iam/v1 library

Identity and Access Management (IAM) API - v1

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

For more information, see cloud.google.com/iam/

Create an instance of IamApi to access these resources:

• IamPoliciesResource
• LocationsResource
  • LocationsWorkforcePoolsResource
    • LocationsWorkforcePoolsOperationsResource
    • LocationsWorkforcePoolsProvidersResource
      • LocationsWorkforcePoolsProvidersKeysResource
        • LocationsWorkforcePoolsProvidersKeysOperationsResource
      • LocationsWorkforcePoolsProvidersOperationsResource
    • LocationsWorkforcePoolsSubjectsResource
      • LocationsWorkforcePoolsSubjectsOperationsResource
• OrganizationsResource
  • OrganizationsRolesResource
• PermissionsResource
• ProjectsResource
  • ProjectsLocationsResource
    • ProjectsLocationsWorkloadIdentityPoolsResource
      • ProjectsLocationsWorkloadIdentityPoolsNamespacesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource

• ProjectsLocationsWorkloadIdentityPoolsNamespacesOperationsResource - ProjectsLocationsWorkloadIdentityPoolsOperationsResource - ProjectsLocationsWorkloadIdentityPoolsProvidersResource - ProjectsLocationsWorkloadIdentityPoolsProvidersKeysResource
• ProjectsLocationsWorkloadIdentityPoolsProvidersKeysOperationsResource
• ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsResource
  • ProjectsRolesResource
  • ProjectsServiceAccountsResource
    • ProjectsServiceAccountsKeysResource
• RolesResource

Classes

AccessRestrictions

Access related restrictions on the workforce pool.

AuditableService

Contains information about an auditable service.

AuditConfig

Specifies the audit configuration for a service.

Aws

Represents an Amazon Web Services identity provider.

Binding

Associates members, or principals, with a role.

CreateRoleRequest

The request to create a new role.

CreateServiceAccountKeyRequest

The service account key create request.

CreateServiceAccountRequest

The service account create request.

GetIamPolicyRequest

Request message for GetIamPolicy method.

GoogleIamAdminV1WorkforcePoolProviderOidc

Represents an OpenId Connect 1.0 identity provider.

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret

Representation of a client secret configured for the OIDC provider.

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue

Representation of the value of the client secret.

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig

Configuration for web single sign-on for the OIDC provider.

GoogleIamAdminV1WorkforcePoolProviderSaml

Represents a SAML identity provider.

IamApi

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

IamPoliciesResource

KeyData

Represents a public key data along with its format.

LintPolicyRequest

The request to lint a Cloud IAM policy object.

LintPolicyResponse

The response of a lint operation.

LintResult

Structured response of a single validation unit.

ListRolesResponse

The response containing the roles defined under a resource.

ListServiceAccountKeysResponse

The service account keys list response.

ListServiceAccountsResponse

The service account list response.

ListWorkforcePoolProviderKeysResponse

Response message for ListWorkforcePoolProviderKeys.

ListWorkforcePoolProvidersResponse

Response message for ListWorkforcePoolProviders.

ListWorkforcePoolsResponse

Response message for ListWorkforcePools.

ListWorkloadIdentityPoolProviderKeysResponse

Response message for ListWorkloadIdentityPoolProviderKeys.

ListWorkloadIdentityPoolProvidersResponse

Response message for ListWorkloadIdentityPoolProviders.

ListWorkloadIdentityPoolsResponse

Response message for ListWorkloadIdentityPools.

LocationsResource

LocationsWorkforcePoolsOperationsResource

LocationsWorkforcePoolsProvidersKeysOperationsResource

LocationsWorkforcePoolsProvidersKeysResource

LocationsWorkforcePoolsProvidersOperationsResource

LocationsWorkforcePoolsProvidersResource

LocationsWorkforcePoolsResource

LocationsWorkforcePoolsSubjectsOperationsResource

LocationsWorkforcePoolsSubjectsResource

Oidc

Represents an OpenId Connect 1.0 identity provider.

Operation

This resource represents a long-running operation that is the result of a network API call.

OrganizationsResource

OrganizationsRolesResource

PatchServiceAccountRequest

The service account patch request.

Permission

A permission which can be included by a role.

PermissionsResource

Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

ProjectsLocationsResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesOperationsResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesResource

ProjectsLocationsWorkloadIdentityPoolsOperationsResource

ProjectsLocationsWorkloadIdentityPoolsProvidersKeysOperationsResource

ProjectsLocationsWorkloadIdentityPoolsProvidersKeysResource

ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsResource

ProjectsLocationsWorkloadIdentityPoolsProvidersResource

ProjectsLocationsWorkloadIdentityPoolsResource

ProjectsResource

ProjectsRolesResource

ProjectsServiceAccountsKeysResource

ProjectsServiceAccountsResource

QueryAuditableServicesRequest

A request to get the list of auditable services for a resource.

QueryAuditableServicesResponse

A response containing a list of auditable services for a resource.

QueryGrantableRolesRequest

The grantable role query request.

QueryGrantableRolesResponse

The grantable role query response.

QueryTestablePermissionsRequest

A request to get permissions which can be tested on a resource.

QueryTestablePermissionsResponse

The response containing permissions which can be tested on a resource.

Role

A role in the Identity and Access Management API.

RolesResource

Saml

Represents an SAML 2.0 identity provider.

ServiceAccount

An IAM service account.

ServiceAccountKey

Represents a service account key.

ServiceConfig

Configuration for a service.

SetIamPolicyRequest

Request message for SetIamPolicy method.

SignBlobRequest

Migrate to Service Account Credentials API.

SignBlobResponse

Migrate to Service Account Credentials API.

SignJwtRequest

Migrate to Service Account Credentials API.

SignJwtResponse

Migrate to Service Account Credentials API.

UndeleteRoleRequest

The request to undelete an existing role.

UndeleteServiceAccountResponse

UploadServiceAccountKeyRequest

The service account key upload request.

WorkforcePool

Represents a collection of external workforces.

WorkforcePoolProvider

A configuration for an external identity provider.

WorkforcePoolProviderKey

Represents a public key configuration for a Workforce Pool Provider.

WorkloadIdentityPool

Represents a collection of workload identities.

WorkloadIdentityPoolProvider

A configuration for an external identity provider.

WorkloadIdentityPoolProviderKey

Represents a public key configuration for your workload identity pool provider.

Typedefs

AuditLogConfig = $AuditLogConfig

Provides the configuration for logging a type of permissions.

DisableServiceAccountKeyRequest = $Empty

The service account key disable request.

DisableServiceAccountRequest = $Empty

The service account disable request.

Empty = $Empty

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.

EnableServiceAccountKeyRequest = $Empty

The service account key enable request.

EnableServiceAccountRequest = $Empty

The service account enable request.

Expr = $Expr

Represents a textual expression in the Common Expression Language (CEL) syntax.

GetPolicyOptions = $GetPolicyOptions

Encapsulates settings provided to GetIamPolicy.

Status = $Status

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.

TestIamPermissionsRequest = $TestIamPermissionsRequest00

Request message for TestIamPermissions method.

TestIamPermissionsResponse = $PermissionsResponse

Response message for TestIamPermissions method.

UndeleteServiceAccountRequest = $Empty

The service account undelete request.

UndeleteWorkforcePoolProviderKeyRequest = $Empty

Request message for UndeleteWorkforcePoolProviderKey.

UndeleteWorkforcePoolProviderRequest = $Empty

Request message for UndeleteWorkforcePoolProvider.

UndeleteWorkforcePoolRequest = $Empty

Request message for UndeleteWorkforcePool.

UndeleteWorkforcePoolSubjectRequest = $Empty

Request message for UndeleteWorkforcePoolSubject.

UndeleteWorkloadIdentityPoolProviderKeyRequest = $Empty

Request message for UndeleteWorkloadIdentityPoolProviderKey.

UndeleteWorkloadIdentityPoolProviderRequest = $Empty

Request message for UndeleteWorkloadIdentityPoolProvider.

UndeleteWorkloadIdentityPoolRequest = $Empty

Request message for UndeleteWorkloadIdentityPool.

Exceptions / Errors

ApiRequestError

Represents a general error reported by the API endpoint.

DetailedApiRequestError

Represents a specific error reported by the API endpoint.