Class: Google::Apis::IamV1::IamService

Inherits:
Core::BaseService show all
Defined in:
generated/google/apis/iam_v1/service.rb

Overview

Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Examples:

require 'google/apis/iam_v1'

Iam = Google::Apis::IamV1 # Alias the module
service = Iam::IamService.new

See Also:

Instance Attribute Summary collapse

Attributes inherited from Core::BaseService

#authorization, #base_path, #batch_path, #client, #client_options, #request_options, #root_url, #upload_path

Instance Method Summary collapse

Methods inherited from Core::BaseService

#batch, #batch_upload, #fetch_all, #http

Methods included from Core::Logging

#logger

Constructor Details

#initializeIamService

Returns a new instance of IamService



47
48
49
50
 
# File 'generated/google/apis/iam_v1/service.rb', line 47

def initialize
  super('https://iam.googleapis.com/', '')
  @batch_path = 'batch'
end

Instance Attribute Details

#keyString

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

  • (String)

    API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.



40
41
42
 
# File 'generated/google/apis/iam_v1/service.rb', line 40

def key
  @key
end

#quota_userString

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

  • (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.



45
46
47
 
# File 'generated/google/apis/iam_v1/service.rb', line 45

def quota_user
  @quota_user
end

Instance Method Details

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Creates a new Role.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: organizations/ORGANIZATION_ID `projects/`PROJECT_ID

  • create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



155
156
157
158
159
160
161
162
163
164
165
 
# File 'generated/google/apis/iam_v1/service.rb', line 155

def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Creates a new Role.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: organizations/ORGANIZATION_ID `projects/`PROJECT_ID

  • create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



417
418
419
420
421
422
423
424
425
426
427
 
# File 'generated/google/apis/iam_v1/service.rb', line 417

def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Creates a ServiceAccount and returns it.

Parameters:

  • name (String)

    Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.

  • create_service_account_request_object (Google::Apis::IamV1::CreateServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



648
649
650
651
652
653
654
655
656
657
658
 
# File 'generated/google/apis/iam_v1/service.rb', line 648

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

Creates a ServiceAccountKey and returns it.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • create_service_account_key_request_object (Google::Apis::IamV1::CreateServiceAccountKeyRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
 
# File 'generated/google/apis/iam_v1/service.rb', line 1208

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}/keys', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in ListRoles() unless show_deleted is set in the ListRolesRequest. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • etag (String)

    Used to perform a consistent read-modify-write.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



197
198
199
200
201
202
203
204
205
206
 
# File 'generated/google/apis/iam_v1/service.rb', line 197

def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in ListRoles() unless show_deleted is set in the ListRolesRequest. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • etag (String)

    Used to perform a consistent read-modify-write.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



459
460
461
462
463
464
465
466
467
468
 
# File 'generated/google/apis/iam_v1/service.rb', line 459

def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Deletes a ServiceAccount.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



684
685
686
687
688
689
690
691
692
 
# File 'generated/google/apis/iam_v1/service.rb', line 684

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Deletes a ServiceAccountKey.

Parameters:

  • name (String)

    The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1244
1245
1246
1247
1248
1249
1250
1251
1252
 
# File 'generated/google/apis/iam_v1/service.rb', line 1244

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Disables a ServiceAccount. The API is currently in alpha phase.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • disable_service_account_request_object (Google::Apis::IamV1::DisableServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



720
721
722
723
724
725
726
727
728
729
730
 
# File 'generated/google/apis/iam_v1/service.rb', line 720

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:disable', options)
  command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Enables a ServiceAccount. The API is currently in alpha phase.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT_UNIQUE_ID'. Using-as a wildcard for thePROJECT_ID` will infer the project from the account.

  • enable_service_account_request_object (Google::Apis::IamV1::EnableServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



757
758
759
760
761
762
763
764
765
766
767
 
# File 'generated/google/apis/iam_v1/service.rb', line 757

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:enable', options)
  command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



231
232
233
234
235
236
237
238
239
 
# File 'generated/google/apis/iam_v1/service.rb', line 231

def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



493
494
495
496
497
498
499
500
501
 
# File 'generated/google/apis/iam_v1/service.rb', line 493

def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Gets a ServiceAccount.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



793
794
795
796
797
798
799
800
801
 
# File 'generated/google/apis/iam_v1/service.rb', line 793

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_iam_policy(resource, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

Returns the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both resources and identities. This method treats the service account as a resource. It returns the Cloud IAM policy that reflects what members have access to the service account. This method does not return what resources the service account has access to. To see if a service account has access to a resource, call the getIamPolicy method on the target resource. For example, to view grants for a project, call the projects.getIamPolicy method.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



837
838
839
840
841
842
843
844
845
 
# File 'generated/google/apis/iam_v1/service.rb', line 837

def (resource, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

Gets the ServiceAccountKey by key id.

Parameters:

  • name (String)

    The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • public_key_type (String)

    The output format of the public key requested. X509_PEM is the default output format.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
 
# File 'generated/google/apis/iam_v1/service.rb', line 1282

def (name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1355
1356
1357
1358
1359
1360
1361
1362
1363
 
# File 'generated/google/apis/iam_v1/service.rb', line 1355

def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::LintPolicyResponse

Lints a Cloud IAM policy object or its sub fields. Currently supports google.iam.v1.Policy, google.iam.v1.Binding and google.iam.v1.Binding.condition. Each lint operation consists of multiple lint validation units. Validation units have the following properties:

  • Each unit inspects the input object in regard to a particular linting aspect and issues a google.iam.admin.v1.LintResult disclosing the result.
  • Domain of discourse of each unit can be either google.iam.v1.Policy, google.iam.v1.Binding, or google.iam.v1.Binding.condition depending on the purpose of the validation.
  • A unit may require additional data (like the list of all possible enumerable values of a particular attribute used in the policy instance) which shall be provided by the caller. Refer to the comments of google.iam.admin.v1.LintPolicyRequest.context for more details. The set of applicable validation units is determined by the Cloud IAM server and is not configurable. Regardless of any lint issues or their severities, successful calls to lintPolicy return an HTTP 200 OK status code.

Parameters:

  • lint_policy_request_object (Google::Apis::IamV1::LintPolicyRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



90
91
92
93
94
95
96
97
98
99
 
# File 'generated/google/apis/iam_v1/service.rb', line 90

def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
  command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
  command.request_object = lint_policy_request_object
  command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
  command.response_class = Google::Apis::IamV1::LintPolicyResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists the Roles defined on a resource.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: (empty string) -- this refers to curated roles. `organizations/`ORGANIZATION_ID projects/PROJECT_ID``

  • page_size (Fixnum)

    Optional limit on the number of roles to include in the response.

  • page_token (String)

    Optional pagination token returned in an earlier ListRolesResponse.

  • show_deleted (Boolean)

    Include Roles that have been deleted.

  • view (String)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



275
276
277
278
279
280
281
282
283
284
285
286
287
 
# File 'generated/google/apis/iam_v1/service.rb', line 275

def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists the Roles defined on a resource.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: (empty string) -- this refers to curated roles. `organizations/`ORGANIZATION_ID projects/PROJECT_ID``

  • page_size (Fixnum)

    Optional limit on the number of roles to include in the response.

  • page_token (String)

    Optional pagination token returned in an earlier ListRolesResponse.

  • show_deleted (Boolean)

    Include Roles that have been deleted.

  • view (String)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



537
538
539
540
541
542
543
544
545
546
547
548
549
 
# File 'generated/google/apis/iam_v1/service.rb', line 537

def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountKeysResponse

Lists ServiceAccountKeys.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_ID, will infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • key_types (Array<String>, String)

    Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
 
# File 'generated/google/apis/iam_v1/service.rb', line 1321

def (name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}/keys', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
  command.params['name'] = name unless name.nil?
  command.query['keyTypes'] = key_types unless key_types.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountsResponse

Lists ServiceAccounts for a project.

Parameters:

  • name (String)

    Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.

  • page_size (Fixnum)

    Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request.

  • page_token (String)

    Optional pagination token returned in an earlier ListServiceAccountsResponse.next_page_token.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



876
877
878
879
880
881
882
883
884
885
886
 
# File 'generated/google/apis/iam_v1/service.rb', line 876

def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
  command.params['name'] = name unless name.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists the Roles defined on a resource.

Parameters:

  • page_size (Fixnum)

    Optional limit on the number of roles to include in the response.

  • page_token (String)

    Optional pagination token returned in an earlier ListRolesResponse.

  • parent (String)

    The resource name of the parent resource in one of the following formats: (empty string) -- this refers to curated roles. `organizations/`ORGANIZATION_ID projects/PROJECT_ID``

  • show_deleted (Boolean)

    Include Roles that have been deleted.

  • view (String)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
 
# File 'generated/google/apis/iam_v1/service.rb', line 1399

def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['parent'] = parent unless parent.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Updates a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • role_object (Google::Apis::IamV1::Role) (defaults to: nil)
  • update_mask (String)

    A mask describing which fields in the Role have changed.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



315
316
317
318
319
320
321
322
323
324
325
326
 
# File 'generated/google/apis/iam_v1/service.rb', line 315

def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Updates a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • role_object (Google::Apis::IamV1::Role) (defaults to: nil)
  • update_mask (String)

    A mask describing which fields in the Role have changed.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



577
578
579
580
581
582
583
584
585
586
587
588
 
# File 'generated/google/apis/iam_v1/service.rb', line 577

def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Patches a ServiceAccount. Currently, only the following fields are updatable: display_name and description. Only fields specified in the request are guaranteed to be returned in the response. Other fields in the response may be empty. Note: The field mask is required.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT. Requests using `-` as a wildcard for the `PROJECT_ID` will infer the project from the `account` and the `ACCOUNT` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT.

  • patch_service_account_request_object (Google::Apis::IamV1::PatchServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



920
921
922
923
924
925
926
927
928
929
930
 
# File 'generated/google/apis/iam_v1/service.rb', line 920

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryGrantableRolesResponse

Queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.

Parameters:

  • query_grantable_roles_request_object (Google::Apis::IamV1::QueryGrantableRolesRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
 
# File 'generated/google/apis/iam_v1/service.rb', line 1434

def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
  command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
  command.request_object = query_grantable_roles_request_object
  command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryAuditableServicesResponse

Returns a list of services that support service level audit logging configuration for the given resource.

Parameters:

  • query_auditable_services_request_object (Google::Apis::IamV1::QueryAuditableServicesRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



121
122
123
124
125
126
127
128
129
130
 
# File 'generated/google/apis/iam_v1/service.rb', line 121

def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
  command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
  command.request_object = query_auditable_services_request_object
  command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryTestablePermissionsResponse

Lists the permissions testable on a resource. A permission is testable if it can be tested for an identity on a resource.

Parameters:

  • query_testable_permissions_request_object (Google::Apis::IamV1::QueryTestablePermissionsRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



383
384
385
386
387
388
389
390
391
392
 
# File 'generated/google/apis/iam_v1/service.rb', line 383

def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
  command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
  command.request_object = query_testable_permissions_request_object
  command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

Sets the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both resources and identities. This method treats the service account as a resource. Use it to grant members access to the service account, such as when they need to impersonate it. This method does not grant the service account access to other resources, such as projects. To grant a service account access to resources, include the service account in the Cloud IAM policy for the desired resource, then call the appropriate setIamPolicy method on the target resource. For example, to grant a service account access to a project, call the projects.setIamPolicy method.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

  • set_iam_policy_request_object (Google::Apis::IamV1::SetIamPolicyRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



968
969
970
971
972
973
974
975
976
977
978
 
# File 'generated/google/apis/iam_v1/service.rb', line 968

def (resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
  command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
  command.request_object = set_iam_policy_request_object
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignBlobResponse

Note: This method is in the process of being deprecated. Call the signBlob() method of the Cloud IAM Service Account Credentials API instead. Signs a blob using a service account's system-managed private key.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • sign_blob_request_object (Google::Apis::IamV1::SignBlobRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
 
# File 'generated/google/apis/iam_v1/service.rb', line 1009

def (name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:signBlob', options)
  command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
  command.request_object = sign_blob_request_object
  command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
  command.response_class = Google::Apis::IamV1::SignBlobResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignJwtResponse

Note: This method is in the process of being deprecated. Call the signJwt() method of the Cloud IAM Service Account Credentials API instead. Signs a JWT using a service account's system-managed private key. If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an an expiry time of one hour by default. If you request an expiry time of more than one hour, the request will fail.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • sign_jwt_request_object (Google::Apis::IamV1::SignJwtRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
 
# File 'generated/google/apis/iam_v1/service.rb', line 1053

def (name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:signJwt', options)
  command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
  command.request_object = sign_jwt_request_object
  command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
  command.response_class = Google::Apis::IamV1::SignJwtResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::TestIamPermissionsResponse

Tests the specified permissions against the IAM access control policy for a ServiceAccount.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

  • test_iam_permissions_request_object (Google::Apis::IamV1::TestIamPermissionsRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
 
# File 'generated/google/apis/iam_v1/service.rb', line 1088

def (resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
  command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
  command.request_object = test_iam_permissions_request_object
  command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Undelete a Role, bringing it back in its previous state.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



351
352
353
354
355
356
357
358
359
360
361
 
# File 'generated/google/apis/iam_v1/service.rb', line 351

def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Undelete a Role, bringing it back in its previous state.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



613
614
615
616
617
618
619
620
621
622
623
 
# File 'generated/google/apis/iam_v1/service.rb', line 613

def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::UndeleteServiceAccountResponse

Restores a deleted ServiceAccount. This is to be used as an action of last resort. A service account may not always be restorable.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT_UNIQUE_ID'. Using-as a wildcard for thePROJECT_ID` will infer the project from the account.

  • undelete_service_account_request_object (Google::Apis::IamV1::UndeleteServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
 
# File 'generated/google/apis/iam_v1/service.rb', line 1126

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
  command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Note: This method is in the process of being deprecated. Use PatchServiceAccount instead. Updates a ServiceAccount. Currently, only the following fields are updatable: display_name . The etag is mandatory.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT. Requests using `-` as a wildcard for the `PROJECT_ID` will infer the project from the `account` and the `ACCOUNT` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT.

  • service_account_object (Google::Apis::IamV1::ServiceAccount) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
 
# File 'generated/google/apis/iam_v1/service.rb', line 1170

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:put, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end