Package types (2.16.0)

API documentation for iam_admin_v1.types package.

Classes

AuditData

Audit log information specific to Cloud IAM admin APIs. This message is serialized as an Any type in the ServiceData message of an AuditLog message.

CreateServiceAccountKeyRequest

The service account key create request.

DeleteServiceAccountKeyRequest

The service account key delete request.

DisableServiceAccountKeyRequest

The service account key disable request.

EnableServiceAccountKeyRequest

The service account key enable request.

GetRoleRequest

The request to get the definition of an existing role.

GetServiceAccountKeyRequest

The service account key get by id request.

LintPolicyRequest

The request to lint a Cloud IAM policy object.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

LintPolicyResponse

The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.

LintResult

Structured response of a single validation unit.

ListRolesRequest

The request to get all roles defined under a resource.

ListRolesResponse

The response containing the roles defined under a resource.

ListServiceAccountKeysResponse

The service account keys list response.

PatchServiceAccountRequest

The service account patch request.

You can patch only the display_name and description fields. You must use the update_mask field to specify which of these fields you want to patch.

Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.

Permission

A permission which can be included by a role.

QueryAuditableServicesRequest

A request to get the list of auditable services for a resource.

QueryAuditableServicesResponse

A response containing a list of auditable services for a resource.

QueryTestablePermissionsRequest

A request to get permissions which can be tested on a resource.

QueryTestablePermissionsResponse

The response containing permissions which can be tested on a resource.

Role

A role in the Identity and Access Management API.

A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts <https://cloud.google.com/iam/help/service-accounts/overview>__.

When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.

ServiceAccountKey

Represents a service account key.

A service account has two sets of key-pairs: user-managed, and system-managed.

User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.

System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.

If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.

Public keys for all service accounts are also published at the OAuth2 Service Account API.