2434 lines
157 KiB
Ruby
2434 lines
157 KiB
Ruby
# Copyright 2020 Google LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
require 'google/apis/core/base_service'
|
|
require 'google/apis/core/json_representation'
|
|
require 'google/apis/core/hashable'
|
|
require 'google/apis/errors'
|
|
|
|
module Google
|
|
module Apis
|
|
module IamV1
|
|
# Identity and Access Management (IAM) API
|
|
#
|
|
# Manages identity and access control for Google Cloud Platform resources,
|
|
# including the creation of service accounts, which you can use to authenticate
|
|
# to Google and make API calls.
|
|
#
|
|
# @example
|
|
# require 'google/apis/iam_v1'
|
|
#
|
|
# Iam = Google::Apis::IamV1 # Alias the module
|
|
# service = Iam::IamService.new
|
|
#
|
|
# @see https://cloud.google.com/iam/
|
|
class IamService < Google::Apis::Core::BaseService
|
|
# @return [String]
|
|
# API key. Your API key identifies your project and provides you with API access,
|
|
# quota, and reports. Required unless you provide an OAuth 2.0 token.
|
|
attr_accessor :key
|
|
|
|
# @return [String]
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
attr_accessor :quota_user
|
|
|
|
def initialize
|
|
super('https://iam.googleapis.com/', '',
|
|
client_name: 'google-apis-iam_v1',
|
|
client_version: Google::Apis::IamV1::GEM_VERSION)
|
|
@batch_path = 'batch'
|
|
end
|
|
|
|
# Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.
|
|
# condition field, which contains a condition expression for a role binding.
|
|
# Successful calls to this method always return an HTTP `200 OK` status code,
|
|
# even if the linter detects an issue in the IAM policy.
|
|
# @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::LintPolicyResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
|
|
command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
|
|
command.request_object = lint_policy_request_object
|
|
command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::LintPolicyResponse
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Returns a list of services that allow you to opt into audit logs that are not
|
|
# generated by default. To learn more about audit logs, see the [Logging
|
|
# documentation](https://cloud.google.com/logging/docs/audit).
|
|
# @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::QueryAuditableServicesResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
|
|
command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
|
|
command.request_object = query_auditable_services_request_object
|
|
command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the latest state of a long-running operation. Clients can use this method
|
|
# to poll the operation result at intervals as recommended by the API service.
|
|
# @param [String] name
|
|
# The name of the operation resource.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_location_workforce_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the latest state of a long-running operation. Clients can use this method
|
|
# to poll the operation result at intervals as recommended by the API service.
|
|
# @param [String] name
|
|
# The name of the operation resource.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_location_workforce_pool_provider_key_operation(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the latest state of a long-running operation. Clients can use this method
|
|
# to poll the operation result at intervals as recommended by the API service.
|
|
# @param [String] name
|
|
# The name of the operation resource.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_location_workforce_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the latest state of a long-running operation. Clients can use this method
|
|
# to poll the operation result at intervals as recommended by the API service.
|
|
# @param [String] name
|
|
# The name of the operation resource.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_location_workforce_pool_subject_operation(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Creates a new custom Role.
|
|
# @param [String] parent
|
|
# The `parent` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `parent` value format is described
|
|
# below: * [`projects.roles.create()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates
|
|
# project-level [custom roles](https://cloud.google.com/iam/docs/understanding-
|
|
# custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
|
|
# PROJECT_ID`/roles` * [`organizations.roles.create()`](https://cloud.google.com/
|
|
# iam/reference/rest/v1/organizations.roles/create): `organizations/`
|
|
# ORGANIZATION_ID``. This method creates organization-level [custom roles](https:
|
|
# //cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: `
|
|
# https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+parent}/roles', options)
|
|
command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
|
|
command.request_object = create_role_request_object
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Deletes a custom Role. When you delete a custom role, the following changes
|
|
# occur immediately: * You cannot bind a principal to the custom role in an IAM
|
|
# Policy. * Existing bindings to the custom role are not changed, but they have
|
|
# no effect. * By default, the response from ListRoles does not include the
|
|
# custom role. You have 7 days to undelete the custom role. After 7 days, the
|
|
# following changes occur: * The custom role is permanently deleted and cannot
|
|
# be recovered. * If an IAM policy contains a binding to the custom role, the
|
|
# binding is permanently removed.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `name` value format is described
|
|
# below: * [`projects.roles.delete()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
|
|
# This method deletes only [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles) that have been created at the project level.
|
|
# Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
|
|
# roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.delete()`](https://cloud.
|
|
# google.com/iam/reference/rest/v1/organizations.roles/delete): `organizations/`
|
|
# ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom
|
|
# roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have
|
|
# been created at the organization level. Example request URL: `https://iam.
|
|
# googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [String] etag
|
|
# Used to perform a consistent read-modify-write.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:delete, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['etag'] = etag unless etag.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the definition of a Role.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [`
|
|
# projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [
|
|
# `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.
|
|
# roles). Each resource type's `name` value format is described below: * [`roles.
|
|
# get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/`
|
|
# ROLE_NAME``. This method returns results from all [predefined roles](https://
|
|
# cloud.google.com/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
|
|
# Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`
|
|
# projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method
|
|
# returns only [custom roles](https://cloud.google.com/iam/docs/understanding-
|
|
# custom-roles) that have been created at the project level. Example request URL:
|
|
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` *
|
|
# [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
|
|
# CUSTOM_ROLE_ID``. This method returns only [custom roles](https://cloud.google.
|
|
# com/iam/docs/understanding-custom-roles) that have been created at the
|
|
# organization level. Example request URL: `https://iam.googleapis.com/v1/
|
|
# organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*)
|
|
# values are invalid; you must specify a complete project ID or organization ID.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists every predefined Role that IAM supports, or every custom role that is
|
|
# defined for an organization or project.
|
|
# @param [String] parent
|
|
# The `parent` parameter's value depends on the target resource for the request,
|
|
# namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [`
|
|
# projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [
|
|
# `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.
|
|
# roles). Each resource type's `parent` value format is described below: * [`
|
|
# roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An
|
|
# empty string. This method doesn't require a resource; it simply returns all [
|
|
# predefined roles](https://cloud.google.com/iam/docs/understanding-roles#
|
|
# predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.
|
|
# com/v1/roles` * [`projects.roles.list()`](https://cloud.google.com/iam/
|
|
# reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method
|
|
# lists all project-level [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles). Example request URL: `https://iam.googleapis.com/
|
|
# v1/projects/`PROJECT_ID`/roles` * [`organizations.roles.list()`](https://cloud.
|
|
# google.com/iam/reference/rest/v1/organizations.roles/list): `organizations/`
|
|
# ORGANIZATION_ID``. This method lists all organization-level [custom roles](
|
|
# https://cloud.google.com/iam/docs/understanding-custom-roles). Example request
|
|
# URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
|
|
# Note: Wildcard (*) values are invalid; you must specify a complete project ID
|
|
# or organization ID.
|
|
# @param [Fixnum] page_size
|
|
# Optional limit on the number of roles to include in the response. The default
|
|
# is 300, and the maximum is 1,000.
|
|
# @param [String] page_token
|
|
# Optional pagination token returned in an earlier ListRolesResponse.
|
|
# @param [Boolean] show_deleted
|
|
# Include Roles that have been deleted.
|
|
# @param [String] view
|
|
# Optional view for the returned Role objects. When `FULL` is specified, the `
|
|
# includedPermissions` field is returned, which includes a list of all
|
|
# permissions in the role. The default value is `BASIC`, which does not return
|
|
# the `includedPermissions` field.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ListRolesResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+parent}/roles', options)
|
|
command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::ListRolesResponse
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['pageSize'] = page_size unless page_size.nil?
|
|
command.query['pageToken'] = page_token unless page_token.nil?
|
|
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
|
|
command.query['view'] = view unless view.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Updates the definition of a custom Role.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `name` value format is described
|
|
# below: * [`projects.roles.patch()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
|
|
# This method updates only [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles) that have been created at the project level.
|
|
# Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
|
|
# roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.patch()`](https://cloud.google.
|
|
# com/iam/reference/rest/v1/organizations.roles/patch): `organizations/`
|
|
# ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom
|
|
# roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have
|
|
# been created at the organization level. Example request URL: `https://iam.
|
|
# googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [Google::Apis::IamV1::Role] role_object
|
|
# @param [String] update_mask
|
|
# A mask describing which fields in the Role have changed.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:patch, 'v1/{+name}', options)
|
|
command.request_representation = Google::Apis::IamV1::Role::Representation
|
|
command.request_object = role_object
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['updateMask'] = update_mask unless update_mask.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Undeletes a custom Role.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `name` value format is described
|
|
# below: * [`projects.roles.undelete()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`
|
|
# `. This method undeletes only [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles) that have been created at the project level.
|
|
# Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
|
|
# roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](https://cloud.
|
|
# google.com/iam/reference/rest/v1/organizations.roles/undelete): `organizations/
|
|
# `ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes only [custom
|
|
# roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have
|
|
# been created at the organization level. Example request URL: `https://iam.
|
|
# googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
|
|
command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
|
|
command.request_object = undelete_role_request_object
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists every permission that you can test on a resource. A permission is
|
|
# testable if you can check whether a principal has that permission on the
|
|
# resource.
|
|
# @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::QueryTestablePermissionsResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
|
|
command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
|
|
command.request_object = query_testable_permissions_request_object
|
|
command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted
|
|
# pool until 30 days after deletion.
|
|
# @param [String] parent
|
|
# Required. The parent resource to create the pool in. The only supported
|
|
# location is `global`.
|
|
# @param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object
|
|
# @param [String] workload_identity_pool_id
|
|
# Required. The ID to use for the pool, which becomes the final component of the
|
|
# resource name. This value should be 4-32 characters, and may contain the
|
|
# characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may
|
|
# not be specified.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def create_project_location_workload_identity_pool(parent, workload_identity_pool_object = nil, workload_identity_pool_id: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+parent}/workloadIdentityPools', options)
|
|
command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation
|
|
command.request_object = workload_identity_pool_object
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['workloadIdentityPoolId'] = workload_identity_pool_id unless workload_identity_pool_id.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Deletes a WorkloadIdentityPool. You cannot use a deleted pool to exchange
|
|
# external credentials for Google Cloud credentials. However, deletion does not
|
|
# revoke credentials that have already been issued. Credentials issued for a
|
|
# deleted pool do not grant access to resources. If the pool is undeleted, and
|
|
# the credentials are not expired, they grant access again. You can undelete a
|
|
# pool for 30 days. After 30 days, deletion is permanent. You cannot update
|
|
# deleted pools. However, you can view and list them.
|
|
# @param [String] name
|
|
# Required. The name of the pool to delete.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def delete_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:delete, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets an individual WorkloadIdentityPool.
|
|
# @param [String] name
|
|
# Required. The name of the pool to retrieve.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPool] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::WorkloadIdentityPool]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation
|
|
command.response_class = Google::Apis::IamV1::WorkloadIdentityPool
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists all non-deleted WorkloadIdentityPools in a project. If `show_deleted` is
|
|
# set to `true`, then deleted pools are also listed.
|
|
# @param [String] parent
|
|
# Required. The parent resource to list pools for.
|
|
# @param [Fixnum] page_size
|
|
# The maximum number of pools to return. If unspecified, at most 50 pools are
|
|
# returned. The maximum value is 1000; values above are 1000 truncated to 1000.
|
|
# @param [String] page_token
|
|
# A page token, received from a previous `ListWorkloadIdentityPools` call.
|
|
# Provide this to retrieve the subsequent page.
|
|
# @param [Boolean] show_deleted
|
|
# Whether to return soft-deleted pools.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def list_project_location_workload_identity_pools(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+parent}/workloadIdentityPools', options)
|
|
command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['pageSize'] = page_size unless page_size.nil?
|
|
command.query['pageToken'] = page_token unless page_token.nil?
|
|
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Updates an existing WorkloadIdentityPool.
|
|
# @param [String] name
|
|
# Output only. The resource name of the pool.
|
|
# @param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object
|
|
# @param [String] update_mask
|
|
# Required. The list of fields to update.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def patch_project_location_workload_identity_pool(name, workload_identity_pool_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:patch, 'v1/{+name}', options)
|
|
command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation
|
|
command.request_object = workload_identity_pool_object
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['updateMask'] = update_mask unless update_mask.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days
|
|
# ago.
|
|
# @param [String] name
|
|
# Required. The name of the pool to undelete.
|
|
# @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest] undelete_workload_identity_pool_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def undelete_workload_identity_pool(name, undelete_workload_identity_pool_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
|
|
command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest::Representation
|
|
command.request_object = undelete_workload_identity_pool_request_object
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the latest state of a long-running operation. Clients can use this method
|
|
# to poll the operation result at intervals as recommended by the API service.
|
|
# @param [String] name
|
|
# The name of the operation resource.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You
|
|
# cannot reuse the name of a deleted provider until 30 days after deletion.
|
|
# @param [String] parent
|
|
# Required. The pool to create this provider in.
|
|
# @param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object
|
|
# @param [String] workload_identity_pool_provider_id
|
|
# Required. The ID for the provider, which becomes the final component of the
|
|
# resource name. This value must be 4-32 characters, and may contain the
|
|
# characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may
|
|
# not be specified.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def create_project_location_workload_identity_pool_provider(parent, workload_identity_pool_provider_object = nil, workload_identity_pool_provider_id: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+parent}/providers', options)
|
|
command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation
|
|
command.request_object = workload_identity_pool_provider_object
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['workloadIdentityPoolProviderId'] = workload_identity_pool_provider_id unless workload_identity_pool_provider_id.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Deletes a WorkloadIdentityPoolProvider. Deleting a provider does not revoke
|
|
# credentials that have already been issued; they continue to grant access. You
|
|
# can undelete a provider for 30 days. After 30 days, deletion is permanent. You
|
|
# cannot update deleted providers. However, you can view and list them.
|
|
# @param [String] name
|
|
# Required. The name of the provider to delete.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def delete_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:delete, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets an individual WorkloadIdentityPoolProvider.
|
|
# @param [String] name
|
|
# Required. The name of the provider to retrieve.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolProvider] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::WorkloadIdentityPoolProvider]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation
|
|
command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolProvider
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool.
|
|
# If `show_deleted` is set to `true`, then deleted providers are also listed.
|
|
# @param [String] parent
|
|
# Required. The pool to list providers for.
|
|
# @param [Fixnum] page_size
|
|
# The maximum number of providers to return. If unspecified, at most 50
|
|
# providers are returned. The maximum value is 100; values above 100 are
|
|
# truncated to 100.
|
|
# @param [String] page_token
|
|
# A page token, received from a previous `ListWorkloadIdentityPoolProviders`
|
|
# call. Provide this to retrieve the subsequent page.
|
|
# @param [Boolean] show_deleted
|
|
# Whether to return soft-deleted providers.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def list_project_location_workload_identity_pool_providers(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+parent}/providers', options)
|
|
command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['pageSize'] = page_size unless page_size.nil?
|
|
command.query['pageToken'] = page_token unless page_token.nil?
|
|
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Updates an existing WorkloadIdentityPoolProvider.
|
|
# @param [String] name
|
|
# Output only. The resource name of the provider.
|
|
# @param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object
|
|
# @param [String] update_mask
|
|
# Required. The list of fields to update.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def patch_project_location_workload_identity_pool_provider(name, workload_identity_pool_provider_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:patch, 'v1/{+name}', options)
|
|
command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation
|
|
command.request_object = workload_identity_pool_provider_object
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['updateMask'] = update_mask unless update_mask.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than
|
|
# 30 days ago.
|
|
# @param [String] name
|
|
# Required. The name of the provider to undelete.
|
|
# @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest] undelete_workload_identity_pool_provider_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def undelete_workload_identity_pool_provider(name, undelete_workload_identity_pool_provider_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
|
|
command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest::Representation
|
|
command.request_object = undelete_workload_identity_pool_provider_request_object
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the latest state of a long-running operation. Clients can use this method
|
|
# to poll the operation result at intervals as recommended by the API service.
|
|
# @param [String] name
|
|
# The name of the operation resource.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_location_workload_identity_pool_provider_key_operation(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the latest state of a long-running operation. Clients can use this method
|
|
# to poll the operation result at intervals as recommended by the API service.
|
|
# @param [String] name
|
|
# The name of the operation resource.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Operation]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Operation::Representation
|
|
command.response_class = Google::Apis::IamV1::Operation
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Creates a new custom Role.
|
|
# @param [String] parent
|
|
# The `parent` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `parent` value format is described
|
|
# below: * [`projects.roles.create()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates
|
|
# project-level [custom roles](https://cloud.google.com/iam/docs/understanding-
|
|
# custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
|
|
# PROJECT_ID`/roles` * [`organizations.roles.create()`](https://cloud.google.com/
|
|
# iam/reference/rest/v1/organizations.roles/create): `organizations/`
|
|
# ORGANIZATION_ID``. This method creates organization-level [custom roles](https:
|
|
# //cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: `
|
|
# https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+parent}/roles', options)
|
|
command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
|
|
command.request_object = create_role_request_object
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Deletes a custom Role. When you delete a custom role, the following changes
|
|
# occur immediately: * You cannot bind a principal to the custom role in an IAM
|
|
# Policy. * Existing bindings to the custom role are not changed, but they have
|
|
# no effect. * By default, the response from ListRoles does not include the
|
|
# custom role. You have 7 days to undelete the custom role. After 7 days, the
|
|
# following changes occur: * The custom role is permanently deleted and cannot
|
|
# be recovered. * If an IAM policy contains a binding to the custom role, the
|
|
# binding is permanently removed.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `name` value format is described
|
|
# below: * [`projects.roles.delete()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
|
|
# This method deletes only [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles) that have been created at the project level.
|
|
# Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
|
|
# roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.delete()`](https://cloud.
|
|
# google.com/iam/reference/rest/v1/organizations.roles/delete): `organizations/`
|
|
# ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom
|
|
# roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have
|
|
# been created at the organization level. Example request URL: `https://iam.
|
|
# googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [String] etag
|
|
# Used to perform a consistent read-modify-write.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:delete, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['etag'] = etag unless etag.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the definition of a Role.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [`
|
|
# projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [
|
|
# `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.
|
|
# roles). Each resource type's `name` value format is described below: * [`roles.
|
|
# get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/`
|
|
# ROLE_NAME``. This method returns results from all [predefined roles](https://
|
|
# cloud.google.com/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
|
|
# Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`
|
|
# projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method
|
|
# returns only [custom roles](https://cloud.google.com/iam/docs/understanding-
|
|
# custom-roles) that have been created at the project level. Example request URL:
|
|
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` *
|
|
# [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
|
|
# CUSTOM_ROLE_ID``. This method returns only [custom roles](https://cloud.google.
|
|
# com/iam/docs/understanding-custom-roles) that have been created at the
|
|
# organization level. Example request URL: `https://iam.googleapis.com/v1/
|
|
# organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*)
|
|
# values are invalid; you must specify a complete project ID or organization ID.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists every predefined Role that IAM supports, or every custom role that is
|
|
# defined for an organization or project.
|
|
# @param [String] parent
|
|
# The `parent` parameter's value depends on the target resource for the request,
|
|
# namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [`
|
|
# projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [
|
|
# `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.
|
|
# roles). Each resource type's `parent` value format is described below: * [`
|
|
# roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An
|
|
# empty string. This method doesn't require a resource; it simply returns all [
|
|
# predefined roles](https://cloud.google.com/iam/docs/understanding-roles#
|
|
# predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.
|
|
# com/v1/roles` * [`projects.roles.list()`](https://cloud.google.com/iam/
|
|
# reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method
|
|
# lists all project-level [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles). Example request URL: `https://iam.googleapis.com/
|
|
# v1/projects/`PROJECT_ID`/roles` * [`organizations.roles.list()`](https://cloud.
|
|
# google.com/iam/reference/rest/v1/organizations.roles/list): `organizations/`
|
|
# ORGANIZATION_ID``. This method lists all organization-level [custom roles](
|
|
# https://cloud.google.com/iam/docs/understanding-custom-roles). Example request
|
|
# URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
|
|
# Note: Wildcard (*) values are invalid; you must specify a complete project ID
|
|
# or organization ID.
|
|
# @param [Fixnum] page_size
|
|
# Optional limit on the number of roles to include in the response. The default
|
|
# is 300, and the maximum is 1,000.
|
|
# @param [String] page_token
|
|
# Optional pagination token returned in an earlier ListRolesResponse.
|
|
# @param [Boolean] show_deleted
|
|
# Include Roles that have been deleted.
|
|
# @param [String] view
|
|
# Optional view for the returned Role objects. When `FULL` is specified, the `
|
|
# includedPermissions` field is returned, which includes a list of all
|
|
# permissions in the role. The default value is `BASIC`, which does not return
|
|
# the `includedPermissions` field.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ListRolesResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+parent}/roles', options)
|
|
command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::ListRolesResponse
|
|
command.params['parent'] = parent unless parent.nil?
|
|
command.query['pageSize'] = page_size unless page_size.nil?
|
|
command.query['pageToken'] = page_token unless page_token.nil?
|
|
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
|
|
command.query['view'] = view unless view.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Updates the definition of a custom Role.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `name` value format is described
|
|
# below: * [`projects.roles.patch()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
|
|
# This method updates only [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles) that have been created at the project level.
|
|
# Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
|
|
# roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.patch()`](https://cloud.google.
|
|
# com/iam/reference/rest/v1/organizations.roles/patch): `organizations/`
|
|
# ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom
|
|
# roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have
|
|
# been created at the organization level. Example request URL: `https://iam.
|
|
# googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [Google::Apis::IamV1::Role] role_object
|
|
# @param [String] update_mask
|
|
# A mask describing which fields in the Role have changed.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:patch, 'v1/{+name}', options)
|
|
command.request_representation = Google::Apis::IamV1::Role::Representation
|
|
command.request_object = role_object
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['updateMask'] = update_mask unless update_mask.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Undeletes a custom Role.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles). Each resource type's `name` value format is described
|
|
# below: * [`projects.roles.undelete()`](https://cloud.google.com/iam/reference/
|
|
# rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`
|
|
# `. This method undeletes only [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles) that have been created at the project level.
|
|
# Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
|
|
# roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](https://cloud.
|
|
# google.com/iam/reference/rest/v1/organizations.roles/undelete): `organizations/
|
|
# `ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes only [custom
|
|
# roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have
|
|
# been created at the organization level. Example request URL: `https://iam.
|
|
# googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
|
|
# Wildcard (*) values are invalid; you must specify a complete project ID or
|
|
# organization ID.
|
|
# @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
|
|
command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
|
|
command.request_object = undelete_role_request_object
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Creates a ServiceAccount.
|
|
# @param [String] name
|
|
# Required. The resource name of the project associated with the service
|
|
# accounts, such as `projects/my-project-123`.
|
|
# @param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ServiceAccount]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
|
|
command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
|
|
command.request_object = create_service_account_request_object
|
|
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
|
|
command.response_class = Google::Apis::IamV1::ServiceAccount
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Deletes a ServiceAccount. **Warning:** After you delete a service account, you
|
|
# might not be able to undelete it. If you know that you need to re-enable the
|
|
# service account in the future, use DisableServiceAccount instead. If you
|
|
# delete a service account, IAM permanently removes the service account 30 days
|
|
# later. Google Cloud cannot recover the service account after it is permanently
|
|
# removed, even if you file a support request. To help avoid unplanned outages,
|
|
# we recommend that you disable the service account before you delete it. Use
|
|
# DisableServiceAccount to disable the service account, then wait at least 24
|
|
# hours and watch for unintended consequences. If there are no unintended
|
|
# consequences, you can delete the service account.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account in the following format: `
|
|
# projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
|
|
# the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
|
|
# can be the `email` address or the `unique_id` of the service account.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Empty]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:delete, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Empty::Representation
|
|
command.response_class = Google::Apis::IamV1::Empty
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Disables a ServiceAccount immediately. If an application uses the service
|
|
# account to authenticate, that application can no longer call Google APIs or
|
|
# access Google Cloud resources. Existing access tokens for the service account
|
|
# are rejected, and requests for new access tokens will fail. To re-enable the
|
|
# service account, use EnableServiceAccount. After you re-enable the service
|
|
# account, its existing access tokens will be accepted, and you can request new
|
|
# access tokens. To help avoid unplanned outages, we recommend that you disable
|
|
# the service account before you delete it. Use this method to disable the
|
|
# service account, then wait at least 24 hours and watch for unintended
|
|
# consequences. If there are no unintended consequences, you can delete the
|
|
# service account with DeleteServiceAccount.
|
|
# @param [String] name
|
|
# The resource name of the service account in the following format: `projects/`
|
|
# PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
|
|
# PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
|
|
# be the `email` address or the `unique_id` of the service account.
|
|
# @param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Empty]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:disable', options)
|
|
command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
|
|
command.request_object = disable_service_account_request_object
|
|
command.response_representation = Google::Apis::IamV1::Empty::Representation
|
|
command.response_class = Google::Apis::IamV1::Empty
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Enables a ServiceAccount that was disabled by DisableServiceAccount. If the
|
|
# service account is already enabled, then this method has no effect. If the
|
|
# service account was disabled by other means—for example, if Google disabled
|
|
# the service account because it was compromised—you cannot use this method to
|
|
# enable the service account.
|
|
# @param [String] name
|
|
# The resource name of the service account in the following format: `projects/`
|
|
# PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
|
|
# PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
|
|
# be the `email` address or the `unique_id` of the service account.
|
|
# @param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Empty]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:enable', options)
|
|
command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
|
|
command.request_object = enable_service_account_request_object
|
|
command.response_representation = Google::Apis::IamV1::Empty::Representation
|
|
command.response_class = Google::Apis::IamV1::Empty
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets a ServiceAccount.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account in the following format: `
|
|
# projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
|
|
# the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
|
|
# can be the `email` address or the `unique_id` of the service account.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ServiceAccount]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
|
|
command.response_class = Google::Apis::IamV1::ServiceAccount
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the IAM policy that is attached to a ServiceAccount. This IAM policy
|
|
# specifies which principals have access to the service account. This method
|
|
# does not tell you whether the service account has been granted any roles on
|
|
# other resources. To check whether a service account has role grants on a
|
|
# resource, use the `getIamPolicy` method for that resource. For example, to
|
|
# view the role grants for a project, call the Resource Manager API's [`projects.
|
|
# getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/
|
|
# projects/getIamPolicy) method.
|
|
# @param [String] resource
|
|
# REQUIRED: The resource for which the policy is being requested. See the
|
|
# operation documentation for the appropriate value for this field.
|
|
# @param [Fixnum] options_requested_policy_version
|
|
# Optional. The maximum policy version that will be used to format the policy.
|
|
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
|
# rejected. Requests for policies with any conditional role bindings must
|
|
# specify version 3. Policies with no conditional role bindings may specify any
|
|
# valid value or leave the field unset. The policy in the response might use the
|
|
# policy version that you specified, or it might use a lower policy version. For
|
|
# example, if you specify version 3, but the policy has no conditional role
|
|
# bindings, the response uses version 1. To learn which resources support
|
|
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
|
# google.com/iam/help/conditions/resource-policies).
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Policy] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Policy]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
|
|
command.response_representation = Google::Apis::IamV1::Policy::Representation
|
|
command.response_class = Google::Apis::IamV1::Policy
|
|
command.params['resource'] = resource unless resource.nil?
|
|
command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists every ServiceAccount that belongs to a specific project.
|
|
# @param [String] name
|
|
# Required. The resource name of the project associated with the service
|
|
# accounts, such as `projects/my-project-123`.
|
|
# @param [Fixnum] page_size
|
|
# Optional limit on the number of service accounts to include in the response.
|
|
# Further accounts can subsequently be obtained by including the
|
|
# ListServiceAccountsResponse.next_page_token in a subsequent request. The
|
|
# default is 20, and the maximum is 100.
|
|
# @param [String] page_token
|
|
# Optional pagination token returned in an earlier ListServiceAccountsResponse.
|
|
# next_page_token.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ListServiceAccountsResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
|
|
command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['pageSize'] = page_size unless page_size.nil?
|
|
command.query['pageToken'] = page_token unless page_token.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Patches a ServiceAccount.
|
|
# @param [String] name
|
|
# The resource name of the service account. Use one of the following formats: * `
|
|
# projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`
|
|
# /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard
|
|
# character instead of the project ID: * `projects/-/serviceAccounts/`
|
|
# EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible,
|
|
# avoid using the `-` wildcard character, because it can cause response messages
|
|
# to contain misleading error codes. For example, if you try to get the service
|
|
# account `projects/-/serviceAccounts/fake@example.com`, which does not exist,
|
|
# the response contains an HTTP `403 Forbidden` error instead of a `404 Not
|
|
# Found` error.
|
|
# @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ServiceAccount]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:patch, 'v1/{+name}', options)
|
|
command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
|
|
command.request_object = patch_service_account_request_object
|
|
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
|
|
command.response_class = Google::Apis::IamV1::ServiceAccount
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Sets the IAM policy that is attached to a ServiceAccount. Use this method to
|
|
# grant or revoke access to the service account. For example, you could grant a
|
|
# principal the ability to impersonate the service account. This method does not
|
|
# enable the service account to access other resources. To grant roles to a
|
|
# service account on a resource, follow these steps: 1. Call the resource's `
|
|
# getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that
|
|
# it binds the service account to an IAM role for the resource. 3. Call the
|
|
# resource's `setIamPolicy` method to update its IAM policy. For detailed
|
|
# instructions, see [Manage access to project, folders, and organizations](https:
|
|
# //cloud.google.com/iam/help/service-accounts/granting-access-to-service-
|
|
# accounts) or [Manage access to other resources](https://cloud.google.com/iam/
|
|
# help/access/manage-other-resources).
|
|
# @param [String] resource
|
|
# REQUIRED: The resource for which the policy is being specified. See the
|
|
# operation documentation for the appropriate value for this field.
|
|
# @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Policy] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Policy]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
|
|
command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
|
|
command.request_object = set_iam_policy_request_object
|
|
command.response_representation = Google::Apis::IamV1::Policy::Representation
|
|
command.response_class = Google::Apis::IamV1::Policy
|
|
command.params['resource'] = resource unless resource.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# **Note:** This method is deprecated. Use the [`signBlob`](https://cloud.google.
|
|
# com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in
|
|
# the IAM Service Account Credentials API instead. If you currently use this
|
|
# method, see the [migration guide](https://cloud.google.com/iam/help/
|
|
# credentials/migrate-api) for instructions. Signs a blob using the system-
|
|
# managed private key for a ServiceAccount.
|
|
# @param [String] name
|
|
# Required. Deprecated. [Migrate to Service Account Credentials API](https://
|
|
# cloud.google.com/iam/help/credentials/migrate-api). The resource name of the
|
|
# service account in the following format: `projects/`PROJECT_ID`/
|
|
# serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will
|
|
# infer the project from the account. The `ACCOUNT` value can be the `email`
|
|
# address or the `unique_id` of the service account.
|
|
# @param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::SignBlobResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
|
|
command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
|
|
command.request_object = sign_blob_request_object
|
|
command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::SignBlobResponse
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# **Note:** This method is deprecated. Use the [`signJwt`](https://cloud.google.
|
|
# com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in
|
|
# the IAM Service Account Credentials API instead. If you currently use this
|
|
# method, see the [migration guide](https://cloud.google.com/iam/help/
|
|
# credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using
|
|
# the system-managed private key for a ServiceAccount.
|
|
# @param [String] name
|
|
# Required. Deprecated. [Migrate to Service Account Credentials API](https://
|
|
# cloud.google.com/iam/help/credentials/migrate-api). The resource name of the
|
|
# service account in the following format: `projects/`PROJECT_ID`/
|
|
# serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will
|
|
# infer the project from the account. The `ACCOUNT` value can be the `email`
|
|
# address or the `unique_id` of the service account.
|
|
# @param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::SignJwtResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
|
|
command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
|
|
command.request_object = sign_jwt_request_object
|
|
command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::SignJwtResponse
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Tests whether the caller has the specified permissions on a ServiceAccount.
|
|
# @param [String] resource
|
|
# REQUIRED: The resource for which the policy detail is being requested. See the
|
|
# operation documentation for the appropriate value for this field.
|
|
# @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::TestIamPermissionsResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
|
|
command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
|
|
command.request_object = test_iam_permissions_request_object
|
|
command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
|
|
command.params['resource'] = resource unless resource.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Restores a deleted ServiceAccount. **Important:** It is not always possible to
|
|
# restore a deleted service account. Use this method only as a last resort.
|
|
# After you delete a service account, IAM permanently removes the service
|
|
# account 30 days later. There is no way to restore a deleted service account
|
|
# that has been permanently removed.
|
|
# @param [String] name
|
|
# The resource name of the service account in the following format: `projects/`
|
|
# PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``. Using `-` as a wildcard for
|
|
# the `PROJECT_ID` will infer the project from the account.
|
|
# @param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::UndeleteServiceAccountResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:undelete', options)
|
|
command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
|
|
command.request_object = undelete_service_account_request_object
|
|
command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# **Note:** We are in the process of deprecating this method. Use
|
|
# PatchServiceAccount instead. Updates a ServiceAccount. You can update only the
|
|
# `display_name` field.
|
|
# @param [String] name
|
|
# The resource name of the service account. Use one of the following formats: * `
|
|
# projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`
|
|
# /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard
|
|
# character instead of the project ID: * `projects/-/serviceAccounts/`
|
|
# EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible,
|
|
# avoid using the `-` wildcard character, because it can cause response messages
|
|
# to contain misleading error codes. For example, if you try to get the service
|
|
# account `projects/-/serviceAccounts/fake@example.com`, which does not exist,
|
|
# the response contains an HTTP `403 Forbidden` error instead of a `404 Not
|
|
# Found` error.
|
|
# @param [Google::Apis::IamV1::ServiceAccount] service_account_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ServiceAccount]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:put, 'v1/{+name}', options)
|
|
command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
|
|
command.request_object = service_account_object
|
|
command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
|
|
command.response_class = Google::Apis::IamV1::ServiceAccount
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Creates a ServiceAccountKey.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account in the following format: `
|
|
# projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
|
|
# the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
|
|
# can be the `email` address or the `unique_id` of the service account.
|
|
# @param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ServiceAccountKey]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}/keys', options)
|
|
command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
|
|
command.request_object = create_service_account_key_request_object
|
|
command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
|
|
command.response_class = Google::Apis::IamV1::ServiceAccountKey
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Deletes a ServiceAccountKey. Deleting a service account key does not revoke
|
|
# short-lived credentials that have been issued based on the service account key.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account key in the following format:
|
|
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
|
|
# wildcard for the `PROJECT_ID` will infer the project from the account. The `
|
|
# ACCOUNT` value can be the `email` address or the `unique_id` of the service
|
|
# account.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Empty]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:delete, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Empty::Representation
|
|
command.response_class = Google::Apis::IamV1::Empty
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Disable a ServiceAccountKey. A disabled service account key can be enabled
|
|
# through EnableServiceAccountKey.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account key in the following format:
|
|
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
|
|
# wildcard for the `PROJECT_ID` will infer the project from the account. The `
|
|
# ACCOUNT` value can be the `email` address or the `unique_id` of the service
|
|
# account.
|
|
# @param [Google::Apis::IamV1::DisableServiceAccountKeyRequest] disable_service_account_key_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Empty]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def disable_service_account_key(name, disable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:disable', options)
|
|
command.request_representation = Google::Apis::IamV1::DisableServiceAccountKeyRequest::Representation
|
|
command.request_object = disable_service_account_key_request_object
|
|
command.response_representation = Google::Apis::IamV1::Empty::Representation
|
|
command.response_class = Google::Apis::IamV1::Empty
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Enable a ServiceAccountKey.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account key in the following format:
|
|
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
|
|
# wildcard for the `PROJECT_ID` will infer the project from the account. The `
|
|
# ACCOUNT` value can be the `email` address or the `unique_id` of the service
|
|
# account.
|
|
# @param [Google::Apis::IamV1::EnableServiceAccountKeyRequest] enable_service_account_key_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Empty]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def enable_service_account_key(name, enable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}:enable', options)
|
|
command.request_representation = Google::Apis::IamV1::EnableServiceAccountKeyRequest::Representation
|
|
command.request_object = enable_service_account_key_request_object
|
|
command.response_representation = Google::Apis::IamV1::Empty::Representation
|
|
command.response_class = Google::Apis::IamV1::Empty
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets a ServiceAccountKey.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account key in the following format:
|
|
# `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
|
|
# wildcard for the `PROJECT_ID` will infer the project from the account. The `
|
|
# ACCOUNT` value can be the `email` address or the `unique_id` of the service
|
|
# account.
|
|
# @param [String] public_key_type
|
|
# Optional. The output format of the public key. The default is `TYPE_NONE`,
|
|
# which means that the public key is not returned.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ServiceAccountKey]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
|
|
command.response_class = Google::Apis::IamV1::ServiceAccountKey
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists every ServiceAccountKey for a service account.
|
|
# @param [String] name
|
|
# Required. The resource name of the service account in the following format: `
|
|
# projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
|
|
# the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value
|
|
# can be the `email` address or the `unique_id` of the service account.
|
|
# @param [Array<String>, String] key_types
|
|
# Filters the types of keys the user wants to include in the list response.
|
|
# Duplicate key types are not allowed. If no key type is provided, all keys are
|
|
# returned.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ListServiceAccountKeysResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}/keys', options)
|
|
command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['keyTypes'] = key_types unless key_types.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Creates a ServiceAccountKey, using a public key that you provide.
|
|
# @param [String] name
|
|
# The resource name of the service account in the following format: `projects/`
|
|
# PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
|
|
# PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
|
|
# be the `email` address or the `unique_id` of the service account.
|
|
# @param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ServiceAccountKey]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/{+name}/keys:upload', options)
|
|
command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation
|
|
command.request_object = upload_service_account_key_request_object
|
|
command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
|
|
command.response_class = Google::Apis::IamV1::ServiceAccountKey
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Gets the definition of a Role.
|
|
# @param [String] name
|
|
# The `name` parameter's value depends on the target resource for the request,
|
|
# namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [`
|
|
# projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [
|
|
# `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.
|
|
# roles). Each resource type's `name` value format is described below: * [`roles.
|
|
# get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/`
|
|
# ROLE_NAME``. This method returns results from all [predefined roles](https://
|
|
# cloud.google.com/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
|
|
# Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`
|
|
# projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects.
|
|
# roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method
|
|
# returns only [custom roles](https://cloud.google.com/iam/docs/understanding-
|
|
# custom-roles) that have been created at the project level. Example request URL:
|
|
# `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` *
|
|
# [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/
|
|
# organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
|
|
# CUSTOM_ROLE_ID``. This method returns only [custom roles](https://cloud.google.
|
|
# com/iam/docs/understanding-custom-roles) that have been created at the
|
|
# organization level. Example request URL: `https://iam.googleapis.com/v1/
|
|
# organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*)
|
|
# values are invalid; you must specify a complete project ID or organization ID.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::Role] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::Role]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/{+name}', options)
|
|
command.response_representation = Google::Apis::IamV1::Role::Representation
|
|
command.response_class = Google::Apis::IamV1::Role
|
|
command.params['name'] = name unless name.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists every predefined Role that IAM supports, or every custom role that is
|
|
# defined for an organization or project.
|
|
# @param [Fixnum] page_size
|
|
# Optional limit on the number of roles to include in the response. The default
|
|
# is 300, and the maximum is 1,000.
|
|
# @param [String] page_token
|
|
# Optional pagination token returned in an earlier ListRolesResponse.
|
|
# @param [String] parent
|
|
# The `parent` parameter's value depends on the target resource for the request,
|
|
# namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [`
|
|
# projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [
|
|
# `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.
|
|
# roles). Each resource type's `parent` value format is described below: * [`
|
|
# roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An
|
|
# empty string. This method doesn't require a resource; it simply returns all [
|
|
# predefined roles](https://cloud.google.com/iam/docs/understanding-roles#
|
|
# predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.
|
|
# com/v1/roles` * [`projects.roles.list()`](https://cloud.google.com/iam/
|
|
# reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method
|
|
# lists all project-level [custom roles](https://cloud.google.com/iam/docs/
|
|
# understanding-custom-roles). Example request URL: `https://iam.googleapis.com/
|
|
# v1/projects/`PROJECT_ID`/roles` * [`organizations.roles.list()`](https://cloud.
|
|
# google.com/iam/reference/rest/v1/organizations.roles/list): `organizations/`
|
|
# ORGANIZATION_ID``. This method lists all organization-level [custom roles](
|
|
# https://cloud.google.com/iam/docs/understanding-custom-roles). Example request
|
|
# URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
|
|
# Note: Wildcard (*) values are invalid; you must specify a complete project ID
|
|
# or organization ID.
|
|
# @param [Boolean] show_deleted
|
|
# Include Roles that have been deleted.
|
|
# @param [String] view
|
|
# Optional view for the returned Role objects. When `FULL` is specified, the `
|
|
# includedPermissions` field is returned, which includes a list of all
|
|
# permissions in the role. The default value is `BASIC`, which does not return
|
|
# the `includedPermissions` field.
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::ListRolesResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:get, 'v1/roles', options)
|
|
command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::ListRolesResponse
|
|
command.query['pageSize'] = page_size unless page_size.nil?
|
|
command.query['pageToken'] = page_token unless page_token.nil?
|
|
command.query['parent'] = parent unless parent.nil?
|
|
command.query['showDeleted'] = show_deleted unless show_deleted.nil?
|
|
command.query['view'] = view unless view.nil?
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
# Lists roles that can be granted on a Google Cloud resource. A role is
|
|
# grantable if the IAM policy for the resource can contain bindings to the role.
|
|
# @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object
|
|
# @param [String] fields
|
|
# Selector specifying which fields to include in a partial response.
|
|
# @param [String] quota_user
|
|
# Available to use for quota purposes for server-side applications. Can be any
|
|
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
|
# @param [Google::Apis::RequestOptions] options
|
|
# Request-specific options
|
|
#
|
|
# @yield [result, err] Result & error if block supplied
|
|
# @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object
|
|
# @yieldparam err [StandardError] error object if request failed
|
|
#
|
|
# @return [Google::Apis::IamV1::QueryGrantableRolesResponse]
|
|
#
|
|
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
|
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
|
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
|
def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
|
command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
|
|
command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
|
|
command.request_object = query_grantable_roles_request_object
|
|
command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
|
|
command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
|
|
command.query['fields'] = fields unless fields.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
execute_or_queue_command(command, &block)
|
|
end
|
|
|
|
protected
|
|
|
|
def apply_command_defaults(command)
|
|
command.query['key'] = key unless key.nil?
|
|
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|