class Google::Apis::IamV1::IamService

Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources,

including the creation of service accounts, which you can use to authenticate
to Google and make API calls.

@example

require 'google/apis/iam_v1'

Iam = Google::Apis::IamV1 # Alias the module
service = Iam::IamService.new

@see cloud.google.com/iam/

Attributes

key[RW]

@return [String]

API key. Your API key identifies your project and provides you with API access,
quota, and reports. Required unless you provide an OAuth 2.0 token.
quota_user[RW]

@return [String]

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

Public Class Methods

new() click to toggle source
Calls superclass method
# File lib/google/apis/iam_v1/service.rb, line 47
def initialize
  super('https://iam.googleapis.com/', '',
        client_name: 'google-apis-iam_v1',
        client_version: Google::Apis::IamV1::GEM_VERSION)
  @batch_path = 'batch'
end

Public Instance Methods

create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Creates a new custom Role. @param [String] parent

The `parent` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `parent`
value format is described below: * [`projects.roles.create()`](/iam/reference/
rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates
project-level [custom roles](/iam/docs/understanding-custom-roles). Example
request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [`
organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/
create): `organizations/`ORGANIZATION_ID``. This method creates organization-
level [custom roles](/iam/docs/understanding-custom-roles). Example request
URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
Note: Wildcard (*) values are invalid; you must specify a complete project ID
or organization ID.

@param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 152
def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
create_project_location_workload_identity_pool(parent, workload_identity_pool_object = nil, workload_identity_pool_id: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted pool until 30 days after deletion. @param [String] parent

Required. The parent resource to create the pool in. The only supported
location is `global`.

@param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object @param [String] workload_identity_pool_id

Required. The ID to use for the pool, which becomes the final component of the
resource name. This value should be 4-32 characters, and may contain the
characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may
not be specified.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 485
def create_project_location_workload_identity_pool(parent, workload_identity_pool_object = nil, workload_identity_pool_id: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/workloadIdentityPools', options)
  command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation
  command.request_object = workload_identity_pool_object
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['parent'] = parent unless parent.nil?
  command.query['workloadIdentityPoolId'] = workload_identity_pool_id unless workload_identity_pool_id.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
create_project_location_workload_identity_pool_provider(parent, workload_identity_pool_provider_object = nil, workload_identity_pool_provider_id: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You cannot reuse the name of a deleted provider until 30 days after deletion. @param [String] parent

Required. The pool to create this provider in.

@param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object @param [String] workload_identity_pool_provider_id

Required. The ID for the provider, which becomes the final component of the
resource name. This value must be 4-32 characters, and may contain the
characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may
not be specified.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 734
def create_project_location_workload_identity_pool_provider(parent, workload_identity_pool_provider_object = nil, workload_identity_pool_provider_id: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/providers', options)
  command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation
  command.request_object = workload_identity_pool_provider_object
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['parent'] = parent unless parent.nil?
  command.query['workloadIdentityPoolProviderId'] = workload_identity_pool_provider_id unless workload_identity_pool_provider_id.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Creates a new custom Role. @param [String] parent

The `parent` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `parent`
value format is described below: * [`projects.roles.create()`](/iam/reference/
rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates
project-level [custom roles](/iam/docs/understanding-custom-roles). Example
request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [`
organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/
create): `organizations/`ORGANIZATION_ID``. This method creates organization-
level [custom roles](/iam/docs/understanding-custom-roles). Example request
URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
Note: Wildcard (*) values are invalid; you must specify a complete project ID
or organization ID.

@param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 987
def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+parent}/roles', options)
  command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
  command.request_object = create_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['parent'] = parent unless parent.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Creates a ServiceAccount. @param [String] name

Required. The resource name of the project associated with the service
accounts, such as `projects/my-project-123`.

@param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ServiceAccount]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1283
def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
  command.request_object = create_service_account_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Creates a ServiceAccountKey. @param [String] name

Required. The resource name of the service account in the following format: `
projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
can be the `email` address or the `unique_id` of the service account.

@param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ServiceAccountKey]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1857
def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys', options)
  command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
  command.request_object = create_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
value format is described below: * [`projects.roles.delete()`](/iam/reference/
rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
This method deletes only [custom roles](/iam/docs/understanding-custom-roles)
that have been created at the project level. Example request URL: `https://iam.
googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/
delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
deletes only [custom roles](/iam/docs/understanding-custom-roles) that have
been created at the organization level. Example request URL: `https://iam.
googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
Wildcard (*) values are invalid; you must specify a complete project ID or
organization ID.

@param [String] etag

Used to perform a consistent read-modify-write.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 207
def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
delete_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Deletes a WorkloadIdentityPool. You cannot use a deleted pool to exchange external credentials for Google Cloud credentials. However, deletion does not revoke credentials that have already been issued. Credentials issued for a deleted pool do not grant access to resources. If the pool is undeleted, and the credentials are not expired, they grant access again. You can undelete a pool for 30 days. After 30 days, deletion is permanent. You cannot update deleted pools. However, you can view and list them. @param [String] name

Required. The name of the pool to delete.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 524
def delete_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
delete_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Deletes a WorkloadIdentityPoolProvider. Deleting a provider does not revoke credentials that have already been issued; they continue to grant access. You can undelete a provider for 30 days. After 30 days, deletion is permanent. You cannot update deleted providers. However, you can view and list them. @param [String] name

Required. The name of the provider to delete.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 770
def delete_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
value format is described below: * [`projects.roles.delete()`](/iam/reference/
rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
This method deletes only [custom roles](/iam/docs/understanding-custom-roles)
that have been created at the project level. Example request URL: `https://iam.
googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/
delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
deletes only [custom roles](/iam/docs/understanding-custom-roles) that have
been created at the organization level. Example request URL: `https://iam.
googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
Wildcard (*) values are invalid; you must specify a complete project ID or
organization ID.

@param [String] etag

Used to perform a consistent read-modify-write.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1042
def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['etag'] = etag unless etag.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Deletes a ServiceAccount. Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account. @param [String] name

Required. The resource name of the service account in the following format: `
projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
can be the `email` address or the `unique_id` of the service account.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Empty]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1327
def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key. @param [String] name

Required. The resource name of the service account key in the following format:
`projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
wildcard for the `PROJECT_ID` will infer the project from the account. The `
ACCOUNT` value can be the `email` address or the `unique_id` of the service
account.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Empty]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1894
def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:delete, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Disables a ServiceAccount immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount. @param [String] name

The resource name of the service account in the following format: `projects/`
PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
be the `email` address or the `unique_id` of the service account.

@param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Empty]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1371
def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:disable', options)
  command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
  command.request_object = disable_service_account_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
disable_service_account_key(name, disable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Disable a ServiceAccountKey. A disabled service account key can be enabled through EnableServiceAccountKey. The API is currently in preview phase. @param [String] name

Required. The resource name of the service account key in the following format:
`projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
wildcard for the `PROJECT_ID` will infer the project from the account. The `
ACCOUNT` value can be the `email` address or the `unique_id` of the service
account.

@param [Google::Apis::IamV1::DisableServiceAccountKeyRequest] disable_service_account_key_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Empty]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1930
def disable_service_account_key(name, disable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:disable', options)
  command.request_representation = Google::Apis::IamV1::DisableServiceAccountKeyRequest::Representation
  command.request_object = disable_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Enables a ServiceAccount that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account. @param [String] name

The resource name of the service account in the following format: `projects/`
PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
be the `email` address or the `unique_id` of the service account.

@param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Empty]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1411
def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:enable', options)
  command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
  command.request_object = enable_service_account_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
enable_service_account_key(name, enable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Enable a ServiceAccountKey. The API is currently in preview phase. @param [String] name

Required. The resource name of the service account key in the following format:
`projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
wildcard for the `PROJECT_ID` will infer the project from the account. The `
ACCOUNT` value can be the `email` address or the `unique_id` of the service
account.

@param [Google::Apis::IamV1::EnableServiceAccountKeyRequest] enable_service_account_key_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Empty]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1967
def enable_service_account_key(name, enable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:enable', options)
  command.request_representation = Google::Apis::IamV1::EnableServiceAccountKeyRequest::Representation
  command.request_object = enable_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::Empty::Representation
  command.response_class = Google::Apis::IamV1::Empty
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets the definition of a Role. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
organizations.roles). Each resource type's `name` value format is described
below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``
. This method returns results from all [predefined roles](/iam/docs/
understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `
https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/
iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/`
CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the project level.
Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/
organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the organization level.
Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
you must specify a complete project ID or organization ID.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 256
def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets an individual WorkloadIdentityPool. @param [String] name

Required. The name of the pool to retrieve.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPool] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::WorkloadIdentityPool]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 554
def get_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation
  command.response_class = Google::Apis::IamV1::WorkloadIdentityPool
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. @param [String] name

The name of the operation resource.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 697
def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets an individual WorkloadIdentityPoolProvider. @param [String] name

Required. The name of the provider to retrieve.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolProvider] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::WorkloadIdentityPoolProvider]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 800
def get_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation
  command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolProvider
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. @param [String] name

The name of the operation resource.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 944
def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_role(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets the definition of a Role. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
organizations.roles). Each resource type's `name` value format is described
below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``
. This method returns results from all [predefined roles](/iam/docs/
understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `
https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/
iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/`
CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the project level.
Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/
organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the organization level.
Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
you must specify a complete project ID or organization ID.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1091
def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets a ServiceAccount. @param [String] name

Required. The resource name of the service account in the following format: `
projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
can be the `email` address or the `unique_id` of the service account.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ServiceAccount]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1446
def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which members have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [`projects.getIamPolicy`] (cloud.google.com/resource-manager/reference/rest/v1/projects/ getIamPolicy) method. @param [String] resource

REQUIRED: The resource for which the policy is being requested. See the
operation documentation for the appropriate value for this field.

@param [Fixnum] options_requested_policy_version

Optional. The policy format version to be returned. Valid values are 0, 1, and
3. Requests specifying an invalid value will be rejected. Requests for
policies with any conditional bindings must specify version 3. Policies
without any conditional bindings may specify any valid value or leave the
field unset. To learn which resources support conditions in their IAM policies,
see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
resource-policies).

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Policy] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Policy]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1492
def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets a ServiceAccountKey. @param [String] name

Required. The resource name of the service account key in the following format:
`projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
wildcard for the `PROJECT_ID` will infer the project from the account. The `
ACCOUNT` value can be the `email` address or the `unique_id` of the service
account.

@param [String] public_key_type

The output format of the public key requested. X509_PEM is the default output
format.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ServiceAccountKey]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 2006
def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
get_role(name, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Gets the definition of a Role. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
organizations.roles). Each resource type's `name` value format is described
below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``
. This method returns results from all [predefined roles](/iam/docs/
understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `
https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/
iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/`
CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the project level.
Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/
organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the organization level.
Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
you must specify a complete project ID or organization ID.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 2129
def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}', options)
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding. condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP `200 OK` status code, even if the linter detects an issue in the IAM policy. @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::LintPolicyResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 76
def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
  command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
  command.request_object = lint_policy_request_object
  command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
  command.response_class = Google::Apis::IamV1::LintPolicyResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. @param [String] parent

The `parent` parameter's value depends on the target resource for the request,
namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
organizations.roles). Each resource type's `parent` value format is described
below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
This method doesn't require a resource; it simply returns all [predefined
roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example
request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](
/iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This
method lists all project-level [custom roles](/iam/docs/understanding-custom-
roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/
organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method
lists all organization-level [custom roles](/iam/docs/understanding-custom-
roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must
specify a complete project ID or organization ID.

@param [Fixnum] page_size

Optional limit on the number of roles to include in the response. The default
is 300, and the maximum is 1,000.

@param [String] page_token

Optional pagination token returned in an earlier ListRolesResponse.

@param [Boolean] show_deleted

Include Roles that have been deleted.

@param [String] view

Optional view for the returned Role objects. When `FULL` is specified, the `
includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not return
the `includedPermissions` field.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ListRolesResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 315
def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
list_project_location_workload_identity_pool_providers(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool. If `show_deleted` is set to `true`, then deleted providers are also listed. @param [String] parent

Required. The pool to list providers for.

@param [Fixnum] page_size

The maximum number of providers to return. If unspecified, at most 50
providers are returned. The maximum value is 100; values above 100 are
truncated to 100.

@param [String] page_token

A page token, received from a previous `ListWorkloadIdentityPoolProviders`
call. Provide this to retrieve the subsequent page.

@param [Boolean] show_deleted

Whether to return soft-deleted providers.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 840
def list_project_location_workload_identity_pool_providers(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/providers', options)
  command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse::Representation
  command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
list_project_location_workload_identity_pools(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists all non-deleted WorkloadIdentityPools in a project. If `show_deleted` is set to `true`, then deleted pools are also listed. @param [String] parent

Required. The parent resource to list pools for.

@param [Fixnum] page_size

The maximum number of pools to return. If unspecified, at most 50 pools are
returned. The maximum value is 1000; values above are 1000 truncated to 1000.

@param [String] page_token

A page token, received from a previous `ListWorkloadIdentityPools` call.
Provide this to retrieve the subsequent page.

@param [Boolean] show_deleted

Whether to return soft-deleted pools.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 593
def list_project_location_workload_identity_pools(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/workloadIdentityPools', options)
  command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse::Representation
  command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. @param [String] parent

The `parent` parameter's value depends on the target resource for the request,
namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
organizations.roles). Each resource type's `parent` value format is described
below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
This method doesn't require a resource; it simply returns all [predefined
roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example
request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](
/iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This
method lists all project-level [custom roles](/iam/docs/understanding-custom-
roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/
organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method
lists all organization-level [custom roles](/iam/docs/understanding-custom-
roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must
specify a complete project ID or organization ID.

@param [Fixnum] page_size

Optional limit on the number of roles to include in the response. The default
is 300, and the maximum is 1,000.

@param [String] page_token

Optional pagination token returned in an earlier ListRolesResponse.

@param [Boolean] show_deleted

Include Roles that have been deleted.

@param [String] view

Optional view for the returned Role objects. When `FULL` is specified, the `
includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not return
the `includedPermissions` field.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ListRolesResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1150
def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+parent}/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.params['parent'] = parent unless parent.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists every ServiceAccountKey for a service account. @param [String] name

Required. The resource name of the service account in the following format: `
projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value
can be the `email` address or the `unique_id` of the service account.

@param [Array<String>, String] key_types

Filters the types of keys the user wants to include in the list response.
Duplicate key types are not allowed. If no key type is provided, all keys are
returned.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ListServiceAccountKeysResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 2044
def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/keys', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
  command.params['name'] = name unless name.nil?
  command.query['keyTypes'] = key_types unless key_types.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists every ServiceAccount that belongs to a specific project. @param [String] name

Required. The resource name of the project associated with the service
accounts, such as `projects/my-project-123`.

@param [Fixnum] page_size

Optional limit on the number of service accounts to include in the response.
Further accounts can subsequently be obtained by including the
ListServiceAccountsResponse.next_page_token in a subsequent request. The
default is 20, and the maximum is 100.

@param [String] page_token

Optional pagination token returned in an earlier ListServiceAccountsResponse.
next_page_token.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ListServiceAccountsResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1532
def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
  command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
  command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
  command.params['name'] = name unless name.nil?
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. @param [Fixnum] page_size

Optional limit on the number of roles to include in the response. The default
is 300, and the maximum is 1,000.

@param [String] page_token

Optional pagination token returned in an earlier ListRolesResponse.

@param [String] parent

The `parent` parameter's value depends on the target resource for the request,
namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
organizations.roles). Each resource type's `parent` value format is described
below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
This method doesn't require a resource; it simply returns all [predefined
roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example
request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](
/iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This
method lists all project-level [custom roles](/iam/docs/understanding-custom-
roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/
organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method
lists all organization-level [custom roles](/iam/docs/understanding-custom-
roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must
specify a complete project ID or organization ID.

@param [Boolean] show_deleted

Include Roles that have been deleted.

@param [String] view

Optional view for the returned Role objects. When `FULL` is specified, the `
includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not return
the `includedPermissions` field.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ListRolesResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 2188
def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:get, 'v1/roles', options)
  command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::ListRolesResponse
  command.query['pageSize'] = page_size unless page_size.nil?
  command.query['pageToken'] = page_token unless page_token.nil?
  command.query['parent'] = parent unless parent.nil?
  command.query['showDeleted'] = show_deleted unless show_deleted.nil?
  command.query['view'] = view unless view.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Updates the definition of a custom Role. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
value format is described below: * [`projects.roles.patch()`](/iam/reference/
rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
This method updates only [custom roles](/iam/docs/understanding-custom-roles)
that have been created at the project level. Example request URL: `https://iam.
googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch)
: `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
updates only [custom roles](/iam/docs/understanding-custom-roles) that have
been created at the organization level. Example request URL: `https://iam.
googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
Wildcard (*) values are invalid; you must specify a complete project ID or
organization ID.

@param [Google::Apis::IamV1::Role] role_object @param [String] update_mask

A mask describing which fields in the Role have changed.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 366
def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
patch_project_location_workload_identity_pool(name, workload_identity_pool_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Updates an existing WorkloadIdentityPool. @param [String] name

Output only. The resource name of the pool.

@param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object @param [String] update_mask

Required. The list of fields update.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 629
def patch_project_location_workload_identity_pool(name, workload_identity_pool_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation
  command.request_object = workload_identity_pool_object
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
patch_project_location_workload_identity_pool_provider(name, workload_identity_pool_provider_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Updates an existing WorkloadIdentityPoolProvider. @param [String] name

Output only. The resource name of the provider.

@param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object @param [String] update_mask

Required. The list of fields to update.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 876
def patch_project_location_workload_identity_pool_provider(name, workload_identity_pool_provider_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation
  command.request_object = workload_identity_pool_provider_object
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Updates the definition of a custom Role. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
value format is described below: * [`projects.roles.patch()`](/iam/reference/
rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
This method updates only [custom roles](/iam/docs/understanding-custom-roles)
that have been created at the project level. Example request URL: `https://iam.
googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch)
: `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
updates only [custom roles](/iam/docs/understanding-custom-roles) that have
been created at the organization level. Example request URL: `https://iam.
googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
Wildcard (*) values are invalid; you must specify a complete project ID or
organization ID.

@param [Google::Apis::IamV1::Role] role_object @param [String] update_mask

A mask describing which fields in the Role have changed.

@param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1201
def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::Role::Representation
  command.request_object = role_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['updateMask'] = update_mask unless update_mask.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Patches a ServiceAccount. @param [String] name

The resource name of the service account. Use one of the following formats: * `
projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`
/serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard
character instead of the project ID: * `projects/-/serviceAccounts/`
EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible,
avoid using the `-` wildcard character, because it can cause response messages
to contain misleading error codes. For example, if you try to get the service
account `projects/-/serviceAccounts/fake@example.com`, which does not exist,
the response contains an HTTP `403 Forbidden` error instead of a `404 Not
Found` error.

@param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ServiceAccount]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1574
def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:patch, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
  command.request_object = patch_service_account_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role. @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::QueryGrantableRolesResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 2222
def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
  command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
  command.request_object = query_grantable_roles_request_object
  command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the [Logging documentation](cloud.google.com/logging/docs/audit). @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::QueryAuditableServicesResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 108
def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
  command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
  command.request_object = query_auditable_services_request_object
  command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource. @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::QueryTestablePermissionsResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 446
def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
  command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
  command.request_object = query_testable_permissions_request_object
  command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a member the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's ` getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Granting roles to a service account for specific resources]( cloud.google.com/iam/help/service-accounts/granting-access-to-service- accounts). @param [String] resource

REQUIRED: The resource for which the policy is being specified. See the
operation documentation for the appropriate value for this field.

@param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Policy] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Policy]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1618
def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
  command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
  command.request_object = set_iam_policy_request_object
  command.response_representation = Google::Apis::IamV1::Policy::Representation
  command.response_class = Google::Apis::IamV1::Policy
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Note: This method is deprecated. Use the [`signBlob`](cloud.google. com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](cloud.google.com/iam/help/ credentials/migrate-api) for instructions. Signs a blob using the system- managed private key for a ServiceAccount. @param [String] name

Required. Deprecated. [Migrate to Service Account Credentials API](https://
cloud.google.com/iam/help/credentials/migrate-api). The resource name of the
service account in the following format: `projects/`PROJECT_ID`/
serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will
infer the project from the account. The `ACCOUNT` value can be the `email`
address or the `unique_id` of the service account.

@param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::SignBlobResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1661
def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
  command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
  command.request_object = sign_blob_request_object
  command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
  command.response_class = Google::Apis::IamV1::SignBlobResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Note: This method is deprecated. Use the [`signJwt`](cloud.google. com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](cloud.google.com/iam/help/ credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount. @param [String] name

Required. Deprecated. [Migrate to Service Account Credentials API](https://
cloud.google.com/iam/help/credentials/migrate-api). The resource name of the
service account in the following format: `projects/`PROJECT_ID`/
serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will
infer the project from the account. The `ACCOUNT` value can be the `email`
address or the `unique_id` of the service account.

@param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::SignJwtResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1704
def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
  command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
  command.request_object = sign_jwt_request_object
  command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
  command.response_class = Google::Apis::IamV1::SignJwtResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Tests whether the caller has the specified permissions on a ServiceAccount. @param [String] resource

REQUIRED: The resource for which the policy detail is being requested. See the
operation documentation for the appropriate value for this field.

@param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::TestIamPermissionsResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1738
def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
  command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
  command.request_object = test_iam_permissions_request_object
  command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
  command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
  command.params['resource'] = resource unless resource.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Undeletes a custom Role. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
value format is described below: * [`projects.roles.undelete()`](/iam/
reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`
CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the project level.
Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/
rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/`
CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the organization level.
Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
you must specify a complete project ID or organization ID.

@param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 414
def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Undeletes a custom Role. @param [String] name

The `name` parameter's value depends on the target resource for the request,
namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
(/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
value format is described below: * [`projects.roles.undelete()`](/iam/
reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`
CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the project level.
Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/
rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/`
CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
understanding-custom-roles) that have been created at the organization level.
Example request URL: `https://iam.googleapis.com/v1/organizations/`
ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
you must specify a complete project ID or organization ID.

@param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Role] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Role]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1249
def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
  command.request_object = undelete_role_request_object
  command.response_representation = Google::Apis::IamV1::Role::Representation
  command.response_class = Google::Apis::IamV1::Role
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Restores a deleted ServiceAccount. Important: It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed. @param [String] name

The resource name of the service account in the following format: `projects/`
PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``. Using `-` as a wildcard for
the `PROJECT_ID` will infer the project from the account.

@param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::UndeleteServiceAccountResponse]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1777
def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
  command.request_object = undelete_service_account_request_object
  command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
  command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
undelete_workload_identity_pool(name, undelete_workload_identity_pool_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago. @param [String] name

Required. The name of the pool to undelete.

@param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest] undelete_workload_identity_pool_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 664
def undelete_workload_identity_pool(name, undelete_workload_identity_pool_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest::Representation
  command.request_object = undelete_workload_identity_pool_request_object
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
undelete_workload_identity_pool_provider(name, undelete_workload_identity_pool_provider_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago. @param [String] name

Required. The name of the provider to undelete.

@param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest] undelete_workload_identity_pool_provider_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Operation] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::Operation]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 911
def undelete_workload_identity_pool_provider(name, undelete_workload_identity_pool_provider_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}:undelete', options)
  command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest::Representation
  command.request_object = undelete_workload_identity_pool_provider_request_object
  command.response_representation = Google::Apis::IamV1::Operation::Representation
  command.response_class = Google::Apis::IamV1::Operation
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Note: We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount. You can update only the `display_name` and `description` fields. @param [String] name

The resource name of the service account. Use one of the following formats: * `
projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`
/serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard
character instead of the project ID: * `projects/-/serviceAccounts/`
EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible,
avoid using the `-` wildcard character, because it can cause response messages
to contain misleading error codes. For example, if you try to get the service
account `projects/-/serviceAccounts/fake@example.com`, which does not exist,
the response contains an HTTP `403 Forbidden` error instead of a `404 Not
Found` error.

@param [Google::Apis::IamV1::ServiceAccount] service_account_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ServiceAccount]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 1821
def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:put, 'v1/{+name}', options)
  command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.request_object = service_account_object
  command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccount
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end
upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) click to toggle source

Creates a ServiceAccountKey, using a public key that you provide. @param [String] name

The resource name of the service account in the following format: `projects/`
PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
be the `email` address or the `unique_id` of the service account.

@param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object @param [String] fields

Selector specifying which fields to include in a partial response.

@param [String] quota_user

Available to use for quota purposes for server-side applications. Can be any
arbitrary string assigned to a user, but should not exceed 40 characters.

@param [Google::Apis::RequestOptions] options

Request-specific options

@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed

@return [Google::Apis::IamV1::ServiceAccountKey]

@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required

# File lib/google/apis/iam_v1/service.rb, line 2079
def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
  command = make_simple_command(:post, 'v1/{+name}/keys:upload', options)
  command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation
  command.request_object = upload_service_account_key_request_object
  command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
  command.response_class = Google::Apis::IamV1::ServiceAccountKey
  command.params['name'] = name unless name.nil?
  command.query['fields'] = fields unless fields.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
  execute_or_queue_command(command, &block)
end

Protected Instance Methods

apply_command_defaults(command) click to toggle source
# File lib/google/apis/iam_v1/service.rb, line 2235
def apply_command_defaults(command)
  command.query['key'] = key unless key.nil?
  command.query['quotaUser'] = quota_user unless quota_user.nil?
end