Deletes a ServiceAccount
.
Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use serviceAccounts.disable
instead.
If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use serviceAccounts.disable
to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.
HTTP request
DELETE https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The resource name of the service account. Use one of the following formats:
As an alternative, you can use the
When possible, avoid using the Authorization requires the following IAM permission on the specified resource
|
Request body
The request body must be empty.
Response body
If successful, the response body is an empty JSON object.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
Uses the .NET client library. Uses the Go client library. Uses the Java client library. Uses the Node.js client library. Uses the PHP client library. Uses the Python client library. Uses the Ruby client library.Examples
// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the C# client library by adding a dependency on the relevant NuGet
// package. Libraries published by Google are owned by google-apis-packages:
// https://www.nuget.org/profiles/google-apis-packages
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
using Google.Apis.Iam.v1;
using Newtonsoft.Json;
using System.Threading.Tasks;
namespace IamSample
{
public class IamExample
{
public static void Main(string[] args)
{
IamService iamService = new IamService(new BaseClientService.Initializer
{
HttpClientInitializer = GetCredential(),
ApplicationName = "Google-iamSample/0.1",
});
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
string name = "projects/my-project/serviceAccounts/my-service-account"; // TODO: Update placeholder value.
ProjectsResource.ServiceAccountsResource.DeleteRequest request = iamService.Projects.ServiceAccounts.Delete(name);
// To execute asynchronously in an async method, replace `request.Execute()` as shown:
request.Execute();
// await request.ExecuteAsync();
}
public static GoogleCredential GetCredential()
{
GoogleCredential credential = Task.Run(() => GoogleCredential.GetApplicationDefaultAsync()).Result;
if (credential.IsCreateScopedRequired)
{
credential = credential.CreateScoped("https://www.googleapis.com/auth/cloud-platform");
}
return credential;
}
}
}package main
// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk/ and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install and update the Go dependencies by running `go get -u` in the
// project directory.
import (
"fmt"
"log"
"golang.org/x/net/context"
"golang.org/x/oauth2/google"
"google.golang.org/api/iam/v1"
)
func main() {
ctx := context.Background()
iamService, err := iam.NewService(ctx)
if err != nil {
log.Fatal(err)
}
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
name := "projects/my-project/serviceAccounts/my-service-account" // TODO: Update placeholder value.
resp, err := iamService.Projects.ServiceAccounts.Delete(name).Context(ctx).Do()
if err != nil {
log.Fatal(err)
}
// TODO: Change code below to process the `resp` object:
fmt.Printf("%#v\n", resp)
}/*
* BEFORE RUNNING:
* ---------------
* 1. If not already done, enable the Identity and Access Management (IAM) API
* and check the quota for your project at
* https://console.developers.google.com/apis/api/iam
* 2. This sample uses Application Default Credentials for authentication.
* If not already done, install the gcloud CLI from
* https://cloud.google.com/sdk and run
* `gcloud beta auth application-default login`.
* For more information, see
* https://developers.google.com/identity/protocols/application-default-credentials
* 3. Install the Java client library on Maven or Gradle. Check installation
* instructions at https://github.com/google/google-api-java-client.
* On other build systems, you can add the jar files to your project from
* https://developers.google.com/resources/api-libraries/download/iam/v1/java
*/
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
public class IamExample {
public static void main(String args[]) throws IOException, GeneralSecurityException {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
String name =
"projects/my-project/serviceAccounts/my-service-account"; // TODO: Update placeholder value.
Iam iamService = createIamService();
Iam.Projects.ServiceAccounts.Delete request =
iamService.projects().serviceAccounts().delete(name);
request.execute();
}
public static Iam createIamService() throws IOException, GeneralSecurityException {
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
GoogleCredential credential = GoogleCredential.getApplicationDefault();
if (credential.createScopedRequired()) {
credential =
credential.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
}
return new Iam.Builder(httpTransport, jsonFactory, credential)
.setApplicationName("Google-iamSample/0.1")
.build();
}
}// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
// `npm install googleapis --save`
const {google} = require('googleapis');
const iam = google.iam('v1');
async function main () {
const authClient = await authorize();
const request = {
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
name: 'projects/my-project/serviceAccounts/my-service-account', // TODO: Update placeholder value.
auth: authClient,
};
try {
await iam.projects.serviceAccounts.delete(request);
} catch (err) {
console.error(err);
}
}
main();
async function authorize() {
const auth = new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/cloud-platform']
});
return await auth.getClient();
}<?php
/*
* BEFORE RUNNING:
* ---------------
* 1. If not already done, enable the Identity and Access Management (IAM) API
* and check the quota for your project at
* https://console.developers.google.com/apis/api/iam
* 2. This sample uses Application Default Credentials for authentication.
* If not already done, install the gcloud CLI from
* https://cloud.google.com/sdk and run
* `gcloud beta auth application-default login`.
* For more information, see
* https://developers.google.com/identity/protocols/application-default-credentials
* 3. Install the PHP client library with Composer. Check installation
* instructions at https://github.com/google/google-api-php-client.
*/
// Autoload Composer.
require_once __DIR__ . '/vendor/autoload.php';
$client = new Google_Client();
$client->setApplicationName('Google-iamSample/0.1');
$client->useApplicationDefaultCredentials();
$client->addScope('https://www.googleapis.com/auth/cloud-platform');
$service = new Google_Service_Iam($client);
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
$name = 'projects/my-project/serviceAccounts/my-service-account'; // TODO: Update placeholder value.
$service->projects_serviceAccounts->delete($name);
?>"""
BEFORE RUNNING:
---------------
1. If not already done, enable the Identity and Access Management (IAM) API
and check the quota for your project at
https://console.developers.google.com/apis/api/iam
2. This sample uses Application Default Credentials for authentication.
If not already done, install the gcloud CLI from
https://cloud.google.com/sdk and run
`gcloud beta auth application-default login`.
For more information, see
https://developers.google.com/identity/protocols/application-default-credentials
3. Install the Python client library for Google APIs by running
`pip install --upgrade google-api-python-client`
4. Install the OAuth 2.0 client for Google APIs by running
`pip install --upgrade oauth2client`
"""
from googleapiclient import discovery
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
service = discovery.build('iam', 'v1', credentials=credentials)
# The resource name of the service account in the following format:
# `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
name = 'projects/my-project/serviceAccounts/my-service-account' # TODO: Update placeholder value.
request = service.projects().serviceAccounts().delete(name=name)
request.execute()# BEFORE RUNNING:
# ---------------
# 1. If not already done, enable the Identity and Access Management (IAM) API
# and check the quota for your project at
# https://console.developers.google.com/apis/api/iam
# 2. This sample uses Application Default Credentials for authentication.
# If not already done, install the gcloud CLI from
# https://cloud.google.com/sdk and run
# `gcloud beta auth application-default login`.
# For more information, see
# https://developers.google.com/identity/protocols/application-default-credentials
# 3. Install the Ruby client library and Application Default Credentials
# library by running `gem install google-api-client` and
# `gem install googleauth`
require 'googleauth'
require 'google/apis/iam_v1'
service = Google::Apis::IamV1::IamService.new
service.authorization = \
Google::Auth.get_application_default(['https://www.googleapis.com/auth/cloud-platform'])
# The resource name of the service account in the following format:
# `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
name = 'projects/my-project/serviceAccounts/my-service-account' # TODO: Update placeholder value.
service.delete_project_service_account(name)