects/`PROJECT_ID` /serviceAccounts/`UNIQUE_ID As an alternative, you can use the - wildcard character instead of the project ID: * projects/-/serviceAccounts/ EMAIL_ADDRESS* `projects/-/serviceAccounts/`UNIQUE_ID When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.
service_account_object (Google::Apis::IamV1::ServiceAccount) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1385

def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:put, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.request_object = service_account_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

Creates a ServiceAccountKey, using a public key that you provide.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/ PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for the PROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
upload_service_account_key_request_object (Google::Apis::IamV1::UploadServiceAccountKeyRequest) (defaults to: nil)
fields (String) (defaults to: nil) —
Selector specifying which fields to include in a partial response.
quota_user (String) (defaults to: nil) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) (defaults to: nil) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccountKey) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccountKey)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1568

def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys:upload', options)
  command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation
  command.request_object = upload_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

Class: Google::Apis::IamV1::IamService

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize ⇒ IamService

Instance Attribute Details

#key ⇒ String

#quota_user ⇒ String

Instance Method Details

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Operation

#get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Operation

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::LintPolicyResponse

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountKeysResponse

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountsResponse

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryGrantableRolesResponse

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryAuditableServicesResponse

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryTestablePermissionsResponse

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignBlobResponse

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignJwtResponse

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::TestIamPermissionsResponse

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::UndeleteServiceAccountResponse

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

#initialize ⇒ `IamService`

#key ⇒ `String`

#quota_user ⇒ `String`

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Operation`

#get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Operation`

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::LintPolicyResponse`

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountKeysResponse`

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountsResponse`

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryGrantableRolesResponse`

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryAuditableServicesResponse`

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryTestablePermissionsResponse`

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignBlobResponse`

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignJwtResponse`

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::TestIamPermissionsResponse`

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::UndeleteServiceAccountResponse`

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`