iam/v1 library

Identity and Access Management (IAM) API - v1

Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API.

For more information, see cloud.google.com/iam/

Create an instance of IamApi to access these resources:

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource

ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource

Classes

AccessRestrictions: Access related restrictions on the workforce pool.
AddAttestationRuleRequest: Request message for AddAttestationRule.
AttestationRule: Defines which workloads can receive an identity within a pool.
AuditableService: Contains information about an auditable service.
AuditConfig: Specifies the audit configuration for a service.
Aws: Represents an Amazon Web Services identity provider.
Binding: Associates members, or principals, with a role.
CreateRoleRequest: The request to create a new role.
CreateServiceAccountKeyRequest: The service account key create request.
CreateServiceAccountRequest: The service account create request.
DisableServiceAccountKeyRequest: The service account key disable request.
ExtendedStatus: Extended status can store additional metadata.
GetIamPolicyRequest: Request message for GetIamPolicy method.
GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client: Represents the OAuth 2.0 client credential configuration for retrieving additional user attributes that are not present in the initial authentication credentials from the identity provider, e.g. groups.
GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters: Represents the parameters to control which claims are fetched from an IdP.
GoogleIamAdminV1WorkforcePoolProviderOidc: Represents an OpenId Connect 1.0 identity provider.
GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret: Representation of a client secret configured for the OIDC provider.
GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue: Representation of the value of the client secret.
GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig: Configuration for web single sign-on for the OIDC provider.
GoogleIamAdminV1WorkforcePoolProviderSaml: Represents a SAML identity provider.
IamApi: Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.
IamPoliciesResource
InlineCertificateIssuanceConfig: Represents configuration for generating mutual TLS (mTLS) certificates for the identities within this pool.
InlineTrustConfig: Defines configuration for extending trust to additional trust domains.
IntermediateCA: Intermediate CA certificates used for building the trust chain to trust anchor
KeyData: Represents a public key data along with its format.
LintPolicyRequest: The request to lint an IAM policy object.
LintPolicyResponse: The response of a lint operation.
LintResult: Structured response of a single validation unit.
ListAttestationRulesResponse: Response message for ListAttestationRules.
ListOauthClientCredentialsResponse: Response message for ListOauthClientCredentials.
ListOauthClientsResponse: Response message for ListOauthClients.
ListRolesResponse: The response containing the roles defined under a resource.
ListServiceAccountKeysResponse: The service account keys list response.
ListServiceAccountsResponse: The service account list response.
ListWorkforcePoolProviderKeysResponse: Response message for ListWorkforcePoolProviderKeys.
ListWorkforcePoolProviderScimTenantsResponse: Response message for ListWorkforcePoolProviderScimTenants.
ListWorkforcePoolProviderScimTokensResponse: Response message for ListWorkforcePoolProviderScimTokens.
ListWorkforcePoolProvidersResponse: Response message for ListWorkforcePoolProviders.
ListWorkforcePoolsResponse: Response message for ListWorkforcePools.
ListWorkloadIdentityPoolManagedIdentitiesResponse: Response message for ListWorkloadIdentityPoolManagedIdentities.
ListWorkloadIdentityPoolNamespacesResponse: Response message for ListWorkloadIdentityPoolNamespaces.
ListWorkloadIdentityPoolProviderKeysResponse: Response message for ListWorkloadIdentityPoolProviderKeys.
ListWorkloadIdentityPoolProvidersResponse: Response message for ListWorkloadIdentityPoolProviders.
ListWorkloadIdentityPoolsResponse: Response message for ListWorkloadIdentityPools.
LocationsResource
LocationsWorkforcePoolsOperationsResource
LocationsWorkforcePoolsProvidersKeysOperationsResource
LocationsWorkforcePoolsProvidersKeysResource
LocationsWorkforcePoolsProvidersOperationsResource
LocationsWorkforcePoolsProvidersResource
LocationsWorkforcePoolsProvidersScimTenantsResource
LocationsWorkforcePoolsProvidersScimTenantsTokensResource
LocationsWorkforcePoolsResource
LocationsWorkforcePoolsSubjectsOperationsResource
LocationsWorkforcePoolsSubjectsResource
OauthClient: Represents an OauthClient.
OauthClientCredential: Represents an OauthClientCredential.
Oidc: Represents an OpenId Connect 1.0 identity provider.
Operation: This resource represents a long-running operation that is the result of a network API call.
OrganizationsResource
OrganizationsRolesResource
OwnerService: The Google Cloud service that owns this namespace.
PatchServiceAccountRequest: The service account patch request.
Permission: A permission which can be included by a role.
PermissionsResource
Policy: An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
ProjectsLocationsOauthClientsCredentialsResource
ProjectsLocationsOauthClientsResource
ProjectsLocationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesOperationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesOperationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesOperationsResource
ProjectsLocationsWorkloadIdentityPoolsNamespacesResource
ProjectsLocationsWorkloadIdentityPoolsOperationsResource
ProjectsLocationsWorkloadIdentityPoolsProvidersKeysOperationsResource
ProjectsLocationsWorkloadIdentityPoolsProvidersKeysResource
ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsResource
ProjectsLocationsWorkloadIdentityPoolsProvidersResource
ProjectsLocationsWorkloadIdentityPoolsResource
ProjectsResource
ProjectsRolesResource
ProjectsServiceAccountsKeysResource
ProjectsServiceAccountsResource
QueryAuditableServicesRequest: A request to get the list of auditable services for a resource.
QueryAuditableServicesResponse: A response containing a list of auditable services for a resource.
QueryGrantableRolesRequest: The grantable role query request.
QueryGrantableRolesResponse: The grantable role query response.
QueryTestablePermissionsRequest: A request to get permissions which can be tested on a resource.
QueryTestablePermissionsResponse: The response containing permissions which can be tested on a resource.
RemoveAttestationRuleRequest: Request message for RemoveAttestationRule.
Role: A role in the Identity and Access Management API.
RolesResource
Saml: Represents an SAML 2.0 identity provider.
ServiceAccount: An IAM service account.
ServiceAccountKey: Represents a service account key.
ServiceConfig: Configuration for a service.
SetAttestationRulesRequest: Request message for SetAttestationRules.
SetIamPolicyRequest: Request message for SetIamPolicy method.
SignBlobRequest: Migrate to Service Account Credentials API.
SignBlobResponse: Migrate to Service Account Credentials API.
SignJwtRequest: Migrate to Service Account Credentials API.
SignJwtResponse: Migrate to Service Account Credentials API.
TrustAnchor: Represents a root of trust.
TrustStore: Trust store that contains trust anchors and optional intermediate CAs used in PKI to build a trust chain(trust hierarchy) and verify a client's identity.
UndeleteRoleRequest: The request to undelete an existing role.
UndeleteServiceAccountResponse
UploadServiceAccountKeyRequest: The service account key upload request.
WorkforcePool: Represents a collection of external workforces.
WorkforcePoolProvider: A configuration for an external identity provider.
WorkforcePoolProviderKey: Represents a public key configuration for a Workforce Pool Provider.
WorkforcePoolProviderScimTenant: Represents a scim tenant.
WorkforcePoolProviderScimToken: Represents a token for the WorkforcePoolProviderScimTenant.
WorkloadIdentityPool: Represents a collection of workload identities.
WorkloadIdentityPoolManagedIdentity: Represents a managed identity for a workload identity pool namespace.
WorkloadIdentityPoolNamespace: Represents a namespace for a workload identity pool.
WorkloadIdentityPoolProvider: A configuration for an external identity provider.
WorkloadIdentityPoolProviderKey: Represents a public key configuration for your workload identity pool provider.
X509: An X.509-type identity provider represents a CA.

Typedefs

AuditLogConfig = $AuditLogConfig: Provides the configuration for logging a type of permissions.
DisableServiceAccountRequest = $Empty: The service account disable request.
Empty = $Empty: A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
EnableServiceAccountKeyRequest = $Empty: The service account key enable request.
EnableServiceAccountRequest = $Empty: The service account enable request.
Expr = $Expr: Represents a textual expression in the Common Expression Language (CEL) syntax.
GetPolicyOptions = $GetPolicyOptions00: Encapsulates settings provided to GetIamPolicy.
Status = $Status00: The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.
TestIamPermissionsRequest = $TestIamPermissionsRequest00: Request message for TestIamPermissions method.
TestIamPermissionsResponse = $PermissionsResponse: Response message for TestIamPermissions method.
UndeleteOauthClientRequest = $Empty: Request message for UndeleteOauthClient.
UndeleteServiceAccountRequest = $Empty: The service account undelete request.
UndeleteWorkforcePoolProviderKeyRequest = $Empty: Request message for UndeleteWorkforcePoolProviderKey.
UndeleteWorkforcePoolProviderRequest = $Empty: Request message for UndeleteWorkforcePoolProvider.
UndeleteWorkforcePoolProviderScimTenantRequest = $Empty: Request message for UndeleteWorkforcePoolProviderScimTenant.
UndeleteWorkforcePoolProviderScimTokenRequest = $Empty: Request message for UndeleteWorkforcePoolProviderScimToken.
UndeleteWorkforcePoolRequest = $Empty: Request message for UndeleteWorkforcePool.
UndeleteWorkforcePoolSubjectRequest = $Empty: Request message for UndeleteWorkforcePoolSubject.
UndeleteWorkloadIdentityPoolManagedIdentityRequest = $Empty: Request message for UndeleteWorkloadIdentityPoolManagedIdentity.
UndeleteWorkloadIdentityPoolNamespaceRequest = $Empty: Request message for UndeleteWorkloadIdentityPoolNamespace.
UndeleteWorkloadIdentityPoolProviderKeyRequest = $Empty: Request message for UndeleteWorkloadIdentityPoolProviderKey.
UndeleteWorkloadIdentityPoolProviderRequest = $Empty: Request message for UndeleteWorkloadIdentityPoolProvider.
UndeleteWorkloadIdentityPoolRequest = $Empty: Request message for UndeleteWorkloadIdentityPool.

Exceptions / Errors

ApiRequestError: Represents a general error reported by the API endpoint.
DetailedApiRequestError: Represents a specific error reported by the API endpoint.