iam library

IAM service accounts + Workload Identity Federation pools. Per-resource IAM members live alongside their owning service barrel (e.g. pubsub.dart exports GooglePubsubTopicIamMember).

Classes

GoogleIamWorkloadIdentityPool

Factory wrapper for google_iam_workload_identity_pool (provider hashicorp/google ~> 7.0).

GoogleProjectIamCustomRole

Factory wrapper for google_project_iam_custom_role.

GoogleProjectIamMember

Factory wrapper for google_project_iam_member.

GoogleServiceAccount

Factory wrapper for google_service_account (provider hashicorp/google ~> 7.0).

GoogleServiceAccountIamMember

Factory wrapper for google_service_account_iam_member.

GoogleServiceAccountKey

Factory wrapper for google_service_account_key.

Enums

CustomRoleStage

Lifecycle stage for GoogleProjectIamCustomRole.stage. Mirrors the stage field exposed by the IAM API — alpha / beta / ga are grantable; deprecated / disabled keep the role visible but reject new bindings.

KeyAlgorithm

Signing algorithm for GoogleServiceAccountKey.keyAlgorithm. GCP supports RSA-1024 (legacy) and RSA-2048 (default); unspecified lets the API pick.

PrivateKeyType

Output format for the emitted private key (GoogleServiceAccountKey.privateKeyType). googleCredentialsFile (the default) returns a JSON credentials file matching what gcloud iam service-accounts keys create emits; pkcs12File returns a PKCS#12 keystore for systems that consume that format.

PublicKeyType

Output format for the public key half (GoogleServiceAccountKey.publicKeyType). x509PemFile is the most portable choice; rawPublicKey returns just the key material.

WorkloadIdentityPoolMode

Operating mode for a workload identity pool.