Class: Google::Apis::IamV1::IamService

Inherits:
Core::BaseService show all
Defined in:
generated/google/apis/iam_v1/service.rb

Overview

Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Examples:

require 'google/apis/iam_v1'

Iam = Google::Apis::IamV1 # Alias the module
service = Iam::IamService.new

See Also:

Instance Attribute Summary collapse

Attributes inherited from Core::BaseService

#authorization, #base_path, #batch_path, #client, #client_options, #request_options, #root_url, #upload_path

Instance Method Summary collapse

Methods inherited from Core::BaseService

#batch, #batch_upload, #fetch_all, #http

Methods included from Core::Logging

#logger

Constructor Details

#initializeIamService

Returns a new instance of IamService



47
48
49
50
 
# File 'generated/google/apis/iam_v1/service.rb', line 47

def initialize
  super('https://iam.googleapis.com/', '')
  @batch_path = 'batch'
end

Instance Attribute Details

#keyString

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

  • (String)

    API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.



40
41
42
 
# File 'generated/google/apis/iam_v1/service.rb', line 40

def key
  @key
end

#quota_userString

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

  • (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.



45
46
47
 
# File 'generated/google/apis/iam_v1/service.rb', line 45

def quota_user
  @quota_user
end

Instance Method Details

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Creates a new Role.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: organizations/ORGANIZATION_ID `projects/`PROJECT_ID

  • create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



155
156
157
158
159
160
161
162
163
164
165
 
# File 'generated/google/apis/iam_v1/service.rb', line 155

def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Creates a new Role.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: organizations/ORGANIZATION_ID `projects/`PROJECT_ID

  • create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



417
418
419
420
421
422
423
424
425
426
427
 
# File 'generated/google/apis/iam_v1/service.rb', line 417

def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Creates a ServiceAccount and returns it.

Parameters:

  • name (String)

    Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.

  • create_service_account_request_object (Google::Apis::IamV1::CreateServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



648
649
650
651
652
653
654
655
656
657
658
 
# File 'generated/google/apis/iam_v1/service.rb', line 648

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

Creates a ServiceAccountKey and returns it.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • create_service_account_key_request_object (Google::Apis::IamV1::CreateServiceAccountKeyRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
 
# File 'generated/google/apis/iam_v1/service.rb', line 1225

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}/keys', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in ListRoles() unless show_deleted is set in the ListRolesRequest. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • etag (String)

    Used to perform a consistent read-modify-write.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



197
198
199
200
201
202
203
204
205
206
 
# File 'generated/google/apis/iam_v1/service.rb', line 197

def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in ListRoles() unless show_deleted is set in the ListRolesRequest. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • etag (String)

    Used to perform a consistent read-modify-write.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



459
460
461
462
463
464
465
466
467
468
 
# File 'generated/google/apis/iam_v1/service.rb', line 459

def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Deletes a ServiceAccount.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



684
685
686
687
688
689
690
691
692
 
# File 'generated/google/apis/iam_v1/service.rb', line 684

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

Deletes a ServiceAccountKey.

Parameters:

  • name (String)

    The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1261
1262
1263
1264
1265
1266
1267
1268
1269
 
# File 'generated/google/apis/iam_v1/service.rb', line 1261

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

DisableServiceAccount is currently in the alpha launch stage. Disables a ServiceAccount, which immediately prevents the service account from authenticating and gaining access to APIs. Disabled service accounts can be safely restored by using EnableServiceAccount at any point. Deleted service accounts cannot be restored using this method. Disabling a service account that is bound to VMs, Apps, Functions, or other jobs will cause those jobs to lose access to resources if they are using the disabled service account. To improve reliability of your services and avoid unexpected outages, it is recommended to first disable a service account rather than delete it. After disabling the service account, wait at least 24 hours to verify there are no unintended consequences, and then delete the service account.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • disable_service_account_request_object (Google::Apis::IamV1::DisableServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



732
733
734
735
736
737
738
739
740
741
742
 
# File 'generated/google/apis/iam_v1/service.rb', line 732

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:disable', options)
  command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

EnableServiceAccount is currently in the alpha launch stage. Restores a disabled ServiceAccount that has been manually disabled by using DisableServiceAccount. Service accounts that have been disabled by other means or for other reasons, such as abuse, cannot be restored using this method. EnableServiceAccount will have no effect on a service account that is not disabled. Enabling an already enabled service account will have no effect.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT_UNIQUE_ID'. Using-as a wildcard for thePROJECT_ID` will infer the project from the account.

  • enable_service_account_request_object (Google::Apis::IamV1::EnableServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



775
776
777
778
779
780
781
782
783
784
785
 
# File 'generated/google/apis/iam_v1/service.rb', line 775

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:enable', options)
  command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



231
232
233
234
235
236
237
238
239
 
# File 'generated/google/apis/iam_v1/service.rb', line 231

def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



493
494
495
496
497
498
499
500
501
 
# File 'generated/google/apis/iam_v1/service.rb', line 493

def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Gets a ServiceAccount.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



811
812
813
814
815
816
817
818
819
 
# File 'generated/google/apis/iam_v1/service.rb', line 811

def (name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_iam_policy(resource, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

Returns the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both resources and identities. This method treats the service account as a resource. It returns the Cloud IAM policy that reflects what members have access to the service account. This method does not return what resources the service account has access to. To see if a service account has access to a resource, call the getIamPolicy method on the target resource. For example, to view grants for a project, call the projects.getIamPolicy method.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



855
856
857
858
859
860
861
862
863
 
# File 'generated/google/apis/iam_v1/service.rb', line 855

def (resource, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

Gets the ServiceAccountKey by key id.

Parameters:

  • name (String)

    The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • public_key_type (String)

    The output format of the public key requested. X509_PEM is the default output format.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
 
# File 'generated/google/apis/iam_v1/service.rb', line 1299

def (name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Gets a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1372
1373
1374
1375
1376
1377
1378
1379
1380
 
# File 'generated/google/apis/iam_v1/service.rb', line 1372

def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::LintPolicyResponse

Lints a Cloud IAM policy object or its sub fields. Currently supports google.iam.v1.Policy, google.iam.v1.Binding and google.iam.v1.Binding.condition. Each lint operation consists of multiple lint validation units. Validation units have the following properties:

  • Each unit inspects the input object in regard to a particular linting aspect and issues a google.iam.admin.v1.LintResult disclosing the result.
  • Domain of discourse of each unit can be either google.iam.v1.Policy, google.iam.v1.Binding, or google.iam.v1.Binding.condition depending on the purpose of the validation.
  • A unit may require additional data (like the list of all possible enumerable values of a particular attribute used in the policy instance) which shall be provided by the caller. Refer to the comments of google.iam.admin.v1.LintPolicyRequest.context for more details. The set of applicable validation units is determined by the Cloud IAM server and is not configurable. Regardless of any lint issues or their severities, successful calls to lintPolicy return an HTTP 200 OK status code.

Parameters:

  • lint_policy_request_object (Google::Apis::IamV1::LintPolicyRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



90
91
92
93
94
95
96
97
98
99
 
# File 'generated/google/apis/iam_v1/service.rb', line 90

def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
  command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
  command.request_object = lint_policy_request_object
  command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
  command.response_class = Google::Apis::IamV1::LintPolicyResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists the Roles defined on a resource.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: (empty string) -- this refers to curated roles. `organizations/`ORGANIZATION_ID projects/PROJECT_ID``

  • page_size (Fixnum)

    Optional limit on the number of roles to include in the response.

  • page_token (String)

    Optional pagination token returned in an earlier ListRolesResponse.

  • show_deleted (Boolean)

    Include Roles that have been deleted.

  • view (String)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



275
276
277
278
279
280
281
282
283
284
285
286
287
 
# File 'generated/google/apis/iam_v1/service.rb', line 275

def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists the Roles defined on a resource.

Parameters:

  • parent (String)

    The resource name of the parent resource in one of the following formats: (empty string) -- this refers to curated roles. `organizations/`ORGANIZATION_ID projects/PROJECT_ID``

  • page_size (Fixnum)

    Optional limit on the number of roles to include in the response.

  • page_token (String)

    Optional pagination token returned in an earlier ListRolesResponse.

  • show_deleted (Boolean)

    Include Roles that have been deleted.

  • view (String)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



537
538
539
540
541
542
543
544
545
546
547
548
549
 
# File 'generated/google/apis/iam_v1/service.rb', line 537

def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountKeysResponse

Lists ServiceAccountKeys.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_ID, will infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • key_types (Array<String>, String)

    Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
 
# File 'generated/google/apis/iam_v1/service.rb', line 1338

def (name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}/keys', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
  command.params['name'] = name unless name.nil?
  command.query['keyTypes'] = key_types unless key_types.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountsResponse

Lists ServiceAccounts for a project.

Parameters:

  • name (String)

    Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.

  • page_size (Fixnum)

    Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request.

  • page_token (String)

    Optional pagination token returned in an earlier ListServiceAccountsResponse.next_page_token.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



894
895
896
897
898
899
900
901
902
903
904
 
# File 'generated/google/apis/iam_v1/service.rb', line 894

def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
  command.params['name'] = name unless name.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

Lists the Roles defined on a resource.

Parameters:

  • page_size (Fixnum)

    Optional limit on the number of roles to include in the response.

  • page_token (String)

    Optional pagination token returned in an earlier ListRolesResponse.

  • parent (String)

    The resource name of the parent resource in one of the following formats: (empty string) -- this refers to curated roles. `organizations/`ORGANIZATION_ID projects/PROJECT_ID``

  • show_deleted (Boolean)

    Include Roles that have been deleted.

  • view (String)

    Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
 
# File 'generated/google/apis/iam_v1/service.rb', line 1416

def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:get, 'v1/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['parent'] = parent unless parent.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Updates a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • role_object (Google::Apis::IamV1::Role) (defaults to: nil)
  • update_mask (String)

    A mask describing which fields in the Role have changed.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



315
316
317
318
319
320
321
322
323
324
325
326
 
# File 'generated/google/apis/iam_v1/service.rb', line 315

def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Updates a Role definition.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: roles/ROLE_NAME `organizations/`ORGANIZATION_ID`/roles/`ROLE_NAME projects/PROJECT_ID/roles/ROLE_NAME``

  • role_object (Google::Apis::IamV1::Role) (defaults to: nil)
  • update_mask (String)

    A mask describing which fields in the Role have changed.

  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



577
578
579
580
581
582
583
584
585
586
587
588
 
# File 'generated/google/apis/iam_v1/service.rb', line 577

def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Patches a ServiceAccount. Currently, only the following fields are updatable: display_name and description. Only fields specified in the request are guaranteed to be returned in the response. Other fields in the response may be empty. Note: The field mask is required.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT. Requests using `-` as a wildcard for the `PROJECT_ID` will infer the project from the `account` and the `ACCOUNT` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT.

  • patch_service_account_request_object (Google::Apis::IamV1::PatchServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



938
939
940
941
942
943
944
945
946
947
948
 
# File 'generated/google/apis/iam_v1/service.rb', line 938

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryGrantableRolesResponse

Queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.

Parameters:

  • query_grantable_roles_request_object (Google::Apis::IamV1::QueryGrantableRolesRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
 
# File 'generated/google/apis/iam_v1/service.rb', line 1451

def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
  command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
  command.request_object = query_grantable_roles_request_object
  command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryAuditableServicesResponse

Returns a list of services that support service level audit logging configuration for the given resource.

Parameters:

  • query_auditable_services_request_object (Google::Apis::IamV1::QueryAuditableServicesRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



121
122
123
124
125
126
127
128
129
130
 
# File 'generated/google/apis/iam_v1/service.rb', line 121

def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
  command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
  command.request_object = query_auditable_services_request_object
  command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryTestablePermissionsResponse

Lists the permissions testable on a resource. A permission is testable if it can be tested for an identity on a resource.

Parameters:

  • query_testable_permissions_request_object (Google::Apis::IamV1::QueryTestablePermissionsRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



383
384
385
386
387
388
389
390
391
392
 
# File 'generated/google/apis/iam_v1/service.rb', line 383

def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
  command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
  command.request_object = query_testable_permissions_request_object
  command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

Sets the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both resources and identities. This method treats the service account as a resource. Use it to grant members access to the service account, such as when they need to impersonate it. This method does not grant the service account access to other resources, such as projects. To grant a service account access to resources, include the service account in the Cloud IAM policy for the desired resource, then call the appropriate setIamPolicy method on the target resource. For example, to grant a service account access to a project, call the projects.setIamPolicy method.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

  • set_iam_policy_request_object (Google::Apis::IamV1::SetIamPolicyRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



986
987
988
989
990
991
992
993
994
995
996
 
# File 'generated/google/apis/iam_v1/service.rb', line 986

def (resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
  command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
  command.request_object = set_iam_policy_request_object
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignBlobResponse

Note: This method is in the process of being deprecated. Call the signBlob() method of the Cloud IAM Service Account Credentials API instead. Signs a blob using a service account's system-managed private key.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • sign_blob_request_object (Google::Apis::IamV1::SignBlobRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
 
# File 'generated/google/apis/iam_v1/service.rb', line 1027

def (name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:signBlob', options)
  command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
  command.request_object = sign_blob_request_object
  command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
  command.response_class = Google::Apis::IamV1::SignBlobResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignJwtResponse

Note: This method is in the process of being deprecated. Call the signJwt() method of the Cloud IAM Service Account Credentials API instead. Signs a JWT using a service account's system-managed private key. If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an an expiry time of one hour by default. If you request an expiry time of more than one hour, the request will fail.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or the unique_id` of the service account.

  • sign_jwt_request_object (Google::Apis::IamV1::SignJwtRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
 
# File 'generated/google/apis/iam_v1/service.rb', line 1071

def (name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:signJwt', options)
  command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
  command.request_object = sign_jwt_request_object
  command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
  command.response_class = Google::Apis::IamV1::SignJwtResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::TestIamPermissionsResponse

Tests the specified permissions against the IAM access control policy for a ServiceAccount.

Parameters:

  • resource (String)

    REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

  • test_iam_permissions_request_object (Google::Apis::IamV1::TestIamPermissionsRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
 
# File 'generated/google/apis/iam_v1/service.rb', line 1106

def (resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
  command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
  command.request_object = test_iam_permissions_request_object
  command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Undelete a Role, bringing it back in its previous state.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



351
352
353
354
355
356
357
358
359
360
361
 
# File 'generated/google/apis/iam_v1/service.rb', line 351

def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

Undelete a Role, bringing it back in its previous state.

Parameters:

  • name (String)

    The resource name of the role in one of the following formats: organizations/ORGANIZATION_ID/roles/ROLE_NAME `projects/`PROJECT_ID`/roles/`ROLE_NAME

  • undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



613
614
615
616
617
618
619
620
621
622
623
 
# File 'generated/google/apis/iam_v1/service.rb', line 613

def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::UndeleteServiceAccountResponse

Restores a deleted ServiceAccount. This is to be used as an action of last resort. A service account may not always be restorable.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT_UNIQUE_ID'. Using-as a wildcard for thePROJECT_ID` will infer the project from the account.

  • undelete_service_account_request_object (Google::Apis::IamV1::UndeleteServiceAccountRequest) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
 
# File 'generated/google/apis/iam_v1/service.rb', line 1144

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
  command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

Note: This method is in the process of being deprecated. Use PatchServiceAccount instead. Updates a ServiceAccount. Currently, only the following fields are updatable: display_name and description.

Parameters:

  • name (String)

    The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT. Requests using `-` as a wildcard for the `PROJECT_ID` will infer the project from the `account` and the `ACCOUNT` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT.

  • service_account_object (Google::Apis::IamV1::ServiceAccount) (defaults to: nil)
  • fields (String)

    Selector specifying which fields to include in a partial response.

  • quota_user (String)

    Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

  • options (Google::Apis::RequestOptions)

    Request-specific options

Yields:

  • (result, err)

    Result & error if block supplied

Yield Parameters:

Returns:

Raises:



1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
 
# File 'generated/google/apis/iam_v1/service.rb', line 1187

def (name,  = nil, fields: nil, quota_user: nil, options: nil, &block)
  command =  make_simple_command(:put, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.request_object = 
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end