# Copyright 2015 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module IamV1 # Identity and Access Management (IAM) API # # Manages identity and access control for Google Cloud Platform resources, # including the creation of service accounts, which you can use to authenticate # to Google and make API calls. # # @example # require 'google/apis/iam_v1' # # Iam = Google::Apis::IamV1 # Alias the module # service = Iam::IamService.new # # @see https://cloud.google.com/iam/ class IamService < Google::Apis::Core::BaseService # @return [String] # API key. Your API key identifies your project and provides you with API access, # quota, and reports. Required unless you provide an OAuth 2.0 token. attr_accessor :key # @return [String] # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. attr_accessor :quota_user def initialize super('https://iam.googleapis.com/', '') @batch_path = 'batch' end # Lints a Cloud IAM policy object or its sub fields. Currently supports # google.iam.v1.Policy, google.iam.v1.Binding and # google.iam.v1.Binding.condition. # Each lint operation consists of multiple lint validation units. # Validation units have the following properties: # - Each unit inspects the input object in regard to a particular # linting aspect and issues a google.iam.admin.v1.LintResult # disclosing the result. # - Domain of discourse of each unit can be either # google.iam.v1.Policy, google.iam.v1.Binding, or # google.iam.v1.Binding.condition depending on the purpose of the # validation. # - A unit may require additional data (like the list of all possible # enumerable values of a particular attribute used in the policy instance) # which shall be provided by the caller. Refer to the comments of # google.iam.admin.v1.LintPolicyRequest.context for more details. # The set of applicable validation units is determined by the Cloud IAM # server and is not configurable. # Regardless of any lint issues or their severities, successful calls to # `lintPolicy` return an HTTP 200 OK status code. # @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::LintPolicyResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options) command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation command.request_object = lint_policy_request_object command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation command.response_class = Google::Apis::IamV1::LintPolicyResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns a list of services that support service level audit logging # configuration for the given resource. # @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryAuditableServicesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options) command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation command.request_object = query_auditable_services_request_object command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new Role. # @param [String] parent # The `parent` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `parent` value format is described below: # * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): # `projects/`PROJECT_ID``. This method creates project-level # [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` # * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ # create): # `organizations/`ORGANIZATION_ID``. This method creates organization-level # [custom roles](/iam/docs/understanding-custom-roles). Example request # URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Soft deletes a role. The role is suspended and cannot be used to create new # IAM Policy Bindings. # The Role will not be included in `ListRoles()` unless `show_deleted` is set # in the `ListRolesRequest`. The Role contains the deleted boolean set. # Existing Bindings remains, but are inactive. The Role can be undeleted # within 7 days. After 7 days the Role is deleted and all Bindings associated # with the role are removed. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only # [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/ # delete): # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # deletes only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [String] etag # Used to perform a consistent read-modify-write. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a Role definition. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`roles`](/iam/reference/rest/v1/roles), # [`projects`](/iam/reference/rest/v1/projects.roles), or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``. # This method returns results from all # [predefined roles](/iam/docs/understanding-roles#predefined_roles) in # Cloud IAM. Example request URL: # `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` # * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only # [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get) # : # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # returns only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists the Roles defined on a resource. # @param [String] parent # The `parent` parameter's value depends on the target resource for the # request, namely # [`roles`](/iam/reference/rest/v1/roles), # [`projects`](/iam/reference/rest/v1/projects.roles), or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `parent` value format is described below: # * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. # This method doesn't require a resource; it simply returns all # [predefined roles](/iam/docs/understanding-roles#predefined_roles) in # Cloud IAM. Example request URL: # `https://iam.googleapis.com/v1/roles` # * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): # `projects/`PROJECT_ID``. This method lists all project-level # [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` # * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/ # list): # `organizations/`ORGANIZATION_ID``. This method lists all # organization-level [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, # the `includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not # return the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates a Role definition. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only # [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/ # patch): # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # updates only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Google::Apis::IamV1::Role] role_object # @param [String] update_mask # A mask describing which fields in the Role have changed. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undelete a Role, bringing it back in its previous state. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete) # : # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes # only [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations. # roles/undelete): # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # undeletes only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists the permissions testable on a resource. # A permission is testable if it can be tested for an identity on a resource. # @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryTestablePermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options) command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation command.request_object = query_testable_permissions_request_object command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new Role. # @param [String] parent # The `parent` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `parent` value format is described below: # * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): # `projects/`PROJECT_ID``. This method creates project-level # [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` # * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ # create): # `organizations/`ORGANIZATION_ID``. This method creates organization-level # [custom roles](/iam/docs/understanding-custom-roles). Example request # URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Soft deletes a role. The role is suspended and cannot be used to create new # IAM Policy Bindings. # The Role will not be included in `ListRoles()` unless `show_deleted` is set # in the `ListRolesRequest`. The Role contains the deleted boolean set. # Existing Bindings remains, but are inactive. The Role can be undeleted # within 7 days. After 7 days the Role is deleted and all Bindings associated # with the role are removed. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only # [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/ # delete): # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # deletes only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [String] etag # Used to perform a consistent read-modify-write. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a Role definition. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`roles`](/iam/reference/rest/v1/roles), # [`projects`](/iam/reference/rest/v1/projects.roles), or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``. # This method returns results from all # [predefined roles](/iam/docs/understanding-roles#predefined_roles) in # Cloud IAM. Example request URL: # `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` # * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only # [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get) # : # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # returns only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists the Roles defined on a resource. # @param [String] parent # The `parent` parameter's value depends on the target resource for the # request, namely # [`roles`](/iam/reference/rest/v1/roles), # [`projects`](/iam/reference/rest/v1/projects.roles), or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `parent` value format is described below: # * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. # This method doesn't require a resource; it simply returns all # [predefined roles](/iam/docs/understanding-roles#predefined_roles) in # Cloud IAM. Example request URL: # `https://iam.googleapis.com/v1/roles` # * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): # `projects/`PROJECT_ID``. This method lists all project-level # [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` # * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/ # list): # `organizations/`ORGANIZATION_ID``. This method lists all # organization-level [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, # the `includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not # return the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates a Role definition. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only # [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/ # patch): # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # updates only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Google::Apis::IamV1::Role] role_object # @param [String] update_mask # A mask describing which fields in the Role have changed. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undelete a Role, bringing it back in its previous state. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`projects`](/iam/reference/rest/v1/projects.roles) or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete) # : # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes # only [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations. # roles/undelete): # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # undeletes only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a ServiceAccount # and returns it. # @param [String] name # Required. The resource name of the project associated with the service # accounts, such as `projects/my-project-123`. # @param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation command.request_object = create_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a ServiceAccount. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # DisableServiceAccount is currently in the alpha launch stage. # Disables a ServiceAccount, # which immediately prevents the service account from authenticating and # gaining access to APIs. # Disabled service accounts can be safely restored by using # EnableServiceAccount at any point. Deleted service accounts cannot be # restored using this method. # Disabling a service account that is bound to VMs, Apps, Functions, or # other jobs will cause those jobs to lose access to resources if they are # using the disabled service account. # To improve reliability of your services and avoid unexpected outages, it # is recommended to first disable a service account rather than delete it. # After disabling the service account, wait at least 24 hours to verify there # are no unintended consequences, and then delete the service account. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:disable', options) command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation command.request_object = disable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # EnableServiceAccount is currently in the alpha launch stage. # Restores a disabled ServiceAccount # that has been manually disabled by using DisableServiceAccount. Service # accounts that have been disabled by other means or for other reasons, # such as abuse, cannot be restored using this method. # EnableServiceAccount will have no effect on a service account that is # not disabled. Enabling an already enabled service account will have no # effect. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:enable', options) command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation command.request_object = enable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a ServiceAccount. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns the Cloud IAM access control policy for a # ServiceAccount. # Note: Service accounts are both # [resources and # identities](/iam/docs/service-accounts#service_account_permissions). This # method treats the service account as a resource. It returns the Cloud IAM # policy that reflects what members have access to the service account. # This method does not return what resources the service account has access # to. To see if a service account has access to a resource, call the # `getIamPolicy` method on the target resource. For example, to view grants # for a project, call the # [projects.getIamPolicy](/resource-manager/reference/rest/v1/projects/ # getIamPolicy) # method. # @param [String] resource # REQUIRED: The resource for which the policy is being requested. # See the operation documentation for the appropriate value for this field. # @param [Fixnum] options_requested_policy_version # Optional. The policy format version to be returned. # Acceptable values are 0, 1, and 3. # If the value is 0, or the field is omitted, policy format version 1 will be # returned. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists ServiceAccounts for a project. # @param [String] name # Required. The resource name of the project associated with the service # accounts, such as `projects/my-project-123`. # @param [Fixnum] page_size # Optional limit on the number of service accounts to include in the # response. Further accounts can subsequently be obtained by including the # ListServiceAccountsResponse.next_page_token # in a subsequent request. # @param [String] page_token # Optional pagination token returned in an earlier # ListServiceAccountsResponse.next_page_token. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListServiceAccountsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse command.params['name'] = name unless name.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Patches a ServiceAccount. # Currently, only the following fields are updatable: # `display_name` and `description`. # Only fields specified in the request are guaranteed to be returned in # the response. Other fields in the response may be empty. # Note: The field mask is required. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the # project from the `account` and the `ACCOUNT` value can be the `email` # address or the `unique_id` of the service account. # In responses the resource name will always be in the format # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation command.request_object = patch_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Sets the Cloud IAM access control policy for a # ServiceAccount. # Note: Service accounts are both # [resources and # identities](/iam/docs/service-accounts#service_account_permissions). This # method treats the service account as a resource. Use it to grant members # access to the service account, such as when they need to impersonate it. # This method does not grant the service account access to other resources, # such as projects. To grant a service account access to resources, include # the service account in the Cloud IAM policy for the desired resource, then # call the appropriate `setIamPolicy` method on the target resource. For # example, to grant a service account access to a project, call the # [projects.setIamPolicy](/resource-manager/reference/rest/v1/projects/ # setIamPolicy) # method. # @param [String] resource # REQUIRED: The resource for which the policy is being specified. # See the operation documentation for the appropriate value for this field. # @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # **Note**: This method is in the process of being deprecated. Call the # [`signBlob()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/ # signBlob) # method of the Cloud IAM Service Account Credentials API instead. # Signs a blob using a service account's system-managed private key. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::SignBlobResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signBlob', options) command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation command.request_object = sign_blob_request_object command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation command.response_class = Google::Apis::IamV1::SignBlobResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # **Note**: This method is in the process of being deprecated. Call the # [`signJwt()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/ # signJwt) # method of the Cloud IAM Service Account Credentials API instead. # Signs a JWT using a service account's system-managed private key. # If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an # an expiry time of one hour by default. If you request an expiry time of # more than one hour, the request will fail. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::SignJwtResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signJwt', options) command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation command.request_object = sign_jwt_request_object command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation command.response_class = Google::Apis::IamV1::SignJwtResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Tests the specified permissions against the IAM access control policy # for a ServiceAccount. # @param [String] resource # REQUIRED: The resource for which the policy detail is being requested. # See the operation documentation for the appropriate value for this field. # @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::TestIamPermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Restores a deleted ServiceAccount. # This is to be used as an action of last resort. A service account may # not always be restorable. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. # @param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::UndeleteServiceAccountResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation command.request_object = undelete_service_account_request_object command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Note: This method is in the process of being deprecated. Use # PatchServiceAccount instead. # Updates a ServiceAccount. # Currently, only the following fields are updatable: # `display_name` and `description`. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the # project from the `account` and the `ACCOUNT` value can be the `email` # address or the `unique_id` of the service account. # In responses the resource name will always be in the format # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # @param [Google::Apis::IamV1::ServiceAccount] service_account_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:put, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation command.request_object = service_account_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a ServiceAccountKey # and returns it. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation command.request_object = create_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a ServiceAccountKey. # @param [String] name # The resource name of the service account key in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the ServiceAccountKey # by key id. # @param [String] name # The resource name of the service account key in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [String] public_key_type # The output format of the public key requested. # X509_PEM is the default output format. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['publicKeyType'] = public_key_type unless public_key_type.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists ServiceAccountKeys. # @param [String] name # The resource name of the service account in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. # Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from # the account. The `ACCOUNT` value can be the `email` address or the # `unique_id` of the service account. # @param [Array, String] key_types # Filters the types of keys the user wants to include in the list # response. Duplicate key types are not allowed. If no key type # is provided, all keys are returned. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListServiceAccountKeysResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/keys', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse command.params['name'] = name unless name.nil? command.query['keyTypes'] = key_types unless key_types.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a Role definition. # @param [String] name # The `name` parameter's value depends on the target resource for the # request, namely # [`roles`](/iam/reference/rest/v1/roles), # [`projects`](/iam/reference/rest/v1/projects.roles), or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `name` value format is described below: # * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``. # This method returns results from all # [predefined roles](/iam/docs/understanding-roles#predefined_roles) in # Cloud IAM. Example request URL: # `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` # * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): # `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only # [custom roles](/iam/docs/understanding-custom-roles) that have been # created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` # * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get) # : # `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method # returns only [custom roles](/iam/docs/understanding-custom-roles) that # have been created at the organization level. Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID`` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists the Roles defined on a resource. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [String] parent # The `parent` parameter's value depends on the target resource for the # request, namely # [`roles`](/iam/reference/rest/v1/roles), # [`projects`](/iam/reference/rest/v1/projects.roles), or # [`organizations`](/iam/reference/rest/v1/organizations.roles). Each # resource type's `parent` value format is described below: # * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. # This method doesn't require a resource; it simply returns all # [predefined roles](/iam/docs/understanding-roles#predefined_roles) in # Cloud IAM. Example request URL: # `https://iam.googleapis.com/v1/roles` # * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): # `projects/`PROJECT_ID``. This method lists all project-level # [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` # * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/ # list): # `organizations/`ORGANIZATION_ID``. This method lists all # organization-level [custom roles](/iam/docs/understanding-custom-roles). # Example request URL: # `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project # ID or organization ID. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, # the `includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not # return the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['parent'] = parent unless parent.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Queries roles that can be granted on a particular resource. # A role is grantable if it can be used as the role in a binding for a policy # for that resource. # @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryGrantableRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options) command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation command.request_object = query_grantable_roles_request_object command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end protected def apply_command_defaults(command) command.query['key'] = key unless key.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? end end end end end