Package com.google.iam.admin.v1 (3.24.0)

Classes

AuditData

Audit log information specific to Cloud IAM admin APIs. This message is serialized as an Any type in the ServiceData message of an AuditLog message.

Protobuf type google.iam.admin.v1.AuditData

AuditData.Builder

Audit log information specific to Cloud IAM admin APIs. This message is serialized as an Any type in the ServiceData message of an AuditLog message.

Protobuf type google.iam.admin.v1.AuditData

AuditData.PermissionDelta

A PermissionDelta message to record the added_permissions and removed_permissions inside a role.

Protobuf type google.iam.admin.v1.AuditData.PermissionDelta

AuditData.PermissionDelta.Builder

A PermissionDelta message to record the added_permissions and removed_permissions inside a role.

Protobuf type google.iam.admin.v1.AuditData.PermissionDelta

AuditDataProto

CreateRoleRequest

The request to create a new role.

Protobuf type google.iam.admin.v1.CreateRoleRequest

CreateRoleRequest.Builder

The request to create a new role.

Protobuf type google.iam.admin.v1.CreateRoleRequest

CreateServiceAccountKeyRequest

The service account key create request.

Protobuf type google.iam.admin.v1.CreateServiceAccountKeyRequest

CreateServiceAccountKeyRequest.Builder

The service account key create request.

Protobuf type google.iam.admin.v1.CreateServiceAccountKeyRequest

CreateServiceAccountRequest

The service account create request.

Protobuf type google.iam.admin.v1.CreateServiceAccountRequest

CreateServiceAccountRequest.Builder

The service account create request.

Protobuf type google.iam.admin.v1.CreateServiceAccountRequest

DeleteRoleRequest

The request to delete an existing role.

Protobuf type google.iam.admin.v1.DeleteRoleRequest

DeleteRoleRequest.Builder

The request to delete an existing role.

Protobuf type google.iam.admin.v1.DeleteRoleRequest

DeleteServiceAccountKeyRequest

The service account key delete request.

Protobuf type google.iam.admin.v1.DeleteServiceAccountKeyRequest

DeleteServiceAccountKeyRequest.Builder

The service account key delete request.

Protobuf type google.iam.admin.v1.DeleteServiceAccountKeyRequest

DeleteServiceAccountRequest

The service account delete request.

Protobuf type google.iam.admin.v1.DeleteServiceAccountRequest

DeleteServiceAccountRequest.Builder

The service account delete request.

Protobuf type google.iam.admin.v1.DeleteServiceAccountRequest

DisableServiceAccountKeyRequest

The service account key disable request.

Protobuf type google.iam.admin.v1.DisableServiceAccountKeyRequest

DisableServiceAccountKeyRequest.Builder

The service account key disable request.

Protobuf type google.iam.admin.v1.DisableServiceAccountKeyRequest

DisableServiceAccountRequest

The service account disable request.

Protobuf type google.iam.admin.v1.DisableServiceAccountRequest

DisableServiceAccountRequest.Builder

The service account disable request.

Protobuf type google.iam.admin.v1.DisableServiceAccountRequest

EnableServiceAccountKeyRequest

The service account key enable request.

Protobuf type google.iam.admin.v1.EnableServiceAccountKeyRequest

EnableServiceAccountKeyRequest.Builder

The service account key enable request.

Protobuf type google.iam.admin.v1.EnableServiceAccountKeyRequest

EnableServiceAccountRequest

The service account enable request.

Protobuf type google.iam.admin.v1.EnableServiceAccountRequest

EnableServiceAccountRequest.Builder

The service account enable request.

Protobuf type google.iam.admin.v1.EnableServiceAccountRequest

GetRoleRequest

The request to get the definition of an existing role.

Protobuf type google.iam.admin.v1.GetRoleRequest

GetRoleRequest.Builder

The request to get the definition of an existing role.

Protobuf type google.iam.admin.v1.GetRoleRequest

GetServiceAccountKeyRequest

The service account key get by id request.

Protobuf type google.iam.admin.v1.GetServiceAccountKeyRequest

GetServiceAccountKeyRequest.Builder

The service account key get by id request.

Protobuf type google.iam.admin.v1.GetServiceAccountKeyRequest

GetServiceAccountRequest

The service account get request.

Protobuf type google.iam.admin.v1.GetServiceAccountRequest

GetServiceAccountRequest.Builder

The service account get request.

Protobuf type google.iam.admin.v1.GetServiceAccountRequest

IAMGrpc

Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

IAMGrpc.IAMBlockingStub

A stub to allow clients to do synchronous rpc calls to service IAM.

Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

IAMGrpc.IAMFutureStub

A stub to allow clients to do ListenableFuture-style rpc calls to service IAM.

Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

IAMGrpc.IAMImplBase

Base class for the server implementation of the service IAM.

Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

IAMGrpc.IAMStub

A stub to allow clients to do asynchronous rpc calls to service IAM.

Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

Iam

KeyName

KeyName.Builder

Builder for projects/{project}/serviceAccounts/{service_account}/keys/{key}.

LintPolicyRequest

The request to lint a Cloud IAM policy object.

Protobuf type google.iam.admin.v1.LintPolicyRequest

LintPolicyRequest.Builder

The request to lint a Cloud IAM policy object.

Protobuf type google.iam.admin.v1.LintPolicyRequest

LintPolicyResponse

The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.

Protobuf type google.iam.admin.v1.LintPolicyResponse

LintPolicyResponse.Builder

The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.

Protobuf type google.iam.admin.v1.LintPolicyResponse

LintResult

Structured response of a single validation unit.

Protobuf type google.iam.admin.v1.LintResult

LintResult.Builder

Structured response of a single validation unit.

Protobuf type google.iam.admin.v1.LintResult

ListRolesRequest

The request to get all roles defined under a resource.

Protobuf type google.iam.admin.v1.ListRolesRequest

ListRolesRequest.Builder

The request to get all roles defined under a resource.

Protobuf type google.iam.admin.v1.ListRolesRequest

ListRolesResponse

The response containing the roles defined under a resource.

Protobuf type google.iam.admin.v1.ListRolesResponse

ListRolesResponse.Builder

The response containing the roles defined under a resource.

Protobuf type google.iam.admin.v1.ListRolesResponse

ListServiceAccountKeysRequest

The service account keys list request.

Protobuf type google.iam.admin.v1.ListServiceAccountKeysRequest

ListServiceAccountKeysRequest.Builder

The service account keys list request.

Protobuf type google.iam.admin.v1.ListServiceAccountKeysRequest

ListServiceAccountKeysResponse

The service account keys list response.

Protobuf type google.iam.admin.v1.ListServiceAccountKeysResponse

ListServiceAccountKeysResponse.Builder

The service account keys list response.

Protobuf type google.iam.admin.v1.ListServiceAccountKeysResponse

ListServiceAccountsRequest

The service account list request.

Protobuf type google.iam.admin.v1.ListServiceAccountsRequest

ListServiceAccountsRequest.Builder

The service account list request.

Protobuf type google.iam.admin.v1.ListServiceAccountsRequest

ListServiceAccountsResponse

The service account list response.

Protobuf type google.iam.admin.v1.ListServiceAccountsResponse

ListServiceAccountsResponse.Builder

The service account list response.

Protobuf type google.iam.admin.v1.ListServiceAccountsResponse

PatchServiceAccountRequest

The service account patch request.

You can patch only the display_name and description fields. You must use the update_mask field to specify which of these fields you want to patch.

Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.

Protobuf type google.iam.admin.v1.PatchServiceAccountRequest

PatchServiceAccountRequest.Builder

The service account patch request.

You can patch only the display_name and description fields. You must use the update_mask field to specify which of these fields you want to patch.

Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.

Protobuf type google.iam.admin.v1.PatchServiceAccountRequest

Permission

A permission which can be included by a role.

Protobuf type google.iam.admin.v1.Permission

Permission.Builder

A permission which can be included by a role.

Protobuf type google.iam.admin.v1.Permission

ProjectName

ProjectName.Builder

Builder for projects/{project}.

QueryAuditableServicesRequest

A request to get the list of auditable services for a resource.

Protobuf type google.iam.admin.v1.QueryAuditableServicesRequest

QueryAuditableServicesRequest.Builder

A request to get the list of auditable services for a resource.

Protobuf type google.iam.admin.v1.QueryAuditableServicesRequest

QueryAuditableServicesResponse

A response containing a list of auditable services for a resource.

Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse

QueryAuditableServicesResponse.AuditableService

Contains information about an auditable service.

Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse.AuditableService

QueryAuditableServicesResponse.AuditableService.Builder

Contains information about an auditable service.

Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse.AuditableService

QueryAuditableServicesResponse.Builder

A response containing a list of auditable services for a resource.

Protobuf type google.iam.admin.v1.QueryAuditableServicesResponse

QueryGrantableRolesRequest

The grantable role query request.

Protobuf type google.iam.admin.v1.QueryGrantableRolesRequest

QueryGrantableRolesRequest.Builder

The grantable role query request.

Protobuf type google.iam.admin.v1.QueryGrantableRolesRequest

QueryGrantableRolesResponse

The grantable role query response.

Protobuf type google.iam.admin.v1.QueryGrantableRolesResponse

QueryGrantableRolesResponse.Builder

The grantable role query response.

Protobuf type google.iam.admin.v1.QueryGrantableRolesResponse

QueryTestablePermissionsRequest

A request to get permissions which can be tested on a resource.

Protobuf type google.iam.admin.v1.QueryTestablePermissionsRequest

QueryTestablePermissionsRequest.Builder

A request to get permissions which can be tested on a resource.

Protobuf type google.iam.admin.v1.QueryTestablePermissionsRequest

QueryTestablePermissionsResponse

The response containing permissions which can be tested on a resource.

Protobuf type google.iam.admin.v1.QueryTestablePermissionsResponse

QueryTestablePermissionsResponse.Builder

The response containing permissions which can be tested on a resource.

Protobuf type google.iam.admin.v1.QueryTestablePermissionsResponse

Role

A role in the Identity and Access Management API.

Protobuf type google.iam.admin.v1.Role

Role.Builder

A role in the Identity and Access Management API.

Protobuf type google.iam.admin.v1.Role

ServiceAccount

An IAM service account.

A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts.

When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.

Protobuf type google.iam.admin.v1.ServiceAccount

ServiceAccount.Builder

An IAM service account.

A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts.

When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.

Protobuf type google.iam.admin.v1.ServiceAccount

ServiceAccountKey

Represents a service account key.

A service account has two sets of key-pairs: user-managed, and system-managed.

User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.

System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.

If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.

Public keys for all service accounts are also published at the OAuth2 Service Account API.

Protobuf type google.iam.admin.v1.ServiceAccountKey

ServiceAccountKey.Builder

Represents a service account key.

A service account has two sets of key-pairs: user-managed, and system-managed.

User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.

System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.

If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.

Public keys for all service accounts are also published at the OAuth2 Service Account API.

Protobuf type google.iam.admin.v1.ServiceAccountKey

ServiceAccountName

ServiceAccountName.Builder

Builder for projects/{project}/serviceAccounts/{service_account}.

SignBlobRequest

Deprecated. Migrate to Service Account Credentials API.

The service account sign blob request.

Protobuf type google.iam.admin.v1.SignBlobRequest

SignBlobRequest.Builder

Deprecated. Migrate to Service Account Credentials API.

The service account sign blob request.

Protobuf type google.iam.admin.v1.SignBlobRequest

SignBlobResponse

Deprecated. Migrate to Service Account Credentials API.

The service account sign blob response.

Protobuf type google.iam.admin.v1.SignBlobResponse

SignBlobResponse.Builder

Deprecated. Migrate to Service Account Credentials API.

The service account sign blob response.

Protobuf type google.iam.admin.v1.SignBlobResponse

SignJwtRequest

Deprecated. Migrate to Service Account Credentials API.

The service account sign JWT request.

Protobuf type google.iam.admin.v1.SignJwtRequest

SignJwtRequest.Builder

Deprecated. Migrate to Service Account Credentials API.

The service account sign JWT request.

Protobuf type google.iam.admin.v1.SignJwtRequest

SignJwtResponse

Deprecated. Migrate to Service Account Credentials API.

The service account sign JWT response.

Protobuf type google.iam.admin.v1.SignJwtResponse

SignJwtResponse.Builder

Deprecated. Migrate to Service Account Credentials API.

The service account sign JWT response.

Protobuf type google.iam.admin.v1.SignJwtResponse

UndeleteRoleRequest

The request to undelete an existing role.

Protobuf type google.iam.admin.v1.UndeleteRoleRequest

UndeleteRoleRequest.Builder

The request to undelete an existing role.

Protobuf type google.iam.admin.v1.UndeleteRoleRequest

UndeleteServiceAccountRequest

The service account undelete request.

Protobuf type google.iam.admin.v1.UndeleteServiceAccountRequest

UndeleteServiceAccountRequest.Builder

The service account undelete request.

Protobuf type google.iam.admin.v1.UndeleteServiceAccountRequest

UndeleteServiceAccountResponse

Protobuf type google.iam.admin.v1.UndeleteServiceAccountResponse

UndeleteServiceAccountResponse.Builder

Protobuf type google.iam.admin.v1.UndeleteServiceAccountResponse

UpdateRoleRequest

The request to update a role.

Protobuf type google.iam.admin.v1.UpdateRoleRequest

UpdateRoleRequest.Builder

The request to update a role.

Protobuf type google.iam.admin.v1.UpdateRoleRequest

UploadServiceAccountKeyRequest

The service account key upload request.

Protobuf type google.iam.admin.v1.UploadServiceAccountKeyRequest

UploadServiceAccountKeyRequest.Builder

The service account key upload request.

Protobuf type google.iam.admin.v1.UploadServiceAccountKeyRequest

Interfaces

AuditData.PermissionDeltaOrBuilder

AuditDataOrBuilder

CreateRoleRequestOrBuilder

CreateServiceAccountKeyRequestOrBuilder

CreateServiceAccountRequestOrBuilder

DeleteRoleRequestOrBuilder

DeleteServiceAccountKeyRequestOrBuilder

DeleteServiceAccountRequestOrBuilder

DisableServiceAccountKeyRequestOrBuilder

DisableServiceAccountRequestOrBuilder

EnableServiceAccountKeyRequestOrBuilder

EnableServiceAccountRequestOrBuilder

GetRoleRequestOrBuilder

GetServiceAccountKeyRequestOrBuilder

GetServiceAccountRequestOrBuilder

IAMGrpc.AsyncService

Creates and manages Identity and Access Management (IAM) resources. You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals In addition, you can use this service to complete the following tasks, among others:
  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff. In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

LintPolicyRequestOrBuilder

LintPolicyResponseOrBuilder

LintResultOrBuilder

ListRolesRequestOrBuilder

ListRolesResponseOrBuilder

ListServiceAccountKeysRequestOrBuilder

ListServiceAccountKeysResponseOrBuilder

ListServiceAccountsRequestOrBuilder

ListServiceAccountsResponseOrBuilder

PatchServiceAccountRequestOrBuilder

PermissionOrBuilder

QueryAuditableServicesRequestOrBuilder

QueryAuditableServicesResponse.AuditableServiceOrBuilder

QueryAuditableServicesResponseOrBuilder

QueryGrantableRolesRequestOrBuilder

QueryGrantableRolesResponseOrBuilder

QueryTestablePermissionsRequestOrBuilder

QueryTestablePermissionsResponseOrBuilder

RoleOrBuilder

ServiceAccountKeyOrBuilder

ServiceAccountOrBuilder

SignBlobRequestOrBuilder

SignBlobResponseOrBuilder

SignJwtRequestOrBuilder

SignJwtResponseOrBuilder

UndeleteRoleRequestOrBuilder

UndeleteServiceAccountRequestOrBuilder

UndeleteServiceAccountResponseOrBuilder

UpdateRoleRequestOrBuilder

UploadServiceAccountKeyRequestOrBuilder

Enums

LintPolicyRequest.LintObjectCase

LintResult.Level

Possible Level values of a validation unit corresponding to its domain of discourse.

Protobuf enum google.iam.admin.v1.LintResult.Level

LintResult.Severity

Possible Severity values of an issued result.

Protobuf enum google.iam.admin.v1.LintResult.Severity

ListServiceAccountKeysRequest.KeyType

KeyType filters to selectively retrieve certain varieties of keys.

Protobuf enum google.iam.admin.v1.ListServiceAccountKeysRequest.KeyType

Permission.CustomRolesSupportLevel

The state of the permission with regards to custom roles.

Protobuf enum google.iam.admin.v1.Permission.CustomRolesSupportLevel

Permission.PermissionLaunchStage

A stage representing a permission's lifecycle phase.

Protobuf enum google.iam.admin.v1.Permission.PermissionLaunchStage

Role.RoleLaunchStage

A stage representing a role's lifecycle phase.

Protobuf enum google.iam.admin.v1.Role.RoleLaunchStage

RoleView

A view for Role objects.

Protobuf enum google.iam.admin.v1.RoleView

ServiceAccountKeyAlgorithm

Supported key algorithms.

Protobuf enum google.iam.admin.v1.ServiceAccountKeyAlgorithm

ServiceAccountKeyOrigin

Service Account Key Origin.

Protobuf enum google.iam.admin.v1.ServiceAccountKeyOrigin

ServiceAccountPrivateKeyType

Supported private key output formats.

Protobuf enum google.iam.admin.v1.ServiceAccountPrivateKeyType

ServiceAccountPublicKeyType

Supported public key output formats.

Protobuf enum google.iam.admin.v1.ServiceAccountPublicKeyType