google-apis-iam_v1 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +13 -0
  3. data/CHANGELOG.md +7 -0
  4. data/LICENSE.md +202 -0
  5. data/OVERVIEW.md +96 -0
  6. data/lib/google-apis-iam_v1.rb +15 -0
  7. data/lib/google/apis/iam_v1.rb +38 -0
  8. data/lib/google/apis/iam_v1/classes.rb +1693 -0
  9. data/lib/google/apis/iam_v1/gem_version.rb +28 -0
  10. data/lib/google/apis/iam_v1/representations.rb +726 -0
  11. data/lib/google/apis/iam_v1/service.rb +1733 -0
  12. metadata +77 -0
data/lib/google/apis/iam_v1/service.rb ADDED
@@ -0,0 +1,1733 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'google/apis/core/base_service'
16
+ require 'google/apis/core/json_representation'
17
+ require 'google/apis/core/hashable'
18
+ require 'google/apis/errors'
19
+
20
+ module Google
21
+ module Apis
22
+ module IamV1
23
+ # Identity and Access Management (IAM) API
24
+ #
25
+ # Manages identity and access control for Google Cloud Platform resources,
26
+ # including the creation of service accounts, which you can use to authenticate
27
+ # to Google and make API calls.
28
+ #
29
+ # @example
30
+ # require 'google/apis/iam_v1'
31
+ #
32
+ # Iam = Google::Apis::IamV1 # Alias the module
33
+ # service = Iam::IamService.new
34
+ #
35
+ # @see https://cloud.google.com/iam/
36
+ class IamService < Google::Apis::Core::BaseService
37
+ # @return [String]
38
+ # API key. Your API key identifies your project and provides you with API access,
39
+ # quota, and reports. Required unless you provide an OAuth 2.0 token.
40
+ attr_accessor :key
41
+
42
+ # @return [String]
43
+ # Available to use for quota purposes for server-side applications. Can be any
44
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
45
+ attr_accessor :quota_user
46
+
47
+ def initialize
48
+ super('https://iam.googleapis.com/', '',
49
+ client_name: 'google-apis-iam_v1',
50
+ client_version: Google::Apis::IamV1::GEM_VERSION)
51
+ @batch_path = 'batch'
52
+ end
53
+
54
+ # Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.
55
+ # condition field, which contains a condition expression for a role binding.
56
+ # Successful calls to this method always return an HTTP `200 OK` status code,
57
+ # even if the linter detects an issue in the IAM policy.
58
+ # @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object
59
+ # @param [String] fields
60
+ # Selector specifying which fields to include in a partial response.
61
+ # @param [String] quota_user
62
+ # Available to use for quota purposes for server-side applications. Can be any
63
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
64
+ # @param [Google::Apis::RequestOptions] options
65
+ # Request-specific options
66
+ #
67
+ # @yield [result, err] Result & error if block supplied
68
+ # @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object
69
+ # @yieldparam err [StandardError] error object if request failed
70
+ #
71
+ # @return [Google::Apis::IamV1::LintPolicyResponse]
72
+ #
73
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
74
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
75
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
76
+ def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
77
+ command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options)
78
+ command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation
79
+ command.request_object = lint_policy_request_object
80
+ command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation
81
+ command.response_class = Google::Apis::IamV1::LintPolicyResponse
82
+ command.query['fields'] = fields unless fields.nil?
83
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
84
+ execute_or_queue_command(command, &block)
85
+ end
86
+
87
+ # Returns a list of services that allow you to opt into audit logs that are not
88
+ # generated by default. To learn more about audit logs, see the [Logging
89
+ # documentation](https://cloud.google.com/logging/docs/audit).
90
+ # @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object
91
+ # @param [String] fields
92
+ # Selector specifying which fields to include in a partial response.
93
+ # @param [String] quota_user
94
+ # Available to use for quota purposes for server-side applications. Can be any
95
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
96
+ # @param [Google::Apis::RequestOptions] options
97
+ # Request-specific options
98
+ #
99
+ # @yield [result, err] Result & error if block supplied
100
+ # @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object
101
+ # @yieldparam err [StandardError] error object if request failed
102
+ #
103
+ # @return [Google::Apis::IamV1::QueryAuditableServicesResponse]
104
+ #
105
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
106
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
107
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
108
+ def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
109
+ command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options)
110
+ command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation
111
+ command.request_object = query_auditable_services_request_object
112
+ command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation
113
+ command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse
114
+ command.query['fields'] = fields unless fields.nil?
115
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
116
+ execute_or_queue_command(command, &block)
117
+ end
118
+
119
+ # Creates a new custom Role.
120
+ # @param [String] parent
121
+ # The `parent` parameter's value depends on the target resource for the request,
122
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
123
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `parent`
124
+ # value format is described below: * [`projects.roles.create()`](/iam/reference/
125
+ # rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates
126
+ # project-level [custom roles](/iam/docs/understanding-custom-roles). Example
127
+ # request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [`
128
+ # organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/
129
+ # create): `organizations/`ORGANIZATION_ID``. This method creates organization-
130
+ # level [custom roles](/iam/docs/understanding-custom-roles). Example request
131
+ # URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
132
+ # Note: Wildcard (*) values are invalid; you must specify a complete project ID
133
+ # or organization ID.
134
+ # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object
135
+ # @param [String] fields
136
+ # Selector specifying which fields to include in a partial response.
137
+ # @param [String] quota_user
138
+ # Available to use for quota purposes for server-side applications. Can be any
139
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
140
+ # @param [Google::Apis::RequestOptions] options
141
+ # Request-specific options
142
+ #
143
+ # @yield [result, err] Result & error if block supplied
144
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
145
+ # @yieldparam err [StandardError] error object if request failed
146
+ #
147
+ # @return [Google::Apis::IamV1::Role]
148
+ #
149
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
150
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
151
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
152
+ def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
153
+ command = make_simple_command(:post, 'v1/{+parent}/roles', options)
154
+ command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
155
+ command.request_object = create_role_request_object
156
+ command.response_representation = Google::Apis::IamV1::Role::Representation
157
+ command.response_class = Google::Apis::IamV1::Role
158
+ command.params['parent'] = parent unless parent.nil?
159
+ command.query['fields'] = fields unless fields.nil?
160
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
161
+ execute_or_queue_command(command, &block)
162
+ end
163
+
164
+ # Deletes a custom Role. When you delete a custom role, the following changes
165
+ # occur immediately: * You cannot bind a member to the custom role in an IAM
166
+ # Policy. * Existing bindings to the custom role are not changed, but they have
167
+ # no effect. * By default, the response from ListRoles does not include the
168
+ # custom role. You have 7 days to undelete the custom role. After 7 days, the
169
+ # following changes occur: * The custom role is permanently deleted and cannot
170
+ # be recovered. * If an IAM policy contains a binding to the custom role, the
171
+ # binding is permanently removed.
172
+ # @param [String] name
173
+ # The `name` parameter's value depends on the target resource for the request,
174
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
175
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
176
+ # value format is described below: * [`projects.roles.delete()`](/iam/reference/
177
+ # rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
178
+ # This method deletes only [custom roles](/iam/docs/understanding-custom-roles)
179
+ # that have been created at the project level. Example request URL: `https://iam.
180
+ # googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
181
+ # organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/
182
+ # delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
183
+ # deletes only [custom roles](/iam/docs/understanding-custom-roles) that have
184
+ # been created at the organization level. Example request URL: `https://iam.
185
+ # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
186
+ # Wildcard (*) values are invalid; you must specify a complete project ID or
187
+ # organization ID.
188
+ # @param [String] etag
189
+ # Used to perform a consistent read-modify-write.
190
+ # @param [String] fields
191
+ # Selector specifying which fields to include in a partial response.
192
+ # @param [String] quota_user
193
+ # Available to use for quota purposes for server-side applications. Can be any
194
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
195
+ # @param [Google::Apis::RequestOptions] options
196
+ # Request-specific options
197
+ #
198
+ # @yield [result, err] Result & error if block supplied
199
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
200
+ # @yieldparam err [StandardError] error object if request failed
201
+ #
202
+ # @return [Google::Apis::IamV1::Role]
203
+ #
204
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
205
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
206
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
207
+ def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
208
+ command = make_simple_command(:delete, 'v1/{+name}', options)
209
+ command.response_representation = Google::Apis::IamV1::Role::Representation
210
+ command.response_class = Google::Apis::IamV1::Role
211
+ command.params['name'] = name unless name.nil?
212
+ command.query['etag'] = etag unless etag.nil?
213
+ command.query['fields'] = fields unless fields.nil?
214
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
215
+ execute_or_queue_command(command, &block)
216
+ end
217
+
218
+ # Gets the definition of a Role.
219
+ # @param [String] name
220
+ # The `name` parameter's value depends on the target resource for the request,
221
+ # namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
222
+ # rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
223
+ # organizations.roles). Each resource type's `name` value format is described
224
+ # below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``
225
+ # . This method returns results from all [predefined roles](/iam/docs/
226
+ # understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `
227
+ # https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/
228
+ # iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/`
229
+ # CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
230
+ # understanding-custom-roles) that have been created at the project level.
231
+ # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
232
+ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/
233
+ # organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
234
+ # CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
235
+ # understanding-custom-roles) that have been created at the organization level.
236
+ # Example request URL: `https://iam.googleapis.com/v1/organizations/`
237
+ # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
238
+ # you must specify a complete project ID or organization ID.
239
+ # @param [String] fields
240
+ # Selector specifying which fields to include in a partial response.
241
+ # @param [String] quota_user
242
+ # Available to use for quota purposes for server-side applications. Can be any
243
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
244
+ # @param [Google::Apis::RequestOptions] options
245
+ # Request-specific options
246
+ #
247
+ # @yield [result, err] Result & error if block supplied
248
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
249
+ # @yieldparam err [StandardError] error object if request failed
250
+ #
251
+ # @return [Google::Apis::IamV1::Role]
252
+ #
253
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
254
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
255
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
256
+ def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block)
257
+ command = make_simple_command(:get, 'v1/{+name}', options)
258
+ command.response_representation = Google::Apis::IamV1::Role::Representation
259
+ command.response_class = Google::Apis::IamV1::Role
260
+ command.params['name'] = name unless name.nil?
261
+ command.query['fields'] = fields unless fields.nil?
262
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
263
+ execute_or_queue_command(command, &block)
264
+ end
265
+
266
+ # Lists every predefined Role that IAM supports, or every custom role that is
267
+ # defined for an organization or project.
268
+ # @param [String] parent
269
+ # The `parent` parameter's value depends on the target resource for the request,
270
+ # namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
271
+ # rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
272
+ # organizations.roles). Each resource type's `parent` value format is described
273
+ # below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
274
+ # This method doesn't require a resource; it simply returns all [predefined
275
+ # roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example
276
+ # request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](
277
+ # /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This
278
+ # method lists all project-level [custom roles](/iam/docs/understanding-custom-
279
+ # roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
280
+ # PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/
281
+ # organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method
282
+ # lists all organization-level [custom roles](/iam/docs/understanding-custom-
283
+ # roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`
284
+ # ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must
285
+ # specify a complete project ID or organization ID.
286
+ # @param [Fixnum] page_size
287
+ # Optional limit on the number of roles to include in the response. The default
288
+ # is 300, and the maximum is 1,000.
289
+ # @param [String] page_token
290
+ # Optional pagination token returned in an earlier ListRolesResponse.
291
+ # @param [Boolean] show_deleted
292
+ # Include Roles that have been deleted.
293
+ # @param [String] view
294
+ # Optional view for the returned Role objects. When `FULL` is specified, the `
295
+ # includedPermissions` field is returned, which includes a list of all
296
+ # permissions in the role. The default value is `BASIC`, which does not return
297
+ # the `includedPermissions` field.
298
+ # @param [String] fields
299
+ # Selector specifying which fields to include in a partial response.
300
+ # @param [String] quota_user
301
+ # Available to use for quota purposes for server-side applications. Can be any
302
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
303
+ # @param [Google::Apis::RequestOptions] options
304
+ # Request-specific options
305
+ #
306
+ # @yield [result, err] Result & error if block supplied
307
+ # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
308
+ # @yieldparam err [StandardError] error object if request failed
309
+ #
310
+ # @return [Google::Apis::IamV1::ListRolesResponse]
311
+ #
312
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
313
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
314
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
315
+ def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
316
+ command = make_simple_command(:get, 'v1/{+parent}/roles', options)
317
+ command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
318
+ command.response_class = Google::Apis::IamV1::ListRolesResponse
319
+ command.params['parent'] = parent unless parent.nil?
320
+ command.query['pageSize'] = page_size unless page_size.nil?
321
+ command.query['pageToken'] = page_token unless page_token.nil?
322
+ command.query['showDeleted'] = show_deleted unless show_deleted.nil?
323
+ command.query['view'] = view unless view.nil?
324
+ command.query['fields'] = fields unless fields.nil?
325
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
326
+ execute_or_queue_command(command, &block)
327
+ end
328
+
329
+ # Updates the definition of a custom Role.
330
+ # @param [String] name
331
+ # The `name` parameter's value depends on the target resource for the request,
332
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
333
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
334
+ # value format is described below: * [`projects.roles.patch()`](/iam/reference/
335
+ # rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
336
+ # This method updates only [custom roles](/iam/docs/understanding-custom-roles)
337
+ # that have been created at the project level. Example request URL: `https://iam.
338
+ # googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
339
+ # organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch)
340
+ # : `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
341
+ # updates only [custom roles](/iam/docs/understanding-custom-roles) that have
342
+ # been created at the organization level. Example request URL: `https://iam.
343
+ # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
344
+ # Wildcard (*) values are invalid; you must specify a complete project ID or
345
+ # organization ID.
346
+ # @param [Google::Apis::IamV1::Role] role_object
347
+ # @param [String] update_mask
348
+ # A mask describing which fields in the Role have changed.
349
+ # @param [String] fields
350
+ # Selector specifying which fields to include in a partial response.
351
+ # @param [String] quota_user
352
+ # Available to use for quota purposes for server-side applications. Can be any
353
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
354
+ # @param [Google::Apis::RequestOptions] options
355
+ # Request-specific options
356
+ #
357
+ # @yield [result, err] Result & error if block supplied
358
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
359
+ # @yieldparam err [StandardError] error object if request failed
360
+ #
361
+ # @return [Google::Apis::IamV1::Role]
362
+ #
363
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
364
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
365
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
366
+ def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
367
+ command = make_simple_command(:patch, 'v1/{+name}', options)
368
+ command.request_representation = Google::Apis::IamV1::Role::Representation
369
+ command.request_object = role_object
370
+ command.response_representation = Google::Apis::IamV1::Role::Representation
371
+ command.response_class = Google::Apis::IamV1::Role
372
+ command.params['name'] = name unless name.nil?
373
+ command.query['updateMask'] = update_mask unless update_mask.nil?
374
+ command.query['fields'] = fields unless fields.nil?
375
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
376
+ execute_or_queue_command(command, &block)
377
+ end
378
+
379
+ # Undeletes a custom Role.
380
+ # @param [String] name
381
+ # The `name` parameter's value depends on the target resource for the request,
382
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
383
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
384
+ # value format is described below: * [`projects.roles.undelete()`](/iam/
385
+ # reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`
386
+ # CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
387
+ # understanding-custom-roles) that have been created at the project level.
388
+ # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
389
+ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/
390
+ # rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/`
391
+ # CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
392
+ # understanding-custom-roles) that have been created at the organization level.
393
+ # Example request URL: `https://iam.googleapis.com/v1/organizations/`
394
+ # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
395
+ # you must specify a complete project ID or organization ID.
396
+ # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object
397
+ # @param [String] fields
398
+ # Selector specifying which fields to include in a partial response.
399
+ # @param [String] quota_user
400
+ # Available to use for quota purposes for server-side applications. Can be any
401
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
402
+ # @param [Google::Apis::RequestOptions] options
403
+ # Request-specific options
404
+ #
405
+ # @yield [result, err] Result & error if block supplied
406
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
407
+ # @yieldparam err [StandardError] error object if request failed
408
+ #
409
+ # @return [Google::Apis::IamV1::Role]
410
+ #
411
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
412
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
413
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
414
+ def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
415
+ command = make_simple_command(:post, 'v1/{+name}:undelete', options)
416
+ command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
417
+ command.request_object = undelete_role_request_object
418
+ command.response_representation = Google::Apis::IamV1::Role::Representation
419
+ command.response_class = Google::Apis::IamV1::Role
420
+ command.params['name'] = name unless name.nil?
421
+ command.query['fields'] = fields unless fields.nil?
422
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
423
+ execute_or_queue_command(command, &block)
424
+ end
425
+
426
+ # Lists every permission that you can test on a resource. A permission is
427
+ # testable if you can check whether a member has that permission on the resource.
428
+ # @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object
429
+ # @param [String] fields
430
+ # Selector specifying which fields to include in a partial response.
431
+ # @param [String] quota_user
432
+ # Available to use for quota purposes for server-side applications. Can be any
433
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
434
+ # @param [Google::Apis::RequestOptions] options
435
+ # Request-specific options
436
+ #
437
+ # @yield [result, err] Result & error if block supplied
438
+ # @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object
439
+ # @yieldparam err [StandardError] error object if request failed
440
+ #
441
+ # @return [Google::Apis::IamV1::QueryTestablePermissionsResponse]
442
+ #
443
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
444
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
445
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
446
+ def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
447
+ command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options)
448
+ command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation
449
+ command.request_object = query_testable_permissions_request_object
450
+ command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation
451
+ command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse
452
+ command.query['fields'] = fields unless fields.nil?
453
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
454
+ execute_or_queue_command(command, &block)
455
+ end
456
+
457
+ # Gets the latest state of a long-running operation. Clients can use this method
458
+ # to poll the operation result at intervals as recommended by the API service.
459
+ # @param [String] name
460
+ # The name of the operation resource.
461
+ # @param [String] fields
462
+ # Selector specifying which fields to include in a partial response.
463
+ # @param [String] quota_user
464
+ # Available to use for quota purposes for server-side applications. Can be any
465
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
466
+ # @param [Google::Apis::RequestOptions] options
467
+ # Request-specific options
468
+ #
469
+ # @yield [result, err] Result & error if block supplied
470
+ # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
471
+ # @yieldparam err [StandardError] error object if request failed
472
+ #
473
+ # @return [Google::Apis::IamV1::Operation]
474
+ #
475
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
476
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
477
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
478
+ def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block)
479
+ command = make_simple_command(:get, 'v1/{+name}', options)
480
+ command.response_representation = Google::Apis::IamV1::Operation::Representation
481
+ command.response_class = Google::Apis::IamV1::Operation
482
+ command.params['name'] = name unless name.nil?
483
+ command.query['fields'] = fields unless fields.nil?
484
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
485
+ execute_or_queue_command(command, &block)
486
+ end
487
+
488
+ # Gets the latest state of a long-running operation. Clients can use this method
489
+ # to poll the operation result at intervals as recommended by the API service.
490
+ # @param [String] name
491
+ # The name of the operation resource.
492
+ # @param [String] fields
493
+ # Selector specifying which fields to include in a partial response.
494
+ # @param [String] quota_user
495
+ # Available to use for quota purposes for server-side applications. Can be any
496
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
497
+ # @param [Google::Apis::RequestOptions] options
498
+ # Request-specific options
499
+ #
500
+ # @yield [result, err] Result & error if block supplied
501
+ # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object
502
+ # @yieldparam err [StandardError] error object if request failed
503
+ #
504
+ # @return [Google::Apis::IamV1::Operation]
505
+ #
506
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
507
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
508
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
509
+ def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block)
510
+ command = make_simple_command(:get, 'v1/{+name}', options)
511
+ command.response_representation = Google::Apis::IamV1::Operation::Representation
512
+ command.response_class = Google::Apis::IamV1::Operation
513
+ command.params['name'] = name unless name.nil?
514
+ command.query['fields'] = fields unless fields.nil?
515
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
516
+ execute_or_queue_command(command, &block)
517
+ end
518
+
519
+ # Creates a new custom Role.
520
+ # @param [String] parent
521
+ # The `parent` parameter's value depends on the target resource for the request,
522
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
523
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `parent`
524
+ # value format is described below: * [`projects.roles.create()`](/iam/reference/
525
+ # rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates
526
+ # project-level [custom roles](/iam/docs/understanding-custom-roles). Example
527
+ # request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [`
528
+ # organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/
529
+ # create): `organizations/`ORGANIZATION_ID``. This method creates organization-
530
+ # level [custom roles](/iam/docs/understanding-custom-roles). Example request
531
+ # URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles`
532
+ # Note: Wildcard (*) values are invalid; you must specify a complete project ID
533
+ # or organization ID.
534
+ # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object
535
+ # @param [String] fields
536
+ # Selector specifying which fields to include in a partial response.
537
+ # @param [String] quota_user
538
+ # Available to use for quota purposes for server-side applications. Can be any
539
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
540
+ # @param [Google::Apis::RequestOptions] options
541
+ # Request-specific options
542
+ #
543
+ # @yield [result, err] Result & error if block supplied
544
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
545
+ # @yieldparam err [StandardError] error object if request failed
546
+ #
547
+ # @return [Google::Apis::IamV1::Role]
548
+ #
549
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
550
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
551
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
552
+ def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
553
+ command = make_simple_command(:post, 'v1/{+parent}/roles', options)
554
+ command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation
555
+ command.request_object = create_role_request_object
556
+ command.response_representation = Google::Apis::IamV1::Role::Representation
557
+ command.response_class = Google::Apis::IamV1::Role
558
+ command.params['parent'] = parent unless parent.nil?
559
+ command.query['fields'] = fields unless fields.nil?
560
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
561
+ execute_or_queue_command(command, &block)
562
+ end
563
+
564
+ # Deletes a custom Role. When you delete a custom role, the following changes
565
+ # occur immediately: * You cannot bind a member to the custom role in an IAM
566
+ # Policy. * Existing bindings to the custom role are not changed, but they have
567
+ # no effect. * By default, the response from ListRoles does not include the
568
+ # custom role. You have 7 days to undelete the custom role. After 7 days, the
569
+ # following changes occur: * The custom role is permanently deleted and cannot
570
+ # be recovered. * If an IAM policy contains a binding to the custom role, the
571
+ # binding is permanently removed.
572
+ # @param [String] name
573
+ # The `name` parameter's value depends on the target resource for the request,
574
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
575
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
576
+ # value format is described below: * [`projects.roles.delete()`](/iam/reference/
577
+ # rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
578
+ # This method deletes only [custom roles](/iam/docs/understanding-custom-roles)
579
+ # that have been created at the project level. Example request URL: `https://iam.
580
+ # googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
581
+ # organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/
582
+ # delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
583
+ # deletes only [custom roles](/iam/docs/understanding-custom-roles) that have
584
+ # been created at the organization level. Example request URL: `https://iam.
585
+ # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
586
+ # Wildcard (*) values are invalid; you must specify a complete project ID or
587
+ # organization ID.
588
+ # @param [String] etag
589
+ # Used to perform a consistent read-modify-write.
590
+ # @param [String] fields
591
+ # Selector specifying which fields to include in a partial response.
592
+ # @param [String] quota_user
593
+ # Available to use for quota purposes for server-side applications. Can be any
594
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
595
+ # @param [Google::Apis::RequestOptions] options
596
+ # Request-specific options
597
+ #
598
+ # @yield [result, err] Result & error if block supplied
599
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
600
+ # @yieldparam err [StandardError] error object if request failed
601
+ #
602
+ # @return [Google::Apis::IamV1::Role]
603
+ #
604
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
605
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
606
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
607
+ def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block)
608
+ command = make_simple_command(:delete, 'v1/{+name}', options)
609
+ command.response_representation = Google::Apis::IamV1::Role::Representation
610
+ command.response_class = Google::Apis::IamV1::Role
611
+ command.params['name'] = name unless name.nil?
612
+ command.query['etag'] = etag unless etag.nil?
613
+ command.query['fields'] = fields unless fields.nil?
614
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
615
+ execute_or_queue_command(command, &block)
616
+ end
617
+
618
+ # Gets the definition of a Role.
619
+ # @param [String] name
620
+ # The `name` parameter's value depends on the target resource for the request,
621
+ # namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
622
+ # rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
623
+ # organizations.roles). Each resource type's `name` value format is described
624
+ # below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``
625
+ # . This method returns results from all [predefined roles](/iam/docs/
626
+ # understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `
627
+ # https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/
628
+ # iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/`
629
+ # CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
630
+ # understanding-custom-roles) that have been created at the project level.
631
+ # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
632
+ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/
633
+ # organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
634
+ # CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
635
+ # understanding-custom-roles) that have been created at the organization level.
636
+ # Example request URL: `https://iam.googleapis.com/v1/organizations/`
637
+ # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
638
+ # you must specify a complete project ID or organization ID.
639
+ # @param [String] fields
640
+ # Selector specifying which fields to include in a partial response.
641
+ # @param [String] quota_user
642
+ # Available to use for quota purposes for server-side applications. Can be any
643
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
644
+ # @param [Google::Apis::RequestOptions] options
645
+ # Request-specific options
646
+ #
647
+ # @yield [result, err] Result & error if block supplied
648
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
649
+ # @yieldparam err [StandardError] error object if request failed
650
+ #
651
+ # @return [Google::Apis::IamV1::Role]
652
+ #
653
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
654
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
655
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
656
+ def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block)
657
+ command = make_simple_command(:get, 'v1/{+name}', options)
658
+ command.response_representation = Google::Apis::IamV1::Role::Representation
659
+ command.response_class = Google::Apis::IamV1::Role
660
+ command.params['name'] = name unless name.nil?
661
+ command.query['fields'] = fields unless fields.nil?
662
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
663
+ execute_or_queue_command(command, &block)
664
+ end
665
+
666
+ # Lists every predefined Role that IAM supports, or every custom role that is
667
+ # defined for an organization or project.
668
+ # @param [String] parent
669
+ # The `parent` parameter's value depends on the target resource for the request,
670
+ # namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
671
+ # rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
672
+ # organizations.roles). Each resource type's `parent` value format is described
673
+ # below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
674
+ # This method doesn't require a resource; it simply returns all [predefined
675
+ # roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example
676
+ # request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](
677
+ # /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This
678
+ # method lists all project-level [custom roles](/iam/docs/understanding-custom-
679
+ # roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
680
+ # PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/
681
+ # organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method
682
+ # lists all organization-level [custom roles](/iam/docs/understanding-custom-
683
+ # roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`
684
+ # ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must
685
+ # specify a complete project ID or organization ID.
686
+ # @param [Fixnum] page_size
687
+ # Optional limit on the number of roles to include in the response. The default
688
+ # is 300, and the maximum is 1,000.
689
+ # @param [String] page_token
690
+ # Optional pagination token returned in an earlier ListRolesResponse.
691
+ # @param [Boolean] show_deleted
692
+ # Include Roles that have been deleted.
693
+ # @param [String] view
694
+ # Optional view for the returned Role objects. When `FULL` is specified, the `
695
+ # includedPermissions` field is returned, which includes a list of all
696
+ # permissions in the role. The default value is `BASIC`, which does not return
697
+ # the `includedPermissions` field.
698
+ # @param [String] fields
699
+ # Selector specifying which fields to include in a partial response.
700
+ # @param [String] quota_user
701
+ # Available to use for quota purposes for server-side applications. Can be any
702
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
703
+ # @param [Google::Apis::RequestOptions] options
704
+ # Request-specific options
705
+ #
706
+ # @yield [result, err] Result & error if block supplied
707
+ # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
708
+ # @yieldparam err [StandardError] error object if request failed
709
+ #
710
+ # @return [Google::Apis::IamV1::ListRolesResponse]
711
+ #
712
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
713
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
714
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
715
+ def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
716
+ command = make_simple_command(:get, 'v1/{+parent}/roles', options)
717
+ command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
718
+ command.response_class = Google::Apis::IamV1::ListRolesResponse
719
+ command.params['parent'] = parent unless parent.nil?
720
+ command.query['pageSize'] = page_size unless page_size.nil?
721
+ command.query['pageToken'] = page_token unless page_token.nil?
722
+ command.query['showDeleted'] = show_deleted unless show_deleted.nil?
723
+ command.query['view'] = view unless view.nil?
724
+ command.query['fields'] = fields unless fields.nil?
725
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
726
+ execute_or_queue_command(command, &block)
727
+ end
728
+
729
+ # Updates the definition of a custom Role.
730
+ # @param [String] name
731
+ # The `name` parameter's value depends on the target resource for the request,
732
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
733
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
734
+ # value format is described below: * [`projects.roles.patch()`](/iam/reference/
735
+ # rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``.
736
+ # This method updates only [custom roles](/iam/docs/understanding-custom-roles)
737
+ # that have been created at the project level. Example request URL: `https://iam.
738
+ # googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [`
739
+ # organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch)
740
+ # : `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method
741
+ # updates only [custom roles](/iam/docs/understanding-custom-roles) that have
742
+ # been created at the organization level. Example request URL: `https://iam.
743
+ # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note:
744
+ # Wildcard (*) values are invalid; you must specify a complete project ID or
745
+ # organization ID.
746
+ # @param [Google::Apis::IamV1::Role] role_object
747
+ # @param [String] update_mask
748
+ # A mask describing which fields in the Role have changed.
749
+ # @param [String] fields
750
+ # Selector specifying which fields to include in a partial response.
751
+ # @param [String] quota_user
752
+ # Available to use for quota purposes for server-side applications. Can be any
753
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
754
+ # @param [Google::Apis::RequestOptions] options
755
+ # Request-specific options
756
+ #
757
+ # @yield [result, err] Result & error if block supplied
758
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
759
+ # @yieldparam err [StandardError] error object if request failed
760
+ #
761
+ # @return [Google::Apis::IamV1::Role]
762
+ #
763
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
764
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
765
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
766
+ def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
767
+ command = make_simple_command(:patch, 'v1/{+name}', options)
768
+ command.request_representation = Google::Apis::IamV1::Role::Representation
769
+ command.request_object = role_object
770
+ command.response_representation = Google::Apis::IamV1::Role::Representation
771
+ command.response_class = Google::Apis::IamV1::Role
772
+ command.params['name'] = name unless name.nil?
773
+ command.query['updateMask'] = update_mask unless update_mask.nil?
774
+ command.query['fields'] = fields unless fields.nil?
775
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
776
+ execute_or_queue_command(command, &block)
777
+ end
778
+
779
+ # Undeletes a custom Role.
780
+ # @param [String] name
781
+ # The `name` parameter's value depends on the target resource for the request,
782
+ # namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`]
783
+ # (/iam/reference/rest/v1/organizations.roles). Each resource type's `name`
784
+ # value format is described below: * [`projects.roles.undelete()`](/iam/
785
+ # reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`
786
+ # CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
787
+ # understanding-custom-roles) that have been created at the project level.
788
+ # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
789
+ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/
790
+ # rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/`
791
+ # CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/
792
+ # understanding-custom-roles) that have been created at the organization level.
793
+ # Example request URL: `https://iam.googleapis.com/v1/organizations/`
794
+ # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
795
+ # you must specify a complete project ID or organization ID.
796
+ # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object
797
+ # @param [String] fields
798
+ # Selector specifying which fields to include in a partial response.
799
+ # @param [String] quota_user
800
+ # Available to use for quota purposes for server-side applications. Can be any
801
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
802
+ # @param [Google::Apis::RequestOptions] options
803
+ # Request-specific options
804
+ #
805
+ # @yield [result, err] Result & error if block supplied
806
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
807
+ # @yieldparam err [StandardError] error object if request failed
808
+ #
809
+ # @return [Google::Apis::IamV1::Role]
810
+ #
811
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
812
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
813
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
814
+ def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
815
+ command = make_simple_command(:post, 'v1/{+name}:undelete', options)
816
+ command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation
817
+ command.request_object = undelete_role_request_object
818
+ command.response_representation = Google::Apis::IamV1::Role::Representation
819
+ command.response_class = Google::Apis::IamV1::Role
820
+ command.params['name'] = name unless name.nil?
821
+ command.query['fields'] = fields unless fields.nil?
822
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
823
+ execute_or_queue_command(command, &block)
824
+ end
825
+
826
+ # Creates a ServiceAccount.
827
+ # @param [String] name
828
+ # Required. The resource name of the project associated with the service
829
+ # accounts, such as `projects/my-project-123`.
830
+ # @param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object
831
+ # @param [String] fields
832
+ # Selector specifying which fields to include in a partial response.
833
+ # @param [String] quota_user
834
+ # Available to use for quota purposes for server-side applications. Can be any
835
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
836
+ # @param [Google::Apis::RequestOptions] options
837
+ # Request-specific options
838
+ #
839
+ # @yield [result, err] Result & error if block supplied
840
+ # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
841
+ # @yieldparam err [StandardError] error object if request failed
842
+ #
843
+ # @return [Google::Apis::IamV1::ServiceAccount]
844
+ #
845
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
846
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
847
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
848
+ def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
849
+ command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options)
850
+ command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation
851
+ command.request_object = create_service_account_request_object
852
+ command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
853
+ command.response_class = Google::Apis::IamV1::ServiceAccount
854
+ command.params['name'] = name unless name.nil?
855
+ command.query['fields'] = fields unless fields.nil?
856
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
857
+ execute_or_queue_command(command, &block)
858
+ end
859
+
860
+ # Deletes a ServiceAccount. **Warning:** After you delete a service account, you
861
+ # might not be able to undelete it. If you know that you need to re-enable the
862
+ # service account in the future, use DisableServiceAccount instead. If you
863
+ # delete a service account, IAM permanently removes the service account 30 days
864
+ # later. Google Cloud cannot recover the service account after it is permanently
865
+ # removed, even if you file a support request. To help avoid unplanned outages,
866
+ # we recommend that you disable the service account before you delete it. Use
867
+ # DisableServiceAccount to disable the service account, then wait at least 24
868
+ # hours and watch for unintended consequences. If there are no unintended
869
+ # consequences, you can delete the service account.
870
+ # @param [String] name
871
+ # Required. The resource name of the service account in the following format: `
872
+ # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
873
+ # the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
874
+ # can be the `email` address or the `unique_id` of the service account.
875
+ # @param [String] fields
876
+ # Selector specifying which fields to include in a partial response.
877
+ # @param [String] quota_user
878
+ # Available to use for quota purposes for server-side applications. Can be any
879
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
880
+ # @param [Google::Apis::RequestOptions] options
881
+ # Request-specific options
882
+ #
883
+ # @yield [result, err] Result & error if block supplied
884
+ # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
885
+ # @yieldparam err [StandardError] error object if request failed
886
+ #
887
+ # @return [Google::Apis::IamV1::Empty]
888
+ #
889
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
890
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
891
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
892
+ def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
893
+ command = make_simple_command(:delete, 'v1/{+name}', options)
894
+ command.response_representation = Google::Apis::IamV1::Empty::Representation
895
+ command.response_class = Google::Apis::IamV1::Empty
896
+ command.params['name'] = name unless name.nil?
897
+ command.query['fields'] = fields unless fields.nil?
898
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
899
+ execute_or_queue_command(command, &block)
900
+ end
901
+
902
+ # Disables a ServiceAccount immediately. If an application uses the service
903
+ # account to authenticate, that application can no longer call Google APIs or
904
+ # access Google Cloud resources. Existing access tokens for the service account
905
+ # are rejected, and requests for new access tokens will fail. To re-enable the
906
+ # service account, use EnableServiceAccount. After you re-enable the service
907
+ # account, its existing access tokens will be accepted, and you can request new
908
+ # access tokens. To help avoid unplanned outages, we recommend that you disable
909
+ # the service account before you delete it. Use this method to disable the
910
+ # service account, then wait at least 24 hours and watch for unintended
911
+ # consequences. If there are no unintended consequences, you can delete the
912
+ # service account with DeleteServiceAccount.
913
+ # @param [String] name
914
+ # The resource name of the service account in the following format: `projects/`
915
+ # PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
916
+ # PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
917
+ # be the `email` address or the `unique_id` of the service account.
918
+ # @param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object
919
+ # @param [String] fields
920
+ # Selector specifying which fields to include in a partial response.
921
+ # @param [String] quota_user
922
+ # Available to use for quota purposes for server-side applications. Can be any
923
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
924
+ # @param [Google::Apis::RequestOptions] options
925
+ # Request-specific options
926
+ #
927
+ # @yield [result, err] Result & error if block supplied
928
+ # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
929
+ # @yieldparam err [StandardError] error object if request failed
930
+ #
931
+ # @return [Google::Apis::IamV1::Empty]
932
+ #
933
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
934
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
935
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
936
+ def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
937
+ command = make_simple_command(:post, 'v1/{+name}:disable', options)
938
+ command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation
939
+ command.request_object = disable_service_account_request_object
940
+ command.response_representation = Google::Apis::IamV1::Empty::Representation
941
+ command.response_class = Google::Apis::IamV1::Empty
942
+ command.params['name'] = name unless name.nil?
943
+ command.query['fields'] = fields unless fields.nil?
944
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
945
+ execute_or_queue_command(command, &block)
946
+ end
947
+
948
+ # Enables a ServiceAccount that was disabled by DisableServiceAccount. If the
949
+ # service account is already enabled, then this method has no effect. If the
950
+ # service account was disabled by other means—for example, if Google disabled
951
+ # the service account because it was compromised—you cannot use this method to
952
+ # enable the service account.
953
+ # @param [String] name
954
+ # The resource name of the service account in the following format: `projects/`
955
+ # PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
956
+ # PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
957
+ # be the `email` address or the `unique_id` of the service account.
958
+ # @param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object
959
+ # @param [String] fields
960
+ # Selector specifying which fields to include in a partial response.
961
+ # @param [String] quota_user
962
+ # Available to use for quota purposes for server-side applications. Can be any
963
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
964
+ # @param [Google::Apis::RequestOptions] options
965
+ # Request-specific options
966
+ #
967
+ # @yield [result, err] Result & error if block supplied
968
+ # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
969
+ # @yieldparam err [StandardError] error object if request failed
970
+ #
971
+ # @return [Google::Apis::IamV1::Empty]
972
+ #
973
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
974
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
975
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
976
+ def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
977
+ command = make_simple_command(:post, 'v1/{+name}:enable', options)
978
+ command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation
979
+ command.request_object = enable_service_account_request_object
980
+ command.response_representation = Google::Apis::IamV1::Empty::Representation
981
+ command.response_class = Google::Apis::IamV1::Empty
982
+ command.params['name'] = name unless name.nil?
983
+ command.query['fields'] = fields unless fields.nil?
984
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
985
+ execute_or_queue_command(command, &block)
986
+ end
987
+
988
+ # Gets a ServiceAccount.
989
+ # @param [String] name
990
+ # Required. The resource name of the service account in the following format: `
991
+ # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
992
+ # the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
993
+ # can be the `email` address or the `unique_id` of the service account.
994
+ # @param [String] fields
995
+ # Selector specifying which fields to include in a partial response.
996
+ # @param [String] quota_user
997
+ # Available to use for quota purposes for server-side applications. Can be any
998
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
999
+ # @param [Google::Apis::RequestOptions] options
1000
+ # Request-specific options
1001
+ #
1002
+ # @yield [result, err] Result & error if block supplied
1003
+ # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
1004
+ # @yieldparam err [StandardError] error object if request failed
1005
+ #
1006
+ # @return [Google::Apis::IamV1::ServiceAccount]
1007
+ #
1008
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1009
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1010
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1011
+ def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block)
1012
+ command = make_simple_command(:get, 'v1/{+name}', options)
1013
+ command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
1014
+ command.response_class = Google::Apis::IamV1::ServiceAccount
1015
+ command.params['name'] = name unless name.nil?
1016
+ command.query['fields'] = fields unless fields.nil?
1017
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1018
+ execute_or_queue_command(command, &block)
1019
+ end
1020
+
1021
+ # Gets the IAM policy that is attached to a ServiceAccount. This IAM policy
1022
+ # specifies which members have access to the service account. This method does
1023
+ # not tell you whether the service account has been granted any roles on other
1024
+ # resources. To check whether a service account has role grants on a resource,
1025
+ # use the `getIamPolicy` method for that resource. For example, to view the role
1026
+ # grants for a project, call the Resource Manager API's [`projects.getIamPolicy`]
1027
+ # (https://cloud.google.com/resource-manager/reference/rest/v1/projects/
1028
+ # getIamPolicy) method.
1029
+ # @param [String] resource
1030
+ # REQUIRED: The resource for which the policy is being requested. See the
1031
+ # operation documentation for the appropriate value for this field.
1032
+ # @param [Fixnum] options_requested_policy_version
1033
+ # Optional. The policy format version to be returned. Valid values are 0, 1, and
1034
+ # 3. Requests specifying an invalid value will be rejected. Requests for
1035
+ # policies with any conditional bindings must specify version 3. Policies
1036
+ # without any conditional bindings may specify any valid value or leave the
1037
+ # field unset. To learn which resources support conditions in their IAM policies,
1038
+ # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
1039
+ # resource-policies).
1040
+ # @param [String] fields
1041
+ # Selector specifying which fields to include in a partial response.
1042
+ # @param [String] quota_user
1043
+ # Available to use for quota purposes for server-side applications. Can be any
1044
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1045
+ # @param [Google::Apis::RequestOptions] options
1046
+ # Request-specific options
1047
+ #
1048
+ # @yield [result, err] Result & error if block supplied
1049
+ # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object
1050
+ # @yieldparam err [StandardError] error object if request failed
1051
+ #
1052
+ # @return [Google::Apis::IamV1::Policy]
1053
+ #
1054
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1055
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1056
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1057
+ def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block)
1058
+ command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
1059
+ command.response_representation = Google::Apis::IamV1::Policy::Representation
1060
+ command.response_class = Google::Apis::IamV1::Policy
1061
+ command.params['resource'] = resource unless resource.nil?
1062
+ command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil?
1063
+ command.query['fields'] = fields unless fields.nil?
1064
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1065
+ execute_or_queue_command(command, &block)
1066
+ end
1067
+
1068
+ # Lists every ServiceAccount that belongs to a specific project.
1069
+ # @param [String] name
1070
+ # Required. The resource name of the project associated with the service
1071
+ # accounts, such as `projects/my-project-123`.
1072
+ # @param [Fixnum] page_size
1073
+ # Optional limit on the number of service accounts to include in the response.
1074
+ # Further accounts can subsequently be obtained by including the
1075
+ # ListServiceAccountsResponse.next_page_token in a subsequent request. The
1076
+ # default is 20, and the maximum is 100.
1077
+ # @param [String] page_token
1078
+ # Optional pagination token returned in an earlier ListServiceAccountsResponse.
1079
+ # next_page_token.
1080
+ # @param [String] fields
1081
+ # Selector specifying which fields to include in a partial response.
1082
+ # @param [String] quota_user
1083
+ # Available to use for quota purposes for server-side applications. Can be any
1084
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1085
+ # @param [Google::Apis::RequestOptions] options
1086
+ # Request-specific options
1087
+ #
1088
+ # @yield [result, err] Result & error if block supplied
1089
+ # @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object
1090
+ # @yieldparam err [StandardError] error object if request failed
1091
+ #
1092
+ # @return [Google::Apis::IamV1::ListServiceAccountsResponse]
1093
+ #
1094
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1095
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1096
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1097
+ def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
1098
+ command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options)
1099
+ command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation
1100
+ command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse
1101
+ command.params['name'] = name unless name.nil?
1102
+ command.query['pageSize'] = page_size unless page_size.nil?
1103
+ command.query['pageToken'] = page_token unless page_token.nil?
1104
+ command.query['fields'] = fields unless fields.nil?
1105
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1106
+ execute_or_queue_command(command, &block)
1107
+ end
1108
+
1109
+ # Patches a ServiceAccount.
1110
+ # @param [String] name
1111
+ # The resource name of the service account. Use one of the following formats: * `
1112
+ # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`
1113
+ # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard
1114
+ # character instead of the project ID: * `projects/-/serviceAccounts/`
1115
+ # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible,
1116
+ # avoid using the `-` wildcard character, because it can cause response messages
1117
+ # to contain misleading error codes. For example, if you try to get the service
1118
+ # account `projects/-/serviceAccounts/fake@example.com`, which does not exist,
1119
+ # the response contains an HTTP `403 Forbidden` error instead of a `404 Not
1120
+ # Found` error.
1121
+ # @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object
1122
+ # @param [String] fields
1123
+ # Selector specifying which fields to include in a partial response.
1124
+ # @param [String] quota_user
1125
+ # Available to use for quota purposes for server-side applications. Can be any
1126
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1127
+ # @param [Google::Apis::RequestOptions] options
1128
+ # Request-specific options
1129
+ #
1130
+ # @yield [result, err] Result & error if block supplied
1131
+ # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
1132
+ # @yieldparam err [StandardError] error object if request failed
1133
+ #
1134
+ # @return [Google::Apis::IamV1::ServiceAccount]
1135
+ #
1136
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1137
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1138
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1139
+ def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1140
+ command = make_simple_command(:patch, 'v1/{+name}', options)
1141
+ command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation
1142
+ command.request_object = patch_service_account_request_object
1143
+ command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
1144
+ command.response_class = Google::Apis::IamV1::ServiceAccount
1145
+ command.params['name'] = name unless name.nil?
1146
+ command.query['fields'] = fields unless fields.nil?
1147
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1148
+ execute_or_queue_command(command, &block)
1149
+ end
1150
+
1151
+ # Sets the IAM policy that is attached to a ServiceAccount. Use this method to
1152
+ # grant or revoke access to the service account. For example, you could grant a
1153
+ # member the ability to impersonate the service account. This method does not
1154
+ # enable the service account to access other resources. To grant roles to a
1155
+ # service account on a resource, follow these steps: 1. Call the resource's `
1156
+ # getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that
1157
+ # it binds the service account to an IAM role for the resource. 3. Call the
1158
+ # resource's `setIamPolicy` method to update its IAM policy. For detailed
1159
+ # instructions, see [Granting roles to a service account for specific resources](
1160
+ # https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-
1161
+ # accounts).
1162
+ # @param [String] resource
1163
+ # REQUIRED: The resource for which the policy is being specified. See the
1164
+ # operation documentation for the appropriate value for this field.
1165
+ # @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object
1166
+ # @param [String] fields
1167
+ # Selector specifying which fields to include in a partial response.
1168
+ # @param [String] quota_user
1169
+ # Available to use for quota purposes for server-side applications. Can be any
1170
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1171
+ # @param [Google::Apis::RequestOptions] options
1172
+ # Request-specific options
1173
+ #
1174
+ # @yield [result, err] Result & error if block supplied
1175
+ # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object
1176
+ # @yieldparam err [StandardError] error object if request failed
1177
+ #
1178
+ # @return [Google::Apis::IamV1::Policy]
1179
+ #
1180
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1181
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1182
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1183
+ def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1184
+ command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
1185
+ command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation
1186
+ command.request_object = set_iam_policy_request_object
1187
+ command.response_representation = Google::Apis::IamV1::Policy::Representation
1188
+ command.response_class = Google::Apis::IamV1::Policy
1189
+ command.params['resource'] = resource unless resource.nil?
1190
+ command.query['fields'] = fields unless fields.nil?
1191
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1192
+ execute_or_queue_command(command, &block)
1193
+ end
1194
+
1195
+ # **Note:** This method is deprecated and will stop working on July 1, 2021. Use
1196
+ # the [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/
1197
+ # projects.serviceAccounts/signBlob) method in the IAM Service Account
1198
+ # Credentials API instead. If you currently use this method, see the [migration
1199
+ # guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
1200
+ # instructions. Signs a blob using the system-managed private key for a
1201
+ # ServiceAccount.
1202
+ # @param [String] name
1203
+ # Required. Deprecated. [Migrate to Service Account Credentials API](https://
1204
+ # cloud.google.com/iam/help/credentials/migrate-api). The resource name of the
1205
+ # service account in the following format: `projects/`PROJECT_ID`/
1206
+ # serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will
1207
+ # infer the project from the account. The `ACCOUNT` value can be the `email`
1208
+ # address or the `unique_id` of the service account.
1209
+ # @param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object
1210
+ # @param [String] fields
1211
+ # Selector specifying which fields to include in a partial response.
1212
+ # @param [String] quota_user
1213
+ # Available to use for quota purposes for server-side applications. Can be any
1214
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1215
+ # @param [Google::Apis::RequestOptions] options
1216
+ # Request-specific options
1217
+ #
1218
+ # @yield [result, err] Result & error if block supplied
1219
+ # @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object
1220
+ # @yieldparam err [StandardError] error object if request failed
1221
+ #
1222
+ # @return [Google::Apis::IamV1::SignBlobResponse]
1223
+ #
1224
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1225
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1226
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1227
+ def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1228
+ command = make_simple_command(:post, 'v1/{+name}:signBlob', options)
1229
+ command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation
1230
+ command.request_object = sign_blob_request_object
1231
+ command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation
1232
+ command.response_class = Google::Apis::IamV1::SignBlobResponse
1233
+ command.params['name'] = name unless name.nil?
1234
+ command.query['fields'] = fields unless fields.nil?
1235
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1236
+ execute_or_queue_command(command, &block)
1237
+ end
1238
+
1239
+ # **Note:** This method is deprecated and will stop working on July 1, 2021. Use
1240
+ # the [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.
1241
+ # serviceAccounts/signJwt) method in the IAM Service Account Credentials API
1242
+ # instead. If you currently use this method, see the [migration guide](https://
1243
+ # cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a
1244
+ # JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
1245
+ # @param [String] name
1246
+ # Required. Deprecated. [Migrate to Service Account Credentials API](https://
1247
+ # cloud.google.com/iam/help/credentials/migrate-api). The resource name of the
1248
+ # service account in the following format: `projects/`PROJECT_ID`/
1249
+ # serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will
1250
+ # infer the project from the account. The `ACCOUNT` value can be the `email`
1251
+ # address or the `unique_id` of the service account.
1252
+ # @param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object
1253
+ # @param [String] fields
1254
+ # Selector specifying which fields to include in a partial response.
1255
+ # @param [String] quota_user
1256
+ # Available to use for quota purposes for server-side applications. Can be any
1257
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1258
+ # @param [Google::Apis::RequestOptions] options
1259
+ # Request-specific options
1260
+ #
1261
+ # @yield [result, err] Result & error if block supplied
1262
+ # @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object
1263
+ # @yieldparam err [StandardError] error object if request failed
1264
+ #
1265
+ # @return [Google::Apis::IamV1::SignJwtResponse]
1266
+ #
1267
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1268
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1269
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1270
+ def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1271
+ command = make_simple_command(:post, 'v1/{+name}:signJwt', options)
1272
+ command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation
1273
+ command.request_object = sign_jwt_request_object
1274
+ command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation
1275
+ command.response_class = Google::Apis::IamV1::SignJwtResponse
1276
+ command.params['name'] = name unless name.nil?
1277
+ command.query['fields'] = fields unless fields.nil?
1278
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1279
+ execute_or_queue_command(command, &block)
1280
+ end
1281
+
1282
+ # Tests whether the caller has the specified permissions on a ServiceAccount.
1283
+ # @param [String] resource
1284
+ # REQUIRED: The resource for which the policy detail is being requested. See the
1285
+ # operation documentation for the appropriate value for this field.
1286
+ # @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object
1287
+ # @param [String] fields
1288
+ # Selector specifying which fields to include in a partial response.
1289
+ # @param [String] quota_user
1290
+ # Available to use for quota purposes for server-side applications. Can be any
1291
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1292
+ # @param [Google::Apis::RequestOptions] options
1293
+ # Request-specific options
1294
+ #
1295
+ # @yield [result, err] Result & error if block supplied
1296
+ # @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object
1297
+ # @yieldparam err [StandardError] error object if request failed
1298
+ #
1299
+ # @return [Google::Apis::IamV1::TestIamPermissionsResponse]
1300
+ #
1301
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1302
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1303
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1304
+ def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1305
+ command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
1306
+ command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation
1307
+ command.request_object = test_iam_permissions_request_object
1308
+ command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation
1309
+ command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse
1310
+ command.params['resource'] = resource unless resource.nil?
1311
+ command.query['fields'] = fields unless fields.nil?
1312
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1313
+ execute_or_queue_command(command, &block)
1314
+ end
1315
+
1316
+ # Restores a deleted ServiceAccount. **Important:** It is not always possible to
1317
+ # restore a deleted service account. Use this method only as a last resort.
1318
+ # After you delete a service account, IAM permanently removes the service
1319
+ # account 30 days later. There is no way to restore a deleted service account
1320
+ # that has been permanently removed.
1321
+ # @param [String] name
1322
+ # The resource name of the service account in the following format: `projects/`
1323
+ # PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``. Using `-` as a wildcard for
1324
+ # the `PROJECT_ID` will infer the project from the account.
1325
+ # @param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object
1326
+ # @param [String] fields
1327
+ # Selector specifying which fields to include in a partial response.
1328
+ # @param [String] quota_user
1329
+ # Available to use for quota purposes for server-side applications. Can be any
1330
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1331
+ # @param [Google::Apis::RequestOptions] options
1332
+ # Request-specific options
1333
+ #
1334
+ # @yield [result, err] Result & error if block supplied
1335
+ # @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object
1336
+ # @yieldparam err [StandardError] error object if request failed
1337
+ #
1338
+ # @return [Google::Apis::IamV1::UndeleteServiceAccountResponse]
1339
+ #
1340
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1341
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1342
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1343
+ def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1344
+ command = make_simple_command(:post, 'v1/{+name}:undelete', options)
1345
+ command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation
1346
+ command.request_object = undelete_service_account_request_object
1347
+ command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation
1348
+ command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse
1349
+ command.params['name'] = name unless name.nil?
1350
+ command.query['fields'] = fields unless fields.nil?
1351
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1352
+ execute_or_queue_command(command, &block)
1353
+ end
1354
+
1355
+ # **Note:** We are in the process of deprecating this method. Use
1356
+ # PatchServiceAccount instead. Updates a ServiceAccount. You can update only the
1357
+ # `display_name` and `description` fields.
1358
+ # @param [String] name
1359
+ # The resource name of the service account. Use one of the following formats: * `
1360
+ # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`
1361
+ # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard
1362
+ # character instead of the project ID: * `projects/-/serviceAccounts/`
1363
+ # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible,
1364
+ # avoid using the `-` wildcard character, because it can cause response messages
1365
+ # to contain misleading error codes. For example, if you try to get the service
1366
+ # account `projects/-/serviceAccounts/fake@example.com`, which does not exist,
1367
+ # the response contains an HTTP `403 Forbidden` error instead of a `404 Not
1368
+ # Found` error.
1369
+ # @param [Google::Apis::IamV1::ServiceAccount] service_account_object
1370
+ # @param [String] fields
1371
+ # Selector specifying which fields to include in a partial response.
1372
+ # @param [String] quota_user
1373
+ # Available to use for quota purposes for server-side applications. Can be any
1374
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1375
+ # @param [Google::Apis::RequestOptions] options
1376
+ # Request-specific options
1377
+ #
1378
+ # @yield [result, err] Result & error if block supplied
1379
+ # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object
1380
+ # @yieldparam err [StandardError] error object if request failed
1381
+ #
1382
+ # @return [Google::Apis::IamV1::ServiceAccount]
1383
+ #
1384
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1385
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1386
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1387
+ def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1388
+ command = make_simple_command(:put, 'v1/{+name}', options)
1389
+ command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation
1390
+ command.request_object = service_account_object
1391
+ command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation
1392
+ command.response_class = Google::Apis::IamV1::ServiceAccount
1393
+ command.params['name'] = name unless name.nil?
1394
+ command.query['fields'] = fields unless fields.nil?
1395
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1396
+ execute_or_queue_command(command, &block)
1397
+ end
1398
+
1399
+ # Creates a ServiceAccountKey.
1400
+ # @param [String] name
1401
+ # Required. The resource name of the service account in the following format: `
1402
+ # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
1403
+ # the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value
1404
+ # can be the `email` address or the `unique_id` of the service account.
1405
+ # @param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object
1406
+ # @param [String] fields
1407
+ # Selector specifying which fields to include in a partial response.
1408
+ # @param [String] quota_user
1409
+ # Available to use for quota purposes for server-side applications. Can be any
1410
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1411
+ # @param [Google::Apis::RequestOptions] options
1412
+ # Request-specific options
1413
+ #
1414
+ # @yield [result, err] Result & error if block supplied
1415
+ # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
1416
+ # @yieldparam err [StandardError] error object if request failed
1417
+ #
1418
+ # @return [Google::Apis::IamV1::ServiceAccountKey]
1419
+ #
1420
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1421
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1422
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1423
+ def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1424
+ command = make_simple_command(:post, 'v1/{+name}/keys', options)
1425
+ command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation
1426
+ command.request_object = create_service_account_key_request_object
1427
+ command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
1428
+ command.response_class = Google::Apis::IamV1::ServiceAccountKey
1429
+ command.params['name'] = name unless name.nil?
1430
+ command.query['fields'] = fields unless fields.nil?
1431
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1432
+ execute_or_queue_command(command, &block)
1433
+ end
1434
+
1435
+ # Deletes a ServiceAccountKey. Deleting a service account key does not revoke
1436
+ # short-lived credentials that have been issued based on the service account key.
1437
+ # @param [String] name
1438
+ # Required. The resource name of the service account key in the following format:
1439
+ # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
1440
+ # wildcard for the `PROJECT_ID` will infer the project from the account. The `
1441
+ # ACCOUNT` value can be the `email` address or the `unique_id` of the service
1442
+ # account.
1443
+ # @param [String] fields
1444
+ # Selector specifying which fields to include in a partial response.
1445
+ # @param [String] quota_user
1446
+ # Available to use for quota purposes for server-side applications. Can be any
1447
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1448
+ # @param [Google::Apis::RequestOptions] options
1449
+ # Request-specific options
1450
+ #
1451
+ # @yield [result, err] Result & error if block supplied
1452
+ # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object
1453
+ # @yieldparam err [StandardError] error object if request failed
1454
+ #
1455
+ # @return [Google::Apis::IamV1::Empty]
1456
+ #
1457
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1458
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1459
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1460
+ def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block)
1461
+ command = make_simple_command(:delete, 'v1/{+name}', options)
1462
+ command.response_representation = Google::Apis::IamV1::Empty::Representation
1463
+ command.response_class = Google::Apis::IamV1::Empty
1464
+ command.params['name'] = name unless name.nil?
1465
+ command.query['fields'] = fields unless fields.nil?
1466
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1467
+ execute_or_queue_command(command, &block)
1468
+ end
1469
+
1470
+ # Gets a ServiceAccountKey.
1471
+ # @param [String] name
1472
+ # Required. The resource name of the service account key in the following format:
1473
+ # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a
1474
+ # wildcard for the `PROJECT_ID` will infer the project from the account. The `
1475
+ # ACCOUNT` value can be the `email` address or the `unique_id` of the service
1476
+ # account.
1477
+ # @param [String] public_key_type
1478
+ # The output format of the public key requested. X509_PEM is the default output
1479
+ # format.
1480
+ # @param [String] fields
1481
+ # Selector specifying which fields to include in a partial response.
1482
+ # @param [String] quota_user
1483
+ # Available to use for quota purposes for server-side applications. Can be any
1484
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1485
+ # @param [Google::Apis::RequestOptions] options
1486
+ # Request-specific options
1487
+ #
1488
+ # @yield [result, err] Result & error if block supplied
1489
+ # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
1490
+ # @yieldparam err [StandardError] error object if request failed
1491
+ #
1492
+ # @return [Google::Apis::IamV1::ServiceAccountKey]
1493
+ #
1494
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1495
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1496
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1497
+ def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block)
1498
+ command = make_simple_command(:get, 'v1/{+name}', options)
1499
+ command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
1500
+ command.response_class = Google::Apis::IamV1::ServiceAccountKey
1501
+ command.params['name'] = name unless name.nil?
1502
+ command.query['publicKeyType'] = public_key_type unless public_key_type.nil?
1503
+ command.query['fields'] = fields unless fields.nil?
1504
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1505
+ execute_or_queue_command(command, &block)
1506
+ end
1507
+
1508
+ # Lists every ServiceAccountKey for a service account.
1509
+ # @param [String] name
1510
+ # Required. The resource name of the service account in the following format: `
1511
+ # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for
1512
+ # the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value
1513
+ # can be the `email` address or the `unique_id` of the service account.
1514
+ # @param [Array<String>, String] key_types
1515
+ # Filters the types of keys the user wants to include in the list response.
1516
+ # Duplicate key types are not allowed. If no key type is provided, all keys are
1517
+ # returned.
1518
+ # @param [String] fields
1519
+ # Selector specifying which fields to include in a partial response.
1520
+ # @param [String] quota_user
1521
+ # Available to use for quota purposes for server-side applications. Can be any
1522
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1523
+ # @param [Google::Apis::RequestOptions] options
1524
+ # Request-specific options
1525
+ #
1526
+ # @yield [result, err] Result & error if block supplied
1527
+ # @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object
1528
+ # @yieldparam err [StandardError] error object if request failed
1529
+ #
1530
+ # @return [Google::Apis::IamV1::ListServiceAccountKeysResponse]
1531
+ #
1532
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1533
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1534
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1535
+ def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block)
1536
+ command = make_simple_command(:get, 'v1/{+name}/keys', options)
1537
+ command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation
1538
+ command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse
1539
+ command.params['name'] = name unless name.nil?
1540
+ command.query['keyTypes'] = key_types unless key_types.nil?
1541
+ command.query['fields'] = fields unless fields.nil?
1542
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1543
+ execute_or_queue_command(command, &block)
1544
+ end
1545
+
1546
+ # Creates a ServiceAccountKey, using a public key that you provide.
1547
+ # @param [String] name
1548
+ # The resource name of the service account in the following format: `projects/`
1549
+ # PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `
1550
+ # PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can
1551
+ # be the `email` address or the `unique_id` of the service account.
1552
+ # @param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object
1553
+ # @param [String] fields
1554
+ # Selector specifying which fields to include in a partial response.
1555
+ # @param [String] quota_user
1556
+ # Available to use for quota purposes for server-side applications. Can be any
1557
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1558
+ # @param [Google::Apis::RequestOptions] options
1559
+ # Request-specific options
1560
+ #
1561
+ # @yield [result, err] Result & error if block supplied
1562
+ # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
1563
+ # @yieldparam err [StandardError] error object if request failed
1564
+ #
1565
+ # @return [Google::Apis::IamV1::ServiceAccountKey]
1566
+ #
1567
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1568
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1569
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1570
+ def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1571
+ command = make_simple_command(:post, 'v1/{+name}/keys:upload', options)
1572
+ command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation
1573
+ command.request_object = upload_service_account_key_request_object
1574
+ command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
1575
+ command.response_class = Google::Apis::IamV1::ServiceAccountKey
1576
+ command.params['name'] = name unless name.nil?
1577
+ command.query['fields'] = fields unless fields.nil?
1578
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1579
+ execute_or_queue_command(command, &block)
1580
+ end
1581
+
1582
+ # Gets the definition of a Role.
1583
+ # @param [String] name
1584
+ # The `name` parameter's value depends on the target resource for the request,
1585
+ # namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
1586
+ # rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
1587
+ # organizations.roles). Each resource type's `name` value format is described
1588
+ # below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME``
1589
+ # . This method returns results from all [predefined roles](/iam/docs/
1590
+ # understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `
1591
+ # https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/
1592
+ # iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/`
1593
+ # CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
1594
+ # understanding-custom-roles) that have been created at the project level.
1595
+ # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/
1596
+ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/
1597
+ # organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/`
1598
+ # CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/
1599
+ # understanding-custom-roles) that have been created at the organization level.
1600
+ # Example request URL: `https://iam.googleapis.com/v1/organizations/`
1601
+ # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid;
1602
+ # you must specify a complete project ID or organization ID.
1603
+ # @param [String] fields
1604
+ # Selector specifying which fields to include in a partial response.
1605
+ # @param [String] quota_user
1606
+ # Available to use for quota purposes for server-side applications. Can be any
1607
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1608
+ # @param [Google::Apis::RequestOptions] options
1609
+ # Request-specific options
1610
+ #
1611
+ # @yield [result, err] Result & error if block supplied
1612
+ # @yieldparam result [Google::Apis::IamV1::Role] parsed result object
1613
+ # @yieldparam err [StandardError] error object if request failed
1614
+ #
1615
+ # @return [Google::Apis::IamV1::Role]
1616
+ #
1617
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1618
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1619
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1620
+ def get_role(name, fields: nil, quota_user: nil, options: nil, &block)
1621
+ command = make_simple_command(:get, 'v1/{+name}', options)
1622
+ command.response_representation = Google::Apis::IamV1::Role::Representation
1623
+ command.response_class = Google::Apis::IamV1::Role
1624
+ command.params['name'] = name unless name.nil?
1625
+ command.query['fields'] = fields unless fields.nil?
1626
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1627
+ execute_or_queue_command(command, &block)
1628
+ end
1629
+
1630
+ # Lists every predefined Role that IAM supports, or every custom role that is
1631
+ # defined for an organization or project.
1632
+ # @param [Fixnum] page_size
1633
+ # Optional limit on the number of roles to include in the response. The default
1634
+ # is 300, and the maximum is 1,000.
1635
+ # @param [String] page_token
1636
+ # Optional pagination token returned in an earlier ListRolesResponse.
1637
+ # @param [String] parent
1638
+ # The `parent` parameter's value depends on the target resource for the request,
1639
+ # namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/
1640
+ # rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/
1641
+ # organizations.roles). Each resource type's `parent` value format is described
1642
+ # below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
1643
+ # This method doesn't require a resource; it simply returns all [predefined
1644
+ # roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example
1645
+ # request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](
1646
+ # /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This
1647
+ # method lists all project-level [custom roles](/iam/docs/understanding-custom-
1648
+ # roles). Example request URL: `https://iam.googleapis.com/v1/projects/`
1649
+ # PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/
1650
+ # organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method
1651
+ # lists all organization-level [custom roles](/iam/docs/understanding-custom-
1652
+ # roles). Example request URL: `https://iam.googleapis.com/v1/organizations/`
1653
+ # ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must
1654
+ # specify a complete project ID or organization ID.
1655
+ # @param [Boolean] show_deleted
1656
+ # Include Roles that have been deleted.
1657
+ # @param [String] view
1658
+ # Optional view for the returned Role objects. When `FULL` is specified, the `
1659
+ # includedPermissions` field is returned, which includes a list of all
1660
+ # permissions in the role. The default value is `BASIC`, which does not return
1661
+ # the `includedPermissions` field.
1662
+ # @param [String] fields
1663
+ # Selector specifying which fields to include in a partial response.
1664
+ # @param [String] quota_user
1665
+ # Available to use for quota purposes for server-side applications. Can be any
1666
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1667
+ # @param [Google::Apis::RequestOptions] options
1668
+ # Request-specific options
1669
+ #
1670
+ # @yield [result, err] Result & error if block supplied
1671
+ # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object
1672
+ # @yieldparam err [StandardError] error object if request failed
1673
+ #
1674
+ # @return [Google::Apis::IamV1::ListRolesResponse]
1675
+ #
1676
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1677
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1678
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1679
+ def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block)
1680
+ command = make_simple_command(:get, 'v1/roles', options)
1681
+ command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation
1682
+ command.response_class = Google::Apis::IamV1::ListRolesResponse
1683
+ command.query['pageSize'] = page_size unless page_size.nil?
1684
+ command.query['pageToken'] = page_token unless page_token.nil?
1685
+ command.query['parent'] = parent unless parent.nil?
1686
+ command.query['showDeleted'] = show_deleted unless show_deleted.nil?
1687
+ command.query['view'] = view unless view.nil?
1688
+ command.query['fields'] = fields unless fields.nil?
1689
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1690
+ execute_or_queue_command(command, &block)
1691
+ end
1692
+
1693
+ # Lists roles that can be granted on a Google Cloud resource. A role is
1694
+ # grantable if the IAM policy for the resource can contain bindings to the role.
1695
+ # @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object
1696
+ # @param [String] fields
1697
+ # Selector specifying which fields to include in a partial response.
1698
+ # @param [String] quota_user
1699
+ # Available to use for quota purposes for server-side applications. Can be any
1700
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
1701
+ # @param [Google::Apis::RequestOptions] options
1702
+ # Request-specific options
1703
+ #
1704
+ # @yield [result, err] Result & error if block supplied
1705
+ # @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object
1706
+ # @yieldparam err [StandardError] error object if request failed
1707
+ #
1708
+ # @return [Google::Apis::IamV1::QueryGrantableRolesResponse]
1709
+ #
1710
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
1711
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
1712
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
1713
+ def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
1714
+ command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options)
1715
+ command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation
1716
+ command.request_object = query_grantable_roles_request_object
1717
+ command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation
1718
+ command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse
1719
+ command.query['fields'] = fields unless fields.nil?
1720
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1721
+ execute_or_queue_command(command, &block)
1722
+ end
1723
+
1724
+ protected
1725
+
1726
+ def apply_command_defaults(command)
1727
+ command.query['key'] = key unless key.nil?
1728
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
1729
+ end
1730
+ end
1731
+ end
1732
+ end
1733
+ end