class Google::Apis::IamV1::IamService
Google Identity and Access Management API
Manages identity and access control for Google Cloud Platform resources,
including the creation of service accounts, which you can use to authenticate to Google and make API calls.
@example
require 'google/apis/iam_v1' Iam = Google::Apis::IamV1 # Alias the module service = Iam::IamService.new
@see cloud.google.com/iam/
Attributes
@return [String]
API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
@return [String]
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
Public Class Methods
# File generated/google/apis/iam_v1/service.rb, line 47 def initialize super('https://iam.googleapis.com/', '') end
Public Instance Methods
Creates a service account and returns it. @param [String] name
Required. The resource name of the project associated with the service accounts, such as "projects/123"
@param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccount]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 146 def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation command.request_object = create_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Creates a service account key and returns it. @param [String] name
The resource name of the service account in the format "projects/`project`/ serviceAccounts/`account`". Using '-' as a wildcard for the project, will infer the project from the account. The account value can be the email address or the unique_id of the service account.
@param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccountKey]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 466 def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation command.request_object = create_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a service acount. @param [String] name
The resource name of the service account in the format "projects/`project`/ serviceAccounts/`account`". Using '-' as a wildcard for the project, will infer the project from the account. The account value can be the email address or the unique_id of the service account.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 220 def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Deletes a service account key. @param [String] name
The resource name of the service account key in the format "projects/`project`/ serviceAccounts/`account`/keys/`key`". Using '-' as a wildcard for the project will infer the project from the account. The account value can be the email address or the unique_id of the service account.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Empty] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Empty]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 501 def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets a ServiceAccount @param [String] name
The resource name of the service account in the format "projects/`project`/ serviceAccounts/`account`". Using '-' as a wildcard for the project, will infer the project from the account. The account value can be the email address or the unique_id of the service account.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccount]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 114 def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Returns the IAM access control policy for specified IAM resource. @param [String] resource
REQUIRED: The resource for which the policy is being requested. `resource` is usually specified as a path, such as `projects project zones zone disks/* disk*`. The format for the path specified in this value is resource specific and is specified in the `getIamPolicy` documentation.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Policy] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Policy]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 289 def get_project_service_account_iam_policy(resource, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Gets the ServiceAccountKey by key id. @param [String] name
The resource name of the service account key in the format "projects/`project`/ serviceAccounts/`account`/keys/`key`". Using '-' as a wildcard for the project will infer the project from the account. The account value can be the email address or the unique_id of the service account.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccountKey]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 432 def get_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists service account keys @param [String] name
The resource name of the service account in the format "projects/`project`/ serviceAccounts/`account`". Using '-' as a wildcard for the project, will infer the project from the account. The account value can be the email address or the unique_id of the service account.
@param [Array<String>, String] key_types
The type of keys the user wants to list. If empty, all key types are included in the response. Duplicate key types are not allowed.
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListServiceAccountKeysResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 398 def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/keys', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse command.params['name'] = name unless name.nil? command.query['keyTypes'] = key_types unless key_types.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Lists service accounts for a project. @param [String] name
Required. The resource name of the project associated with the service accounts, such as "projects/123"
@param [Fixnum] page_size
Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the [ ListServiceAccountsResponse.next_page_token] in a subsequent request.
@param [String] page_token
Optional pagination token returned in an earlier [ListServiceAccountsResponse. next_page_token].
@param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ListServiceAccountsResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 79 def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse command.params['name'] = name unless name.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Sets the IAM access control policy for the specified IAM resource. @param [String] resource
REQUIRED: The resource for which the policy is being specified. `resource` is usually specified as a path, such as `projects project zones zone disks/* disk*`. The format for the path specified in this value is resource specific and is specified in the `setIamPolicy` documentation.
@param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::Policy] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::Policy]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 323 def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Signs a blob using a service account. @param [String] name
The resource name of the service account in the format "projects/`project`/ serviceAccounts/`account`". Using '-' as a wildcard for the project, will infer the project from the account. The account value can be the email address or the unique_id of the service account.
@param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::SignBlobResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 254 def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signBlob', options) command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation command.request_object = sign_blob_request_object command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation command.response_class = Google::Apis::IamV1::SignBlobResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Tests the specified permissions against the IAM access control policy for the specified IAM resource. @param [String] resource
REQUIRED: The resource for which the policy detail is being requested. ` resource` is usually specified as a path, such as `projects project zones zone disks/*disk*`. The format for the path specified in this value is resource specific and is specified in the `testIamPermissions` documentation.
@param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::TestIamPermissionsResponse]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 360 def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Updates a service account. Currently, only the following fields are updatable: 'display_name' . The 'etag' is mandatory. @param [String] name
The resource name of the service account in the format "projects/`project`/ serviceAccounts/`account`". In requests using '-' as a wildcard for the project, will infer the project from the account and the account value can be the email address or the unique_id of the service account. In responses the resource name will always be in the format "projects/`project`/serviceAccounts/ `email`".
@param [Google::Apis::IamV1::ServiceAccount] service_account_object @param [String] fields
Selector specifying which fields to include in a partial response.
@param [String] #quota_user
Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
@param [Google::Apis::RequestOptions] options
Request-specific options
@yield [result, err] Result & error if block supplied @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object @yieldparam err [StandardError] error object if request failed
@return [Google::Apis::IamV1::ServiceAccount]
@raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification @raise [Google::Apis::AuthorizationError] Authorization is required
# File generated/google/apis/iam_v1/service.rb, line 185 def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:put, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation command.request_object = service_account_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end
Protected Instance Methods
# File generated/google/apis/iam_v1/service.rb, line 513 def apply_command_defaults(command) command.query['key'] = key unless key.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? end