ManagedIdentitiesServiceClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.managedidentities_v1.services.managed_identities_service.transports.base.ManagedIdentitiesServiceTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
API Overview
The managedidentites.googleapis.com
service implements the
Google Cloud Managed Identites API for identity services (e.g.
Microsoft Active Directory).
The Managed Identities service provides methods to manage (create/read/update/delete) domains, reset managed identities admin password, add/remove domain controllers in GCP regions and add/remove VPC peering.
Data Model
The Managed Identities service exposes the following resources:
Locations as global, named as follows:
projects/{project_id}/locations/global
.Domains, named as follows:
/projects/{project_id}/locations/global/domain/{domain_name}
.
The {domain_name}
refers to fully qualified domain name in the
customer project e.g. mydomain.myorganization.com, with the
following restrictions:
- Must contain only lowercase letters, numbers, periods and hyphens.
- Must start with a letter.
- Must contain between 2-64 characters.
- Must end with a number or a letter.
- Must not start with period.
- First segement length (mydomain form example above) shouldn't exceed 15 chars.
- The last segment cannot be fully numeric.
- Must be unique within the customer project.
Inheritance
builtins.object > ManagedIdentitiesServiceClientProperties
transport
Returns the transport used by the client instance.
Type | Description |
ManagedIdentitiesServiceTransport | The transport used by the client instance. |
Methods
ManagedIdentitiesServiceClient
ManagedIdentitiesServiceClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.managedidentities_v1.services.managed_identities_service.transports.base.ManagedIdentitiesServiceTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the managed identities service client.
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str, ManagedIdentitiesServiceTransport]
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. It won't take effect if a |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. |
__exit__
__exit__(type, value, traceback)
Releases underlying transport's resources.
.. warning:: ONLY use as a context manager if the transport is NOT shared with other clients! Exiting the with block will CLOSE the transport and may cause errors in other clients!
attach_trust
attach_trust(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.AttachTrustRequest, dict]] = None, *, name: Optional[str] = None, trust: Optional[google.cloud.managedidentities_v1.types.resource.Trust] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Adds an AD trust to a domain.
from google.cloud import managedidentities_v1
def sample_attach_trust():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
trust = managedidentities_v1.Trust()
trust.target_domain_name = "target_domain_name_value"
trust.trust_type = "EXTERNAL"
trust.trust_direction = "BIDIRECTIONAL"
trust.target_dns_ip_addresses = ['target_dns_ip_addresses_value_1', 'target_dns_ip_addresses_value_2']
trust.trust_handshake_secret = "trust_handshake_secret_value"
request = managedidentities_v1.AttachTrustRequest(
name="name_value",
trust=trust,
)
# Make the request
operation = client.attach_trust(request=request)
print("Waiting for operation to complete...")
response = operation.result()
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.AttachTrustRequest, dict]
The request object. Request message for AttachTrust |
name |
str
Required. The resource domain name, project name and location using the form: |
trust |
google.cloud.managedidentities_v1.types.Trust
Required. The domain trust resource. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.api_core.operation.Operation | An object representing a long-running operation. The result type for the operation will be Domain Represents a managed Microsoft Active Directory domain. |
common_billing_account_path
common_billing_account_path(billing_account: str)
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str)
Returns a fully-qualified project string.
create_microsoft_ad_domain
create_microsoft_ad_domain(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.CreateMicrosoftAdDomainRequest, dict]] = None, *, parent: Optional[str] = None, domain_name: Optional[str] = None, domain: Optional[google.cloud.managedidentities_v1.types.resource.Domain] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a Microsoft AD domain.
from google.cloud import managedidentities_v1
def sample_create_microsoft_ad_domain():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
domain = managedidentities_v1.Domain()
domain.name = "name_value"
domain.reserved_ip_range = "reserved_ip_range_value"
domain.locations = ['locations_value_1', 'locations_value_2']
request = managedidentities_v1.CreateMicrosoftAdDomainRequest(
parent="parent_value",
domain_name="domain_name_value",
domain=domain,
)
# Make the request
operation = client.create_microsoft_ad_domain(request=request)
print("Waiting for operation to complete...")
response = operation.result()
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.CreateMicrosoftAdDomainRequest, dict]
The request object. Request message for CreateMicrosoftAdDomain |
parent |
str
Required. The resource project name and location using the form: |
domain_name |
str
Required. The fully qualified domain name. e.g. mydomain.myorganization.com, with the following restrictions: - Must contain only lowercase letters, numbers, periods and hyphens. - Must start with a letter. - Must contain between 2-64 characters. - Must end with a number or a letter. - Must not start with period. - First segement length (mydomain form example above) shouldn't exceed 15 chars. - The last segment cannot be fully numeric. - Must be unique within the customer project. This corresponds to the |
domain |
google.cloud.managedidentities_v1.types.Domain
Required. A Managed Identity domain resource. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.api_core.operation.Operation | An object representing a long-running operation. The result type for the operation will be Domain Represents a managed Microsoft Active Directory domain. |
delete_domain
delete_domain(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.DeleteDomainRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Deletes a domain.
from google.cloud import managedidentities_v1
def sample_delete_domain():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
request = managedidentities_v1.DeleteDomainRequest(
name="name_value",
)
# Make the request
operation = client.delete_domain(request=request)
print("Waiting for operation to complete...")
response = operation.result()
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.DeleteDomainRequest, dict]
The request object. Request message for DeleteDomain |
name |
str
Required. The domain resource name using the form: |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.api_core.operation.Operation | An object representing a long-running operation. The result type for the operation will be `google.protobuf.empty_pb2.Empty` A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. |
detach_trust
detach_trust(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.DetachTrustRequest, dict]] = None, *, name: Optional[str] = None, trust: Optional[google.cloud.managedidentities_v1.types.resource.Trust] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Removes an AD trust.
from google.cloud import managedidentities_v1
def sample_detach_trust():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
trust = managedidentities_v1.Trust()
trust.target_domain_name = "target_domain_name_value"
trust.trust_type = "EXTERNAL"
trust.trust_direction = "BIDIRECTIONAL"
trust.target_dns_ip_addresses = ['target_dns_ip_addresses_value_1', 'target_dns_ip_addresses_value_2']
trust.trust_handshake_secret = "trust_handshake_secret_value"
request = managedidentities_v1.DetachTrustRequest(
name="name_value",
trust=trust,
)
# Make the request
operation = client.detach_trust(request=request)
print("Waiting for operation to complete...")
response = operation.result()
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.DetachTrustRequest, dict]
The request object. Request message for DetachTrust |
name |
str
Required. The resource domain name, project name, and location using the form: |
trust |
google.cloud.managedidentities_v1.types.Trust
Required. The domain trust resource to removed. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.api_core.operation.Operation | An object representing a long-running operation. The result type for the operation will be Domain Represents a managed Microsoft Active Directory domain. |
domain_path
domain_path(project: str, location: str, domain: str)
Returns a fully-qualified domain string.
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
ManagedIdentitiesServiceClient | The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Name | Description |
info |
dict
The service account private key info. |
Type | Description |
ManagedIdentitiesServiceClient | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
ManagedIdentitiesServiceClient | The constructed client. |
get_domain
get_domain(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.GetDomainRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets information about a domain.
from google.cloud import managedidentities_v1
def sample_get_domain():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
request = managedidentities_v1.GetDomainRequest(
name="name_value",
)
# Make the request
response = client.get_domain(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.GetDomainRequest, dict]
The request object. Request message for GetDomain |
name |
str
Required. The domain resource name using the form: |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.managedidentities_v1.types.Domain | Represents a managed Microsoft Active Directory domain. |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)
Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source
is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint
if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is "always", use the
default mTLS endpoint; if the environment variabel is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If any errors happen. |
Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. |
list_domains
list_domains(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.ListDomainsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists domains in a project.
from google.cloud import managedidentities_v1
def sample_list_domains():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
request = managedidentities_v1.ListDomainsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_domains(request=request)
# Handle the response
for response in page_result:
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.ListDomainsRequest, dict]
The request object. Request message for ListDomains |
parent |
str
Required. The resource name of the domain location using the form: |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.managedidentities_v1.services.managed_identities_service.pagers.ListDomainsPager | Response message for ListDomains Iterating over this object will yield results and resolve additional pages automatically. |
parse_common_billing_account_path
parse_common_billing_account_path(path: str)
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)
Parse a project path into its component segments.
parse_domain_path
parse_domain_path(path: str)
Parses a domain path into its component segments.
reconfigure_trust
reconfigure_trust(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.ReconfigureTrustRequest, dict]] = None, *, name: Optional[str] = None, target_domain_name: Optional[str] = None, target_dns_ip_addresses: Optional[Sequence[str]] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates the DNS conditional forwarder.
from google.cloud import managedidentities_v1
def sample_reconfigure_trust():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
request = managedidentities_v1.ReconfigureTrustRequest(
name="name_value",
target_domain_name="target_domain_name_value",
target_dns_ip_addresses=['target_dns_ip_addresses_value_1', 'target_dns_ip_addresses_value_2'],
)
# Make the request
operation = client.reconfigure_trust(request=request)
print("Waiting for operation to complete...")
response = operation.result()
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.ReconfigureTrustRequest, dict]
The request object. Request message for ReconfigureTrust |
name |
str
Required. The resource domain name, project name and location using the form: |
target_domain_name |
str
Required. The fully-qualified target domain name which will be in trust with current domain. This corresponds to the |
target_dns_ip_addresses |
Sequence[str]
Required. The target DNS server IP addresses to resolve the remote domain involved in the trust. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.api_core.operation.Operation | An object representing a long-running operation. The result type for the operation will be Domain Represents a managed Microsoft Active Directory domain. |
reset_admin_password
reset_admin_password(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.ResetAdminPasswordRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Resets a domain's administrator password.
from google.cloud import managedidentities_v1
def sample_reset_admin_password():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
request = managedidentities_v1.ResetAdminPasswordRequest(
name="name_value",
)
# Make the request
response = client.reset_admin_password(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.ResetAdminPasswordRequest, dict]
The request object. Request message for ResetAdminPassword |
name |
str
Required. The domain resource name using the form: |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.managedidentities_v1.types.ResetAdminPasswordResponse | Response message for ResetAdminPassword |
update_domain
update_domain(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.UpdateDomainRequest, dict]] = None, *, domain: Optional[google.cloud.managedidentities_v1.types.resource.Domain] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates the metadata and configuration of a domain.
from google.cloud import managedidentities_v1
def sample_update_domain():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
domain = managedidentities_v1.Domain()
domain.name = "name_value"
domain.reserved_ip_range = "reserved_ip_range_value"
domain.locations = ['locations_value_1', 'locations_value_2']
request = managedidentities_v1.UpdateDomainRequest(
domain=domain,
)
# Make the request
operation = client.update_domain(request=request)
print("Waiting for operation to complete...")
response = operation.result()
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.UpdateDomainRequest, dict]
The request object. Request message for UpdateDomain |
domain |
google.cloud.managedidentities_v1.types.Domain
Required. Domain message with updated fields. Only supported fields specified in update_mask are updated. This corresponds to the |
update_mask |
google.protobuf.field_mask_pb2.FieldMask
Required. Mask of fields to update. At least one path must be supplied in this field. The elements of the repeated paths field may only include fields from Domain: - |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.api_core.operation.Operation | An object representing a long-running operation. The result type for the operation will be Domain Represents a managed Microsoft Active Directory domain. |
validate_trust
validate_trust(request: Optional[Union[google.cloud.managedidentities_v1.types.managed_identities_service.ValidateTrustRequest, dict]] = None, *, name: Optional[str] = None, trust: Optional[google.cloud.managedidentities_v1.types.resource.Trust] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Validates a trust state, that the target domain is reachable, and that the target domain is able to accept incoming trust requests.
from google.cloud import managedidentities_v1
def sample_validate_trust():
# Create a client
client = managedidentities_v1.ManagedIdentitiesServiceClient()
# Initialize request argument(s)
trust = managedidentities_v1.Trust()
trust.target_domain_name = "target_domain_name_value"
trust.trust_type = "EXTERNAL"
trust.trust_direction = "BIDIRECTIONAL"
trust.target_dns_ip_addresses = ['target_dns_ip_addresses_value_1', 'target_dns_ip_addresses_value_2']
trust.trust_handshake_secret = "trust_handshake_secret_value"
request = managedidentities_v1.ValidateTrustRequest(
name="name_value",
trust=trust,
)
# Make the request
operation = client.validate_trust(request=request)
print("Waiting for operation to complete...")
response = operation.result()
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.managedidentities_v1.types.ValidateTrustRequest, dict]
The request object. Request message for ValidateTrust |
name |
str
Required. The resource domain name, project name, and location using the form: |
trust |
google.cloud.managedidentities_v1.types.Trust
Required. The domain trust to validate trust state for. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.api_core.operation.Operation | An object representing a long-running operation. The result type for the operation will be Domain Represents a managed Microsoft Active Directory domain. |