Classes
AuditData
Audit log information specific to Cloud IAM admin APIs. This message is
serialized as an Any
type in the ServiceData
message of an
AuditLog
message.
AuditData.Types
Container for nested types declared in the AuditData message type.
AuditData.Types.PermissionDelta
A PermissionDelta message to record the added_permissions and removed_permissions inside a role.
CreateRoleRequest
The request to create a new role.
CreateServiceAccountKeyRequest
The service account key create request.
CreateServiceAccountRequest
The service account create request.
DeleteRoleRequest
The request to delete an existing role.
DeleteServiceAccountKeyRequest
The service account key delete request.
DeleteServiceAccountRequest
The service account delete request.
DisableServiceAccountRequest
The service account disable request.
EnableServiceAccountRequest
The service account enable request.
GetRoleRequest
The request to get the definition of an existing role.
GetServiceAccountKeyRequest
The service account key get by id request.
GetServiceAccountRequest
The service account get request.
IAM
Creates and manages Identity and Access Management (IAM) resources.
You can use this service to work with all of the following resources:
- Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
- Service account keys, which service accounts use to authenticate with Google APIs
- IAM policies for service accounts, which specify the roles that a member has for the service account
- IAM custom roles, which help you limit the number of permissions that you grant to members
In addition, you can use this service to complete the following tasks, among others:
- Test whether a service account can use specific permissions
- Check which roles you can grant for a specific resource
- Lint, or validate, condition expressions in an IAM policy
IAM.IAMBase
Base class for server-side implementations of IAM
IAM.IAMClient
Client for IAM
IAMClient
IAM client wrapper, for convenient use.
IAMClientBuilder
Builder class for IAMClient to provide simple configuration of credentials, endpoint etc.
IAMClientImpl
IAM client wrapper implementation, for convenient use.
IAMSettings
Settings for IAMClient instances.
KeyName
Resource name for the Key
resource.
LintPolicyRequest
The request to lint a Cloud IAM policy object.
LintPolicyResponse
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
LintResult
Structured response of a single validation unit.
LintResult.Types
Container for nested types declared in the LintResult message type.
ListRolesRequest
The request to get all roles defined under a resource.
ListRolesResponse
The response containing the roles defined under a resource.
ListServiceAccountKeysRequest
The service account keys list request.
ListServiceAccountKeysRequest.Types
Container for nested types declared in the ListServiceAccountKeysRequest message type.
ListServiceAccountKeysResponse
The service account keys list response.
ListServiceAccountsRequest
The service account list request.
ListServiceAccountsResponse
The service account list response.
PatchServiceAccountRequest
The request for [PatchServiceAccount][google.iam.admin.v1.PatchServiceAccount].
You can patch only the display_name
and description
fields. You must use
the update_mask
field to specify which of these fields you want to patch.
Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.
Permission
A permission which can be included by a role.
Permission.Types
Container for nested types declared in the Permission message type.
QueryAuditableServicesRequest
A request to get the list of auditable services for a resource.
QueryAuditableServicesResponse
A response containing a list of auditable services for a resource.
QueryAuditableServicesResponse.Types
Container for nested types declared in the QueryAuditableServicesResponse message type.
QueryAuditableServicesResponse.Types.AuditableService
Contains information about an auditable service.
QueryGrantableRolesRequest
The grantable role query request.
QueryGrantableRolesResponse
The grantable role query response.
QueryTestablePermissionsRequest
A request to get permissions which can be tested on a resource.
QueryTestablePermissionsResponse
The response containing permissions which can be tested on a resource.
Role
A role in the Identity and Access Management API.
Role.Types
Container for nested types declared in the Role message type.
ServiceAccount
An IAM service account.
A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts.
When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.
ServiceAccountKey
Represents a service account key.
A service account has two sets of key-pairs: user-managed, and system-managed.
User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.
System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.
If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.
Public keys for all service accounts are also published at the OAuth2 Service Account API.
ServiceAccountName
Resource name for the ServiceAccount
resource.
SignBlobRequest
Deprecated. Migrate to Service Account Credentials API.
The service account sign blob request.
SignBlobResponse
Deprecated. Migrate to Service Account Credentials API.
The service account sign blob response.
SignJwtRequest
Deprecated. Migrate to Service Account Credentials API.
The service account sign JWT request.
SignJwtResponse
Deprecated. Migrate to Service Account Credentials API.
The service account sign JWT response.
UndeleteRoleRequest
The request to undelete an existing role.
UndeleteServiceAccountRequest
The service account undelete request.
UndeleteServiceAccountResponse
UpdateRoleRequest
The request to update a role.
UploadServiceAccountKeyRequest
The service account key upload request.
Enums
KeyName.ResourceNameType
The possible contents of KeyName.
LintPolicyRequest.LintObjectOneofCase
Enum of possible cases for the "lint_object" oneof.
LintResult.Types.Level
Possible Level values of a validation unit corresponding to its domain of discourse.
LintResult.Types.Severity
Possible Severity values of an issued result.
ListServiceAccountKeysRequest.Types.KeyType
KeyType
filters to selectively retrieve certain varieties
of keys.
Permission.Types.CustomRolesSupportLevel
The state of the permission with regards to custom roles.
Permission.Types.PermissionLaunchStage
A stage representing a permission's lifecycle phase.
Role.Types.RoleLaunchStage
A stage representing a role's lifecycle phase.
RoleView
A view for Role objects.
ServiceAccountKeyAlgorithm
Supported key algorithms.
ServiceAccountKeyOrigin
Service Account Key Origin.
ServiceAccountName.ResourceNameType
The possible contents of ServiceAccountName.
ServiceAccountPrivateKeyType
Supported private key output formats.
ServiceAccountPublicKeyType
Supported public key output formats.