- 3.50.0 (latest)
- 3.49.0
- 3.48.0
- 3.47.0
- 3.44.0
- 3.43.0
- 3.42.0
- 3.41.0
- 3.40.0
- 3.39.0
- 3.38.0
- 3.37.0
- 3.36.0
- 3.35.0
- 3.34.0
- 3.32.0
- 3.31.0
- 3.30.0
- 3.29.0
- 3.28.0
- 3.27.0
- 3.26.0
- 3.25.0
- 3.24.0
- 3.23.0
- 3.22.0
- 3.19.0
- 3.18.0
- 3.17.0
- 3.16.0
- 3.15.0
- 3.14.0
- 3.13.0
- 3.12.0
- 3.11.0
- 3.10.0
- 3.9.0
- 3.8.0
- 3.7.0
- 3.6.0
- 3.4.0
- 3.3.0
- 3.2.0
- 3.1.0
- 3.0.0
- 2.0.0
- 1.2.5
- 1.1.8
- 0.2.0
Classes
AuditData
Audit log information specific to Cloud IAM admin APIs. This message is
serialized as an Any
type in the ServiceData
message of an
AuditLog
message.
Protobuf type google.iam.admin.v1.AuditData
AuditData.Builder
Audit log information specific to Cloud IAM admin APIs. This message is
serialized as an Any
type in the ServiceData
message of an
AuditLog
message.
Protobuf type google.iam.admin.v1.AuditData
AuditData.PermissionDelta
A PermissionDelta message to record the added_permissions and removed_permissions inside a role.
Protobuf type google.iam.admin.v1.AuditData.PermissionDelta
AuditData.PermissionDelta.Builder
A PermissionDelta message to record the added_permissions and removed_permissions inside a role.
Protobuf type google.iam.admin.v1.AuditData.PermissionDelta
AuditDataProto
CreateRoleRequest
The request to create a new role.
Protobuf type google.iam.admin.v1.CreateRoleRequest
CreateRoleRequest.Builder
The request to create a new role.
Protobuf type google.iam.admin.v1.CreateRoleRequest
CreateServiceAccountKeyRequest
The service account key create request.
Protobuf type google.iam.admin.v1.CreateServiceAccountKeyRequest
CreateServiceAccountKeyRequest.Builder
The service account key create request.
Protobuf type google.iam.admin.v1.CreateServiceAccountKeyRequest
CreateServiceAccountRequest
The service account create request.
Protobuf type google.iam.admin.v1.CreateServiceAccountRequest
CreateServiceAccountRequest.Builder
The service account create request.
Protobuf type google.iam.admin.v1.CreateServiceAccountRequest
DeleteRoleRequest
The request to delete an existing role.
Protobuf type google.iam.admin.v1.DeleteRoleRequest
DeleteRoleRequest.Builder
The request to delete an existing role.
Protobuf type google.iam.admin.v1.DeleteRoleRequest
DeleteServiceAccountKeyRequest
The service account key delete request.
Protobuf type google.iam.admin.v1.DeleteServiceAccountKeyRequest
DeleteServiceAccountKeyRequest.Builder
The service account key delete request.
Protobuf type google.iam.admin.v1.DeleteServiceAccountKeyRequest
DeleteServiceAccountRequest
The service account delete request.
Protobuf type google.iam.admin.v1.DeleteServiceAccountRequest
DeleteServiceAccountRequest.Builder
The service account delete request.
Protobuf type google.iam.admin.v1.DeleteServiceAccountRequest
DisableServiceAccountKeyRequest
The service account key disable request.
Protobuf type google.iam.admin.v1.DisableServiceAccountKeyRequest
DisableServiceAccountKeyRequest.Builder
The service account key disable request.
Protobuf type google.iam.admin.v1.DisableServiceAccountKeyRequest
DisableServiceAccountRequest
The service account disable request.
Protobuf type google.iam.admin.v1.DisableServiceAccountRequest
DisableServiceAccountRequest.Builder
The service account disable request.
Protobuf type google.iam.admin.v1.DisableServiceAccountRequest
EnableServiceAccountKeyRequest
The service account key enable request.
Protobuf type google.iam.admin.v1.EnableServiceAccountKeyRequest
EnableServiceAccountKeyRequest.Builder
The service account key enable request.
Protobuf type google.iam.admin.v1.EnableServiceAccountKeyRequest
EnableServiceAccountRequest
The service account enable request.
Protobuf type google.iam.admin.v1.EnableServiceAccountRequest
EnableServiceAccountRequest.Builder
The service account enable request.
Protobuf type google.iam.admin.v1.EnableServiceAccountRequest
GetRoleRequest
The request to get the definition of an existing role.
Protobuf type google.iam.admin.v1.GetRoleRequest
GetRoleRequest.Builder
The request to get the definition of an existing role.
Protobuf type google.iam.admin.v1.GetRoleRequest
GetServiceAccountKeyRequest
The service account key get by id request.
Protobuf type google.iam.admin.v1.GetServiceAccountKeyRequest
GetServiceAccountKeyRequest.Builder
The service account key get by id request.
Protobuf type google.iam.admin.v1.GetServiceAccountKeyRequest
GetServiceAccountRequest
The service account get request.
Protobuf type google.iam.admin.v1.GetServiceAccountRequest
GetServiceAccountRequest.Builder
The service account get request.
Protobuf type google.iam.admin.v1.GetServiceAccountRequest
IAMGrpc
Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:
- Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
- Service account keys, which service accounts use to authenticate with Google APIs
- IAM policies for service accounts, which specify the roles that a principal has for the service account
- IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
- Test whether a service account can use specific permissions
- Check which roles you can grant for a specific resource
- Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.
IAMGrpc.IAMBlockingStub
Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:
- Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
- Service account keys, which service accounts use to authenticate with Google APIs
- IAM policies for service accounts, which specify the roles that a principal has for the service account
- IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
- Test whether a service account can use specific permissions
- Check which roles you can grant for a specific resource
- Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.
IAMGrpc.IAMFutureStub
Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:
- Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
- Service account keys, which service accounts use to authenticate with Google APIs
- IAM policies for service accounts, which specify the roles that a principal has for the service account
- IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
- Test whether a service account can use specific permissions
- Check which roles you can grant for a specific resource
- Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.
IAMGrpc.IAMImplBase
Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:
- Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
- Service account keys, which service accounts use to authenticate with Google APIs
- IAM policies for service accounts, which specify the roles that a principal has for the service account
- IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
- Test whether a service account can use specific permissions
- Check which roles you can grant for a specific resource
- Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.
IAMGrpc.IAMStub
Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:
- Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
- Service account keys, which service accounts use to authenticate with Google APIs
- IAM policies for service accounts, which specify the roles that a principal has for the service account
- IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
- Test whether a service account can use specific permissions
- Check which roles you can grant for a specific resource
- Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.
Iam
KeyName
KeyName.Builder
Builder for projects/{project}/serviceAccounts/{service_account}/keys/{key}.
LintPolicyRequest
The request to lint a Cloud IAM policy object.
Protobuf type google.iam.admin.v1.LintPolicyRequest
LintPolicyRequest.Builder
The request to lint a Cloud IAM policy object.
Protobuf type google.iam.admin.v1.LintPolicyRequest
LintPolicyResponse
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
Protobuf type google.iam.admin.v1.LintPolicyResponse
LintPolicyResponse.Builder
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
Protobuf type google.iam.admin.v1.LintPolicyResponse
LintResult
Structured response of a single validation unit.
Protobuf type google.iam.admin.v1.LintResult
LintResult.Builder
Structured response of a single validation unit.
Protobuf type google.iam.admin.v1.LintResult
ListRolesRequest
The request to get all roles defined under a resource.
Protobuf type google.iam.admin.v1.ListRolesRequest
ListRolesRequest.Builder
The request to get all roles defined under a resource.
Protobuf type google.iam.admin.v1.ListRolesRequest
ListRolesResponse
The response containing the roles defined under a resource.
Protobuf type google.iam.admin.v1.ListRolesResponse
ListRolesResponse.Builder
The response containing the roles defined under a resource.
Protobuf type google.iam.admin.v1.ListRolesResponse
ListServiceAccountKeysRequest
The service account keys list request.
Protobuf type google.iam.admin.v1.ListServiceAccountKeysRequest
ListServiceAccountKeysRequest.Builder
The service account keys list request.
Protobuf type google.iam.admin.v1.ListServiceAccountKeysRequest
ListServiceAccountKeysResponse
The service account keys list response.
Protobuf type google.iam.admin.v1.ListServiceAccountKeysResponse
ListServiceAccountKeysResponse.Builder
The service account keys list response.
Protobuf type google.iam.admin.v1.ListServiceAccountKeysResponse
ListServiceAccountsRequest
The service account list request.
Protobuf type google.iam.admin.v1.ListServiceAccountsRequest
ListServiceAccountsRequest.Builder
The service account list request.
Protobuf type google.iam.admin.v1.ListServiceAccountsRequest
ListServiceAccountsResponse
The service account list response.
Protobuf type google.iam.admin.v1.ListServiceAccountsResponse
ListServiceAccountsResponse.Builder
The service account list response.
Protobuf type google.iam.admin.v1.ListServiceAccountsResponse
PatchServiceAccountRequest
The service account patch request.
You can patch only the display_name
and description
fields. You must use
the update_mask
field to specify which of these fields you want to patch.
Only the fields specified in the request are guaranteed to be returned in
the response. Other fields may be empty in the response.
Protobuf type google.iam.admin.v1.PatchServiceAccountRequest
PatchServiceAccountRequest.Builder
The service account patch request.
You can patch only the display_name
and description
fields. You must use
the update_mask
field to specify which of these fields you want to patch.
Only the fields specified in the request are guaranteed to be returned in
the response. Other fields may be empty in the response.
Protobuf type google.iam.admin.v1.PatchServiceAccountRequest
Permission
A permission which can be included by a role.
Protobuf type google.iam.admin.v1.Permission
Permission.Builder
A permission which can be included by a role.
Protobuf type google.iam.admin.v1.Permission
ProjectName
ProjectName.Builder
Builder for projects/{project}.
QueryAuditableServicesRequest
A request to get the list of auditable services for a resource.
Protobuf type google.iam.admin.v1.QueryAuditableServicesRequest
QueryAuditableServicesRequest.Builder
A request to get the list of auditable services for a resource.
Protobuf type google.iam.admin.v1.QueryAuditableServicesRequest
QueryAuditableServicesResponse
A response containing a list of auditable services for a resource.
Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse
QueryAuditableServicesResponse.AuditableService
Contains information about an auditable service.
Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse.AuditableService
QueryAuditableServicesResponse.AuditableService.Builder
Contains information about an auditable service.
Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse.AuditableService
QueryAuditableServicesResponse.Builder
A response containing a list of auditable services for a resource.
Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse
QueryGrantableRolesRequest
The grantable role query request.
Protobuf type google.iam.admin.v1.QueryGrantableRolesRequest
QueryGrantableRolesRequest.Builder
The grantable role query request.
Protobuf type google.iam.admin.v1.QueryGrantableRolesRequest
QueryGrantableRolesResponse
The grantable role query response.
Protobuf type google.iam.admin.v1.QueryGrantableRolesResponse
QueryGrantableRolesResponse.Builder
The grantable role query response.
Protobuf type google.iam.admin.v1.QueryGrantableRolesResponse
QueryTestablePermissionsRequest
A request to get permissions which can be tested on a resource.
Protobuf type google.iam.admin.v1.QueryTestablePermissionsRequest
QueryTestablePermissionsRequest.Builder
A request to get permissions which can be tested on a resource.
Protobuf type google.iam.admin.v1.QueryTestablePermissionsRequest
QueryTestablePermissionsResponse
The response containing permissions which can be tested on a resource.
Protobuf type google.iam.admin.v1.QueryTestablePermissionsResponse
QueryTestablePermissionsResponse.Builder
The response containing permissions which can be tested on a resource.
Protobuf type google.iam.admin.v1.QueryTestablePermissionsResponse
Role
A role in the Identity and Access Management API.
Protobuf type google.iam.admin.v1.Role
Role.Builder
A role in the Identity and Access Management API.
Protobuf type google.iam.admin.v1.Role
ServiceAccount
An IAM service account. A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts. When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.
Protobuf type google.iam.admin.v1.ServiceAccount
ServiceAccount.Builder
An IAM service account. A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts. When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.
Protobuf type google.iam.admin.v1.ServiceAccount
ServiceAccountKey
Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing. Public keys for all service accounts are also published at the OAuth2 Service Account API.
Protobuf type google.iam.admin.v1.ServiceAccountKey
ServiceAccountKey.Builder
Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing. Public keys for all service accounts are also published at the OAuth2 Service Account API.
Protobuf type google.iam.admin.v1.ServiceAccountKey
ServiceAccountName
ServiceAccountName.Builder
Builder for projects/{project}/serviceAccounts/{service_account}.
SignBlobRequest
Deprecated. Migrate to Service Account Credentials API. The service account sign blob request.
Protobuf type google.iam.admin.v1.SignBlobRequest
SignBlobRequest.Builder
Deprecated. Migrate to Service Account Credentials API. The service account sign blob request.
Protobuf type google.iam.admin.v1.SignBlobRequest
SignBlobResponse
Deprecated. Migrate to Service Account Credentials API. The service account sign blob response.
Protobuf type google.iam.admin.v1.SignBlobResponse
SignBlobResponse.Builder
Deprecated. Migrate to Service Account Credentials API. The service account sign blob response.
Protobuf type google.iam.admin.v1.SignBlobResponse
SignJwtRequest
Deprecated. Migrate to Service Account Credentials API. The service account sign JWT request.
Protobuf type google.iam.admin.v1.SignJwtRequest
SignJwtRequest.Builder
Deprecated. Migrate to Service Account Credentials API. The service account sign JWT request.
Protobuf type google.iam.admin.v1.SignJwtRequest
SignJwtResponse
Deprecated. Migrate to Service Account Credentials API. The service account sign JWT response.
Protobuf type google.iam.admin.v1.SignJwtResponse
SignJwtResponse.Builder
Deprecated. Migrate to Service Account Credentials API. The service account sign JWT response.
Protobuf type google.iam.admin.v1.SignJwtResponse
UndeleteRoleRequest
The request to undelete an existing role.
Protobuf type google.iam.admin.v1.UndeleteRoleRequest
UndeleteRoleRequest.Builder
The request to undelete an existing role.
Protobuf type google.iam.admin.v1.UndeleteRoleRequest
UndeleteServiceAccountRequest
The service account undelete request.
Protobuf type google.iam.admin.v1.UndeleteServiceAccountRequest
UndeleteServiceAccountRequest.Builder
The service account undelete request.
Protobuf type google.iam.admin.v1.UndeleteServiceAccountRequest
UndeleteServiceAccountResponse
Protobuf type google.iam.admin.v1.UndeleteServiceAccountResponse
UndeleteServiceAccountResponse.Builder
Protobuf type google.iam.admin.v1.UndeleteServiceAccountResponse
UpdateRoleRequest
The request to update a role.
Protobuf type google.iam.admin.v1.UpdateRoleRequest
UpdateRoleRequest.Builder
The request to update a role.
Protobuf type google.iam.admin.v1.UpdateRoleRequest
UploadServiceAccountKeyRequest
The service account key upload request.
Protobuf type google.iam.admin.v1.UploadServiceAccountKeyRequest
UploadServiceAccountKeyRequest.Builder
The service account key upload request.
Protobuf type google.iam.admin.v1.UploadServiceAccountKeyRequest
Interfaces
AuditData.PermissionDeltaOrBuilder
AuditDataOrBuilder
CreateRoleRequestOrBuilder
CreateServiceAccountKeyRequestOrBuilder
CreateServiceAccountRequestOrBuilder
DeleteRoleRequestOrBuilder
DeleteServiceAccountKeyRequestOrBuilder
DeleteServiceAccountRequestOrBuilder
DisableServiceAccountKeyRequestOrBuilder
DisableServiceAccountRequestOrBuilder
EnableServiceAccountKeyRequestOrBuilder
EnableServiceAccountRequestOrBuilder
GetRoleRequestOrBuilder
GetServiceAccountKeyRequestOrBuilder
GetServiceAccountRequestOrBuilder
LintPolicyRequestOrBuilder
LintPolicyResponseOrBuilder
LintResultOrBuilder
ListRolesRequestOrBuilder
ListRolesResponseOrBuilder
ListServiceAccountKeysRequestOrBuilder
ListServiceAccountKeysResponseOrBuilder
ListServiceAccountsRequestOrBuilder
ListServiceAccountsResponseOrBuilder
PatchServiceAccountRequestOrBuilder
PermissionOrBuilder
QueryAuditableServicesRequestOrBuilder
QueryAuditableServicesResponse.AuditableServiceOrBuilder
QueryAuditableServicesResponseOrBuilder
QueryGrantableRolesRequestOrBuilder
QueryGrantableRolesResponseOrBuilder
QueryTestablePermissionsRequestOrBuilder
QueryTestablePermissionsResponseOrBuilder
RoleOrBuilder
ServiceAccountKeyOrBuilder
ServiceAccountOrBuilder
SignBlobRequestOrBuilder
SignBlobResponseOrBuilder
SignJwtRequestOrBuilder
SignJwtResponseOrBuilder
UndeleteRoleRequestOrBuilder
UndeleteServiceAccountRequestOrBuilder
UndeleteServiceAccountResponseOrBuilder
UpdateRoleRequestOrBuilder
UploadServiceAccountKeyRequestOrBuilder
Enums
LintPolicyRequest.LintObjectCase
LintResult.Level
Possible Level values of a validation unit corresponding to its domain of discourse.
Protobuf enum google.iam.admin.v1.LintResult.Level
LintResult.Severity
Possible Severity values of an issued result.
Protobuf enum google.iam.admin.v1.LintResult.Severity
ListServiceAccountKeysRequest.KeyType
KeyType
filters to selectively retrieve certain varieties
of keys.
Protobuf enum google.iam.admin.v1.ListServiceAccountKeysRequest.KeyType
Permission.CustomRolesSupportLevel
The state of the permission with regards to custom roles.
Protobuf enum google.iam.admin.v1.Permission.CustomRolesSupportLevel
Permission.PermissionLaunchStage
A stage representing a permission's lifecycle phase.
Protobuf enum google.iam.admin.v1.Permission.PermissionLaunchStage
Role.RoleLaunchStage
A stage representing a role's lifecycle phase.
Protobuf enum google.iam.admin.v1.Role.RoleLaunchStage
RoleView
A view for Role objects.
Protobuf enum google.iam.admin.v1.RoleView
ServiceAccountKeyAlgorithm
Supported key algorithms.
Protobuf enum google.iam.admin.v1.ServiceAccountKeyAlgorithm
ServiceAccountKeyOrigin
Service Account Key Origin.
Protobuf enum google.iam.admin.v1.ServiceAccountKeyOrigin
ServiceAccountPrivateKeyType
Supported private key output formats.
Protobuf enum google.iam.admin.v1.ServiceAccountPrivateKeyType
ServiceAccountPublicKeyType
Supported public key output formats.
Protobuf enum google.iam.admin.v1.ServiceAccountPublicKeyType