google-api-ruby-client/generated/google/apis/iam_v1/service.rb

1786 lines
109 KiB
Ruby

# Copyright 2015 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'google/apis/core/base_service'
require 'google/apis/core/json_representation'
require 'google/apis/core/hashable'
require 'google/apis/errors'
module Google
module Apis
module IamV1
# Identity and Access Management (IAM) API
#
# Manages identity and access control for Google Cloud Platform resources,
# including the creation of service accounts, which you can use to authenticate
# to Google and make API calls.
#
# @example
# require 'google/apis/iam_v1'
#
# Iam = Google::Apis::IamV1 # Alias the module
# service = Iam::IamService.new
#
# @see https://cloud.google.com/iam/
class IamService < Google::Apis::Core::BaseService
# @return [String]
# API key. Your API key identifies your project and provides you with API access,
# quota, and reports. Required unless you provide an OAuth 2.0 token.
attr_accessor :key
# @return [String]
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
attr_accessor :quota_user
def initialize
super('https://iam.googleapis.com/', '')
@batch_path = 'batch'
end
# Lints, or validates, an IAM policy. Currently checks the
# google.iam.v1.Binding.condition field, which contains a condition
# expression for a role binding.
# Successful calls to this method always return an HTTP `200 OK` status code,
# even if the linter detects an issue in the IAM policy.
# @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::LintPolicyResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
command.request_object = lint_policy_request_object
command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
command.response_class = Google::Apis::IamV1::LintPolicyResponse
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Returns a list of services that allow you to opt into audit logs that are
# not generated by default.
# To learn more about audit logs, see the [Logging
# documentation](https://cloud.google.com/logging/docs/audit).
# @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::QueryAuditableServicesResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
command.request_object = query_auditable_services_request_object
command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Creates a new custom Role.
# @param [String] parent
# The `parent` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `parent` value format is described below:
# * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create):
# `projects/`PROJECT_ID``. This method creates project-level
# [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
# * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/
# create):
# `organizations/`ORGANIZATION_ID``. This method creates organization-level
# [custom roles](/iam/docs/understanding-custom-roles). Example request
# URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+parent}/roles', options)
command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
command.request_object = create_role_request_object
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['parent'] = parent unless parent.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Deletes a custom Role.
# When you delete a custom role, the following changes occur immediately:
# * You cannot bind a member to the custom role in an IAM
# Policy.
# * Existing bindings to the custom role are not changed, but they have no
# effect.
# * By default, the response from ListRoles does not include the custom
# role.
# You have 7 days to undelete the custom role. After 7 days, the following
# changes occur:
# * The custom role is permanently deleted and cannot be recovered.
# * If an IAM policy contains a binding to the custom role, the binding is
# permanently removed.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete):
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only
# [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/
# delete):
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# deletes only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [String] etag
# Used to perform a consistent read-modify-write.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:delete, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['etag'] = etag unless etag.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Gets the definition of a Role.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`roles`](/iam/reference/rest/v1/roles),
# [`projects`](/iam/reference/rest/v1/projects.roles), or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``.
# This method returns results from all
# [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
# Cloud IAM. Example request URL:
# `https://iam.googleapis.com/v1/roles/`ROLE_NAME``
# * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get):
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only
# [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get)
# :
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# returns only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Lists every predefined Role that IAM supports, or every custom role
# that is defined for an organization or project.
# @param [String] parent
# The `parent` parameter's value depends on the target resource for the
# request, namely
# [`roles`](/iam/reference/rest/v1/roles),
# [`projects`](/iam/reference/rest/v1/projects.roles), or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `parent` value format is described below:
# * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
# This method doesn't require a resource; it simply returns all
# [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
# Cloud IAM. Example request URL:
# `https://iam.googleapis.com/v1/roles`
# * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list):
# `projects/`PROJECT_ID``. This method lists all project-level
# [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
# * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/
# list):
# `organizations/`ORGANIZATION_ID``. This method lists all
# organization-level [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Fixnum] page_size
# Optional limit on the number of roles to include in the response.
# The default is 300, and the maximum is 1,000.
# @param [String] page_token
# Optional pagination token returned in an earlier ListRolesResponse.
# @param [Boolean] show_deleted
# Include Roles that have been deleted.
# @param [String] view
# Optional view for the returned Role objects. When `FULL` is specified,
# the `includedPermissions` field is returned, which includes a list of all
# permissions in the role. The default value is `BASIC`, which does not
# return the `includedPermissions` field.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ListRolesResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+parent}/roles', options)
command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
command.response_class = Google::Apis::IamV1::ListRolesResponse
command.params['parent'] = parent unless parent.nil?
command.query['pageSize'] = page_size unless page_size.nil?
command.query['pageToken'] = page_token unless page_token.nil?
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
command.query['view'] = view unless view.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Updates the definition of a custom Role.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch):
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only
# [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/
# patch):
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# updates only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Google::Apis::IamV1::Role] role_object
# @param [String] update_mask
# A mask describing which fields in the Role have changed.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:patch, 'v1/{+name}', options)
command.request_representation = Google::Apis::IamV1::Role::Representation
command.request_object = role_object
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['updateMask'] = update_mask unless update_mask.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Undeletes a custom Role.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete)
# :
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes
# only [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.
# roles/undelete):
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# undeletes only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
command.request_object = undelete_role_request_object
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Lists every permission that you can test on a resource. A permission is
# testable if you can check whether a member has that permission on the
# resource.
# @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::QueryTestablePermissionsResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
command.request_object = query_testable_permissions_request_object
command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Creates a new custom Role.
# @param [String] parent
# The `parent` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `parent` value format is described below:
# * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create):
# `projects/`PROJECT_ID``. This method creates project-level
# [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
# * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/
# create):
# `organizations/`ORGANIZATION_ID``. This method creates organization-level
# [custom roles](/iam/docs/understanding-custom-roles). Example request
# URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+parent}/roles', options)
command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
command.request_object = create_role_request_object
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['parent'] = parent unless parent.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Deletes a custom Role.
# When you delete a custom role, the following changes occur immediately:
# * You cannot bind a member to the custom role in an IAM
# Policy.
# * Existing bindings to the custom role are not changed, but they have no
# effect.
# * By default, the response from ListRoles does not include the custom
# role.
# You have 7 days to undelete the custom role. After 7 days, the following
# changes occur:
# * The custom role is permanently deleted and cannot be recovered.
# * If an IAM policy contains a binding to the custom role, the binding is
# permanently removed.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete):
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only
# [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/
# delete):
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# deletes only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [String] etag
# Used to perform a consistent read-modify-write.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:delete, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['etag'] = etag unless etag.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Gets the definition of a Role.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`roles`](/iam/reference/rest/v1/roles),
# [`projects`](/iam/reference/rest/v1/projects.roles), or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``.
# This method returns results from all
# [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
# Cloud IAM. Example request URL:
# `https://iam.googleapis.com/v1/roles/`ROLE_NAME``
# * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get):
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only
# [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get)
# :
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# returns only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Lists every predefined Role that IAM supports, or every custom role
# that is defined for an organization or project.
# @param [String] parent
# The `parent` parameter's value depends on the target resource for the
# request, namely
# [`roles`](/iam/reference/rest/v1/roles),
# [`projects`](/iam/reference/rest/v1/projects.roles), or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `parent` value format is described below:
# * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
# This method doesn't require a resource; it simply returns all
# [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
# Cloud IAM. Example request URL:
# `https://iam.googleapis.com/v1/roles`
# * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list):
# `projects/`PROJECT_ID``. This method lists all project-level
# [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
# * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/
# list):
# `organizations/`ORGANIZATION_ID``. This method lists all
# organization-level [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Fixnum] page_size
# Optional limit on the number of roles to include in the response.
# The default is 300, and the maximum is 1,000.
# @param [String] page_token
# Optional pagination token returned in an earlier ListRolesResponse.
# @param [Boolean] show_deleted
# Include Roles that have been deleted.
# @param [String] view
# Optional view for the returned Role objects. When `FULL` is specified,
# the `includedPermissions` field is returned, which includes a list of all
# permissions in the role. The default value is `BASIC`, which does not
# return the `includedPermissions` field.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ListRolesResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+parent}/roles', options)
command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
command.response_class = Google::Apis::IamV1::ListRolesResponse
command.params['parent'] = parent unless parent.nil?
command.query['pageSize'] = page_size unless page_size.nil?
command.query['pageToken'] = page_token unless page_token.nil?
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
command.query['view'] = view unless view.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Updates the definition of a custom Role.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch):
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only
# [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/
# patch):
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# updates only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Google::Apis::IamV1::Role] role_object
# @param [String] update_mask
# A mask describing which fields in the Role have changed.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:patch, 'v1/{+name}', options)
command.request_representation = Google::Apis::IamV1::Role::Representation
command.request_object = role_object
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['updateMask'] = update_mask unless update_mask.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Undeletes a custom Role.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`projects`](/iam/reference/rest/v1/projects.roles) or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete)
# :
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes
# only [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.
# roles/undelete):
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# undeletes only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
command.request_object = undelete_role_request_object
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Creates a ServiceAccount.
# @param [String] name
# Required. The resource name of the project associated with the service
# accounts, such as `projects/my-project-123`.
# @param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ServiceAccount]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
command.request_object = create_service_account_request_object
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
command.response_class = Google::Apis::IamV1::ServiceAccount
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Deletes a ServiceAccount.
# **Warning:** After you delete a service account, you might not be able to
# undelete it. If you know that you need to re-enable the service account in
# the future, use DisableServiceAccount instead.
# If you delete a service account, IAM permanently removes the service
# account 30 days later. Google Cloud cannot recover the service account
# after it is permanently removed, even if you file a support request.
# To help avoid unplanned outages, we recommend that you disable the service
# account before you delete it. Use DisableServiceAccount to disable the
# service account, then wait at least 24 hours and watch for unintended
# consequences. If there are no unintended consequences, you can delete the
# service account.
# @param [String] name
# Required. The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Empty]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:delete, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::Empty::Representation
command.response_class = Google::Apis::IamV1::Empty
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Disables a ServiceAccount immediately.
# If an application uses the service account to authenticate, that
# application can no longer call Google APIs or access Google Cloud
# resources. Existing access tokens for the service account are rejected, and
# requests for new access tokens will fail.
# To re-enable the service account, use EnableServiceAccount. After you
# re-enable the service account, its existing access tokens will be accepted,
# and you can request new access tokens.
# To help avoid unplanned outages, we recommend that you disable the service
# account before you delete it. Use this method to disable the service
# account, then wait at least 24 hours and watch for unintended consequences.
# If there are no unintended consequences, you can delete the service account
# with DeleteServiceAccount.
# @param [String] name
# The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Empty]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}:disable', options)
command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
command.request_object = disable_service_account_request_object
command.response_representation = Google::Apis::IamV1::Empty::Representation
command.response_class = Google::Apis::IamV1::Empty
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Enables a ServiceAccount that was disabled by
# DisableServiceAccount.
# If the service account is already enabled, then this method has no effect.
# If the service account was disabled by other means—for example, if Google
# disabled the service account because it was compromised—you cannot use this
# method to enable the service account.
# @param [String] name
# The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Empty]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}:enable', options)
command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
command.request_object = enable_service_account_request_object
command.response_representation = Google::Apis::IamV1::Empty::Representation
command.response_class = Google::Apis::IamV1::Empty
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Gets a ServiceAccount.
# @param [String] name
# Required. The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ServiceAccount]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
command.response_class = Google::Apis::IamV1::ServiceAccount
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Gets the IAM policy that is attached to a ServiceAccount. This IAM
# policy specifies which members have access to the service account.
# This method does not tell you whether the service account has been granted
# any roles on other resources. To check whether a service account has role
# grants on a resource, use the `getIamPolicy` method for that resource. For
# example, to view the role grants for a project, call the Resource Manager
# API's
# [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/
# rest/v1/projects/getIamPolicy)
# method.
# @param [String] resource
# REQUIRED: The resource for which the policy is being requested.
# See the operation documentation for the appropriate value for this field.
# @param [Fixnum] options_requested_policy_version
# Optional. The policy format version to be returned.
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
# rejected.
# Requests for policies with any conditional bindings must specify version 3.
# Policies without any conditional bindings may specify any valid value or
# leave the field unset.
# To learn which resources support conditions in their IAM policies, see the
# [IAM
# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Policy] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Policy]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
command.response_representation = Google::Apis::IamV1::Policy::Representation
command.response_class = Google::Apis::IamV1::Policy
command.params['resource'] = resource unless resource.nil?
command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Lists every ServiceAccount that belongs to a specific project.
# @param [String] name
# Required. The resource name of the project associated with the service
# accounts, such as `projects/my-project-123`.
# @param [Fixnum] page_size
# Optional limit on the number of service accounts to include in the
# response. Further accounts can subsequently be obtained by including the
# ListServiceAccountsResponse.next_page_token
# in a subsequent request.
# The default is 20, and the maximum is 100.
# @param [String] page_token
# Optional pagination token returned in an earlier
# ListServiceAccountsResponse.next_page_token.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ListServiceAccountsResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
command.params['name'] = name unless name.nil?
command.query['pageSize'] = page_size unless page_size.nil?
command.query['pageToken'] = page_token unless page_token.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Patches a ServiceAccount.
# @param [String] name
# The resource name of the service account.
# Use one of the following formats:
# * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
# * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
# As an alternative, you can use the `-` wildcard character instead of the
# project ID:
# * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
# * `projects/-/serviceAccounts/`UNIQUE_ID``
# When possible, avoid using the `-` wildcard character, because it can cause
# response messages to contain misleading error codes. For example, if you
# try to get the service account
# `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
# response contains an HTTP `403 Forbidden` error instead of a `404 Not
# Found` error.
# @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ServiceAccount]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:patch, 'v1/{+name}', options)
command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
command.request_object = patch_service_account_request_object
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
command.response_class = Google::Apis::IamV1::ServiceAccount
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Sets the IAM policy that is attached to a ServiceAccount.
# Use this method to grant or revoke access to the service account. For
# example, you could grant a member the ability to impersonate the service
# account.
# This method does not enable the service account to access other resources.
# To grant roles to a service account on a resource, follow these steps:
# 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
# 2. Edit the policy so that it binds the service account to an IAM role for
# the resource.
# 3. Call the resource's `setIamPolicy` method to update its IAM policy.
# For detailed instructions, see
# [Granting roles to a service account for specific
# resources](https://cloud.google.com/iam/help/service-accounts/granting-access-
# to-service-accounts).
# @param [String] resource
# REQUIRED: The resource for which the policy is being specified.
# See the operation documentation for the appropriate value for this field.
# @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Policy] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Policy]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
command.request_object = set_iam_policy_request_object
command.response_representation = Google::Apis::IamV1::Policy::Representation
command.response_class = Google::Apis::IamV1::Policy
command.params['resource'] = resource unless resource.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# **Note:** We are in the process of deprecating this method. Use the
# [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.
# serviceAccounts/signBlob)
# method in the IAM Service Account Credentials API instead.
# Signs a blob using the system-managed private key for a ServiceAccount.
# @param [String] name
# Required. The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::SignBlobResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
command.request_object = sign_blob_request_object
command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
command.response_class = Google::Apis::IamV1::SignBlobResponse
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# **Note:** We are in the process of deprecating this method. Use the
# [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.
# serviceAccounts/signJwt)
# method in the IAM Service Account Credentials API instead.
# Signs a JSON Web Token (JWT) using the system-managed private key for a
# ServiceAccount.
# @param [String] name
# Required. The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::SignJwtResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
command.request_object = sign_jwt_request_object
command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
command.response_class = Google::Apis::IamV1::SignJwtResponse
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Tests whether the caller has the specified permissions on a
# ServiceAccount.
# @param [String] resource
# REQUIRED: The resource for which the policy detail is being requested.
# See the operation documentation for the appropriate value for this field.
# @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::TestIamPermissionsResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
command.request_object = test_iam_permissions_request_object
command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
command.params['resource'] = resource unless resource.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Restores a deleted ServiceAccount.
# **Important:** It is not always possible to restore a deleted service
# account. Use this method only as a last resort.
# After you delete a service account, IAM permanently removes the service
# account 30 days later. There is no way to restore a deleted service account
# that has been permanently removed.
# @param [String] name
# The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account.
# @param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::UndeleteServiceAccountResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
command.request_object = undelete_service_account_request_object
command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# **Note:** We are in the process of deprecating this method. Use
# PatchServiceAccount instead.
# Updates a ServiceAccount.
# You can update only the `display_name` and `description` fields.
# @param [String] name
# The resource name of the service account.
# Use one of the following formats:
# * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
# * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
# As an alternative, you can use the `-` wildcard character instead of the
# project ID:
# * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
# * `projects/-/serviceAccounts/`UNIQUE_ID``
# When possible, avoid using the `-` wildcard character, because it can cause
# response messages to contain misleading error codes. For example, if you
# try to get the service account
# `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
# response contains an HTTP `403 Forbidden` error instead of a `404 Not
# Found` error.
# @param [Google::Apis::IamV1::ServiceAccount] service_account_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ServiceAccount]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:put, 'v1/{+name}', options)
command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
command.request_object = service_account_object
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
command.response_class = Google::Apis::IamV1::ServiceAccount
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Creates a ServiceAccountKey.
# @param [String] name
# Required. The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ServiceAccountKey]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}/keys', options)
command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
command.request_object = create_service_account_key_request_object
command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
command.response_class = Google::Apis::IamV1::ServiceAccountKey
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Deletes a ServiceAccountKey.
# @param [String] name
# Required. The resource name of the service account key in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Empty]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:delete, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::Empty::Representation
command.response_class = Google::Apis::IamV1::Empty
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Gets a ServiceAccountKey.
# @param [String] name
# Required. The resource name of the service account key in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [String] public_key_type
# The output format of the public key requested.
# X509_PEM is the default output format.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ServiceAccountKey]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
command.response_class = Google::Apis::IamV1::ServiceAccountKey
command.params['name'] = name unless name.nil?
command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Lists every ServiceAccountKey for a service account.
# @param [String] name
# Required. The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [Array<String>, String] key_types
# Filters the types of keys the user wants to include in the list
# response. Duplicate key types are not allowed. If no key type
# is provided, all keys are returned.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ListServiceAccountKeysResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+name}/keys', options)
command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
command.params['name'] = name unless name.nil?
command.query['keyTypes'] = key_types unless key_types.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Creates a ServiceAccountKey, using a public key that you provide.
# @param [String] name
# The resource name of the service account in the following format:
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
# Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
# the account. The `ACCOUNT` value can be the `email` address or the
# `unique_id` of the service account.
# @param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ServiceAccountKey]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/{+name}/keys:upload', options)
command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation
command.request_object = upload_service_account_key_request_object
command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
command.response_class = Google::Apis::IamV1::ServiceAccountKey
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Gets the definition of a Role.
# @param [String] name
# The `name` parameter's value depends on the target resource for the
# request, namely
# [`roles`](/iam/reference/rest/v1/roles),
# [`projects`](/iam/reference/rest/v1/projects.roles), or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `name` value format is described below:
# * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``.
# This method returns results from all
# [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
# Cloud IAM. Example request URL:
# `https://iam.googleapis.com/v1/roles/`ROLE_NAME``
# * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get):
# `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only
# [custom roles](/iam/docs/understanding-custom-roles) that have been
# created at the project level. Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``
# * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get)
# :
# `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
# returns only [custom roles](/iam/docs/understanding-custom-roles) that
# have been created at the organization level. Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`
# CUSTOM_ROLE_ID``
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::Role]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/{+name}', options)
command.response_representation = Google::Apis::IamV1::Role::Representation
command.response_class = Google::Apis::IamV1::Role
command.params['name'] = name unless name.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Lists every predefined Role that IAM supports, or every custom role
# that is defined for an organization or project.
# @param [Fixnum] page_size
# Optional limit on the number of roles to include in the response.
# The default is 300, and the maximum is 1,000.
# @param [String] page_token
# Optional pagination token returned in an earlier ListRolesResponse.
# @param [String] parent
# The `parent` parameter's value depends on the target resource for the
# request, namely
# [`roles`](/iam/reference/rest/v1/roles),
# [`projects`](/iam/reference/rest/v1/projects.roles), or
# [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
# resource type's `parent` value format is described below:
# * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
# This method doesn't require a resource; it simply returns all
# [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
# Cloud IAM. Example request URL:
# `https://iam.googleapis.com/v1/roles`
# * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list):
# `projects/`PROJECT_ID``. This method lists all project-level
# [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles`
# * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/
# list):
# `organizations/`ORGANIZATION_ID``. This method lists all
# organization-level [custom roles](/iam/docs/understanding-custom-roles).
# Example request URL:
# `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
# Note: Wildcard (*) values are invalid; you must specify a complete project
# ID or organization ID.
# @param [Boolean] show_deleted
# Include Roles that have been deleted.
# @param [String] view
# Optional view for the returned Role objects. When `FULL` is specified,
# the `includedPermissions` field is returned, which includes a list of all
# permissions in the role. The default value is `BASIC`, which does not
# return the `includedPermissions` field.
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::ListRolesResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:get, 'v1/roles', options)
command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
command.response_class = Google::Apis::IamV1::ListRolesResponse
command.query['pageSize'] = page_size unless page_size.nil?
command.query['pageToken'] = page_token unless page_token.nil?
command.query['parent'] = parent unless parent.nil?
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
command.query['view'] = view unless view.nil?
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
# Lists roles that can be granted on a Google Cloud resource. A role is
# grantable if the IAM policy for the resource can contain bindings to the
# role.
# @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object
# @param [String] fields
# Selector specifying which fields to include in a partial response.
# @param [String] quota_user
# Available to use for quota purposes for server-side applications. Can be any
# arbitrary string assigned to a user, but should not exceed 40 characters.
# @param [Google::Apis::RequestOptions] options
# Request-specific options
#
# @yield [result, err] Result & error if block supplied
# @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object
# @yieldparam err [StandardError] error object if request failed
#
# @return [Google::Apis::IamV1::QueryGrantableRolesResponse]
#
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# @raise [Google::Apis::AuthorizationError] Authorization is required
def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
command.request_object = query_grantable_roles_request_object
command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
command.query['fields'] = fields unless fields.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
execute_or_queue_command(command, &block)
end
protected
def apply_command_defaults(command)
command.query['key'] = key unless key.nil?
command.query['quotaUser'] = quota_user unless quota_user.nil?
end
end
end
end
end