blob: e63522ff0aa4772484710f3291163bb23f1ef3ad [file] [log] [blame]
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070075<h1><a href="iam_v1.html">Identity and Access Management (IAM) API</a> . <a href="iam_v1.projects.html">projects</a> . <a href="iam_v1.projects.serviceAccounts.html">serviceAccounts</a></h1>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080076<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="iam_v1.projects.serviceAccounts.keys.html">keys()</a></code>
79</p>
80<p class="firstline">Returns the keys Resource.</p>
81
82<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070083 <code><a href="#create">create(name, body=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040084<p class="firstline">Creates a ServiceAccount</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080085<p class="toc_element">
Thomas Coffee2f245372017-03-27 10:39:26 -070086 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -070087<p class="firstline">Deletes a ServiceAccount.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080088<p class="toc_element">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070089 <code><a href="#disable">disable(name, body=None, x__xgafv=None)</a></code></p>
90<p class="firstline">DisableServiceAccount is currently in the alpha launch stage.</p>
91<p class="toc_element">
92 <code><a href="#enable">enable(name, body=None, x__xgafv=None)</a></code></p>
93<p class="firstline">EnableServiceAccount is currently in the alpha launch stage.</p>
94<p class="toc_element">
Thomas Coffee2f245372017-03-27 10:39:26 -070095 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -070096<p class="firstline">Gets a ServiceAccount.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080097<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070098 <code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070099<p class="firstline">Returns the Cloud IAM access control policy for a</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800100<p class="toc_element">
Bu Sun Kim65020912020-05-20 12:08:20 -0700101 <code><a href="#list">list(name, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700102<p class="firstline">Lists ServiceAccounts for a project.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800103<p class="toc_element">
104 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
105<p class="firstline">Retrieves the next page of results.</p>
106<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700107 <code><a href="#patch">patch(name, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700108<p class="firstline">Patches a ServiceAccount.</p>
109<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700110 <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700111<p class="firstline">Sets the Cloud IAM access control policy for a</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800112<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700113 <code><a href="#signBlob">signBlob(name, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700114<p class="firstline">**Note**: This method is in the process of being deprecated. Call the</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800115<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700116 <code><a href="#signJwt">signJwt(name, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700117<p class="firstline">**Note**: This method is in the process of being deprecated. Call the</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800118<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700119 <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400120<p class="firstline">Tests the specified permissions against the IAM access control policy</p>
121<p class="toc_element">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700122 <code><a href="#undelete">undelete(name, body=None, x__xgafv=None)</a></code></p>
123<p class="firstline">Restores a deleted ServiceAccount.</p>
124<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700125 <code><a href="#update">update(name, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700126<p class="firstline">Note: This method is in the process of being deprecated. Use</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800127<h3>Method Details</h3>
128<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700129 <code class="details" id="create">create(name, body=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400130 <pre>Creates a ServiceAccount
131and returns it.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800132
133Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400134 name: string, Required. The resource name of the project associated with the service
135accounts, such as `projects/my-project-123`. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700136 body: object, The request body.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800137 The object takes the form of:
138
139{ # The service account create request.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700140 &quot;accountId&quot;: &quot;A String&quot;, # Required. The account id that is used to generate the service account
141 # email address and a stable unique id. It is unique within a project,
142 # must be 6-30 characters long, and match the regular expression
143 # `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
Bu Sun Kim65020912020-05-20 12:08:20 -0700144 &quot;serviceAccount&quot;: { # A service account in the Identity and Access Management API. # The ServiceAccount resource to
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700145 # create. Currently, only the following values are user assignable:
Dan O'Mearadd494642020-05-01 07:42:23 -0700146 # `display_name` and `description`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400147 #
148 # To create a service account, specify the `project_id` and the `account_id`
149 # for the account. The `account_id` is unique within the project, and is used
150 # to generate the service account email address and a stable
151 # `unique_id`.
152 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700153 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700154 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
155 # can use the name in other methods to access the account.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400156 #
157 # All other methods can identify the service account using the format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700158 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
159 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
160 # the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400161 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700162 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
163 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700164 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
165 #
166 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
167 # project from the `account` and the `ACCOUNT` value can be the `email`
168 # address or the `unique_id` of the service account.
169 #
170 # In responses the resource name will always be in the format
171 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700172 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700173 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
174 # This is used in conjunction with the OAuth2 clientconfig API to make
175 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700176 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700177 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
178 # Must be less than or equal to 256 UTF-8 bytes.
179 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
180 # Must be less than or equal to 100 UTF-8 bytes.
181 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
182 # for backwards compatibility.
183 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
184 # The field is currently in alpha phase.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800185 },
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800186 }
187
188 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400189 Allowed values
190 1 - v1 error format
191 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800192
193Returns:
194 An object of the form:
195
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400196 { # A service account in the Identity and Access Management API.
197 #
198 # To create a service account, specify the `project_id` and the `account_id`
199 # for the account. The `account_id` is unique within the project, and is used
200 # to generate the service account email address and a stable
201 # `unique_id`.
202 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700203 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700204 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
205 # can use the name in other methods to access the account.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400206 #
207 # All other methods can identify the service account using the format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700208 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
209 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
210 # the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400211 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700212 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
213 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700214 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
215 #
216 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
217 # project from the `account` and the `ACCOUNT` value can be the `email`
218 # address or the `unique_id` of the service account.
219 #
220 # In responses the resource name will always be in the format
221 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700222 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700223 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
224 # This is used in conjunction with the OAuth2 clientconfig API to make
225 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700226 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700227 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
228 # Must be less than or equal to 256 UTF-8 bytes.
229 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
230 # Must be less than or equal to 100 UTF-8 bytes.
231 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
232 # for backwards compatibility.
233 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
234 # The field is currently in alpha phase.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800235 }</pre>
236</div>
237
238<div class="method">
Thomas Coffee2f245372017-03-27 10:39:26 -0700239 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700240 <pre>Deletes a ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800241
242Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700243 name: string, Required. The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700244`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
245Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
246the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400247`unique_id` of the service account. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800248 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400249 Allowed values
250 1 - v1 error format
251 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800252
253Returns:
254 An object of the form:
255
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400256 { # A generic empty message that you can re-use to avoid defining duplicated
257 # empty messages in your APIs. A typical example is to use it as the request
258 # or the response type of an API method. For instance:
259 #
260 # service Foo {
261 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
262 # }
263 #
264 # The JSON representation for `Empty` is empty JSON object `{}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800265 }</pre>
266</div>
267
268<div class="method">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700269 <code class="details" id="disable">disable(name, body=None, x__xgafv=None)</code>
270 <pre>DisableServiceAccount is currently in the alpha launch stage.
271
272Disables a ServiceAccount,
273which immediately prevents the service account from authenticating and
274gaining access to APIs.
275
276Disabled service accounts can be safely restored by using
277EnableServiceAccount at any point. Deleted service accounts cannot be
278restored using this method.
279
280Disabling a service account that is bound to VMs, Apps, Functions, or
281other jobs will cause those jobs to lose access to resources if they are
282using the disabled service account.
283
284To improve reliability of your services and avoid unexpected outages, it
285is recommended to first disable a service account rather than delete it.
286After disabling the service account, wait at least 24 hours to verify there
287are no unintended consequences, and then delete the service account.
288
289Args:
290 name: string, The resource name of the service account in the following format:
291`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
292Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
293the account. The `ACCOUNT` value can be the `email` address or the
294`unique_id` of the service account. (required)
295 body: object, The request body.
296 The object takes the form of:
297
298{ # The service account disable request.
299 }
300
301 x__xgafv: string, V1 error format.
302 Allowed values
303 1 - v1 error format
304 2 - v2 error format
305
306Returns:
307 An object of the form:
308
309 { # A generic empty message that you can re-use to avoid defining duplicated
310 # empty messages in your APIs. A typical example is to use it as the request
311 # or the response type of an API method. For instance:
312 #
313 # service Foo {
314 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
315 # }
316 #
317 # The JSON representation for `Empty` is empty JSON object `{}`.
318 }</pre>
319</div>
320
321<div class="method">
322 <code class="details" id="enable">enable(name, body=None, x__xgafv=None)</code>
323 <pre>EnableServiceAccount is currently in the alpha launch stage.
324
325 Restores a disabled ServiceAccount
326 that has been manually disabled by using DisableServiceAccount. Service
327 accounts that have been disabled by other means or for other reasons,
328 such as abuse, cannot be restored using this method.
329
330 EnableServiceAccount will have no effect on a service account that is
331 not disabled. Enabling an already enabled service account will have no
332 effect.
333
334Args:
335 name: string, The resource name of the service account in the following format:
Dan O'Mearadd494642020-05-01 07:42:23 -0700336`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700337Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
Dan O'Mearadd494642020-05-01 07:42:23 -0700338the account. The `ACCOUNT` value can be the `email` address or the
339`unique_id` of the service account. (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700340 body: object, The request body.
341 The object takes the form of:
342
343{ # The service account enable request.
344 }
345
346 x__xgafv: string, V1 error format.
347 Allowed values
348 1 - v1 error format
349 2 - v2 error format
350
351Returns:
352 An object of the form:
353
354 { # A generic empty message that you can re-use to avoid defining duplicated
355 # empty messages in your APIs. A typical example is to use it as the request
356 # or the response type of an API method. For instance:
357 #
358 # service Foo {
359 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
360 # }
361 #
362 # The JSON representation for `Empty` is empty JSON object `{}`.
363 }</pre>
364</div>
365
366<div class="method">
Thomas Coffee2f245372017-03-27 10:39:26 -0700367 <code class="details" id="get">get(name, x__xgafv=None)</code>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700368 <pre>Gets a ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800369
370Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700371 name: string, Required. The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700372`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
373Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
374the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400375`unique_id` of the service account. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800376 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400377 Allowed values
378 1 - v1 error format
379 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800380
381Returns:
382 An object of the form:
383
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400384 { # A service account in the Identity and Access Management API.
385 #
386 # To create a service account, specify the `project_id` and the `account_id`
387 # for the account. The `account_id` is unique within the project, and is used
388 # to generate the service account email address and a stable
389 # `unique_id`.
390 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700391 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700392 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
393 # can use the name in other methods to access the account.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400394 #
395 # All other methods can identify the service account using the format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700396 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
397 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
398 # the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400399 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700400 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
401 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700402 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
403 #
404 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
405 # project from the `account` and the `ACCOUNT` value can be the `email`
406 # address or the `unique_id` of the service account.
407 #
408 # In responses the resource name will always be in the format
409 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700410 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700411 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
412 # This is used in conjunction with the OAuth2 clientconfig API to make
413 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700414 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700415 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
416 # Must be less than or equal to 256 UTF-8 bytes.
417 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
418 # Must be less than or equal to 100 UTF-8 bytes.
419 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
420 # for backwards compatibility.
421 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
422 # The field is currently in alpha phase.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800423 }</pre>
424</div>
425
426<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700427 <code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700428 <pre>Returns the Cloud IAM access control policy for a
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400429ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800430
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700431Note: Service accounts are both
432[resources and
433identities](/iam/docs/service-accounts#service_account_permissions). This
434method treats the service account as a resource. It returns the Cloud IAM
435policy that reflects what members have access to the service account.
436
437This method does not return what resources the service account has access
438to. To see if a service account has access to a resource, call the
439`getIamPolicy` method on the target resource. For example, to view grants
440for a project, call the
441[projects.getIamPolicy](/resource-manager/reference/rest/v1/projects/getIamPolicy)
442method.
443
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800444Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400445 resource: string, REQUIRED: The resource for which the policy is being requested.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700446See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700447 options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.
448
449Valid values are 0, 1, and 3. Requests specifying an invalid value will be
450rejected.
451
452Requests for policies with any conditional bindings must specify version 3.
453Policies without any conditional bindings may specify any valid value or
454leave the field unset.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800455 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400456 Allowed values
457 1 - v1 error format
458 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800459
460Returns:
461 An object of the form:
462
Dan O'Mearadd494642020-05-01 07:42:23 -0700463 { # An Identity and Access Management (IAM) policy, which specifies access
464 # controls for Google Cloud resources.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400465 #
466 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700467 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
468 # `members` to a single `role`. Members can be user accounts, service accounts,
469 # Google groups, and domains (such as G Suite). A `role` is a named list of
470 # permissions; each `role` can be an IAM predefined role or a user-created
471 # custom role.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400472 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700473 # Optionally, a `binding` can specify a `condition`, which is a logical
474 # expression that allows access to a resource only if the expression evaluates
475 # to `true`. A condition can add constraints based on attributes of the
476 # request, the resource, or both.
477 #
478 # **JSON example:**
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400479 #
480 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700481 # &quot;bindings&quot;: [
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400482 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700483 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
484 # &quot;members&quot;: [
485 # &quot;user:mike@example.com&quot;,
486 # &quot;group:admins@example.com&quot;,
487 # &quot;domain:google.com&quot;,
488 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400489 # ]
490 # },
491 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700492 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
493 # &quot;members&quot;: [&quot;user:eve@example.com&quot;],
494 # &quot;condition&quot;: {
495 # &quot;title&quot;: &quot;expirable access&quot;,
496 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
497 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -0700498 # }
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400499 # }
Dan O'Mearadd494642020-05-01 07:42:23 -0700500 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700501 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
502 # &quot;version&quot;: 3
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400503 # }
504 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700505 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700506 #
507 # bindings:
508 # - members:
509 # - user:mike@example.com
510 # - group:admins@example.com
511 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -0700512 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
513 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700514 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -0700515 # - user:eve@example.com
516 # role: roles/resourcemanager.organizationViewer
517 # condition:
518 # title: expirable access
519 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -0700520 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -0700521 # - etag: BwWWja0YfJA=
522 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700523 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400524 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -0700525 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -0700526 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
527 # prevent simultaneous updates of a policy from overwriting each other.
528 # It is strongly suggested that systems make use of the `etag` in the
529 # read-modify-write cycle to perform policy updates in order to avoid race
530 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
531 # systems are expected to put that etag in the request to `setIamPolicy` to
532 # ensure that their change will be applied to the same version of the policy.
533 #
534 # **Important:** If you use IAM Conditions, you must include the `etag` field
535 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
536 # you to overwrite a version `3` policy with a version `1` policy, and all of
537 # the conditions in the version `3` policy are lost.
538 &quot;version&quot;: 42, # Specifies the format of the policy.
539 #
540 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
541 # are rejected.
542 #
543 # Any operation that affects conditional role bindings must specify version
544 # `3`. This requirement applies to the following operations:
545 #
546 # * Getting a policy that includes a conditional role binding
547 # * Adding a conditional role binding to a policy
548 # * Changing a conditional role binding in a policy
549 # * Removing any role binding, with or without a condition, from a policy
550 # that includes conditions
551 #
552 # **Important:** If you use IAM Conditions, you must include the `etag` field
553 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
554 # you to overwrite a version `3` policy with a version `1` policy, and all of
555 # the conditions in the version `3` policy are lost.
556 #
557 # If a policy does not include any conditions, operations on that policy may
558 # specify any valid version or leave the field unset.
559 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
560 { # Specifies the audit configuration for a service.
561 # The configuration determines which permission types are logged, and what
562 # identities, if any, are exempted from logging.
563 # An AuditConfig must have one or more AuditLogConfigs.
564 #
565 # If there are AuditConfigs for both `allServices` and a specific service,
566 # the union of the two AuditConfigs is used for that service: the log_types
567 # specified in each AuditConfig are enabled, and the exempted_members in each
568 # AuditLogConfig are exempted.
569 #
570 # Example Policy with multiple AuditConfigs:
571 #
572 # {
573 # &quot;audit_configs&quot;: [
574 # {
575 # &quot;service&quot;: &quot;allServices&quot;
576 # &quot;audit_log_configs&quot;: [
577 # {
578 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
579 # &quot;exempted_members&quot;: [
580 # &quot;user:jose@example.com&quot;
581 # ]
582 # },
583 # {
584 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
585 # },
586 # {
587 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
588 # }
589 # ]
590 # },
591 # {
592 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
593 # &quot;audit_log_configs&quot;: [
594 # {
595 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
596 # },
597 # {
598 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
599 # &quot;exempted_members&quot;: [
600 # &quot;user:aliya@example.com&quot;
601 # ]
602 # }
603 # ]
604 # }
605 # ]
606 # }
607 #
608 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
609 # logging. It also exempts jose@example.com from DATA_READ logging, and
610 # aliya@example.com from DATA_WRITE logging.
611 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
612 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
613 # `allServices` is a special value that covers all services.
614 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
615 { # Provides the configuration for logging a type of permissions.
616 # Example:
617 #
618 # {
619 # &quot;audit_log_configs&quot;: [
620 # {
621 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
622 # &quot;exempted_members&quot;: [
623 # &quot;user:jose@example.com&quot;
624 # ]
625 # },
626 # {
627 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
628 # }
629 # ]
630 # }
631 #
632 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
633 # jose@example.com from DATA_READ logging.
634 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
635 # permission.
636 # Follows the same format of Binding.members.
637 &quot;A String&quot;,
638 ],
639 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
640 },
641 ],
642 },
643 ],
644 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -0700645 # `condition` that determines how and when the `bindings` are applied. Each
646 # of the `bindings` must contain at least one member.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800647 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700648 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
649 # NOTE: An unsatisfied condition will not allow user access via current
650 # binding. Different bindings, including their conditions, are examined
651 # independently.
652 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
653 # are documented at https://github.com/google/cel-spec.
654 #
655 # Example (Comparison):
656 #
657 # title: &quot;Summary size limit&quot;
658 # description: &quot;Determines if a summary is less than 100 chars&quot;
659 # expression: &quot;document.summary.size() &lt; 100&quot;
660 #
661 # Example (Equality):
662 #
663 # title: &quot;Requestor is owner&quot;
664 # description: &quot;Determines if requestor is the document owner&quot;
665 # expression: &quot;document.owner == request.auth.claims.email&quot;
666 #
667 # Example (Logic):
668 #
669 # title: &quot;Public documents&quot;
670 # description: &quot;Determine whether the document should be publicly visible&quot;
671 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
672 #
673 # Example (Data Manipulation):
674 #
675 # title: &quot;Notification string&quot;
676 # description: &quot;Create a notification string with a timestamp.&quot;
677 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
678 #
679 # The exact variables and functions that may be referenced within an expression
680 # are determined by the service that evaluates it. See the service
681 # documentation for additional information.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700682 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
683 # describes the expression, e.g. when hovered over it in a UI.
684 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
685 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -0700686 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
687 # its purpose. This can be used e.g. in UIs which allow to enter the
688 # expression.
689 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
690 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim65020912020-05-20 12:08:20 -0700691 },
692 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400693 # `members` can have the following values:
694 #
695 # * `allUsers`: A special identifier that represents anyone who is
696 # on the internet; with or without a Google account.
697 #
698 # * `allAuthenticatedUsers`: A special identifier that represents anyone
699 # who is authenticated with a Google account or a service account.
700 #
701 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -0700702 # account. For example, `alice@example.com` .
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400703 #
704 #
705 # * `serviceAccount:{emailid}`: An email address that represents a service
706 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
707 #
708 # * `group:{emailid}`: An email address that represents a Google group.
709 # For example, `admins@example.com`.
710 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700711 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
712 # identifier) representing a user that has been recently deleted. For
713 # example, `alice@example.com?uid=123456789012345678901`. If the user is
714 # recovered, this value reverts to `user:{emailid}` and the recovered user
715 # retains the role in the binding.
716 #
717 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
718 # unique identifier) representing a service account that has been recently
719 # deleted. For example,
720 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
721 # If the service account is undeleted, this value reverts to
722 # `serviceAccount:{emailid}` and the undeleted service account retains the
723 # role in the binding.
724 #
725 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
726 # identifier) representing a Google group that has been recently
727 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
728 # the group is recovered, this value reverts to `group:{emailid}` and the
729 # recovered group retains the role in the binding.
730 #
Sai Cheemalapati4ba8c232017-06-06 18:46:08 -0400731 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700732 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400733 # users of that domain. For example, `google.com` or `example.com`.
734 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700735 &quot;A String&quot;,
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800736 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700737 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
738 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700739 },
740 ],
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800741 }</pre>
742</div>
743
744<div class="method">
Bu Sun Kim65020912020-05-20 12:08:20 -0700745 <code class="details" id="list">list(name, pageToken=None, pageSize=None, x__xgafv=None)</code>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700746 <pre>Lists ServiceAccounts for a project.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800747
748Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400749 name: string, Required. The resource name of the project associated with the service
750accounts, such as `projects/my-project-123`. (required)
751 pageToken: string, Optional pagination token returned in an earlier
752ListServiceAccountsResponse.next_page_token.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400753 pageSize: integer, Optional limit on the number of service accounts to include in the
754response. Further accounts can subsequently be obtained by including the
755ListServiceAccountsResponse.next_page_token
756in a subsequent request.
Bu Sun Kim65020912020-05-20 12:08:20 -0700757 x__xgafv: string, V1 error format.
758 Allowed values
759 1 - v1 error format
760 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800761
762Returns:
763 An object of the form:
764
765 { # The service account list response.
Bu Sun Kim65020912020-05-20 12:08:20 -0700766 &quot;nextPageToken&quot;: &quot;A String&quot;, # To retrieve the next page of results, set
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400767 # ListServiceAccountsRequest.page_token
768 # to this value.
Bu Sun Kim65020912020-05-20 12:08:20 -0700769 &quot;accounts&quot;: [ # The list of matching service accounts.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400770 { # A service account in the Identity and Access Management API.
771 #
772 # To create a service account, specify the `project_id` and the `account_id`
773 # for the account. The `account_id` is unique within the project, and is used
774 # to generate the service account email address and a stable
775 # `unique_id`.
776 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700777 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700778 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
779 # can use the name in other methods to access the account.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400780 #
781 # All other methods can identify the service account using the format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700782 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
783 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
784 # the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400785 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700786 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
787 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700788 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
789 #
790 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
791 # project from the `account` and the `ACCOUNT` value can be the `email`
792 # address or the `unique_id` of the service account.
793 #
794 # In responses the resource name will always be in the format
795 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700796 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700797 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
798 # This is used in conjunction with the OAuth2 clientconfig API to make
799 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700800 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700801 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
802 # Must be less than or equal to 256 UTF-8 bytes.
803 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
804 # Must be less than or equal to 100 UTF-8 bytes.
805 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
806 # for backwards compatibility.
807 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
808 # The field is currently in alpha phase.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800809 },
810 ],
811 }</pre>
812</div>
813
814<div class="method">
815 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
816 <pre>Retrieves the next page of results.
817
818Args:
819 previous_request: The request for the previous page. (required)
820 previous_response: The response from the request for the previous page. (required)
821
822Returns:
Bu Sun Kim65020912020-05-20 12:08:20 -0700823 A request object that you can call &#x27;execute()&#x27; on to request the next
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800824 page. Returns None if there are no more items in the collection.
825 </pre>
826</div>
827
828<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700829 <code class="details" id="patch">patch(name, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700830 <pre>Patches a ServiceAccount.
831
832Currently, only the following fields are updatable:
833`display_name` and `description`.
834
835Only fields specified in the request are guaranteed to be returned in
836the response. Other fields in the response may be empty.
837
838Note: The field mask is required.
839
840Args:
841 name: string, The resource name of the service account in the following format:
842`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
843
844Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
845project from the `account` and the `ACCOUNT` value can be the `email`
846address or the `unique_id` of the service account.
847
848In responses the resource name will always be in the format
849`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700850 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700851 The object takes the form of:
852
853{ # The patch service account request.
Bu Sun Kim65020912020-05-20 12:08:20 -0700854 &quot;serviceAccount&quot;: { # A service account in the Identity and Access Management API.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700855 #
856 # To create a service account, specify the `project_id` and the `account_id`
857 # for the account. The `account_id` is unique within the project, and is used
858 # to generate the service account email address and a stable
859 # `unique_id`.
860 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700861 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700862 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
863 # can use the name in other methods to access the account.
864 #
865 # All other methods can identify the service account using the format
866 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
867 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
868 # the account. The `ACCOUNT` value can be the `email` address or the
869 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700870 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
871 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700872 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
873 #
874 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
875 # project from the `account` and the `ACCOUNT` value can be the `email`
876 # address or the `unique_id` of the service account.
877 #
878 # In responses the resource name will always be in the format
879 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700880 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700881 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
882 # This is used in conjunction with the OAuth2 clientconfig API to make
883 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700884 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700885 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
886 # Must be less than or equal to 256 UTF-8 bytes.
887 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
888 # Must be less than or equal to 100 UTF-8 bytes.
889 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
890 # for backwards compatibility.
891 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
892 # The field is currently in alpha phase.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700893 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700894 &quot;updateMask&quot;: &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700895 }
896
897 x__xgafv: string, V1 error format.
898 Allowed values
899 1 - v1 error format
900 2 - v2 error format
901
902Returns:
903 An object of the form:
904
905 { # A service account in the Identity and Access Management API.
906 #
907 # To create a service account, specify the `project_id` and the `account_id`
908 # for the account. The `account_id` is unique within the project, and is used
909 # to generate the service account email address and a stable
910 # `unique_id`.
911 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700912 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700913 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
914 # can use the name in other methods to access the account.
915 #
916 # All other methods can identify the service account using the format
917 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
918 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
919 # the account. The `ACCOUNT` value can be the `email` address or the
920 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700921 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
922 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700923 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
924 #
925 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
926 # project from the `account` and the `ACCOUNT` value can be the `email`
927 # address or the `unique_id` of the service account.
928 #
929 # In responses the resource name will always be in the format
930 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700931 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700932 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
933 # This is used in conjunction with the OAuth2 clientconfig API to make
934 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700935 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -0700936 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
937 # Must be less than or equal to 256 UTF-8 bytes.
938 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
939 # Must be less than or equal to 100 UTF-8 bytes.
940 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
941 # for backwards compatibility.
942 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
943 # The field is currently in alpha phase.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700944 }</pre>
945</div>
946
947<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700948 <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700949 <pre>Sets the Cloud IAM access control policy for a
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400950ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800951
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700952Note: Service accounts are both
953[resources and
954identities](/iam/docs/service-accounts#service_account_permissions). This
955method treats the service account as a resource. Use it to grant members
956access to the service account, such as when they need to impersonate it.
957
958This method does not grant the service account access to other resources,
959such as projects. To grant a service account access to resources, include
960the service account in the Cloud IAM policy for the desired resource, then
961call the appropriate `setIamPolicy` method on the target resource. For
962example, to grant a service account access to a project, call the
963[projects.setIamPolicy](/resource-manager/reference/rest/v1/projects/setIamPolicy)
964method.
965
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800966Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400967 resource: string, REQUIRED: The resource for which the policy is being specified.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700968See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700969 body: object, The request body.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800970 The object takes the form of:
971
972{ # Request message for `SetIamPolicy` method.
Bu Sun Kim65020912020-05-20 12:08:20 -0700973 &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400974 # the policy is limited to a few 10s of KB. An empty policy is a
975 # valid policy but certain Cloud Platform services (such as Projects)
976 # might reject them.
Dan O'Mearadd494642020-05-01 07:42:23 -0700977 # controls for Google Cloud resources.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400978 #
979 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700980 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
981 # `members` to a single `role`. Members can be user accounts, service accounts,
982 # Google groups, and domains (such as G Suite). A `role` is a named list of
983 # permissions; each `role` can be an IAM predefined role or a user-created
984 # custom role.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400985 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700986 # Optionally, a `binding` can specify a `condition`, which is a logical
987 # expression that allows access to a resource only if the expression evaluates
988 # to `true`. A condition can add constraints based on attributes of the
989 # request, the resource, or both.
990 #
991 # **JSON example:**
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400992 #
993 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700994 # &quot;bindings&quot;: [
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400995 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700996 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
997 # &quot;members&quot;: [
998 # &quot;user:mike@example.com&quot;,
999 # &quot;group:admins@example.com&quot;,
1000 # &quot;domain:google.com&quot;,
1001 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001002 # ]
1003 # },
1004 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001005 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1006 # &quot;members&quot;: [&quot;user:eve@example.com&quot;],
1007 # &quot;condition&quot;: {
1008 # &quot;title&quot;: &quot;expirable access&quot;,
1009 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1010 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -07001011 # }
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001012 # }
Dan O'Mearadd494642020-05-01 07:42:23 -07001013 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001014 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1015 # &quot;version&quot;: 3
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001016 # }
1017 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001018 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001019 #
1020 # bindings:
1021 # - members:
1022 # - user:mike@example.com
1023 # - group:admins@example.com
1024 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -07001025 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1026 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001027 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -07001028 # - user:eve@example.com
1029 # role: roles/resourcemanager.organizationViewer
1030 # condition:
1031 # title: expirable access
1032 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -07001033 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -07001034 # - etag: BwWWja0YfJA=
1035 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001036 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001037 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -07001038 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07001039 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1040 # prevent simultaneous updates of a policy from overwriting each other.
1041 # It is strongly suggested that systems make use of the `etag` in the
1042 # read-modify-write cycle to perform policy updates in order to avoid race
1043 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1044 # systems are expected to put that etag in the request to `setIamPolicy` to
1045 # ensure that their change will be applied to the same version of the policy.
1046 #
1047 # **Important:** If you use IAM Conditions, you must include the `etag` field
1048 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1049 # you to overwrite a version `3` policy with a version `1` policy, and all of
1050 # the conditions in the version `3` policy are lost.
1051 &quot;version&quot;: 42, # Specifies the format of the policy.
1052 #
1053 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1054 # are rejected.
1055 #
1056 # Any operation that affects conditional role bindings must specify version
1057 # `3`. This requirement applies to the following operations:
1058 #
1059 # * Getting a policy that includes a conditional role binding
1060 # * Adding a conditional role binding to a policy
1061 # * Changing a conditional role binding in a policy
1062 # * Removing any role binding, with or without a condition, from a policy
1063 # that includes conditions
1064 #
1065 # **Important:** If you use IAM Conditions, you must include the `etag` field
1066 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1067 # you to overwrite a version `3` policy with a version `1` policy, and all of
1068 # the conditions in the version `3` policy are lost.
1069 #
1070 # If a policy does not include any conditions, operations on that policy may
1071 # specify any valid version or leave the field unset.
1072 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1073 { # Specifies the audit configuration for a service.
1074 # The configuration determines which permission types are logged, and what
1075 # identities, if any, are exempted from logging.
1076 # An AuditConfig must have one or more AuditLogConfigs.
1077 #
1078 # If there are AuditConfigs for both `allServices` and a specific service,
1079 # the union of the two AuditConfigs is used for that service: the log_types
1080 # specified in each AuditConfig are enabled, and the exempted_members in each
1081 # AuditLogConfig are exempted.
1082 #
1083 # Example Policy with multiple AuditConfigs:
1084 #
1085 # {
1086 # &quot;audit_configs&quot;: [
1087 # {
1088 # &quot;service&quot;: &quot;allServices&quot;
1089 # &quot;audit_log_configs&quot;: [
1090 # {
1091 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1092 # &quot;exempted_members&quot;: [
1093 # &quot;user:jose@example.com&quot;
1094 # ]
1095 # },
1096 # {
1097 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1098 # },
1099 # {
1100 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
1101 # }
1102 # ]
1103 # },
1104 # {
1105 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
1106 # &quot;audit_log_configs&quot;: [
1107 # {
1108 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1109 # },
1110 # {
1111 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1112 # &quot;exempted_members&quot;: [
1113 # &quot;user:aliya@example.com&quot;
1114 # ]
1115 # }
1116 # ]
1117 # }
1118 # ]
1119 # }
1120 #
1121 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1122 # logging. It also exempts jose@example.com from DATA_READ logging, and
1123 # aliya@example.com from DATA_WRITE logging.
1124 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1125 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1126 # `allServices` is a special value that covers all services.
1127 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1128 { # Provides the configuration for logging a type of permissions.
1129 # Example:
1130 #
1131 # {
1132 # &quot;audit_log_configs&quot;: [
1133 # {
1134 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1135 # &quot;exempted_members&quot;: [
1136 # &quot;user:jose@example.com&quot;
1137 # ]
1138 # },
1139 # {
1140 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1141 # }
1142 # ]
1143 # }
1144 #
1145 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1146 # jose@example.com from DATA_READ logging.
1147 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1148 # permission.
1149 # Follows the same format of Binding.members.
1150 &quot;A String&quot;,
1151 ],
1152 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
1153 },
1154 ],
1155 },
1156 ],
1157 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -07001158 # `condition` that determines how and when the `bindings` are applied. Each
1159 # of the `bindings` must contain at least one member.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001160 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001161 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1162 # NOTE: An unsatisfied condition will not allow user access via current
1163 # binding. Different bindings, including their conditions, are examined
1164 # independently.
1165 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1166 # are documented at https://github.com/google/cel-spec.
1167 #
1168 # Example (Comparison):
1169 #
1170 # title: &quot;Summary size limit&quot;
1171 # description: &quot;Determines if a summary is less than 100 chars&quot;
1172 # expression: &quot;document.summary.size() &lt; 100&quot;
1173 #
1174 # Example (Equality):
1175 #
1176 # title: &quot;Requestor is owner&quot;
1177 # description: &quot;Determines if requestor is the document owner&quot;
1178 # expression: &quot;document.owner == request.auth.claims.email&quot;
1179 #
1180 # Example (Logic):
1181 #
1182 # title: &quot;Public documents&quot;
1183 # description: &quot;Determine whether the document should be publicly visible&quot;
1184 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1185 #
1186 # Example (Data Manipulation):
1187 #
1188 # title: &quot;Notification string&quot;
1189 # description: &quot;Create a notification string with a timestamp.&quot;
1190 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1191 #
1192 # The exact variables and functions that may be referenced within an expression
1193 # are determined by the service that evaluates it. See the service
1194 # documentation for additional information.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001195 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1196 # describes the expression, e.g. when hovered over it in a UI.
1197 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1198 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -07001199 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1200 # its purpose. This can be used e.g. in UIs which allow to enter the
1201 # expression.
1202 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1203 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim65020912020-05-20 12:08:20 -07001204 },
1205 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001206 # `members` can have the following values:
1207 #
1208 # * `allUsers`: A special identifier that represents anyone who is
1209 # on the internet; with or without a Google account.
1210 #
1211 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1212 # who is authenticated with a Google account or a service account.
1213 #
1214 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -07001215 # account. For example, `alice@example.com` .
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001216 #
1217 #
1218 # * `serviceAccount:{emailid}`: An email address that represents a service
1219 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1220 #
1221 # * `group:{emailid}`: An email address that represents a Google group.
1222 # For example, `admins@example.com`.
1223 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001224 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1225 # identifier) representing a user that has been recently deleted. For
1226 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1227 # recovered, this value reverts to `user:{emailid}` and the recovered user
1228 # retains the role in the binding.
1229 #
1230 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1231 # unique identifier) representing a service account that has been recently
1232 # deleted. For example,
1233 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1234 # If the service account is undeleted, this value reverts to
1235 # `serviceAccount:{emailid}` and the undeleted service account retains the
1236 # role in the binding.
1237 #
1238 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1239 # identifier) representing a Google group that has been recently
1240 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1241 # the group is recovered, this value reverts to `group:{emailid}` and the
1242 # recovered group retains the role in the binding.
1243 #
Sai Cheemalapati4ba8c232017-06-06 18:46:08 -04001244 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001245 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001246 # users of that domain. For example, `google.com` or `example.com`.
1247 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001248 &quot;A String&quot;,
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001249 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001250 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1251 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001252 },
1253 ],
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001254 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001255 &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001256 # the fields in the mask will be modified. If no mask is provided, the
1257 # following default mask is used:
Bu Sun Kim65020912020-05-20 12:08:20 -07001258 # paths: &quot;bindings, etag&quot;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001259 # This field is only used by Cloud IAM.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001260 }
1261
1262 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001263 Allowed values
1264 1 - v1 error format
1265 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001266
1267Returns:
1268 An object of the form:
1269
Dan O'Mearadd494642020-05-01 07:42:23 -07001270 { # An Identity and Access Management (IAM) policy, which specifies access
1271 # controls for Google Cloud resources.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001272 #
1273 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001274 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1275 # `members` to a single `role`. Members can be user accounts, service accounts,
1276 # Google groups, and domains (such as G Suite). A `role` is a named list of
1277 # permissions; each `role` can be an IAM predefined role or a user-created
1278 # custom role.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001279 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001280 # Optionally, a `binding` can specify a `condition`, which is a logical
1281 # expression that allows access to a resource only if the expression evaluates
1282 # to `true`. A condition can add constraints based on attributes of the
1283 # request, the resource, or both.
1284 #
1285 # **JSON example:**
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001286 #
1287 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001288 # &quot;bindings&quot;: [
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001289 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001290 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
1291 # &quot;members&quot;: [
1292 # &quot;user:mike@example.com&quot;,
1293 # &quot;group:admins@example.com&quot;,
1294 # &quot;domain:google.com&quot;,
1295 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001296 # ]
1297 # },
1298 # {
Bu Sun Kim65020912020-05-20 12:08:20 -07001299 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1300 # &quot;members&quot;: [&quot;user:eve@example.com&quot;],
1301 # &quot;condition&quot;: {
1302 # &quot;title&quot;: &quot;expirable access&quot;,
1303 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1304 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -07001305 # }
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001306 # }
Dan O'Mearadd494642020-05-01 07:42:23 -07001307 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001308 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1309 # &quot;version&quot;: 3
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001310 # }
1311 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001312 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001313 #
1314 # bindings:
1315 # - members:
1316 # - user:mike@example.com
1317 # - group:admins@example.com
1318 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -07001319 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1320 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001321 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -07001322 # - user:eve@example.com
1323 # role: roles/resourcemanager.organizationViewer
1324 # condition:
1325 # title: expirable access
1326 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -07001327 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -07001328 # - etag: BwWWja0YfJA=
1329 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001330 #
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001331 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -07001332 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07001333 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1334 # prevent simultaneous updates of a policy from overwriting each other.
1335 # It is strongly suggested that systems make use of the `etag` in the
1336 # read-modify-write cycle to perform policy updates in order to avoid race
1337 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1338 # systems are expected to put that etag in the request to `setIamPolicy` to
1339 # ensure that their change will be applied to the same version of the policy.
1340 #
1341 # **Important:** If you use IAM Conditions, you must include the `etag` field
1342 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1343 # you to overwrite a version `3` policy with a version `1` policy, and all of
1344 # the conditions in the version `3` policy are lost.
1345 &quot;version&quot;: 42, # Specifies the format of the policy.
1346 #
1347 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1348 # are rejected.
1349 #
1350 # Any operation that affects conditional role bindings must specify version
1351 # `3`. This requirement applies to the following operations:
1352 #
1353 # * Getting a policy that includes a conditional role binding
1354 # * Adding a conditional role binding to a policy
1355 # * Changing a conditional role binding in a policy
1356 # * Removing any role binding, with or without a condition, from a policy
1357 # that includes conditions
1358 #
1359 # **Important:** If you use IAM Conditions, you must include the `etag` field
1360 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1361 # you to overwrite a version `3` policy with a version `1` policy, and all of
1362 # the conditions in the version `3` policy are lost.
1363 #
1364 # If a policy does not include any conditions, operations on that policy may
1365 # specify any valid version or leave the field unset.
1366 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1367 { # Specifies the audit configuration for a service.
1368 # The configuration determines which permission types are logged, and what
1369 # identities, if any, are exempted from logging.
1370 # An AuditConfig must have one or more AuditLogConfigs.
1371 #
1372 # If there are AuditConfigs for both `allServices` and a specific service,
1373 # the union of the two AuditConfigs is used for that service: the log_types
1374 # specified in each AuditConfig are enabled, and the exempted_members in each
1375 # AuditLogConfig are exempted.
1376 #
1377 # Example Policy with multiple AuditConfigs:
1378 #
1379 # {
1380 # &quot;audit_configs&quot;: [
1381 # {
1382 # &quot;service&quot;: &quot;allServices&quot;
1383 # &quot;audit_log_configs&quot;: [
1384 # {
1385 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1386 # &quot;exempted_members&quot;: [
1387 # &quot;user:jose@example.com&quot;
1388 # ]
1389 # },
1390 # {
1391 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1392 # },
1393 # {
1394 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
1395 # }
1396 # ]
1397 # },
1398 # {
1399 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
1400 # &quot;audit_log_configs&quot;: [
1401 # {
1402 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1403 # },
1404 # {
1405 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1406 # &quot;exempted_members&quot;: [
1407 # &quot;user:aliya@example.com&quot;
1408 # ]
1409 # }
1410 # ]
1411 # }
1412 # ]
1413 # }
1414 #
1415 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1416 # logging. It also exempts jose@example.com from DATA_READ logging, and
1417 # aliya@example.com from DATA_WRITE logging.
1418 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1419 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1420 # `allServices` is a special value that covers all services.
1421 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1422 { # Provides the configuration for logging a type of permissions.
1423 # Example:
1424 #
1425 # {
1426 # &quot;audit_log_configs&quot;: [
1427 # {
1428 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1429 # &quot;exempted_members&quot;: [
1430 # &quot;user:jose@example.com&quot;
1431 # ]
1432 # },
1433 # {
1434 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1435 # }
1436 # ]
1437 # }
1438 #
1439 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1440 # jose@example.com from DATA_READ logging.
1441 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1442 # permission.
1443 # Follows the same format of Binding.members.
1444 &quot;A String&quot;,
1445 ],
1446 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
1447 },
1448 ],
1449 },
1450 ],
1451 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
Dan O'Mearadd494642020-05-01 07:42:23 -07001452 # `condition` that determines how and when the `bindings` are applied. Each
1453 # of the `bindings` must contain at least one member.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001454 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001455 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1456 # NOTE: An unsatisfied condition will not allow user access via current
1457 # binding. Different bindings, including their conditions, are examined
1458 # independently.
1459 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1460 # are documented at https://github.com/google/cel-spec.
1461 #
1462 # Example (Comparison):
1463 #
1464 # title: &quot;Summary size limit&quot;
1465 # description: &quot;Determines if a summary is less than 100 chars&quot;
1466 # expression: &quot;document.summary.size() &lt; 100&quot;
1467 #
1468 # Example (Equality):
1469 #
1470 # title: &quot;Requestor is owner&quot;
1471 # description: &quot;Determines if requestor is the document owner&quot;
1472 # expression: &quot;document.owner == request.auth.claims.email&quot;
1473 #
1474 # Example (Logic):
1475 #
1476 # title: &quot;Public documents&quot;
1477 # description: &quot;Determine whether the document should be publicly visible&quot;
1478 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1479 #
1480 # Example (Data Manipulation):
1481 #
1482 # title: &quot;Notification string&quot;
1483 # description: &quot;Create a notification string with a timestamp.&quot;
1484 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1485 #
1486 # The exact variables and functions that may be referenced within an expression
1487 # are determined by the service that evaluates it. See the service
1488 # documentation for additional information.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001489 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1490 # describes the expression, e.g. when hovered over it in a UI.
1491 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1492 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -07001493 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1494 # its purpose. This can be used e.g. in UIs which allow to enter the
1495 # expression.
1496 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1497 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim65020912020-05-20 12:08:20 -07001498 },
1499 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001500 # `members` can have the following values:
1501 #
1502 # * `allUsers`: A special identifier that represents anyone who is
1503 # on the internet; with or without a Google account.
1504 #
1505 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1506 # who is authenticated with a Google account or a service account.
1507 #
1508 # * `user:{emailid}`: An email address that represents a specific Google
Dan O'Mearadd494642020-05-01 07:42:23 -07001509 # account. For example, `alice@example.com` .
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001510 #
1511 #
1512 # * `serviceAccount:{emailid}`: An email address that represents a service
1513 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1514 #
1515 # * `group:{emailid}`: An email address that represents a Google group.
1516 # For example, `admins@example.com`.
1517 #
Dan O'Mearadd494642020-05-01 07:42:23 -07001518 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1519 # identifier) representing a user that has been recently deleted. For
1520 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1521 # recovered, this value reverts to `user:{emailid}` and the recovered user
1522 # retains the role in the binding.
1523 #
1524 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1525 # unique identifier) representing a service account that has been recently
1526 # deleted. For example,
1527 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1528 # If the service account is undeleted, this value reverts to
1529 # `serviceAccount:{emailid}` and the undeleted service account retains the
1530 # role in the binding.
1531 #
1532 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1533 # identifier) representing a Google group that has been recently
1534 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1535 # the group is recovered, this value reverts to `group:{emailid}` and the
1536 # recovered group retains the role in the binding.
1537 #
Sai Cheemalapati4ba8c232017-06-06 18:46:08 -04001538 #
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001539 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001540 # users of that domain. For example, `google.com` or `example.com`.
1541 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001542 &quot;A String&quot;,
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001543 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001544 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1545 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001546 },
1547 ],
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001548 }</pre>
1549</div>
1550
1551<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001552 <code class="details" id="signBlob">signBlob(name, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001553 <pre>**Note**: This method is in the process of being deprecated. Call the
1554[`signBlob()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/signBlob)
1555method of the Cloud IAM Service Account Credentials API instead.
1556
Bu Sun Kim65020912020-05-20 12:08:20 -07001557Signs a blob using a service account&#x27;s system-managed private key.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001558
1559Args:
Dan O'Mearadd494642020-05-01 07:42:23 -07001560 name: string, Required. The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001561`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1562Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
1563the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001564`unique_id` of the service account. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001565 body: object, The request body.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001566 The object takes the form of:
1567
1568{ # The service account sign blob request.
Bu Sun Kim65020912020-05-20 12:08:20 -07001569 &quot;bytesToSign&quot;: &quot;A String&quot;, # Required. The bytes to sign.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001570 }
1571
1572 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001573 Allowed values
1574 1 - v1 error format
1575 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001576
1577Returns:
1578 An object of the form:
1579
1580 { # The service account sign blob response.
Bu Sun Kim65020912020-05-20 12:08:20 -07001581 &quot;signature&quot;: &quot;A String&quot;, # The signed blob.
1582 &quot;keyId&quot;: &quot;A String&quot;, # The id of the key used to sign the blob.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001583 }</pre>
1584</div>
1585
1586<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001587 <code class="details" id="signJwt">signJwt(name, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001588 <pre>**Note**: This method is in the process of being deprecated. Call the
1589[`signJwt()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/signJwt)
1590method of the Cloud IAM Service Account Credentials API instead.
1591
Bu Sun Kim65020912020-05-20 12:08:20 -07001592Signs a JWT using a service account&#x27;s system-managed private key.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001593
1594If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an
1595an expiry time of one hour by default. If you request an expiry time of
1596more than one hour, the request will fail.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001597
1598Args:
Dan O'Mearadd494642020-05-01 07:42:23 -07001599 name: string, Required. The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001600`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1601Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
1602the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001603`unique_id` of the service account. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001604 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001605 The object takes the form of:
1606
1607{ # The service account sign JWT request.
Bu Sun Kim65020912020-05-20 12:08:20 -07001608 &quot;payload&quot;: &quot;A String&quot;, # Required. The JWT payload to sign, a JSON JWT Claim set.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001609 }
1610
1611 x__xgafv: string, V1 error format.
1612 Allowed values
1613 1 - v1 error format
1614 2 - v2 error format
1615
1616Returns:
1617 An object of the form:
1618
1619 { # The service account sign JWT response.
Bu Sun Kim65020912020-05-20 12:08:20 -07001620 &quot;keyId&quot;: &quot;A String&quot;, # The id of the key used to sign the JWT.
1621 &quot;signedJwt&quot;: &quot;A String&quot;, # The signed JWT.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001622 }</pre>
1623</div>
1624
1625<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001626 <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001627 <pre>Tests the specified permissions against the IAM access control policy
1628for a ServiceAccount.
1629
1630Args:
1631 resource: string, REQUIRED: The resource for which the policy detail is being requested.
Sai Cheemalapatie833b792017-03-24 15:06:46 -07001632See the operation documentation for the appropriate value for this field. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001633 body: object, The request body.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001634 The object takes the form of:
1635
1636{ # Request message for `TestIamPermissions` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07001637 &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
1638 # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001639 # information see
1640 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
Bu Sun Kim65020912020-05-20 12:08:20 -07001641 &quot;A String&quot;,
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001642 ],
1643 }
1644
1645 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001646 Allowed values
1647 1 - v1 error format
1648 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001649
1650Returns:
1651 An object of the form:
1652
1653 { # Response message for `TestIamPermissions` method.
Bu Sun Kim65020912020-05-20 12:08:20 -07001654 &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001655 # allowed.
Bu Sun Kim65020912020-05-20 12:08:20 -07001656 &quot;A String&quot;,
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001657 ],
1658 }</pre>
1659</div>
1660
1661<div class="method">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001662 <code class="details" id="undelete">undelete(name, body=None, x__xgafv=None)</code>
1663 <pre>Restores a deleted ServiceAccount.
1664This is to be used as an action of last resort. A service account may
1665not always be restorable.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001666
1667Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001668 name: string, The resource name of the service account in the following format:
Dan O'Mearadd494642020-05-01 07:42:23 -07001669`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001670Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
1671the account. (required)
1672 body: object, The request body.
1673 The object takes the form of:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001674
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001675{ # The service account undelete request.
1676 }
1677
1678 x__xgafv: string, V1 error format.
1679 Allowed values
1680 1 - v1 error format
1681 2 - v2 error format
1682
1683Returns:
1684 An object of the form:
1685
1686 {
Bu Sun Kim65020912020-05-20 12:08:20 -07001687 &quot;restoredAccount&quot;: { # A service account in the Identity and Access Management API. # Metadata for the restored service account.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001688 #
1689 # To create a service account, specify the `project_id` and the `account_id`
1690 # for the account. The `account_id` is unique within the project, and is used
1691 # to generate the service account email address and a stable
1692 # `unique_id`.
1693 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001694 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001695 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
1696 # can use the name in other methods to access the account.
1697 #
1698 # All other methods can identify the service account using the format
1699 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1700 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
1701 # the account. The `ACCOUNT` value can be the `email` address or the
1702 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001703 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
1704 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001705 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1706 #
1707 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
1708 # project from the `account` and the `ACCOUNT` value can be the `email`
1709 # address or the `unique_id` of the service account.
1710 #
1711 # In responses the resource name will always be in the format
1712 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001713 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001714 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
1715 # This is used in conjunction with the OAuth2 clientconfig API to make
1716 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001717 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001718 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
1719 # Must be less than or equal to 256 UTF-8 bytes.
1720 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
1721 # Must be less than or equal to 100 UTF-8 bytes.
1722 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
1723 # for backwards compatibility.
1724 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
1725 # The field is currently in alpha phase.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001726 },
1727 }</pre>
1728</div>
1729
1730<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -07001731 <code class="details" id="update">update(name, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001732 <pre>Note: This method is in the process of being deprecated. Use
1733PatchServiceAccount instead.
1734
1735Updates a ServiceAccount.
1736
1737Currently, only the following fields are updatable:
1738`display_name` and `description`.
1739
1740Args:
1741 name: string, The resource name of the service account in the following format:
1742`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1743
1744Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
1745project from the `account` and the `ACCOUNT` value can be the `email`
1746address or the `unique_id` of the service account.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001747
1748In responses the resource name will always be in the format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001749`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001750 body: object, The request body.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001751 The object takes the form of:
1752
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001753{ # A service account in the Identity and Access Management API.
1754 #
1755 # To create a service account, specify the `project_id` and the `account_id`
1756 # for the account. The `account_id` is unique within the project, and is used
1757 # to generate the service account email address and a stable
1758 # `unique_id`.
1759 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001760 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001761 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
1762 # can use the name in other methods to access the account.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001763 #
1764 # All other methods can identify the service account using the format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001765 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1766 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
1767 # the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001768 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001769 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
1770 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001771 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1772 #
1773 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
1774 # project from the `account` and the `ACCOUNT` value can be the `email`
1775 # address or the `unique_id` of the service account.
1776 #
1777 # In responses the resource name will always be in the format
1778 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001779 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001780 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
1781 # This is used in conjunction with the OAuth2 clientconfig API to make
1782 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001783 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001784 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
1785 # Must be less than or equal to 256 UTF-8 bytes.
1786 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
1787 # Must be less than or equal to 100 UTF-8 bytes.
1788 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
1789 # for backwards compatibility.
1790 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
1791 # The field is currently in alpha phase.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001792}
1793
1794 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001795 Allowed values
1796 1 - v1 error format
1797 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001798
1799Returns:
1800 An object of the form:
1801
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001802 { # A service account in the Identity and Access Management API.
1803 #
1804 # To create a service account, specify the `project_id` and the `account_id`
1805 # for the account. The `account_id` is unique within the project, and is used
1806 # to generate the service account email address and a stable
1807 # `unique_id`.
1808 #
Bu Sun Kim65020912020-05-20 12:08:20 -07001809 # If the account already exists, the account&#x27;s resource name is returned
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001810 # in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller
1811 # can use the name in other methods to access the account.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001812 #
1813 # All other methods can identify the service account using the format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001814 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1815 # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
1816 # the account. The `ACCOUNT` value can be the `email` address or the
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001817 # `unique_id` of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001818 &quot;email&quot;: &quot;A String&quot;, # @OutputOnly The email address of the service account.
1819 &quot;name&quot;: &quot;A String&quot;, # The resource name of the service account in the following format:
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001820 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
1821 #
1822 # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
1823 # project from the `account` and the `ACCOUNT` value can be the `email`
1824 # address or the `unique_id` of the service account.
1825 #
1826 # In responses the resource name will always be in the format
1827 # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001828 &quot;projectId&quot;: &quot;A String&quot;, # @OutputOnly The id of the project that owns the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001829 &quot;oauth2ClientId&quot;: &quot;A String&quot;, # @OutputOnly The OAuth2 client id for the service account.
1830 # This is used in conjunction with the OAuth2 clientconfig API to make
1831 # three legged OAuth2 (3LO) flows to access the data of Google users.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001832 &quot;uniqueId&quot;: &quot;A String&quot;, # @OutputOnly The unique and stable id of the service account.
Bu Sun Kim65020912020-05-20 12:08:20 -07001833 &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
1834 # Must be less than or equal to 256 UTF-8 bytes.
1835 &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
1836 # Must be less than or equal to 100 UTF-8 bytes.
1837 &quot;etag&quot;: &quot;A String&quot;, # Optional. Note: `etag` is an inoperable legacy field that is only returned
1838 # for backwards compatibility.
1839 &quot;disabled&quot;: True or False, # @OutputOnly A bool indicate if the service account is disabled.
1840 # The field is currently in alpha phase.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001841 }</pre>
1842</div>
1843
1844</body></html>