Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API.

Service: iam.googleapis.com

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://iam.googleapis.com

REST Resource: v3beta.folders.locations.operations

Methods
get GET /v3beta/{name=folders/*/locations/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v3beta.folders.locations.policyBindings

Methods
create POST /v3beta/{parent=folders/*/locations/*}/policyBindings
Creates a policy binding and returns a long-running operation.
delete DELETE /v3beta/{name=folders/*/locations/*/policyBindings/*}
Deletes a policy binding and returns a long-running operation.
get GET /v3beta/{name=folders/*/locations/*/policyBindings/*}
Gets a policy binding.
list GET /v3beta/{parent=folders/*/locations/*}/policyBindings
Lists policy bindings.
patch PATCH /v3beta/{policyBinding.name=folders/*/locations/*/policyBindings/*}
Updates a policy binding and returns a long-running operation.
searchTargetPolicyBindings GET /v3beta/{parent=folders/*/locations/*}/policyBindings:searchTargetPolicyBindings
Search policy bindings by target.

REST Resource: v3beta.organizations.locations.operations

Methods
get GET /v3beta/{name=organizations/*/locations/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v3beta.organizations.locations.policyBindings

Methods
create POST /v3beta/{parent=organizations/*/locations/*}/policyBindings
Creates a policy binding and returns a long-running operation.
delete DELETE /v3beta/{name=organizations/*/locations/*/policyBindings/*}
Deletes a policy binding and returns a long-running operation.
get GET /v3beta/{name=organizations/*/locations/*/policyBindings/*}
Gets a policy binding.
list GET /v3beta/{parent=organizations/*/locations/*}/policyBindings
Lists policy bindings.
patch PATCH /v3beta/{policyBinding.name=organizations/*/locations/*/policyBindings/*}
Updates a policy binding and returns a long-running operation.
searchTargetPolicyBindings GET /v3beta/{parent=organizations/*/locations/*}/policyBindings:searchTargetPolicyBindings
Search policy bindings by target.

REST Resource: v3beta.organizations.locations.principalAccessBoundaryPolicies

Methods
create POST /v3beta/{parent=organizations/*/locations/*}/principalAccessBoundaryPolicies
Creates a principal access boundary policy, and returns a long running operation.
delete DELETE /v3beta/{name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}
Deletes a principal access boundary policy.
get GET /v3beta/{name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}
Gets a principal access boundary policy.
list GET /v3beta/{parent=organizations/*/locations/*}/principalAccessBoundaryPolicies
Lists principal access boundary policies.
patch PATCH /v3beta/{principalAccessBoundaryPolicy.name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}
Updates a principal access boundary policy.
searchPolicyBindings GET /v3beta/{name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}:searchPolicyBindings
Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.

REST Resource: v3beta.projects.locations.operations

Methods
get GET /v3beta/{name=projects/*/locations/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v3beta.projects.locations.policyBindings

Methods
create POST /v3beta/{parent=projects/*/locations/*}/policyBindings
Creates a policy binding and returns a long-running operation.
delete DELETE /v3beta/{name=projects/*/locations/*/policyBindings/*}
Deletes a policy binding and returns a long-running operation.
get GET /v3beta/{name=projects/*/locations/*/policyBindings/*}
Gets a policy binding.
list GET /v3beta/{parent=projects/*/locations/*}/policyBindings
Lists policy bindings.
patch PATCH /v3beta/{policyBinding.name=projects/*/locations/*/policyBindings/*}
Updates a policy binding and returns a long-running operation.
searchTargetPolicyBindings GET /v3beta/{parent=projects/*/locations/*}/policyBindings:searchTargetPolicyBindings
Search policy bindings by target.

REST Resource: v3.folders.locations.operations

Methods
get GET /v3/{name=folders/*/locations/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v3.folders.locations.policyBindings

Methods
create POST /v3/{parent=folders/*/locations/*}/policyBindings
Creates a policy binding and returns a long-running operation.
delete DELETE /v3/{name=folders/*/locations/*/policyBindings/*}
Deletes a policy binding and returns a long-running operation.
get GET /v3/{name=folders/*/locations/*/policyBindings/*}
Gets a policy binding.
list GET /v3/{parent=folders/*/locations/*}/policyBindings
Lists policy bindings.
patch PATCH /v3/{policyBinding.name=folders/*/locations/*/policyBindings/*}
Updates a policy binding and returns a long-running operation.
searchTargetPolicyBindings GET /v3/{parent=folders/*/locations/*}/policyBindings:searchTargetPolicyBindings
Search policy bindings by target.

REST Resource: v3.organizations.locations.operations

Methods
get GET /v3/{name=organizations/*/locations/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v3.organizations.locations.policyBindings

Methods
create POST /v3/{parent=organizations/*/locations/*}/policyBindings
Creates a policy binding and returns a long-running operation.
delete DELETE /v3/{name=organizations/*/locations/*/policyBindings/*}
Deletes a policy binding and returns a long-running operation.
get GET /v3/{name=organizations/*/locations/*/policyBindings/*}
Gets a policy binding.
list GET /v3/{parent=organizations/*/locations/*}/policyBindings
Lists policy bindings.
patch PATCH /v3/{policyBinding.name=organizations/*/locations/*/policyBindings/*}
Updates a policy binding and returns a long-running operation.
searchTargetPolicyBindings GET /v3/{parent=organizations/*/locations/*}/policyBindings:searchTargetPolicyBindings
Search policy bindings by target.

REST Resource: v3.organizations.locations.principalAccessBoundaryPolicies

Methods
create POST /v3/{parent=organizations/*/locations/*}/principalAccessBoundaryPolicies
Creates a principal access boundary policy, and returns a long running operation.
delete DELETE /v3/{name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}
Deletes a principal access boundary policy.
get GET /v3/{name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}
Gets a principal access boundary policy.
list GET /v3/{parent=organizations/*/locations/*}/principalAccessBoundaryPolicies
Lists principal access boundary policies.
patch PATCH /v3/{principalAccessBoundaryPolicy.name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}
Updates a principal access boundary policy.
searchPolicyBindings GET /v3/{name=organizations/*/locations/*/principalAccessBoundaryPolicies/*}:searchPolicyBindings
Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.

REST Resource: v3.projects.locations.operations

Methods
get GET /v3/{name=projects/*/locations/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v3.projects.locations.policyBindings

Methods
create POST /v3/{parent=projects/*/locations/*}/policyBindings
Creates a policy binding and returns a long-running operation.
delete DELETE /v3/{name=projects/*/locations/*/policyBindings/*}
Deletes a policy binding and returns a long-running operation.
get GET /v3/{name=projects/*/locations/*/policyBindings/*}
Gets a policy binding.
list GET /v3/{parent=projects/*/locations/*}/policyBindings
Lists policy bindings.
patch PATCH /v3/{policyBinding.name=projects/*/locations/*/policyBindings/*}
Updates a policy binding and returns a long-running operation.
searchTargetPolicyBindings GET /v3/{parent=projects/*/locations/*}/policyBindings:searchTargetPolicyBindings
Search policy bindings by target.

REST Resource: v2beta.policies

Methods
createPolicy POST /v2beta/{parent=policies/*/*}
Creates a policy.
delete DELETE /v2beta/{name=policies/*/*/*}
Deletes a policy.
get GET /v2beta/{name=policies/*/*/*}
Gets a policy.
listPolicies GET /v2beta/{parent=policies/*/*}
Retrieves the policies of the specified kind that are attached to a resource.
update PUT /v2beta/{policy.name=policies/*/*/*}
Updates the specified policy.

REST Resource: v2beta.policies.operations

Methods
get GET /v2beta/{name=policies/*/*/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v2.policies

Methods
createPolicy POST /v2/{parent=policies/*/*}
Creates a policy.
delete DELETE /v2/{name=policies/*/*/*}
Deletes a policy.
get GET /v2/{name=policies/*/*/*}
Gets a policy.
listPolicies GET /v2/{parent=policies/*/*}
Retrieves the policies of the specified kind that are attached to a resource.
update PUT /v2/{policy.name=policies/*/*/*}
Updates the specified policy.

REST Resource: v2.policies.operations

Methods
get GET /v2/{name=policies/*/*/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v1beta.projects.locations.workloadIdentityPools

Methods
create POST /v1beta/{parent=projects/*/locations/*}/workloadIdentityPools
Creates a new WorkloadIdentityPool.
delete DELETE /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*}
Deletes a WorkloadIdentityPool.
get GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*}
Gets an individual WorkloadIdentityPool.
list GET /v1beta/{parent=projects/*/locations/*}/workloadIdentityPools
Lists all non-deleted WorkloadIdentityPools in a project.
patch PATCH /v1beta/{workloadIdentityPool.name=projects/*/locations/*/workloadIdentityPools/*}
Updates an existing WorkloadIdentityPool.
undelete POST /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*}:undelete
Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.

REST Resource: v1beta.projects.locations.workloadIdentityPools.operations

Methods
get GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v1beta.projects.locations.workloadIdentityPools.providers

Methods
create POST /v1beta/{parent=projects/*/locations/*/workloadIdentityPools/*}/providers
Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool.
delete DELETE /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*}
Deletes a WorkloadIdentityPoolProvider.
get GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*}
Gets an individual WorkloadIdentityPoolProvider.
list GET /v1beta/{parent=projects/*/locations/*/workloadIdentityPools/*}/providers
Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool.
patch PATCH /v1beta/{workloadIdentityPoolProvider.name=projects/*/locations/*/workloadIdentityPools/*/providers/*}
Updates an existing WorkloadIdentityPoolProvider.
undelete POST /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*}:undelete
Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.

REST Resource: v1beta.projects.locations.workloadIdentityPools.providers.operations

Methods
get GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v1.iamPolicies

Methods
lintPolicy POST /v1/iamPolicies:lintPolicy
Lints, or validates, an IAM policy.
queryAuditableServices POST /v1/iamPolicies:queryAuditableServices
Returns a list of services that allow you to opt into audit logs that are not generated by default.

REST Resource: v1.locations.workforcePools

Methods
create POST /v1/{location=locations/*}/workforcePools
Creates a new WorkforcePool.
delete DELETE /v1/{name=locations/*/workforcePools/*}
Deletes a WorkforcePool.
get GET /v1/{name=locations/*/workforcePools/*}
Gets an individual WorkforcePool.
getIamPolicy POST /v1/{resource=locations/*/workforcePools/*}:getIamPolicy
Gets IAM policies on a WorkforcePool.
list GET /v1/{location=locations/*}/workforcePools
Lists all non-deleted WorkforcePools under the specified parent.
patch PATCH /v1/{workforcePool.name=locations/*/workforcePools/*}
Updates an existing WorkforcePool.
setIamPolicy POST /v1/{resource=locations/*/workforcePools/*}:setIamPolicy
Sets IAM policies on a WorkforcePool.
testIamPermissions POST /v1/{resource=locations/*/workforcePools/*}:testIamPermissions
Returns the caller's permissions on the WorkforcePool.
undelete POST /v1/{name=locations/*/workforcePools/*}:undelete
Undeletes a WorkforcePool, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.locations.workforcePools.operations

Methods
get GET /v1/{name=locations/*/workforcePools/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v1.locations.workforcePools.providers

Methods
create POST /v1/{parent=locations/*/workforcePools/*}/providers
Creates a new WorkforcePoolProvider in a WorkforcePool.
delete DELETE /v1/{name=locations/*/workforcePools/*/providers/*}
Deletes a WorkforcePoolProvider.
get GET /v1/{name=locations/*/workforcePools/*/providers/*}
Gets an individual WorkforcePoolProvider.
list GET /v1/{parent=locations/*/workforcePools/*}/providers
Lists all non-deleted WorkforcePoolProviders in a WorkforcePool.
patch PATCH /v1/{workforcePoolProvider.name=locations/*/workforcePools/*/providers/*}
Updates an existing WorkforcePoolProvider.
undelete POST /v1/{name=locations/*/workforcePools/*/providers/*}:undelete
Undeletes a WorkforcePoolProvider, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.locations.workforcePools.providers.keys

Methods
create POST /v1/{parent=locations/*/workforcePools/*/providers/*}/keys
Creates a new WorkforcePoolProviderKey in a WorkforcePoolProvider.
delete DELETE /v1/{name=locations/*/workforcePools/*/providers/*/keys/*}
Deletes a WorkforcePoolProviderKey.
get GET /v1/{name=locations/*/workforcePools/*/providers/*/keys/*}
Gets a WorkforcePoolProviderKey.
list GET /v1/{parent=locations/*/workforcePools/*/providers/*}/keys
Lists all non-deleted WorkforcePoolProviderKeys in a WorkforcePoolProvider.
undelete POST /v1/{name=locations/*/workforcePools/*/providers/*/keys/*}:undelete
Undeletes a WorkforcePoolProviderKey, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.locations.workforcePools.providers.operations

Methods
get GET /v1/{name=locations/*/workforcePools/*/providers/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v1.locations.workforcePools.providers.scimTenants

Methods
create POST /v1/{parent=locations/*/workforcePools/*/providers/*}/scimTenants
Agentspace only.
delete DELETE /v1/{name=locations/*/workforcePools/*/providers/*/scimTenants/*}
Agentspace only.
get GET /v1/{name=locations/*/workforcePools/*/providers/*/scimTenants/*}
Agentspace only.
list GET /v1/{parent=locations/*/workforcePools/*/providers/*}/scimTenants
Agentspace only.
patch PATCH /v1/{workforcePoolProviderScimTenant.name=locations/*/workforcePools/*/providers/*/scimTenants/*}
Agentspace only.
undelete POST /v1/{name=locations/*/workforcePools/*/providers/*/scimTenants/*}:undelete
Agentspace only.

REST Resource: v1.locations.workforcePools.providers.scimTenants.tokens

Methods
create POST /v1/{parent=locations/*/workforcePools/*/providers/*/scimTenants/*}/tokens
Agentspace only.
delete DELETE /v1/{name=locations/*/workforcePools/*/providers/*/scimTenants/*/tokens/*}
Agentspace only.
get GET /v1/{name=locations/*/workforcePools/*/providers/*/scimTenants/*/tokens/*}
Agentspace only.
list GET /v1/{parent=locations/*/workforcePools/*/providers/*/scimTenants/*}/tokens
Agentspace only.
patch PATCH /v1/{workforcePoolProviderScimToken.name=locations/*/workforcePools/*/providers/*/scimTenants/*/tokens/*}
Agentspace only.
undelete POST /v1/{name=locations/*/workforcePools/*/providers/*/scimTenants/*/tokens/*}:undelete
Agentspace only.

REST Resource: v1.locations.workforcePools.subjects

Methods
delete DELETE /v1/{name=locations/*/workforcePools/*/subjects/*}
Deletes a WorkforcePoolSubject.
undelete POST /v1/{name=locations/*/workforcePools/*/subjects/*}:undelete
Undeletes a WorkforcePoolSubject, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.organizations.roles

Methods
create POST /v1/{parent=organizations/*}/roles
Creates a new custom Role.
delete DELETE /v1/{name=organizations/*/roles/*}
Deletes a custom Role.
get GET /v1/{name=organizations/*/roles/*}
Gets the definition of a Role.
list GET /v1/{parent=organizations/*}/roles
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
patch PATCH /v1/{name=organizations/*/roles/*}
Updates the definition of a custom Role.
undelete POST /v1/{name=organizations/*/roles/*}:undelete
Undeletes a custom Role.

REST Resource: v1.permissions

Methods
queryTestablePermissions POST /v1/permissions:queryTestablePermissions
Lists every permission that you can test on a resource.

REST Resource: v1.projects.locations.oauthClients

Methods
create POST /v1/{parent=projects/*/locations/*}/oauthClients
Creates a new OauthClient.
delete DELETE /v1/{name=projects/*/locations/*/oauthClients/*}
Deletes an OauthClient.
get GET /v1/{name=projects/*/locations/*/oauthClients/*}
Gets an individual OauthClient.
list GET /v1/{parent=projects/*/locations/*}/oauthClients
Lists all non-deleted OauthClients in a project.
patch PATCH /v1/{oauthClient.name=projects/*/locations/*/oauthClients/*}
Updates an existing OauthClient.
undelete POST /v1/{name=projects/*/locations/*/oauthClients/*}:undelete
Undeletes an OauthClient, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.projects.locations.oauthClients.credentials

Methods
create POST /v1/{parent=projects/*/locations/*/oauthClients/*}/credentials
Creates a new OauthClientCredential.
delete DELETE /v1/{name=projects/*/locations/*/oauthClients/*/credentials/*}
Deletes an OauthClientCredential.
get GET /v1/{name=projects/*/locations/*/oauthClients/*/credentials/*}
Gets an individual OauthClientCredential.
list GET /v1/{parent=projects/*/locations/*/oauthClients/*}/credentials
Lists all OauthClientCredentials in an OauthClient.
patch PATCH /v1/{oauthClientCredential.name=projects/*/locations/*/oauthClients/*/credentials/*}
Updates an existing OauthClientCredential.

REST Resource: v1.projects.locations.workloadIdentityPools

Methods
create POST /v1/{parent=projects/*/locations/*}/workloadIdentityPools
Creates a new WorkloadIdentityPool.
delete DELETE /v1/{name=projects/*/locations/*/workloadIdentityPools/*}
Deletes a WorkloadIdentityPool.
get GET /v1/{name=projects/*/locations/*/workloadIdentityPools/*}
Gets an individual WorkloadIdentityPool.
getIamPolicy POST /v1/{resource=projects/*/locations/*/workloadIdentityPools/*}:getIamPolicy
Gets the IAM policy of a WorkloadIdentityPool.
list GET /v1/{parent=projects/*/locations/*}/workloadIdentityPools
Lists all non-deleted WorkloadIdentityPools in a project.
patch PATCH /v1/{workloadIdentityPool.name=projects/*/locations/*/workloadIdentityPools/*}
Updates an existing WorkloadIdentityPool.
setIamPolicy POST /v1/{resource=projects/*/locations/*/workloadIdentityPools/*}:setIamPolicy
Sets the IAM policies on a WorkloadIdentityPool
testIamPermissions POST /v1/{resource=projects/*/locations/*/workloadIdentityPools/*}:testIamPermissions
Returns the caller's permissions on a WorkloadIdentityPool
undelete POST /v1/{name=projects/*/locations/*/workloadIdentityPools/*}:undelete
Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.projects.locations.workloadIdentityPools.namespaces

Methods
create POST /v1/{parent=projects/*/locations/*/workloadIdentityPools/*}/namespaces
Creates a new WorkloadIdentityPoolNamespace in a WorkloadIdentityPool.
delete DELETE /v1/{name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*}
Deletes a WorkloadIdentityPoolNamespace.
get GET /v1/{name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*}
Gets an individual WorkloadIdentityPoolNamespace.
list GET /v1/{parent=projects/*/locations/*/workloadIdentityPools/*}/namespaces
Lists all non-deleted WorkloadIdentityPoolNamespaces in a workload identity pool.
patch PATCH /v1/{workloadIdentityPoolNamespace.name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*}
Updates an existing WorkloadIdentityPoolNamespace in a WorkloadIdentityPool.
undelete POST /v1/{name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*}:undelete
Undeletes a WorkloadIdentityPoolNamespace, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.projects.locations.workloadIdentityPools.namespaces.managedIdentities

Methods
addAttestationRule POST /v1/{resource=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}:addAttestationRule
Add an AttestationRule on a WorkloadIdentityPoolManagedIdentity.
create POST /v1/{parent=projects/*/locations/*/workloadIdentityPools/*/namespaces/*}/managedIdentities
Creates a new WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace.
delete DELETE /v1/{name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}
Deletes a WorkloadIdentityPoolManagedIdentity.
get GET /v1/{name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}
Gets an individual WorkloadIdentityPoolManagedIdentity.
list GET /v1/{parent=projects/*/locations/*/workloadIdentityPools/*/namespaces/*}/managedIdentities
Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace.
listAttestationRules GET /v1/{resource=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}:listAttestationRules
List all AttestationRule on a WorkloadIdentityPoolManagedIdentity.
patch PATCH /v1/{workloadIdentityPoolManagedIdentity.name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}
Updates an existing WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace.
removeAttestationRule POST /v1/{resource=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}:removeAttestationRule
Remove an AttestationRule on a WorkloadIdentityPoolManagedIdentity.
setAttestationRules POST /v1/{resource=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}:setAttestationRules
Set all AttestationRule on a WorkloadIdentityPoolManagedIdentity.
undelete POST /v1/{name=projects/*/locations/*/workloadIdentityPools/*/namespaces/*/managedIdentities/*}:undelete
Undeletes a WorkloadIdentityPoolManagedIdentity, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.projects.locations.workloadIdentityPools.operations

Methods
get GET /v1/{name=projects/*/locations/*/workloadIdentityPools/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v1.projects.locations.workloadIdentityPools.providers

Methods
create POST /v1/{parent=projects/*/locations/*/workloadIdentityPools/*}/providers
Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool.
delete DELETE /v1/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*}
Deletes a WorkloadIdentityPoolProvider.
get GET /v1/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*}
Gets an individual WorkloadIdentityPoolProvider.
list GET /v1/{parent=projects/*/locations/*/workloadIdentityPools/*}/providers
Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool.
patch PATCH /v1/{workloadIdentityPoolProvider.name=projects/*/locations/*/workloadIdentityPools/*/providers/*}
Updates an existing WorkloadIdentityPoolProvider.
undelete POST /v1/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*}:undelete
Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.projects.locations.workloadIdentityPools.providers.keys

Methods
create POST /v1/{parent=projects/*/locations/*/workloadIdentityPools/*/providers/*}/keys
Create a new WorkloadIdentityPoolProviderKey in a WorkloadIdentityPoolProvider.
delete DELETE /v1/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*/keys/*}
Deletes an WorkloadIdentityPoolProviderKey.
get GET /v1/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*/keys/*}
Gets an individual WorkloadIdentityPoolProviderKey.
list GET /v1/{parent=projects/*/locations/*/workloadIdentityPools/*/providers/*}/keys
Lists all non-deleted WorkloadIdentityPoolProviderKeys in a project.
undelete POST /v1/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*/keys/*}:undelete
Undeletes an WorkloadIdentityPoolProviderKey, as long as it was deleted fewer than 30 days ago.

REST Resource: v1.projects.locations.workloadIdentityPools.providers.operations

Methods
get GET /v1/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*/operations/*}
Gets the latest state of a long-running operation.

REST Resource: v1.projects.roles

Methods
create POST /v1/{parent=projects/*}/roles
Creates a new custom Role.
delete DELETE /v1/{name=projects/*/roles/*}
Deletes a custom Role.
get GET /v1/{name=projects/*/roles/*}
Gets the definition of a Role.
list GET /v1/{parent=projects/*}/roles
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
patch PATCH /v1/{name=projects/*/roles/*}
Updates the definition of a custom Role.
undelete POST /v1/{name=projects/*/roles/*}:undelete
Undeletes a custom Role.

REST Resource: v1.projects.serviceAccounts

Methods
create POST /v1/{name=projects/*}/serviceAccounts
Creates a ServiceAccount.
delete DELETE /v1/{name=projects/*/serviceAccounts/*}
Deletes a ServiceAccount.
disable POST /v1/{name=projects/*/serviceAccounts/*}:disable
Disables a ServiceAccount immediately.
enable POST /v1/{name=projects/*/serviceAccounts/*}:enable
Enables a ServiceAccount that was disabled by DisableServiceAccount.
get GET /v1/{name=projects/*/serviceAccounts/*}
Gets a ServiceAccount.
getIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy
Gets the IAM policy that is attached to a ServiceAccount.
list GET /v1/{name=projects/*}/serviceAccounts
Lists every ServiceAccount that belongs to a specific project.
patch PATCH /v1/{serviceAccount.name=projects/*/serviceAccounts/*}
Patches a ServiceAccount.
setIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy
Sets the IAM policy that is attached to a ServiceAccount.
signBlob
(deprecated)		 POST /v1/{name=projects/*/serviceAccounts/*}:signBlob
Signs a blob using the system-managed private key for a ServiceAccount.
signJwt
(deprecated)		 POST /v1/{name=projects/*/serviceAccounts/*}:signJwt
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
testIamPermissions POST /v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions
Tests whether the caller has the specified permissions on a ServiceAccount.
undelete POST /v1/{name=projects/*/serviceAccounts/*}:undelete
Restores a deleted ServiceAccount.
update PUT /v1/{name=projects/*/serviceAccounts/*}
Note: We are in the process of deprecating this method.

REST Resource: v1.projects.serviceAccounts.keys

Methods
create POST /v1/{name=projects/*/serviceAccounts/*}/keys
Creates a ServiceAccountKey.
delete DELETE /v1/{name=projects/*/serviceAccounts/*/keys/*}
Deletes a ServiceAccountKey.
disable POST /v1/{name=projects/*/serviceAccounts/*/keys/*}:disable
Disable a ServiceAccountKey.
enable POST /v1/{name=projects/*/serviceAccounts/*/keys/*}:enable
Enable a ServiceAccountKey.
get GET /v1/{name=projects/*/serviceAccounts/*/keys/*}
Gets a ServiceAccountKey.
list GET /v1/{name=projects/*/serviceAccounts/*}/keys
Lists every ServiceAccountKey for a service account.
upload POST /v1/{name=projects/*/serviceAccounts/*}/keys:upload
Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.

REST Resource: v1.roles

Methods
get GET /v1/{name=roles/*}
Gets the definition of a Role.
list GET /v1/roles
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
queryGrantableRoles POST /v1/roles:queryGrantableRoles
Lists roles that can be granted on a Google Cloud resource.