class Google::Apis::IamV1::IamService
Identity and Access Management (IAM) API
Manages identity and access control for Google
Cloud Platform resources,
including the creation of service accounts, which you can use to authenticate to Google and make API calls.
@example
require 'google/apis/iam_v1' Iam = Google::Apis::IamV1 # Alias the module service = Iam::IamService.new
@see cloud.google.com/iam/
Attributes
@return [String]
API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
@return [String]
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
Public Class Methods
# File lib/google/apis/iam_v1/service.rb, line 47 def initialize super('https://iam.googleapis.com/', '', client_name: 'google-apis-iam_v1', client_version: Google::Apis::IamV1::GEM_VERSION) @batch_path = 'batch' end
Public Instance Methods
Creates a new custom Role
. @param [String] parent
The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/ rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ create): `organizations/`ORGANIZATION_ID``. This method creates organization- level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 152 def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Creates a new WorkloadIdentityPool
. You cannot reuse the name of a deleted pool until 30 days after deletion. @param [String] parent
Required. The parent resource to create the pool in. The only supported location is `global`.
@param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object @param [String] workload_identity_pool_id
Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 485 def create_project_location_workload_identity_pool(parent, workload_identity_pool_object = nil, workload_identity_pool_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/workloadIdentityPools', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.request_object = workload_identity_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolId'] = workload_identity_pool_id unless workload_identity_pool_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Creates a new WorkloadIdentityPoolProvider
in a WorkloadIdentityPool
. You cannot reuse the name of a deleted provider until 30 days after deletion. @param [String] parent
Required. The pool to create this provider in.
@param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object @param [String] workload_identity_pool_provider_id
Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 734 def create_project_location_workload_identity_pool_provider(parent, workload_identity_pool_provider_object = nil, workload_identity_pool_provider_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/providers', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.request_object = workload_identity_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolProviderId'] = workload_identity_pool_provider_id unless workload_identity_pool_provider_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Creates a new custom Role
. @param [String] parent
The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/ rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ create): `organizations/`ORGANIZATION_ID``. This method creates organization- level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 987 def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Creates a ServiceAccount
. @param [String] name
Required. The resource name of the project associated with the service accounts, such as `projects/my-project-123`.
@param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccount]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1283 def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation command.request_object = create_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Creates a ServiceAccountKey
. @param [String] name
Required. The resource name of the service account in the following format: ` projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccountKey]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1857 def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation command.request_object = create_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a custom Role
. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy
. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/ rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/ delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [String] etag
Used to perform a consistent read-modify-write.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 207 def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a WorkloadIdentityPool
. You cannot use a deleted pool to exchange external credentials for Google
Cloud credentials. However, deletion does not revoke credentials that have already been issued. Credentials issued for a deleted pool do not grant access to resources. If the pool is undeleted, and the credentials are not expired, they grant access again. You can undelete a pool for 30 days. After 30 days, deletion is permanent. You cannot update deleted pools. However, you can view and list them. @param [String] name
Required. The name of the pool to delete.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 524 def delete_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a WorkloadIdentityPoolProvider
. Deleting a provider does not revoke credentials that have already been issued; they continue to grant access. You can undelete a provider for 30 days. After 30 days, deletion is permanent. You cannot update deleted providers. However, you can view and list them. @param [String] name
Required. The name of the provider to delete.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 770 def delete_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a custom Role
. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy
. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/ rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/ delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [String] etag
Used to perform a consistent read-modify-write.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1042 def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a ServiceAccount
. Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google
Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account. @param [String] name
Required. The resource name of the service account in the following format: ` projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1327 def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a ServiceAccountKey
. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key. @param [String] name
Required. The resource name of the service account key in the following format: `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The ` ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1894 def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Disables a ServiceAccount
immediately. If an application uses the service account to authenticate, that application can no longer call Google
APIs or access Google
Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount. @param [String] name
The resource name of the service account in the following format: `projects/` PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1371 def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:disable', options) command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation command.request_object = disable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Disable a ServiceAccountKey
. A disabled service account key can be enabled through EnableServiceAccountKey. The API is currently in preview phase. @param [String] name
Required. The resource name of the service account key in the following format: `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The ` ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::DisableServiceAccountKeyRequest] disable_service_account_key_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1930 def disable_service_account_key(name, disable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:disable', options) command.request_representation = Google::Apis::IamV1::DisableServiceAccountKeyRequest::Representation command.request_object = disable_service_account_key_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Enables a ServiceAccount
that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google
disabled the service account because it was compromised—you cannot use this method to enable the service account. @param [String] name
The resource name of the service account in the following format: `projects/` PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1411 def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:enable', options) command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation command.request_object = enable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Enable a ServiceAccountKey
. The API is currently in preview phase. @param [String] name
Required. The resource name of the service account key in the following format: `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The ` ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::EnableServiceAccountKeyRequest] enable_service_account_key_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1967 def enable_service_account_key(name, enable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:enable', options) command.request_representation = Google::Apis::IamV1::EnableServiceAccountKeyRequest::Representation command.request_object = enable_service_account_key_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets the definition of a Role
. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME`` . This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/ iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/` CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/ organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 256 def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets an individual WorkloadIdentityPool
. @param [String] name
Required. The name of the pool to retrieve.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPool] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::WorkloadIdentityPool]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 554 def get_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPool command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. @param [String] name
The name of the operation resource.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 697 def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets an individual WorkloadIdentityPoolProvider
. @param [String] name
Required. The name of the provider to retrieve.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolProvider] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::WorkloadIdentityPoolProvider]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 800 def get_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolProvider command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. @param [String] name
The name of the operation resource.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 944 def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets the definition of a Role
. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME`` . This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/ iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/` CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/ organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1091 def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets a ServiceAccount
. @param [String] name
Required. The resource name of the service account in the following format: ` projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccount]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1446 def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets the IAM policy that is attached to a ServiceAccount
. This IAM policy specifies which members have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [`projects.getIamPolicy`] (cloud.google.com/resource-manager/reference/rest/v1/projects/ getIamPolicy) method. @param [String] resource
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
@param [Fixnum] options_requested_policy_version
Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/ resource-policies).
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Policy] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Policy]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1492 def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets a ServiceAccountKey
. @param [String] name
Required. The resource name of the service account key in the following format: `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The ` ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [String] public_key_type
The output format of the public key requested. X509_PEM is the default output format.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccountKey]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 2006 def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['publicKeyType'] = public_key_type unless public_key_type.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets the definition of a Role
. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME`` . This method returns results from all [predefined roles](/iam/docs/ understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/ iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/` CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/ organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 2129 def get_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding. condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP `200 OK` status code, even if the linter detects an issue in the IAM policy. @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::LintPolicyResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 76 def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options) command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation command.request_object = lint_policy_request_object command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation command.response_class = Google::Apis::IamV1::LintPolicyResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists every predefined Role
that IAM supports, or every custom role that is defined for an organization or project. @param [String] parent
The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`]( /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method lists all organization-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Fixnum] page_size
Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
@param [String] page_token
Optional pagination token returned in an earlier ListRolesResponse.
@param [Boolean] show_deleted
Include Roles that have been deleted.
@param [String] view
Optional view for the returned Role objects. When `FULL` is specified, the ` includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListRolesResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 315 def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool
. If `show_deleted` is set to `true`, then deleted providers are also listed. @param [String] parent
Required. The pool to list providers for.
@param [Fixnum] page_size
The maximum number of providers to return. If unspecified, at most 50 providers are returned. The maximum value is 100; values above 100 are truncated to 100.
@param [String] page_token
A page token, received from a previous `ListWorkloadIdentityPoolProviders` call. Provide this to retrieve the subsequent page.
@param [Boolean] show_deleted
Whether to return soft-deleted providers.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 840 def list_project_location_workload_identity_pool_providers(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/providers', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists all non-deleted WorkloadIdentityPools in a project. If `show_deleted` is set to `true`, then deleted pools are also listed. @param [String] parent
Required. The parent resource to list pools for.
@param [Fixnum] page_size
The maximum number of pools to return. If unspecified, at most 50 pools are returned. The maximum value is 1000; values above are 1000 truncated to 1000.
@param [String] page_token
A page token, received from a previous `ListWorkloadIdentityPools` call. Provide this to retrieve the subsequent page.
@param [Boolean] show_deleted
Whether to return soft-deleted pools.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 593 def list_project_location_workload_identity_pools(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/workloadIdentityPools', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists every predefined Role
that IAM supports, or every custom role that is defined for an organization or project. @param [String] parent
The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`]( /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method lists all organization-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Fixnum] page_size
Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
@param [String] page_token
Optional pagination token returned in an earlier ListRolesResponse.
@param [Boolean] show_deleted
Include Roles that have been deleted.
@param [String] view
Optional view for the returned Role objects. When `FULL` is specified, the ` includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListRolesResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1150 def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists every ServiceAccountKey
for a service account. @param [String] name
Required. The resource name of the service account in the following format: ` projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Array<String>, String] key_types
Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListServiceAccountKeysResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 2044 def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/keys', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse command.params['name'] = name unless name.nil? command.query['keyTypes'] = key_types unless key_types.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists every ServiceAccount
that belongs to a specific project. @param [String] name
Required. The resource name of the project associated with the service accounts, such as `projects/my-project-123`.
@param [Fixnum] page_size
Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request. The default is 20, and the maximum is 100.
@param [String] page_token
Optional pagination token returned in an earlier ListServiceAccountsResponse. next_page_token.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListServiceAccountsResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1532 def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse command.params['name'] = name unless name.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists every predefined Role
that IAM supports, or every custom role that is defined for an organization or project. @param [Fixnum] page_size
Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
@param [String] page_token
Optional pagination token returned in an earlier ListRolesResponse.
@param [String] parent
The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`]( /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method lists all project-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/projects/` PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method lists all organization-level [custom roles](/iam/docs/understanding-custom- roles). Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Boolean] show_deleted
Include Roles that have been deleted.
@param [String] view
Optional view for the returned Role objects. When `FULL` is specified, the ` includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListRolesResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 2188 def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['parent'] = parent unless parent.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Updates the definition of a custom Role
. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/ rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch) : `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Google::Apis::IamV1::Role] role_object @param [String] update_mask
A mask describing which fields in the Role have changed.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 366 def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Updates an existing WorkloadIdentityPool
. @param [String] name
Output only. The resource name of the pool.
@param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object @param [String] update_mask
Required. The list of fields update.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 629 def patch_project_location_workload_identity_pool(name, workload_identity_pool_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.request_object = workload_identity_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Updates an existing WorkloadIdentityPoolProvider
. @param [String] name
Output only. The resource name of the provider.
@param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object @param [String] update_mask
Required. The list of fields to update.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 876 def patch_project_location_workload_identity_pool_provider(name, workload_identity_pool_provider_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.request_object = workload_identity_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Updates the definition of a custom Role
. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/ rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam. googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch) : `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam. googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Google::Apis::IamV1::Role] role_object @param [String] update_mask
A mask describing which fields in the Role have changed.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1201 def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Patches a ServiceAccount
. @param [String] name
The resource name of the service account. Use one of the following formats: * ` projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/` EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
@param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccount]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1574 def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation command.request_object = patch_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists roles that can be granted on a Google
Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role. @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::QueryGrantableRolesResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 2222 def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options) command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation command.request_object = query_grantable_roles_request_object command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the [Logging documentation](cloud.google.com/logging/docs/audit). @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::QueryAuditableServicesResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 108 def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options) command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation command.request_object = query_auditable_services_request_object command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource. @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::QueryTestablePermissionsResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 446 def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options) command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation command.request_object = query_testable_permissions_request_object command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Sets the IAM policy that is attached to a ServiceAccount
. Use this method to grant or revoke access to the service account. For example, you could grant a member the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's ` getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Granting roles to a service account for specific resources]( cloud.google.com/iam/help/service-accounts/granting-access-to-service- accounts). @param [String] resource
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
@param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Policy] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Policy]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1618 def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Note: This method is deprecated. Use the [`signBlob`](cloud.google. com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](cloud.google.com/iam/help/ credentials/migrate-api) for instructions. Signs a blob using the system- managed private key for a ServiceAccount
. @param [String] name
Required. Deprecated. [Migrate to Service Account Credentials API](https:// cloud.google.com/iam/help/credentials/migrate-api). The resource name of the service account in the following format: `projects/`PROJECT_ID`/ serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::SignBlobResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1661 def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signBlob', options) command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation command.request_object = sign_blob_request_object command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation command.response_class = Google::Apis::IamV1::SignBlobResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Note: This method is deprecated. Use the [`signJwt`](cloud.google. com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](cloud.google.com/iam/help/ credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount
. @param [String] name
Required. Deprecated. [Migrate to Service Account Credentials API](https:// cloud.google.com/iam/help/credentials/migrate-api). The resource name of the service account in the following format: `projects/`PROJECT_ID`/ serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::SignJwtResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1704 def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signJwt', options) command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation command.request_object = sign_jwt_request_object command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation command.response_class = Google::Apis::IamV1::SignJwtResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Tests whether the caller has the specified permissions on a ServiceAccount
. @param [String] resource
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
@param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::TestIamPermissionsResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1738 def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Undeletes a custom Role
. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/ reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/` CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/ rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 414 def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Undeletes a custom Role
. @param [String] name
The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/ reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/` CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/ rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/` CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/` ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
@param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Role]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1249 def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Restores a deleted ServiceAccount
. Important: It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed. @param [String] name
The resource name of the service account in the following format: `projects/` PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account.
@param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::UndeleteServiceAccountResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1777 def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation command.request_object = undelete_service_account_request_object command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Undeletes a WorkloadIdentityPool
, as long as it was deleted fewer than 30 days ago. @param [String] name
Required. The name of the pool to undelete.
@param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest] undelete_workload_identity_pool_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 664 def undelete_workload_identity_pool(name, undelete_workload_identity_pool_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest::Representation command.request_object = undelete_workload_identity_pool_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Undeletes a WorkloadIdentityPoolProvider
, as long as it was deleted fewer than 30 days ago. @param [String] name
Required. The name of the provider to undelete.
@param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest] undelete_workload_identity_pool_provider_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Operation]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 911 def undelete_workload_identity_pool_provider(name, undelete_workload_identity_pool_provider_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest::Representation command.request_object = undelete_workload_identity_pool_provider_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Note: We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount
. You can update only the `display_name` and `description` fields. @param [String] name
The resource name of the service account. Use one of the following formats: * ` projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/` EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
@param [Google::Apis::IamV1::ServiceAccount] service_account_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccount]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 1821 def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:put, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation command.request_object = service_account_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Creates a ServiceAccountKey
, using a public key that you provide. @param [String] name
The resource name of the service account in the following format: `projects/` PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.
@param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccountKey]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File lib/google/apis/iam_v1/service.rb, line 2079 def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys:upload', options) command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation command.request_object = upload_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Protected Instance Methods
# File lib/google/apis/iam_v1/service.rb, line 2235 def apply_command_defaults(command) command.query['key'] = key unless key.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? end