Method: projects.serviceAccounts.undelete

Restores a deleted ServiceAccount.

Important: It is not always possible to restore a deleted service account. Use this method only as a last resort.

After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:undelete

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

The resource name of the service account.

Use one of the following formats:

  • projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}
  • projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}

As an alternative, you can use the - wildcard character instead of the project ID:

  • projects/-/serviceAccounts/{EMAIL_ADDRESS}
  • projects/-/serviceAccounts/{UNIQUE_ID}

When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

Authorization requires the following IAM permission on the specified resource name:

  • iam.serviceAccounts.undelete

Request body

The request body must be empty.

Response body

If successful, the response body contains data with the following structure:

JSON representation
{
  "restoredAccount": {
    object (ServiceAccount)
  }
}
Fields
restoredAccount

object (ServiceAccount)

Metadata for the restored service account.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Examples

Node.js

Uses the Node.js client library.

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
//    `npm install googleapis --save`

const {google} = require('googleapis');
const iam = google.iam('v1');

async
function main () {
 
const authClient = await authorize();
 
const request = {
   
// The resource name of the service account in the following format:
   
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`.
   
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
   
// the account.
    name
: 'projects/my-project/serviceAccounts/my-service-account',  // TODO: Update placeholder value.

    resource
: {
     
// TODO: Add desired properties to the request body.
   
},

    auth
: authClient,
 
};

 
try {
   
const response = (await iam.projects.serviceAccounts.undelete(request)).data;
   
// TODO: Change code below to process the `response` object:
    console
.log(JSON.stringify(response, null, 2));
 
} catch (err) {
    console
.error(err);
 
}
}
main
();

async
function authorize() {
 
const auth = new google.auth.GoogleAuth({
    scopes
: ['https://www.googleapis.com/auth/cloud-platform']
 
});
 
return await auth.getClient();
}