Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API.

Service: iam.googleapis.com

The Service name iam.googleapis.com is needed to create RPC client stubs.

google.iam.admin.v1.IAM

Methods
CreateRole Creates a new custom Role.
CreateServiceAccount Creates a ServiceAccount.
CreateServiceAccountKey Creates a ServiceAccountKey.
DeleteRole Deletes a custom Role.
DeleteServiceAccount Deletes a ServiceAccount.
DeleteServiceAccountKey Deletes a ServiceAccountKey.
DisableServiceAccount Disables a ServiceAccount immediately.
DisableServiceAccountKey Disable a ServiceAccountKey.
EnableServiceAccount Enables a ServiceAccount that was disabled by DisableServiceAccount.
EnableServiceAccountKey Enable a ServiceAccountKey.
GetIamPolicy Gets the IAM policy that is attached to a ServiceAccount.
GetRole Gets the definition of a Role.
GetServiceAccount Gets a ServiceAccount.
GetServiceAccountKey Gets a ServiceAccountKey.
LintPolicy Lints, or validates, an IAM policy.
ListRoles Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
ListServiceAccountKeys Lists every ServiceAccountKey for a service account.
ListServiceAccounts Lists every ServiceAccount that belongs to a specific project.
PatchServiceAccount Patches a ServiceAccount.
QueryAuditableServices Returns a list of services that allow you to opt into audit logs that are not generated by default.
QueryGrantableRoles Lists roles that can be granted on a Google Cloud resource.
QueryTestablePermissions Lists every permission that you can test on a resource.
SetIamPolicy Sets the IAM policy that is attached to a ServiceAccount.
SignBlob
(deprecated)		 Signs a blob using the system-managed private key for a ServiceAccount.
SignJwt
(deprecated)		 Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
TestIamPermissions Tests whether the caller has the specified permissions on a ServiceAccount.
UndeleteRole Undeletes a custom Role.
UndeleteServiceAccount Restores a deleted ServiceAccount.
UpdateRole Updates the definition of a custom Role.
UpdateServiceAccount Note: We are in the process of deprecating this method.
UploadServiceAccountKey Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.

google.iam.admin.v1.OauthClients

Methods
CreateOauthClient Creates a new OauthClient.
CreateOauthClientCredential Creates a new OauthClientCredential.
DeleteOauthClient Deletes an OauthClient.
DeleteOauthClientCredential Deletes an OauthClientCredential.
GetOauthClient Gets an individual OauthClient.
GetOauthClientCredential Gets an individual OauthClientCredential.
ListOauthClientCredentials Lists all OauthClientCredentials in an OauthClient.
ListOauthClients Lists all non-deleted OauthClients in a project.
UndeleteOauthClient Undeletes an OauthClient, as long as it was deleted fewer than 30 days ago.
UpdateOauthClient Updates an existing OauthClient.
UpdateOauthClientCredential Updates an existing OauthClientCredential.

google.iam.admin.v1.WorkforcePools

Methods
CreateWorkforcePool Creates a new WorkforcePool.
CreateWorkforcePoolProvider Creates a new WorkforcePoolProvider in a WorkforcePool.
CreateWorkforcePoolProviderKey Creates a new WorkforcePoolProviderKey in a WorkforcePoolProvider.
CreateWorkforcePoolProviderScimTenant Agentspace only.
CreateWorkforcePoolProviderScimToken Agentspace only.
DeleteWorkforcePool Deletes a WorkforcePool.
DeleteWorkforcePoolProvider Deletes a WorkforcePoolProvider.
DeleteWorkforcePoolProviderKey Deletes a WorkforcePoolProviderKey.
DeleteWorkforcePoolProviderScimTenant Agentspace only.
DeleteWorkforcePoolProviderScimToken Agentspace only.
DeleteWorkforcePoolSubject Deletes a WorkforcePoolSubject.
GetIamPolicy Gets IAM policies on a WorkforcePool.
GetWorkforcePool Gets an individual WorkforcePool.
GetWorkforcePoolProvider Gets an individual WorkforcePoolProvider.
GetWorkforcePoolProviderKey Gets a WorkforcePoolProviderKey.
GetWorkforcePoolProviderScimTenant Agentspace only.
GetWorkforcePoolProviderScimToken Agentspace only.
ListWorkforcePoolProviderKeys Lists all non-deleted WorkforcePoolProviderKeys in a WorkforcePoolProvider.
ListWorkforcePoolProviderScimTenants Agentspace only.
ListWorkforcePoolProviderScimTokens Agentspace only.
ListWorkforcePoolProviders Lists all non-deleted WorkforcePoolProviders in a WorkforcePool.
ListWorkforcePools Lists all non-deleted WorkforcePools under the specified parent.
SetIamPolicy Sets IAM policies on a WorkforcePool.
TestIamPermissions Returns the caller's permissions on the WorkforcePool.
UndeleteWorkforcePool Undeletes a WorkforcePool, as long as it was deleted fewer than 30 days ago.
UndeleteWorkforcePoolProvider Undeletes a WorkforcePoolProvider, as long as it was deleted fewer than 30 days ago.
UndeleteWorkforcePoolProviderKey Undeletes a WorkforcePoolProviderKey, as long as it was deleted fewer than 30 days ago.
UndeleteWorkforcePoolProviderScimTenant Agentspace only.
UndeleteWorkforcePoolProviderScimToken Agentspace only.
UndeleteWorkforcePoolSubject Undeletes a WorkforcePoolSubject, as long as it was deleted fewer than 30 days ago.
UpdateWorkforcePool Updates an existing WorkforcePool.
UpdateWorkforcePoolProvider Updates an existing WorkforcePoolProvider.
UpdateWorkforcePoolProviderScimTenant Agentspace only.
UpdateWorkforcePoolProviderScimToken Agentspace only.

google.iam.v1.WorkloadIdentityPools

Methods
AddAttestationRule Add an AttestationRule on a WorkloadIdentityPoolManagedIdentity.
CreateWorkloadIdentityPool Creates a new WorkloadIdentityPool.
CreateWorkloadIdentityPoolManagedIdentity Creates a new WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace.
CreateWorkloadIdentityPoolNamespace Creates a new WorkloadIdentityPoolNamespace in a WorkloadIdentityPool.
CreateWorkloadIdentityPoolProvider Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool.
CreateWorkloadIdentityPoolProviderKey Create a new WorkloadIdentityPoolProviderKey in a WorkloadIdentityPoolProvider.
DeleteWorkloadIdentityPool Deletes a WorkloadIdentityPool.
DeleteWorkloadIdentityPoolManagedIdentity Deletes a WorkloadIdentityPoolManagedIdentity.
DeleteWorkloadIdentityPoolNamespace Deletes a WorkloadIdentityPoolNamespace.
DeleteWorkloadIdentityPoolProvider Deletes a WorkloadIdentityPoolProvider.
DeleteWorkloadIdentityPoolProviderKey Deletes an WorkloadIdentityPoolProviderKey.
GetIamPolicy Gets the IAM policy of a WorkloadIdentityPool.
GetWorkloadIdentityPool Gets an individual WorkloadIdentityPool.
GetWorkloadIdentityPoolManagedIdentity Gets an individual WorkloadIdentityPoolManagedIdentity.
GetWorkloadIdentityPoolNamespace Gets an individual WorkloadIdentityPoolNamespace.
GetWorkloadIdentityPoolProvider Gets an individual WorkloadIdentityPoolProvider.
GetWorkloadIdentityPoolProviderKey Gets an individual WorkloadIdentityPoolProviderKey.
ListAttestationRules List all AttestationRule on a WorkloadIdentityPoolManagedIdentity.
ListWorkloadIdentityPoolManagedIdentities Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace.
ListWorkloadIdentityPoolNamespaces Lists all non-deleted WorkloadIdentityPoolNamespaces in a workload identity pool.
ListWorkloadIdentityPoolProviderKeys Lists all non-deleted WorkloadIdentityPoolProviderKeys in a project.
ListWorkloadIdentityPoolProviders Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool.
ListWorkloadIdentityPools Lists all non-deleted WorkloadIdentityPools in a project.
RemoveAttestationRule Remove an AttestationRule on a WorkloadIdentityPoolManagedIdentity.
SetAttestationRules Set all AttestationRule on a WorkloadIdentityPoolManagedIdentity.
SetIamPolicy Sets the IAM policies on a WorkloadIdentityPool
TestIamPermissions Returns the caller's permissions on a WorkloadIdentityPool
UndeleteWorkloadIdentityPool Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolManagedIdentity Undeletes a WorkloadIdentityPoolManagedIdentity, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolNamespace Undeletes a WorkloadIdentityPoolNamespace, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolProvider Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolProviderKey Undeletes an WorkloadIdentityPoolProviderKey, as long as it was deleted fewer than 30 days ago.
UpdateWorkloadIdentityPool Updates an existing WorkloadIdentityPool.
UpdateWorkloadIdentityPoolManagedIdentity Updates an existing WorkloadIdentityPoolManagedIdentity in a WorkloadIdentityPoolNamespace.
UpdateWorkloadIdentityPoolNamespace Updates an existing WorkloadIdentityPoolNamespace in a WorkloadIdentityPool.
UpdateWorkloadIdentityPoolProvider Updates an existing WorkloadIdentityPoolProvider.

google.iam.v1beta.WorkloadIdentityPools

Methods
CreateWorkloadIdentityPool Creates a new WorkloadIdentityPool.
CreateWorkloadIdentityPoolProvider Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool.
DeleteWorkloadIdentityPool Deletes a WorkloadIdentityPool.
DeleteWorkloadIdentityPoolProvider Deletes a WorkloadIdentityPoolProvider.
GetWorkloadIdentityPool Gets an individual WorkloadIdentityPool.
GetWorkloadIdentityPoolProvider Gets an individual WorkloadIdentityPoolProvider.
ListWorkloadIdentityPoolProviders Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool.
ListWorkloadIdentityPools Lists all non-deleted WorkloadIdentityPools in a project.
UndeleteWorkloadIdentityPool Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.
UndeleteWorkloadIdentityPoolProvider Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.
UpdateWorkloadIdentityPool Updates an existing WorkloadIdentityPool.
UpdateWorkloadIdentityPoolProvider Updates an existing WorkloadIdentityPoolProvider.

google.iam.v2.Policies

Methods
CreatePolicy Creates a policy.
DeletePolicy Deletes a policy.
GetPolicy Gets a policy.
ListPolicies Retrieves the policies of the specified kind that are attached to a resource.
UpdatePolicy Updates the specified policy.

google.iam.v2beta.Policies

Methods
CreatePolicy Creates a policy.
DeletePolicy Deletes a policy.
GetPolicy Gets a policy.
ListPolicies Retrieves the policies of the specified kind that are attached to a resource.
UpdatePolicy Updates the specified policy.

google.iam.v3.AccessPolicies

Methods

google.iam.v3.PolicyBindings

Methods
CreatePolicyBinding Creates a policy binding and returns a long-running operation.
DeletePolicyBinding Deletes a policy binding and returns a long-running operation.
GetPolicyBinding Gets a policy binding.
ListPolicyBindings Lists policy bindings.
SearchTargetPolicyBindings Search policy bindings by target.
UpdatePolicyBinding Updates a policy binding and returns a long-running operation.

google.iam.v3.PrincipalAccessBoundaryPolicies

Methods
CreatePrincipalAccessBoundaryPolicy Creates a principal access boundary policy, and returns a long running operation.
DeletePrincipalAccessBoundaryPolicy Deletes a principal access boundary policy.
GetPrincipalAccessBoundaryPolicy Gets a principal access boundary policy.
ListPrincipalAccessBoundaryPolicies Lists principal access boundary policies.
SearchPrincipalAccessBoundaryPolicyBindings Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.
UpdatePrincipalAccessBoundaryPolicy Updates a principal access boundary policy.

google.iam.v3beta.AccessPolicies

Methods

google.iam.v3beta.PolicyBindings

Methods
CreatePolicyBinding Creates a policy binding and returns a long-running operation.
DeletePolicyBinding Deletes a policy binding and returns a long-running operation.
GetPolicyBinding Gets a policy binding.
ListPolicyBindings Lists policy bindings.
SearchTargetPolicyBindings Search policy bindings by target.
UpdatePolicyBinding Updates a policy binding and returns a long-running operation.

google.iam.v3beta.PrincipalAccessBoundaryPolicies

Methods
CreatePrincipalAccessBoundaryPolicy Creates a principal access boundary policy, and returns a long running operation.
DeletePrincipalAccessBoundaryPolicy Deletes a principal access boundary policy.
GetPrincipalAccessBoundaryPolicy Gets a principal access boundary policy.
ListPrincipalAccessBoundaryPolicies Lists principal access boundary policies.
SearchPrincipalAccessBoundaryPolicyBindings Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.
UpdatePrincipalAccessBoundaryPolicy Updates a principal access boundary policy.

google.longrunning.Operations

Methods
GetOperation Gets the latest state of a long-running operation.