package admin
import "cloud.google.com/go/iam/admin/apiv1"
Package admin is an auto-generated package for the Identity and Access Management (IAM) API.
Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.
General documentation
For information that is relevant for all client libraries please reference https://pkg.go.dev/cloud.google.com/go#pkg-overview. Some information on this page includes:
- Authentication and Authorization
- Timeouts and Cancellation
- Testing against Client Libraries
- Debugging Client Libraries
- Inspecting errors
Example usage
To get started with this package, create a client.
// go get cloud.google.com/go/iam/admin/apiv1@latest
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
The client will use your default application credentials. Clients should be reused instead of created as needed. The methods of Client are safe for concurrent use by multiple goroutines. The returned client must be Closed when it is done being used.
Using the Client
The following is an example of making an API call with the newly created client, mentioned above.
req := &adminpb.CreateRoleRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#CreateRoleRequest.
}
resp, err := c.CreateRole(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
Use of Context
The ctx passed to NewIamClient is used for authentication requests and for creating the underlying connection, but is not used for subsequent calls. Individual methods on the client use the ctx given to them.
To close the open connection, use the Close() method.
Index ¶
- func DefaultAuthScopes() []string
- func IamKeyPath(project, serviceAccount, key string) string
- func IamProjectPath(project string) string
- func IamServiceAccountPath(project, serviceAccount string) string
- type IamCallOptions
- type IamClient
- func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error)
- func (c *IamClient) Close() error
- func (c *IamClient) Connection() *grpc.ClientConn
- func (c *IamClient) CreateRole(ctx context.Context, req *adminpb.CreateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
- func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
- func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)
- func (c *IamClient) DeleteRole(ctx context.Context, req *adminpb.DeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
- func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error
- func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error
- func (c *IamClient) DisableServiceAccount(ctx context.Context, req *adminpb.DisableServiceAccountRequest, opts ...gax.CallOption) error
- func (c *IamClient) DisableServiceAccountKey(ctx context.Context, req *adminpb.DisableServiceAccountKeyRequest, opts ...gax.CallOption) error
- func (c *IamClient) EnableServiceAccount(ctx context.Context, req *adminpb.EnableServiceAccountRequest, opts ...gax.CallOption) error
- func (c *IamClient) EnableServiceAccountKey(ctx context.Context, req *adminpb.EnableServiceAccountKeyRequest, opts ...gax.CallOption) error
- func (c *IamClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest) (*iam.Policy, error)
- func (c *IamClient) GetRole(ctx context.Context, req *adminpb.GetRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
- func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
- func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)
- func (c *IamClient) LintPolicy(ctx context.Context, req *adminpb.LintPolicyRequest, opts ...gax.CallOption) (*adminpb.LintPolicyResponse, error)
- func (c *IamClient) ListRoles(ctx context.Context, req *adminpb.ListRolesRequest, opts ...gax.CallOption) (*adminpb.ListRolesResponse, error)
- func (c *IamClient) ListRolesIter(ctx context.Context, req *adminpb.ListRolesRequest, opts ...gax.CallOption) *RoleIterator
- func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error)
- func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator
- func (c *IamClient) PatchServiceAccount(ctx context.Context, req *adminpb.PatchServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
- func (c *IamClient) QueryAuditableServices(ctx context.Context, req *adminpb.QueryAuditableServicesRequest, opts ...gax.CallOption) (*adminpb.QueryAuditableServicesResponse, error)
- func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error)
- func (c *IamClient) QueryGrantableRolesIter(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) *RoleIterator
- func (c *IamClient) QueryTestablePermissions(ctx context.Context, req *adminpb.QueryTestablePermissionsRequest, opts ...gax.CallOption) (*adminpb.QueryTestablePermissionsResponse, error)
- func (c *IamClient) QueryTestablePermissionsIter(ctx context.Context, req *adminpb.QueryTestablePermissionsRequest, opts ...gax.CallOption) *PermissionIterator
- func (c *IamClient) SetIamPolicy(ctx context.Context, req *SetIamPolicyRequest) (*iam.Policy, error)
- func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error)
- func (c *IamClient) SignJwt(ctx context.Context, req *adminpb.SignJwtRequest, opts ...gax.CallOption) (*adminpb.SignJwtResponse, error)
- func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error)
- func (c *IamClient) UndeleteRole(ctx context.Context, req *adminpb.UndeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
- func (c *IamClient) UndeleteServiceAccount(ctx context.Context, req *adminpb.UndeleteServiceAccountRequest, opts ...gax.CallOption) (*adminpb.UndeleteServiceAccountResponse, error)
- func (c *IamClient) UpdateRole(ctx context.Context, req *adminpb.UpdateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
- func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
- func (c *IamClient) UploadServiceAccountKey(ctx context.Context, req *adminpb.UploadServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)
- type PermissionIterator
- func (it *PermissionIterator) All() iter.Seq2[*adminpb.Permission, error]
- func (it *PermissionIterator) Next() (*adminpb.Permission, error)
- func (it *PermissionIterator) PageInfo() *iterator.PageInfo
- type RoleIterator
- func (it *RoleIterator) All() iter.Seq2[*adminpb.Role, error]
- func (it *RoleIterator) Next() (*adminpb.Role, error)
- func (it *RoleIterator) PageInfo() *iterator.PageInfo
- type ServiceAccountIterator
- func (it *ServiceAccountIterator) All() iter.Seq2[*adminpb.ServiceAccount, error]
- func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error)
- func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo
- type SetIamPolicyRequest
Examples ¶
- IamClient.CreateRole
- IamClient.CreateServiceAccount
- IamClient.CreateServiceAccountKey
- IamClient.DeleteRole
- IamClient.DeleteServiceAccount
- IamClient.DeleteServiceAccountKey
- IamClient.DisableServiceAccount
- IamClient.DisableServiceAccountKey
- IamClient.EnableServiceAccount
- IamClient.EnableServiceAccountKey
- IamClient.GetIamPolicy
- IamClient.GetRole
- IamClient.GetServiceAccount
- IamClient.GetServiceAccountKey
- IamClient.LintPolicy
- IamClient.ListRolesIter
- IamClient.ListRolesIter (All)
- IamClient.ListServiceAccountKeys
- IamClient.ListServiceAccounts
- IamClient.ListServiceAccounts (All)
- IamClient.PatchServiceAccount
- IamClient.QueryAuditableServices
- IamClient.QueryGrantableRolesIter
- IamClient.QueryGrantableRolesIter (All)
- IamClient.QueryTestablePermissionsIter
- IamClient.QueryTestablePermissionsIter (All)
- IamClient.SignBlob
- IamClient.SignJwt
- IamClient.TestIamPermissions
- IamClient.UndeleteRole
- IamClient.UndeleteServiceAccount
- IamClient.UpdateRole
- IamClient.UpdateServiceAccount
- IamClient.UploadServiceAccountKey
- NewIamClient
Functions ¶
func DefaultAuthScopes ¶
func DefaultAuthScopes() []string
DefaultAuthScopes reports the default set of authentication scopes to use with this package.
func IamKeyPath ¶
IamKeyPath returns the path for the key resource.
func IamProjectPath ¶
IamProjectPath returns the path for the project resource.
func IamServiceAccountPath ¶
IamServiceAccountPath returns the path for the service account resource.
Types ¶
type IamCallOptions ¶
type IamCallOptions struct {
ListServiceAccounts []gax.CallOption
GetServiceAccount []gax.CallOption
CreateServiceAccount []gax.CallOption
UpdateServiceAccount []gax.CallOption
PatchServiceAccount []gax.CallOption
DeleteServiceAccount []gax.CallOption
UndeleteServiceAccount []gax.CallOption
EnableServiceAccount []gax.CallOption
DisableServiceAccount []gax.CallOption
ListServiceAccountKeys []gax.CallOption
GetServiceAccountKey []gax.CallOption
CreateServiceAccountKey []gax.CallOption
UploadServiceAccountKey []gax.CallOption
DeleteServiceAccountKey []gax.CallOption
DisableServiceAccountKey []gax.CallOption
EnableServiceAccountKey []gax.CallOption
SignBlob []gax.CallOption
SignJwt []gax.CallOption
GetIamPolicy []gax.CallOption
SetIamPolicy []gax.CallOption
TestIamPermissions []gax.CallOption
QueryGrantableRoles []gax.CallOption
ListRoles []gax.CallOption
GetRole []gax.CallOption
CreateRole []gax.CallOption
UpdateRole []gax.CallOption
DeleteRole []gax.CallOption
UndeleteRole []gax.CallOption
QueryTestablePermissions []gax.CallOption
QueryAuditableServices []gax.CallOption
LintPolicy []gax.CallOption
}
IamCallOptions contains the retry settings for each method of IamClient.
type IamClient ¶
type IamClient struct {
// The call options for this service.
CallOptions *IamCallOptions
// contains filtered or unexported fields
}
IamClient is a client for interacting with Identity and Access Management (IAM) API. Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
Creates and manages Identity and Access Management (IAM) resources.
You can use this service to work with all of the following resources:
Service accounts, which identify an application or a virtual machine (VM) instance rather than a person Service account keys, which service accounts use to authenticate with Google APIs IAM policies for service accounts, which specify the roles that a principal has for the service account IAM custom roles, which help you limit the number of permissions that you grant to principals
In addition, you can use this service to complete the following tasks, among others:
Test whether a service account can use specific permissions Check which roles you can grant for a specific resource Lint, or validate, condition expressions in an IAM policy
When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.
In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.
func NewIamClient ¶
NewIamClient creates a new iam client based on gRPC. The returned client must be Closed when it is done being used to clean up its underlying connections.
Creates and manages Identity and Access Management (IAM) resources.
You can use this service to work with all of the following resources:
Service accounts, which identify an application or a virtual machine (VM) instance rather than a person Service account keys, which service accounts use to authenticate with Google APIs IAM policies for service accounts, which specify the roles that a principal has for the service account IAM custom roles, which help you limit the number of permissions that you grant to principals
In addition, you can use this service to complete the following tasks, among others:
Test whether a service account can use specific permissions Check which roles you can grant for a specific resource Lint, or validate, condition expressions in an IAM policy
When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.
In contrast, writing data to the IAM API is sequentially consistent. In other
words, write operations are always processed in the order in which they were
received.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
// TODO: Use client.
_ = c
}
func (*IamClient) Close ¶
Close closes the connection to the API service. The user should invoke this when the client is no longer required.
func (*IamClient) Connection ¶
func (c *IamClient) Connection() *grpc.ClientConn
Connection returns a connection to the API service.
Deprecated: Connections are now pooled so this method does not always return the same resource.
func (*IamClient) CreateRole ¶
func (c *IamClient) CreateRole(ctx context.Context, req *adminpb.CreateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
CreateRole creates a new custom Role.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.CreateRoleRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#CreateRoleRequest.
}
resp, err := c.CreateRole(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) CreateServiceAccount ¶
func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
CreateServiceAccount creates a ServiceAccount.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.CreateServiceAccountRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#CreateServiceAccountRequest.
}
resp, err := c.CreateServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) CreateServiceAccountKey ¶
func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)
CreateServiceAccountKey creates a ServiceAccountKey.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.CreateServiceAccountKeyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#CreateServiceAccountKeyRequest.
}
resp, err := c.CreateServiceAccountKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) DeleteRole ¶
func (c *IamClient) DeleteRole(ctx context.Context, req *adminpb.DeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
DeleteRole deletes a custom Role.
When you delete a custom role, the following changes occur immediately:
You cannot bind a principal to the custom role in an IAM Policy. Existing bindings to the custom role are not changed, but they have no effect. By default, the response from ListRoles does not include the custom role.
You have 7 days to undelete the custom role. After 7 days, the following changes occur:
The custom role is permanently deleted and cannot be recovered. If an IAM policy contains a binding to the custom role, the binding is permanently removed.
Example¶
Code:play
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.DeleteRoleRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#DeleteRoleRequest.
}
resp, err := c.DeleteRole(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) DeleteServiceAccount ¶
func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error
DeleteServiceAccount deletes a ServiceAccount.
Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead.
If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request.
To help avoid unplanned outages, we recommend that you disable the service
account before you delete it. Use DisableServiceAccount to disable the
service account, then wait at least 24 hours and watch for unintended
consequences. If there are no unintended consequences, you can delete the
service account.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.DeleteServiceAccountRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#DeleteServiceAccountRequest.
}
err = c.DeleteServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
}
func (*IamClient) DeleteServiceAccountKey ¶
func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error
DeleteServiceAccountKey deletes a ServiceAccountKey. Deleting a service account key does not
revoke short-lived credentials that have been issued based on the service
account key.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.DeleteServiceAccountKeyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#DeleteServiceAccountKeyRequest.
}
err = c.DeleteServiceAccountKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
}
func (*IamClient) DisableServiceAccount ¶
func (c *IamClient) DisableServiceAccount(ctx context.Context, req *adminpb.DisableServiceAccountRequest, opts ...gax.CallOption) error
DisableServiceAccount disables a ServiceAccount immediately.
If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail.
To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens.
To help avoid unplanned outages, we recommend that you disable the service
account before you delete it. Use this method to disable the service
account, then wait at least 24 hours and watch for unintended consequences.
If there are no unintended consequences, you can delete the service account
with DeleteServiceAccount.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.DisableServiceAccountRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#DisableServiceAccountRequest.
}
err = c.DisableServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
}
func (*IamClient) DisableServiceAccountKey ¶
func (c *IamClient) DisableServiceAccountKey(ctx context.Context, req *adminpb.DisableServiceAccountKeyRequest, opts ...gax.CallOption) error
DisableServiceAccountKey disable a ServiceAccountKey. A disabled service account key can be
re-enabled with EnableServiceAccountKey.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.DisableServiceAccountKeyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#DisableServiceAccountKeyRequest.
}
err = c.DisableServiceAccountKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
}
func (*IamClient) EnableServiceAccount ¶
func (c *IamClient) EnableServiceAccount(ctx context.Context, req *adminpb.EnableServiceAccountRequest, opts ...gax.CallOption) error
EnableServiceAccount enables a ServiceAccount that was disabled by DisableServiceAccount.
If the service account is already enabled, then this method has no effect.
If the service account was disabled by other means—for example, if Google
disabled the service account because it was compromised—you cannot use this
method to enable the service account.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.EnableServiceAccountRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#EnableServiceAccountRequest.
}
err = c.EnableServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
}
func (*IamClient) EnableServiceAccountKey ¶
func (c *IamClient) EnableServiceAccountKey(ctx context.Context, req *adminpb.EnableServiceAccountKeyRequest, opts ...gax.CallOption) error
EnableServiceAccountKey enable a ServiceAccountKey.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.EnableServiceAccountKeyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#EnableServiceAccountKeyRequest.
}
err = c.EnableServiceAccountKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
}
func (*IamClient) GetIamPolicy ¶
func (c *IamClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest) (*iam.Policy, error)
GetIamPolicy returns the IAM access control policy for a ServiceAccount.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
iampb "cloud.google.com/go/iam/apiv1/iampb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &iampb.GetIamPolicyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#GetIamPolicyRequest.
}
resp, err := c.GetIamPolicy(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) GetRole ¶
func (c *IamClient) GetRole(ctx context.Context, req *adminpb.GetRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
GetRole gets the definition of a Role.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.GetRoleRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#GetRoleRequest.
}
resp, err := c.GetRole(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) GetServiceAccount ¶
func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
GetServiceAccount gets a ServiceAccount.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.GetServiceAccountRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#GetServiceAccountRequest.
}
resp, err := c.GetServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) GetServiceAccountKey ¶
func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)
GetServiceAccountKey gets a ServiceAccountKey.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.GetServiceAccountKeyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#GetServiceAccountKeyRequest.
}
resp, err := c.GetServiceAccountKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) LintPolicy ¶
func (c *IamClient) LintPolicy(ctx context.Context, req *adminpb.LintPolicyRequest, opts ...gax.CallOption) (*adminpb.LintPolicyResponse, error)
LintPolicy lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding.
Successful calls to this method always return an HTTP 200 OK status code,
even if the linter detects an issue in the IAM policy.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.LintPolicyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#LintPolicyRequest.
}
resp, err := c.LintPolicy(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) ListRoles ¶
func (c *IamClient) ListRoles(ctx context.Context, req *adminpb.ListRolesRequest, opts ...gax.CallOption) (*adminpb.ListRolesResponse, error)
ListRoles lists the Roles defined on a resource.
func (*IamClient) ListRolesIter ¶
func (c *IamClient) ListRolesIter(ctx context.Context, req *adminpb.ListRolesRequest, opts ...gax.CallOption) *RoleIterator
ListRoles lists every predefined Role that IAM supports, or every custom role
that is defined for an organization or project.
Code:play
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
"google.golang.org/api/iterator"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.ListRolesRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#ListRolesRequest.
}
it := c.ListRolesIter(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
// If you need to access the underlying RPC response,
// you can do so by casting the `Response` as below.
// Otherwise, remove this line. Only populated after
// first call to Next(). Not safe for concurrent access.
_ = it.Response.(*adminpb.ListRolesResponse)
}
}
Example (All)¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.ListRolesRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#ListRolesRequest.
}
for resp, err := range c.ListRolesIter(ctx, req).All() {
if err != nil {
// TODO: Handle error and break/return/continue. Iteration will stop after any error.
}
// TODO: Use resp.
_ = resp
}
}
func (*IamClient) ListServiceAccountKeys ¶
func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error)
ListServiceAccountKeys lists every ServiceAccountKey for a service account.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.ListServiceAccountKeysRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#ListServiceAccountKeysRequest.
}
resp, err := c.ListServiceAccountKeys(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) ListServiceAccounts ¶
func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator
ListServiceAccounts lists every ServiceAccount that belongs to a specific project.
Code:play
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
"google.golang.org/api/iterator"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.ListServiceAccountsRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#ListServiceAccountsRequest.
}
it := c.ListServiceAccounts(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
// If you need to access the underlying RPC response,
// you can do so by casting the `Response` as below.
// Otherwise, remove this line. Only populated after
// first call to Next(). Not safe for concurrent access.
_ = it.Response.(*adminpb.ListServiceAccountsResponse)
}
}
Example (All)¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.ListServiceAccountsRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#ListServiceAccountsRequest.
}
for resp, err := range c.ListServiceAccounts(ctx, req).All() {
if err != nil {
// TODO: Handle error and break/return/continue. Iteration will stop after any error.
}
// TODO: Use resp.
_ = resp
}
}
func (*IamClient) PatchServiceAccount ¶
func (c *IamClient) PatchServiceAccount(ctx context.Context, req *adminpb.PatchServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
PatchServiceAccount patches a ServiceAccount.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.PatchServiceAccountRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#PatchServiceAccountRequest.
}
resp, err := c.PatchServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) QueryAuditableServices ¶
func (c *IamClient) QueryAuditableServices(ctx context.Context, req *adminpb.QueryAuditableServicesRequest, opts ...gax.CallOption) (*adminpb.QueryAuditableServicesResponse, error)
QueryAuditableServices returns a list of services that allow you to opt into audit logs that are not generated by default.
To learn more about audit logs, see the Logging
documentation (at https://cloud.google.com/logging/docs/audit).
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.QueryAuditableServicesRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#QueryAuditableServicesRequest.
}
resp, err := c.QueryAuditableServices(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) QueryGrantableRoles ¶
func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error)
QueryGrantableRoles queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.
func (*IamClient) QueryGrantableRolesIter ¶
func (c *IamClient) QueryGrantableRolesIter(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) *RoleIterator
QueryGrantableRoles lists roles that can be granted on a Google Cloud resource. A role is
grantable if the IAM policy for the resource can contain bindings to the
role.
Code:play
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
"google.golang.org/api/iterator"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.QueryGrantableRolesRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#QueryGrantableRolesRequest.
}
it := c.QueryGrantableRolesIter(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
// If you need to access the underlying RPC response,
// you can do so by casting the `Response` as below.
// Otherwise, remove this line. Only populated after
// first call to Next(). Not safe for concurrent access.
_ = it.Response.(*adminpb.QueryGrantableRolesResponse)
}
}
Example (All)¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.QueryGrantableRolesRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#QueryGrantableRolesRequest.
}
for resp, err := range c.QueryGrantableRolesIter(ctx, req).All() {
if err != nil {
// TODO: Handle error and break/return/continue. Iteration will stop after any error.
}
// TODO: Use resp.
_ = resp
}
}
func (*IamClient) QueryTestablePermissions ¶
func (c *IamClient) QueryTestablePermissions(ctx context.Context, req *adminpb.QueryTestablePermissionsRequest, opts ...gax.CallOption) (*adminpb.QueryTestablePermissionsResponse, error)
QueryTestablePermissions lists the permissions testable on a resource. A permission is testable if it can be tested for an identity on a resource.
func (*IamClient) QueryTestablePermissionsIter ¶
func (c *IamClient) QueryTestablePermissionsIter(ctx context.Context, req *adminpb.QueryTestablePermissionsRequest, opts ...gax.CallOption) *PermissionIterator
QueryTestablePermissions lists every permission that you can test on a resource. A permission is
testable if you can check whether a principal has that permission on the
resource.
Code:play
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
"google.golang.org/api/iterator"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.QueryTestablePermissionsRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#QueryTestablePermissionsRequest.
}
it := c.QueryTestablePermissionsIter(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
// If you need to access the underlying RPC response,
// you can do so by casting the `Response` as below.
// Otherwise, remove this line. Only populated after
// first call to Next(). Not safe for concurrent access.
_ = it.Response.(*adminpb.QueryTestablePermissionsResponse)
}
}
Example (All)¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.QueryTestablePermissionsRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#QueryTestablePermissionsRequest.
}
for resp, err := range c.QueryTestablePermissionsIter(ctx, req).All() {
if err != nil {
// TODO: Handle error and break/return/continue. Iteration will stop after any error.
}
// TODO: Use resp.
_ = resp
}
}
func (*IamClient) SetIamPolicy ¶
func (c *IamClient) SetIamPolicy(ctx context.Context, req *SetIamPolicyRequest) (*iam.Policy, error)
SetIamPolicy sets the IAM access control policy for a ServiceAccount.
func (*IamClient) SignBlob ¶
func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error)
SignBlob Note: This method is deprecated. Use the signBlob (at https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide (at https://cloud.google.com/iam/help/credentials/migrate-api) for instructions.
Signs a blob using the system-managed private key for a ServiceAccount.
Deprecated: SignBlob may be removed in a future version.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.SignBlobRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#SignBlobRequest.
}
resp, err := c.SignBlob(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) SignJwt ¶
func (c *IamClient) SignJwt(ctx context.Context, req *adminpb.SignJwtRequest, opts ...gax.CallOption) (*adminpb.SignJwtResponse, error)
SignJwt Note: This method is deprecated. Use the signJwt (at https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide (at https://cloud.google.com/iam/help/credentials/migrate-api) for instructions.
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
Deprecated: SignJwt may be removed in a future version.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.SignJwtRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#SignJwtRequest.
}
resp, err := c.SignJwt(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) TestIamPermissions ¶
func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error)
TestIamPermissions tests whether the caller has the specified permissions on a
ServiceAccount.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
iampb "cloud.google.com/go/iam/apiv1/iampb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &iampb.TestIamPermissionsRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#TestIamPermissionsRequest.
}
resp, err := c.TestIamPermissions(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) UndeleteRole ¶
func (c *IamClient) UndeleteRole(ctx context.Context, req *adminpb.UndeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
UndeleteRole undeletes a custom Role.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.UndeleteRoleRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#UndeleteRoleRequest.
}
resp, err := c.UndeleteRole(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) UndeleteServiceAccount ¶
func (c *IamClient) UndeleteServiceAccount(ctx context.Context, req *adminpb.UndeleteServiceAccountRequest, opts ...gax.CallOption) (*adminpb.UndeleteServiceAccountResponse, error)
UndeleteServiceAccount restores a deleted ServiceAccount.
Important: It is not always possible to restore a deleted service account. Use this method only as a last resort.
After you delete a service account, IAM permanently removes the service
account 30 days later. There is no way to restore a deleted service account
that has been permanently removed.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.UndeleteServiceAccountRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#UndeleteServiceAccountRequest.
}
resp, err := c.UndeleteServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) UpdateRole ¶
func (c *IamClient) UpdateRole(ctx context.Context, req *adminpb.UpdateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error)
UpdateRole updates the definition of a custom Role.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.UpdateRoleRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#UpdateRoleRequest.
}
resp, err := c.UpdateRole(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) UpdateServiceAccount ¶
func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)
UpdateServiceAccount Note: We are in the process of deprecating this method. Use PatchServiceAccount instead.
Updates a ServiceAccount.
You can update only the display_name field.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.ServiceAccount{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#ServiceAccount.
}
resp, err := c.UpdateServiceAccount(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (*IamClient) UploadServiceAccountKey ¶
func (c *IamClient) UploadServiceAccountKey(ctx context.Context, req *adminpb.UploadServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)
UploadServiceAccountKey uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.
After you upload the public key, you can use the private key from the key
pair as a service account key.
Code:play
Example¶
package main
import (
"context"
admin "cloud.google.com/go/iam/admin/apiv1"
adminpb "cloud.google.com/go/iam/admin/apiv1/adminpb"
)
func main() {
ctx := context.Background()
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in:
// https://pkg.go.dev/cloud.google.com/go#hdr-Client_Options
c, err := admin.NewIamClient(ctx)
if err != nil {
// TODO: Handle error.
}
defer c.Close()
req := &adminpb.UploadServiceAccountKeyRequest{
// TODO: Fill request struct fields.
// See https://pkg.go.dev/cloud.google.com/go/iam/admin/apiv1/adminpb#UploadServiceAccountKeyRequest.
}
resp, err := c.UploadServiceAccountKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
type PermissionIterator ¶
type PermissionIterator struct {
// Response is the raw response for the current page.
// It must be cast to the RPC response type.
// Calling Next() or InternalFetch() updates this value.
Response interface{}
// InternalFetch is for use by the Google Cloud Libraries only.
// It is not part of the stable interface of this package.
//
// InternalFetch returns results from a single call to the underlying RPC.
// The number of results is no greater than pageSize.
// If there are no more results, nextPageToken is empty and err is nil.
InternalFetch func(pageSize int, pageToken string) (results []*adminpb.Permission, nextPageToken string, err error)
// contains filtered or unexported fields
}
PermissionIterator manages a stream of *adminpb.Permission.
func (*PermissionIterator) All ¶
func (it *PermissionIterator) All() iter.Seq2[*adminpb.Permission, error]
All returns an iterator. If an error is returned by the iterator, the iterator will stop after that iteration.
func (*PermissionIterator) Next ¶
func (it *PermissionIterator) Next() (*adminpb.Permission, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (*PermissionIterator) PageInfo ¶
func (it *PermissionIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
type RoleIterator ¶
type RoleIterator struct {
// Response is the raw response for the current page.
// It must be cast to the RPC response type.
// Calling Next() or InternalFetch() updates this value.
Response interface{}
// InternalFetch is for use by the Google Cloud Libraries only.
// It is not part of the stable interface of this package.
//
// InternalFetch returns results from a single call to the underlying RPC.
// The number of results is no greater than pageSize.
// If there are no more results, nextPageToken is empty and err is nil.
InternalFetch func(pageSize int, pageToken string) (results []*adminpb.Role, nextPageToken string, err error)
// contains filtered or unexported fields
}
RoleIterator manages a stream of *adminpb.Role.
func (*RoleIterator) All ¶
All returns an iterator. If an error is returned by the iterator, the iterator will stop after that iteration.
func (*RoleIterator) Next ¶
func (it *RoleIterator) Next() (*adminpb.Role, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (*RoleIterator) PageInfo ¶
func (it *RoleIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
type ServiceAccountIterator ¶
type ServiceAccountIterator struct {
// Response is the raw response for the current page.
// It must be cast to the RPC response type.
// Calling Next() or InternalFetch() updates this value.
Response interface{}
// InternalFetch is for use by the Google Cloud Libraries only.
// It is not part of the stable interface of this package.
//
// InternalFetch returns results from a single call to the underlying RPC.
// The number of results is no greater than pageSize.
// If there are no more results, nextPageToken is empty and err is nil.
InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error)
// contains filtered or unexported fields
}
ServiceAccountIterator manages a stream of *adminpb.ServiceAccount.
func (*ServiceAccountIterator) All ¶
func (it *ServiceAccountIterator) All() iter.Seq2[*adminpb.ServiceAccount, error]
All returns an iterator. If an error is returned by the iterator, the iterator will stop after that iteration.
func (*ServiceAccountIterator) Next ¶
func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (*ServiceAccountIterator) PageInfo ¶
func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
type SetIamPolicyRequest ¶
SetIamPolicyRequest is the request type for the SetIamPolicy method.
Source Files ¶
auxiliary.go auxiliary_go123.go doc.go helpers.go iam_client.go iter_patch.go path_funcs.go policy_methods.go version.go
Directories ¶
| Path | Synopsis |
|---|---|
| admin/apiv1/adminpb |
- Version
- v1.4.0 (latest)
- Published
- Feb 12, 2025
- Platform
- linux/amd64
- Imports
- 21 packages
- Last checked
- 5 days ago –
Tools for package owners.