Package Classes (2.17.0)

Summary of entries of Classes for iam.

Classes

IAMAsyncClient

Creates and manages Identity and Access Management (IAM) resources.

You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals

In addition, you can use this service to complete the following tasks, among others:

  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy

When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.

In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

IAMClient

Creates and manages Identity and Access Management (IAM) resources.

You can use this service to work with all of the following resources:

  • Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
  • Service account keys, which service accounts use to authenticate with Google APIs
  • IAM policies for service accounts, which specify the roles that a principal has for the service account
  • IAM custom roles, which help you limit the number of permissions that you grant to principals

In addition, you can use this service to complete the following tasks, among others:

  • Test whether a service account can use specific permissions
  • Check which roles you can grant for a specific resource
  • Lint, or validate, condition expressions in an IAM policy

When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.

In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

ListRolesAsyncPager

A pager for iterating through list_roles requests.

This class thinly wraps an initial ListRolesResponse object, and provides an __aiter__ method to iterate through its roles field.

If there are more pages, the __aiter__ method will make additional ListRoles requests and continue to iterate through the roles field on the corresponding responses.

All the usual ListRolesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListRolesPager

A pager for iterating through list_roles requests.

This class thinly wraps an initial ListRolesResponse object, and provides an __iter__ method to iterate through its roles field.

If there are more pages, the __iter__ method will make additional ListRoles requests and continue to iterate through the roles field on the corresponding responses.

All the usual ListRolesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListServiceAccountsAsyncPager

A pager for iterating through list_service_accounts requests.

This class thinly wraps an initial ListServiceAccountsResponse object, and provides an __aiter__ method to iterate through its accounts field.

If there are more pages, the __aiter__ method will make additional ListServiceAccounts requests and continue to iterate through the accounts field on the corresponding responses.

All the usual ListServiceAccountsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListServiceAccountsPager

A pager for iterating through list_service_accounts requests.

This class thinly wraps an initial ListServiceAccountsResponse object, and provides an __iter__ method to iterate through its accounts field.

If there are more pages, the __iter__ method will make additional ListServiceAccounts requests and continue to iterate through the accounts field on the corresponding responses.

All the usual ListServiceAccountsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

QueryGrantableRolesAsyncPager

A pager for iterating through query_grantable_roles requests.

This class thinly wraps an initial QueryGrantableRolesResponse object, and provides an __aiter__ method to iterate through its roles field.

If there are more pages, the __aiter__ method will make additional QueryGrantableRoles requests and continue to iterate through the roles field on the corresponding responses.

All the usual QueryGrantableRolesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

QueryGrantableRolesPager

A pager for iterating through query_grantable_roles requests.

This class thinly wraps an initial QueryGrantableRolesResponse object, and provides an __iter__ method to iterate through its roles field.

If there are more pages, the __iter__ method will make additional QueryGrantableRoles requests and continue to iterate through the roles field on the corresponding responses.

All the usual QueryGrantableRolesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

QueryTestablePermissionsAsyncPager

A pager for iterating through query_testable_permissions requests.

This class thinly wraps an initial QueryTestablePermissionsResponse object, and provides an __aiter__ method to iterate through its permissions field.

If there are more pages, the __aiter__ method will make additional QueryTestablePermissions requests and continue to iterate through the permissions field on the corresponding responses.

All the usual QueryTestablePermissionsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

QueryTestablePermissionsPager

A pager for iterating through query_testable_permissions requests.

This class thinly wraps an initial QueryTestablePermissionsResponse object, and provides an __iter__ method to iterate through its permissions field.

If there are more pages, the __iter__ method will make additional QueryTestablePermissions requests and continue to iterate through the permissions field on the corresponding responses.

All the usual QueryTestablePermissionsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

AuditData

Audit log information specific to Cloud IAM admin APIs. This message is serialized as an Any type in the ServiceData message of an AuditLog message.

PermissionDelta

A PermissionDelta message to record the added_permissions and removed_permissions inside a role.

CreateRoleRequest

The request to create a new role.

CreateServiceAccountKeyRequest

The service account key create request.

CreateServiceAccountRequest

The service account create request.

DeleteRoleRequest

The request to delete an existing role.

DeleteServiceAccountKeyRequest

The service account key delete request.

DeleteServiceAccountRequest

The service account delete request.

DisableServiceAccountKeyRequest

The service account key disable request.

DisableServiceAccountRequest

The service account disable request.

EnableServiceAccountKeyRequest

The service account key enable request.

EnableServiceAccountRequest

The service account enable request.

GetRoleRequest

The request to get the definition of an existing role.

GetServiceAccountKeyRequest

The service account key get by id request.

GetServiceAccountRequest

The service account get request.

LintPolicyRequest

The request to lint a Cloud IAM policy object.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

LintPolicyResponse

The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.

LintResult

Structured response of a single validation unit.

Level

Possible Level values of a validation unit corresponding to its domain of discourse.

Severity

Possible Severity values of an issued result.

    -  Unsatisfiable condition: Expired timestamp in date/time
       condition.
    -  Ineffective condition: Condition on a <principal, role>
       pair which is granted unconditionally in another binding
       of the same policy.
NOTICE (3):
    Reserved for the issues that are not severe as
    `ERROR`/`WARNING`, but need special handling. For
    instance, messages about skipped validation units are issued
    as `NOTICE`.
INFO (4):
    Any informative statement which is not severe enough to
    raise `ERROR`/`WARNING`/`NOTICE`, like auto-correction
    recommendations on the input content. Note that current
    version of the linter does not utilize `INFO`.
DEPRECATED (5):
    Deprecated severity level.

ListRolesRequest

The request to get all roles defined under a resource.

ListRolesResponse

The response containing the roles defined under a resource.

ListServiceAccountKeysRequest

The service account keys list request.

KeyType

KeyType filters to selectively retrieve certain varieties of keys.

ListServiceAccountKeysResponse

The service account keys list response.

ListServiceAccountsRequest

The service account list request.

ListServiceAccountsResponse

The service account list response.

PatchServiceAccountRequest

The service account patch request.

You can patch only the display_name and description fields. You must use the update_mask field to specify which of these fields you want to patch.

Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.

Permission

A permission which can be included by a role.

CustomRolesSupportLevel

The state of the permission with regards to custom roles.

PermissionLaunchStage

A stage representing a permission's lifecycle phase.

QueryAuditableServicesRequest

A request to get the list of auditable services for a resource.

QueryAuditableServicesResponse

A response containing a list of auditable services for a resource.

AuditableService

Contains information about an auditable service.

QueryGrantableRolesRequest

The grantable role query request.

QueryGrantableRolesResponse

The grantable role query response.

QueryTestablePermissionsRequest

A request to get permissions which can be tested on a resource.

QueryTestablePermissionsResponse

The response containing permissions which can be tested on a resource.

Role

A role in the Identity and Access Management API.

RoleLaunchStage

A stage representing a role's lifecycle phase.

RoleView

A view for Role objects.

ServiceAccount

An IAM service account.

A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts <https://cloud.google.com/iam/help/service-accounts/overview>__.

When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.

ServiceAccountKey

Represents a service account key.

A service account has two sets of key-pairs: user-managed, and system-managed.

User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.

System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.

If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.

Public keys for all service accounts are also published at the OAuth2 Service Account API.

ServiceAccountKeyAlgorithm

Supported key algorithms.

ServiceAccountKeyOrigin

Service Account Key Origin.

ServiceAccountPrivateKeyType

Supported private key output formats.

ServiceAccountPublicKeyType

Supported public key output formats.

SignBlobRequest

Deprecated. Migrate to Service Account Credentials API <https://cloud.google.com/iam/help/credentials/migrate-api>__.

The service account sign blob request.

SignBlobResponse

Deprecated. Migrate to Service Account Credentials API <https://cloud.google.com/iam/help/credentials/migrate-api>__.

The service account sign blob response.

SignJwtRequest

Deprecated. Migrate to Service Account Credentials API <https://cloud.google.com/iam/help/credentials/migrate-api>__.

The service account sign JWT request.

SignJwtResponse

Deprecated. Migrate to Service Account Credentials API <https://cloud.google.com/iam/help/credentials/migrate-api>__.

The service account sign JWT response.

UndeleteRoleRequest

The request to undelete an existing role.

UndeleteServiceAccountRequest

The service account undelete request.

UndeleteServiceAccountResponse

UpdateRoleRequest

The request to update a role.

UploadServiceAccountKeyRequest

The service account key upload request.

IAMCredentialsAsyncClient

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

IAMCredentialsClient

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

GenerateAccessTokenRequest

GenerateAccessTokenResponse

GenerateIdTokenRequest

GenerateIdTokenResponse

SignBlobRequest

SignBlobResponse

SignJwtRequest

SignJwtResponse

PoliciesAsyncClient

An interface for managing Identity and Access Management (IAM) policies.

PoliciesClient

An interface for managing Identity and Access Management (IAM) policies.

ListPoliciesAsyncPager

A pager for iterating through list_policies requests.

This class thinly wraps an initial ListPoliciesResponse object, and provides an __aiter__ method to iterate through its policies field.

If there are more pages, the __aiter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListPoliciesPager

A pager for iterating through list_policies requests.

This class thinly wraps an initial ListPoliciesResponse object, and provides an __iter__ method to iterate through its policies field.

If there are more pages, the __iter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

CreatePolicyRequest

Request message for CreatePolicy.

DeletePolicyRequest

Request message for DeletePolicy.

DenyRule

A deny rule in an IAM deny policy.

GetPolicyRequest

Request message for GetPolicy.

ListPoliciesRequest

Request message for ListPolicies.

ListPoliciesResponse

Response message for ListPolicies.

Policy

Data for an IAM policy.

AnnotationsEntry

The abstract base class for a message.

PolicyOperationMetadata

Metadata for long-running Policy operations.

PolicyRule

A single rule in a Policy.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

UpdatePolicyRequest

Request message for UpdatePolicy.

PoliciesAsyncClient

An interface for managing Identity and Access Management (IAM) policies.

PoliciesClient

An interface for managing Identity and Access Management (IAM) policies.

ListPoliciesAsyncPager

A pager for iterating through list_policies requests.

This class thinly wraps an initial ListPoliciesResponse object, and provides an __aiter__ method to iterate through its policies field.

If there are more pages, the __aiter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListPoliciesPager

A pager for iterating through list_policies requests.

This class thinly wraps an initial ListPoliciesResponse object, and provides an __iter__ method to iterate through its policies field.

If there are more pages, the __iter__ method will make additional ListPolicies requests and continue to iterate through the policies field on the corresponding responses.

All the usual ListPoliciesResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

CreatePolicyRequest

Request message for CreatePolicy.

DeletePolicyRequest

Request message for DeletePolicy.

DenyRule

A deny rule in an IAM deny policy.

GetPolicyRequest

Request message for GetPolicy.

ListPoliciesRequest

Request message for ListPolicies.

ListPoliciesResponse

Response message for ListPolicies.

Policy

Data for an IAM policy.

AnnotationsEntry

The abstract base class for a message.

PolicyOperationMetadata

Metadata for long-running Policy operations.

PolicyRule

A single rule in a Policy.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

UpdatePolicyRequest

Request message for UpdatePolicy.

Modules

pagers

API documentation for iam_admin_v1.services.iam.pagers module.

pagers

API documentation for iam_v2.services.policies.pagers module.

pagers

API documentation for iam_v2beta.services.policies.pagers module.