iam/v1 library

Identity and Access Management (IAM) API - v1

Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API.

For more information, see cloud.google.com/iam/

Create an instance of IamApi to access these resources:

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource

Classes

AccessRestrictions
Access related restrictions on the workforce pool.
AuditableService
Contains information about an auditable service.
AuditConfig
Specifies the audit configuration for a service.
Aws
Represents an Amazon Web Services identity provider.
Binding
Associates members, or principals, with a role.
CreateRoleRequest
The request to create a new role.
CreateServiceAccountKeyRequest
The service account key create request.
CreateServiceAccountRequest
The service account create request.
DisableServiceAccountKeyRequest
The service account key disable request.
ExtendedStatus
Extended status can store additional metadata.
GetIamPolicyRequest
Request message for GetIamPolicy method.
GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client
Represents the OAuth 2.0 client credential configuration for retrieving additional user attributes that are not present in the initial authentication credentials from the identity provider, e.g. groups.
GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters
Represents the parameters to control which claims are fetched from an IdP.
GoogleIamAdminV1WorkforcePoolProviderOidc
Represents an OpenId Connect 1.0 identity provider.
GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret
Representation of a client secret configured for the OIDC provider.
GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue
Representation of the value of the client secret.
GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig
Configuration for web single sign-on for the OIDC provider.
GoogleIamAdminV1WorkforcePoolProviderSaml
Represents a SAML identity provider.
IamApi
Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.
IamPoliciesResource
KeyData
Represents a public key data along with its format.
LintPolicyRequest
The request to lint an IAM policy object.
LintPolicyResponse
The response of a lint operation.
LintResult
Structured response of a single validation unit.
ListOauthClientCredentialsResponse
Response message for ListOauthClientCredentials.
ListOauthClientsResponse
Response message for ListOauthClients.
ListRolesResponse
The response containing the roles defined under a resource.
ListServiceAccountKeysResponse
The service account keys list response.
ListServiceAccountsResponse
The service account list response.
ListWorkforcePoolProviderKeysResponse
Response message for ListWorkforcePoolProviderKeys.
ListWorkforcePoolProvidersResponse
Response message for ListWorkforcePoolProviders.
ListWorkforcePoolsResponse
Response message for ListWorkforcePools.
ListWorkloadIdentityPoolProviderKeysResponse
Response message for ListWorkloadIdentityPoolProviderKeys.
ListWorkloadIdentityPoolProvidersResponse
Response message for ListWorkloadIdentityPoolProviders.
ListWorkloadIdentityPoolsResponse
Response message for ListWorkloadIdentityPools.
LocationsResource
LocationsWorkforcePoolsOperationsResource
LocationsWorkforcePoolsProvidersKeysOperationsResource
LocationsWorkforcePoolsProvidersKeysResource
LocationsWorkforcePoolsProvidersOperationsResource
LocationsWorkforcePoolsProvidersResource
LocationsWorkforcePoolsResource
LocationsWorkforcePoolsSubjectsOperationsResource
LocationsWorkforcePoolsSubjectsResource
OauthClient
Represents an OauthClient.
OauthClientCredential
Represents an OauthClientCredential.
Oidc
Represents an OpenId Connect 1.0 identity provider.
Operation
This resource represents a long-running operation that is the result of a network API call.
OrganizationsResource
OrganizationsRolesResource
PatchServiceAccountKeyRequest
The service account key patch request.
PatchServiceAccountRequest
The service account patch request.
Permission
A permission which can be included by a role.
PermissionsResource
Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
ProjectsLocationsOauthClientsCredentialsResource
ProjectsLocationsOauthClientsResource
ProjectsLocationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesOperationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesResource
ProjectsLocationsWorkloadIdentityPoolsOperationsResource
ProjectsLocationsWorkloadIdentityPoolsProvidersKeysOperationsResource
ProjectsLocationsWorkloadIdentityPoolsProvidersKeysResource
ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsResource
ProjectsLocationsWorkloadIdentityPoolsProvidersResource
ProjectsLocationsWorkloadIdentityPoolsResource
ProjectsResource
ProjectsRolesResource
ProjectsServiceAccountsKeysResource
ProjectsServiceAccountsResource
QueryAuditableServicesRequest
A request to get the list of auditable services for a resource.
QueryAuditableServicesResponse
A response containing a list of auditable services for a resource.
QueryGrantableRolesRequest
The grantable role query request.
QueryGrantableRolesResponse
The grantable role query response.
QueryTestablePermissionsRequest
A request to get permissions which can be tested on a resource.
QueryTestablePermissionsResponse
The response containing permissions which can be tested on a resource.
Role
A role in the Identity and Access Management API.
RolesResource
Saml
Represents an SAML 2.0 identity provider.
ServiceAccount
An IAM service account.
ServiceAccountKey
Represents a service account key.
ServiceConfig
Configuration for a service.
SetIamPolicyRequest
Request message for SetIamPolicy method.
SignBlobRequest
Migrate to Service Account Credentials API.
SignBlobResponse
Migrate to Service Account Credentials API.
SignJwtRequest
Migrate to Service Account Credentials API.
SignJwtResponse
Migrate to Service Account Credentials API.
UndeleteRoleRequest
The request to undelete an existing role.
UndeleteServiceAccountResponse
UploadServiceAccountKeyRequest
The service account key upload request.
WorkforcePool
Represents a collection of external workforces.
WorkforcePoolProvider
A configuration for an external identity provider.
WorkforcePoolProviderKey
Represents a public key configuration for a Workforce Pool Provider.
WorkloadIdentityPool
Represents a collection of workload identities.
WorkloadIdentityPoolProvider
A configuration for an external identity provider.
WorkloadIdentityPoolProviderKey
Represents a public key configuration for your workload identity pool provider.

Typedefs

AuditLogConfig = $AuditLogConfig
Provides the configuration for logging a type of permissions.
DisableServiceAccountRequest = $Empty
The service account disable request.
Empty = $Empty
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
EnableServiceAccountKeyRequest = $Empty
The service account key enable request.
EnableServiceAccountRequest = $Empty
The service account enable request.
Expr = $Expr
Represents a textual expression in the Common Expression Language (CEL) syntax.
GetPolicyOptions = $GetPolicyOptions00
Encapsulates settings provided to GetIamPolicy.
Status = $Status
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.
TestIamPermissionsRequest = $TestIamPermissionsRequest00
Request message for TestIamPermissions method.
TestIamPermissionsResponse = $PermissionsResponse
Response message for TestIamPermissions method.
UndeleteOauthClientRequest = $Empty
Request message for UndeleteOauthClient.
UndeleteServiceAccountRequest = $Empty
The service account undelete request.
UndeleteWorkforcePoolProviderKeyRequest = $Empty
Request message for UndeleteWorkforcePoolProviderKey.
UndeleteWorkforcePoolProviderRequest = $Empty
Request message for UndeleteWorkforcePoolProvider.
UndeleteWorkforcePoolRequest = $Empty
Request message for UndeleteWorkforcePool.
UndeleteWorkforcePoolSubjectRequest = $Empty
Request message for UndeleteWorkforcePoolSubject.
UndeleteWorkloadIdentityPoolProviderKeyRequest = $Empty
Request message for UndeleteWorkloadIdentityPoolProviderKey.
UndeleteWorkloadIdentityPoolProviderRequest = $Empty
Request message for UndeleteWorkloadIdentityPoolProvider.
UndeleteWorkloadIdentityPoolRequest = $Empty
Request message for UndeleteWorkloadIdentityPool.

Exceptions / Errors

ApiRequestError
Represents a general error reported by the API endpoint.
DetailedApiRequestError
Represents a specific error reported by the API endpoint.