Package com.google.cloud.iam.admin.v1 (1.1.8)

Service Description: Creates and manages Identity and Access Management (IAM) resources.

You can use this service to work with all of the following resources:

• **Service accounts**, which identify an application or a virtual machine (VM) instance rather than a person
• **Service account keys**, which service accounts use to authenticate with Google APIs
• **IAM policies for service accounts**, which specify the roles that a member has for the service account
• **IAM custom roles**, which help you limit the number of permissions that you grant to members

In addition, you can use this service to complete the following tasks, among others:

• Test whether a service account can use specific permissions
• Check which roles you can grant for a specific resource
• Lint, or validate, condition expressions in an IAM policy

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

 try (IAMClient iAMClient = IAMClient.create()) {
   ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
   ServiceAccount response = iAMClient.getServiceAccount(name);
 }
 

Note: close() needs to be called on the IAMClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of IAMSettings to create(). For example:

To customize credentials:

 IAMSettings iAMSettings =
     IAMSettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 IAMClient iAMClient = IAMClient.create(iAMSettings);
 

To customize the endpoint:

 IAMSettings iAMSettings = IAMSettings.newBuilder().setEndpoint(myEndpoint).build();
 IAMClient iAMClient = IAMClient.create(iAMSettings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

Settings class to configure an instance of IAMClient.

The default instance has everything set to sensible defaults:

• The default service address (iam.googleapis.com) and default port (443) are used.
• Credentials are acquired automatically through Application Default Credentials.
• Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getServiceAccount to 30 seconds:

 IAMSettings.Builder iAMSettingsBuilder = IAMSettings.newBuilder();
 iAMSettingsBuilder
     .getServiceAccountSettings()
     .setRetrySettings(
         iAMSettingsBuilder
             .getServiceAccountSettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 IAMSettings iAMSettings = iAMSettingsBuilder.build();
 

Builder for IAMSettings.