Class: Google::Apis::IamV1::IamService

Inherits:

Core::BaseService

Object
Core::BaseService
Google::Apis::IamV1::IamService

show all

Defined in:: generated/google/apis/iam_v1/service.rb

Overview

Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Examples:

require 'google/apis/iam_v1'

Iam = Google::Apis::IamV1 # Alias the module
service = Iam::IamService.new

Instance Attribute Summary collapse

#key ⇒ String
API key.
#quota_user ⇒ String
Available to use for quota purposes for server-side applications.

Attributes inherited from Core::BaseService

#authorization, #base_path, #batch_path, #client, #client_options, #request_options, #root_url, #upload_path

Instance Method Summary collapse

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Creates a new Role.
#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Creates a new Role.
#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Creates a ServiceAccount and returns it.
#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey
Creates a ServiceAccountKey and returns it.
#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Soft deletes a role.
#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Soft deletes a role.
#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
Deletes a ServiceAccount.
#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
Deletes a ServiceAccountKey.
#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
DisableServiceAccount is currently in the alpha launch stage.
#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty
EnableServiceAccount is currently in the alpha launch stage.
#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Gets a Role definition.
#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Gets a Role definition.
#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Gets a ServiceAccount.
#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy
Returns the Cloud IAM access control policy for a ServiceAccount.
#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey
Gets the ServiceAccountKey by key id.
#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Gets a Role definition.
#initialize ⇒ IamService constructor
A new instance of IamService.
#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::LintPolicyResponse
Lints a Cloud IAM policy object or its sub fields.
#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse
Lists the Roles defined on a resource.
#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse
Lists the Roles defined on a resource.
#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountKeysResponse
Lists ServiceAccountKeys.
#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountsResponse
Lists ServiceAccounts for a project.
#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse
Lists the Roles defined on a resource.
#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Updates a Role definition.
#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Updates a Role definition.
#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Patches a ServiceAccount.
#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryGrantableRolesResponse
Queries roles that can be granted on a particular resource.
#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryAuditableServicesResponse
Returns a list of services that support service level audit logging configuration for the given resource.
#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryTestablePermissionsResponse
Lists the permissions testable on a resource.
#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy
Sets the Cloud IAM access control policy for a ServiceAccount.
#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignBlobResponse
Note: This method is in the process of being deprecated.
#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignJwtResponse
Note: This method is in the process of being deprecated.
#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::TestIamPermissionsResponse
Tests the specified permissions against the IAM access control policy for a ServiceAccount.
#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Undelete a Role, bringing it back in its previous state.
#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role
Undelete a Role, bringing it back in its previous state.
#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::UndeleteServiceAccountResponse
Restores a deleted ServiceAccount.
#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount
Note: This method is in the process of being deprecated.
#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey
Upload public key for a given service account.

Methods inherited from Core::BaseService

#batch, #batch_upload, #fetch_all, #http

Methods included from Core::Logging

#logger

Constructor Details

#initialize ⇒ `IamService`

Returns a new instance of IamService

# File 'generated/google/apis/iam_v1/service.rb', line 47

def initialize
  super('https://iam.googleapis.com/', '')
  @batch_path = 'batch'
end

Instance Attribute Details

#key ⇒ `String`

Returns API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

Returns:

(String) —
API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.



40
41
42

# File 'generated/google/apis/iam_v1/service.rb', line 40

def key
  @key
end

#quota_user ⇒ `String`

Returns Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

Returns:

(String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.



45
46
47

# File 'generated/google/apis/iam_v1/service.rb', line 45

def quota_user
  @quota_user
end

Instance Method Details

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Creates a new Role.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's parent value format is described below:
- projects.roles.create(): projects/PROJECT_ID`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
- organizations.roles.create(): organizations/ORGANIZATION_ID`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 170

def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Creates a new Role.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's parent value format is described below:
- projects.roles.create(): projects/PROJECT_ID`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
- organizations.roles.create(): organizations/ORGANIZATION_ID`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
create_role_request_object (Google::Apis::IamV1::CreateRoleRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 536

def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Creates a ServiceAccount and returns it.

Parameters:

name (String) —
Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.
create_service_account_request_object (Google::Apis::IamV1::CreateServiceAccountRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 856

def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
  command.request_object = create_service_account_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

Creates a ServiceAccountKey and returns it.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
create_service_account_key_request_object (Google::Apis::IamV1::CreateServiceAccountKeyRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccountKey) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccountKey)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1442

def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
  command.request_object = create_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in ListRoles() unless show_deleted is set in the ListRolesRequest. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below:
- projects.roles.delete(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.delete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
etag (String) —
Used to perform a consistent read-modify-write.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 228

def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below:
- projects.roles.delete(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.delete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
etag (String) —
Used to perform a consistent read-modify-write.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 594

def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

Deletes a ServiceAccount.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 892

def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

Deletes a ServiceAccountKey.

Parameters:

name (String) —
The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1478

def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

DisableServiceAccount is currently in the alpha launch stage. Disables a ServiceAccount, which immediately prevents the service account from authenticating and gaining access to APIs. Disabled service accounts can be safely restored by using EnableServiceAccount at any point. Deleted service accounts cannot be restored using this method. Disabling a service account that is bound to VMs, Apps, Functions, or other jobs will cause those jobs to lose access to resources if they are using the disabled service account. To improve reliability of your services and avoid unexpected outages, it is recommended to first disable a service account rather than delete it. After disabling the service account, wait at least 24 hours to verify there are no unintended consequences, and then delete the service account.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
disable_service_account_request_object (Google::Apis::IamV1::DisableServiceAccountRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 940

def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:disable', options)
  command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
  command.request_object = disable_service_account_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

EnableServiceAccount is currently in the alpha launch stage. Restores a disabled ServiceAccount that has been manually disabled by using DisableServiceAccount. Service accounts that have been disabled by other means or for other reasons, such as abuse, cannot be restored using this method. EnableServiceAccount will have no effect on a service account that is not disabled. Enabling an already enabled service account will have no effect.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
enable_service_account_request_object (Google::Apis::IamV1::EnableServiceAccountRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Empty) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Empty)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 984

def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:enable', options)
  command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
  command.request_object = enable_service_account_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Gets a Role definition.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below:
- roles.get(): roles/ROLE_NAME. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME
- projects.roles.get(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.get() : organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 283

def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Gets a Role definition.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below:
- roles.get(): roles/ROLE_NAME. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME
- projects.roles.get(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.get() : organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 649

def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Gets a ServiceAccount.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1020

def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

Returns the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both resources and identities. This method treats the service account as a resource. It returns the Cloud IAM policy that reflects what members have access to the service account. This method does not return what resources the service account has access to. To see if a service account has access to a resource, call the getIamPolicy method on the target resource. For example, to view grants for a project, call the projects.getIamPolicy method.

Parameters:

resource (String) —
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
options_requested_policy_version (Fixnum) —
Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Policy) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Policy)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1071

def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

Gets the ServiceAccountKey by key id.

Parameters:

name (String) —
The resource name of the service account key in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT/keys/key`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
public_key_type (String) —
The output format of the public key requested. X509_PEM is the default output format.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccountKey) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccountKey)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1516

def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Gets a Role definition.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's name value format is described below:
- roles.get(): roles/ROLE_NAME. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME
- projects.roles.get(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.get() : organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1650

def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::LintPolicyResponse`

Lints a Cloud IAM policy object or its sub fields. Currently supports google.iam.v1.Policy, google.iam.v1.Binding and google.iam.v1.Binding.condition. Each lint operation consists of multiple lint validation units. Validation units have the following properties:

Each unit inspects the input object in regard to a particular linting aspect and issues a google.iam.admin.v1.LintResult disclosing the result.
Domain of discourse of each unit can be either google.iam.v1.Policy, google.iam.v1.Binding, or google.iam.v1.Binding.condition depending on the purpose of the validation.
A unit may require additional data (like the list of all possible enumerable values of a particular attribute used in the policy instance) which shall be provided by the caller. Refer to the comments of google.iam.admin.v1.LintPolicyRequest.context for more details. The set of applicable validation units is determined by the Cloud IAM server and is not configurable. Regardless of any lint issues or their severities, successful calls to lintPolicy return an HTTP 200 OK status code.

Parameters:

lint_policy_request_object (Google::Apis::IamV1::LintPolicyRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::LintPolicyResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::LintPolicyResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 90

def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
  command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
  command.request_object = lint_policy_request_object
  command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
  command.response_class = Google::Apis::IamV1::LintPolicyResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

Lists the Roles defined on a resource.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below:
- roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles
- projects.roles.list(): projects/PROJECT_ID`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
- organizations.roles.list(): organizations/ORGANIZATION_ID`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
page_size (Fixnum) —
Optional limit on the number of roles to include in the response.
page_token (String) —
Optional pagination token returned in an earlier ListRolesResponse.
show_deleted (Boolean) —
Include Roles that have been deleted.
view (String) —
Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 347

def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

Lists the Roles defined on a resource.

Parameters:

parent (String) —
The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below:
- roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles
- projects.roles.list(): projects/PROJECT_ID`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
- organizations.roles.list(): organizations/ORGANIZATION_ID`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
page_size (Fixnum) —
Optional limit on the number of roles to include in the response.
page_token (String) —
Optional pagination token returned in an earlier ListRolesResponse.
show_deleted (Boolean) —
Include Roles that have been deleted.
view (String) —
Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 713

def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountKeysResponse`

Lists ServiceAccountKeys.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_ID, will infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
key_types (Array<String>, String) —
Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListServiceAccountKeysResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListServiceAccountKeysResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1555

def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/keys', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
  command.params['name'] = name unless name.nil?
  command.query['keyTypes'] = key_types unless key_types.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountsResponse`

Lists ServiceAccounts for a project.

Parameters:

name (String) —
Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.
page_size (Fixnum) —
Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request.
page_token (String) —
Optional pagination token returned in an earlier ListServiceAccountsResponse.next_page_token.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListServiceAccountsResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListServiceAccountsResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1111

def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
  command.params['name'] = name unless name.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

Lists the Roles defined on a resource.

Parameters:

page_size (Fixnum) —
Optional limit on the number of roles to include in the response.
page_token (String) —
Optional pagination token returned in an earlier ListRolesResponse.
parent (String) —
The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below:
- roles.list(): An empty string. This method doesn't require a resource; it simply returns all predefined roles in Cloud IAM. Example request URL: https://iam.googleapis.com/v1/roles
- projects.roles.list(): projects/PROJECT_ID`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
- organizations.roles.list(): organizations/ORGANIZATION_ID`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL:https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
show_deleted (Boolean) —
Include Roles that have been deleted.
view (String) —
Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ListRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ListRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1714

def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['parent'] = parent unless parent.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Updates a Role definition.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below:
- projects.roles.patch(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.patch(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
role_object (Google::Apis::IamV1::Role) (defaults to: nil)
update_mask (String) —
A mask describing which fields in the Role have changed.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 402

def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Updates a Role definition.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below:
- projects.roles.patch(): projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.patch(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
role_object (Google::Apis::IamV1::Role) (defaults to: nil)
update_mask (String) —
A mask describing which fields in the Role have changed.
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 768

def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Patches a ServiceAccount. Currently, only the following fields are updatable: display_name and description. Only fields specified in the request are guaranteed to be returned in the response. Other fields in the response may be empty. Note: The field mask is required.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT. Requests using `-` as a wildcard for the `PROJECT_ID` will infer the project from the `account` and the `ACCOUNT` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT.
patch_service_account_request_object (Google::Apis::IamV1::PatchServiceAccountRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1155

def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
  command.request_object = patch_service_account_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryGrantableRolesResponse`

Queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.

Parameters:

query_grantable_roles_request_object (Google::Apis::IamV1::QueryGrantableRolesRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::QueryGrantableRolesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::QueryGrantableRolesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1749

def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
  command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
  command.request_object = query_grantable_roles_request_object
  command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryAuditableServicesResponse`

Returns a list of services that support service level audit logging configuration for the given resource.

Parameters:

query_auditable_services_request_object (Google::Apis::IamV1::QueryAuditableServicesRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::QueryAuditableServicesResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::QueryAuditableServicesResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 121

def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
  command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
  command.request_object = query_auditable_services_request_object
  command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryTestablePermissionsResponse`

Lists the permissions testable on a resource. A permission is testable if it can be tested for an identity on a resource.

Parameters:

query_testable_permissions_request_object (Google::Apis::IamV1::QueryTestablePermissionsRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::QueryTestablePermissionsResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::QueryTestablePermissionsResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 487

def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
  command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
  command.request_object = query_testable_permissions_request_object
  command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

Sets the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both resources and identities. This method treats the service account as a resource. Use it to grant members access to the service account, such as when they need to impersonate it. This method does not grant the service account access to other resources, such as projects. To grant a service account access to resources, include the service account in the Cloud IAM policy for the desired resource, then call the appropriate setIamPolicy method on the target resource. For example, to grant a service account access to a project, call the projects.setIamPolicy method.

Parameters:

resource (String) —
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
set_iam_policy_request_object (Google::Apis::IamV1::SetIamPolicyRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Policy) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Policy)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1203

def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
  command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
  command.request_object = set_iam_policy_request_object
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignBlobResponse`

Note: This method is in the process of being deprecated. Call the signBlob() method of the Cloud IAM Service Account Credentials API instead. Signs a blob using a service account's system-managed private key.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
sign_blob_request_object (Google::Apis::IamV1::SignBlobRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::SignBlobResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::SignBlobResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1244

def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
  command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
  command.request_object = sign_blob_request_object
  command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
  command.response_class = Google::Apis::IamV1::SignBlobResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignJwtResponse`

Note: This method is in the process of being deprecated. Call the signJwt() method of the Cloud IAM Service Account Credentials API instead. Signs a JWT using a service account's system-managed private key. If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an an expiry time of one hour by default. If you request an expiry time of more than one hour, the request will fail.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
sign_jwt_request_object (Google::Apis::IamV1::SignJwtRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::SignJwtResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::SignJwtResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1288

def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
  command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
  command.request_object = sign_jwt_request_object
  command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
  command.response_class = Google::Apis::IamV1::SignJwtResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::TestIamPermissionsResponse`

Tests the specified permissions against the IAM access control policy for a ServiceAccount.

Parameters:

resource (String) —
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
test_iam_permissions_request_object (Google::Apis::IamV1::TestIamPermissionsRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::TestIamPermissionsResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::TestIamPermissionsResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1323

def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
  command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
  command.request_object = test_iam_permissions_request_object
  command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Undelete a Role, bringing it back in its previous state.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below:
- projects.roles.undelete() : projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.undelete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 455

def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

Undelete a Role, bringing it back in its previous state.

Parameters:

name (String) —
The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below:
- projects.roles.undelete() : projects/PROJECT_ID/roles/CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID
- organizations.roles.undelete(): organizations/ORGANIZATION_ID/roles/CUSTOM_ROLE_ID. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
undelete_role_request_object (Google::Apis::IamV1::UndeleteRoleRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::Role) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::Role)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 821

def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::UndeleteServiceAccountResponse`

Restores a deleted ServiceAccount. This is to be used as an action of last resort. A service account may not always be restorable.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT_UNIQUE_ID`. Using-as a wildcard for thePROJECT_ID` will infer the project from the account.
undelete_service_account_request_object (Google::Apis::IamV1::UndeleteServiceAccountRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::UndeleteServiceAccountResponse) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::UndeleteServiceAccountResponse)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1361

def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
  command.request_object = undelete_service_account_request_object
  command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
  command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

Note: This method is in the process of being deprecated. Use PatchServiceAccount instead. Updates a ServiceAccount. Currently, only the following fields are updatable: display_name and description.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT. Requests using `-` as a wildcard for the `PROJECT_ID` will infer the project from the `account` and the `ACCOUNT` value can be the `email` address or the `unique_id` of the service account. In responses the resource name will always be in the format `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT.
service_account_object (Google::Apis::IamV1::ServiceAccount) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccount) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccount)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1404

def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:put, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.request_object = service_account_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

Upload public key for a given service account. This rpc will create a ServiceAccountKey that has the provided public key and returns it.

Parameters:

name (String) —
The resource name of the service account in the following format: projects/PROJECT_ID/serviceAccounts/ACCOUNT`. Using-as a wildcard for thePROJECT_IDwill infer the project from the account. TheACCOUNTvalue can be theemailaddress or theunique_id` of the service account.
upload_service_account_key_request_object (Google::Apis::IamV1::UploadServiceAccountKeyRequest) (defaults to: nil)
fields (String) —
Selector specifying which fields to include in a partial response.
quota_user (String) —
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
options (Google::Apis::RequestOptions) —
Request-specific options

Yields:

(result, err) —
Result & error if block supplied

Yield Parameters:

result (Google::Apis::IamV1::ServiceAccountKey) —
parsed result object
err (StandardError) —
error object if request failed

Returns:

(Google::Apis::IamV1::ServiceAccountKey)

Raises:

(Google::Apis::ServerError) —
An error occurred on the server and the request can be retried
(Google::Apis::ClientError) —
The request is invalid and should not be retried without modification
(Google::Apis::AuthorizationError) —
Authorization is required

# File 'generated/google/apis/iam_v1/service.rb', line 1594

def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys:upload', options)
  command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation
  command.request_object = upload_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

Class: Google::Apis::IamV1::IamService

Overview

Instance Attribute Summary collapse

Attributes inherited from Core::BaseService

Instance Method Summary collapse

Methods inherited from Core::BaseService

Methods included from Core::Logging

Constructor Details

#initialize ⇒ IamService

Instance Attribute Details

#key ⇒ String

#quota_user ⇒ String

Instance Method Details

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Empty

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::LintPolicyResponse

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountKeysResponse

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListServiceAccountsResponse

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ListRolesResponse

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryGrantableRolesResponse

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryAuditableServicesResponse

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::QueryTestablePermissionsResponse

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Policy

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignBlobResponse

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::SignJwtResponse

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::TestIamPermissionsResponse

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::Role

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::UndeleteServiceAccountResponse

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccount

#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ Google::Apis::IamV1::ServiceAccountKey

#initialize ⇒ `IamService`

#key ⇒ `String`

#quota_user ⇒ `String`

#create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

#delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#delete_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Empty`

#get_organization_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#get_project_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#get_project_service_account(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

#get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`

#get_role(name, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::LintPolicyResponse`

#list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

#list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

#list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountKeysResponse`

#list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListServiceAccountsResponse`

#list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ListRolesResponse`

#patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryGrantableRolesResponse`

#query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryAuditableServicesResponse`

#query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::QueryTestablePermissionsResponse`

#set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Policy`

#sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignBlobResponse`

#sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::SignJwtResponse`

#test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::TestIamPermissionsResponse`

#undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::Role`

#undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::UndeleteServiceAccountResponse`

#update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccount`

#upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil) {|result, err| ... } ⇒ `Google::Apis::IamV1::ServiceAccountKey`