blob: 95ac18e68d27a87b56f555453bed5d6136c8260e [file] [log] [blame]
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -08001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -070075<h1><a href="iam_v1.html">Google Identity and Access Management (IAM) API</a> . <a href="iam_v1.projects.html">projects</a> . <a href="iam_v1.projects.serviceAccounts.html">serviceAccounts</a></h1>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080076<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="iam_v1.projects.serviceAccounts.keys.html">keys()</a></code>
79</p>
80<p class="firstline">Returns the keys Resource.</p>
81
82<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040083 <code><a href="#create">create(name=None, body, x__xgafv=None)</a></code></p>
84<p class="firstline">Creates a ServiceAccount</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080085<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040086 <code><a href="#delete">delete(name=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -070087<p class="firstline">Deletes a ServiceAccount.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080088<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040089 <code><a href="#get">get(name=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -070090<p class="firstline">Gets a ServiceAccount.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080091<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040092 <code><a href="#getIamPolicy">getIamPolicy(resource=None, x__xgafv=None)</a></code></p>
93<p class="firstline">Returns the IAM access control policy for a</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080094<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040095 <code><a href="#list">list(name=None, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -070096<p class="firstline">Lists ServiceAccounts for a project.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -080097<p class="toc_element">
98 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
99<p class="firstline">Retrieves the next page of results.</p>
100<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400101 <code><a href="#setIamPolicy">setIamPolicy(resource=None, body, x__xgafv=None)</a></code></p>
102<p class="firstline">Sets the IAM access control policy for a</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800103<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400104 <code><a href="#signBlob">signBlob(name=None, body, x__xgafv=None)</a></code></p>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700105<p class="firstline">Signs a blob using a service account's system-managed private key.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800106<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400107 <code><a href="#signJwt">signJwt(name=None, body, x__xgafv=None)</a></code></p>
108<p class="firstline">Signs a JWT using a service account's system-managed private key.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800109<p class="toc_element">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400110 <code><a href="#testIamPermissions">testIamPermissions(resource=None, body, x__xgafv=None)</a></code></p>
111<p class="firstline">Tests the specified permissions against the IAM access control policy</p>
112<p class="toc_element">
113 <code><a href="#update">update(name=None, body, x__xgafv=None)</a></code></p>
114<p class="firstline">Updates a ServiceAccount.</p>
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800115<h3>Method Details</h3>
116<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400117 <code class="details" id="create">create(name=None, body, x__xgafv=None)</code>
118 <pre>Creates a ServiceAccount
119and returns it.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800120
121Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400122 name: string, Required. The resource name of the project associated with the service
123accounts, such as `projects/my-project-123`. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800124 body: object, The request body. (required)
125 The object takes the form of:
126
127{ # The service account create request.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400128 "serviceAccount": { # A service account in the Identity and Access Management API. # The ServiceAccount resource to create.
129 # Currently, only the following values are user assignable:
130 # `display_name` .
131 #
132 # To create a service account, specify the `project_id` and the `account_id`
133 # for the account. The `account_id` is unique within the project, and is used
134 # to generate the service account email address and a stable
135 # `unique_id`.
136 #
137 # If the account already exists, the account's resource name is returned
138 # in util::Status's ResourceInfo.resource_name in the format of
139 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can
140 # use the name in other methods to access the account.
141 #
142 # All other methods can identify the service account using the format
143 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
144 # Using `-` as a wildcard for the project will infer the project from
145 # the account. The `account` value can be the `email` address or the
146 # `unique_id` of the service account.
147 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account.
148 # This is used in conjunction with the OAuth2 clientconfig API to make
149 # three legged OAuth2 (3LO) flows to access the data of Google users.
150 "displayName": "A String", # Optional. A user-specified description of the service account. Must be
151 # fewer than 100 UTF-8 bytes.
152 "name": "A String", # The resource name of the service account in the following format:
153 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
154 #
155 # Requests using `-` as a wildcard for the project will infer the project
156 # from the `account` and the `account` value can be the `email` address or
157 # the `unique_id` of the service account.
158 #
159 # In responses the resource name will always be in the format
160 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800161 "projectId": "A String", # @OutputOnly The id of the project that owns the service account.
162 "etag": "A String", # Used to perform a consistent read-modify-write.
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700163 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account.
164 "email": "A String", # @OutputOnly The email address of the service account.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800165 },
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400166 "accountId": "A String", # Required. The account id that is used to generate the service account
167 # email address and a stable unique id. It is unique within a project,
168 # must be 6-30 characters long, and match the regular expression
169 # `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800170 }
171
172 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400173 Allowed values
174 1 - v1 error format
175 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800176
177Returns:
178 An object of the form:
179
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400180 { # A service account in the Identity and Access Management API.
181 #
182 # To create a service account, specify the `project_id` and the `account_id`
183 # for the account. The `account_id` is unique within the project, and is used
184 # to generate the service account email address and a stable
185 # `unique_id`.
186 #
187 # If the account already exists, the account's resource name is returned
188 # in util::Status's ResourceInfo.resource_name in the format of
189 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can
190 # use the name in other methods to access the account.
191 #
192 # All other methods can identify the service account using the format
193 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
194 # Using `-` as a wildcard for the project will infer the project from
195 # the account. The `account` value can be the `email` address or the
196 # `unique_id` of the service account.
197 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account.
198 # This is used in conjunction with the OAuth2 clientconfig API to make
199 # three legged OAuth2 (3LO) flows to access the data of Google users.
200 "displayName": "A String", # Optional. A user-specified description of the service account. Must be
201 # fewer than 100 UTF-8 bytes.
202 "name": "A String", # The resource name of the service account in the following format:
203 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
204 #
205 # Requests using `-` as a wildcard for the project will infer the project
206 # from the `account` and the `account` value can be the `email` address or
207 # the `unique_id` of the service account.
208 #
209 # In responses the resource name will always be in the format
210 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800211 "projectId": "A String", # @OutputOnly The id of the project that owns the service account.
212 "etag": "A String", # Used to perform a consistent read-modify-write.
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700213 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account.
214 "email": "A String", # @OutputOnly The email address of the service account.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800215 }</pre>
216</div>
217
218<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400219 <code class="details" id="delete">delete(name=None, x__xgafv=None)</code>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700220 <pre>Deletes a ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800221
222Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400223 name: string, The resource name of the service account in the following format:
224`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
225Using `-` as a wildcard for the project will infer the project from
226the account. The `account` value can be the `email` address or the
227`unique_id` of the service account. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800228 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400229 Allowed values
230 1 - v1 error format
231 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800232
233Returns:
234 An object of the form:
235
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400236 { # A generic empty message that you can re-use to avoid defining duplicated
237 # empty messages in your APIs. A typical example is to use it as the request
238 # or the response type of an API method. For instance:
239 #
240 # service Foo {
241 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
242 # }
243 #
244 # The JSON representation for `Empty` is empty JSON object `{}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800245 }</pre>
246</div>
247
248<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400249 <code class="details" id="get">get(name=None, x__xgafv=None)</code>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700250 <pre>Gets a ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800251
252Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400253 name: string, The resource name of the service account in the following format:
254`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
255Using `-` as a wildcard for the project will infer the project from
256the account. The `account` value can be the `email` address or the
257`unique_id` of the service account. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800258 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400259 Allowed values
260 1 - v1 error format
261 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800262
263Returns:
264 An object of the form:
265
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400266 { # A service account in the Identity and Access Management API.
267 #
268 # To create a service account, specify the `project_id` and the `account_id`
269 # for the account. The `account_id` is unique within the project, and is used
270 # to generate the service account email address and a stable
271 # `unique_id`.
272 #
273 # If the account already exists, the account's resource name is returned
274 # in util::Status's ResourceInfo.resource_name in the format of
275 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can
276 # use the name in other methods to access the account.
277 #
278 # All other methods can identify the service account using the format
279 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
280 # Using `-` as a wildcard for the project will infer the project from
281 # the account. The `account` value can be the `email` address or the
282 # `unique_id` of the service account.
283 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account.
284 # This is used in conjunction with the OAuth2 clientconfig API to make
285 # three legged OAuth2 (3LO) flows to access the data of Google users.
286 "displayName": "A String", # Optional. A user-specified description of the service account. Must be
287 # fewer than 100 UTF-8 bytes.
288 "name": "A String", # The resource name of the service account in the following format:
289 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
290 #
291 # Requests using `-` as a wildcard for the project will infer the project
292 # from the `account` and the `account` value can be the `email` address or
293 # the `unique_id` of the service account.
294 #
295 # In responses the resource name will always be in the format
296 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800297 "projectId": "A String", # @OutputOnly The id of the project that owns the service account.
298 "etag": "A String", # Used to perform a consistent read-modify-write.
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700299 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account.
300 "email": "A String", # @OutputOnly The email address of the service account.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800301 }</pre>
302</div>
303
304<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400305 <code class="details" id="getIamPolicy">getIamPolicy(resource=None, x__xgafv=None)</code>
306 <pre>Returns the IAM access control policy for a
307ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800308
309Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400310 resource: string, REQUIRED: The resource for which the policy is being requested.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700311See the operation documentation for the appropriate value for this field. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800312 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400313 Allowed values
314 1 - v1 error format
315 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800316
317Returns:
318 An object of the form:
319
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400320 { # Defines an Identity and Access Management (IAM) policy. It is used to
321 # specify access control policies for Cloud Platform resources.
322 #
323 #
324 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
325 # `members` to a `role`, where the members can be user accounts, Google groups,
326 # Google domains, and service accounts. A `role` is a named list of permissions
327 # defined by IAM.
328 #
329 # **Example**
330 #
331 # {
332 # "bindings": [
333 # {
334 # "role": "roles/owner",
335 # "members": [
336 # "user:mike@example.com",
337 # "group:admins@example.com",
338 # "domain:google.com",
339 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
340 # ]
341 # },
342 # {
343 # "role": "roles/viewer",
344 # "members": ["user:sean@example.com"]
345 # }
346 # ]
347 # }
348 #
349 # For a description of IAM and its features, see the
350 # [IAM developer's guide](https://cloud.google.com/iam).
351 "bindings": [ # Associates a list of `members` to a `role`.
352 # Multiple `bindings` must not be specified for the same `role`.
353 # `bindings` with no members will result in an error.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800354 { # Associates `members` with a `role`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400355 "role": "A String", # Role that is assigned to `members`.
356 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
357 # Required
358 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
359 # `members` can have the following values:
360 #
361 # * `allUsers`: A special identifier that represents anyone who is
362 # on the internet; with or without a Google account.
363 #
364 # * `allAuthenticatedUsers`: A special identifier that represents anyone
365 # who is authenticated with a Google account or a service account.
366 #
367 # * `user:{emailid}`: An email address that represents a specific Google
368 # account. For example, `alice@gmail.com` or `joe@example.com`.
369 #
370 #
371 # * `serviceAccount:{emailid}`: An email address that represents a service
372 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
373 #
374 # * `group:{emailid}`: An email address that represents a Google group.
375 # For example, `admins@example.com`.
376 #
377 # * `domain:{domain}`: A Google Apps domain name that represents all the
378 # users of that domain. For example, `google.com` or `example.com`.
379 #
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800380 "A String",
381 ],
382 },
383 ],
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400384 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
385 # prevent simultaneous updates of a policy from overwriting each other.
386 # It is strongly suggested that systems make use of the `etag` in the
387 # read-modify-write cycle to perform policy updates in order to avoid race
388 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
389 # systems are expected to put that etag in the request to `setIamPolicy` to
390 # ensure that their change will be applied to the same version of the policy.
391 #
392 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
393 # policy is overwritten blindly.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800394 "version": 42, # Version of the `Policy`. The default version is 0.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800395 }</pre>
396</div>
397
398<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400399 <code class="details" id="list">list(name=None, pageToken=None, x__xgafv=None, pageSize=None)</code>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700400 <pre>Lists ServiceAccounts for a project.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800401
402Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400403 name: string, Required. The resource name of the project associated with the service
404accounts, such as `projects/my-project-123`. (required)
405 pageToken: string, Optional pagination token returned in an earlier
406ListServiceAccountsResponse.next_page_token.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800407 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400408 Allowed values
409 1 - v1 error format
410 2 - v2 error format
411 pageSize: integer, Optional limit on the number of service accounts to include in the
412response. Further accounts can subsequently be obtained by including the
413ListServiceAccountsResponse.next_page_token
414in a subsequent request.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800415
416Returns:
417 An object of the form:
418
419 { # The service account list response.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400420 "nextPageToken": "A String", # To retrieve the next page of results, set
421 # ListServiceAccountsRequest.page_token
422 # to this value.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800423 "accounts": [ # The list of matching service accounts.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400424 { # A service account in the Identity and Access Management API.
425 #
426 # To create a service account, specify the `project_id` and the `account_id`
427 # for the account. The `account_id` is unique within the project, and is used
428 # to generate the service account email address and a stable
429 # `unique_id`.
430 #
431 # If the account already exists, the account's resource name is returned
432 # in util::Status's ResourceInfo.resource_name in the format of
433 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can
434 # use the name in other methods to access the account.
435 #
436 # All other methods can identify the service account using the format
437 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
438 # Using `-` as a wildcard for the project will infer the project from
439 # the account. The `account` value can be the `email` address or the
440 # `unique_id` of the service account.
441 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account.
442 # This is used in conjunction with the OAuth2 clientconfig API to make
443 # three legged OAuth2 (3LO) flows to access the data of Google users.
444 "displayName": "A String", # Optional. A user-specified description of the service account. Must be
445 # fewer than 100 UTF-8 bytes.
446 "name": "A String", # The resource name of the service account in the following format:
447 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
448 #
449 # Requests using `-` as a wildcard for the project will infer the project
450 # from the `account` and the `account` value can be the `email` address or
451 # the `unique_id` of the service account.
452 #
453 # In responses the resource name will always be in the format
454 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800455 "projectId": "A String", # @OutputOnly The id of the project that owns the service account.
456 "etag": "A String", # Used to perform a consistent read-modify-write.
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700457 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account.
458 "email": "A String", # @OutputOnly The email address of the service account.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800459 },
460 ],
461 }</pre>
462</div>
463
464<div class="method">
465 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
466 <pre>Retrieves the next page of results.
467
468Args:
469 previous_request: The request for the previous page. (required)
470 previous_response: The response from the request for the previous page. (required)
471
472Returns:
473 A request object that you can call 'execute()' on to request the next
474 page. Returns None if there are no more items in the collection.
475 </pre>
476</div>
477
478<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400479 <code class="details" id="setIamPolicy">setIamPolicy(resource=None, body, x__xgafv=None)</code>
480 <pre>Sets the IAM access control policy for a
481ServiceAccount.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800482
483Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400484 resource: string, REQUIRED: The resource for which the policy is being specified.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700485See the operation documentation for the appropriate value for this field. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800486 body: object, The request body. (required)
487 The object takes the form of:
488
489{ # Request message for `SetIamPolicy` method.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400490 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
491 # the policy is limited to a few 10s of KB. An empty policy is a
492 # valid policy but certain Cloud Platform services (such as Projects)
493 # might reject them.
494 # specify access control policies for Cloud Platform resources.
495 #
496 #
497 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
498 # `members` to a `role`, where the members can be user accounts, Google groups,
499 # Google domains, and service accounts. A `role` is a named list of permissions
500 # defined by IAM.
501 #
502 # **Example**
503 #
504 # {
505 # "bindings": [
506 # {
507 # "role": "roles/owner",
508 # "members": [
509 # "user:mike@example.com",
510 # "group:admins@example.com",
511 # "domain:google.com",
512 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
513 # ]
514 # },
515 # {
516 # "role": "roles/viewer",
517 # "members": ["user:sean@example.com"]
518 # }
519 # ]
520 # }
521 #
522 # For a description of IAM and its features, see the
523 # [IAM developer's guide](https://cloud.google.com/iam).
524 "bindings": [ # Associates a list of `members` to a `role`.
525 # Multiple `bindings` must not be specified for the same `role`.
526 # `bindings` with no members will result in an error.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800527 { # Associates `members` with a `role`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400528 "role": "A String", # Role that is assigned to `members`.
529 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
530 # Required
531 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
532 # `members` can have the following values:
533 #
534 # * `allUsers`: A special identifier that represents anyone who is
535 # on the internet; with or without a Google account.
536 #
537 # * `allAuthenticatedUsers`: A special identifier that represents anyone
538 # who is authenticated with a Google account or a service account.
539 #
540 # * `user:{emailid}`: An email address that represents a specific Google
541 # account. For example, `alice@gmail.com` or `joe@example.com`.
542 #
543 #
544 # * `serviceAccount:{emailid}`: An email address that represents a service
545 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
546 #
547 # * `group:{emailid}`: An email address that represents a Google group.
548 # For example, `admins@example.com`.
549 #
550 # * `domain:{domain}`: A Google Apps domain name that represents all the
551 # users of that domain. For example, `google.com` or `example.com`.
552 #
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800553 "A String",
554 ],
555 },
556 ],
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400557 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
558 # prevent simultaneous updates of a policy from overwriting each other.
559 # It is strongly suggested that systems make use of the `etag` in the
560 # read-modify-write cycle to perform policy updates in order to avoid race
561 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
562 # systems are expected to put that etag in the request to `setIamPolicy` to
563 # ensure that their change will be applied to the same version of the policy.
564 #
565 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
566 # policy is overwritten blindly.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800567 "version": 42, # Version of the `Policy`. The default version is 0.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800568 },
569 }
570
571 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400572 Allowed values
573 1 - v1 error format
574 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800575
576Returns:
577 An object of the form:
578
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400579 { # Defines an Identity and Access Management (IAM) policy. It is used to
580 # specify access control policies for Cloud Platform resources.
581 #
582 #
583 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
584 # `members` to a `role`, where the members can be user accounts, Google groups,
585 # Google domains, and service accounts. A `role` is a named list of permissions
586 # defined by IAM.
587 #
588 # **Example**
589 #
590 # {
591 # "bindings": [
592 # {
593 # "role": "roles/owner",
594 # "members": [
595 # "user:mike@example.com",
596 # "group:admins@example.com",
597 # "domain:google.com",
598 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
599 # ]
600 # },
601 # {
602 # "role": "roles/viewer",
603 # "members": ["user:sean@example.com"]
604 # }
605 # ]
606 # }
607 #
608 # For a description of IAM and its features, see the
609 # [IAM developer's guide](https://cloud.google.com/iam).
610 "bindings": [ # Associates a list of `members` to a `role`.
611 # Multiple `bindings` must not be specified for the same `role`.
612 # `bindings` with no members will result in an error.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800613 { # Associates `members` with a `role`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400614 "role": "A String", # Role that is assigned to `members`.
615 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
616 # Required
617 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
618 # `members` can have the following values:
619 #
620 # * `allUsers`: A special identifier that represents anyone who is
621 # on the internet; with or without a Google account.
622 #
623 # * `allAuthenticatedUsers`: A special identifier that represents anyone
624 # who is authenticated with a Google account or a service account.
625 #
626 # * `user:{emailid}`: An email address that represents a specific Google
627 # account. For example, `alice@gmail.com` or `joe@example.com`.
628 #
629 #
630 # * `serviceAccount:{emailid}`: An email address that represents a service
631 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
632 #
633 # * `group:{emailid}`: An email address that represents a Google group.
634 # For example, `admins@example.com`.
635 #
636 # * `domain:{domain}`: A Google Apps domain name that represents all the
637 # users of that domain. For example, `google.com` or `example.com`.
638 #
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800639 "A String",
640 ],
641 },
642 ],
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400643 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
644 # prevent simultaneous updates of a policy from overwriting each other.
645 # It is strongly suggested that systems make use of the `etag` in the
646 # read-modify-write cycle to perform policy updates in order to avoid race
647 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
648 # systems are expected to put that etag in the request to `setIamPolicy` to
649 # ensure that their change will be applied to the same version of the policy.
650 #
651 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
652 # policy is overwritten blindly.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800653 "version": 42, # Version of the `Policy`. The default version is 0.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800654 }</pre>
655</div>
656
657<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400658 <code class="details" id="signBlob">signBlob(name=None, body, x__xgafv=None)</code>
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700659 <pre>Signs a blob using a service account's system-managed private key.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800660
661Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400662 name: string, The resource name of the service account in the following format:
663`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
664Using `-` as a wildcard for the project will infer the project from
665the account. The `account` value can be the `email` address or the
666`unique_id` of the service account. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800667 body: object, The request body. (required)
668 The object takes the form of:
669
670{ # The service account sign blob request.
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700671 "bytesToSign": "A String", # The bytes to sign.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800672 }
673
674 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400675 Allowed values
676 1 - v1 error format
677 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800678
679Returns:
680 An object of the form:
681
682 { # The service account sign blob response.
683 "keyId": "A String", # The id of the key used to sign the blob.
684 "signature": "A String", # The signed blob.
685 }</pre>
686</div>
687
688<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400689 <code class="details" id="signJwt">signJwt(name=None, body, x__xgafv=None)</code>
690 <pre>Signs a JWT using a service account's system-managed private key.
691
692If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an
693an expiry time of one hour by default. If you request an expiry time of
694more than one hour, the request will fail.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800695
696Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400697 name: string, The resource name of the service account in the following format:
698`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
699Using `-` as a wildcard for the project will infer the project from
700the account. The `account` value can be the `email` address or the
701`unique_id` of the service account. (required)
702 body: object, The request body. (required)
703 The object takes the form of:
704
705{ # The service account sign JWT request.
706 "payload": "A String", # The JWT payload to sign, a JSON JWT Claim set.
707 }
708
709 x__xgafv: string, V1 error format.
710 Allowed values
711 1 - v1 error format
712 2 - v2 error format
713
714Returns:
715 An object of the form:
716
717 { # The service account sign JWT response.
718 "keyId": "A String", # The id of the key used to sign the JWT.
719 "signedJwt": "A String", # The signed JWT.
720 }</pre>
721</div>
722
723<div class="method">
724 <code class="details" id="testIamPermissions">testIamPermissions(resource=None, body, x__xgafv=None)</code>
725 <pre>Tests the specified permissions against the IAM access control policy
726for a ServiceAccount.
727
728Args:
729 resource: string, REQUIRED: The resource for which the policy detail is being requested.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700730See the operation documentation for the appropriate value for this field. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800731 body: object, The request body. (required)
732 The object takes the form of:
733
734{ # Request message for `TestIamPermissions` method.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400735 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
736 # wildcards (such as '*' or 'storage.*') are not allowed. For more
737 # information see
738 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800739 "A String",
740 ],
741 }
742
743 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400744 Allowed values
745 1 - v1 error format
746 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800747
748Returns:
749 An object of the form:
750
751 { # Response message for `TestIamPermissions` method.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400752 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
753 # allowed.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800754 "A String",
755 ],
756 }</pre>
757</div>
758
759<div class="method">
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400760 <code class="details" id="update">update(name=None, body, x__xgafv=None)</code>
761 <pre>Updates a ServiceAccount.
762
763Currently, only the following fields are updatable:
764`display_name` .
765The `etag` is mandatory.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800766
767Args:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400768 name: string, The resource name of the service account in the following format:
769`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
770
771Requests using `-` as a wildcard for the project will infer the project
772from the `account` and the `account` value can be the `email` address or
773the `unique_id` of the service account.
774
775In responses the resource name will always be in the format
776`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. (required)
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800777 body: object, The request body. (required)
778 The object takes the form of:
779
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400780{ # A service account in the Identity and Access Management API.
781 #
782 # To create a service account, specify the `project_id` and the `account_id`
783 # for the account. The `account_id` is unique within the project, and is used
784 # to generate the service account email address and a stable
785 # `unique_id`.
786 #
787 # If the account already exists, the account's resource name is returned
788 # in util::Status's ResourceInfo.resource_name in the format of
789 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can
790 # use the name in other methods to access the account.
791 #
792 # All other methods can identify the service account using the format
793 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
794 # Using `-` as a wildcard for the project will infer the project from
795 # the account. The `account` value can be the `email` address or the
796 # `unique_id` of the service account.
797 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account.
798 # This is used in conjunction with the OAuth2 clientconfig API to make
799 # three legged OAuth2 (3LO) flows to access the data of Google users.
800 "displayName": "A String", # Optional. A user-specified description of the service account. Must be
801 # fewer than 100 UTF-8 bytes.
802 "name": "A String", # The resource name of the service account in the following format:
803 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
804 #
805 # Requests using `-` as a wildcard for the project will infer the project
806 # from the `account` and the `account` value can be the `email` address or
807 # the `unique_id` of the service account.
808 #
809 # In responses the resource name will always be in the format
810 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800811 "projectId": "A String", # @OutputOnly The id of the project that owns the service account.
812 "etag": "A String", # Used to perform a consistent read-modify-write.
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700813 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account.
814 "email": "A String", # @OutputOnly The email address of the service account.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800815}
816
817 x__xgafv: string, V1 error format.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400818 Allowed values
819 1 - v1 error format
820 2 - v2 error format
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800821
822Returns:
823 An object of the form:
824
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400825 { # A service account in the Identity and Access Management API.
826 #
827 # To create a service account, specify the `project_id` and the `account_id`
828 # for the account. The `account_id` is unique within the project, and is used
829 # to generate the service account email address and a stable
830 # `unique_id`.
831 #
832 # If the account already exists, the account's resource name is returned
833 # in util::Status's ResourceInfo.resource_name in the format of
834 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can
835 # use the name in other methods to access the account.
836 #
837 # All other methods can identify the service account using the format
838 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
839 # Using `-` as a wildcard for the project will infer the project from
840 # the account. The `account` value can be the `email` address or the
841 # `unique_id` of the service account.
842 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account.
843 # This is used in conjunction with the OAuth2 clientconfig API to make
844 # three legged OAuth2 (3LO) flows to access the data of Google users.
845 "displayName": "A String", # Optional. A user-specified description of the service account. Must be
846 # fewer than 100 UTF-8 bytes.
847 "name": "A String", # The resource name of the service account in the following format:
848 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
849 #
850 # Requests using `-` as a wildcard for the project will infer the project
851 # from the `account` and the `account` value can be the `email` address or
852 # the `unique_id` of the service account.
853 #
854 # In responses the resource name will always be in the format
855 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800856 "projectId": "A String", # @OutputOnly The id of the project that owns the service account.
857 "etag": "A String", # Used to perform a consistent read-modify-write.
Sai Cheemalapatiea3a5e12016-10-12 14:05:53 -0700858 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account.
859 "email": "A String", # @OutputOnly The email address of the service account.
Jon Wayne Parrott36e41bc2016-02-19 16:02:29 -0800860 }</pre>
861</div>
862
863</body></html>