- 3.49.0 (latest)
- 3.48.0
- 3.47.0
- 3.44.0
- 3.43.0
- 3.42.0
- 3.41.0
- 3.40.0
- 3.39.0
- 3.38.0
- 3.37.0
- 3.36.0
- 3.35.0
- 3.34.0
- 3.32.0
- 3.31.0
- 3.30.0
- 3.29.0
- 3.28.0
- 3.27.0
- 3.26.0
- 3.25.0
- 3.24.0
- 3.23.0
- 3.22.0
- 3.19.0
- 3.18.0
- 3.17.0
- 3.16.0
- 3.15.0
- 3.14.0
- 3.13.0
- 3.12.0
- 3.11.0
- 3.10.0
- 3.9.0
- 3.8.0
- 3.7.0
- 3.6.0
- 3.4.0
- 3.3.0
- 3.2.0
- 3.1.0
- 3.0.0
- 2.0.0
- 1.2.5
- 1.1.8
- 0.2.0
GitHub Repository | Product Reference |
Service Description: Creates and manages Identity and Access Management (IAM) resources.
You can use this service to work with all of the following resources:
- **Service accounts**, which identify an application or a virtual machine (VM) instance rather than a person
- **Service account keys**, which service accounts use to authenticate with Google APIs
- **IAM policies for service accounts**, which specify the roles that a principal has for the service account
- **IAM custom roles**, which help you limit the number of permissions that you grant to principals
In addition, you can use this service to complete the following tasks, among others:
- Test whether a service account can use specific permissions
- Check which roles you can grant for a specific resource
- Lint, or validate, condition expressions in an IAM policy
When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.
In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
ServiceAccount response = iAMClient.getServiceAccount(name);
}
Note: close() needs to be called on the IAMClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
Method | Description | Method Variants |
---|---|---|
ListServiceAccounts | Lists every ServiceAccount that belongs to a specific project. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
GetServiceAccount | Gets a ServiceAccount. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
CreateServiceAccount | Creates a ServiceAccount. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
UpdateServiceAccount | **Note:** We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount. You can update only the |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
PatchServiceAccount | Patches a ServiceAccount. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
DeleteServiceAccount | Deletes a ServiceAccount. **Warning:** After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
UndeleteServiceAccount | Restores a deleted ServiceAccount. **Important:** It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
EnableServiceAccount | Enables a ServiceAccount that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
DisableServiceAccount | Disables a ServiceAccount immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
ListServiceAccountKeys | Lists every ServiceAccountKey for a service account. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
GetServiceAccountKey | Gets a ServiceAccountKey. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
CreateServiceAccountKey | Creates a ServiceAccountKey. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
UploadServiceAccountKey | Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount. After you upload the public key, you can use the private key from the key pair as a service account key. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
DeleteServiceAccountKey | Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
DisableServiceAccountKey | Disable a ServiceAccountKey. A disabled service account key can be re-enabled with EnableServiceAccountKey. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
EnableServiceAccountKey | Enable a ServiceAccountKey. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
SignBlob | **Note:** This method is deprecated. Use the Signs a blob using the system-managed private key for a ServiceAccount. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
SignJwt | **Note:** This method is deprecated. Use the Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
GetIamPolicy | Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
SetIamPolicy | Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
TestIamPermissions | Tests whether the caller has the specified permissions on a ServiceAccount. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
QueryGrantableRoles | Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
"Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
ListRoles | Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
GetRole | Gets the definition of a Role. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
CreateRole | Creates a new custom Role. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
UpdateRole | Updates the definition of a custom Role. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
DeleteRole | Deletes a custom Role. When you delete a custom role, the following changes occur immediately:
You have 7 days to undelete the custom role. After 7 days, the following changes occur:
|
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
UndeleteRole | Undeletes a custom Role. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
QueryTestablePermissions | Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
QueryAuditableServices | Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the Logging documentation. |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
LintPolicy | Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP |
Request object method variants only take one parameter, a request object, which must be constructed before the call.
Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service.
|
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of IAMSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
IAMSettings iAMSettings =
IAMSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
IAMClient iAMClient = IAMClient.create(iAMSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
IAMSettings iAMSettings = IAMSettings.newBuilder().setEndpoint(myEndpoint).build();
IAMClient iAMClient = IAMClient.create(iAMSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
Static Methods
create()
public static final IAMClient create()
Constructs an instance of IAMClient with default settings.
Returns | |
---|---|
Type | Description |
IAMClient |
Exceptions | |
---|---|
Type | Description |
IOException |
create(IAMSettings settings)
public static final IAMClient create(IAMSettings settings)
Constructs an instance of IAMClient, using the given settings. The channels are created based on the settings passed in, or defaults for any settings that are not set.
Parameter | |
---|---|
Name | Description |
settings | IAMSettings |
Returns | |
---|---|
Type | Description |
IAMClient |
Exceptions | |
---|---|
Type | Description |
IOException |
create(IAMStub stub)
public static final IAMClient create(IAMStub stub)
Constructs an instance of IAMClient, using the given stub for making calls. This is for advanced usage - prefer using create(IAMSettings).
Parameter | |
---|---|
Name | Description |
stub | IAMStub |
Returns | |
---|---|
Type | Description |
IAMClient |
Constructors
IAMClient(IAMSettings settings)
protected IAMClient(IAMSettings settings)
Constructs an instance of IAMClient, using the given settings. This is protected so that it is easy to make a subclass, but otherwise, the static factory methods should be preferred.
Parameter | |
---|---|
Name | Description |
settings | IAMSettings |
IAMClient(IAMStub stub)
protected IAMClient(IAMStub stub)
Parameter | |
---|---|
Name | Description |
stub | IAMStub |
Methods
awaitTermination(long duration, TimeUnit unit)
public boolean awaitTermination(long duration, TimeUnit unit)
Parameters | |
---|---|
Name | Description |
duration | long |
unit | TimeUnit |
Returns | |
---|---|
Type | Description |
boolean |
Exceptions | |
---|---|
Type | Description |
InterruptedException |
close()
public final void close()
createRole(CreateRoleRequest request)
public final Role createRole(CreateRoleRequest request)
Creates a new custom Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
CreateRoleRequest request =
CreateRoleRequest.newBuilder()
.setParent(ProjectName.of("[PROJECT]").toString())
.setRoleId("roleId-925416399")
.setRole(Role.newBuilder().build())
.build();
Role response = iAMClient.createRole(request);
}
Parameter | |
---|---|
Name | Description |
request | CreateRoleRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
Role |
createRoleCallable()
public final UnaryCallable<CreateRoleRequest,Role> createRoleCallable()
Creates a new custom Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
CreateRoleRequest request =
CreateRoleRequest.newBuilder()
.setParent(ProjectName.of("[PROJECT]").toString())
.setRoleId("roleId-925416399")
.setRole(Role.newBuilder().build())
.build();
ApiFuture<Role> future = iAMClient.createRoleCallable().futureCall(request);
// Do something.
Role response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<CreateRoleRequest,Role> |
createServiceAccount(CreateServiceAccountRequest request)
public final ServiceAccount createServiceAccount(CreateServiceAccountRequest request)
Creates a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
CreateServiceAccountRequest request =
CreateServiceAccountRequest.newBuilder()
.setName(ProjectName.of("[PROJECT]").toString())
.setAccountId("accountId-1827029976")
.setServiceAccount(ServiceAccount.newBuilder().build())
.build();
ServiceAccount response = iAMClient.createServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | CreateServiceAccountRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ServiceAccount |
createServiceAccount(ProjectName name, String accountId, ServiceAccount serviceAccount)
public final ServiceAccount createServiceAccount(ProjectName name, String accountId, ServiceAccount serviceAccount)
Creates a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ProjectName name = ProjectName.of("[PROJECT]");
String accountId = "accountId-1827029976";
ServiceAccount serviceAccount = ServiceAccount.newBuilder().build();
ServiceAccount response = iAMClient.createServiceAccount(name, accountId, serviceAccount);
}
Parameters | |
---|---|
Name | Description |
name | ProjectName Required. The resource name of the project associated with the service accounts,
such as |
accountId | String Required. The account id that is used to generate the service account email
address and a stable unique id. It is unique within a project, must be 6-30 characters
long, and match the regular expression |
serviceAccount | ServiceAccount The ServiceAccount resource to
create. Currently, only the following values are user assignable: |
Returns | |
---|---|
Type | Description |
ServiceAccount |
createServiceAccount(String name, String accountId, ServiceAccount serviceAccount)
public final ServiceAccount createServiceAccount(String name, String accountId, ServiceAccount serviceAccount)
Creates a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ProjectName.of("[PROJECT]").toString();
String accountId = "accountId-1827029976";
ServiceAccount serviceAccount = ServiceAccount.newBuilder().build();
ServiceAccount response = iAMClient.createServiceAccount(name, accountId, serviceAccount);
}
Parameters | |
---|---|
Name | Description |
name | String Required. The resource name of the project associated with the service accounts,
such as |
accountId | String Required. The account id that is used to generate the service account email
address and a stable unique id. It is unique within a project, must be 6-30 characters
long, and match the regular expression |
serviceAccount | ServiceAccount The ServiceAccount resource to
create. Currently, only the following values are user assignable: |
Returns | |
---|---|
Type | Description |
ServiceAccount |
createServiceAccountCallable()
public final UnaryCallable<CreateServiceAccountRequest,ServiceAccount> createServiceAccountCallable()
Creates a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
CreateServiceAccountRequest request =
CreateServiceAccountRequest.newBuilder()
.setName(ProjectName.of("[PROJECT]").toString())
.setAccountId("accountId-1827029976")
.setServiceAccount(ServiceAccount.newBuilder().build())
.build();
ApiFuture<ServiceAccount> future =
iAMClient.createServiceAccountCallable().futureCall(request);
// Do something.
ServiceAccount response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<CreateServiceAccountRequest,ServiceAccount> |
createServiceAccountKey(CreateServiceAccountKeyRequest request)
public final ServiceAccountKey createServiceAccountKey(CreateServiceAccountKeyRequest request)
Creates a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
CreateServiceAccountKeyRequest request =
CreateServiceAccountKeyRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setPrivateKeyType(ServiceAccountPrivateKeyType.forNumber(0))
.setKeyAlgorithm(ServiceAccountKeyAlgorithm.forNumber(0))
.build();
ServiceAccountKey response = iAMClient.createServiceAccountKey(request);
}
Parameter | |
---|---|
Name | Description |
request | CreateServiceAccountKeyRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ServiceAccountKey |
createServiceAccountKey(ServiceAccountName name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm)
public final ServiceAccountKey createServiceAccountKey(ServiceAccountName name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm)
Creates a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
ServiceAccountPrivateKeyType privateKeyType = ServiceAccountPrivateKeyType.forNumber(0);
ServiceAccountKeyAlgorithm keyAlgorithm = ServiceAccountKeyAlgorithm.forNumber(0);
ServiceAccountKey response =
iAMClient.createServiceAccountKey(name, privateKeyType, keyAlgorithm);
}
Parameters | |
---|---|
Name | Description |
name | ServiceAccountName Required. The resource name of the service account in the following format:
|
privateKeyType | ServiceAccountPrivateKeyType The output format of the private key. The default value is
|
keyAlgorithm | ServiceAccountKeyAlgorithm Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future. |
Returns | |
---|---|
Type | Description |
ServiceAccountKey |
createServiceAccountKey(String name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm)
public final ServiceAccountKey createServiceAccountKey(String name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm)
Creates a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString();
ServiceAccountPrivateKeyType privateKeyType = ServiceAccountPrivateKeyType.forNumber(0);
ServiceAccountKeyAlgorithm keyAlgorithm = ServiceAccountKeyAlgorithm.forNumber(0);
ServiceAccountKey response =
iAMClient.createServiceAccountKey(name, privateKeyType, keyAlgorithm);
}
Parameters | |
---|---|
Name | Description |
name | String Required. The resource name of the service account in the following format:
|
privateKeyType | ServiceAccountPrivateKeyType The output format of the private key. The default value is
|
keyAlgorithm | ServiceAccountKeyAlgorithm Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future. |
Returns | |
---|---|
Type | Description |
ServiceAccountKey |
createServiceAccountKeyCallable()
public final UnaryCallable<CreateServiceAccountKeyRequest,ServiceAccountKey> createServiceAccountKeyCallable()
Creates a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
CreateServiceAccountKeyRequest request =
CreateServiceAccountKeyRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setPrivateKeyType(ServiceAccountPrivateKeyType.forNumber(0))
.setKeyAlgorithm(ServiceAccountKeyAlgorithm.forNumber(0))
.build();
ApiFuture<ServiceAccountKey> future =
iAMClient.createServiceAccountKeyCallable().futureCall(request);
// Do something.
ServiceAccountKey response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<CreateServiceAccountKeyRequest,ServiceAccountKey> |
deleteRole(DeleteRoleRequest request)
public final Role deleteRole(DeleteRoleRequest request)
Deletes a custom Role.
When you delete a custom role, the following changes occur immediately:
- You cannot bind a principal to the custom role in an IAM Policy.
- Existing bindings to the custom role are not changed, but they have no effect.
- By default, the response from ListRoles does not include the custom role.
You have 7 days to undelete the custom role. After 7 days, the following changes occur:
- The custom role is permanently deleted and cannot be recovered.
- If an IAM policy contains a binding to the custom role, the binding is permanently removed.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DeleteRoleRequest request =
DeleteRoleRequest.newBuilder()
.setName("DeleteRoleRequest1468559982".toString())
.setEtag(ByteString.EMPTY)
.build();
Role response = iAMClient.deleteRole(request);
}
Parameter | |
---|---|
Name | Description |
request | DeleteRoleRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
Role |
deleteRoleCallable()
public final UnaryCallable<DeleteRoleRequest,Role> deleteRoleCallable()
Deletes a custom Role.
When you delete a custom role, the following changes occur immediately:
- You cannot bind a principal to the custom role in an IAM Policy.
- Existing bindings to the custom role are not changed, but they have no effect.
- By default, the response from ListRoles does not include the custom role.
You have 7 days to undelete the custom role. After 7 days, the following changes occur:
- The custom role is permanently deleted and cannot be recovered.
- If an IAM policy contains a binding to the custom role, the binding is permanently removed.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DeleteRoleRequest request =
DeleteRoleRequest.newBuilder()
.setName("DeleteRoleRequest1468559982".toString())
.setEtag(ByteString.EMPTY)
.build();
ApiFuture<Role> future = iAMClient.deleteRoleCallable().futureCall(request);
// Do something.
Role response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<DeleteRoleRequest,Role> |
deleteServiceAccount(DeleteServiceAccountRequest request)
public final void deleteServiceAccount(DeleteServiceAccountRequest request)
Deletes a ServiceAccount.
**Warning:** After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead.
If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DeleteServiceAccountRequest request =
DeleteServiceAccountRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.build();
iAMClient.deleteServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | DeleteServiceAccountRequest The request object containing all of the parameters for the API call. |
deleteServiceAccount(ServiceAccountName name)
public final void deleteServiceAccount(ServiceAccountName name)
Deletes a ServiceAccount.
**Warning:** After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead.
If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
iAMClient.deleteServiceAccount(name);
}
Parameter | |
---|---|
Name | Description |
name | ServiceAccountName Required. The resource name of the service account in the following format:
|
deleteServiceAccount(String name)
public final void deleteServiceAccount(String name)
Deletes a ServiceAccount.
**Warning:** After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead.
If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString();
iAMClient.deleteServiceAccount(name);
}
Parameter | |
---|---|
Name | Description |
name | String Required. The resource name of the service account in the following format:
|
deleteServiceAccountCallable()
public final UnaryCallable<DeleteServiceAccountRequest,Empty> deleteServiceAccountCallable()
Deletes a ServiceAccount.
**Warning:** After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead.
If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DeleteServiceAccountRequest request =
DeleteServiceAccountRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.build();
ApiFuture<Empty> future = iAMClient.deleteServiceAccountCallable().futureCall(request);
// Do something.
future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<DeleteServiceAccountRequest,Empty> |
deleteServiceAccountKey(DeleteServiceAccountKeyRequest request)
public final void deleteServiceAccountKey(DeleteServiceAccountKeyRequest request)
Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DeleteServiceAccountKeyRequest request =
DeleteServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.build();
iAMClient.deleteServiceAccountKey(request);
}
Parameter | |
---|---|
Name | Description |
request | DeleteServiceAccountKeyRequest The request object containing all of the parameters for the API call. |
deleteServiceAccountKey(KeyName name)
public final void deleteServiceAccountKey(KeyName name)
Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
KeyName name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]");
iAMClient.deleteServiceAccountKey(name);
}
Parameter | |
---|---|
Name | Description |
name | KeyName Required. The resource name of the service account key in the following format:
|
deleteServiceAccountKey(String name)
public final void deleteServiceAccountKey(String name)
Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString();
iAMClient.deleteServiceAccountKey(name);
}
Parameter | |
---|---|
Name | Description |
name | String Required. The resource name of the service account key in the following format:
|
deleteServiceAccountKeyCallable()
public final UnaryCallable<DeleteServiceAccountKeyRequest,Empty> deleteServiceAccountKeyCallable()
Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DeleteServiceAccountKeyRequest request =
DeleteServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.build();
ApiFuture<Empty> future = iAMClient.deleteServiceAccountKeyCallable().futureCall(request);
// Do something.
future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<DeleteServiceAccountKeyRequest,Empty> |
disableServiceAccount(DisableServiceAccountRequest request)
public final void disableServiceAccount(DisableServiceAccountRequest request)
Disables a ServiceAccount immediately.
If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail.
To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DisableServiceAccountRequest request =
DisableServiceAccountRequest.newBuilder().setName("name3373707").build();
iAMClient.disableServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | DisableServiceAccountRequest The request object containing all of the parameters for the API call. |
disableServiceAccountCallable()
public final UnaryCallable<DisableServiceAccountRequest,Empty> disableServiceAccountCallable()
Disables a ServiceAccount immediately.
If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail.
To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DisableServiceAccountRequest request =
DisableServiceAccountRequest.newBuilder().setName("name3373707").build();
ApiFuture<Empty> future = iAMClient.disableServiceAccountCallable().futureCall(request);
// Do something.
future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<DisableServiceAccountRequest,Empty> |
disableServiceAccountKey(DisableServiceAccountKeyRequest request)
public final void disableServiceAccountKey(DisableServiceAccountKeyRequest request)
Disable a ServiceAccountKey. A disabled service account key can be re-enabled with EnableServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DisableServiceAccountKeyRequest request =
DisableServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.build();
iAMClient.disableServiceAccountKey(request);
}
Parameter | |
---|---|
Name | Description |
request | DisableServiceAccountKeyRequest The request object containing all of the parameters for the API call. |
disableServiceAccountKey(KeyName name)
public final void disableServiceAccountKey(KeyName name)
Disable a ServiceAccountKey. A disabled service account key can be re-enabled with EnableServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
KeyName name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]");
iAMClient.disableServiceAccountKey(name);
}
Parameter | |
---|---|
Name | Description |
name | KeyName Required. The resource name of the service account key in the following format:
Using |
disableServiceAccountKey(String name)
public final void disableServiceAccountKey(String name)
Disable a ServiceAccountKey. A disabled service account key can be re-enabled with EnableServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString();
iAMClient.disableServiceAccountKey(name);
}
Parameter | |
---|---|
Name | Description |
name | String Required. The resource name of the service account key in the following format:
Using |
disableServiceAccountKeyCallable()
public final UnaryCallable<DisableServiceAccountKeyRequest,Empty> disableServiceAccountKeyCallable()
Disable a ServiceAccountKey. A disabled service account key can be re-enabled with EnableServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
DisableServiceAccountKeyRequest request =
DisableServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.build();
ApiFuture<Empty> future = iAMClient.disableServiceAccountKeyCallable().futureCall(request);
// Do something.
future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<DisableServiceAccountKeyRequest,Empty> |
enableServiceAccount(EnableServiceAccountRequest request)
public final void enableServiceAccount(EnableServiceAccountRequest request)
Enables a ServiceAccount that was disabled by DisableServiceAccount.
If the service account is already enabled, then this method has no effect.
If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
EnableServiceAccountRequest request =
EnableServiceAccountRequest.newBuilder().setName("name3373707").build();
iAMClient.enableServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | EnableServiceAccountRequest The request object containing all of the parameters for the API call. |
enableServiceAccountCallable()
public final UnaryCallable<EnableServiceAccountRequest,Empty> enableServiceAccountCallable()
Enables a ServiceAccount that was disabled by DisableServiceAccount.
If the service account is already enabled, then this method has no effect.
If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
EnableServiceAccountRequest request =
EnableServiceAccountRequest.newBuilder().setName("name3373707").build();
ApiFuture<Empty> future = iAMClient.enableServiceAccountCallable().futureCall(request);
// Do something.
future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<EnableServiceAccountRequest,Empty> |
enableServiceAccountKey(EnableServiceAccountKeyRequest request)
public final void enableServiceAccountKey(EnableServiceAccountKeyRequest request)
Enable a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
EnableServiceAccountKeyRequest request =
EnableServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.build();
iAMClient.enableServiceAccountKey(request);
}
Parameter | |
---|---|
Name | Description |
request | EnableServiceAccountKeyRequest The request object containing all of the parameters for the API call. |
enableServiceAccountKey(KeyName name)
public final void enableServiceAccountKey(KeyName name)
Enable a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
KeyName name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]");
iAMClient.enableServiceAccountKey(name);
}
Parameter | |
---|---|
Name | Description |
name | KeyName Required. The resource name of the service account key in the following format:
Using |
enableServiceAccountKey(String name)
public final void enableServiceAccountKey(String name)
Enable a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString();
iAMClient.enableServiceAccountKey(name);
}
Parameter | |
---|---|
Name | Description |
name | String Required. The resource name of the service account key in the following format:
Using |
enableServiceAccountKeyCallable()
public final UnaryCallable<EnableServiceAccountKeyRequest,Empty> enableServiceAccountKeyCallable()
Enable a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
EnableServiceAccountKeyRequest request =
EnableServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.build();
ApiFuture<Empty> future = iAMClient.enableServiceAccountKeyCallable().futureCall(request);
// Do something.
future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<EnableServiceAccountKeyRequest,Empty> |
getIamPolicy(ResourceName resource)
public final Policy getIamPolicy(ResourceName resource)
Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account.
This method does not tell you whether the service account has been granted any roles on
other resources. To check whether a service account has role grants on a resource, use the
getIamPolicy
method for that resource. For example, to view the role grants for a project,
call the Resource Manager API's
projects.getIamPolicy
method.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ResourceName resource = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
Policy response = iAMClient.getIamPolicy(resource);
}
Parameter | |
---|---|
Name | Description |
resource | com.google.api.resourcenames.ResourceName REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.Policy |
getIamPolicy(GetIamPolicyRequest request)
public final Policy getIamPolicy(GetIamPolicyRequest request)
Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account.
This method does not tell you whether the service account has been granted any roles on
other resources. To check whether a service account has role grants on a resource, use the
getIamPolicy
method for that resource. For example, to view the role grants for a project,
call the Resource Manager API's
projects.getIamPolicy
method.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetIamPolicyRequest request =
GetIamPolicyRequest.newBuilder()
.setResource(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setOptions(GetPolicyOptions.newBuilder().build())
.build();
Policy response = iAMClient.getIamPolicy(request);
}
Parameter | |
---|---|
Name | Description |
request | com.google.iam.v1.GetIamPolicyRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.Policy |
getIamPolicy(String resource)
public final Policy getIamPolicy(String resource)
Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account.
This method does not tell you whether the service account has been granted any roles on
other resources. To check whether a service account has role grants on a resource, use the
getIamPolicy
method for that resource. For example, to view the role grants for a project,
call the Resource Manager API's
projects.getIamPolicy
method.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String resource = ProjectName.of("[PROJECT]").toString();
Policy response = iAMClient.getIamPolicy(resource);
}
Parameter | |
---|---|
Name | Description |
resource | String REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.Policy |
getIamPolicyCallable()
public final UnaryCallable<GetIamPolicyRequest,Policy> getIamPolicyCallable()
Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account.
This method does not tell you whether the service account has been granted any roles on
other resources. To check whether a service account has role grants on a resource, use the
getIamPolicy
method for that resource. For example, to view the role grants for a project,
call the Resource Manager API's
projects.getIamPolicy
method.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetIamPolicyRequest request =
GetIamPolicyRequest.newBuilder()
.setResource(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setOptions(GetPolicyOptions.newBuilder().build())
.build();
ApiFuture<Policy> future = iAMClient.getIamPolicyCallable().futureCall(request);
// Do something.
Policy response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<com.google.iam.v1.GetIamPolicyRequest,com.google.iam.v1.Policy> |
getRole(GetRoleRequest request)
public final Role getRole(GetRoleRequest request)
Gets the definition of a Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetRoleRequest request =
GetRoleRequest.newBuilder().setName("GetRoleRequest84528163".toString()).build();
Role response = iAMClient.getRole(request);
}
Parameter | |
---|---|
Name | Description |
request | GetRoleRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
Role |
getRoleCallable()
public final UnaryCallable<GetRoleRequest,Role> getRoleCallable()
Gets the definition of a Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetRoleRequest request =
GetRoleRequest.newBuilder().setName("GetRoleRequest84528163".toString()).build();
ApiFuture<Role> future = iAMClient.getRoleCallable().futureCall(request);
// Do something.
Role response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<GetRoleRequest,Role> |
getServiceAccount(GetServiceAccountRequest request)
public final ServiceAccount getServiceAccount(GetServiceAccountRequest request)
Gets a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetServiceAccountRequest request =
GetServiceAccountRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.build();
ServiceAccount response = iAMClient.getServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | GetServiceAccountRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ServiceAccount |
getServiceAccount(ServiceAccountName name)
public final ServiceAccount getServiceAccount(ServiceAccountName name)
Gets a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
ServiceAccount response = iAMClient.getServiceAccount(name);
}
Parameter | |
---|---|
Name | Description |
name | ServiceAccountName Required. The resource name of the service account in the following format:
|
Returns | |
---|---|
Type | Description |
ServiceAccount |
getServiceAccount(String name)
public final ServiceAccount getServiceAccount(String name)
Gets a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString();
ServiceAccount response = iAMClient.getServiceAccount(name);
}
Parameter | |
---|---|
Name | Description |
name | String Required. The resource name of the service account in the following format:
|
Returns | |
---|---|
Type | Description |
ServiceAccount |
getServiceAccountCallable()
public final UnaryCallable<GetServiceAccountRequest,ServiceAccount> getServiceAccountCallable()
Gets a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetServiceAccountRequest request =
GetServiceAccountRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.build();
ApiFuture<ServiceAccount> future = iAMClient.getServiceAccountCallable().futureCall(request);
// Do something.
ServiceAccount response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<GetServiceAccountRequest,ServiceAccount> |
getServiceAccountKey(GetServiceAccountKeyRequest request)
public final ServiceAccountKey getServiceAccountKey(GetServiceAccountKeyRequest request)
Gets a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetServiceAccountKeyRequest request =
GetServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.setPublicKeyType(ServiceAccountPublicKeyType.forNumber(0))
.build();
ServiceAccountKey response = iAMClient.getServiceAccountKey(request);
}
Parameter | |
---|---|
Name | Description |
request | GetServiceAccountKeyRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ServiceAccountKey |
getServiceAccountKey(KeyName name, ServiceAccountPublicKeyType publicKeyType)
public final ServiceAccountKey getServiceAccountKey(KeyName name, ServiceAccountPublicKeyType publicKeyType)
Gets a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
KeyName name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]");
ServiceAccountPublicKeyType publicKeyType = ServiceAccountPublicKeyType.forNumber(0);
ServiceAccountKey response = iAMClient.getServiceAccountKey(name, publicKeyType);
}
Parameters | |
---|---|
Name | Description |
name | KeyName Required. The resource name of the service account key in the following format:
Using |
publicKeyType | ServiceAccountPublicKeyType Optional. The output format of the public key. The default is |
Returns | |
---|---|
Type | Description |
ServiceAccountKey |
getServiceAccountKey(String name, ServiceAccountPublicKeyType publicKeyType)
public final ServiceAccountKey getServiceAccountKey(String name, ServiceAccountPublicKeyType publicKeyType)
Gets a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString();
ServiceAccountPublicKeyType publicKeyType = ServiceAccountPublicKeyType.forNumber(0);
ServiceAccountKey response = iAMClient.getServiceAccountKey(name, publicKeyType);
}
Parameters | |
---|---|
Name | Description |
name | String Required. The resource name of the service account key in the following format:
Using |
publicKeyType | ServiceAccountPublicKeyType Optional. The output format of the public key. The default is |
Returns | |
---|---|
Type | Description |
ServiceAccountKey |
getServiceAccountKeyCallable()
public final UnaryCallable<GetServiceAccountKeyRequest,ServiceAccountKey> getServiceAccountKeyCallable()
Gets a ServiceAccountKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
GetServiceAccountKeyRequest request =
GetServiceAccountKeyRequest.newBuilder()
.setName(KeyName.of("[PROJECT]", "[SERVICE_ACCOUNT]", "[KEY]").toString())
.setPublicKeyType(ServiceAccountPublicKeyType.forNumber(0))
.build();
ApiFuture<ServiceAccountKey> future =
iAMClient.getServiceAccountKeyCallable().futureCall(request);
// Do something.
ServiceAccountKey response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<GetServiceAccountKeyRequest,ServiceAccountKey> |
getSettings()
public final IAMSettings getSettings()
Returns | |
---|---|
Type | Description |
IAMSettings |
getStub()
public IAMStub getStub()
Returns | |
---|---|
Type | Description |
IAMStub |
isShutdown()
public boolean isShutdown()
Returns | |
---|---|
Type | Description |
boolean |
isTerminated()
public boolean isTerminated()
Returns | |
---|---|
Type | Description |
boolean |
lintPolicy(LintPolicyRequest request)
public final LintPolicyResponse lintPolicy(LintPolicyRequest request)
Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding.
Successful calls to this method always return an HTTP 200 OK
status code, even if the
linter detects an issue in the IAM policy.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
LintPolicyRequest request =
LintPolicyRequest.newBuilder().setFullResourceName("fullResourceName-853732376").build();
LintPolicyResponse response = iAMClient.lintPolicy(request);
}
Parameter | |
---|---|
Name | Description |
request | LintPolicyRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
LintPolicyResponse |
lintPolicyCallable()
public final UnaryCallable<LintPolicyRequest,LintPolicyResponse> lintPolicyCallable()
Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding.
Successful calls to this method always return an HTTP 200 OK
status code, even if the
linter detects an issue in the IAM policy.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
LintPolicyRequest request =
LintPolicyRequest.newBuilder().setFullResourceName("fullResourceName-853732376").build();
ApiFuture<LintPolicyResponse> future = iAMClient.lintPolicyCallable().futureCall(request);
// Do something.
LintPolicyResponse response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<LintPolicyRequest,LintPolicyResponse> |
listRoles(ListRolesRequest request)
public final IAMClient.ListRolesPagedResponse listRoles(ListRolesRequest request)
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListRolesRequest request =
ListRolesRequest.newBuilder()
.setParent(ProjectName.of("[PROJECT]").toString())
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.setView(RoleView.forNumber(0))
.setShowDeleted(true)
.build();
for (Role element : iAMClient.listRoles(request).iterateAll()) {
// doThingsWith(element);
}
}
Parameter | |
---|---|
Name | Description |
request | ListRolesRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
IAMClient.ListRolesPagedResponse |
listRolesCallable()
public final UnaryCallable<ListRolesRequest,ListRolesResponse> listRolesCallable()
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListRolesRequest request =
ListRolesRequest.newBuilder()
.setParent(ProjectName.of("[PROJECT]").toString())
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.setView(RoleView.forNumber(0))
.setShowDeleted(true)
.build();
while (true) {
ListRolesResponse response = iAMClient.listRolesCallable().call(request);
for (Role element : response.getRolesList()) {
// doThingsWith(element);
}
String nextPageToken = response.getNextPageToken();
if (!Strings.isNullOrEmpty(nextPageToken)) {
request = request.toBuilder().setPageToken(nextPageToken).build();
} else {
break;
}
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<ListRolesRequest,ListRolesResponse> |
listRolesPagedCallable()
public final UnaryCallable<ListRolesRequest,IAMClient.ListRolesPagedResponse> listRolesPagedCallable()
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListRolesRequest request =
ListRolesRequest.newBuilder()
.setParent(ProjectName.of("[PROJECT]").toString())
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.setView(RoleView.forNumber(0))
.setShowDeleted(true)
.build();
ApiFuture<Role> future = iAMClient.listRolesPagedCallable().futureCall(request);
// Do something.
for (Role element : future.get().iterateAll()) {
// doThingsWith(element);
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<ListRolesRequest,ListRolesPagedResponse> |
listServiceAccountKeys(ListServiceAccountKeysRequest request)
public final ListServiceAccountKeysResponse listServiceAccountKeys(ListServiceAccountKeysRequest request)
Lists every ServiceAccountKey for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListServiceAccountKeysRequest request =
ListServiceAccountKeysRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.addAllKeyTypes(new ArrayList<ListServiceAccountKeysRequest.KeyType>())
.build();
ListServiceAccountKeysResponse response = iAMClient.listServiceAccountKeys(request);
}
Parameter | |
---|---|
Name | Description |
request | ListServiceAccountKeysRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ListServiceAccountKeysResponse |
listServiceAccountKeys(ServiceAccountName name, List<ListServiceAccountKeysRequest.KeyType> keyTypes)
public final ListServiceAccountKeysResponse listServiceAccountKeys(ServiceAccountName name, List<ListServiceAccountKeysRequest.KeyType> keyTypes)
Lists every ServiceAccountKey for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
List<ListServiceAccountKeysRequest.KeyType> keyTypes = new ArrayList<>();
ListServiceAccountKeysResponse response = iAMClient.listServiceAccountKeys(name, keyTypes);
}
Parameters | |
---|---|
Name | Description |
name | ServiceAccountName Required. The resource name of the service account in the following format:
Using |
keyTypes | List<KeyType> Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned. |
Returns | |
---|---|
Type | Description |
ListServiceAccountKeysResponse |
listServiceAccountKeys(String name, List<ListServiceAccountKeysRequest.KeyType> keyTypes)
public final ListServiceAccountKeysResponse listServiceAccountKeys(String name, List<ListServiceAccountKeysRequest.KeyType> keyTypes)
Lists every ServiceAccountKey for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString();
List<ListServiceAccountKeysRequest.KeyType> keyTypes = new ArrayList<>();
ListServiceAccountKeysResponse response = iAMClient.listServiceAccountKeys(name, keyTypes);
}
Parameters | |
---|---|
Name | Description |
name | String Required. The resource name of the service account in the following format:
Using |
keyTypes | List<KeyType> Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned. |
Returns | |
---|---|
Type | Description |
ListServiceAccountKeysResponse |
listServiceAccountKeysCallable()
public final UnaryCallable<ListServiceAccountKeysRequest,ListServiceAccountKeysResponse> listServiceAccountKeysCallable()
Lists every ServiceAccountKey for a service account.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListServiceAccountKeysRequest request =
ListServiceAccountKeysRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.addAllKeyTypes(new ArrayList<ListServiceAccountKeysRequest.KeyType>())
.build();
ApiFuture<ListServiceAccountKeysResponse> future =
iAMClient.listServiceAccountKeysCallable().futureCall(request);
// Do something.
ListServiceAccountKeysResponse response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<ListServiceAccountKeysRequest,ListServiceAccountKeysResponse> |
listServiceAccounts(ListServiceAccountsRequest request)
public final IAMClient.ListServiceAccountsPagedResponse listServiceAccounts(ListServiceAccountsRequest request)
Lists every ServiceAccount that belongs to a specific project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListServiceAccountsRequest request =
ListServiceAccountsRequest.newBuilder()
.setName(ProjectName.of("[PROJECT]").toString())
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
for (ServiceAccount element : iAMClient.listServiceAccounts(request).iterateAll()) {
// doThingsWith(element);
}
}
Parameter | |
---|---|
Name | Description |
request | ListServiceAccountsRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
IAMClient.ListServiceAccountsPagedResponse |
listServiceAccounts(ProjectName name)
public final IAMClient.ListServiceAccountsPagedResponse listServiceAccounts(ProjectName name)
Lists every ServiceAccount that belongs to a specific project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ProjectName name = ProjectName.of("[PROJECT]");
for (ServiceAccount element : iAMClient.listServiceAccounts(name).iterateAll()) {
// doThingsWith(element);
}
}
Parameter | |
---|---|
Name | Description |
name | ProjectName Required. The resource name of the project associated with the service accounts,
such as |
Returns | |
---|---|
Type | Description |
IAMClient.ListServiceAccountsPagedResponse |
listServiceAccounts(String name)
public final IAMClient.ListServiceAccountsPagedResponse listServiceAccounts(String name)
Lists every ServiceAccount that belongs to a specific project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ProjectName.of("[PROJECT]").toString();
for (ServiceAccount element : iAMClient.listServiceAccounts(name).iterateAll()) {
// doThingsWith(element);
}
}
Parameter | |
---|---|
Name | Description |
name | String Required. The resource name of the project associated with the service accounts,
such as |
Returns | |
---|---|
Type | Description |
IAMClient.ListServiceAccountsPagedResponse |
listServiceAccountsCallable()
public final UnaryCallable<ListServiceAccountsRequest,ListServiceAccountsResponse> listServiceAccountsCallable()
Lists every ServiceAccount that belongs to a specific project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListServiceAccountsRequest request =
ListServiceAccountsRequest.newBuilder()
.setName(ProjectName.of("[PROJECT]").toString())
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
while (true) {
ListServiceAccountsResponse response =
iAMClient.listServiceAccountsCallable().call(request);
for (ServiceAccount element : response.getAccountsList()) {
// doThingsWith(element);
}
String nextPageToken = response.getNextPageToken();
if (!Strings.isNullOrEmpty(nextPageToken)) {
request = request.toBuilder().setPageToken(nextPageToken).build();
} else {
break;
}
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<ListServiceAccountsRequest,ListServiceAccountsResponse> |
listServiceAccountsPagedCallable()
public final UnaryCallable<ListServiceAccountsRequest,IAMClient.ListServiceAccountsPagedResponse> listServiceAccountsPagedCallable()
Lists every ServiceAccount that belongs to a specific project.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ListServiceAccountsRequest request =
ListServiceAccountsRequest.newBuilder()
.setName(ProjectName.of("[PROJECT]").toString())
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
ApiFuture<ServiceAccount> future =
iAMClient.listServiceAccountsPagedCallable().futureCall(request);
// Do something.
for (ServiceAccount element : future.get().iterateAll()) {
// doThingsWith(element);
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<ListServiceAccountsRequest,ListServiceAccountsPagedResponse> |
patchServiceAccount(PatchServiceAccountRequest request)
public final ServiceAccount patchServiceAccount(PatchServiceAccountRequest request)
Patches a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
PatchServiceAccountRequest request =
PatchServiceAccountRequest.newBuilder()
.setServiceAccount(ServiceAccount.newBuilder().build())
.setUpdateMask(FieldMask.newBuilder().build())
.build();
ServiceAccount response = iAMClient.patchServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | PatchServiceAccountRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ServiceAccount |
patchServiceAccountCallable()
public final UnaryCallable<PatchServiceAccountRequest,ServiceAccount> patchServiceAccountCallable()
Patches a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
PatchServiceAccountRequest request =
PatchServiceAccountRequest.newBuilder()
.setServiceAccount(ServiceAccount.newBuilder().build())
.setUpdateMask(FieldMask.newBuilder().build())
.build();
ApiFuture<ServiceAccount> future =
iAMClient.patchServiceAccountCallable().futureCall(request);
// Do something.
ServiceAccount response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<PatchServiceAccountRequest,ServiceAccount> |
queryAuditableServices(QueryAuditableServicesRequest request)
public final QueryAuditableServicesResponse queryAuditableServices(QueryAuditableServicesRequest request)
Returns a list of services that allow you to opt into audit logs that are not generated by default.
To learn more about audit logs, see the Logging documentation.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryAuditableServicesRequest request =
QueryAuditableServicesRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.build();
QueryAuditableServicesResponse response = iAMClient.queryAuditableServices(request);
}
Parameter | |
---|---|
Name | Description |
request | QueryAuditableServicesRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
QueryAuditableServicesResponse |
queryAuditableServicesCallable()
public final UnaryCallable<QueryAuditableServicesRequest,QueryAuditableServicesResponse> queryAuditableServicesCallable()
Returns a list of services that allow you to opt into audit logs that are not generated by default.
To learn more about audit logs, see the Logging documentation.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryAuditableServicesRequest request =
QueryAuditableServicesRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.build();
ApiFuture<QueryAuditableServicesResponse> future =
iAMClient.queryAuditableServicesCallable().futureCall(request);
// Do something.
QueryAuditableServicesResponse response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<QueryAuditableServicesRequest,QueryAuditableServicesResponse> |
queryGrantableRoles(QueryGrantableRolesRequest request)
public final IAMClient.QueryGrantableRolesPagedResponse queryGrantableRoles(QueryGrantableRolesRequest request)
Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryGrantableRolesRequest request =
QueryGrantableRolesRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.setView(RoleView.forNumber(0))
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
for (Role element : iAMClient.queryGrantableRoles(request).iterateAll()) {
// doThingsWith(element);
}
}
Parameter | |
---|---|
Name | Description |
request | QueryGrantableRolesRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
IAMClient.QueryGrantableRolesPagedResponse |
queryGrantableRoles(String fullResourceName)
public final IAMClient.QueryGrantableRolesPagedResponse queryGrantableRoles(String fullResourceName)
Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String fullResourceName = "fullResourceName-853732376";
for (Role element : iAMClient.queryGrantableRoles(fullResourceName).iterateAll()) {
// doThingsWith(element);
}
}
Parameter | |
---|---|
Name | Description |
fullResourceName | String Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud
Platform project with id |
Returns | |
---|---|
Type | Description |
IAMClient.QueryGrantableRolesPagedResponse |
queryGrantableRolesCallable()
public final UnaryCallable<QueryGrantableRolesRequest,QueryGrantableRolesResponse> queryGrantableRolesCallable()
Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryGrantableRolesRequest request =
QueryGrantableRolesRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.setView(RoleView.forNumber(0))
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
while (true) {
QueryGrantableRolesResponse response =
iAMClient.queryGrantableRolesCallable().call(request);
for (Role element : response.getRolesList()) {
// doThingsWith(element);
}
String nextPageToken = response.getNextPageToken();
if (!Strings.isNullOrEmpty(nextPageToken)) {
request = request.toBuilder().setPageToken(nextPageToken).build();
} else {
break;
}
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<QueryGrantableRolesRequest,QueryGrantableRolesResponse> |
queryGrantableRolesPagedCallable()
public final UnaryCallable<QueryGrantableRolesRequest,IAMClient.QueryGrantableRolesPagedResponse> queryGrantableRolesPagedCallable()
Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryGrantableRolesRequest request =
QueryGrantableRolesRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.setView(RoleView.forNumber(0))
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
ApiFuture<Role> future = iAMClient.queryGrantableRolesPagedCallable().futureCall(request);
// Do something.
for (Role element : future.get().iterateAll()) {
// doThingsWith(element);
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<QueryGrantableRolesRequest,QueryGrantableRolesPagedResponse> |
queryTestablePermissions(QueryTestablePermissionsRequest request)
public final IAMClient.QueryTestablePermissionsPagedResponse queryTestablePermissions(QueryTestablePermissionsRequest request)
Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryTestablePermissionsRequest request =
QueryTestablePermissionsRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
for (Permission element : iAMClient.queryTestablePermissions(request).iterateAll()) {
// doThingsWith(element);
}
}
Parameter | |
---|---|
Name | Description |
request | QueryTestablePermissionsRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
IAMClient.QueryTestablePermissionsPagedResponse |
queryTestablePermissionsCallable()
public final UnaryCallable<QueryTestablePermissionsRequest,QueryTestablePermissionsResponse> queryTestablePermissionsCallable()
Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryTestablePermissionsRequest request =
QueryTestablePermissionsRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
while (true) {
QueryTestablePermissionsResponse response =
iAMClient.queryTestablePermissionsCallable().call(request);
for (Permission element : response.getPermissionsList()) {
// doThingsWith(element);
}
String nextPageToken = response.getNextPageToken();
if (!Strings.isNullOrEmpty(nextPageToken)) {
request = request.toBuilder().setPageToken(nextPageToken).build();
} else {
break;
}
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<QueryTestablePermissionsRequest,QueryTestablePermissionsResponse> |
queryTestablePermissionsPagedCallable()
public final UnaryCallable<QueryTestablePermissionsRequest,IAMClient.QueryTestablePermissionsPagedResponse> queryTestablePermissionsPagedCallable()
Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
QueryTestablePermissionsRequest request =
QueryTestablePermissionsRequest.newBuilder()
.setFullResourceName("fullResourceName-853732376")
.setPageSize(883849137)
.setPageToken("pageToken873572522")
.build();
ApiFuture<Permission> future =
iAMClient.queryTestablePermissionsPagedCallable().futureCall(request);
// Do something.
for (Permission element : future.get().iterateAll()) {
// doThingsWith(element);
}
}
Returns | |
---|---|
Type | Description |
UnaryCallable<QueryTestablePermissionsRequest,QueryTestablePermissionsPagedResponse> |
setIamPolicy(ResourceName resource, Policy policy)
public final Policy setIamPolicy(ResourceName resource, Policy policy)
Sets the IAM policy that is attached to a ServiceAccount.
Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account.
This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:
1. Call the resource's getIamPolicy
method to get its current IAM policy. 2. Edit the
policy so that it binds the service account to an IAM role for the resource. 3. Call the
resource's setIamPolicy
method to update its IAM policy.
For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ResourceName resource = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
Policy policy = Policy.newBuilder().build();
Policy response = iAMClient.setIamPolicy(resource, policy);
}
Parameters | |
---|---|
Name | Description |
resource | com.google.api.resourcenames.ResourceName REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. |
policy | com.google.iam.v1.Policy REQUIRED: The complete policy to be applied to the |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.Policy |
setIamPolicy(SetIamPolicyRequest request)
public final Policy setIamPolicy(SetIamPolicyRequest request)
Sets the IAM policy that is attached to a ServiceAccount.
Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account.
This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:
1. Call the resource's getIamPolicy
method to get its current IAM policy. 2. Edit the
policy so that it binds the service account to an IAM role for the resource. 3. Call the
resource's setIamPolicy
method to update its IAM policy.
For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
SetIamPolicyRequest request =
SetIamPolicyRequest.newBuilder()
.setResource(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setPolicy(Policy.newBuilder().build())
.setUpdateMask(FieldMask.newBuilder().build())
.build();
Policy response = iAMClient.setIamPolicy(request);
}
Parameter | |
---|---|
Name | Description |
request | com.google.iam.v1.SetIamPolicyRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.Policy |
setIamPolicy(String resource, Policy policy)
public final Policy setIamPolicy(String resource, Policy policy)
Sets the IAM policy that is attached to a ServiceAccount.
Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account.
This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:
1. Call the resource's getIamPolicy
method to get its current IAM policy. 2. Edit the
policy so that it binds the service account to an IAM role for the resource. 3. Call the
resource's setIamPolicy
method to update its IAM policy.
For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String resource = ProjectName.of("[PROJECT]").toString();
Policy policy = Policy.newBuilder().build();
Policy response = iAMClient.setIamPolicy(resource, policy);
}
Parameters | |
---|---|
Name | Description |
resource | String REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. |
policy | com.google.iam.v1.Policy REQUIRED: The complete policy to be applied to the |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.Policy |
setIamPolicyCallable()
public final UnaryCallable<SetIamPolicyRequest,Policy> setIamPolicyCallable()
Sets the IAM policy that is attached to a ServiceAccount.
Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account.
This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:
1. Call the resource's getIamPolicy
method to get its current IAM policy. 2. Edit the
policy so that it binds the service account to an IAM role for the resource. 3. Call the
resource's setIamPolicy
method to update its IAM policy.
For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
SetIamPolicyRequest request =
SetIamPolicyRequest.newBuilder()
.setResource(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setPolicy(Policy.newBuilder().build())
.setUpdateMask(FieldMask.newBuilder().build())
.build();
ApiFuture<Policy> future = iAMClient.setIamPolicyCallable().futureCall(request);
// Do something.
Policy response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<com.google.iam.v1.SetIamPolicyRequest,com.google.iam.v1.Policy> |
shutdown()
public void shutdown()
shutdownNow()
public void shutdownNow()
signBlob(ServiceAccountName name, ByteString bytesToSign) (deprecated)
public final SignBlobResponse signBlob(ServiceAccountName name, ByteString bytesToSign)
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signBlob
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a blob using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
ByteString bytesToSign = ByteString.EMPTY;
SignBlobResponse response = iAMClient.signBlob(name, bytesToSign);
}
Parameters | |
---|---|
Name | Description |
name | ServiceAccountName Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format:
|
bytesToSign | ByteString Required. Deprecated. Migrate to Service Account Credentials API. The bytes to sign. |
Returns | |
---|---|
Type | Description |
SignBlobResponse |
signBlob(SignBlobRequest request) (deprecated)
public final SignBlobResponse signBlob(SignBlobRequest request)
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signBlob
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a blob using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
SignBlobRequest request =
SignBlobRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setBytesToSign(ByteString.EMPTY)
.build();
SignBlobResponse response = iAMClient.signBlob(request);
}
Parameter | |
---|---|
Name | Description |
request | SignBlobRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
SignBlobResponse |
signBlob(String name, ByteString bytesToSign) (deprecated)
public final SignBlobResponse signBlob(String name, ByteString bytesToSign)
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signBlob
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a blob using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString();
ByteString bytesToSign = ByteString.EMPTY;
SignBlobResponse response = iAMClient.signBlob(name, bytesToSign);
}
Parameters | |
---|---|
Name | Description |
name | String Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format:
|
bytesToSign | ByteString Required. Deprecated. Migrate to Service Account Credentials API. The bytes to sign. |
Returns | |
---|---|
Type | Description |
SignBlobResponse |
signBlobCallable() (deprecated)
public final UnaryCallable<SignBlobRequest,SignBlobResponse> signBlobCallable()
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signBlob
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a blob using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
SignBlobRequest request =
SignBlobRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setBytesToSign(ByteString.EMPTY)
.build();
ApiFuture<SignBlobResponse> future = iAMClient.signBlobCallable().futureCall(request);
// Do something.
SignBlobResponse response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<SignBlobRequest,SignBlobResponse> |
signJwt(ServiceAccountName name, String payload) (deprecated)
public final SignJwtResponse signJwt(ServiceAccountName name, String payload)
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signJwt
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
String payload = "payload-786701938";
SignJwtResponse response = iAMClient.signJwt(name, payload);
}
Parameters | |
---|---|
Name | Description |
name | ServiceAccountName Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format:
|
payload | String Required. Deprecated. Migrate to Service Account Credentials API. The JWT payload to sign. Must be a serialized JSON object that contains a JWT Claims
Set. For example: If the JWT Claims Set contains an expiration time ( If the JWT Claims Set does not contain an expiration time ( |
Returns | |
---|---|
Type | Description |
SignJwtResponse |
signJwt(SignJwtRequest request) (deprecated)
public final SignJwtResponse signJwt(SignJwtRequest request)
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signJwt
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
SignJwtRequest request =
SignJwtRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setPayload("payload-786701938")
.build();
SignJwtResponse response = iAMClient.signJwt(request);
}
Parameter | |
---|---|
Name | Description |
request | SignJwtRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
SignJwtResponse |
signJwt(String name, String payload) (deprecated)
public final SignJwtResponse signJwt(String name, String payload)
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signJwt
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString();
String payload = "payload-786701938";
SignJwtResponse response = iAMClient.signJwt(name, payload);
}
Parameters | |
---|---|
Name | Description |
name | String Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format:
|
payload | String Required. Deprecated. Migrate to Service Account Credentials API. The JWT payload to sign. Must be a serialized JSON object that contains a JWT Claims
Set. For example: If the JWT Claims Set contains an expiration time ( If the JWT Claims Set does not contain an expiration time ( |
Returns | |
---|---|
Type | Description |
SignJwtResponse |
signJwtCallable() (deprecated)
public final UnaryCallable<SignJwtRequest,SignJwtResponse> signJwtCallable()
Deprecated. This method is deprecated and will be removed in the next major version update.
**Note:** This method is deprecated. Use the
signJwt
method in the IAM Service Account Credentials API instead. If you currently use this method,
see the migration guide for
instructions.
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
SignJwtRequest request =
SignJwtRequest.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setPayload("payload-786701938")
.build();
ApiFuture<SignJwtResponse> future = iAMClient.signJwtCallable().futureCall(request);
// Do something.
SignJwtResponse response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<SignJwtRequest,SignJwtResponse> |
testIamPermissions(ResourceName resource, List<String> permissions)
public final TestIamPermissionsResponse testIamPermissions(ResourceName resource, List<String> permissions)
Tests whether the caller has the specified permissions on a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ResourceName resource = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
List<String> permissions = new ArrayList<>();
TestIamPermissionsResponse response = iAMClient.testIamPermissions(resource, permissions);
}
Parameters | |
---|---|
Name | Description |
resource | com.google.api.resourcenames.ResourceName REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. |
permissions | List<String> The set of permissions to check for the |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.TestIamPermissionsResponse |
testIamPermissions(TestIamPermissionsRequest request)
public final TestIamPermissionsResponse testIamPermissions(TestIamPermissionsRequest request)
Tests whether the caller has the specified permissions on a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
TestIamPermissionsRequest request =
TestIamPermissionsRequest.newBuilder()
.setResource(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.addAllPermissions(new ArrayList<String>())
.build();
TestIamPermissionsResponse response = iAMClient.testIamPermissions(request);
}
Parameter | |
---|---|
Name | Description |
request | com.google.iam.v1.TestIamPermissionsRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.TestIamPermissionsResponse |
testIamPermissions(String resource, List<String> permissions)
public final TestIamPermissionsResponse testIamPermissions(String resource, List<String> permissions)
Tests whether the caller has the specified permissions on a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
String resource = ProjectName.of("[PROJECT]").toString();
List<String> permissions = new ArrayList<>();
TestIamPermissionsResponse response = iAMClient.testIamPermissions(resource, permissions);
}
Parameters | |
---|---|
Name | Description |
resource | String REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. |
permissions | List<String> The set of permissions to check for the |
Returns | |
---|---|
Type | Description |
com.google.iam.v1.TestIamPermissionsResponse |
testIamPermissionsCallable()
public final UnaryCallable<TestIamPermissionsRequest,TestIamPermissionsResponse> testIamPermissionsCallable()
Tests whether the caller has the specified permissions on a ServiceAccount.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
TestIamPermissionsRequest request =
TestIamPermissionsRequest.newBuilder()
.setResource(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.addAllPermissions(new ArrayList<String>())
.build();
ApiFuture<TestIamPermissionsResponse> future =
iAMClient.testIamPermissionsCallable().futureCall(request);
// Do something.
TestIamPermissionsResponse response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<com.google.iam.v1.TestIamPermissionsRequest,com.google.iam.v1.TestIamPermissionsResponse> |
undeleteRole(UndeleteRoleRequest request)
public final Role undeleteRole(UndeleteRoleRequest request)
Undeletes a custom Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UndeleteRoleRequest request =
UndeleteRoleRequest.newBuilder()
.setName("UndeleteRoleRequest755355893".toString())
.setEtag(ByteString.EMPTY)
.build();
Role response = iAMClient.undeleteRole(request);
}
Parameter | |
---|---|
Name | Description |
request | UndeleteRoleRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
Role |
undeleteRoleCallable()
public final UnaryCallable<UndeleteRoleRequest,Role> undeleteRoleCallable()
Undeletes a custom Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UndeleteRoleRequest request =
UndeleteRoleRequest.newBuilder()
.setName("UndeleteRoleRequest755355893".toString())
.setEtag(ByteString.EMPTY)
.build();
ApiFuture<Role> future = iAMClient.undeleteRoleCallable().futureCall(request);
// Do something.
Role response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<UndeleteRoleRequest,Role> |
undeleteServiceAccount(UndeleteServiceAccountRequest request)
public final UndeleteServiceAccountResponse undeleteServiceAccount(UndeleteServiceAccountRequest request)
Restores a deleted ServiceAccount.
**Important:** It is not always possible to restore a deleted service account. Use this method only as a last resort.
After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UndeleteServiceAccountRequest request =
UndeleteServiceAccountRequest.newBuilder().setName("name3373707").build();
UndeleteServiceAccountResponse response = iAMClient.undeleteServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | UndeleteServiceAccountRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
UndeleteServiceAccountResponse |
undeleteServiceAccountCallable()
public final UnaryCallable<UndeleteServiceAccountRequest,UndeleteServiceAccountResponse> undeleteServiceAccountCallable()
Restores a deleted ServiceAccount.
**Important:** It is not always possible to restore a deleted service account. Use this method only as a last resort.
After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UndeleteServiceAccountRequest request =
UndeleteServiceAccountRequest.newBuilder().setName("name3373707").build();
ApiFuture<UndeleteServiceAccountResponse> future =
iAMClient.undeleteServiceAccountCallable().futureCall(request);
// Do something.
UndeleteServiceAccountResponse response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<UndeleteServiceAccountRequest,UndeleteServiceAccountResponse> |
updateRole(UpdateRoleRequest request)
public final Role updateRole(UpdateRoleRequest request)
Updates the definition of a custom Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UpdateRoleRequest request =
UpdateRoleRequest.newBuilder()
.setName("UpdateRoleRequest230834320".toString())
.setRole(Role.newBuilder().build())
.setUpdateMask(FieldMask.newBuilder().build())
.build();
Role response = iAMClient.updateRole(request);
}
Parameter | |
---|---|
Name | Description |
request | UpdateRoleRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
Role |
updateRoleCallable()
public final UnaryCallable<UpdateRoleRequest,Role> updateRoleCallable()
Updates the definition of a custom Role.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UpdateRoleRequest request =
UpdateRoleRequest.newBuilder()
.setName("UpdateRoleRequest230834320".toString())
.setRole(Role.newBuilder().build())
.setUpdateMask(FieldMask.newBuilder().build())
.build();
ApiFuture<Role> future = iAMClient.updateRoleCallable().futureCall(request);
// Do something.
Role response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<UpdateRoleRequest,Role> |
updateServiceAccount(ServiceAccount request)
public final ServiceAccount updateServiceAccount(ServiceAccount request)
**Note:** We are in the process of deprecating this method. Use PatchServiceAccount instead.
Updates a ServiceAccount.
You can update only the display_name
field.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccount request =
ServiceAccount.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setProjectId("projectId-894832108")
.setUniqueId("uniqueId-294460212")
.setEmail("email96619420")
.setDisplayName("displayName1714148973")
.setEtag(ByteString.EMPTY)
.setDescription("description-1724546052")
.setOauth2ClientId("oauth2ClientId-1210797087")
.setDisabled(true)
.build();
ServiceAccount response = iAMClient.updateServiceAccount(request);
}
Parameter | |
---|---|
Name | Description |
request | ServiceAccount The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ServiceAccount |
updateServiceAccountCallable()
public final UnaryCallable<ServiceAccount,ServiceAccount> updateServiceAccountCallable()
**Note:** We are in the process of deprecating this method. Use PatchServiceAccount instead.
Updates a ServiceAccount.
You can update only the display_name
field.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
ServiceAccount request =
ServiceAccount.newBuilder()
.setName(ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]").toString())
.setProjectId("projectId-894832108")
.setUniqueId("uniqueId-294460212")
.setEmail("email96619420")
.setDisplayName("displayName1714148973")
.setEtag(ByteString.EMPTY)
.setDescription("description-1724546052")
.setOauth2ClientId("oauth2ClientId-1210797087")
.setDisabled(true)
.build();
ApiFuture<ServiceAccount> future =
iAMClient.updateServiceAccountCallable().futureCall(request);
// Do something.
ServiceAccount response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<ServiceAccount,ServiceAccount> |
uploadServiceAccountKey(UploadServiceAccountKeyRequest request)
public final ServiceAccountKey uploadServiceAccountKey(UploadServiceAccountKeyRequest request)
Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.
After you upload the public key, you can use the private key from the key pair as a service account key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UploadServiceAccountKeyRequest request =
UploadServiceAccountKeyRequest.newBuilder()
.setName("name3373707")
.setPublicKeyData(ByteString.EMPTY)
.build();
ServiceAccountKey response = iAMClient.uploadServiceAccountKey(request);
}
Parameter | |
---|---|
Name | Description |
request | UploadServiceAccountKeyRequest The request object containing all of the parameters for the API call. |
Returns | |
---|---|
Type | Description |
ServiceAccountKey |
uploadServiceAccountKeyCallable()
public final UnaryCallable<UploadServiceAccountKeyRequest,ServiceAccountKey> uploadServiceAccountKeyCallable()
Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.
After you upload the public key, you can use the private key from the key pair as a service account key.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (IAMClient iAMClient = IAMClient.create()) {
UploadServiceAccountKeyRequest request =
UploadServiceAccountKeyRequest.newBuilder()
.setName("name3373707")
.setPublicKeyData(ByteString.EMPTY)
.build();
ApiFuture<ServiceAccountKey> future =
iAMClient.uploadServiceAccountKeyCallable().futureCall(request);
// Do something.
ServiceAccountKey response = future.get();
}
Returns | |
---|---|
Type | Description |
UnaryCallable<UploadServiceAccountKeyRequest,ServiceAccountKey> |