Method: roles.list

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

HTTP request

GET https://iam.googleapis.com/v1/roles

The URL uses gRPC Transcoding syntax.

Query parameters

Parameters
parent

string

The parent parameter's value depends on the target resource for the request, namely roles, projects, or organizations. Each resource type's parent value format is described below:

  • roles.list: An empty string. This method doesn't require a resource; it simply returns all predefined roles in IAM. Example request URL: https://iam.googleapis.com/v1/roles

  • projects.roles.list: projects/{PROJECT_ID}. This method lists all project-level custom roles. Example request URL: https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles

  • organizations.roles.list: organizations/{ORGANIZATION_ID}. This method lists all organization-level custom roles. Example request URL: https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles

Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

Authorization requires the following IAM permission on the specified resource parent:

  • iam.roles.list
pageSize

integer

Optional limit on the number of roles to include in the response.

The default is 300, and the maximum is 1,000.

pageToken

string

Optional pagination token returned in an earlier ListRolesResponse.

view

enum (RoleView)

Optional view for the returned Role objects. When FULL is specified, the includedPermissions field is returned, which includes a list of all permissions in the role. The default value is BASIC, which does not return the includedPermissions field.

showDeleted

boolean

Include Roles that have been deleted.

Request body

The request body must be empty.

Response body

If successful, the response body contains an instance of ListRolesResponse.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Beispiele

Verwendet .NET client library.

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the C# client library by adding a dependency on the relevant NuGet
//    package. Libraries published by Google are owned by google-apis-packages:
//    https://www.nuget.org/profiles/google-apis-packages

using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
using Google.Apis.Iam.v1;
using Newtonsoft.Json;
using System;
using System.Threading.Tasks;

using Data = Google.Apis.Iam.v1.Data;

namespace IamSample
{
   
public class IamExample
   
{
       
public static void Main(string[] args)
       
{
           
IamService iamService = new IamService(new BaseClientService.Initializer
           
{
               
HttpClientInitializer = GetCredential(),
               
ApplicationName = "Google-iamSample/0.1",
           
});

           
RolesResource.ListRequest request = iamService.Roles.List();

           
Data.ListRolesResponse response;
           
do
           
{
               
// To execute asynchronously in an async method, replace `request.Execute()` as shown:
                response
= request.Execute();
               
// response = await request.ExecuteAsync();

               
if (response.Roles == null)
               
{
                   
continue;
               
}
               
foreach (Data.Role role in response.Roles)
               
{
                   
// TODO: Change code below to process each `role` resource:
                   
Console.WriteLine(JsonConvert.SerializeObject(role));
               
}
                request
.PageToken = response.NextPageToken;
           
} while (response.NextPageToken != null);
       
}

       
public static GoogleCredential GetCredential()
       
{
           
GoogleCredential credential = Task.Run(() => GoogleCredential.GetApplicationDefaultAsync()).Result;
           
if (credential.IsCreateScopedRequired)
           
{
                credential
= credential.CreateScoped("https://www.googleapis.com/auth/cloud-platform");
           
}
           
return credential;
       
}
   
}
}

Verwendet Go client library.

package main

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk/ and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install and update the Go dependencies by running `go get -u` in the
//    project directory.

import (
       
"fmt"
       
"log"

       
"golang.org/x/net/context"
       
"golang.org/x/oauth2/google"
       
"google.golang.org/api/iam/v1"
)

func main
() {
        ctx
:= context.Background()

        iamService
, err := iam.NewService(ctx)
       
if err != nil {
                log
.Fatal(err)
       
}

        req
:= iamService.Roles.List()
       
if err := req.Pages(ctx, func(page *iam.ListRolesResponse) error {
               
for _, role := range page.Roles {
                       
// TODO: Change code below to process each `role` resource:
                        fmt
.Printf("%#v\n", role)
               
}
               
return nil
       
}); err != nil {
                log
.Fatal(err)
       
}
}

Verwendet Java client library.

/*
 * BEFORE RUNNING:
 * ---------------
 * 1. If not already done, enable the Identity and Access Management (IAM) API
 *    and check the quota for your project at
 *    https://console.developers.google.com/apis/api/iam
 * 2. This sample uses Application Default Credentials for authentication.
 *    If not already done, install the gcloud CLI from
 *    https://cloud.google.com/sdk and run
 *    `gcloud beta auth application-default login`.
 *    For more information, see
 *    https://developers.google.com/identity/protocols/application-default-credentials
 * 3. Install the Java client library on Maven or Gradle. Check installation
 *    instructions at https://github.com/google/google-api-java-client.
 *    On other build systems, you can add the jar files to your project from
 *    https://developers.google.com/resources/api-libraries/download/iam/v1/java
 */

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.model.ListRolesResponse;
import com.google.api.services.iam.v1.model.Role;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;

public class IamExample {
 
public static void main(String args[]) throws IOException, GeneralSecurityException {
   
Iam iamService = createIamService();
   
Iam.Roles.List request = iamService.roles().list();

   
ListRolesResponse response;
   
do {
      response
= request.execute();
     
if (response.getRoles() == null) {
       
continue;
     
}
     
for (Role role : response.getRoles()) {
       
// TODO: Change code below to process each `role` resource:
       
System.out.println(role);
     
}
      request
.setPageToken(response.getNextPageToken());
   
} while (response.getNextPageToken() != null);
 
}

 
public static Iam createIamService() throws IOException, GeneralSecurityException {
   
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
   
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();

   
GoogleCredential credential = GoogleCredential.getApplicationDefault();
   
if (credential.createScopedRequired()) {
      credential
=
          credential
.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
   
}

   
return new Iam.Builder(httpTransport, jsonFactory, credential)
       
.setApplicationName("Google-iamSample/0.1")
       
.build();
 
}
}

Verwendet Node.js client library.

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
//    `npm install googleapis --save`

const {google} = require('googleapis');
const iam = google.iam('v1');

async
function main () {
 
const authClient = await authorize();
 
const request = {
    auth
: authClient,
 
};

  let response
;
 
do {
   
if (response && response.nextPageToken) {
      request
.pageToken = response.nextPageToken;
   
}
    response
= (await iam.roles.list(request)).data;
   
const rolesPage = response.roles;
   
if (rolesPage) {
     
for (let i = 0; i < rolesPage.length; i++) {
       
// TODO: Change code below to process each resource in `rolesPage`:
        console
.log(JSON.stringify(rolesPage[i], null, 2));
     
}
   
}
 
} while (response.nextPageToken);
}
main
();

async
function authorize() {
 
const auth = new google.auth.GoogleAuth({
    scopes
: ['https://www.googleapis.com/auth/cloud-platform']
 
});
 
return await auth.getClient();
}

Verwendet PHP client library.

<?php
/*
 * BEFORE RUNNING:
 * ---------------
 * 1. If not already done, enable the Identity and Access Management (IAM) API
 *    and check the quota for your project at
 *    https://console.developers.google.com/apis/api/iam
 * 2. This sample uses Application Default Credentials for authentication.
 *    If not already done, install the gcloud CLI from
 *    https://cloud.google.com/sdk and run
 *    `gcloud beta auth application-default login`.
 *    For more information, see
 *    https://developers.google.com/identity/protocols/application-default-credentials
 * 3. Install the PHP client library with Composer. Check installation
 *    instructions at https://github.com/google/google-api-php-client.
 */


// Autoload Composer.
require_once __DIR__
. '/vendor/autoload.php';

$client
= new Google_Client();
$client
->setApplicationName('Google-iamSample/0.1');
$client
->useApplicationDefaultCredentials();
$client
->addScope('https://www.googleapis.com/auth/cloud-platform');

$service
= new Google_Service_Iam($client);

$optParams
= [];

do {
  $response
= $service->roles->listRoles($optParams);

 
foreach ($response['roles'] as $role) {
   
// TODO: Change code below to process each `role` resource:
    echo
'<pre>', var_export($role, true), '</pre>', "\n";
 
}

  $optParams
['pageToken'] = $response->getNextPageToken();
} while ($optParams['pageToken']);
?>

Verwendet Python client library.

"""
BEFORE RUNNING:
---------------
1. If not already done, enable the Identity and Access Management (IAM) API
   and check the quota for your project at
   https://console.developers.google.com/apis/api/iam
2. This sample uses Application Default Credentials for authentication.
   If not already done, install the gcloud CLI from
   https://cloud.google.com/sdk and run
   `gcloud beta auth application-default login`.
   For more information, see
   https://developers.google.com/identity/protocols/application-default-credentials
3. Install the Python client library for Google APIs by running
   `pip install --upgrade google-api-python-client`
4. Install the OAuth 2.0 client for Google APIs by running
   `pip install --upgrade oauth2client`
"""

from pprint import pprint

from googleapiclient import discovery
from oauth2client.client import GoogleCredentials

credentials
= GoogleCredentials.get_application_default()

service
= discovery.build('iam', 'v1', credentials=credentials)

request
= service.roles().list()
while True:
    response
= request.execute()

   
for role in response.get('roles', []):
       
# TODO: Change code below to process each `role` resource:
        pprint
(role)

    request
= service.roles().list_next(previous_request=request, previous_response=response)
   
if request is None:
       
break

Verwendet Ruby client library.

# BEFORE RUNNING:
# ---------------
# 1. If not already done, enable the Identity and Access Management (IAM) API
#    and check the quota for your project at
#    https://console.developers.google.com/apis/api/iam
# 2. This sample uses Application Default Credentials for authentication.
#    If not already done, install the gcloud CLI from
#    https://cloud.google.com/sdk and run
#    `gcloud beta auth application-default login`.
#    For more information, see
#    https://developers.google.com/identity/protocols/application-default-credentials
# 3. Install the Ruby client library and Application Default Credentials
#    library by running `gem install google-api-client` and
#    `gem install googleauth`

require 'googleauth'
require 'google/apis/iam_v1'

service
= Google::Apis::IamV1::IamService.new

service
.authorization = \
   
Google::Auth.get_application_default(['https://www.googleapis.com/auth/cloud-platform'])

roles
= service.fetch_all(items: :roles) do |token|
  service
.list_roles(page_token: token)
end

roles
.each do |role|
 
# TODO: Change code below to process each `role` resource:
  puts role
.to_json
end