Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API.

Service: iam.googleapis.com

The Service name iam.googleapis.com is needed to create RPC client stubs.

google.cloud.location.Locations

Methods
GetLocation Gets information about a location.
ListLocations Lists information about the supported locations for this service.

google.iam.admin.v1.IAM

Methods
CreateRole Creates a new custom Role.
CreateServiceAccount Creates a ServiceAccount.
CreateServiceAccountKey Creates a ServiceAccountKey.
DeleteRole Deletes a custom Role.
DeleteServiceAccount Deletes a ServiceAccount.
DeleteServiceAccountKey Deletes a ServiceAccountKey.
DisableServiceAccount Disables a ServiceAccount immediately.
DisableServiceAccountKey Disable a ServiceAccountKey.
EnableServiceAccount Enables a ServiceAccount that was disabled by DisableServiceAccount.
EnableServiceAccountKey Enable a ServiceAccountKey.
GetIamPolicy Gets the IAM policy that is attached to a ServiceAccount.
GetRole Gets the definition of a Role.
GetServiceAccount Gets a ServiceAccount.
GetServiceAccountKey Gets a ServiceAccountKey.
LintPolicy Lints, or validates, an IAM policy.
ListRoles Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
ListServiceAccountKeys Lists every ServiceAccountKey for a service account.
ListServiceAccounts Lists every ServiceAccount that belongs to a specific project.
PatchServiceAccount Patches a ServiceAccount.
QueryAuditableServices Returns a list of services that allow you to opt into audit logs that are not generated by default.
QueryGrantableRoles Lists roles that can be granted on a Google Cloud resource.
QueryTestablePermissions Lists every permission that you can test on a resource.
SetIamPolicy Sets the IAM policy that is attached to a ServiceAccount.
SignBlob
(deprecated)
Note: This method is deprecated.
SignJwt
(deprecated)
Note: This method is deprecated.
TestIamPermissions Tests whether the caller has the specified permissions on a ServiceAccount.
UndeleteRole Undeletes a custom Role.
UndeleteServiceAccount Restores a deleted ServiceAccount.
UpdateRole Updates the definition of a custom Role.
UpdateServiceAccount Note: We are in the process of deprecating this method.
UploadServiceAccountKey Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.

google.iam.admin.v1.OauthClients

Methods

google.iam.admin.v1.WorkforcePools

Methods
CreateWorkforcePool Creates a new WorkforcePool.
CreateWorkforcePoolProvider Creates a new WorkforcePoolProvider in a WorkforcePool.
CreateWorkforcePoolProviderKey Creates a new WorkforcePoolProviderKey in a WorkforcePoolProvider.
DeleteWorkforcePool Deletes a WorkforcePool.
DeleteWorkforcePoolProvider Deletes a WorkforcePoolProvider.
DeleteWorkforcePoolProviderKey Deletes a WorkforcePoolProviderKey.
DeleteWorkforcePoolSubject Deletes a WorkforcePoolSubject.
GetIamPolicy Gets IAM policies on a WorkforcePool.
GetWorkforcePool Gets an individual WorkforcePool.
GetWorkforcePoolProvider Gets an individual WorkforcePoolProvider.
GetWorkforcePoolProviderKey Gets a WorkforcePoolProviderKey.
ListWorkforcePoolProviderKeys Lists all non-deleted WorkforcePoolProviderKeys in a WorkforcePoolProvider.
ListWorkforcePoolProviders Lists all non-deleted WorkforcePoolProviders in a WorkforcePool.
ListWorkforcePools Lists all non-deleted WorkforcePools under the specified parent.
SetIamPolicy Sets IAM policies on a WorkforcePool.
TestIamPermissions Returns the caller's permissions on the WorkforcePool.
UndeleteWorkforcePool Undeletes a WorkforcePool, as long as it was deleted fewer than 30 days ago.
UndeleteWorkforcePoolProvider Undeletes a WorkforcePoolProvider, as long as it was deleted fewer than 30 days ago.
UndeleteWorkforcePoolProviderKey Undeletes a WorkforcePoolProviderKey, as long as it was deleted fewer than 30 days ago.
UndeleteWorkforcePoolSubject Undeletes a WorkforcePoolSubject, as long as it was deleted fewer than 30 days ago.
UpdateWorkforcePool Updates an existing WorkforcePool.
UpdateWorkforcePoolProvider Updates an existing WorkforcePoolProvider.

google.iam.v1.WorkloadIdentityPools

Methods
CreateWorkloadIdentityPool Creates a new WorkloadIdentityPool.
CreateWorkloadIdentityPoolProvider Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool.
CreateWorkloadIdentityPoolProviderKey Create a new WorkloadIdentityPoolProviderKey in a WorkloadIdentityPoolProvider.
DeleteWorkloadIdentityPool Deletes a WorkloadIdentityPool.
DeleteWorkloadIdentityPoolProvider Deletes a WorkloadIdentityPoolProvider.
DeleteWorkloadIdentityPoolProviderKey Deletes an WorkloadIdentityPoolProviderKey.
GetWorkloadIdentityPool Gets an individual WorkloadIdentityPool.
GetWorkloadIdentityPoolProvider Gets an individual WorkloadIdentityPoolProvider.
GetWorkloadIdentityPoolProviderKey Gets an individual WorkloadIdentityPoolProviderKey.
ListWorkloadIdentityPoolProviderKeys Lists all non-deleted WorkloadIdentityPoolProviderKeys in a project.
ListWorkloadIdentityPoolProviders Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool.
ListWorkloadIdentityPools Lists all non-deleted WorkloadIdentityPools in a project.
UndeleteWorkloadIdentityPool Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolProvider Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolProviderKey Undeletes an WorkloadIdentityPoolProviderKey, as long as it was deleted fewer than 30 days ago.
UpdateWorkloadIdentityPool Updates an existing WorkloadIdentityPool.
UpdateWorkloadIdentityPoolProvider Updates an existing WorkloadIdentityPoolProvider.

google.iam.v1beta.WorkloadIdentityPools

Methods
CreateWorkloadIdentityPool Creates a new WorkloadIdentityPool.
CreateWorkloadIdentityPoolProvider Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool.
DeleteWorkloadIdentityPool Deletes a WorkloadIdentityPool.
DeleteWorkloadIdentityPoolProvider Deletes a WorkloadIdentityPoolProvider.
GetWorkloadIdentityPool Gets an individual WorkloadIdentityPool.
GetWorkloadIdentityPoolProvider Gets an individual WorkloadIdentityPoolProvider.
ListWorkloadIdentityPoolProviders Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool.
ListWorkloadIdentityPools Lists all non-deleted WorkloadIdentityPools in a project.
UndeleteWorkloadIdentityPool Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolProvider Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.
UpdateWorkloadIdentityPool Updates an existing WorkloadIdentityPool.
UpdateWorkloadIdentityPoolProvider Updates an existing WorkloadIdentityPoolProvider.

google.iam.v2.Policies

Methods
CreatePolicy Creates a policy.
DeletePolicy Deletes a policy.
GetPolicy Gets a policy.
ListPolicies Retrieves the policies of the specified kind that are attached to a resource.
UpdatePolicy Updates the specified policy.

google.iam.v2beta.Policies

Methods
CreatePolicy Creates a policy.
DeletePolicy Deletes a policy.
GetPolicy Gets a policy.
ListPolicies Retrieves the policies of the specified kind that are attached to a resource.
UpdatePolicy Updates the specified policy.

google.longrunning.Operations

Methods
GetOperation Gets the latest state of a long-running operation.