Variables
ServiceAccountKeyAlgorithm_name, ServiceAccountKeyAlgorithm_value
var
(
ServiceAccountKeyAlgorithm_name
=
map
[
int32
]
string
{
0
:
"KEY_ALG_UNSPECIFIED"
,
1
:
"KEY_ALG_RSA_1024"
,
2
:
"KEY_ALG_RSA_2048"
,
}
ServiceAccountKeyAlgorithm_value
=
map
[
string
]
int32
{
"KEY_ALG_UNSPECIFIED"
:
0
,
"KEY_ALG_RSA_1024"
:
1
,
"KEY_ALG_RSA_2048"
:
2
,
}
)
Enum value maps for ServiceAccountKeyAlgorithm.
ServiceAccountPrivateKeyType_name, ServiceAccountPrivateKeyType_value
var
(
ServiceAccountPrivateKeyType_name
=
map
[
int32
]
string
{
0
:
"TYPE_UNSPECIFIED"
,
1
:
"TYPE_PKCS12_FILE"
,
2
:
"TYPE_GOOGLE_CREDENTIALS_FILE"
,
}
ServiceAccountPrivateKeyType_value
=
map
[
string
]
int32
{
"TYPE_UNSPECIFIED"
:
0
,
"TYPE_PKCS12_FILE"
:
1
,
"TYPE_GOOGLE_CREDENTIALS_FILE"
:
2
,
}
)
Enum value maps for ServiceAccountPrivateKeyType.
ServiceAccountPublicKeyType_name, ServiceAccountPublicKeyType_value
var
(
ServiceAccountPublicKeyType_name
=
map
[
int32
]
string
{
0
:
"TYPE_NONE"
,
1
:
"TYPE_X509_PEM_FILE"
,
2
:
"TYPE_RAW_PUBLIC_KEY"
,
}
ServiceAccountPublicKeyType_value
=
map
[
string
]
int32
{
"TYPE_NONE"
:
0
,
"TYPE_X509_PEM_FILE"
:
1
,
"TYPE_RAW_PUBLIC_KEY"
:
2
,
}
)
Enum value maps for ServiceAccountPublicKeyType.
ServiceAccountKeyOrigin_name, ServiceAccountKeyOrigin_value
var
(
ServiceAccountKeyOrigin_name
=
map
[
int32
]
string
{
0
:
"ORIGIN_UNSPECIFIED"
,
1
:
"USER_PROVIDED"
,
2
:
"GOOGLE_PROVIDED"
,
}
ServiceAccountKeyOrigin_value
=
map
[
string
]
int32
{
"ORIGIN_UNSPECIFIED"
:
0
,
"USER_PROVIDED"
:
1
,
"GOOGLE_PROVIDED"
:
2
,
}
)
Enum value maps for ServiceAccountKeyOrigin.
RoleView_name, RoleView_value
var
(
RoleView_name
=
map
[
int32
]
string
{
0
:
"BASIC"
,
1
:
"FULL"
,
}
RoleView_value
=
map
[
string
]
int32
{
"BASIC"
:
0
,
"FULL"
:
1
,
}
)
Enum value maps for RoleView.
ListServiceAccountKeysRequest_KeyType_name, ListServiceAccountKeysRequest_KeyType_value
var
(
ListServiceAccountKeysRequest_KeyType_name
=
map
[
int32
]
string
{
0
:
"KEY_TYPE_UNSPECIFIED"
,
1
:
"USER_MANAGED"
,
2
:
"SYSTEM_MANAGED"
,
}
ListServiceAccountKeysRequest_KeyType_value
=
map
[
string
]
int32
{
"KEY_TYPE_UNSPECIFIED"
:
0
,
"USER_MANAGED"
:
1
,
"SYSTEM_MANAGED"
:
2
,
}
)
Enum value maps for ListServiceAccountKeysRequest_KeyType.
Role_RoleLaunchStage_name, Role_RoleLaunchStage_value
var
(
Role_RoleLaunchStage_name
=
map
[
int32
]
string
{
0
:
"ALPHA"
,
1
:
"BETA"
,
2
:
"GA"
,
4
:
"DEPRECATED"
,
5
:
"DISABLED"
,
6
:
"EAP"
,
}
Role_RoleLaunchStage_value
=
map
[
string
]
int32
{
"ALPHA"
:
0
,
"BETA"
:
1
,
"GA"
:
2
,
"DEPRECATED"
:
4
,
"DISABLED"
:
5
,
"EAP"
:
6
,
}
)
Enum value maps for Role_RoleLaunchStage.
Permission_PermissionLaunchStage_name, Permission_PermissionLaunchStage_value
var
(
Permission_PermissionLaunchStage_name
=
map
[
int32
]
string
{
0
:
"ALPHA"
,
1
:
"BETA"
,
2
:
"GA"
,
3
:
"DEPRECATED"
,
}
Permission_PermissionLaunchStage_value
=
map
[
string
]
int32
{
"ALPHA"
:
0
,
"BETA"
:
1
,
"GA"
:
2
,
"DEPRECATED"
:
3
,
}
)
Enum value maps for Permission_PermissionLaunchStage.
Permission_CustomRolesSupportLevel_name, Permission_CustomRolesSupportLevel_value
var
(
Permission_CustomRolesSupportLevel_name
=
map
[
int32
]
string
{
0
:
"SUPPORTED"
,
1
:
"TESTING"
,
2
:
"NOT_SUPPORTED"
,
}
Permission_CustomRolesSupportLevel_value
=
map
[
string
]
int32
{
"SUPPORTED"
:
0
,
"TESTING"
:
1
,
"NOT_SUPPORTED"
:
2
,
}
)
Enum value maps for Permission_CustomRolesSupportLevel.
LintResult_Level_name, LintResult_Level_value
var
(
LintResult_Level_name
=
map
[
int32
]
string
{
0
:
"LEVEL_UNSPECIFIED"
,
3
:
"CONDITION"
,
}
LintResult_Level_value
=
map
[
string
]
int32
{
"LEVEL_UNSPECIFIED"
:
0
,
"CONDITION"
:
3
,
}
)
Enum value maps for LintResult_Level.
LintResult_Severity_name, LintResult_Severity_value
var
(
LintResult_Severity_name
=
map
[
int32
]
string
{
0
:
"SEVERITY_UNSPECIFIED"
,
1
:
"ERROR"
,
2
:
"WARNING"
,
3
:
"NOTICE"
,
4
:
"INFO"
,
5
:
"DEPRECATED"
,
}
LintResult_Severity_value
=
map
[
string
]
int32
{
"SEVERITY_UNSPECIFIED"
:
0
,
"ERROR"
:
1
,
"WARNING"
:
2
,
"NOTICE"
:
3
,
"INFO"
:
4
,
"DEPRECATED"
:
5
,
}
)
Enum value maps for LintResult_Severity.
File_google_iam_admin_v1_audit_data_proto
var
File_google_iam_admin_v1_audit_data_proto
protoreflect
.
FileDescriptor
File_google_iam_admin_v1_iam_proto
var
File_google_iam_admin_v1_iam_proto
protoreflect
.
FileDescriptor
Functions
func RegisterIAMServer
AuditData
type
AuditData
struct
{
// The permission_delta when when creating or updating a Role.
PermissionDelta
*
AuditData_PermissionDelta
`protobuf:"bytes,1,opt,name=permission_delta,json=permissionDelta,proto3" json:"permission_delta,omitempty"`
// contains filtered or unexported fields
}
Audit log information specific to Cloud IAM admin APIs. This message is
serialized as an Any
type in the ServiceData
message of an AuditLog
message.
func (*AuditData) Descriptor
Deprecated: Use AuditData.ProtoReflect.Descriptor instead.
func (*AuditData) GetPermissionDelta
func
(
x
*
AuditData
)
GetPermissionDelta
()
*
AuditData_PermissionDelta
func (*AuditData) ProtoMessage
func
(
*
AuditData
)
ProtoMessage
()
func (*AuditData) ProtoReflect
func
(
x
*
AuditData
)
ProtoReflect
()
protoreflect
.
Message
func (*AuditData) Reset
func
(
x
*
AuditData
)
Reset
()
func (*AuditData) String
AuditData_PermissionDelta
type
AuditData_PermissionDelta
struct
{
// Added permissions.
AddedPermissions
[]
string
`protobuf:"bytes,1,rep,name=added_permissions,json=addedPermissions,proto3" json:"added_permissions,omitempty"`
// Removed permissions.
RemovedPermissions
[]
string
`protobuf:"bytes,2,rep,name=removed_permissions,json=removedPermissions,proto3" json:"removed_permissions,omitempty"`
// contains filtered or unexported fields
}
A PermissionDelta message to record the added_permissions and removed_permissions inside a role.
func (*AuditData_PermissionDelta) Descriptor
func
(
*
AuditData_PermissionDelta
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use AuditData_PermissionDelta.ProtoReflect.Descriptor instead.
func (*AuditData_PermissionDelta) GetAddedPermissions
func
(
x
*
AuditData_PermissionDelta
)
GetAddedPermissions
()
[]
string
func (*AuditData_PermissionDelta) GetRemovedPermissions
func
(
x
*
AuditData_PermissionDelta
)
GetRemovedPermissions
()
[]
string
func (*AuditData_PermissionDelta) ProtoMessage
func
(
*
AuditData_PermissionDelta
)
ProtoMessage
()
func (*AuditData_PermissionDelta) ProtoReflect
func
(
x
*
AuditData_PermissionDelta
)
ProtoReflect
()
protoreflect
.
Message
func (*AuditData_PermissionDelta) Reset
func
(
x
*
AuditData_PermissionDelta
)
Reset
()
func (*AuditData_PermissionDelta) String
func
(
x
*
AuditData_PermissionDelta
)
String
()
string
CreateRoleRequest
type
CreateRoleRequest
struct
{
// The `parent` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `parent` value format is described below:
//
// - [`projects.roles.create()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/create):
// `projects/{PROJECT_ID}`. This method creates project-level
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
//
// - [`organizations.roles.create()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/create):
// `organizations/{ORGANIZATION_ID}`. This method creates organization-level
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Parent
string
`protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// The role ID to use for this role.
//
// A role ID may contain alphanumeric characters, underscores (`_`), and
// periods (`.`). It must contain a minimum of 3 characters and a maximum of
// 64 characters.
RoleId
string
`protobuf:"bytes,2,opt,name=role_id,json=roleId,proto3" json:"role_id,omitempty"`
// The Role resource to create.
Role
*
Role
`protobuf:"bytes,3,opt,name=role,proto3" json:"role,omitempty"`
// contains filtered or unexported fields
}
The request to create a new role.
func (*CreateRoleRequest) Descriptor
func
(
*
CreateRoleRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CreateRoleRequest.ProtoReflect.Descriptor instead.
func (*CreateRoleRequest) GetParent
func
(
x
*
CreateRoleRequest
)
GetParent
()
string
func (*CreateRoleRequest) GetRole
func
(
x
*
CreateRoleRequest
)
GetRole
()
*
Role
func (*CreateRoleRequest) GetRoleId
func
(
x
*
CreateRoleRequest
)
GetRoleId
()
string
func (*CreateRoleRequest) ProtoMessage
func
(
*
CreateRoleRequest
)
ProtoMessage
()
func (*CreateRoleRequest) ProtoReflect
func
(
x
*
CreateRoleRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*CreateRoleRequest) Reset
func
(
x
*
CreateRoleRequest
)
Reset
()
func (*CreateRoleRequest) String
func
(
x
*
CreateRoleRequest
)
String
()
string
CreateServiceAccountKeyRequest
type
CreateServiceAccountKeyRequest
struct
{
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The output format of the private key. The default value is
// `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File
// format.
PrivateKeyType
ServiceAccountPrivateKeyType
`protobuf:"varint,2,opt,name=private_key_type,json=privateKeyType,proto3,enum=google.iam.admin.v1.ServiceAccountPrivateKeyType" json:"private_key_type,omitempty"`
// Which type of key and algorithm to use for the key.
// The default is currently a 2K RSA key. However this may change in the
// future.
KeyAlgorithm
ServiceAccountKeyAlgorithm
`protobuf:"varint,3,opt,name=key_algorithm,json=keyAlgorithm,proto3,enum=google.iam.admin.v1.ServiceAccountKeyAlgorithm" json:"key_algorithm,omitempty"`
// contains filtered or unexported fields
}
The service account key create request.
func (*CreateServiceAccountKeyRequest) Descriptor
func
(
*
CreateServiceAccountKeyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CreateServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (*CreateServiceAccountKeyRequest) GetKeyAlgorithm
func
(
x
*
CreateServiceAccountKeyRequest
)
GetKeyAlgorithm
()
ServiceAccountKeyAlgorithm
func (*CreateServiceAccountKeyRequest) GetName
func
(
x
*
CreateServiceAccountKeyRequest
)
GetName
()
string
func (*CreateServiceAccountKeyRequest) GetPrivateKeyType
func
(
x
*
CreateServiceAccountKeyRequest
)
GetPrivateKeyType
()
ServiceAccountPrivateKeyType
func (*CreateServiceAccountKeyRequest) ProtoMessage
func
(
*
CreateServiceAccountKeyRequest
)
ProtoMessage
()
func (*CreateServiceAccountKeyRequest) ProtoReflect
func
(
x
*
CreateServiceAccountKeyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*CreateServiceAccountKeyRequest) Reset
func
(
x
*
CreateServiceAccountKeyRequest
)
Reset
()
func (*CreateServiceAccountKeyRequest) String
func
(
x
*
CreateServiceAccountKeyRequest
)
String
()
string
CreateServiceAccountRequest
type
CreateServiceAccountRequest
struct
{
// Required. The resource name of the project associated with the service
// accounts, such as `projects/my-project-123`.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. The account id that is used to generate the service account
// email address and a stable unique id. It is unique within a project,
// must be 6-30 characters long, and match the regular expression
// `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
AccountId
string
`protobuf:"bytes,2,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"`
// The [ServiceAccount][google.iam.admin.v1.ServiceAccount] resource to
// create. Currently, only the following values are user assignable:
// `display_name` and `description`.
ServiceAccount
*
ServiceAccount
`protobuf:"bytes,3,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
// contains filtered or unexported fields
}
The service account create request.
func (*CreateServiceAccountRequest) Descriptor
func
(
*
CreateServiceAccountRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use CreateServiceAccountRequest.ProtoReflect.Descriptor instead.
func (*CreateServiceAccountRequest) GetAccountId
func
(
x
*
CreateServiceAccountRequest
)
GetAccountId
()
string
func (*CreateServiceAccountRequest) GetName
func
(
x
*
CreateServiceAccountRequest
)
GetName
()
string
func (*CreateServiceAccountRequest) GetServiceAccount
func
(
x
*
CreateServiceAccountRequest
)
GetServiceAccount
()
*
ServiceAccount
func (*CreateServiceAccountRequest) ProtoMessage
func
(
*
CreateServiceAccountRequest
)
ProtoMessage
()
func (*CreateServiceAccountRequest) ProtoReflect
func
(
x
*
CreateServiceAccountRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*CreateServiceAccountRequest) Reset
func
(
x
*
CreateServiceAccountRequest
)
Reset
()
func (*CreateServiceAccountRequest) String
func
(
x
*
CreateServiceAccountRequest
)
String
()
string
DeleteRoleRequest
type
DeleteRoleRequest
struct
{
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`projects.roles.delete()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/delete):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.delete()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/delete):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// deletes only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Used to perform a consistent read-modify-write.
Etag
[]
byte
`protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}
The request to delete an existing role.
func (*DeleteRoleRequest) Descriptor
func
(
*
DeleteRoleRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use DeleteRoleRequest.ProtoReflect.Descriptor instead.
func (*DeleteRoleRequest) GetEtag
func
(
x
*
DeleteRoleRequest
)
GetEtag
()
[]
byte
func (*DeleteRoleRequest) GetName
func
(
x
*
DeleteRoleRequest
)
GetName
()
string
func (*DeleteRoleRequest) ProtoMessage
func
(
*
DeleteRoleRequest
)
ProtoMessage
()
func (*DeleteRoleRequest) ProtoReflect
func
(
x
*
DeleteRoleRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*DeleteRoleRequest) Reset
func
(
x
*
DeleteRoleRequest
)
Reset
()
func (*DeleteRoleRequest) String
func
(
x
*
DeleteRoleRequest
)
String
()
string
DeleteServiceAccountKeyRequest
type
DeleteServiceAccountKeyRequest
struct
{
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account key delete request.
func (*DeleteServiceAccountKeyRequest) Descriptor
func
(
*
DeleteServiceAccountKeyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use DeleteServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (*DeleteServiceAccountKeyRequest) GetName
func
(
x
*
DeleteServiceAccountKeyRequest
)
GetName
()
string
func (*DeleteServiceAccountKeyRequest) ProtoMessage
func
(
*
DeleteServiceAccountKeyRequest
)
ProtoMessage
()
func (*DeleteServiceAccountKeyRequest) ProtoReflect
func
(
x
*
DeleteServiceAccountKeyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*DeleteServiceAccountKeyRequest) Reset
func
(
x
*
DeleteServiceAccountKeyRequest
)
Reset
()
func (*DeleteServiceAccountKeyRequest) String
func
(
x
*
DeleteServiceAccountKeyRequest
)
String
()
string
DeleteServiceAccountRequest
type
DeleteServiceAccountRequest
struct
{
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account delete request.
func (*DeleteServiceAccountRequest) Descriptor
func
(
*
DeleteServiceAccountRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use DeleteServiceAccountRequest.ProtoReflect.Descriptor instead.
func (*DeleteServiceAccountRequest) GetName
func
(
x
*
DeleteServiceAccountRequest
)
GetName
()
string
func (*DeleteServiceAccountRequest) ProtoMessage
func
(
*
DeleteServiceAccountRequest
)
ProtoMessage
()
func (*DeleteServiceAccountRequest) ProtoReflect
func
(
x
*
DeleteServiceAccountRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*DeleteServiceAccountRequest) Reset
func
(
x
*
DeleteServiceAccountRequest
)
Reset
()
func (*DeleteServiceAccountRequest) String
func
(
x
*
DeleteServiceAccountRequest
)
String
()
string
DisableServiceAccountKeyRequest
type
DisableServiceAccountKeyRequest
struct
{
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
//
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account key disable request.
func (*DisableServiceAccountKeyRequest) Descriptor
func
(
*
DisableServiceAccountKeyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use DisableServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (*DisableServiceAccountKeyRequest) GetName
func
(
x
*
DisableServiceAccountKeyRequest
)
GetName
()
string
func (*DisableServiceAccountKeyRequest) ProtoMessage
func
(
*
DisableServiceAccountKeyRequest
)
ProtoMessage
()
func (*DisableServiceAccountKeyRequest) ProtoReflect
func
(
x
*
DisableServiceAccountKeyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*DisableServiceAccountKeyRequest) Reset
func
(
x
*
DisableServiceAccountKeyRequest
)
Reset
()
func (*DisableServiceAccountKeyRequest) String
func
(
x
*
DisableServiceAccountKeyRequest
)
String
()
string
DisableServiceAccountRequest
type
DisableServiceAccountRequest
struct
{
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account disable request.
func (*DisableServiceAccountRequest) Descriptor
func
(
*
DisableServiceAccountRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use DisableServiceAccountRequest.ProtoReflect.Descriptor instead.
func (*DisableServiceAccountRequest) GetName
func
(
x
*
DisableServiceAccountRequest
)
GetName
()
string
func (*DisableServiceAccountRequest) ProtoMessage
func
(
*
DisableServiceAccountRequest
)
ProtoMessage
()
func (*DisableServiceAccountRequest) ProtoReflect
func
(
x
*
DisableServiceAccountRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*DisableServiceAccountRequest) Reset
func
(
x
*
DisableServiceAccountRequest
)
Reset
()
func (*DisableServiceAccountRequest) String
func
(
x
*
DisableServiceAccountRequest
)
String
()
string
EnableServiceAccountKeyRequest
type
EnableServiceAccountKeyRequest
struct
{
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
//
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account key enable request.
func (*EnableServiceAccountKeyRequest) Descriptor
func
(
*
EnableServiceAccountKeyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use EnableServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (*EnableServiceAccountKeyRequest) GetName
func
(
x
*
EnableServiceAccountKeyRequest
)
GetName
()
string
func (*EnableServiceAccountKeyRequest) ProtoMessage
func
(
*
EnableServiceAccountKeyRequest
)
ProtoMessage
()
func (*EnableServiceAccountKeyRequest) ProtoReflect
func
(
x
*
EnableServiceAccountKeyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*EnableServiceAccountKeyRequest) Reset
func
(
x
*
EnableServiceAccountKeyRequest
)
Reset
()
func (*EnableServiceAccountKeyRequest) String
func
(
x
*
EnableServiceAccountKeyRequest
)
String
()
string
EnableServiceAccountRequest
type
EnableServiceAccountRequest
struct
{
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account enable request.
func (*EnableServiceAccountRequest) Descriptor
func
(
*
EnableServiceAccountRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use EnableServiceAccountRequest.ProtoReflect.Descriptor instead.
func (*EnableServiceAccountRequest) GetName
func
(
x
*
EnableServiceAccountRequest
)
GetName
()
string
func (*EnableServiceAccountRequest) ProtoMessage
func
(
*
EnableServiceAccountRequest
)
ProtoMessage
()
func (*EnableServiceAccountRequest) ProtoReflect
func
(
x
*
EnableServiceAccountRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*EnableServiceAccountRequest) Reset
func
(
x
*
EnableServiceAccountRequest
)
Reset
()
func (*EnableServiceAccountRequest) String
func
(
x
*
EnableServiceAccountRequest
)
String
()
string
GetRoleRequest
type
GetRoleRequest
struct
{
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles),
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles),
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`roles.get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`.
// This method returns results from all
// [predefined
// roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles)
// in Cloud IAM. Example request URL:
// `https://iam.googleapis.com/v1/roles/{ROLE_NAME}`
//
// - [`projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/get):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/get):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// returns only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The request to get the definition of an existing role.
func (*GetRoleRequest) Descriptor
func
(
*
GetRoleRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use GetRoleRequest.ProtoReflect.Descriptor instead.
func (*GetRoleRequest) GetName
func
(
x
*
GetRoleRequest
)
GetName
()
string
func (*GetRoleRequest) ProtoMessage
func
(
*
GetRoleRequest
)
ProtoMessage
()
func (*GetRoleRequest) ProtoReflect
func
(
x
*
GetRoleRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*GetRoleRequest) Reset
func
(
x
*
GetRoleRequest
)
Reset
()
func (*GetRoleRequest) String
func
(
x
*
GetRoleRequest
)
String
()
string
GetServiceAccountKeyRequest
type
GetServiceAccountKeyRequest
struct
{
// Required. The resource name of the service account key in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
//
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The output format of the public key. The default is `TYPE_NONE`, which
// means that the public key is not returned.
PublicKeyType
ServiceAccountPublicKeyType
`protobuf:"varint,2,opt,name=public_key_type,json=publicKeyType,proto3,enum=google.iam.admin.v1.ServiceAccountPublicKeyType" json:"public_key_type,omitempty"`
// contains filtered or unexported fields
}
The service account key get by id request.
func (*GetServiceAccountKeyRequest) Descriptor
func
(
*
GetServiceAccountKeyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use GetServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (*GetServiceAccountKeyRequest) GetName
func
(
x
*
GetServiceAccountKeyRequest
)
GetName
()
string
func (*GetServiceAccountKeyRequest) GetPublicKeyType
func
(
x
*
GetServiceAccountKeyRequest
)
GetPublicKeyType
()
ServiceAccountPublicKeyType
func (*GetServiceAccountKeyRequest) ProtoMessage
func
(
*
GetServiceAccountKeyRequest
)
ProtoMessage
()
func (*GetServiceAccountKeyRequest) ProtoReflect
func
(
x
*
GetServiceAccountKeyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*GetServiceAccountKeyRequest) Reset
func
(
x
*
GetServiceAccountKeyRequest
)
Reset
()
func (*GetServiceAccountKeyRequest) String
func
(
x
*
GetServiceAccountKeyRequest
)
String
()
string
GetServiceAccountRequest
type
GetServiceAccountRequest
struct
{
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account get request.
func (*GetServiceAccountRequest) Descriptor
func
(
*
GetServiceAccountRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use GetServiceAccountRequest.ProtoReflect.Descriptor instead.
func (*GetServiceAccountRequest) GetName
func
(
x
*
GetServiceAccountRequest
)
GetName
()
string
func (*GetServiceAccountRequest) ProtoMessage
func
(
*
GetServiceAccountRequest
)
ProtoMessage
()
func (*GetServiceAccountRequest) ProtoReflect
func
(
x
*
GetServiceAccountRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*GetServiceAccountRequest) Reset
func
(
x
*
GetServiceAccountRequest
)
Reset
()
func (*GetServiceAccountRequest) String
func
(
x
*
GetServiceAccountRequest
)
String
()
string
IAMClient
type
IAMClient
interface
{
// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
ListServiceAccounts
(
ctx
context
.
Context
,
in
*
ListServiceAccountsRequest
,
opts
...
grpc
.
CallOption
)
(
*
ListServiceAccountsResponse
,
error
)
// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
GetServiceAccount
(
ctx
context
.
Context
,
in
*
GetServiceAccountRequest
,
opts
...
grpc
.
CallOption
)
(
*
ServiceAccount
,
error
)
// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
CreateServiceAccount
(
ctx
context
.
Context
,
in
*
CreateServiceAccountRequest
,
opts
...
grpc
.
CallOption
)
(
*
ServiceAccount
,
error
)
// **Note:** We are in the process of deprecating this method. Use
// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
//
// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// You can update only the `display_name` field.
UpdateServiceAccount
(
ctx
context
.
Context
,
in
*
ServiceAccount
,
opts
...
grpc
.
CallOption
)
(
*
ServiceAccount
,
error
)
// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
PatchServiceAccount
(
ctx
context
.
Context
,
in
*
PatchServiceAccountRequest
,
opts
...
grpc
.
CallOption
)
(
*
ServiceAccount
,
error
)
// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Warning:** After you delete a service account, you might not be able to
// undelete it. If you know that you need to re-enable the service account in
// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
//
// If you delete a service account, IAM permanently removes the service
// account 30 days later. Google Cloud cannot recover the service account
// after it is permanently removed, even if you file a support request.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
// service account, then wait at least 24 hours and watch for unintended
// consequences. If there are no unintended consequences, you can delete the
// service account.
DeleteServiceAccount
(
ctx
context
.
Context
,
in
*
DeleteServiceAccountRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Important:** It is not always possible to restore a deleted service
// account. Use this method only as a last resort.
//
// After you delete a service account, IAM permanently removes the service
// account 30 days later. There is no way to restore a deleted service account
// that has been permanently removed.
UndeleteServiceAccount
(
ctx
context
.
Context
,
in
*
UndeleteServiceAccountRequest
,
opts
...
grpc
.
CallOption
)
(
*
UndeleteServiceAccountResponse
,
error
)
// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
//
// If the service account is already enabled, then this method has no effect.
//
// If the service account was disabled by other means—for example, if Google
// disabled the service account because it was compromised—you cannot use this
// method to enable the service account.
EnableServiceAccount
(
ctx
context
.
Context
,
in
*
EnableServiceAccountRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
//
// If an application uses the service account to authenticate, that
// application can no longer call Google APIs or access Google Cloud
// resources. Existing access tokens for the service account are rejected, and
// requests for new access tokens will fail.
//
// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
// re-enable the service account, its existing access tokens will be accepted,
// and you can request new access tokens.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use this method to disable the service
// account, then wait at least 24 hours and watch for unintended consequences.
// If there are no unintended consequences, you can delete the service account
// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
DisableServiceAccount
(
ctx
context
.
Context
,
in
*
DisableServiceAccountRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
ListServiceAccountKeys
(
ctx
context
.
Context
,
in
*
ListServiceAccountKeysRequest
,
opts
...
grpc
.
CallOption
)
(
*
ListServiceAccountKeysResponse
,
error
)
// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
GetServiceAccountKey
(
ctx
context
.
Context
,
in
*
GetServiceAccountKeyRequest
,
opts
...
grpc
.
CallOption
)
(
*
ServiceAccountKey
,
error
)
// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
CreateServiceAccountKey
(
ctx
context
.
Context
,
in
*
CreateServiceAccountKeyRequest
,
opts
...
grpc
.
CallOption
)
(
*
ServiceAccountKey
,
error
)
// Uploads the public key portion of a key pair that you manage, and
// associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// After you upload the public key, you can use the private key from the key
// pair as a service account key.
UploadServiceAccountKey
(
ctx
context
.
Context
,
in
*
UploadServiceAccountKeyRequest
,
opts
...
grpc
.
CallOption
)
(
*
ServiceAccountKey
,
error
)
// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
// revoke short-lived credentials that have been issued based on the service
// account key.
DeleteServiceAccountKey
(
ctx
context
.
Context
,
in
*
DeleteServiceAccountKeyRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
// Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. A disabled service account key can be
// re-enabled with [EnableServiceAccountKey][google.iam.admin.v1.IAM.EnableServiceAccountKey].
DisableServiceAccountKey
(
ctx
context
.
Context
,
in
*
DisableServiceAccountKeyRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
// Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
EnableServiceAccountKey
(
ctx
context
.
Context
,
in
*
EnableServiceAccountKeyRequest
,
opts
...
grpc
.
CallOption
)
(
*
emptypb
.
Empty
,
error
)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignBlob
(
ctx
context
.
Context
,
in
*
SignBlobRequest
,
opts
...
grpc
.
CallOption
)
(
*
SignBlobResponse
,
error
)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a JSON Web Token (JWT) using the system-managed private key for a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignJwt
(
ctx
context
.
Context
,
in
*
SignJwtRequest
,
opts
...
grpc
.
CallOption
)
(
*
SignJwtResponse
,
error
)
// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
// policy specifies which principals have access to the service account.
//
// This method does not tell you whether the service account has been granted
// any roles on other resources. To check whether a service account has role
// grants on a resource, use the `getIamPolicy` method for that resource. For
// example, to view the role grants for a project, call the Resource Manager
// API's
// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
// method.
GetIamPolicy
(
ctx
context
.
Context
,
in
*
iampb
.
GetIamPolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
iampb
.
Policy
,
error
)
// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// Use this method to grant or revoke access to the service account. For
// example, you could grant a principal the ability to impersonate the service
// account.
//
// This method does not enable the service account to access other resources.
// To grant roles to a service account on a resource, follow these steps:
//
// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
// 2. Edit the policy so that it binds the service account to an IAM role for
// the resource.
// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
//
// For detailed instructions, see
// [Manage access to project, folders, and
// organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts)
// or [Manage access to other
// resources](https://cloud.google.com/iam/help/access/manage-other-resources).
SetIamPolicy
(
ctx
context
.
Context
,
in
*
iampb
.
SetIamPolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
iampb
.
Policy
,
error
)
// Tests whether the caller has the specified permissions on a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
TestIamPermissions
(
ctx
context
.
Context
,
in
*
iampb
.
TestIamPermissionsRequest
,
opts
...
grpc
.
CallOption
)
(
*
iampb
.
TestIamPermissionsResponse
,
error
)
// Lists roles that can be granted on a Google Cloud resource. A role is
// grantable if the IAM policy for the resource can contain bindings to the
// role.
QueryGrantableRoles
(
ctx
context
.
Context
,
in
*
QueryGrantableRolesRequest
,
opts
...
grpc
.
CallOption
)
(
*
QueryGrantableRolesResponse
,
error
)
// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
// that is defined for an organization or project.
ListRoles
(
ctx
context
.
Context
,
in
*
ListRolesRequest
,
opts
...
grpc
.
CallOption
)
(
*
ListRolesResponse
,
error
)
// Gets the definition of a [Role][google.iam.admin.v1.Role].
GetRole
(
ctx
context
.
Context
,
in
*
GetRoleRequest
,
opts
...
grpc
.
CallOption
)
(
*
Role
,
error
)
// Creates a new custom [Role][google.iam.admin.v1.Role].
CreateRole
(
ctx
context
.
Context
,
in
*
CreateRoleRequest
,
opts
...
grpc
.
CallOption
)
(
*
Role
,
error
)
// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
UpdateRole
(
ctx
context
.
Context
,
in
*
UpdateRoleRequest
,
opts
...
grpc
.
CallOption
)
(
*
Role
,
error
)
// Deletes a custom [Role][google.iam.admin.v1.Role].
//
// When you delete a custom role, the following changes occur immediately:
//
// * You cannot bind a principal to the custom role in an IAM
// [Policy][google.iam.v1.Policy].
// * Existing bindings to the custom role are not changed, but they have no
// effect.
// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
// role.
//
// You have 7 days to undelete the custom role. After 7 days, the following
// changes occur:
//
// * The custom role is permanently deleted and cannot be recovered.
// * If an IAM policy contains a binding to the custom role, the binding is
// permanently removed.
DeleteRole
(
ctx
context
.
Context
,
in
*
DeleteRoleRequest
,
opts
...
grpc
.
CallOption
)
(
*
Role
,
error
)
// Undeletes a custom [Role][google.iam.admin.v1.Role].
UndeleteRole
(
ctx
context
.
Context
,
in
*
UndeleteRoleRequest
,
opts
...
grpc
.
CallOption
)
(
*
Role
,
error
)
// Lists every permission that you can test on a resource. A permission is
// testable if you can check whether a principal has that permission on the
// resource.
QueryTestablePermissions
(
ctx
context
.
Context
,
in
*
QueryTestablePermissionsRequest
,
opts
...
grpc
.
CallOption
)
(
*
QueryTestablePermissionsResponse
,
error
)
// Returns a list of services that allow you to opt into audit logs that are
// not generated by default.
//
// To learn more about audit logs, see the [Logging
// documentation](https://cloud.google.com/logging/docs/audit).
QueryAuditableServices
(
ctx
context
.
Context
,
in
*
QueryAuditableServicesRequest
,
opts
...
grpc
.
CallOption
)
(
*
QueryAuditableServicesResponse
,
error
)
// Lints, or validates, an IAM policy. Currently checks the
// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
// expression for a role binding.
//
// Successful calls to this method always return an HTTP `200 OK` status code,
// even if the linter detects an issue in the IAM policy.
LintPolicy
(
ctx
context
.
Context
,
in
*
LintPolicyRequest
,
opts
...
grpc
.
CallOption
)
(
*
LintPolicyResponse
,
error
)
}
IAMClient is the client API for IAM service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream .
func NewIAMClient
func
NewIAMClient
(
cc
grpc
.
ClientConnInterface
)
IAMClient
IAMServer
type
IAMServer
interface
{
// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
ListServiceAccounts
(
context
.
Context
,
*
ListServiceAccountsRequest
)
(
*
ListServiceAccountsResponse
,
error
)
// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
GetServiceAccount
(
context
.
Context
,
*
GetServiceAccountRequest
)
(
*
ServiceAccount
,
error
)
// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
CreateServiceAccount
(
context
.
Context
,
*
CreateServiceAccountRequest
)
(
*
ServiceAccount
,
error
)
// **Note:** We are in the process of deprecating this method. Use
// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
//
// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// You can update only the `display_name` field.
UpdateServiceAccount
(
context
.
Context
,
*
ServiceAccount
)
(
*
ServiceAccount
,
error
)
// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
PatchServiceAccount
(
context
.
Context
,
*
PatchServiceAccountRequest
)
(
*
ServiceAccount
,
error
)
// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Warning:** After you delete a service account, you might not be able to
// undelete it. If you know that you need to re-enable the service account in
// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
//
// If you delete a service account, IAM permanently removes the service
// account 30 days later. Google Cloud cannot recover the service account
// after it is permanently removed, even if you file a support request.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
// service account, then wait at least 24 hours and watch for unintended
// consequences. If there are no unintended consequences, you can delete the
// service account.
DeleteServiceAccount
(
context
.
Context
,
*
DeleteServiceAccountRequest
)
(
*
emptypb
.
Empty
,
error
)
// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// **Important:** It is not always possible to restore a deleted service
// account. Use this method only as a last resort.
//
// After you delete a service account, IAM permanently removes the service
// account 30 days later. There is no way to restore a deleted service account
// that has been permanently removed.
UndeleteServiceAccount
(
context
.
Context
,
*
UndeleteServiceAccountRequest
)
(
*
UndeleteServiceAccountResponse
,
error
)
// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
//
// If the service account is already enabled, then this method has no effect.
//
// If the service account was disabled by other means—for example, if Google
// disabled the service account because it was compromised—you cannot use this
// method to enable the service account.
EnableServiceAccount
(
context
.
Context
,
*
EnableServiceAccountRequest
)
(
*
emptypb
.
Empty
,
error
)
// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
//
// If an application uses the service account to authenticate, that
// application can no longer call Google APIs or access Google Cloud
// resources. Existing access tokens for the service account are rejected, and
// requests for new access tokens will fail.
//
// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
// re-enable the service account, its existing access tokens will be accepted,
// and you can request new access tokens.
//
// To help avoid unplanned outages, we recommend that you disable the service
// account before you delete it. Use this method to disable the service
// account, then wait at least 24 hours and watch for unintended consequences.
// If there are no unintended consequences, you can delete the service account
// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
DisableServiceAccount
(
context
.
Context
,
*
DisableServiceAccountRequest
)
(
*
emptypb
.
Empty
,
error
)
// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
ListServiceAccountKeys
(
context
.
Context
,
*
ListServiceAccountKeysRequest
)
(
*
ListServiceAccountKeysResponse
,
error
)
// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
GetServiceAccountKey
(
context
.
Context
,
*
GetServiceAccountKeyRequest
)
(
*
ServiceAccountKey
,
error
)
// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
CreateServiceAccountKey
(
context
.
Context
,
*
CreateServiceAccountKeyRequest
)
(
*
ServiceAccountKey
,
error
)
// Uploads the public key portion of a key pair that you manage, and
// associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// After you upload the public key, you can use the private key from the key
// pair as a service account key.
UploadServiceAccountKey
(
context
.
Context
,
*
UploadServiceAccountKeyRequest
)
(
*
ServiceAccountKey
,
error
)
// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
// revoke short-lived credentials that have been issued based on the service
// account key.
DeleteServiceAccountKey
(
context
.
Context
,
*
DeleteServiceAccountKeyRequest
)
(
*
emptypb
.
Empty
,
error
)
// Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. A disabled service account key can be
// re-enabled with [EnableServiceAccountKey][google.iam.admin.v1.IAM.EnableServiceAccountKey].
DisableServiceAccountKey
(
context
.
Context
,
*
DisableServiceAccountKeyRequest
)
(
*
emptypb
.
Empty
,
error
)
// Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
EnableServiceAccountKey
(
context
.
Context
,
*
EnableServiceAccountKeyRequest
)
(
*
emptypb
.
Empty
,
error
)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignBlob
(
context
.
Context
,
*
SignBlobRequest
)
(
*
SignBlobResponse
,
error
)
// Deprecated: Do not use.
// **Note:** This method is deprecated. Use the
// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
// method in the IAM Service Account Credentials API instead. If you currently
// use this method, see the [migration
// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
// instructions.
//
// Signs a JSON Web Token (JWT) using the system-managed private key for a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
SignJwt
(
context
.
Context
,
*
SignJwtRequest
)
(
*
SignJwtResponse
,
error
)
// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
// policy specifies which principals have access to the service account.
//
// This method does not tell you whether the service account has been granted
// any roles on other resources. To check whether a service account has role
// grants on a resource, use the `getIamPolicy` method for that resource. For
// example, to view the role grants for a project, call the Resource Manager
// API's
// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
// method.
GetIamPolicy
(
context
.
Context
,
*
iampb
.
GetIamPolicyRequest
)
(
*
iampb
.
Policy
,
error
)
// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
//
// Use this method to grant or revoke access to the service account. For
// example, you could grant a principal the ability to impersonate the service
// account.
//
// This method does not enable the service account to access other resources.
// To grant roles to a service account on a resource, follow these steps:
//
// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
// 2. Edit the policy so that it binds the service account to an IAM role for
// the resource.
// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
//
// For detailed instructions, see
// [Manage access to project, folders, and
// organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts)
// or [Manage access to other
// resources](https://cloud.google.com/iam/help/access/manage-other-resources).
SetIamPolicy
(
context
.
Context
,
*
iampb
.
SetIamPolicyRequest
)
(
*
iampb
.
Policy
,
error
)
// Tests whether the caller has the specified permissions on a
// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
TestIamPermissions
(
context
.
Context
,
*
iampb
.
TestIamPermissionsRequest
)
(
*
iampb
.
TestIamPermissionsResponse
,
error
)
// Lists roles that can be granted on a Google Cloud resource. A role is
// grantable if the IAM policy for the resource can contain bindings to the
// role.
QueryGrantableRoles
(
context
.
Context
,
*
QueryGrantableRolesRequest
)
(
*
QueryGrantableRolesResponse
,
error
)
// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
// that is defined for an organization or project.
ListRoles
(
context
.
Context
,
*
ListRolesRequest
)
(
*
ListRolesResponse
,
error
)
// Gets the definition of a [Role][google.iam.admin.v1.Role].
GetRole
(
context
.
Context
,
*
GetRoleRequest
)
(
*
Role
,
error
)
// Creates a new custom [Role][google.iam.admin.v1.Role].
CreateRole
(
context
.
Context
,
*
CreateRoleRequest
)
(
*
Role
,
error
)
// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
UpdateRole
(
context
.
Context
,
*
UpdateRoleRequest
)
(
*
Role
,
error
)
// Deletes a custom [Role][google.iam.admin.v1.Role].
//
// When you delete a custom role, the following changes occur immediately:
//
// * You cannot bind a principal to the custom role in an IAM
// [Policy][google.iam.v1.Policy].
// * Existing bindings to the custom role are not changed, but they have no
// effect.
// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
// role.
//
// You have 7 days to undelete the custom role. After 7 days, the following
// changes occur:
//
// * The custom role is permanently deleted and cannot be recovered.
// * If an IAM policy contains a binding to the custom role, the binding is
// permanently removed.
DeleteRole
(
context
.
Context
,
*
DeleteRoleRequest
)
(
*
Role
,
error
)
// Undeletes a custom [Role][google.iam.admin.v1.Role].
UndeleteRole
(
context
.
Context
,
*
UndeleteRoleRequest
)
(
*
Role
,
error
)
// Lists every permission that you can test on a resource. A permission is
// testable if you can check whether a principal has that permission on the
// resource.
QueryTestablePermissions
(
context
.
Context
,
*
QueryTestablePermissionsRequest
)
(
*
QueryTestablePermissionsResponse
,
error
)
// Returns a list of services that allow you to opt into audit logs that are
// not generated by default.
//
// To learn more about audit logs, see the [Logging
// documentation](https://cloud.google.com/logging/docs/audit).
QueryAuditableServices
(
context
.
Context
,
*
QueryAuditableServicesRequest
)
(
*
QueryAuditableServicesResponse
,
error
)
// Lints, or validates, an IAM policy. Currently checks the
// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
// expression for a role binding.
//
// Successful calls to this method always return an HTTP `200 OK` status code,
// even if the linter detects an issue in the IAM policy.
LintPolicy
(
context
.
Context
,
*
LintPolicyRequest
)
(
*
LintPolicyResponse
,
error
)
}
IAMServer is the server API for IAM service.
LintPolicyRequest
type
LintPolicyRequest
struct
{
// The full resource name of the policy this lint request is about.
//
// The name follows the Google Cloud Platform (GCP) resource format.
// For example, a GCP project with ID `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
//
// The resource name is not used to read the policy instance from the Cloud
// IAM database. The candidate policy for lint has to be provided in the same
// request object.
FullResourceName
string
`protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// Required. The Cloud IAM object to be linted.
//
// Types that are assignable to LintObject:
//
// *LintPolicyRequest_Condition
LintObject
isLintPolicyRequest_LintObject
`protobuf_oneof:"lint_object"`
// contains filtered or unexported fields
}
The request to lint a Cloud IAM policy object.
func (*LintPolicyRequest) Descriptor
func
(
*
LintPolicyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use LintPolicyRequest.ProtoReflect.Descriptor instead.
func (*LintPolicyRequest) GetCondition
func
(
x
*
LintPolicyRequest
)
GetCondition
()
*
expr
.
Expr
func (*LintPolicyRequest) GetFullResourceName
func
(
x
*
LintPolicyRequest
)
GetFullResourceName
()
string
func (*LintPolicyRequest) GetLintObject
func
(
m
*
LintPolicyRequest
)
GetLintObject
()
isLintPolicyRequest_LintObject
func (*LintPolicyRequest) ProtoMessage
func
(
*
LintPolicyRequest
)
ProtoMessage
()
func (*LintPolicyRequest) ProtoReflect
func
(
x
*
LintPolicyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*LintPolicyRequest) Reset
func
(
x
*
LintPolicyRequest
)
Reset
()
func (*LintPolicyRequest) String
func
(
x
*
LintPolicyRequest
)
String
()
string
LintPolicyRequest_Condition
type
LintPolicyRequest_Condition
struct
{
// [google.iam.v1.Binding.condition] [google.iam.v1.Binding.condition] object to be linted.
Condition
*
expr
.
Expr
`protobuf:"bytes,5,opt,name=condition,proto3,oneof"`
}
LintPolicyResponse
type
LintPolicyResponse
struct
{
// List of lint results sorted by `severity` in descending order.
LintResults
[]
*
LintResult
`protobuf:"bytes,1,rep,name=lint_results,json=lintResults,proto3" json:"lint_results,omitempty"`
// contains filtered or unexported fields
}
The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.
func (*LintPolicyResponse) Descriptor
func
(
*
LintPolicyResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use LintPolicyResponse.ProtoReflect.Descriptor instead.
func (*LintPolicyResponse) GetLintResults
func
(
x
*
LintPolicyResponse
)
GetLintResults
()
[]
*
LintResult
func (*LintPolicyResponse) ProtoMessage
func
(
*
LintPolicyResponse
)
ProtoMessage
()
func (*LintPolicyResponse) ProtoReflect
func
(
x
*
LintPolicyResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*LintPolicyResponse) Reset
func
(
x
*
LintPolicyResponse
)
Reset
()
func (*LintPolicyResponse) String
func
(
x
*
LintPolicyResponse
)
String
()
string
LintResult
type
LintResult
struct
{
// The validation unit level.
Level
LintResult_Level
`protobuf:"varint,1,opt,name=level,proto3,enum=google.iam.admin.v1.LintResult_Level" json:"level,omitempty"`
// The validation unit name, for instance
// "lintValidationUnits/ConditionComplexityCheck".
ValidationUnitName
string
`protobuf:"bytes,2,opt,name=validation_unit_name,json=validationUnitName,proto3" json:"validation_unit_name,omitempty"`
// The validation unit severity.
Severity
LintResult_Severity
`protobuf:"varint,3,opt,name=severity,proto3,enum=google.iam.admin.v1.LintResult_Severity" json:"severity,omitempty"`
// The name of the field for which this lint result is about.
//
// For nested messages `field_name` consists of names of the embedded fields
// separated by period character. The top-level qualifier is the input object
// to lint in the request. For example, the `field_name` value
// `condition.expression` identifies a lint result for the `expression` field
// of the provided condition.
FieldName
string
`protobuf:"bytes,5,opt,name=field_name,json=fieldName,proto3" json:"field_name,omitempty"`
// 0-based character position of problematic construct within the object
// identified by `field_name`. Currently, this is populated only for condition
// expression.
LocationOffset
int32
`protobuf:"varint,6,opt,name=location_offset,json=locationOffset,proto3" json:"location_offset,omitempty"`
// Human readable debug message associated with the issue.
DebugMessage
string
`protobuf:"bytes,7,opt,name=debug_message,json=debugMessage,proto3" json:"debug_message,omitempty"`
// contains filtered or unexported fields
}
Structured response of a single validation unit.
func (*LintResult) Descriptor
func
(
*
LintResult
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use LintResult.ProtoReflect.Descriptor instead.
func (*LintResult) GetDebugMessage
func
(
x
*
LintResult
)
GetDebugMessage
()
string
func (*LintResult) GetFieldName
func
(
x
*
LintResult
)
GetFieldName
()
string
func (*LintResult) GetLevel
func
(
x
*
LintResult
)
GetLevel
()
LintResult_Level
func (*LintResult) GetLocationOffset
func
(
x
*
LintResult
)
GetLocationOffset
()
int32
func (*LintResult) GetSeverity
func
(
x
*
LintResult
)
GetSeverity
()
LintResult_Severity
func (*LintResult) GetValidationUnitName
func
(
x
*
LintResult
)
GetValidationUnitName
()
string
func (*LintResult) ProtoMessage
func
(
*
LintResult
)
ProtoMessage
()
func (*LintResult) ProtoReflect
func
(
x
*
LintResult
)
ProtoReflect
()
protoreflect
.
Message
func (*LintResult) Reset
func
(
x
*
LintResult
)
Reset
()
func (*LintResult) String
func
(
x
*
LintResult
)
String
()
string
LintResult_Level
type
LintResult_Level
int32
Possible Level values of a validation unit corresponding to its domain of discourse.
LintResult_LEVEL_UNSPECIFIED, LintResult_CONDITION
const
(
// Level is unspecified.
LintResult_LEVEL_UNSPECIFIED
LintResult_Level
=
0
// A validation unit which operates on an individual condition within a
// binding.
LintResult_CONDITION
LintResult_Level
=
3
)
func (LintResult_Level) Descriptor
func
(
LintResult_Level
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (LintResult_Level) Enum
func
(
x
LintResult_Level
)
Enum
()
*
LintResult_Level
func (LintResult_Level) EnumDescriptor
func
(
LintResult_Level
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use LintResult_Level.Descriptor instead.
func (LintResult_Level) Number
func
(
x
LintResult_Level
)
Number
()
protoreflect
.
EnumNumber
func (LintResult_Level) String
func
(
x
LintResult_Level
)
String
()
string
func (LintResult_Level) Type
func
(
LintResult_Level
)
Type
()
protoreflect
.
EnumType
LintResult_Severity
type
LintResult_Severity
int32
Possible Severity values of an issued result.
LintResult_SEVERITY_UNSPECIFIED, LintResult_ERROR, LintResult_WARNING, LintResult_NOTICE, LintResult_INFO, LintResult_DEPRECATED
const
(
// Severity is unspecified.
LintResult_SEVERITY_UNSPECIFIED
LintResult_Severity
=
0
// A validation unit returns an error only for critical issues. If an
// attempt is made to set the problematic policy without rectifying the
// critical issue, it causes the `setPolicy` operation to fail.
LintResult_ERROR
LintResult_Severity
=
1
// Any issue which is severe enough but does not cause an error.
// For example, suspicious constructs in the input object will not
// necessarily fail `setPolicy`, but there is a high likelihood that they
// won't behave as expected during policy evaluation in `checkPolicy`.
// This includes the following common scenarios:
//
// - Unsatisfiable condition: Expired timestamp in date/time condition.
// - Ineffective condition: Condition on a
func (LintResult_Severity) Descriptor
func
(
LintResult_Severity
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (LintResult_Severity) Enum
func
(
x
LintResult_Severity
)
Enum
()
*
LintResult_Severity
func (LintResult_Severity) EnumDescriptor
func
(
LintResult_Severity
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use LintResult_Severity.Descriptor instead.
func (LintResult_Severity) Number
func
(
x
LintResult_Severity
)
Number
()
protoreflect
.
EnumNumber
func (LintResult_Severity) String
func
(
x
LintResult_Severity
)
String
()
string
func (LintResult_Severity) Type
func
(
LintResult_Severity
)
Type
()
protoreflect
.
EnumType
ListRolesRequest
type
ListRolesRequest
struct
{
// The `parent` parameter's value depends on the target resource for the
// request, namely
// [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles),
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles),
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `parent` value format is described below:
//
// - [`roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An empty string.
// This method doesn't require a resource; it simply returns all
// [predefined
// roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles)
// in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles`
//
// - [`projects.roles.list()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/list):
// `projects/{PROJECT_ID}`. This method lists all project-level
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
//
// - [`organizations.roles.list()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/list):
// `organizations/{ORGANIZATION_ID}`. This method lists all
// organization-level [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles).
// Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Parent
string
`protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional limit on the number of roles to include in the response.
//
// The default is 300, and the maximum is 1,000.
PageSize
int32
`protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier ListRolesResponse.
PageToken
string
`protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// Optional view for the returned Role objects. When `FULL` is specified,
// the `includedPermissions` field is returned, which includes a list of all
// permissions in the role. The default value is `BASIC`, which does not
// return the `includedPermissions` field.
View
RoleView
`protobuf:"varint,4,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
// Include Roles that have been deleted.
ShowDeleted
bool
`protobuf:"varint,6,opt,name=show_deleted,json=showDeleted,proto3" json:"show_deleted,omitempty"`
// contains filtered or unexported fields
}
The request to get all roles defined under a resource.
func (*ListRolesRequest) Descriptor
func
(
*
ListRolesRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListRolesRequest.ProtoReflect.Descriptor instead.
func (*ListRolesRequest) GetPageSize
func
(
x
*
ListRolesRequest
)
GetPageSize
()
int32
func (*ListRolesRequest) GetPageToken
func
(
x
*
ListRolesRequest
)
GetPageToken
()
string
func (*ListRolesRequest) GetParent
func
(
x
*
ListRolesRequest
)
GetParent
()
string
func (*ListRolesRequest) GetShowDeleted
func
(
x
*
ListRolesRequest
)
GetShowDeleted
()
bool
func (*ListRolesRequest) GetView
func
(
x
*
ListRolesRequest
)
GetView
()
RoleView
func (*ListRolesRequest) ProtoMessage
func
(
*
ListRolesRequest
)
ProtoMessage
()
func (*ListRolesRequest) ProtoReflect
func
(
x
*
ListRolesRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*ListRolesRequest) Reset
func
(
x
*
ListRolesRequest
)
Reset
()
func (*ListRolesRequest) String
func
(
x
*
ListRolesRequest
)
String
()
string
ListRolesResponse
type
ListRolesResponse
struct
{
// The Roles defined on this resource.
Roles
[]
*
Role
`protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
// To retrieve the next page of results, set
// `ListRolesRequest.page_token` to this value.
NextPageToken
string
`protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The response containing the roles defined under a resource.
func (*ListRolesResponse) Descriptor
func
(
*
ListRolesResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListRolesResponse.ProtoReflect.Descriptor instead.
func (*ListRolesResponse) GetNextPageToken
func
(
x
*
ListRolesResponse
)
GetNextPageToken
()
string
func (*ListRolesResponse) GetRoles
func
(
x
*
ListRolesResponse
)
GetRoles
()
[]
*
Role
func (*ListRolesResponse) ProtoMessage
func
(
*
ListRolesResponse
)
ProtoMessage
()
func (*ListRolesResponse) ProtoReflect
func
(
x
*
ListRolesResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*ListRolesResponse) Reset
func
(
x
*
ListRolesResponse
)
Reset
()
func (*ListRolesResponse) String
func
(
x
*
ListRolesResponse
)
String
()
string
ListServiceAccountKeysRequest
type
ListServiceAccountKeysRequest
struct
{
// Required. The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
//
// Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Filters the types of keys the user wants to include in the list
// response. Duplicate key types are not allowed. If no key type
// is provided, all keys are returned.
KeyTypes
[]
ListServiceAccountKeysRequest_KeyType
`protobuf:"varint,2,rep,packed,name=key_types,json=keyTypes,proto3,enum=google.iam.admin.v1.ListServiceAccountKeysRequest_KeyType" json:"key_types,omitempty"`
// contains filtered or unexported fields
}
The service account keys list request.
func (*ListServiceAccountKeysRequest) Descriptor
func
(
*
ListServiceAccountKeysRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListServiceAccountKeysRequest.ProtoReflect.Descriptor instead.
func (*ListServiceAccountKeysRequest) GetKeyTypes
func
(
x
*
ListServiceAccountKeysRequest
)
GetKeyTypes
()
[]
ListServiceAccountKeysRequest_KeyType
func (*ListServiceAccountKeysRequest) GetName
func
(
x
*
ListServiceAccountKeysRequest
)
GetName
()
string
func (*ListServiceAccountKeysRequest) ProtoMessage
func
(
*
ListServiceAccountKeysRequest
)
ProtoMessage
()
func (*ListServiceAccountKeysRequest) ProtoReflect
func
(
x
*
ListServiceAccountKeysRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*ListServiceAccountKeysRequest) Reset
func
(
x
*
ListServiceAccountKeysRequest
)
Reset
()
func (*ListServiceAccountKeysRequest) String
func
(
x
*
ListServiceAccountKeysRequest
)
String
()
string
ListServiceAccountKeysRequest_KeyType
type
ListServiceAccountKeysRequest_KeyType
int32
KeyType
filters to selectively retrieve certain varieties
of keys.
ListServiceAccountKeysRequest_KEY_TYPE_UNSPECIFIED, ListServiceAccountKeysRequest_USER_MANAGED, ListServiceAccountKeysRequest_SYSTEM_MANAGED
const
(
// Unspecified key type. The presence of this in the
// message will immediately result in an error.
ListServiceAccountKeysRequest_KEY_TYPE_UNSPECIFIED
ListServiceAccountKeysRequest_KeyType
=
0
// User-managed keys (managed and rotated by the user).
ListServiceAccountKeysRequest_USER_MANAGED
ListServiceAccountKeysRequest_KeyType
=
1
// System-managed keys (managed and rotated by Google).
ListServiceAccountKeysRequest_SYSTEM_MANAGED
ListServiceAccountKeysRequest_KeyType
=
2
)
func (ListServiceAccountKeysRequest_KeyType) Descriptor
func
(
ListServiceAccountKeysRequest_KeyType
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (ListServiceAccountKeysRequest_KeyType) Enum
func
(
x
ListServiceAccountKeysRequest_KeyType
)
Enum
()
*
ListServiceAccountKeysRequest_KeyType
func (ListServiceAccountKeysRequest_KeyType) EnumDescriptor
func
(
ListServiceAccountKeysRequest_KeyType
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListServiceAccountKeysRequest_KeyType.Descriptor instead.
func (ListServiceAccountKeysRequest_KeyType) Number
func
(
x
ListServiceAccountKeysRequest_KeyType
)
Number
()
protoreflect
.
EnumNumber
func (ListServiceAccountKeysRequest_KeyType) String
func
(
x
ListServiceAccountKeysRequest_KeyType
)
String
()
string
func (ListServiceAccountKeysRequest_KeyType) Type
func
(
ListServiceAccountKeysRequest_KeyType
)
Type
()
protoreflect
.
EnumType
ListServiceAccountKeysResponse
type
ListServiceAccountKeysResponse
struct
{
// The public keys for the service account.
Keys
[]
*
ServiceAccountKey
`protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
// contains filtered or unexported fields
}
The service account keys list response.
func (*ListServiceAccountKeysResponse) Descriptor
func
(
*
ListServiceAccountKeysResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListServiceAccountKeysResponse.ProtoReflect.Descriptor instead.
func (*ListServiceAccountKeysResponse) GetKeys
func
(
x
*
ListServiceAccountKeysResponse
)
GetKeys
()
[]
*
ServiceAccountKey
func (*ListServiceAccountKeysResponse) ProtoMessage
func
(
*
ListServiceAccountKeysResponse
)
ProtoMessage
()
func (*ListServiceAccountKeysResponse) ProtoReflect
func
(
x
*
ListServiceAccountKeysResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*ListServiceAccountKeysResponse) Reset
func
(
x
*
ListServiceAccountKeysResponse
)
Reset
()
func (*ListServiceAccountKeysResponse) String
func
(
x
*
ListServiceAccountKeysResponse
)
String
()
string
ListServiceAccountsRequest
type
ListServiceAccountsRequest
struct
{
// Required. The resource name of the project associated with the service
// accounts, such as `projects/my-project-123`.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional limit on the number of service accounts to include in the
// response. Further accounts can subsequently be obtained by including the
// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token]
// in a subsequent request.
//
// The default is 20, and the maximum is 100.
PageSize
int32
`protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier
// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token].
PageToken
string
`protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
The service account list request.
func (*ListServiceAccountsRequest) Descriptor
func
(
*
ListServiceAccountsRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListServiceAccountsRequest.ProtoReflect.Descriptor instead.
func (*ListServiceAccountsRequest) GetName
func
(
x
*
ListServiceAccountsRequest
)
GetName
()
string
func (*ListServiceAccountsRequest) GetPageSize
func
(
x
*
ListServiceAccountsRequest
)
GetPageSize
()
int32
func (*ListServiceAccountsRequest) GetPageToken
func
(
x
*
ListServiceAccountsRequest
)
GetPageToken
()
string
func (*ListServiceAccountsRequest) ProtoMessage
func
(
*
ListServiceAccountsRequest
)
ProtoMessage
()
func (*ListServiceAccountsRequest) ProtoReflect
func
(
x
*
ListServiceAccountsRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*ListServiceAccountsRequest) Reset
func
(
x
*
ListServiceAccountsRequest
)
Reset
()
func (*ListServiceAccountsRequest) String
func
(
x
*
ListServiceAccountsRequest
)
String
()
string
ListServiceAccountsResponse
type
ListServiceAccountsResponse
struct
{
// The list of matching service accounts.
Accounts
[]
*
ServiceAccount
`protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
// To retrieve the next page of results, set
// [ListServiceAccountsRequest.page_token][google.iam.admin.v1.ListServiceAccountsRequest.page_token]
// to this value.
NextPageToken
string
`protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The service account list response.
func (*ListServiceAccountsResponse) Descriptor
func
(
*
ListServiceAccountsResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ListServiceAccountsResponse.ProtoReflect.Descriptor instead.
func (*ListServiceAccountsResponse) GetAccounts
func
(
x
*
ListServiceAccountsResponse
)
GetAccounts
()
[]
*
ServiceAccount
func (*ListServiceAccountsResponse) GetNextPageToken
func
(
x
*
ListServiceAccountsResponse
)
GetNextPageToken
()
string
func (*ListServiceAccountsResponse) ProtoMessage
func
(
*
ListServiceAccountsResponse
)
ProtoMessage
()
func (*ListServiceAccountsResponse) ProtoReflect
func
(
x
*
ListServiceAccountsResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*ListServiceAccountsResponse) Reset
func
(
x
*
ListServiceAccountsResponse
)
Reset
()
func (*ListServiceAccountsResponse) String
func
(
x
*
ListServiceAccountsResponse
)
String
()
string
PatchServiceAccountRequest
type
PatchServiceAccountRequest
struct
{
ServiceAccount
*
ServiceAccount
`protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
UpdateMask
*
fieldmaskpb
.
FieldMask
`protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}
The service account patch request.
You can patch only the display_name
and description
fields. You must use
the update_mask
field to specify which of these fields you want to patch.
Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.
func (*PatchServiceAccountRequest) Descriptor
func
(
*
PatchServiceAccountRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use PatchServiceAccountRequest.ProtoReflect.Descriptor instead.
func (*PatchServiceAccountRequest) GetServiceAccount
func
(
x
*
PatchServiceAccountRequest
)
GetServiceAccount
()
*
ServiceAccount
func (*PatchServiceAccountRequest) GetUpdateMask
func
(
x
*
PatchServiceAccountRequest
)
GetUpdateMask
()
*
fieldmaskpb
.
FieldMask
func (*PatchServiceAccountRequest) ProtoMessage
func
(
*
PatchServiceAccountRequest
)
ProtoMessage
()
func (*PatchServiceAccountRequest) ProtoReflect
func
(
x
*
PatchServiceAccountRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*PatchServiceAccountRequest) Reset
func
(
x
*
PatchServiceAccountRequest
)
Reset
()
func (*PatchServiceAccountRequest) String
func
(
x
*
PatchServiceAccountRequest
)
String
()
string
Permission
type
Permission
struct
{
// The name of this Permission.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The title of this Permission.
Title
string
`protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
// A brief description of what this Permission is used for.
// This permission can ONLY be used in predefined roles.
Description
string
`protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
OnlyInPredefinedRoles
bool
`protobuf:"varint,4,opt,name=only_in_predefined_roles,json=onlyInPredefinedRoles,proto3" json:"only_in_predefined_roles,omitempty"`
// The current launch stage of the permission.
Stage
Permission_PermissionLaunchStage
`protobuf:"varint,5,opt,name=stage,proto3,enum=google.iam.admin.v1.Permission_PermissionLaunchStage" json:"stage,omitempty"`
// The current custom role support level.
CustomRolesSupportLevel
Permission_CustomRolesSupportLevel
`protobuf:"varint,6,opt,name=custom_roles_support_level,json=customRolesSupportLevel,proto3,enum=google.iam.admin.v1.Permission_CustomRolesSupportLevel" json:"custom_roles_support_level,omitempty"`
// The service API associated with the permission is not enabled.
ApiDisabled
bool
`protobuf:"varint,7,opt,name=api_disabled,json=apiDisabled,proto3" json:"api_disabled,omitempty"`
// The preferred name for this permission. If present, then this permission is
// an alias of, and equivalent to, the listed primary_permission.
PrimaryPermission
string
`protobuf:"bytes,8,opt,name=primary_permission,json=primaryPermission,proto3" json:"primary_permission,omitempty"`
// contains filtered or unexported fields
}
A permission which can be included by a role.
func (*Permission) Descriptor
func
(
*
Permission
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Permission.ProtoReflect.Descriptor instead.
func (*Permission) GetApiDisabled
func
(
x
*
Permission
)
GetApiDisabled
()
bool
func (*Permission) GetCustomRolesSupportLevel
func
(
x
*
Permission
)
GetCustomRolesSupportLevel
()
Permission_CustomRolesSupportLevel
func (*Permission) GetDescription
func
(
x
*
Permission
)
GetDescription
()
string
func (*Permission) GetName
func
(
x
*
Permission
)
GetName
()
string
func (*Permission) GetOnlyInPredefinedRoles
func
(
x
*
Permission
)
GetOnlyInPredefinedRoles
()
bool
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*Permission) GetPrimaryPermission
func
(
x
*
Permission
)
GetPrimaryPermission
()
string
func (*Permission) GetStage
func
(
x
*
Permission
)
GetStage
()
Permission_PermissionLaunchStage
func (*Permission) GetTitle
func
(
x
*
Permission
)
GetTitle
()
string
func (*Permission) ProtoMessage
func
(
*
Permission
)
ProtoMessage
()
func (*Permission) ProtoReflect
func
(
x
*
Permission
)
ProtoReflect
()
protoreflect
.
Message
func (*Permission) Reset
func
(
x
*
Permission
)
Reset
()
func (*Permission) String
func
(
x
*
Permission
)
String
()
string
Permission_CustomRolesSupportLevel
type
Permission_CustomRolesSupportLevel
int32
The state of the permission with regards to custom roles.
Permission_SUPPORTED, Permission_TESTING, Permission_NOT_SUPPORTED
const
(
// Default state. Permission is fully supported for custom role use.
Permission_SUPPORTED
Permission_CustomRolesSupportLevel
=
0
// Permission is being tested to check custom role compatibility.
Permission_TESTING
Permission_CustomRolesSupportLevel
=
1
// Permission is not supported for custom role use.
Permission_NOT_SUPPORTED
Permission_CustomRolesSupportLevel
=
2
)
func (Permission_CustomRolesSupportLevel) Descriptor
func
(
Permission_CustomRolesSupportLevel
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (Permission_CustomRolesSupportLevel) Enum
func
(
x
Permission_CustomRolesSupportLevel
)
Enum
()
*
Permission_CustomRolesSupportLevel
func (Permission_CustomRolesSupportLevel) EnumDescriptor
func
(
Permission_CustomRolesSupportLevel
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Permission_CustomRolesSupportLevel.Descriptor instead.
func (Permission_CustomRolesSupportLevel) Number
func
(
x
Permission_CustomRolesSupportLevel
)
Number
()
protoreflect
.
EnumNumber
func (Permission_CustomRolesSupportLevel) String
func
(
x
Permission_CustomRolesSupportLevel
)
String
()
string
func (Permission_CustomRolesSupportLevel) Type
func
(
Permission_CustomRolesSupportLevel
)
Type
()
protoreflect
.
EnumType
Permission_PermissionLaunchStage
type
Permission_PermissionLaunchStage
int32
A stage representing a permission's lifecycle phase.
Permission_ALPHA, Permission_BETA, Permission_GA, Permission_DEPRECATED
const
(
// The permission is currently in an alpha phase.
Permission_ALPHA
Permission_PermissionLaunchStage
=
0
// The permission is currently in a beta phase.
Permission_BETA
Permission_PermissionLaunchStage
=
1
// The permission is generally available.
Permission_GA
Permission_PermissionLaunchStage
=
2
// The permission is being deprecated.
Permission_DEPRECATED
Permission_PermissionLaunchStage
=
3
)
func (Permission_PermissionLaunchStage) Descriptor
func
(
Permission_PermissionLaunchStage
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (Permission_PermissionLaunchStage) Enum
func
(
x
Permission_PermissionLaunchStage
)
Enum
()
*
Permission_PermissionLaunchStage
func (Permission_PermissionLaunchStage) EnumDescriptor
func
(
Permission_PermissionLaunchStage
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Permission_PermissionLaunchStage.Descriptor instead.
func (Permission_PermissionLaunchStage) Number
func
(
x
Permission_PermissionLaunchStage
)
Number
()
protoreflect
.
EnumNumber
func (Permission_PermissionLaunchStage) String
func
(
x
Permission_PermissionLaunchStage
)
String
()
string
func (Permission_PermissionLaunchStage) Type
func
(
Permission_PermissionLaunchStage
)
Type
()
protoreflect
.
EnumType
QueryAuditableServicesRequest
type
QueryAuditableServicesRequest
struct
{
// Required. The full resource name to query from the list of auditable
// services.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName
string
`protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// contains filtered or unexported fields
}
A request to get the list of auditable services for a resource.
func (*QueryAuditableServicesRequest) Descriptor
func
(
*
QueryAuditableServicesRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use QueryAuditableServicesRequest.ProtoReflect.Descriptor instead.
func (*QueryAuditableServicesRequest) GetFullResourceName
func
(
x
*
QueryAuditableServicesRequest
)
GetFullResourceName
()
string
func (*QueryAuditableServicesRequest) ProtoMessage
func
(
*
QueryAuditableServicesRequest
)
ProtoMessage
()
func (*QueryAuditableServicesRequest) ProtoReflect
func
(
x
*
QueryAuditableServicesRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*QueryAuditableServicesRequest) Reset
func
(
x
*
QueryAuditableServicesRequest
)
Reset
()
func (*QueryAuditableServicesRequest) String
func
(
x
*
QueryAuditableServicesRequest
)
String
()
string
QueryAuditableServicesResponse
type
QueryAuditableServicesResponse
struct
{
// The auditable services for a resource.
Services
[]
*
QueryAuditableServicesResponse_AuditableService
`protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
// contains filtered or unexported fields
}
A response containing a list of auditable services for a resource.
func (*QueryAuditableServicesResponse) Descriptor
func
(
*
QueryAuditableServicesResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use QueryAuditableServicesResponse.ProtoReflect.Descriptor instead.
func (*QueryAuditableServicesResponse) GetServices
func
(
x
*
QueryAuditableServicesResponse
)
GetServices
()
[]
*
QueryAuditableServicesResponse_AuditableService
func (*QueryAuditableServicesResponse) ProtoMessage
func
(
*
QueryAuditableServicesResponse
)
ProtoMessage
()
func (*QueryAuditableServicesResponse) ProtoReflect
func
(
x
*
QueryAuditableServicesResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*QueryAuditableServicesResponse) Reset
func
(
x
*
QueryAuditableServicesResponse
)
Reset
()
func (*QueryAuditableServicesResponse) String
func
(
x
*
QueryAuditableServicesResponse
)
String
()
string
QueryAuditableServicesResponse_AuditableService
type
QueryAuditableServicesResponse_AuditableService
struct
{
// Public name of the service.
// For example, the service name for Cloud IAM is 'iam.googleapis.com'.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Contains information about an auditable service.
func (*QueryAuditableServicesResponse_AuditableService) Descriptor
func
(
*
QueryAuditableServicesResponse_AuditableService
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use QueryAuditableServicesResponse_AuditableService.ProtoReflect.Descriptor instead.
func (*QueryAuditableServicesResponse_AuditableService) GetName
func
(
x
*
QueryAuditableServicesResponse_AuditableService
)
GetName
()
string
func (*QueryAuditableServicesResponse_AuditableService) ProtoMessage
func
(
*
QueryAuditableServicesResponse_AuditableService
)
ProtoMessage
()
func (*QueryAuditableServicesResponse_AuditableService) ProtoReflect
func
(
x
*
QueryAuditableServicesResponse_AuditableService
)
ProtoReflect
()
protoreflect
.
Message
func (*QueryAuditableServicesResponse_AuditableService) Reset
func
(
x
*
QueryAuditableServicesResponse_AuditableService
)
Reset
()
func (*QueryAuditableServicesResponse_AuditableService) String
func
(
x
*
QueryAuditableServicesResponse_AuditableService
)
String
()
string
QueryGrantableRolesRequest
type
QueryGrantableRolesRequest
struct
{
// Required. The full resource name to query from the list of grantable roles.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName
string
`protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
View
RoleView
`protobuf:"varint,2,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
// Optional limit on the number of roles to include in the response.
//
// The default is 300, and the maximum is 1,000.
PageSize
int32
`protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier
// QueryGrantableRolesResponse.
PageToken
string
`protobuf:"bytes,4,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
The grantable role query request.
func (*QueryGrantableRolesRequest) Descriptor
func
(
*
QueryGrantableRolesRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use QueryGrantableRolesRequest.ProtoReflect.Descriptor instead.
func (*QueryGrantableRolesRequest) GetFullResourceName
func
(
x
*
QueryGrantableRolesRequest
)
GetFullResourceName
()
string
func (*QueryGrantableRolesRequest) GetPageSize
func
(
x
*
QueryGrantableRolesRequest
)
GetPageSize
()
int32
func (*QueryGrantableRolesRequest) GetPageToken
func
(
x
*
QueryGrantableRolesRequest
)
GetPageToken
()
string
func (*QueryGrantableRolesRequest) GetView
func
(
x
*
QueryGrantableRolesRequest
)
GetView
()
RoleView
func (*QueryGrantableRolesRequest) ProtoMessage
func
(
*
QueryGrantableRolesRequest
)
ProtoMessage
()
func (*QueryGrantableRolesRequest) ProtoReflect
func
(
x
*
QueryGrantableRolesRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*QueryGrantableRolesRequest) Reset
func
(
x
*
QueryGrantableRolesRequest
)
Reset
()
func (*QueryGrantableRolesRequest) String
func
(
x
*
QueryGrantableRolesRequest
)
String
()
string
QueryGrantableRolesResponse
type
QueryGrantableRolesResponse
struct
{
// The list of matching roles.
Roles
[]
*
Role
`protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
// To retrieve the next page of results, set
// `QueryGrantableRolesRequest.page_token` to this value.
NextPageToken
string
`protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The grantable role query response.
func (*QueryGrantableRolesResponse) Descriptor
func
(
*
QueryGrantableRolesResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use QueryGrantableRolesResponse.ProtoReflect.Descriptor instead.
func (*QueryGrantableRolesResponse) GetNextPageToken
func
(
x
*
QueryGrantableRolesResponse
)
GetNextPageToken
()
string
func (*QueryGrantableRolesResponse) GetRoles
func
(
x
*
QueryGrantableRolesResponse
)
GetRoles
()
[]
*
Role
func (*QueryGrantableRolesResponse) ProtoMessage
func
(
*
QueryGrantableRolesResponse
)
ProtoMessage
()
func (*QueryGrantableRolesResponse) ProtoReflect
func
(
x
*
QueryGrantableRolesResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*QueryGrantableRolesResponse) Reset
func
(
x
*
QueryGrantableRolesResponse
)
Reset
()
func (*QueryGrantableRolesResponse) String
func
(
x
*
QueryGrantableRolesResponse
)
String
()
string
QueryTestablePermissionsRequest
type
QueryTestablePermissionsRequest
struct
{
// Required. The full resource name to query from the list of testable
// permissions.
//
// The name follows the Google Cloud Platform resource format.
// For example, a Cloud Platform project with id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName
string
`protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
// Optional limit on the number of permissions to include in the response.
//
// The default is 100, and the maximum is 1,000.
PageSize
int32
`protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// Optional pagination token returned in an earlier
// QueryTestablePermissionsRequest.
PageToken
string
`protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
A request to get permissions which can be tested on a resource.
func (*QueryTestablePermissionsRequest) Descriptor
func
(
*
QueryTestablePermissionsRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use QueryTestablePermissionsRequest.ProtoReflect.Descriptor instead.
func (*QueryTestablePermissionsRequest) GetFullResourceName
func
(
x
*
QueryTestablePermissionsRequest
)
GetFullResourceName
()
string
func (*QueryTestablePermissionsRequest) GetPageSize
func
(
x
*
QueryTestablePermissionsRequest
)
GetPageSize
()
int32
func (*QueryTestablePermissionsRequest) GetPageToken
func
(
x
*
QueryTestablePermissionsRequest
)
GetPageToken
()
string
func (*QueryTestablePermissionsRequest) ProtoMessage
func
(
*
QueryTestablePermissionsRequest
)
ProtoMessage
()
func (*QueryTestablePermissionsRequest) ProtoReflect
func
(
x
*
QueryTestablePermissionsRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*QueryTestablePermissionsRequest) Reset
func
(
x
*
QueryTestablePermissionsRequest
)
Reset
()
func (*QueryTestablePermissionsRequest) String
func
(
x
*
QueryTestablePermissionsRequest
)
String
()
string
QueryTestablePermissionsResponse
type
QueryTestablePermissionsResponse
struct
{
// The Permissions testable on the requested resource.
Permissions
[]
*
Permission
`protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
// To retrieve the next page of results, set
// `QueryTestableRolesRequest.page_token` to this value.
NextPageToken
string
`protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
The response containing permissions which can be tested on a resource.
func (*QueryTestablePermissionsResponse) Descriptor
func
(
*
QueryTestablePermissionsResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use QueryTestablePermissionsResponse.ProtoReflect.Descriptor instead.
func (*QueryTestablePermissionsResponse) GetNextPageToken
func
(
x
*
QueryTestablePermissionsResponse
)
GetNextPageToken
()
string
func (*QueryTestablePermissionsResponse) GetPermissions
func
(
x
*
QueryTestablePermissionsResponse
)
GetPermissions
()
[]
*
Permission
func (*QueryTestablePermissionsResponse) ProtoMessage
func
(
*
QueryTestablePermissionsResponse
)
ProtoMessage
()
func (*QueryTestablePermissionsResponse) ProtoReflect
func
(
x
*
QueryTestablePermissionsResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*QueryTestablePermissionsResponse) Reset
func
(
x
*
QueryTestablePermissionsResponse
)
Reset
()
func (*QueryTestablePermissionsResponse) String
func
(
x
*
QueryTestablePermissionsResponse
)
String
()
string
Role
type
Role
struct
{
// The name of the role.
//
// When Role is used in CreateRole, the role name must not be set.
//
// When Role is used in output and other input such as UpdateRole, the role
// name is the complete path, e.g., roles/logging.viewer for predefined roles
// and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. A human-readable title for the role. Typically this
// is limited to 100 UTF-8 bytes.
Title
string
`protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
// Optional. A human-readable description for the role.
Description
string
`protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// The names of the permissions this role grants when bound in an IAM policy.
IncludedPermissions
[]
string
`protobuf:"bytes,7,rep,name=included_permissions,json=includedPermissions,proto3" json:"included_permissions,omitempty"`
// The current launch stage of the role. If the `ALPHA` launch stage has been
// selected for a role, the `stage` field will not be included in the
// returned definition for the role.
Stage
Role_RoleLaunchStage
`protobuf:"varint,8,opt,name=stage,proto3,enum=google.iam.admin.v1.Role_RoleLaunchStage" json:"stage,omitempty"`
// Used to perform a consistent read-modify-write.
Etag
[]
byte
`protobuf:"bytes,9,opt,name=etag,proto3" json:"etag,omitempty"`
// The current deleted state of the role. This field is read only.
// It will be ignored in calls to CreateRole and UpdateRole.
Deleted
bool
`protobuf:"varint,11,opt,name=deleted,proto3" json:"deleted,omitempty"`
// contains filtered or unexported fields
}
A role in the Identity and Access Management API.
func (*Role) Descriptor
Deprecated: Use Role.ProtoReflect.Descriptor instead.
func (*Role) GetDeleted
func (*Role) GetDescription
func (*Role) GetEtag
func (*Role) GetIncludedPermissions
func (*Role) GetName
func (*Role) GetStage
func
(
x
*
Role
)
GetStage
()
Role_RoleLaunchStage
func (*Role) GetTitle
func (*Role) ProtoMessage
func
(
*
Role
)
ProtoMessage
()
func (*Role) ProtoReflect
func
(
x
*
Role
)
ProtoReflect
()
protoreflect
.
Message
func (*Role) Reset
func
(
x
*
Role
)
Reset
()
func (*Role) String
RoleView
type
RoleView
int32
A view for Role objects.
RoleView_BASIC, RoleView_FULL
const
(
// Omits the `included_permissions` field.
// This is the default value.
RoleView_BASIC
RoleView
=
0
// Returns all fields.
RoleView_FULL
RoleView
=
1
)
func (RoleView) Descriptor
func
(
RoleView
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (RoleView) Enum
func (RoleView) EnumDescriptor
Deprecated: Use RoleView.Descriptor instead.
func (RoleView) Number
func
(
x
RoleView
)
Number
()
protoreflect
.
EnumNumber
func (RoleView) String
func (RoleView) Type
func
(
RoleView
)
Type
()
protoreflect
.
EnumType
Role_RoleLaunchStage
type
Role_RoleLaunchStage
int32
A stage representing a role's lifecycle phase.
Role_ALPHA, Role_BETA, Role_GA, Role_DEPRECATED, Role_DISABLED, Role_EAP
const
(
// The user has indicated this role is currently in an Alpha phase. If this
// launch stage is selected, the `stage` field will not be included when
// requesting the definition for a given role.
Role_ALPHA
Role_RoleLaunchStage
=
0
// The user has indicated this role is currently in a Beta phase.
Role_BETA
Role_RoleLaunchStage
=
1
// The user has indicated this role is generally available.
Role_GA
Role_RoleLaunchStage
=
2
// The user has indicated this role is being deprecated.
Role_DEPRECATED
Role_RoleLaunchStage
=
4
// This role is disabled and will not contribute permissions to any
// principals it is granted to in policies.
Role_DISABLED
Role_RoleLaunchStage
=
5
// The user has indicated this role is currently in an EAP phase.
Role_EAP
Role_RoleLaunchStage
=
6
)
func (Role_RoleLaunchStage) Descriptor
func
(
Role_RoleLaunchStage
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (Role_RoleLaunchStage) Enum
func
(
x
Role_RoleLaunchStage
)
Enum
()
*
Role_RoleLaunchStage
func (Role_RoleLaunchStage) EnumDescriptor
func
(
Role_RoleLaunchStage
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use Role_RoleLaunchStage.Descriptor instead.
func (Role_RoleLaunchStage) Number
func
(
x
Role_RoleLaunchStage
)
Number
()
protoreflect
.
EnumNumber
func (Role_RoleLaunchStage) String
func
(
x
Role_RoleLaunchStage
)
String
()
string
func (Role_RoleLaunchStage) Type
func
(
Role_RoleLaunchStage
)
Type
()
protoreflect
.
EnumType
ServiceAccount
type
ServiceAccount
struct
{
// The resource name of the service account.
//
// Use one of the following formats:
//
// * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}`
// * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`
//
// As an alternative, you can use the `-` wildcard character instead of the
// project ID:
//
// * `projects/-/serviceAccounts/{EMAIL_ADDRESS}`
// * `projects/-/serviceAccounts/{UNIQUE_ID}`
//
// When possible, avoid using the `-` wildcard character, because it can cause
// response messages to contain misleading error codes. For example, if you
// try to get the service account
// `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
// response contains an HTTP `403 Forbidden` error instead of a `404 Not
// Found` error.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Output only. The ID of the project that owns the service account.
ProjectId
string
`protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
// Output only. The unique, stable numeric ID for the service account.
//
// Each service account retains its unique ID even if you delete the service
// account. For example, if you delete a service account, then create a new
// service account with the same name, the new service account has a different
// unique ID than the deleted service account.
UniqueId
string
`protobuf:"bytes,4,opt,name=unique_id,json=uniqueId,proto3" json:"unique_id,omitempty"`
// Output only. The email address of the service account.
Email
string
`protobuf:"bytes,5,opt,name=email,proto3" json:"email,omitempty"`
// Optional. A user-specified, human-readable name for the service account. The maximum
// length is 100 UTF-8 bytes.
DisplayName
string
`protobuf:"bytes,6,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
// Deprecated. Do not use.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
Etag
[]
byte
`protobuf:"bytes,7,opt,name=etag,proto3" json:"etag,omitempty"`
// Optional. A user-specified, human-readable description of the service account. The
// maximum length is 256 UTF-8 bytes.
Description
string
`protobuf:"bytes,8,opt,name=description,proto3" json:"description,omitempty"`
// Output only. The OAuth 2.0 client ID for the service account.
Oauth2ClientId
string
`protobuf:"bytes,9,opt,name=oauth2_client_id,json=oauth2ClientId,proto3" json:"oauth2_client_id,omitempty"`
// Output only. Whether the service account is disabled.
Disabled
bool
`protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
// contains filtered or unexported fields
}
An IAM service account.
A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts .
When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.
func (*ServiceAccount) Descriptor
func
(
*
ServiceAccount
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ServiceAccount.ProtoReflect.Descriptor instead.
func (*ServiceAccount) GetDescription
func
(
x
*
ServiceAccount
)
GetDescription
()
string
func (*ServiceAccount) GetDisabled
func
(
x
*
ServiceAccount
)
GetDisabled
()
bool
func (*ServiceAccount) GetDisplayName
func
(
x
*
ServiceAccount
)
GetDisplayName
()
string
func (*ServiceAccount) GetEmail
func
(
x
*
ServiceAccount
)
GetEmail
()
string
func (*ServiceAccount) GetEtag
func
(
x
*
ServiceAccount
)
GetEtag
()
[]
byte
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*ServiceAccount) GetName
func
(
x
*
ServiceAccount
)
GetName
()
string
func (*ServiceAccount) GetOauth2ClientId
func
(
x
*
ServiceAccount
)
GetOauth2ClientId
()
string
func (*ServiceAccount) GetProjectId
func
(
x
*
ServiceAccount
)
GetProjectId
()
string
func (*ServiceAccount) GetUniqueId
func
(
x
*
ServiceAccount
)
GetUniqueId
()
string
func (*ServiceAccount) ProtoMessage
func
(
*
ServiceAccount
)
ProtoMessage
()
func (*ServiceAccount) ProtoReflect
func
(
x
*
ServiceAccount
)
ProtoReflect
()
protoreflect
.
Message
func (*ServiceAccount) Reset
func
(
x
*
ServiceAccount
)
Reset
()
func (*ServiceAccount) String
func
(
x
*
ServiceAccount
)
String
()
string
ServiceAccountKey
type
ServiceAccountKey
struct
{
// The resource name of the service account key in the following format
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The output format for the private key.
// Only provided in `CreateServiceAccountKey` responses, not
// in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
//
// Google never exposes system-managed private keys, and never retains
// user-managed private keys.
PrivateKeyType
ServiceAccountPrivateKeyType
`protobuf:"varint,2,opt,name=private_key_type,json=privateKeyType,proto3,enum=google.iam.admin.v1.ServiceAccountPrivateKeyType" json:"private_key_type,omitempty"`
// Specifies the algorithm (and possibly key size) for the key.
KeyAlgorithm
ServiceAccountKeyAlgorithm
`protobuf:"varint,8,opt,name=key_algorithm,json=keyAlgorithm,proto3,enum=google.iam.admin.v1.ServiceAccountKeyAlgorithm" json:"key_algorithm,omitempty"`
// The private key data. Only provided in `CreateServiceAccountKey`
// responses. Make sure to keep the private key data secure because it
// allows for the assertion of the service account identity.
// When base64 decoded, the private key data can be used to authenticate with
// Google API client libraries and with
// gcloud
// auth activate-service-account.
PrivateKeyData
[]
byte
`protobuf:"bytes,3,opt,name=private_key_data,json=privateKeyData,proto3" json:"private_key_data,omitempty"`
// The public key data. Only provided in `GetServiceAccountKey` responses.
PublicKeyData
[]
byte
`protobuf:"bytes,7,opt,name=public_key_data,json=publicKeyData,proto3" json:"public_key_data,omitempty"`
// The key can be used after this timestamp.
ValidAfterTime
*
timestamppb
.
Timestamp
`protobuf:"bytes,4,opt,name=valid_after_time,json=validAfterTime,proto3" json:"valid_after_time,omitempty"`
// The key can be used before this timestamp.
// For system-managed key pairs, this timestamp is the end time for the
// private key signing operation. The public key could still be used
// for verification for a few hours after this time.
ValidBeforeTime
*
timestamppb
.
Timestamp
`protobuf:"bytes,5,opt,name=valid_before_time,json=validBeforeTime,proto3" json:"valid_before_time,omitempty"`
// The key origin.
KeyOrigin
ServiceAccountKeyOrigin
`protobuf:"varint,9,opt,name=key_origin,json=keyOrigin,proto3,enum=google.iam.admin.v1.ServiceAccountKeyOrigin" json:"key_origin,omitempty"`
// The key type.
KeyType
ListServiceAccountKeysRequest_KeyType
`protobuf:"varint,10,opt,name=key_type,json=keyType,proto3,enum=google.iam.admin.v1.ListServiceAccountKeysRequest_KeyType" json:"key_type,omitempty"`
// The key status.
Disabled
bool
`protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
// contains filtered or unexported fields
}
Represents a service account key.
A service account has two sets of key-pairs: user-managed, and system-managed.
User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.
System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.
If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.
Public keys for all service accounts are also published at the OAuth2 Service Account API.
func (*ServiceAccountKey) Descriptor
func
(
*
ServiceAccountKey
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ServiceAccountKey.ProtoReflect.Descriptor instead.
func (*ServiceAccountKey) GetDisabled
func
(
x
*
ServiceAccountKey
)
GetDisabled
()
bool
func (*ServiceAccountKey) GetKeyAlgorithm
func
(
x
*
ServiceAccountKey
)
GetKeyAlgorithm
()
ServiceAccountKeyAlgorithm
func (*ServiceAccountKey) GetKeyOrigin
func
(
x
*
ServiceAccountKey
)
GetKeyOrigin
()
ServiceAccountKeyOrigin
func (*ServiceAccountKey) GetKeyType
func
(
x
*
ServiceAccountKey
)
GetKeyType
()
ListServiceAccountKeysRequest_KeyType
func (*ServiceAccountKey) GetName
func
(
x
*
ServiceAccountKey
)
GetName
()
string
func (*ServiceAccountKey) GetPrivateKeyData
func
(
x
*
ServiceAccountKey
)
GetPrivateKeyData
()
[]
byte
func (*ServiceAccountKey) GetPrivateKeyType
func
(
x
*
ServiceAccountKey
)
GetPrivateKeyType
()
ServiceAccountPrivateKeyType
func (*ServiceAccountKey) GetPublicKeyData
func
(
x
*
ServiceAccountKey
)
GetPublicKeyData
()
[]
byte
func (*ServiceAccountKey) GetValidAfterTime
func
(
x
*
ServiceAccountKey
)
GetValidAfterTime
()
*
timestamppb
.
Timestamp
func (*ServiceAccountKey) GetValidBeforeTime
func
(
x
*
ServiceAccountKey
)
GetValidBeforeTime
()
*
timestamppb
.
Timestamp
func (*ServiceAccountKey) ProtoMessage
func
(
*
ServiceAccountKey
)
ProtoMessage
()
func (*ServiceAccountKey) ProtoReflect
func
(
x
*
ServiceAccountKey
)
ProtoReflect
()
protoreflect
.
Message
func (*ServiceAccountKey) Reset
func
(
x
*
ServiceAccountKey
)
Reset
()
func (*ServiceAccountKey) String
func
(
x
*
ServiceAccountKey
)
String
()
string
ServiceAccountKeyAlgorithm
type
ServiceAccountKeyAlgorithm
int32
Supported key algorithms.
ServiceAccountKeyAlgorithm_KEY_ALG_UNSPECIFIED, ServiceAccountKeyAlgorithm_KEY_ALG_RSA_1024, ServiceAccountKeyAlgorithm_KEY_ALG_RSA_2048
const
(
// An unspecified key algorithm.
ServiceAccountKeyAlgorithm_KEY_ALG_UNSPECIFIED
ServiceAccountKeyAlgorithm
=
0
// 1k RSA Key.
ServiceAccountKeyAlgorithm_KEY_ALG_RSA_1024
ServiceAccountKeyAlgorithm
=
1
// 2k RSA Key.
ServiceAccountKeyAlgorithm_KEY_ALG_RSA_2048
ServiceAccountKeyAlgorithm
=
2
)
func (ServiceAccountKeyAlgorithm) Descriptor
func
(
ServiceAccountKeyAlgorithm
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (ServiceAccountKeyAlgorithm) Enum
func
(
x
ServiceAccountKeyAlgorithm
)
Enum
()
*
ServiceAccountKeyAlgorithm
func (ServiceAccountKeyAlgorithm) EnumDescriptor
func
(
ServiceAccountKeyAlgorithm
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ServiceAccountKeyAlgorithm.Descriptor instead.
func (ServiceAccountKeyAlgorithm) Number
func
(
x
ServiceAccountKeyAlgorithm
)
Number
()
protoreflect
.
EnumNumber
func (ServiceAccountKeyAlgorithm) String
func
(
x
ServiceAccountKeyAlgorithm
)
String
()
string
func (ServiceAccountKeyAlgorithm) Type
func
(
ServiceAccountKeyAlgorithm
)
Type
()
protoreflect
.
EnumType
ServiceAccountKeyOrigin
type
ServiceAccountKeyOrigin
int32
Service Account Key Origin.
ServiceAccountKeyOrigin_ORIGIN_UNSPECIFIED, ServiceAccountKeyOrigin_USER_PROVIDED, ServiceAccountKeyOrigin_GOOGLE_PROVIDED
const
(
// Unspecified key origin.
ServiceAccountKeyOrigin_ORIGIN_UNSPECIFIED
ServiceAccountKeyOrigin
=
0
// Key is provided by user.
ServiceAccountKeyOrigin_USER_PROVIDED
ServiceAccountKeyOrigin
=
1
// Key is provided by Google.
ServiceAccountKeyOrigin_GOOGLE_PROVIDED
ServiceAccountKeyOrigin
=
2
)
func (ServiceAccountKeyOrigin) Descriptor
func
(
ServiceAccountKeyOrigin
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (ServiceAccountKeyOrigin) Enum
func
(
x
ServiceAccountKeyOrigin
)
Enum
()
*
ServiceAccountKeyOrigin
func (ServiceAccountKeyOrigin) EnumDescriptor
func
(
ServiceAccountKeyOrigin
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ServiceAccountKeyOrigin.Descriptor instead.
func (ServiceAccountKeyOrigin) Number
func
(
x
ServiceAccountKeyOrigin
)
Number
()
protoreflect
.
EnumNumber
func (ServiceAccountKeyOrigin) String
func
(
x
ServiceAccountKeyOrigin
)
String
()
string
func (ServiceAccountKeyOrigin) Type
func
(
ServiceAccountKeyOrigin
)
Type
()
protoreflect
.
EnumType
ServiceAccountPrivateKeyType
type
ServiceAccountPrivateKeyType
int32
Supported private key output formats.
ServiceAccountPrivateKeyType_TYPE_UNSPECIFIED, ServiceAccountPrivateKeyType_TYPE_PKCS12_FILE, ServiceAccountPrivateKeyType_TYPE_GOOGLE_CREDENTIALS_FILE
const
(
// Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.
ServiceAccountPrivateKeyType_TYPE_UNSPECIFIED
ServiceAccountPrivateKeyType
=
0
// PKCS12 format.
// The password for the PKCS12 file is `notasecret`.
// For more information, see https://tools.ietf.org/html/rfc7292.
ServiceAccountPrivateKeyType_TYPE_PKCS12_FILE
ServiceAccountPrivateKeyType
=
1
// Google Credentials File format.
ServiceAccountPrivateKeyType_TYPE_GOOGLE_CREDENTIALS_FILE
ServiceAccountPrivateKeyType
=
2
)
func (ServiceAccountPrivateKeyType) Descriptor
func
(
ServiceAccountPrivateKeyType
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (ServiceAccountPrivateKeyType) Enum
func
(
x
ServiceAccountPrivateKeyType
)
Enum
()
*
ServiceAccountPrivateKeyType
func (ServiceAccountPrivateKeyType) EnumDescriptor
func
(
ServiceAccountPrivateKeyType
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ServiceAccountPrivateKeyType.Descriptor instead.
func (ServiceAccountPrivateKeyType) Number
func
(
x
ServiceAccountPrivateKeyType
)
Number
()
protoreflect
.
EnumNumber
func (ServiceAccountPrivateKeyType) String
func
(
x
ServiceAccountPrivateKeyType
)
String
()
string
func (ServiceAccountPrivateKeyType) Type
func
(
ServiceAccountPrivateKeyType
)
Type
()
protoreflect
.
EnumType
ServiceAccountPublicKeyType
type
ServiceAccountPublicKeyType
int32
Supported public key output formats.
ServiceAccountPublicKeyType_TYPE_NONE, ServiceAccountPublicKeyType_TYPE_X509_PEM_FILE, ServiceAccountPublicKeyType_TYPE_RAW_PUBLIC_KEY
const
(
// Do not return the public key.
ServiceAccountPublicKeyType_TYPE_NONE
ServiceAccountPublicKeyType
=
0
// X509 PEM format.
ServiceAccountPublicKeyType_TYPE_X509_PEM_FILE
ServiceAccountPublicKeyType
=
1
// Raw public key.
ServiceAccountPublicKeyType_TYPE_RAW_PUBLIC_KEY
ServiceAccountPublicKeyType
=
2
)
func (ServiceAccountPublicKeyType) Descriptor
func
(
ServiceAccountPublicKeyType
)
Descriptor
()
protoreflect
.
EnumDescriptor
func (ServiceAccountPublicKeyType) Enum
func
(
x
ServiceAccountPublicKeyType
)
Enum
()
*
ServiceAccountPublicKeyType
func (ServiceAccountPublicKeyType) EnumDescriptor
func
(
ServiceAccountPublicKeyType
)
EnumDescriptor
()
([]
byte
,
[]
int
)
Deprecated: Use ServiceAccountPublicKeyType.Descriptor instead.
func (ServiceAccountPublicKeyType) Number
func
(
x
ServiceAccountPublicKeyType
)
Number
()
protoreflect
.
EnumNumber
func (ServiceAccountPublicKeyType) String
func
(
x
ServiceAccountPublicKeyType
)
String
()
string
func (ServiceAccountPublicKeyType) Type
func
(
ServiceAccountPublicKeyType
)
Type
()
protoreflect
.
EnumType
SignBlobRequest
type
SignBlobRequest
struct
{
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The bytes to sign.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
BytesToSign
[]
byte
`protobuf:"bytes,2,opt,name=bytes_to_sign,json=bytesToSign,proto3" json:"bytes_to_sign,omitempty"`
// contains filtered or unexported fields
}
Deprecated. Migrate to Service Account Credentials API .
The service account sign blob request.
func (*SignBlobRequest) Descriptor
func
(
*
SignBlobRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use SignBlobRequest.ProtoReflect.Descriptor instead.
func (*SignBlobRequest) GetBytesToSign
func
(
x
*
SignBlobRequest
)
GetBytesToSign
()
[]
byte
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignBlobRequest) GetName
func
(
x
*
SignBlobRequest
)
GetName
()
string
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignBlobRequest) ProtoMessage
func
(
*
SignBlobRequest
)
ProtoMessage
()
func (*SignBlobRequest) ProtoReflect
func
(
x
*
SignBlobRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*SignBlobRequest) Reset
func
(
x
*
SignBlobRequest
)
Reset
()
func (*SignBlobRequest) String
func
(
x
*
SignBlobRequest
)
String
()
string
SignBlobResponse
type
SignBlobResponse
struct
{
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The id of the key used to sign the blob.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
KeyId
string
`protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The signed blob.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
Signature
[]
byte
`protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
// contains filtered or unexported fields
}
Deprecated. Migrate to Service Account Credentials API .
The service account sign blob response.
func (*SignBlobResponse) Descriptor
func
(
*
SignBlobResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use SignBlobResponse.ProtoReflect.Descriptor instead.
func (*SignBlobResponse) GetKeyId
func
(
x
*
SignBlobResponse
)
GetKeyId
()
string
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignBlobResponse) GetSignature
func
(
x
*
SignBlobResponse
)
GetSignature
()
[]
byte
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignBlobResponse) ProtoMessage
func
(
*
SignBlobResponse
)
ProtoMessage
()
func (*SignBlobResponse) ProtoReflect
func
(
x
*
SignBlobResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*SignBlobResponse) Reset
func
(
x
*
SignBlobResponse
)
Reset
()
func (*SignBlobResponse) String
func
(
x
*
SignBlobResponse
)
String
()
string
SignJwtRequest
type
SignJwtRequest
struct
{
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The JWT payload to sign. Must be a serialized JSON object that contains a
// JWT Claims Set. For example: `{"sub": "user@example.com", "iat": 313435}`
//
// If the JWT Claims Set contains an expiration time (`exp`) claim, it must be
// an integer timestamp that is not in the past and no more than 12 hours in
// the future.
//
// If the JWT Claims Set does not contain an expiration time (`exp`) claim,
// this claim is added automatically, with a timestamp that is 1 hour in the
// future.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
Payload
string
`protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
// contains filtered or unexported fields
}
Deprecated. Migrate to Service Account Credentials API .
The service account sign JWT request.
func (*SignJwtRequest) Descriptor
func
(
*
SignJwtRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use SignJwtRequest.ProtoReflect.Descriptor instead.
func (*SignJwtRequest) GetName
func
(
x
*
SignJwtRequest
)
GetName
()
string
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignJwtRequest) GetPayload
func
(
x
*
SignJwtRequest
)
GetPayload
()
string
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignJwtRequest) ProtoMessage
func
(
*
SignJwtRequest
)
ProtoMessage
()
func (*SignJwtRequest) ProtoReflect
func
(
x
*
SignJwtRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*SignJwtRequest) Reset
func
(
x
*
SignJwtRequest
)
Reset
()
func (*SignJwtRequest) String
func
(
x
*
SignJwtRequest
)
String
()
string
SignJwtResponse
type
SignJwtResponse
struct
{
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The id of the key used to sign the JWT.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
KeyId
string
`protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api).
//
// The signed JWT.
//
// Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
SignedJwt
string
`protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"`
// contains filtered or unexported fields
}
Deprecated. Migrate to Service Account Credentials API .
The service account sign JWT response.
func (*SignJwtResponse) Descriptor
func
(
*
SignJwtResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use SignJwtResponse.ProtoReflect.Descriptor instead.
func (*SignJwtResponse) GetKeyId
func
(
x
*
SignJwtResponse
)
GetKeyId
()
string
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignJwtResponse) GetSignedJwt
func
(
x
*
SignJwtResponse
)
GetSignedJwt
()
string
Deprecated: Marked as deprecated in google/iam/admin/v1/iam.proto.
func (*SignJwtResponse) ProtoMessage
func
(
*
SignJwtResponse
)
ProtoMessage
()
func (*SignJwtResponse) ProtoReflect
func
(
x
*
SignJwtResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*SignJwtResponse) Reset
func
(
x
*
SignJwtResponse
)
Reset
()
func (*SignJwtResponse) String
func
(
x
*
SignJwtResponse
)
String
()
string
UndeleteRoleRequest
type
UndeleteRoleRequest
struct
{
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`projects.roles.undelete()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/undelete):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes
// only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.undelete()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/undelete):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// undeletes only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Used to perform a consistent read-modify-write.
Etag
[]
byte
`protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
// contains filtered or unexported fields
}
The request to undelete an existing role.
func (*UndeleteRoleRequest) Descriptor
func
(
*
UndeleteRoleRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use UndeleteRoleRequest.ProtoReflect.Descriptor instead.
func (*UndeleteRoleRequest) GetEtag
func
(
x
*
UndeleteRoleRequest
)
GetEtag
()
[]
byte
func (*UndeleteRoleRequest) GetName
func
(
x
*
UndeleteRoleRequest
)
GetName
()
string
func (*UndeleteRoleRequest) ProtoMessage
func
(
*
UndeleteRoleRequest
)
ProtoMessage
()
func (*UndeleteRoleRequest) ProtoReflect
func
(
x
*
UndeleteRoleRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*UndeleteRoleRequest) Reset
func
(
x
*
UndeleteRoleRequest
)
Reset
()
func (*UndeleteRoleRequest) String
func
(
x
*
UndeleteRoleRequest
)
String
()
string
UndeleteServiceAccountRequest
type
UndeleteServiceAccountRequest
struct
{
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
The service account undelete request.
func (*UndeleteServiceAccountRequest) Descriptor
func
(
*
UndeleteServiceAccountRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use UndeleteServiceAccountRequest.ProtoReflect.Descriptor instead.
func (*UndeleteServiceAccountRequest) GetName
func
(
x
*
UndeleteServiceAccountRequest
)
GetName
()
string
func (*UndeleteServiceAccountRequest) ProtoMessage
func
(
*
UndeleteServiceAccountRequest
)
ProtoMessage
()
func (*UndeleteServiceAccountRequest) ProtoReflect
func
(
x
*
UndeleteServiceAccountRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*UndeleteServiceAccountRequest) Reset
func
(
x
*
UndeleteServiceAccountRequest
)
Reset
()
func (*UndeleteServiceAccountRequest) String
func
(
x
*
UndeleteServiceAccountRequest
)
String
()
string
UndeleteServiceAccountResponse
type
UndeleteServiceAccountResponse
struct
{
// Metadata for the restored service account.
RestoredAccount
*
ServiceAccount
`protobuf:"bytes,1,opt,name=restored_account,json=restoredAccount,proto3" json:"restored_account,omitempty"`
// contains filtered or unexported fields
}
func (*UndeleteServiceAccountResponse) Descriptor
func
(
*
UndeleteServiceAccountResponse
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use UndeleteServiceAccountResponse.ProtoReflect.Descriptor instead.
func (*UndeleteServiceAccountResponse) GetRestoredAccount
func
(
x
*
UndeleteServiceAccountResponse
)
GetRestoredAccount
()
*
ServiceAccount
func (*UndeleteServiceAccountResponse) ProtoMessage
func
(
*
UndeleteServiceAccountResponse
)
ProtoMessage
()
func (*UndeleteServiceAccountResponse) ProtoReflect
func
(
x
*
UndeleteServiceAccountResponse
)
ProtoReflect
()
protoreflect
.
Message
func (*UndeleteServiceAccountResponse) Reset
func
(
x
*
UndeleteServiceAccountResponse
)
Reset
()
func (*UndeleteServiceAccountResponse) String
func
(
x
*
UndeleteServiceAccountResponse
)
String
()
string
UnimplementedIAMServer
type
UnimplementedIAMServer
struct
{
}
UnimplementedIAMServer can be embedded to have forward compatible implementations.
func (*UnimplementedIAMServer) CreateRole
func
(
*
UnimplementedIAMServer
)
CreateRole
(
context
.
Context
,
*
CreateRoleRequest
)
(
*
Role
,
error
)
func (*UnimplementedIAMServer) CreateServiceAccount
func
(
*
UnimplementedIAMServer
)
CreateServiceAccount
(
context
.
Context
,
*
CreateServiceAccountRequest
)
(
*
ServiceAccount
,
error
)
func (*UnimplementedIAMServer) CreateServiceAccountKey
func
(
*
UnimplementedIAMServer
)
CreateServiceAccountKey
(
context
.
Context
,
*
CreateServiceAccountKeyRequest
)
(
*
ServiceAccountKey
,
error
)
func (*UnimplementedIAMServer) DeleteRole
func
(
*
UnimplementedIAMServer
)
DeleteRole
(
context
.
Context
,
*
DeleteRoleRequest
)
(
*
Role
,
error
)
func (*UnimplementedIAMServer) DeleteServiceAccount
func
(
*
UnimplementedIAMServer
)
DeleteServiceAccount
(
context
.
Context
,
*
DeleteServiceAccountRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedIAMServer) DeleteServiceAccountKey
func
(
*
UnimplementedIAMServer
)
DeleteServiceAccountKey
(
context
.
Context
,
*
DeleteServiceAccountKeyRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedIAMServer) DisableServiceAccount
func
(
*
UnimplementedIAMServer
)
DisableServiceAccount
(
context
.
Context
,
*
DisableServiceAccountRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedIAMServer) DisableServiceAccountKey
func
(
*
UnimplementedIAMServer
)
DisableServiceAccountKey
(
context
.
Context
,
*
DisableServiceAccountKeyRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedIAMServer) EnableServiceAccount
func
(
*
UnimplementedIAMServer
)
EnableServiceAccount
(
context
.
Context
,
*
EnableServiceAccountRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedIAMServer) EnableServiceAccountKey
func
(
*
UnimplementedIAMServer
)
EnableServiceAccountKey
(
context
.
Context
,
*
EnableServiceAccountKeyRequest
)
(
*
emptypb
.
Empty
,
error
)
func (*UnimplementedIAMServer) GetIamPolicy
func
(
*
UnimplementedIAMServer
)
GetIamPolicy
(
context
.
Context
,
*
iampb
.
GetIamPolicyRequest
)
(
*
iampb
.
Policy
,
error
)
func (*UnimplementedIAMServer) GetRole
func
(
*
UnimplementedIAMServer
)
GetRole
(
context
.
Context
,
*
GetRoleRequest
)
(
*
Role
,
error
)
func (*UnimplementedIAMServer) GetServiceAccount
func
(
*
UnimplementedIAMServer
)
GetServiceAccount
(
context
.
Context
,
*
GetServiceAccountRequest
)
(
*
ServiceAccount
,
error
)
func (*UnimplementedIAMServer) GetServiceAccountKey
func
(
*
UnimplementedIAMServer
)
GetServiceAccountKey
(
context
.
Context
,
*
GetServiceAccountKeyRequest
)
(
*
ServiceAccountKey
,
error
)
func (*UnimplementedIAMServer) LintPolicy
func
(
*
UnimplementedIAMServer
)
LintPolicy
(
context
.
Context
,
*
LintPolicyRequest
)
(
*
LintPolicyResponse
,
error
)
func (*UnimplementedIAMServer) ListRoles
func
(
*
UnimplementedIAMServer
)
ListRoles
(
context
.
Context
,
*
ListRolesRequest
)
(
*
ListRolesResponse
,
error
)
func (*UnimplementedIAMServer) ListServiceAccountKeys
func
(
*
UnimplementedIAMServer
)
ListServiceAccountKeys
(
context
.
Context
,
*
ListServiceAccountKeysRequest
)
(
*
ListServiceAccountKeysResponse
,
error
)
func (*UnimplementedIAMServer) ListServiceAccounts
func
(
*
UnimplementedIAMServer
)
ListServiceAccounts
(
context
.
Context
,
*
ListServiceAccountsRequest
)
(
*
ListServiceAccountsResponse
,
error
)
func (*UnimplementedIAMServer) PatchServiceAccount
func
(
*
UnimplementedIAMServer
)
PatchServiceAccount
(
context
.
Context
,
*
PatchServiceAccountRequest
)
(
*
ServiceAccount
,
error
)
func (*UnimplementedIAMServer) QueryAuditableServices
func
(
*
UnimplementedIAMServer
)
QueryAuditableServices
(
context
.
Context
,
*
QueryAuditableServicesRequest
)
(
*
QueryAuditableServicesResponse
,
error
)
func (*UnimplementedIAMServer) QueryGrantableRoles
func
(
*
UnimplementedIAMServer
)
QueryGrantableRoles
(
context
.
Context
,
*
QueryGrantableRolesRequest
)
(
*
QueryGrantableRolesResponse
,
error
)
func (*UnimplementedIAMServer) QueryTestablePermissions
func
(
*
UnimplementedIAMServer
)
QueryTestablePermissions
(
context
.
Context
,
*
QueryTestablePermissionsRequest
)
(
*
QueryTestablePermissionsResponse
,
error
)
func (*UnimplementedIAMServer) SetIamPolicy
func
(
*
UnimplementedIAMServer
)
SetIamPolicy
(
context
.
Context
,
*
iampb
.
SetIamPolicyRequest
)
(
*
iampb
.
Policy
,
error
)
func (*UnimplementedIAMServer) SignBlob
func
(
*
UnimplementedIAMServer
)
SignBlob
(
context
.
Context
,
*
SignBlobRequest
)
(
*
SignBlobResponse
,
error
)
func (*UnimplementedIAMServer) SignJwt
func
(
*
UnimplementedIAMServer
)
SignJwt
(
context
.
Context
,
*
SignJwtRequest
)
(
*
SignJwtResponse
,
error
)
func (*UnimplementedIAMServer) TestIamPermissions
func
(
*
UnimplementedIAMServer
)
TestIamPermissions
(
context
.
Context
,
*
iampb
.
TestIamPermissionsRequest
)
(
*
iampb
.
TestIamPermissionsResponse
,
error
)
func (*UnimplementedIAMServer) UndeleteRole
func
(
*
UnimplementedIAMServer
)
UndeleteRole
(
context
.
Context
,
*
UndeleteRoleRequest
)
(
*
Role
,
error
)
func (*UnimplementedIAMServer) UndeleteServiceAccount
func
(
*
UnimplementedIAMServer
)
UndeleteServiceAccount
(
context
.
Context
,
*
UndeleteServiceAccountRequest
)
(
*
UndeleteServiceAccountResponse
,
error
)
func (*UnimplementedIAMServer) UpdateRole
func
(
*
UnimplementedIAMServer
)
UpdateRole
(
context
.
Context
,
*
UpdateRoleRequest
)
(
*
Role
,
error
)
func (*UnimplementedIAMServer) UpdateServiceAccount
func
(
*
UnimplementedIAMServer
)
UpdateServiceAccount
(
context
.
Context
,
*
ServiceAccount
)
(
*
ServiceAccount
,
error
)
func (*UnimplementedIAMServer) UploadServiceAccountKey
func
(
*
UnimplementedIAMServer
)
UploadServiceAccountKey
(
context
.
Context
,
*
UploadServiceAccountKeyRequest
)
(
*
ServiceAccountKey
,
error
)
UpdateRoleRequest
type
UpdateRoleRequest
struct
{
// The `name` parameter's value depends on the target resource for the
// request, namely
// [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles)
// or
// [`organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
// Each resource type's `name` value format is described below:
//
// - [`projects.roles.patch()`](https://cloud.google.com/iam/reference/rest/v1/projects.roles/patch):
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only
// [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the project level. Example request URL:
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
//
// - [`organizations.roles.patch()`](https://cloud.google.com/iam/reference/rest/v1/organizations.roles/patch):
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
// updates only [custom
// roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that
// have been created at the organization level. Example request URL:
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
//
// Note: Wildcard (*) values are invalid; you must specify a complete project
// ID or organization ID.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The updated role.
Role
*
Role
`protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
// A mask describing which fields in the Role have changed.
UpdateMask
*
fieldmaskpb
.
FieldMask
`protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
// contains filtered or unexported fields
}
The request to update a role.
func (*UpdateRoleRequest) Descriptor
func
(
*
UpdateRoleRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use UpdateRoleRequest.ProtoReflect.Descriptor instead.
func (*UpdateRoleRequest) GetName
func
(
x
*
UpdateRoleRequest
)
GetName
()
string
func (*UpdateRoleRequest) GetRole
func
(
x
*
UpdateRoleRequest
)
GetRole
()
*
Role
func (*UpdateRoleRequest) GetUpdateMask
func
(
x
*
UpdateRoleRequest
)
GetUpdateMask
()
*
fieldmaskpb
.
FieldMask
func (*UpdateRoleRequest) ProtoMessage
func
(
*
UpdateRoleRequest
)
ProtoMessage
()
func (*UpdateRoleRequest) ProtoReflect
func
(
x
*
UpdateRoleRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*UpdateRoleRequest) Reset
func
(
x
*
UpdateRoleRequest
)
Reset
()
func (*UpdateRoleRequest) String
func
(
x
*
UpdateRoleRequest
)
String
()
string
UploadServiceAccountKeyRequest
type
UploadServiceAccountKeyRequest
struct
{
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
Name
string
`protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The public key to associate with the service account. Must be an RSA public
// key that is wrapped in an X.509 v3 certificate. Include the first line,
// `-----BEGIN CERTIFICATE-----`, and the last line,
// `-----END CERTIFICATE-----`.
PublicKeyData
[]
byte
`protobuf:"bytes,2,opt,name=public_key_data,json=publicKeyData,proto3" json:"public_key_data,omitempty"`
// contains filtered or unexported fields
}
The service account key upload request.
func (*UploadServiceAccountKeyRequest) Descriptor
func
(
*
UploadServiceAccountKeyRequest
)
Descriptor
()
([]
byte
,
[]
int
)
Deprecated: Use UploadServiceAccountKeyRequest.ProtoReflect.Descriptor instead.
func (*UploadServiceAccountKeyRequest) GetName
func
(
x
*
UploadServiceAccountKeyRequest
)
GetName
()
string
func (*UploadServiceAccountKeyRequest) GetPublicKeyData
func
(
x
*
UploadServiceAccountKeyRequest
)
GetPublicKeyData
()
[]
byte
func (*UploadServiceAccountKeyRequest) ProtoMessage
func
(
*
UploadServiceAccountKeyRequest
)
ProtoMessage
()
func (*UploadServiceAccountKeyRequest) ProtoReflect
func
(
x
*
UploadServiceAccountKeyRequest
)
ProtoReflect
()
protoreflect
.
Message
func (*UploadServiceAccountKeyRequest) Reset
func
(
x
*
UploadServiceAccountKeyRequest
)
Reset
()
func (*UploadServiceAccountKeyRequest) String
func
(
x
*
UploadServiceAccountKeyRequest
)
String
()
string
