Class ProjectsClient (2.11.0)

Manages Google Cloud Projects.

Equality

Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection> objects compare equal. Objects that compare equal share the same underlying resources.

Performance

Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.

Thread Safety

Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.

Constructors

ProjectsClient(ProjectsClient const &)

Copy and move support

Parameter
Name Description
ProjectsClient const &

ProjectsClient(ProjectsClient &&)

Copy and move support

Parameter
Name Description
ProjectsClient &&

ProjectsClient(std::shared_ptr< ProjectsConnection >, Options)

Parameters
Name Description
connection std::shared_ptr< ProjectsConnection >
opts Options

Operators

operator=(ProjectsClient const &)

Copy and move support

Parameter
Name Description
ProjectsClient const &
Returns
Type Description
ProjectsClient &

operator=(ProjectsClient &&)

Copy and move support

Parameter
Name Description
ProjectsClient &&
Returns
Type Description
ProjectsClient &

Functions

GetProject(std::string const &, Options)

Retrieves the project identified by the specified name (for example, projects/415104041262).

The caller must have resourcemanager.projects.get permission for this project.

Parameters
Name Description
name std::string const &

Required. The name of the project (for example, projects/415104041262).

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::resourcemanager::v3::Project >

the result of the RPC. The response message type (google.cloud.resourcemanager.v3.Project) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetProject(google::cloud::resourcemanager::v3::GetProjectRequest const &, Options)

Retrieves the project identified by the specified name (for example, projects/415104041262).

The caller must have resourcemanager.projects.get permission for this project.

Parameters
Name Description
request google::cloud::resourcemanager::v3::GetProjectRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.GetProjectRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::resourcemanager::v3::Project >

the result of the RPC. The response message type (google.cloud.resourcemanager.v3.Project) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

ListProjects(std::string const &, Options)

Lists projects that are direct children of the specified folder or organization resource.

list() provides a strongly consistent view of the projects underneath the specified parent resource. list() returns projects sorted based upon the (ascending) lexical ordering of their display_name. The caller must have resourcemanager.projects.list permission on the identified parent.

Parameters
Name Description
parent std::string const &

Required. The name of the parent resource whose projects are being listed. Only children of this parent resource are listed; descendants are not listed.
If the parent is a folder, use the value folders/{folder_id}. If the parent is an organization, use the value organizations/{org_id}.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::resourcemanager::v3::Project >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.resourcemanager.v3.Project, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListProjects(google::cloud::resourcemanager::v3::ListProjectsRequest, Options)

Lists projects that are direct children of the specified folder or organization resource.

list() provides a strongly consistent view of the projects underneath the specified parent resource. list() returns projects sorted based upon the (ascending) lexical ordering of their display_name. The caller must have resourcemanager.projects.list permission on the identified parent.

Parameters
Name Description
request google::cloud::resourcemanager::v3::ListProjectsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.ListProjectsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::resourcemanager::v3::Project >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.resourcemanager.v3.Project, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

SearchProjects(std::string const &, Options)

Search for projects that the caller has both resourcemanager.projects.get permission on, and also satisfy the specified query.

This method returns projects in an unspecified order.

This method is eventually consistent with project mutations; this means that a newly created project may not appear in the results or recent updates to an existing project may not be reflected in the results. To retrieve the latest state of a project, use the GetProject method.

Parameters
Name Description
query std::string const &

Optional. A query string for searching for projects that the caller has resourcemanager.projects.get permission to. If multiple fields are included in the query, then it will return results that match any of the fields. Some eligible fields are:

  • displayName, name: Filters by displayName.
  • parent: Project's parent (for example: folders/123, organizations/*). Prefer parent field over parent.type and parent.id.
  • parent.type: Parent's type: folder or organization.
  • parent.id: Parent's id number (for example: 123).
  • id, projectId: Filters by projectId.
  • state, lifecycleState: Filters by state.
  • labels: Filters by label name or value.
  • labels.<key> (where <key> is the name of a label): Filters by label name.
    Search expressions are case insensitive.
    Some examples queries:
  • name:how*: The project's name starts with "how".
  • name:Howl: The project's name is Howl or howl.
  • name:HOWL: Equivalent to above.
  • NAME:howl: Equivalent to above.
  • labels.color:*: The project has the label color.
  • labels.color:red: The project's label color has the value red.
  • labels.color:red labels.size:big: The project's label color has the value red or its label size has the value big.
    If no query is specified, the call will return projects for which the user has the resourcemanager.projects.get permission.
opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::resourcemanager::v3::Project >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.resourcemanager.v3.Project, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

SearchProjects(google::cloud::resourcemanager::v3::SearchProjectsRequest, Options)

Search for projects that the caller has both resourcemanager.projects.get permission on, and also satisfy the specified query.

This method returns projects in an unspecified order.

This method is eventually consistent with project mutations; this means that a newly created project may not appear in the results or recent updates to an existing project may not be reflected in the results. To retrieve the latest state of a project, use the GetProject method.

Parameters
Name Description
request google::cloud::resourcemanager::v3::SearchProjectsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.SearchProjectsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::resourcemanager::v3::Project >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.resourcemanager.v3.Project, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

CreateProject(google::cloud::resourcemanager::v3::Project const &, Options)

Request that a new project be created.

The result is an Operation which can be used to track the creation process. This process usually takes a few seconds, but can sometimes take much longer. The tracking Operation is automatically deleted after a few hours, so there is no need to call DeleteOperation.

Parameters
Name Description
project google::cloud::resourcemanager::v3::Project const &

Required. The Project to create.
Project ID is required. If the requested ID is unavailable, the request fails.
If the parent field is set, the resourcemanager.projects.create permission is checked on the parent resource. If no parent is set and the authorization credentials belong to an Organization, the parent will be set to that Organization.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

CreateProject(google::cloud::resourcemanager::v3::CreateProjectRequest const &, Options)

Request that a new project be created.

The result is an Operation which can be used to track the creation process. This process usually takes a few seconds, but can sometimes take much longer. The tracking Operation is automatically deleted after a few hours, so there is no need to call DeleteOperation.

Parameters
Name Description
request google::cloud::resourcemanager::v3::CreateProjectRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.CreateProjectRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

UpdateProject(google::cloud::resourcemanager::v3::Project const &, google::protobuf::FieldMask const &, Options)

Updates the display_name and labels of the project identified by the specified name (for example, projects/415104041262).

Deleting all labels requires an update mask for labels field.

The caller must have resourcemanager.projects.update permission for this project.

Parameters
Name Description
project google::cloud::resourcemanager::v3::Project const &

Required. The new definition of the project.

update_mask google::protobuf::FieldMask const &

Optional. An update mask to selectively update fields.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

UpdateProject(google::cloud::resourcemanager::v3::UpdateProjectRequest const &, Options)

Updates the display_name and labels of the project identified by the specified name (for example, projects/415104041262).

Deleting all labels requires an update mask for labels field.

The caller must have resourcemanager.projects.update permission for this project.

Parameters
Name Description
request google::cloud::resourcemanager::v3::UpdateProjectRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.UpdateProjectRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

MoveProject(std::string const &, std::string const &, Options)

Move a project to another place in your resource hierarchy, under a new resource parent.

Returns an operation which can be used to track the process of the project move workflow. Upon success, the Operation.response field will be populated with the moved project.

The caller must have resourcemanager.projects.move permission on the project, on the project's current and proposed new parent.

If project has no current parent, or it currently does not have an associated organization resource, you will also need the resourcemanager.projects.setIamPolicy permission in the project.

Parameters
Name Description
name std::string const &

Required. The name of the project to move.

destination_parent std::string const &

Required. The new parent to move the Project under.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

MoveProject(google::cloud::resourcemanager::v3::MoveProjectRequest const &, Options)

Move a project to another place in your resource hierarchy, under a new resource parent.

Returns an operation which can be used to track the process of the project move workflow. Upon success, the Operation.response field will be populated with the moved project.

The caller must have resourcemanager.projects.move permission on the project, on the project's current and proposed new parent.

If project has no current parent, or it currently does not have an associated organization resource, you will also need the resourcemanager.projects.setIamPolicy permission in the project.

Parameters
Name Description
request google::cloud::resourcemanager::v3::MoveProjectRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.MoveProjectRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

DeleteProject(std::string const &, Options)

Marks the project identified by the specified name (for example, projects/415104041262) for deletion.

This method will only affect the project if it has a lifecycle state of ACTIVE.

This method changes the Project's lifecycle state from ACTIVE to DELETE_REQUESTED. The deletion starts at an unspecified time, at which point the Project is no longer accessible.

Until the deletion completes, you can check the lifecycle state checked by retrieving the project with [GetProject] [google.cloud.resourcemanager.v3.Projects.GetProject], and the project remains visible to [ListProjects] [google.cloud.resourcemanager.v3.Projects.ListProjects]. However, you cannot update the project.

After the deletion completes, the project is not retrievable by the [GetProject] [google.cloud.resourcemanager.v3.Projects.GetProject], [ListProjects] [google.cloud.resourcemanager.v3.Projects.ListProjects], and SearchProjects methods.

This method behaves idempotently, such that deleting a DELETE_REQUESTED project will not cause an error, but also won't do anything.

The caller must have resourcemanager.projects.delete permissions for this project.

Parameters
Name Description
name std::string const &

Required. The name of the Project (for example, projects/415104041262).

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

DeleteProject(google::cloud::resourcemanager::v3::DeleteProjectRequest const &, Options)

Marks the project identified by the specified name (for example, projects/415104041262) for deletion.

This method will only affect the project if it has a lifecycle state of ACTIVE.

This method changes the Project's lifecycle state from ACTIVE to DELETE_REQUESTED. The deletion starts at an unspecified time, at which point the Project is no longer accessible.

Until the deletion completes, you can check the lifecycle state checked by retrieving the project with [GetProject] [google.cloud.resourcemanager.v3.Projects.GetProject], and the project remains visible to [ListProjects] [google.cloud.resourcemanager.v3.Projects.ListProjects]. However, you cannot update the project.

After the deletion completes, the project is not retrievable by the [GetProject] [google.cloud.resourcemanager.v3.Projects.GetProject], [ListProjects] [google.cloud.resourcemanager.v3.Projects.ListProjects], and SearchProjects methods.

This method behaves idempotently, such that deleting a DELETE_REQUESTED project will not cause an error, but also won't do anything.

The caller must have resourcemanager.projects.delete permissions for this project.

Parameters
Name Description
request google::cloud::resourcemanager::v3::DeleteProjectRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.DeleteProjectRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

UndeleteProject(std::string const &, Options)

Restores the project identified by the specified name (for example, projects/415104041262).

You can only use this method for a project that has a lifecycle state of [DELETE_REQUESTED] [Projects.State.DELETE_REQUESTED]. After deletion starts, the project cannot be restored.

The caller must have resourcemanager.projects.undelete permission for this project.

Parameters
Name Description
name std::string const &

Required. The name of the project (for example, projects/415104041262).
Required.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

UndeleteProject(google::cloud::resourcemanager::v3::UndeleteProjectRequest const &, Options)

Restores the project identified by the specified name (for example, projects/415104041262).

You can only use this method for a project that has a lifecycle state of [DELETE_REQUESTED] [Projects.State.DELETE_REQUESTED]. After deletion starts, the project cannot be restored.

The caller must have resourcemanager.projects.undelete permission for this project.

Parameters
Name Description
request google::cloud::resourcemanager::v3::UndeleteProjectRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.resourcemanager.v3.UndeleteProjectRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
future< StatusOr< google::cloud::resourcemanager::v3::Project > >

A future that becomes satisfied when the LRO (Long Running Operation) completes or the polling policy in effect for this call is exhausted. The future is satisfied with an error if the LRO completes with an error or the polling policy is exhausted. In this case the StatusOr returned by the future contains the error. If the LRO completes successfully the value of the future contains the LRO's result. For this RPC the result is a google.cloud.resourcemanager.v3.Project proto message. The C++ class representing this message is created by Protobuf, using the Protobuf mapping rules.

GetIamPolicy(std::string const &, Options)

Returns the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g.

projects/123. Permission is denied if the policy or the resource do not exist.

Parameters
Name Description
resource std::string const &

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::iam::v1::Policy >

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetIamPolicy(google::iam::v1::GetIamPolicyRequest const &, Options)

Returns the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g.

projects/123. Permission is denied if the policy or the resource do not exist.

Parameters
Name Description
request google::iam::v1::GetIamPolicyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.v1.GetIamPolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::iam::v1::Policy >

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

SetIamPolicy(std::string const &, google::iam::v1::Policy const &, Options)

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g.

projects/123.

CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings.

Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles.

The following constraints apply when using setIamPolicy():

  • Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy.
  • The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization.
  • Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation.
  • A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation.
  • Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console.
  • If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.
Parameters
Name Description
resource std::string const &

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

policy google::iam::v1::Policy const &

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::iam::v1::Policy >

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

SetIamPolicy(google::iam::v1::SetIamPolicyRequest const &, Options)

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g.

projects/123.

CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings.

Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles.

The following constraints apply when using setIamPolicy():

  • Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy.
  • The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization.
  • Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation.
  • A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation.
  • Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console.
  • If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.
Parameters
Name Description
request google::iam::v1::SetIamPolicyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.v1.SetIamPolicyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::iam::v1::Policy >

the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

TestIamPermissions(std::string const &, std::vector< std::string > const &, Options)

Returns permissions that a caller has on the specified project, in the format projects/{ProjectIdOrNumber} e.g.

projects/123..

Parameters
Name Description
resource std::string const &

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

permissions std::vector< std::string > const &

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::iam::v1::TestIamPermissionsResponse >

the result of the RPC. The response message type (google.iam.v1.TestIamPermissionsResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

TestIamPermissions(google::iam::v1::TestIamPermissionsRequest const &, Options)

Returns permissions that a caller has on the specified project, in the format projects/{ProjectIdOrNumber} e.g.

projects/123..

Parameters
Name Description
request google::iam::v1::TestIamPermissionsRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.iam.v1.TestIamPermissionsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::iam::v1::TestIamPermissionsResponse >

the result of the RPC. The response message type (google.iam.v1.TestIamPermissionsResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.