Identity and Access Management (IAM) API: projects. Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. See: https://cloud.google.com/iam/api/reference/rest/v1/projects
Identity and Access Management (IAM) API: projects. Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. See: https://cloud.google.com/iam/api/reference/rest/v1/projects
(roles-create$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/create
Required parameters: parent
Optional parameters: none
Body:
{:roleId string, :role {:title string, :includedPermissions [string], :description string, :etag string, :stage string, :name string, :deleted boolean}}
Creates a new Role.
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/create Required parameters: parent Optional parameters: none Body: {:roleId string, :role {:title string, :includedPermissions [string], :description string, :etag string, :stage string, :name string, :deleted boolean}} Creates a new Role.
(roles-delete$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/delete
Required parameters: name
Optional parameters: etag
Soft deletes a role. The role is suspended and cannot be used to create new
IAM Policy Bindings.
The Role will not be included in ListRoles()
unless show_deleted
is set
in the ListRolesRequest
. The Role contains the deleted boolean set.
Existing Bindings remains, but are inactive. The Role can be undeleted
within 7 days. After 7 days the Role is deleted and all Bindings associated
with the role are removed.
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/delete Required parameters: name Optional parameters: etag Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in `ListRoles()` unless `show_deleted` is set in the `ListRolesRequest`. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.
(roles-get$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/get
Required parameters: name
Optional parameters: none Gets a Role definition.
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/get Required parameters: name Optional parameters: none Gets a Role definition.
(roles-list$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/list
Required parameters: parent
Optional parameters: showDeleted, pageToken, pageSize, view Lists the Roles defined on a resource.
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/list Required parameters: parent Optional parameters: showDeleted, pageToken, pageSize, view Lists the Roles defined on a resource.
(roles-patch$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/patch
Required parameters: name
Optional parameters: updateMask
Body:
{:title string, :includedPermissions [string], :description string, :etag string, :stage string, :name string, :deleted boolean}
Updates a Role definition.
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/patch Required parameters: name Optional parameters: updateMask Body: {:title string, :includedPermissions [string], :description string, :etag string, :stage string, :name string, :deleted boolean} Updates a Role definition.
(roles-undelete$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/undelete
Required parameters: name
Optional parameters: none
Body:
{:etag string}
Undelete a Role, bringing it back in its previous state.
https://cloud.google.com/iam/api/reference/rest/v1/projects/roles/undelete Required parameters: name Optional parameters: none Body: {:etag string} Undelete a Role, bringing it back in its previous state.
(serviceAccounts-create$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/create
Required parameters: name
Optional parameters: none
Body:
{:accountId string, :serviceAccount {:description string, :oauth2ClientId string, :email string, :disabled boolean, :displayName string, :name string, :etag string, :uniqueId string, :projectId string}}
Creates a ServiceAccount and returns it.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/create Required parameters: name Optional parameters: none Body: {:accountId string, :serviceAccount {:description string, :oauth2ClientId string, :email string, :disabled boolean, :displayName string, :name string, :etag string, :uniqueId string, :projectId string}} Creates a ServiceAccount and returns it.
(serviceAccounts-delete$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/delete
Required parameters: name
Optional parameters: none Deletes a ServiceAccount.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/delete Required parameters: name Optional parameters: none Deletes a ServiceAccount.
(serviceAccounts-disable$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/disable
Required parameters: name
Optional parameters: none
Body:
{}
DisableServiceAccount is currently in the alpha launch stage.
Disables a ServiceAccount, which immediately prevents the service account from authenticating and gaining access to APIs.
Disabled service accounts can be safely restored by using EnableServiceAccount at any point. Deleted service accounts cannot be restored using this method.
Disabling a service account that is bound to VMs, Apps, Functions, or other jobs will cause those jobs to lose access to resources if they are using the disabled service account.
To improve reliability of your services and avoid unexpected outages, it is recommended to first disable a service account rather than delete it. After disabling the service account, wait at least 24 hours to verify there are no unintended consequences, and then delete the service account.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/disable Required parameters: name Optional parameters: none Body: {} DisableServiceAccount is currently in the alpha launch stage. Disables a ServiceAccount, which immediately prevents the service account from authenticating and gaining access to APIs. Disabled service accounts can be safely restored by using EnableServiceAccount at any point. Deleted service accounts cannot be restored using this method. Disabling a service account that is bound to VMs, Apps, Functions, or other jobs will cause those jobs to lose access to resources if they are using the disabled service account. To improve reliability of your services and avoid unexpected outages, it is recommended to first disable a service account rather than delete it. After disabling the service account, wait at least 24 hours to verify there are no unintended consequences, and then delete the service account.
(serviceAccounts-enable$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/enable
Required parameters: name
Optional parameters: none
Body:
{}
EnableServiceAccount is currently in the alpha launch stage.
Restores a disabled ServiceAccount that has been manually disabled by using DisableServiceAccount. Service accounts that have been disabled by other means or for other reasons, such as abuse, cannot be restored using this method.
EnableServiceAccount will have no effect on a service account that is not disabled. Enabling an already enabled service account will have no effect.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/enable Required parameters: name Optional parameters: none Body: {} EnableServiceAccount is currently in the alpha launch stage. Restores a disabled ServiceAccount that has been manually disabled by using DisableServiceAccount. Service accounts that have been disabled by other means or for other reasons, such as abuse, cannot be restored using this method. EnableServiceAccount will have no effect on a service account that is not disabled. Enabling an already enabled service account will have no effect.
(serviceAccounts-get$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/get
Required parameters: name
Optional parameters: none Gets a ServiceAccount.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/get Required parameters: name Optional parameters: none Gets a ServiceAccount.
(serviceAccounts-getIamPolicy$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/getIamPolicy
Required parameters: resource
Optional parameters: options.requestedPolicyVersion Returns the Cloud IAM access control policy for a ServiceAccount.
Note: Service accounts are both resources and identities. This method treats the service account as a resource. It returns the Cloud IAM policy that reflects what members have access to the service account.
This method does not return what resources the service account has access
to. To see if a service account has access to a resource, call the
getIamPolicy
method on the target resource. For example, to view grants
for a project, call the
projects.getIamPolicy
method.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/getIamPolicy Required parameters: resource Optional parameters: options.requestedPolicyVersion Returns the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both [resources and identities](/iam/docs/service-accounts#service_account_permissions). This method treats the service account as a resource. It returns the Cloud IAM policy that reflects what members have access to the service account. This method does not return what resources the service account has access to. To see if a service account has access to a resource, call the `getIamPolicy` method on the target resource. For example, to view grants for a project, call the [projects.getIamPolicy](/resource-manager/reference/rest/v1/projects/getIamPolicy) method.
(serviceAccounts-keys-create$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/create
Required parameters: name
Optional parameters: none
Body:
{:keyAlgorithm string, :privateKeyType string}
Creates a ServiceAccountKey and returns it.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/create Required parameters: name Optional parameters: none Body: {:keyAlgorithm string, :privateKeyType string} Creates a ServiceAccountKey and returns it.
(serviceAccounts-keys-delete$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/delete
Required parameters: name
Optional parameters: none Deletes a ServiceAccountKey.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/delete Required parameters: name Optional parameters: none Deletes a ServiceAccountKey.
(serviceAccounts-keys-get$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/get
Required parameters: name
Optional parameters: publicKeyType Gets the ServiceAccountKey by key id.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/get Required parameters: name Optional parameters: publicKeyType Gets the ServiceAccountKey by key id.
(serviceAccounts-keys-list$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/list
Required parameters: name
Optional parameters: keyTypes Lists ServiceAccountKeys.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/list Required parameters: name Optional parameters: keyTypes Lists ServiceAccountKeys.
(serviceAccounts-keys-upload$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/upload
Required parameters: name
Optional parameters: none
Body:
{:publicKeyData string}
Upload public key for a given service account. This rpc will create a ServiceAccountKey that has the provided public key and returns it.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/keys/upload Required parameters: name Optional parameters: none Body: {:publicKeyData string} Upload public key for a given service account. This rpc will create a ServiceAccountKey that has the provided public key and returns it.
(serviceAccounts-list$ auth args)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/list
Required parameters: name
Optional parameters: pageSize, pageToken Lists ServiceAccounts for a project.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/list Required parameters: name Optional parameters: pageSize, pageToken Lists ServiceAccounts for a project.
(serviceAccounts-patch$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/patch
Required parameters: name
Optional parameters: none
Body:
{:serviceAccount {:description string, :oauth2ClientId string, :email string, :disabled boolean, :displayName string, :name string, :etag string, :uniqueId string, :projectId string}, :updateMask string}
Patches a ServiceAccount.
Currently, only the following fields are updatable:
display_name
and description
.
Only fields specified in the request are guaranteed to be returned in the response. Other fields in the response may be empty.
Note: The field mask is required.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/patch Required parameters: name Optional parameters: none Body: {:serviceAccount {:description string, :oauth2ClientId string, :email string, :disabled boolean, :displayName string, :name string, :etag string, :uniqueId string, :projectId string}, :updateMask string} Patches a ServiceAccount. Currently, only the following fields are updatable: `display_name` and `description`. Only fields specified in the request are guaranteed to be returned in the response. Other fields in the response may be empty. Note: The field mask is required.
(serviceAccounts-setIamPolicy$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/setIamPolicy
Required parameters: resource
Optional parameters: none
Body:
{:policy {:etag string, :version integer, :auditConfigs [AuditConfig], :bindings [Binding]}, :updateMask string}
Sets the Cloud IAM access control policy for a ServiceAccount.
Note: Service accounts are both resources and identities. This method treats the service account as a resource. Use it to grant members access to the service account, such as when they need to impersonate it.
This method does not grant the service account access to other resources,
such as projects. To grant a service account access to resources, include
the service account in the Cloud IAM policy for the desired resource, then
call the appropriate setIamPolicy
method on the target resource. For
example, to grant a service account access to a project, call the
projects.setIamPolicy
method.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/setIamPolicy Required parameters: resource Optional parameters: none Body: {:policy {:etag string, :version integer, :auditConfigs [AuditConfig], :bindings [Binding]}, :updateMask string} Sets the Cloud IAM access control policy for a ServiceAccount. Note: Service accounts are both [resources and identities](/iam/docs/service-accounts#service_account_permissions). This method treats the service account as a resource. Use it to grant members access to the service account, such as when they need to impersonate it. This method does not grant the service account access to other resources, such as projects. To grant a service account access to resources, include the service account in the Cloud IAM policy for the desired resource, then call the appropriate `setIamPolicy` method on the target resource. For example, to grant a service account access to a project, call the [projects.setIamPolicy](/resource-manager/reference/rest/v1/projects/setIamPolicy) method.
(serviceAccounts-signBlob$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/signBlob
Required parameters: name
Optional parameters: none
Body:
{:bytesToSign string}
Note: This method is in the process of being deprecated. Call the
signBlob()
method of the Cloud IAM Service Account Credentials API instead.
Signs a blob using a service account's system-managed private key.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/signBlob Required parameters: name Optional parameters: none Body: {:bytesToSign string} **Note**: This method is in the process of being deprecated. Call the [`signBlob()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/signBlob) method of the Cloud IAM Service Account Credentials API instead. Signs a blob using a service account's system-managed private key.
(serviceAccounts-signJwt$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/signJwt
Required parameters: name
Optional parameters: none
Body:
{:payload string}
Note: This method is in the process of being deprecated. Call the
signJwt()
method of the Cloud IAM Service Account Credentials API instead.
Signs a JWT using a service account's system-managed private key.
If no expiry time (exp
) is provided in the SignJwtRequest
, IAM sets an
an expiry time of one hour by default. If you request an expiry time of
more than one hour, the request will fail.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/signJwt Required parameters: name Optional parameters: none Body: {:payload string} **Note**: This method is in the process of being deprecated. Call the [`signJwt()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/signJwt) method of the Cloud IAM Service Account Credentials API instead. Signs a JWT using a service account's system-managed private key. If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an an expiry time of one hour by default. If you request an expiry time of more than one hour, the request will fail.
(serviceAccounts-testIamPermissions$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/testIamPermissions
Required parameters: resource
Optional parameters: none
Body:
{:permissions [string]}
Tests the specified permissions against the IAM access control policy for a ServiceAccount.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/testIamPermissions Required parameters: resource Optional parameters: none Body: {:permissions [string]} Tests the specified permissions against the IAM access control policy for a ServiceAccount.
(serviceAccounts-undelete$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/undelete
Required parameters: name
Optional parameters: none
Body:
{}
Restores a deleted ServiceAccount. This is to be used as an action of last resort. A service account may not always be restorable.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/undelete Required parameters: name Optional parameters: none Body: {} Restores a deleted ServiceAccount. This is to be used as an action of last resort. A service account may not always be restorable.
(serviceAccounts-update$ auth args body)
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/update
Required parameters: name
Optional parameters: none
Body:
{:description string, :oauth2ClientId string, :email string, :disabled boolean, :displayName string, :name string, :etag string, :uniqueId string, :projectId string}
Note: This method is in the process of being deprecated. Use PatchServiceAccount instead.
Updates a ServiceAccount.
Currently, only the following fields are updatable:
display_name
and description
.
https://cloud.google.com/iam/api/reference/rest/v1/projects/serviceAccounts/update Required parameters: name Optional parameters: none Body: {:description string, :oauth2ClientId string, :email string, :disabled boolean, :displayName string, :name string, :etag string, :uniqueId string, :projectId string} Note: This method is in the process of being deprecated. Use PatchServiceAccount instead. Updates a ServiceAccount. Currently, only the following fields are updatable: `display_name` and `description`.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close