iam/v1 library
Identity and Access Management (IAM) API - v1
Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API.
For more information, see cloud.google.com/iam/
Create an instance of IamApi to access these resources:
- IamPoliciesResource
- LocationsResource
- OrganizationsResource
- PermissionsResource
- ProjectsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsNamespacesOperationsResource - ProjectsLocationsWorkloadIdentityPoolsOperationsResource - ProjectsLocationsWorkloadIdentityPoolsProvidersResource - ProjectsLocationsWorkloadIdentityPoolsProvidersKeysResource
- ProjectsLocationsWorkloadIdentityPoolsProvidersKeysOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsResource
- RolesResource
Classes
- AccessRestrictions
- Access related restrictions on the workforce pool.
- AuditableService
- Contains information about an auditable service.
- AuditConfig
- Specifies the audit configuration for a service.
- Aws
- Represents an Amazon Web Services identity provider.
- Binding
-
Associates
members
, or principals, with arole
. - CreateRoleRequest
- The request to create a new role.
- CreateServiceAccountKeyRequest
- The service account key create request.
- CreateServiceAccountRequest
- The service account create request.
- DisableServiceAccountKeyRequest
- The service account key disable request.
- ExtendedStatus
- Extended status can store additional metadata.
- GetIamPolicyRequest
-
Request message for
GetIamPolicy
method. - GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client
- Represents the OAuth 2.0 client credential configuration for retrieving additional user attributes that are not present in the initial authentication credentials from the identity provider, e.g. groups.
- GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters
- Represents the parameters to control which claims are fetched from an IdP.
- GoogleIamAdminV1WorkforcePoolProviderOidc
- Represents an OpenId Connect 1.0 identity provider.
- GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret
- Representation of a client secret configured for the OIDC provider.
- GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue
- Representation of the value of the client secret.
- GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig
- Configuration for web single sign-on for the OIDC provider.
- GoogleIamAdminV1WorkforcePoolProviderSaml
- Represents a SAML identity provider.
- IamApi
- Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.
- IamPoliciesResource
- KeyData
- Represents a public key data along with its format.
- LintPolicyRequest
- The request to lint an IAM policy object.
- LintPolicyResponse
- The response of a lint operation.
- LintResult
- Structured response of a single validation unit.
- ListOauthClientCredentialsResponse
- Response message for ListOauthClientCredentials.
- ListOauthClientsResponse
- Response message for ListOauthClients.
- ListRolesResponse
- The response containing the roles defined under a resource.
- ListServiceAccountKeysResponse
- The service account keys list response.
- ListServiceAccountsResponse
- The service account list response.
- ListWorkforcePoolProviderKeysResponse
- Response message for ListWorkforcePoolProviderKeys.
- ListWorkforcePoolProvidersResponse
- Response message for ListWorkforcePoolProviders.
- ListWorkforcePoolsResponse
- Response message for ListWorkforcePools.
- ListWorkloadIdentityPoolProviderKeysResponse
- Response message for ListWorkloadIdentityPoolProviderKeys.
- ListWorkloadIdentityPoolProvidersResponse
- Response message for ListWorkloadIdentityPoolProviders.
- ListWorkloadIdentityPoolsResponse
- Response message for ListWorkloadIdentityPools.
- LocationsResource
- LocationsWorkforcePoolsOperationsResource
- LocationsWorkforcePoolsProvidersKeysOperationsResource
- LocationsWorkforcePoolsProvidersKeysResource
- LocationsWorkforcePoolsProvidersOperationsResource
- LocationsWorkforcePoolsProvidersResource
- LocationsWorkforcePoolsResource
- LocationsWorkforcePoolsSubjectsOperationsResource
- LocationsWorkforcePoolsSubjectsResource
- OauthClient
- Represents an OauthClient.
- OauthClientCredential
- Represents an OauthClientCredential.
- Oidc
- Represents an OpenId Connect 1.0 identity provider.
- Operation
- This resource represents a long-running operation that is the result of a network API call.
- OrganizationsResource
- OrganizationsRolesResource
- PatchServiceAccountKeyRequest
- The service account key patch request.
- PatchServiceAccountRequest
- The service account patch request.
- Permission
- A permission which can be included by a role.
- PermissionsResource
- Policy
- An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
- ProjectsLocationsOauthClientsCredentialsResource
- ProjectsLocationsOauthClientsResource
- ProjectsLocationsResource
- ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource
- ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource
- ProjectsLocationsWorkloadIdentityPoolsNamespacesOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsNamespacesResource
- ProjectsLocationsWorkloadIdentityPoolsOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsProvidersKeysOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsProvidersKeysResource
- ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsResource
- ProjectsLocationsWorkloadIdentityPoolsProvidersResource
- ProjectsLocationsWorkloadIdentityPoolsResource
- ProjectsResource
- ProjectsRolesResource
- ProjectsServiceAccountsKeysResource
- ProjectsServiceAccountsResource
- QueryAuditableServicesRequest
- A request to get the list of auditable services for a resource.
- QueryAuditableServicesResponse
- A response containing a list of auditable services for a resource.
- QueryGrantableRolesRequest
- The grantable role query request.
- QueryGrantableRolesResponse
- The grantable role query response.
- QueryTestablePermissionsRequest
- A request to get permissions which can be tested on a resource.
- QueryTestablePermissionsResponse
- The response containing permissions which can be tested on a resource.
- Role
- A role in the Identity and Access Management API.
- RolesResource
- Saml
- Represents an SAML 2.0 identity provider.
- ServiceAccount
- An IAM service account.
- ServiceAccountKey
- Represents a service account key.
- ServiceConfig
- Configuration for a service.
- SetIamPolicyRequest
-
Request message for
SetIamPolicy
method. - SignBlobRequest
- Migrate to Service Account Credentials API.
- SignBlobResponse
- Migrate to Service Account Credentials API.
- SignJwtRequest
- Migrate to Service Account Credentials API.
- SignJwtResponse
- Migrate to Service Account Credentials API.
- UndeleteRoleRequest
- The request to undelete an existing role.
- UndeleteServiceAccountResponse
- UploadServiceAccountKeyRequest
- The service account key upload request.
- WorkforcePool
- Represents a collection of external workforces.
- WorkforcePoolProvider
- A configuration for an external identity provider.
- WorkforcePoolProviderKey
- Represents a public key configuration for a Workforce Pool Provider.
- WorkloadIdentityPool
- Represents a collection of workload identities.
- WorkloadIdentityPoolProvider
- A configuration for an external identity provider.
- WorkloadIdentityPoolProviderKey
- Represents a public key configuration for your workload identity pool provider.
Typedefs
- AuditLogConfig = $AuditLogConfig
- Provides the configuration for logging a type of permissions.
- DisableServiceAccountRequest = $Empty
- The service account disable request.
- Empty = $Empty
- A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
- EnableServiceAccountKeyRequest = $Empty
- The service account key enable request.
- EnableServiceAccountRequest = $Empty
- The service account enable request.
- Expr = $Expr
- Represents a textual expression in the Common Expression Language (CEL) syntax.
- GetPolicyOptions = $GetPolicyOptions00
- Encapsulates settings provided to GetIamPolicy.
- Status = $Status
-
The
Status
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. - TestIamPermissionsRequest = $TestIamPermissionsRequest00
-
Request message for
TestIamPermissions
method. - TestIamPermissionsResponse = $PermissionsResponse
-
Response message for
TestIamPermissions
method. - UndeleteOauthClientRequest = $Empty
- Request message for UndeleteOauthClient.
- UndeleteServiceAccountRequest = $Empty
- The service account undelete request.
- UndeleteWorkforcePoolProviderKeyRequest = $Empty
- Request message for UndeleteWorkforcePoolProviderKey.
- UndeleteWorkforcePoolProviderRequest = $Empty
- Request message for UndeleteWorkforcePoolProvider.
- UndeleteWorkforcePoolRequest = $Empty
- Request message for UndeleteWorkforcePool.
- UndeleteWorkforcePoolSubjectRequest = $Empty
- Request message for UndeleteWorkforcePoolSubject.
- UndeleteWorkloadIdentityPoolProviderKeyRequest = $Empty
- Request message for UndeleteWorkloadIdentityPoolProviderKey.
- UndeleteWorkloadIdentityPoolProviderRequest = $Empty
- Request message for UndeleteWorkloadIdentityPoolProvider.
- UndeleteWorkloadIdentityPoolRequest = $Empty
- Request message for UndeleteWorkloadIdentityPool.
Exceptions / Errors
- ApiRequestError
- Represents a general error reported by the API endpoint.
- DetailedApiRequestError
- Represents a specific error reported by the API endpoint.