admin

package
v0.0.0-...-6cb3ea0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ServiceAccountKeyAlgorithm_name = map[int32]string{
		0: "KEY_ALG_UNSPECIFIED",
		1: "KEY_ALG_RSA_1024",
		2: "KEY_ALG_RSA_2048",
	}
	ServiceAccountKeyAlgorithm_value = map[string]int32{
		"KEY_ALG_UNSPECIFIED": 0,
		"KEY_ALG_RSA_1024":    1,
		"KEY_ALG_RSA_2048":    2,
	}
)

Enum value maps for ServiceAccountKeyAlgorithm.

View Source 
var (
	ServiceAccountPrivateKeyType_name = map[int32]string{
		0: "TYPE_UNSPECIFIED",
		1: "TYPE_PKCS12_FILE",
		2: "TYPE_GOOGLE_CREDENTIALS_FILE",
	}
	ServiceAccountPrivateKeyType_value = map[string]int32{
		"TYPE_UNSPECIFIED":             0,
		"TYPE_PKCS12_FILE":             1,
		"TYPE_GOOGLE_CREDENTIALS_FILE": 2,
	}
)

Enum value maps for ServiceAccountPrivateKeyType.

View Source 
var (
	ServiceAccountPublicKeyType_name = map[int32]string{
		0: "TYPE_NONE",
		1: "TYPE_X509_PEM_FILE",
		2: "TYPE_RAW_PUBLIC_KEY",
	}
	ServiceAccountPublicKeyType_value = map[string]int32{
		"TYPE_NONE":           0,
		"TYPE_X509_PEM_FILE":  1,
		"TYPE_RAW_PUBLIC_KEY": 2,
	}
)

Enum value maps for ServiceAccountPublicKeyType.

View Source 
var (
	ServiceAccountKeyOrigin_name = map[int32]string{
		0: "ORIGIN_UNSPECIFIED",
		1: "USER_PROVIDED",
		2: "GOOGLE_PROVIDED",
	}
	ServiceAccountKeyOrigin_value = map[string]int32{
		"ORIGIN_UNSPECIFIED": 0,
		"USER_PROVIDED":      1,
		"GOOGLE_PROVIDED":    2,
	}
)

Enum value maps for ServiceAccountKeyOrigin.

View Source 
var (
	RoleView_name = map[int32]string{
		0: "BASIC",
		1: "FULL",
	}
	RoleView_value = map[string]int32{
		"BASIC": 0,
		"FULL":  1,
	}
)

Enum value maps for RoleView.

View Source 
var (
	ListServiceAccountKeysRequest_KeyType_name = map[int32]string{
		0: "KEY_TYPE_UNSPECIFIED",
		1: "USER_MANAGED",
		2: "SYSTEM_MANAGED",
	}
	ListServiceAccountKeysRequest_KeyType_value = map[string]int32{
		"KEY_TYPE_UNSPECIFIED": 0,
		"USER_MANAGED":         1,
		"SYSTEM_MANAGED":       2,
	}
)

Enum value maps for ListServiceAccountKeysRequest_KeyType.

View Source 
var (
	Role_RoleLaunchStage_name = map[int32]string{
		0: "ALPHA",
		1: "BETA",
		2: "GA",
		4: "DEPRECATED",
		5: "DISABLED",
		6: "EAP",
	}
	Role_RoleLaunchStage_value = map[string]int32{
		"ALPHA":      0,
		"BETA":       1,
		"GA":         2,
		"DEPRECATED": 4,
		"DISABLED":   5,
		"EAP":        6,
	}
)

Enum value maps for Role_RoleLaunchStage.

View Source 
var (
	Permission_PermissionLaunchStage_name = map[int32]string{
		0: "ALPHA",
		1: "BETA",
		2: "GA",
		3: "DEPRECATED",
	}
	Permission_PermissionLaunchStage_value = map[string]int32{
		"ALPHA":      0,
		"BETA":       1,
		"GA":         2,
		"DEPRECATED": 3,
	}
)

Enum value maps for Permission_PermissionLaunchStage.

View Source 
var (
	Permission_CustomRolesSupportLevel_name = map[int32]string{
		0: "SUPPORTED",
		1: "TESTING",
		2: "NOT_SUPPORTED",
	}
	Permission_CustomRolesSupportLevel_value = map[string]int32{
		"SUPPORTED":     0,
		"TESTING":       1,
		"NOT_SUPPORTED": 2,
	}
)

Enum value maps for Permission_CustomRolesSupportLevel.

View Source 
var (
	LintResult_Level_name = map[int32]string{
		0: "LEVEL_UNSPECIFIED",
		3: "CONDITION",
	}
	LintResult_Level_value = map[string]int32{
		"LEVEL_UNSPECIFIED": 0,
		"CONDITION":         3,
	}
)

Enum value maps for LintResult_Level.

View Source 
var (
	LintResult_Severity_name = map[int32]string{
		0: "SEVERITY_UNSPECIFIED",
		1: "ERROR",
		2: "WARNING",
		3: "NOTICE",
		4: "INFO",
		5: "DEPRECATED",
	}
	LintResult_Severity_value = map[string]int32{
		"SEVERITY_UNSPECIFIED": 0,
		"ERROR":                1,
		"WARNING":              2,
		"NOTICE":               3,
		"INFO":                 4,
		"DEPRECATED":           5,
	}
)

Enum value maps for LintResult_Severity.

View Source 
var File_google_iam_admin_v1_audit_data_proto protoreflect.FileDescriptor
View Source 
var File_google_iam_admin_v1_iam_proto protoreflect.FileDescriptor

Functions

func RegisterIAMServer 

func RegisterIAMServer(s *grpc.Server, srv IAMServer)

Types

type AuditData 

type AuditData struct {

	// The permission_delta when when creating or updating a Role.
	PermissionDelta *AuditData_PermissionDelta `protobuf:"bytes,1,opt,name=permission_delta,json=permissionDelta,proto3" json:"permission_delta,omitempty"`
	// contains filtered or unexported fields
}

Audit log information specific to Cloud IAM admin APIs. This message is serialized as an `Any` type in the `ServiceData` message of an `AuditLog` message.

func (*AuditData) Descriptor deprecated 

func (*AuditData) Descriptor() ([]byte, []int)

Deprecated: Use AuditData.ProtoReflect.Descriptor instead.

func (*AuditData) GetPermissionDelta 

func (x *AuditData) GetPermissionDelta() *AuditData_PermissionDelta

func (*AuditData) ProtoMessage 

func (*AuditData) ProtoMessage()

func (*AuditData) ProtoReflect 

func (x *AuditData) ProtoReflect() protoreflect.Message

func (*AuditData) Reset 

func (x *AuditData) Reset()

func (*AuditData) String 

func (x *AuditData) String() string

type AuditData_PermissionDelta 

type AuditData_PermissionDelta struct {

	// Added permissions.
	AddedPermissions []string `protobuf:"bytes,1,rep,name=added_permissions,json=addedPermissions,proto3" json:"added_permissions,omitempty"`
	// Removed permissions.
	RemovedPermissions []string `protobuf:"bytes,2,rep,name=removed_permissions,json=removedPermissions,proto3" json:"removed_permissions,omitempty"`
	// contains filtered or unexported fields
}

A PermissionDelta message to record the added_permissions and removed_permissions inside a role.

func (*AuditData_PermissionDelta) Descriptor deprecated 

func (*AuditData_PermissionDelta) Descriptor() ([]byte, []int)

Deprecated: Use AuditData_PermissionDelta.ProtoReflect.Descriptor instead.

func (*AuditData_PermissionDelta) GetAddedPermissions 

func (x *AuditData_PermissionDelta) GetAddedPermissions() []string

func (*AuditData_PermissionDelta) GetRemovedPermissions 

func (x *AuditData_PermissionDelta) GetRemovedPermissions() []string

func (*AuditData_PermissionDelta) ProtoMessage 

func (*AuditData_PermissionDelta) ProtoMessage()

func (*AuditData_PermissionDelta) ProtoReflect 

func (x *AuditData_PermissionDelta) ProtoReflect() protoreflect.Message

func (*AuditData_PermissionDelta) Reset 

func (x *AuditData_PermissionDelta) Reset()

func (*AuditData_PermissionDelta) String 

func (x *AuditData_PermissionDelta) String() string

type CreateRoleRequest 

type CreateRoleRequest struct {

	// The `parent` parameter's value depends on the target resource for the
	// request, namely
	// [`projects`](/iam/reference/rest/v1/projects.roles) or
	// [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
	// resource type's `parent` value format is described below:
	//
	// * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create):
	//   `projects/{PROJECT_ID}`. This method creates project-level
	//   [custom roles](/iam/docs/understanding-custom-roles).
	//   Example request URL:
	//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
	//
	// * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create):
	//   `organizations/{ORGANIZATION_ID}`. This method creates organization-level
	//   [custom roles](/iam/docs/understanding-custom-roles). Example request
	//   URL:
	//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// The role ID to use for this role.
	//
	// A role ID may contain alphanumeric characters, underscores (`_`), and
	// periods (`.`). It must contain a minimum of 3 characters and a maximum of
	// 64 characters.
	RoleId string `protobuf:"bytes,2,opt,name=role_id,json=roleId,proto3" json:"role_id,omitempty"`
	// The Role resource to create.
	Role *Role `protobuf:"bytes,3,opt,name=role,proto3" json:"role,omitempty"`
	// contains filtered or unexported fields
}

The request to create a new role.

func (*CreateRoleRequest) Descriptor deprecated 

func (*CreateRoleRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateRoleRequest.ProtoReflect.Descriptor instead.

func (*CreateRoleRequest) GetParent 

func (x *CreateRoleRequest) GetParent() string

func (*CreateRoleRequest) GetRole 

func (x *CreateRoleRequest) GetRole() *Role

func (*CreateRoleRequest) GetRoleId 

func (x *CreateRoleRequest) GetRoleId() string

func (*CreateRoleRequest) ProtoMessage 

func (*CreateRoleRequest) ProtoMessage()

func (*CreateRoleRequest) ProtoReflect 

func (x *CreateRoleRequest) ProtoReflect() protoreflect.Message

func (*CreateRoleRequest) Reset 

func (x *CreateRoleRequest) Reset()

func (*CreateRoleRequest) String 

func (x *CreateRoleRequest) String() string

type CreateServiceAccountKeyRequest 

type CreateServiceAccountKeyRequest struct {

	// Required. The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The output format of the private key. The default value is
	// `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File
	// format.
	PrivateKeyType ServiceAccountPrivateKeyType `` /* 160-byte string literal not displayed */
	// Which type of key and algorithm to use for the key.
	// The default is currently a 2K RSA key.  However this may change in the
	// future.
	KeyAlgorithm ServiceAccountKeyAlgorithm `` /* 150-byte string literal not displayed */
	// contains filtered or unexported fields
}

The service account key create request.

func (*CreateServiceAccountKeyRequest) Descriptor deprecated 

func (*CreateServiceAccountKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateServiceAccountKeyRequest.ProtoReflect.Descriptor instead.

func (*CreateServiceAccountKeyRequest) GetKeyAlgorithm 

func (x *CreateServiceAccountKeyRequest) GetKeyAlgorithm() ServiceAccountKeyAlgorithm

func (*CreateServiceAccountKeyRequest) GetName 

func (x *CreateServiceAccountKeyRequest) GetName() string

func (*CreateServiceAccountKeyRequest) GetPrivateKeyType 

func (x *CreateServiceAccountKeyRequest) GetPrivateKeyType() ServiceAccountPrivateKeyType

func (*CreateServiceAccountKeyRequest) ProtoMessage 

func (*CreateServiceAccountKeyRequest) ProtoMessage()

func (*CreateServiceAccountKeyRequest) ProtoReflect 

func (x *CreateServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (*CreateServiceAccountKeyRequest) Reset 

func (x *CreateServiceAccountKeyRequest) Reset()

func (*CreateServiceAccountKeyRequest) String 

func (x *CreateServiceAccountKeyRequest) String() string

type CreateServiceAccountRequest 

type CreateServiceAccountRequest struct {

	// Required. The resource name of the project associated with the service
	// accounts, such as `projects/my-project-123`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The account id that is used to generate the service account
	// email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression
	// `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
	AccountId string `protobuf:"bytes,2,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"`
	// The [ServiceAccount][google.iam.admin.v1.ServiceAccount] resource to
	// create. Currently, only the following values are user assignable:
	// `display_name` and `description`.
	ServiceAccount *ServiceAccount `protobuf:"bytes,3,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
	// contains filtered or unexported fields
}

The service account create request.

func (*CreateServiceAccountRequest) Descriptor deprecated 

func (*CreateServiceAccountRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateServiceAccountRequest.ProtoReflect.Descriptor instead.

func (*CreateServiceAccountRequest) GetAccountId 

func (x *CreateServiceAccountRequest) GetAccountId() string

func (*CreateServiceAccountRequest) GetName 

func (x *CreateServiceAccountRequest) GetName() string

func (*CreateServiceAccountRequest) GetServiceAccount 

func (x *CreateServiceAccountRequest) GetServiceAccount() *ServiceAccount

func (*CreateServiceAccountRequest) ProtoMessage 

func (*CreateServiceAccountRequest) ProtoMessage()

func (*CreateServiceAccountRequest) ProtoReflect 

func (x *CreateServiceAccountRequest) ProtoReflect() protoreflect.Message

func (*CreateServiceAccountRequest) Reset 

func (x *CreateServiceAccountRequest) Reset()

func (*CreateServiceAccountRequest) String 

func (x *CreateServiceAccountRequest) String() string

type DeleteRoleRequest 

type DeleteRoleRequest struct {

	// The `name` parameter's value depends on the target resource for the
	// request, namely
	// [`projects`](/iam/reference/rest/v1/projects.roles) or
	// [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
	// resource type's `name` value format is described below:
	//
	// * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete):
	//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only
	//   [custom roles](/iam/docs/understanding-custom-roles) that have been
	//   created at the project level. Example request URL:
	//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete):
	//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
	//   deletes only [custom roles](/iam/docs/understanding-custom-roles) that
	//   have been created at the organization level. Example request URL:
	//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Used to perform a consistent read-modify-write.
	Etag []byte `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
	// contains filtered or unexported fields
}

The request to delete an existing role.

func (*DeleteRoleRequest) Descriptor deprecated 

func (*DeleteRoleRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteRoleRequest.ProtoReflect.Descriptor instead.

func (*DeleteRoleRequest) GetEtag 

func (x *DeleteRoleRequest) GetEtag() []byte

func (*DeleteRoleRequest) GetName 

func (x *DeleteRoleRequest) GetName() string

func (*DeleteRoleRequest) ProtoMessage 

func (*DeleteRoleRequest) ProtoMessage()

func (*DeleteRoleRequest) ProtoReflect 

func (x *DeleteRoleRequest) ProtoReflect() protoreflect.Message

func (*DeleteRoleRequest) Reset 

func (x *DeleteRoleRequest) Reset()

func (*DeleteRoleRequest) String 

func (x *DeleteRoleRequest) String() string

type DeleteServiceAccountKeyRequest 

type DeleteServiceAccountKeyRequest struct {

	// Required. The resource name of the service account key in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The service account key delete request.

func (*DeleteServiceAccountKeyRequest) Descriptor deprecated 

func (*DeleteServiceAccountKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteServiceAccountKeyRequest.ProtoReflect.Descriptor instead.

func (*DeleteServiceAccountKeyRequest) GetName 

func (x *DeleteServiceAccountKeyRequest) GetName() string

func (*DeleteServiceAccountKeyRequest) ProtoMessage 

func (*DeleteServiceAccountKeyRequest) ProtoMessage()

func (*DeleteServiceAccountKeyRequest) ProtoReflect 

func (x *DeleteServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (*DeleteServiceAccountKeyRequest) Reset 

func (x *DeleteServiceAccountKeyRequest) Reset()

func (*DeleteServiceAccountKeyRequest) String 

func (x *DeleteServiceAccountKeyRequest) String() string

type DeleteServiceAccountRequest 

type DeleteServiceAccountRequest struct {

	// Required. The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The service account delete request.

func (*DeleteServiceAccountRequest) Descriptor deprecated 

func (*DeleteServiceAccountRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteServiceAccountRequest.ProtoReflect.Descriptor instead.

func (*DeleteServiceAccountRequest) GetName 

func (x *DeleteServiceAccountRequest) GetName() string

func (*DeleteServiceAccountRequest) ProtoMessage 

func (*DeleteServiceAccountRequest) ProtoMessage()

func (*DeleteServiceAccountRequest) ProtoReflect 

func (x *DeleteServiceAccountRequest) ProtoReflect() protoreflect.Message

func (*DeleteServiceAccountRequest) Reset 

func (x *DeleteServiceAccountRequest) Reset()

func (*DeleteServiceAccountRequest) String 

func (x *DeleteServiceAccountRequest) String() string

type DisableServiceAccountRequest 

type DisableServiceAccountRequest struct {

	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The service account disable request.

func (*DisableServiceAccountRequest) Descriptor deprecated 

func (*DisableServiceAccountRequest) Descriptor() ([]byte, []int)

Deprecated: Use DisableServiceAccountRequest.ProtoReflect.Descriptor instead.

func (*DisableServiceAccountRequest) GetName 

func (x *DisableServiceAccountRequest) GetName() string

func (*DisableServiceAccountRequest) ProtoMessage 

func (*DisableServiceAccountRequest) ProtoMessage()

func (*DisableServiceAccountRequest) ProtoReflect 

func (x *DisableServiceAccountRequest) ProtoReflect() protoreflect.Message

func (*DisableServiceAccountRequest) Reset 

func (x *DisableServiceAccountRequest) Reset()

func (*DisableServiceAccountRequest) String 

func (x *DisableServiceAccountRequest) String() string

type EnableServiceAccountRequest 

type EnableServiceAccountRequest struct {

	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The service account enable request.

func (*EnableServiceAccountRequest) Descriptor deprecated 

func (*EnableServiceAccountRequest) Descriptor() ([]byte, []int)

Deprecated: Use EnableServiceAccountRequest.ProtoReflect.Descriptor instead.

func (*EnableServiceAccountRequest) GetName 

func (x *EnableServiceAccountRequest) GetName() string

func (*EnableServiceAccountRequest) ProtoMessage 

func (*EnableServiceAccountRequest) ProtoMessage()

func (*EnableServiceAccountRequest) ProtoReflect 

func (x *EnableServiceAccountRequest) ProtoReflect() protoreflect.Message

func (*EnableServiceAccountRequest) Reset 

func (x *EnableServiceAccountRequest) Reset()

func (*EnableServiceAccountRequest) String 

func (x *EnableServiceAccountRequest) String() string

type GetRoleRequest 

type GetRoleRequest struct {

	// The `name` parameter's value depends on the target resource for the
	// request, namely
	// [`roles`](/iam/reference/rest/v1/roles),
	// [`projects`](/iam/reference/rest/v1/projects.roles), or
	// [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
	// resource type's `name` value format is described below:
	//
	// * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`.
	//   This method returns results from all
	//   [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
	//   Cloud IAM. Example request URL:
	//   `https://iam.googleapis.com/v1/roles/{ROLE_NAME}`
	//
	// * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get):
	//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only
	//   [custom roles](/iam/docs/understanding-custom-roles) that have been
	//   created at the project level. Example request URL:
	//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get):
	//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
	//   returns only [custom roles](/iam/docs/understanding-custom-roles) that
	//   have been created at the organization level. Example request URL:
	//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The request to get the definition of an existing role.

func (*GetRoleRequest) Descriptor deprecated 

func (*GetRoleRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetRoleRequest.ProtoReflect.Descriptor instead.

func (*GetRoleRequest) GetName 

func (x *GetRoleRequest) GetName() string

func (*GetRoleRequest) ProtoMessage 

func (*GetRoleRequest) ProtoMessage()

func (*GetRoleRequest) ProtoReflect 

func (x *GetRoleRequest) ProtoReflect() protoreflect.Message

func (*GetRoleRequest) Reset 

func (x *GetRoleRequest) Reset()

func (*GetRoleRequest) String 

func (x *GetRoleRequest) String() string

type GetServiceAccountKeyRequest 

type GetServiceAccountKeyRequest struct {

	// Required. The resource name of the service account key in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	//
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The output format of the public key requested.
	// X509_PEM is the default output format.
	PublicKeyType ServiceAccountPublicKeyType `` /* 156-byte string literal not displayed */
	// contains filtered or unexported fields
}

The service account key get by id request.

func (*GetServiceAccountKeyRequest) Descriptor deprecated 

func (*GetServiceAccountKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetServiceAccountKeyRequest.ProtoReflect.Descriptor instead.

func (*GetServiceAccountKeyRequest) GetName 

func (x *GetServiceAccountKeyRequest) GetName() string

func (*GetServiceAccountKeyRequest) GetPublicKeyType 

func (x *GetServiceAccountKeyRequest) GetPublicKeyType() ServiceAccountPublicKeyType

func (*GetServiceAccountKeyRequest) ProtoMessage 

func (*GetServiceAccountKeyRequest) ProtoMessage()

func (*GetServiceAccountKeyRequest) ProtoReflect 

func (x *GetServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (*GetServiceAccountKeyRequest) Reset 

func (x *GetServiceAccountKeyRequest) Reset()

func (*GetServiceAccountKeyRequest) String 

func (x *GetServiceAccountKeyRequest) String() string

type GetServiceAccountRequest 

type GetServiceAccountRequest struct {

	// Required. The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The service account get request.

func (*GetServiceAccountRequest) Descriptor deprecated 

func (*GetServiceAccountRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetServiceAccountRequest.ProtoReflect.Descriptor instead.

func (*GetServiceAccountRequest) GetName 

func (x *GetServiceAccountRequest) GetName() string

func (*GetServiceAccountRequest) ProtoMessage 

func (*GetServiceAccountRequest) ProtoMessage()

func (*GetServiceAccountRequest) ProtoReflect 

func (x *GetServiceAccountRequest) ProtoReflect() protoreflect.Message

func (*GetServiceAccountRequest) Reset 

func (x *GetServiceAccountRequest) Reset()

func (*GetServiceAccountRequest) String 

func (x *GetServiceAccountRequest) String() string

type IAMClient 

type IAMClient interface {
	// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
	ListServiceAccounts(ctx context.Context, in *ListServiceAccountsRequest, opts ...grpc.CallOption) (*ListServiceAccountsResponse, error)
	// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	GetServiceAccount(ctx context.Context, in *GetServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
	// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	CreateServiceAccount(ctx context.Context, in *CreateServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
	// **Note:** We are in the process of deprecating this method. Use
	// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
	//
	// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// You can update only the `display_name` and `description` fields.
	UpdateServiceAccount(ctx context.Context, in *ServiceAccount, opts ...grpc.CallOption) (*ServiceAccount, error)
	// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	PatchServiceAccount(ctx context.Context, in *PatchServiceAccountRequest, opts ...grpc.CallOption) (*ServiceAccount, error)
	// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Warning:** After you delete a service account, you might not be able to
	// undelete it. If you know that you need to re-enable the service account in
	// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
	//
	// If you delete a service account, IAM permanently removes the service
	// account 30 days later. Google Cloud cannot recover the service account
	// after it is permanently removed, even if you file a support request.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
	// service account, then wait at least 24 hours and watch for unintended
	// consequences. If there are no unintended consequences, you can delete the
	// service account.
	DeleteServiceAccount(ctx context.Context, in *DeleteServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Important:** It is not always possible to restore a deleted service
	// account. Use this method only as a last resort.
	//
	// After you delete a service account, IAM permanently removes the service
	// account 30 days later. There is no way to restore a deleted service account
	// that has been permanently removed.
	UndeleteServiceAccount(ctx context.Context, in *UndeleteServiceAccountRequest, opts ...grpc.CallOption) (*UndeleteServiceAccountResponse, error)
	// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
	// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
	//
	// If the service account is already enabled, then this method has no effect.
	//
	// If the service account was disabled by other means—for example, if Google
	// disabled the service account because it was compromised—you cannot use this
	// method to enable the service account.
	EnableServiceAccount(ctx context.Context, in *EnableServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
	//
	// If an application uses the service account to authenticate, that
	// application can no longer call Google APIs or access Google Cloud
	// resources. Existing access tokens for the service account are rejected, and
	// requests for new access tokens will fail.
	//
	// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
	// re-enable the service account, its existing access tokens will be accepted,
	// and you can request new access tokens.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use this method to disable the service
	// account, then wait at least 24 hours and watch for unintended consequences.
	// If there are no unintended consequences, you can delete the service account
	// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
	DisableServiceAccount(ctx context.Context, in *DisableServiceAccountRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
	ListServiceAccountKeys(ctx context.Context, in *ListServiceAccountKeysRequest, opts ...grpc.CallOption) (*ListServiceAccountKeysResponse, error)
	// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	GetServiceAccountKey(ctx context.Context, in *GetServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
	// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	CreateServiceAccountKey(ctx context.Context, in *CreateServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
	// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey], using a public key that you provide.
	UploadServiceAccountKey(ctx context.Context, in *UploadServiceAccountKeyRequest, opts ...grpc.CallOption) (*ServiceAccountKey, error)
	// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
	// revoke short-lived credentials that have been issued based on the service
	// account key.
	DeleteServiceAccountKey(ctx context.Context, in *DeleteServiceAccountKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignBlob(ctx context.Context, in *SignBlobRequest, opts ...grpc.CallOption) (*SignBlobResponse, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a JSON Web Token (JWT) using the system-managed private key for a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignJwt(ctx context.Context, in *SignJwtRequest, opts ...grpc.CallOption) (*SignJwtResponse, error)
	// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
	// policy specifies which members have access to the service account.
	//
	// This method does not tell you whether the service account has been granted
	// any roles on other resources. To check whether a service account has role
	// grants on a resource, use the `getIamPolicy` method for that resource. For
	// example, to view the role grants for a project, call the Resource Manager
	// API's
	// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
	// method.
	GetIamPolicy(ctx context.Context, in *v1.GetIamPolicyRequest, opts ...grpc.CallOption) (*v1.Policy, error)
	// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// Use this method to grant or revoke access to the service account. For
	// example, you could grant a member the ability to impersonate the service
	// account.
	//
	// This method does not enable the service account to access other resources.
	// To grant roles to a service account on a resource, follow these steps:
	//
	// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
	// 2. Edit the policy so that it binds the service account to an IAM role for
	// the resource.
	// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
	//
	// For detailed instructions, see
	// [Granting roles to a service account for specific
	// resources](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts).
	SetIamPolicy(ctx context.Context, in *v1.SetIamPolicyRequest, opts ...grpc.CallOption) (*v1.Policy, error)
	// Tests whether the caller has the specified permissions on a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	TestIamPermissions(ctx context.Context, in *v1.TestIamPermissionsRequest, opts ...grpc.CallOption) (*v1.TestIamPermissionsResponse, error)
	// Lists roles that can be granted on a Google Cloud resource. A role is
	// grantable if the IAM policy for the resource can contain bindings to the
	// role.
	QueryGrantableRoles(ctx context.Context, in *QueryGrantableRolesRequest, opts ...grpc.CallOption) (*QueryGrantableRolesResponse, error)
	// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
	// that is defined for an organization or project.
	ListRoles(ctx context.Context, in *ListRolesRequest, opts ...grpc.CallOption) (*ListRolesResponse, error)
	// Gets the definition of a [Role][google.iam.admin.v1.Role].
	GetRole(ctx context.Context, in *GetRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Creates a new custom [Role][google.iam.admin.v1.Role].
	CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
	UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Deletes a custom [Role][google.iam.admin.v1.Role].
	//
	// When you delete a custom role, the following changes occur immediately:
	//
	// * You cannot bind a member to the custom role in an IAM
	// [Policy][google.iam.v1.Policy].
	// * Existing bindings to the custom role are not changed, but they have no
	// effect.
	// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
	// role.
	//
	// You have 7 days to undelete the custom role. After 7 days, the following
	// changes occur:
	//
	// * The custom role is permanently deleted and cannot be recovered.
	// * If an IAM policy contains a binding to the custom role, the binding is
	// permanently removed.
	DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Undeletes a custom [Role][google.iam.admin.v1.Role].
	UndeleteRole(ctx context.Context, in *UndeleteRoleRequest, opts ...grpc.CallOption) (*Role, error)
	// Lists every permission that you can test on a resource. A permission is
	// testable if you can check whether a member has that permission on the
	// resource.
	QueryTestablePermissions(ctx context.Context, in *QueryTestablePermissionsRequest, opts ...grpc.CallOption) (*QueryTestablePermissionsResponse, error)
	// Returns a list of services that allow you to opt into audit logs that are
	// not generated by default.
	//
	// To learn more about audit logs, see the [Logging
	// documentation](https://cloud.google.com/logging/docs/audit).
	QueryAuditableServices(ctx context.Context, in *QueryAuditableServicesRequest, opts ...grpc.CallOption) (*QueryAuditableServicesResponse, error)
	// Lints, or validates, an IAM policy. Currently checks the
	// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
	// expression for a role binding.
	//
	// Successful calls to this method always return an HTTP `200 OK` status code,
	// even if the linter detects an issue in the IAM policy.
	LintPolicy(ctx context.Context, in *LintPolicyRequest, opts ...grpc.CallOption) (*LintPolicyResponse, error)
}

IAMClient is the client API for IAM service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewIAMClient 

func NewIAMClient(cc grpc.ClientConnInterface) IAMClient

type IAMServer 

type IAMServer interface {
	// Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
	ListServiceAccounts(context.Context, *ListServiceAccountsRequest) (*ListServiceAccountsResponse, error)
	// Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	GetServiceAccount(context.Context, *GetServiceAccountRequest) (*ServiceAccount, error)
	// Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	CreateServiceAccount(context.Context, *CreateServiceAccountRequest) (*ServiceAccount, error)
	// **Note:** We are in the process of deprecating this method. Use
	// [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead.
	//
	// Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// You can update only the `display_name` and `description` fields.
	UpdateServiceAccount(context.Context, *ServiceAccount) (*ServiceAccount, error)
	// Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	PatchServiceAccount(context.Context, *PatchServiceAccountRequest) (*ServiceAccount, error)
	// Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Warning:** After you delete a service account, you might not be able to
	// undelete it. If you know that you need to re-enable the service account in
	// the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead.
	//
	// If you delete a service account, IAM permanently removes the service
	// account 30 days later. Google Cloud cannot recover the service account
	// after it is permanently removed, even if you file a support request.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the
	// service account, then wait at least 24 hours and watch for unintended
	// consequences. If there are no unintended consequences, you can delete the
	// service account.
	DeleteServiceAccount(context.Context, *DeleteServiceAccountRequest) (*emptypb.Empty, error)
	// Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// **Important:** It is not always possible to restore a deleted service
	// account. Use this method only as a last resort.
	//
	// After you delete a service account, IAM permanently removes the service
	// account 30 days later. There is no way to restore a deleted service account
	// that has been permanently removed.
	UndeleteServiceAccount(context.Context, *UndeleteServiceAccountRequest) (*UndeleteServiceAccountResponse, error)
	// Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by
	// [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
	//
	// If the service account is already enabled, then this method has no effect.
	//
	// If the service account was disabled by other means—for example, if Google
	// disabled the service account because it was compromised—you cannot use this
	// method to enable the service account.
	EnableServiceAccount(context.Context, *EnableServiceAccountRequest) (*emptypb.Empty, error)
	// Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
	//
	// If an application uses the service account to authenticate, that
	// application can no longer call Google APIs or access Google Cloud
	// resources. Existing access tokens for the service account are rejected, and
	// requests for new access tokens will fail.
	//
	// To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you
	// re-enable the service account, its existing access tokens will be accepted,
	// and you can request new access tokens.
	//
	// To help avoid unplanned outages, we recommend that you disable the service
	// account before you delete it. Use this method to disable the service
	// account, then wait at least 24 hours and watch for unintended consequences.
	// If there are no unintended consequences, you can delete the service account
	// with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].
	DisableServiceAccount(context.Context, *DisableServiceAccountRequest) (*emptypb.Empty, error)
	// Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
	ListServiceAccountKeys(context.Context, *ListServiceAccountKeysRequest) (*ListServiceAccountKeysResponse, error)
	// Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	GetServiceAccountKey(context.Context, *GetServiceAccountKeyRequest) (*ServiceAccountKey, error)
	// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
	CreateServiceAccountKey(context.Context, *CreateServiceAccountKeyRequest) (*ServiceAccountKey, error)
	// Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey], using a public key that you provide.
	UploadServiceAccountKey(context.Context, *UploadServiceAccountKeyRequest) (*ServiceAccountKey, error)
	// Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not
	// revoke short-lived credentials that have been issued based on the service
	// account key.
	DeleteServiceAccountKey(context.Context, *DeleteServiceAccountKeyRequest) (*emptypb.Empty, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)
	// Deprecated: Do not use.
	// **Note:** This method is deprecated. Use the
	// [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
	// method in the IAM Service Account Credentials API instead. If you currently
	// use this method, see the [migration
	// guide](https://cloud.google.com/iam/help/credentials/migrate-api) for
	// instructions.
	//
	// Signs a JSON Web Token (JWT) using the system-managed private key for a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)
	// Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM
	// policy specifies which members have access to the service account.
	//
	// This method does not tell you whether the service account has been granted
	// any roles on other resources. To check whether a service account has role
	// grants on a resource, use the `getIamPolicy` method for that resource. For
	// example, to view the role grants for a project, call the Resource Manager
	// API's
	// [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
	// method.
	GetIamPolicy(context.Context, *v1.GetIamPolicyRequest) (*v1.Policy, error)
	// Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	//
	// Use this method to grant or revoke access to the service account. For
	// example, you could grant a member the ability to impersonate the service
	// account.
	//
	// This method does not enable the service account to access other resources.
	// To grant roles to a service account on a resource, follow these steps:
	//
	// 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
	// 2. Edit the policy so that it binds the service account to an IAM role for
	// the resource.
	// 3. Call the resource's `setIamPolicy` method to update its IAM policy.
	//
	// For detailed instructions, see
	// [Granting roles to a service account for specific
	// resources](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts).
	SetIamPolicy(context.Context, *v1.SetIamPolicyRequest) (*v1.Policy, error)
	// Tests whether the caller has the specified permissions on a
	// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
	TestIamPermissions(context.Context, *v1.TestIamPermissionsRequest) (*v1.TestIamPermissionsResponse, error)
	// Lists roles that can be granted on a Google Cloud resource. A role is
	// grantable if the IAM policy for the resource can contain bindings to the
	// role.
	QueryGrantableRoles(context.Context, *QueryGrantableRolesRequest) (*QueryGrantableRolesResponse, error)
	// Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role
	// that is defined for an organization or project.
	ListRoles(context.Context, *ListRolesRequest) (*ListRolesResponse, error)
	// Gets the definition of a [Role][google.iam.admin.v1.Role].
	GetRole(context.Context, *GetRoleRequest) (*Role, error)
	// Creates a new custom [Role][google.iam.admin.v1.Role].
	CreateRole(context.Context, *CreateRoleRequest) (*Role, error)
	// Updates the definition of a custom [Role][google.iam.admin.v1.Role].
	UpdateRole(context.Context, *UpdateRoleRequest) (*Role, error)
	// Deletes a custom [Role][google.iam.admin.v1.Role].
	//
	// When you delete a custom role, the following changes occur immediately:
	//
	// * You cannot bind a member to the custom role in an IAM
	// [Policy][google.iam.v1.Policy].
	// * Existing bindings to the custom role are not changed, but they have no
	// effect.
	// * By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom
	// role.
	//
	// You have 7 days to undelete the custom role. After 7 days, the following
	// changes occur:
	//
	// * The custom role is permanently deleted and cannot be recovered.
	// * If an IAM policy contains a binding to the custom role, the binding is
	// permanently removed.
	DeleteRole(context.Context, *DeleteRoleRequest) (*Role, error)
	// Undeletes a custom [Role][google.iam.admin.v1.Role].
	UndeleteRole(context.Context, *UndeleteRoleRequest) (*Role, error)
	// Lists every permission that you can test on a resource. A permission is
	// testable if you can check whether a member has that permission on the
	// resource.
	QueryTestablePermissions(context.Context, *QueryTestablePermissionsRequest) (*QueryTestablePermissionsResponse, error)
	// Returns a list of services that allow you to opt into audit logs that are
	// not generated by default.
	//
	// To learn more about audit logs, see the [Logging
	// documentation](https://cloud.google.com/logging/docs/audit).
	QueryAuditableServices(context.Context, *QueryAuditableServicesRequest) (*QueryAuditableServicesResponse, error)
	// Lints, or validates, an IAM policy. Currently checks the
	// [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition
	// expression for a role binding.
	//
	// Successful calls to this method always return an HTTP `200 OK` status code,
	// even if the linter detects an issue in the IAM policy.
	LintPolicy(context.Context, *LintPolicyRequest) (*LintPolicyResponse, error)
}

IAMServer is the server API for IAM service.

type LintPolicyRequest 

type LintPolicyRequest struct {

	// The full resource name of the policy this lint request is about.
	//
	// The name follows the Google Cloud Platform (GCP) resource format.
	// For example, a GCP project with ID `my-project` will be named
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	//
	// The resource name is not used to read the policy instance from the Cloud
	// IAM database. The candidate policy for lint has to be provided in the same
	// request object.
	FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// Required. The Cloud IAM object to be linted.
	//
	// Types that are assignable to LintObject:
	//	*LintPolicyRequest_Condition
	LintObject isLintPolicyRequest_LintObject `protobuf_oneof:"lint_object"`
	// contains filtered or unexported fields
}

The request to lint a Cloud IAM policy object.

func (*LintPolicyRequest) Descriptor deprecated 

func (*LintPolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use LintPolicyRequest.ProtoReflect.Descriptor instead.

func (*LintPolicyRequest) GetCondition 

func (x *LintPolicyRequest) GetCondition() *expr.Expr

func (*LintPolicyRequest) GetFullResourceName 

func (x *LintPolicyRequest) GetFullResourceName() string

func (*LintPolicyRequest) GetLintObject 

func (m *LintPolicyRequest) GetLintObject() isLintPolicyRequest_LintObject

func (*LintPolicyRequest) ProtoMessage 

func (*LintPolicyRequest) ProtoMessage()

func (*LintPolicyRequest) ProtoReflect 

func (x *LintPolicyRequest) ProtoReflect() protoreflect.Message

func (*LintPolicyRequest) Reset 

func (x *LintPolicyRequest) Reset()

func (*LintPolicyRequest) String 

func (x *LintPolicyRequest) String() string

type LintPolicyRequest_Condition 

type LintPolicyRequest_Condition struct {
	// [google.iam.v1.Binding.condition] [google.iam.v1.Binding.condition] object to be linted.
	Condition *expr.Expr `protobuf:"bytes,5,opt,name=condition,proto3,oneof"`
}

type LintPolicyResponse 

type LintPolicyResponse struct {

	// List of lint results sorted by `severity` in descending order.
	LintResults []*LintResult `protobuf:"bytes,1,rep,name=lint_results,json=lintResults,proto3" json:"lint_results,omitempty"`
	// contains filtered or unexported fields
}

The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.

func (*LintPolicyResponse) Descriptor deprecated 

func (*LintPolicyResponse) Descriptor() ([]byte, []int)

Deprecated: Use LintPolicyResponse.ProtoReflect.Descriptor instead.

func (*LintPolicyResponse) GetLintResults 

func (x *LintPolicyResponse) GetLintResults() []*LintResult

func (*LintPolicyResponse) ProtoMessage 

func (*LintPolicyResponse) ProtoMessage()

func (*LintPolicyResponse) ProtoReflect 

func (x *LintPolicyResponse) ProtoReflect() protoreflect.Message

func (*LintPolicyResponse) Reset 

func (x *LintPolicyResponse) Reset()

func (*LintPolicyResponse) String 

func (x *LintPolicyResponse) String() string

type LintResult 

type LintResult struct {

	// The validation unit level.
	Level LintResult_Level `protobuf:"varint,1,opt,name=level,proto3,enum=google.iam.admin.v1.LintResult_Level" json:"level,omitempty"`
	// The validation unit name, for instance
	// "lintValidationUnits/ConditionComplexityCheck".
	ValidationUnitName string `protobuf:"bytes,2,opt,name=validation_unit_name,json=validationUnitName,proto3" json:"validation_unit_name,omitempty"`
	// The validation unit severity.
	Severity LintResult_Severity `protobuf:"varint,3,opt,name=severity,proto3,enum=google.iam.admin.v1.LintResult_Severity" json:"severity,omitempty"`
	// The name of the field for which this lint result is about.
	//
	// For nested messages `field_name` consists of names of the embedded fields
	// separated by period character. The top-level qualifier is the input object
	// to lint in the request. For example, the `field_name` value
	// `condition.expression` identifies a lint result for the `expression` field
	// of the provided condition.
	FieldName string `protobuf:"bytes,5,opt,name=field_name,json=fieldName,proto3" json:"field_name,omitempty"`
	// 0-based character position of problematic construct within the object
	// identified by `field_name`. Currently, this is populated only for condition
	// expression.
	LocationOffset int32 `protobuf:"varint,6,opt,name=location_offset,json=locationOffset,proto3" json:"location_offset,omitempty"`
	// Human readable debug message associated with the issue.
	DebugMessage string `protobuf:"bytes,7,opt,name=debug_message,json=debugMessage,proto3" json:"debug_message,omitempty"`
	// contains filtered or unexported fields
}

Structured response of a single validation unit.

func (*LintResult) Descriptor deprecated 

func (*LintResult) Descriptor() ([]byte, []int)

Deprecated: Use LintResult.ProtoReflect.Descriptor instead.

func (*LintResult) GetDebugMessage 

func (x *LintResult) GetDebugMessage() string

func (*LintResult) GetFieldName 

func (x *LintResult) GetFieldName() string

func (*LintResult) GetLevel 

func (x *LintResult) GetLevel() LintResult_Level

func (*LintResult) GetLocationOffset 

func (x *LintResult) GetLocationOffset() int32

func (*LintResult) GetSeverity 

func (x *LintResult) GetSeverity() LintResult_Severity

func (*LintResult) GetValidationUnitName 

func (x *LintResult) GetValidationUnitName() string

func (*LintResult) ProtoMessage 

func (*LintResult) ProtoMessage()

func (*LintResult) ProtoReflect 

func (x *LintResult) ProtoReflect() protoreflect.Message

func (*LintResult) Reset 

func (x *LintResult) Reset()

func (*LintResult) String 

func (x *LintResult) String() string

type LintResult_Level 

type LintResult_Level int32

Possible Level values of a validation unit corresponding to its domain of discourse. 

const (
	// Level is unspecified.
	LintResult_LEVEL_UNSPECIFIED LintResult_Level = 0
	// A validation unit which operates on an individual condition within a
	// binding.
	LintResult_CONDITION LintResult_Level = 3
)

func (LintResult_Level) Descriptor 

func (LintResult_Level) Descriptor() protoreflect.EnumDescriptor

func (LintResult_Level) Enum 

func (x LintResult_Level) Enum() *LintResult_Level

func (LintResult_Level) EnumDescriptor deprecated 

func (LintResult_Level) EnumDescriptor() ([]byte, []int)

Deprecated: Use LintResult_Level.Descriptor instead.

func (LintResult_Level) Number 

func (x LintResult_Level) Number() protoreflect.EnumNumber

func (LintResult_Level) String 

func (x LintResult_Level) String() string

func (LintResult_Level) Type 

func (LintResult_Level) Type() protoreflect.EnumType

type LintResult_Severity 

type LintResult_Severity int32

Possible Severity values of an issued result. 

const (
	// Severity is unspecified.
	LintResult_SEVERITY_UNSPECIFIED LintResult_Severity = 0
	// A validation unit returns an error only for critical issues. If an
	// attempt is made to set the problematic policy without rectifying the
	// critical issue, it causes the `setPolicy` operation to fail.
	LintResult_ERROR LintResult_Severity = 1
	// Any issue which is severe enough but does not cause an error.
	// For example, suspicious constructs in the input object will not
	// necessarily fail `setPolicy`, but there is a high likelihood that they
	// won't behave as expected during policy evaluation in `checkPolicy`.
	// This includes the following common scenarios:
	//
	// - Unsatisfiable condition: Expired timestamp in date/time condition.
	// - Ineffective condition: Condition on a <member, role> pair which is
	//   granted unconditionally in another binding of the same policy.
	LintResult_WARNING LintResult_Severity = 2
	// Reserved for the issues that are not severe as `ERROR`/`WARNING`, but
	// need special handling. For instance, messages about skipped validation
	// units are issued as `NOTICE`.
	LintResult_NOTICE LintResult_Severity = 3
	// Any informative statement which is not severe enough to raise
	// `ERROR`/`WARNING`/`NOTICE`, like auto-correction recommendations on the
	// input content. Note that current version of the linter does not utilize
	// `INFO`.
	LintResult_INFO LintResult_Severity = 4
	// Deprecated severity level.
	LintResult_DEPRECATED LintResult_Severity = 5
)

func (LintResult_Severity) Descriptor 

func (LintResult_Severity) Descriptor() protoreflect.EnumDescriptor

func (LintResult_Severity) Enum 

func (x LintResult_Severity) Enum() *LintResult_Severity

func (LintResult_Severity) EnumDescriptor deprecated 

func (LintResult_Severity) EnumDescriptor() ([]byte, []int)

Deprecated: Use LintResult_Severity.Descriptor instead.

func (LintResult_Severity) Number 

func (x LintResult_Severity) Number() protoreflect.EnumNumber

func (LintResult_Severity) String 

func (x LintResult_Severity) String() string

func (LintResult_Severity) Type 

func (LintResult_Severity) Type() protoreflect.EnumType

type ListRolesRequest 

type ListRolesRequest struct {

	// The `parent` parameter's value depends on the target resource for the
	// request, namely
	// [`roles`](/iam/reference/rest/v1/roles),
	// [`projects`](/iam/reference/rest/v1/projects.roles), or
	// [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
	// resource type's `parent` value format is described below:
	//
	// * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
	//   This method doesn't require a resource; it simply returns all
	//   [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
	//   Cloud IAM. Example request URL:
	//   `https://iam.googleapis.com/v1/roles`
	//
	// * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list):
	//   `projects/{PROJECT_ID}`. This method lists all project-level
	//   [custom roles](/iam/docs/understanding-custom-roles).
	//   Example request URL:
	//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
	//
	// * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list):
	//   `organizations/{ORGANIZATION_ID}`. This method lists all
	//   organization-level [custom roles](/iam/docs/understanding-custom-roles).
	//   Example request URL:
	//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional limit on the number of roles to include in the response.
	//
	// The default is 300, and the maximum is 1,000.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional pagination token returned in an earlier ListRolesResponse.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional view for the returned Role objects. When `FULL` is specified,
	// the `includedPermissions` field is returned, which includes a list of all
	// permissions in the role. The default value is `BASIC`, which does not
	// return the `includedPermissions` field.
	View RoleView `protobuf:"varint,4,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
	// Include Roles that have been deleted.
	ShowDeleted bool `protobuf:"varint,6,opt,name=show_deleted,json=showDeleted,proto3" json:"show_deleted,omitempty"`
	// contains filtered or unexported fields
}

The request to get all roles defined under a resource.

func (*ListRolesRequest) Descriptor deprecated 

func (*ListRolesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListRolesRequest.ProtoReflect.Descriptor instead.

func (*ListRolesRequest) GetPageSize 

func (x *ListRolesRequest) GetPageSize() int32

func (*ListRolesRequest) GetPageToken 

func (x *ListRolesRequest) GetPageToken() string

func (*ListRolesRequest) GetParent 

func (x *ListRolesRequest) GetParent() string

func (*ListRolesRequest) GetShowDeleted 

func (x *ListRolesRequest) GetShowDeleted() bool

func (*ListRolesRequest) GetView 

func (x *ListRolesRequest) GetView() RoleView

func (*ListRolesRequest) ProtoMessage 

func (*ListRolesRequest) ProtoMessage()

func (*ListRolesRequest) ProtoReflect 

func (x *ListRolesRequest) ProtoReflect() protoreflect.Message

func (*ListRolesRequest) Reset 

func (x *ListRolesRequest) Reset()

func (*ListRolesRequest) String 

func (x *ListRolesRequest) String() string

type ListRolesResponse 

type ListRolesResponse struct {

	// The Roles defined on this resource.
	Roles []*Role `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
	// To retrieve the next page of results, set
	// `ListRolesRequest.page_token` to this value.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

The response containing the roles defined under a resource.

func (*ListRolesResponse) Descriptor deprecated 

func (*ListRolesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListRolesResponse.ProtoReflect.Descriptor instead.

func (*ListRolesResponse) GetNextPageToken 

func (x *ListRolesResponse) GetNextPageToken() string

func (*ListRolesResponse) GetRoles 

func (x *ListRolesResponse) GetRoles() []*Role

func (*ListRolesResponse) ProtoMessage 

func (*ListRolesResponse) ProtoMessage()

func (*ListRolesResponse) ProtoReflect 

func (x *ListRolesResponse) ProtoReflect() protoreflect.Message

func (*ListRolesResponse) Reset 

func (x *ListRolesResponse) Reset()

func (*ListRolesResponse) String 

func (x *ListRolesResponse) String() string

type ListServiceAccountKeysRequest 

type ListServiceAccountKeysRequest struct {

	// Required. The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	//
	// Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Filters the types of keys the user wants to include in the list
	// response. Duplicate key types are not allowed. If no key type
	// is provided, all keys are returned.
	KeyTypes []ListServiceAccountKeysRequest_KeyType `` /* 156-byte string literal not displayed */
	// contains filtered or unexported fields
}

The service account keys list request.

func (*ListServiceAccountKeysRequest) Descriptor deprecated 

func (*ListServiceAccountKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListServiceAccountKeysRequest.ProtoReflect.Descriptor instead.

func (*ListServiceAccountKeysRequest) GetKeyTypes 

func (x *ListServiceAccountKeysRequest) GetKeyTypes() []ListServiceAccountKeysRequest_KeyType

func (*ListServiceAccountKeysRequest) GetName 

func (x *ListServiceAccountKeysRequest) GetName() string

func (*ListServiceAccountKeysRequest) ProtoMessage 

func (*ListServiceAccountKeysRequest) ProtoMessage()

func (*ListServiceAccountKeysRequest) ProtoReflect 

func (x *ListServiceAccountKeysRequest) ProtoReflect() protoreflect.Message

func (*ListServiceAccountKeysRequest) Reset 

func (x *ListServiceAccountKeysRequest) Reset()

func (*ListServiceAccountKeysRequest) String 

func (x *ListServiceAccountKeysRequest) String() string

type ListServiceAccountKeysRequest_KeyType 

type ListServiceAccountKeysRequest_KeyType int32

`KeyType` filters to selectively retrieve certain varieties of keys. 

const (
	// Unspecified key type. The presence of this in the
	// message will immediately result in an error.
	ListServiceAccountKeysRequest_KEY_TYPE_UNSPECIFIED ListServiceAccountKeysRequest_KeyType = 0
	// User-managed keys (managed and rotated by the user).
	ListServiceAccountKeysRequest_USER_MANAGED ListServiceAccountKeysRequest_KeyType = 1
	// System-managed keys (managed and rotated by Google).
	ListServiceAccountKeysRequest_SYSTEM_MANAGED ListServiceAccountKeysRequest_KeyType = 2
)

func (ListServiceAccountKeysRequest_KeyType) Descriptor 

func (ListServiceAccountKeysRequest_KeyType) Descriptor() protoreflect.EnumDescriptor

func (ListServiceAccountKeysRequest_KeyType) Enum 

func (x ListServiceAccountKeysRequest_KeyType) Enum() *ListServiceAccountKeysRequest_KeyType

func (ListServiceAccountKeysRequest_KeyType) EnumDescriptor deprecated 

func (ListServiceAccountKeysRequest_KeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use ListServiceAccountKeysRequest_KeyType.Descriptor instead.

func (ListServiceAccountKeysRequest_KeyType) Number 

func (x ListServiceAccountKeysRequest_KeyType) Number() protoreflect.EnumNumber

func (ListServiceAccountKeysRequest_KeyType) String 

func (x ListServiceAccountKeysRequest_KeyType) String() string

func (ListServiceAccountKeysRequest_KeyType) Type 

func (ListServiceAccountKeysRequest_KeyType) Type() protoreflect.EnumType

type ListServiceAccountKeysResponse 

type ListServiceAccountKeysResponse struct {

	// The public keys for the service account.
	Keys []*ServiceAccountKey `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
	// contains filtered or unexported fields
}

The service account keys list response.

func (*ListServiceAccountKeysResponse) Descriptor deprecated 

func (*ListServiceAccountKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListServiceAccountKeysResponse.ProtoReflect.Descriptor instead.

func (*ListServiceAccountKeysResponse) GetKeys 

func (x *ListServiceAccountKeysResponse) GetKeys() []*ServiceAccountKey

func (*ListServiceAccountKeysResponse) ProtoMessage 

func (*ListServiceAccountKeysResponse) ProtoMessage()

func (*ListServiceAccountKeysResponse) ProtoReflect 

func (x *ListServiceAccountKeysResponse) ProtoReflect() protoreflect.Message

func (*ListServiceAccountKeysResponse) Reset 

func (x *ListServiceAccountKeysResponse) Reset()

func (*ListServiceAccountKeysResponse) String 

func (x *ListServiceAccountKeysResponse) String() string

type ListServiceAccountsRequest 

type ListServiceAccountsRequest struct {

	// Required. The resource name of the project associated with the service
	// accounts, such as `projects/my-project-123`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional limit on the number of service accounts to include in the
	// response. Further accounts can subsequently be obtained by including the
	// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token]
	// in a subsequent request.
	//
	// The default is 20, and the maximum is 100.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional pagination token returned in an earlier
	// [ListServiceAccountsResponse.next_page_token][google.iam.admin.v1.ListServiceAccountsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

The service account list request.

func (*ListServiceAccountsRequest) Descriptor deprecated 

func (*ListServiceAccountsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListServiceAccountsRequest.ProtoReflect.Descriptor instead.

func (*ListServiceAccountsRequest) GetName 

func (x *ListServiceAccountsRequest) GetName() string

func (*ListServiceAccountsRequest) GetPageSize 

func (x *ListServiceAccountsRequest) GetPageSize() int32

func (*ListServiceAccountsRequest) GetPageToken 

func (x *ListServiceAccountsRequest) GetPageToken() string

func (*ListServiceAccountsRequest) ProtoMessage 

func (*ListServiceAccountsRequest) ProtoMessage()

func (*ListServiceAccountsRequest) ProtoReflect 

func (x *ListServiceAccountsRequest) ProtoReflect() protoreflect.Message

func (*ListServiceAccountsRequest) Reset 

func (x *ListServiceAccountsRequest) Reset()

func (*ListServiceAccountsRequest) String 

func (x *ListServiceAccountsRequest) String() string

type ListServiceAccountsResponse 

type ListServiceAccountsResponse struct {

	// The list of matching service accounts.
	Accounts []*ServiceAccount `protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
	// To retrieve the next page of results, set
	// [ListServiceAccountsRequest.page_token][google.iam.admin.v1.ListServiceAccountsRequest.page_token]
	// to this value.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

The service account list response.

func (*ListServiceAccountsResponse) Descriptor deprecated 

func (*ListServiceAccountsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListServiceAccountsResponse.ProtoReflect.Descriptor instead.

func (*ListServiceAccountsResponse) GetAccounts 

func (x *ListServiceAccountsResponse) GetAccounts() []*ServiceAccount

func (*ListServiceAccountsResponse) GetNextPageToken 

func (x *ListServiceAccountsResponse) GetNextPageToken() string

func (*ListServiceAccountsResponse) ProtoMessage 

func (*ListServiceAccountsResponse) ProtoMessage()

func (*ListServiceAccountsResponse) ProtoReflect 

func (x *ListServiceAccountsResponse) ProtoReflect() protoreflect.Message

func (*ListServiceAccountsResponse) Reset 

func (x *ListServiceAccountsResponse) Reset()

func (*ListServiceAccountsResponse) String 

func (x *ListServiceAccountsResponse) String() string

type PatchServiceAccountRequest 

type PatchServiceAccountRequest struct {
	ServiceAccount *ServiceAccount        `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
	UpdateMask     *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

The request for [PatchServiceAccount][google.iam.admin.v1.PatchServiceAccount].

You can patch only the `display_name` and `description` fields. You must use the `update_mask` field to specify which of these fields you want to patch.

Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.

func (*PatchServiceAccountRequest) Descriptor deprecated 

func (*PatchServiceAccountRequest) Descriptor() ([]byte, []int)

Deprecated: Use PatchServiceAccountRequest.ProtoReflect.Descriptor instead.

func (*PatchServiceAccountRequest) GetServiceAccount 

func (x *PatchServiceAccountRequest) GetServiceAccount() *ServiceAccount

func (*PatchServiceAccountRequest) GetUpdateMask 

func (x *PatchServiceAccountRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*PatchServiceAccountRequest) ProtoMessage 

func (*PatchServiceAccountRequest) ProtoMessage()

func (*PatchServiceAccountRequest) ProtoReflect 

func (x *PatchServiceAccountRequest) ProtoReflect() protoreflect.Message

func (*PatchServiceAccountRequest) Reset 

func (x *PatchServiceAccountRequest) Reset()

func (*PatchServiceAccountRequest) String 

func (x *PatchServiceAccountRequest) String() string

type Permission 

type Permission struct {

	// The name of this Permission.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The title of this Permission.
	Title string `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
	// A brief description of what this Permission is used for.
	// This permission can ONLY be used in predefined roles.
	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// Deprecated: Do not use.
	OnlyInPredefinedRoles bool `` /* 129-byte string literal not displayed */
	// The current launch stage of the permission.
	Stage Permission_PermissionLaunchStage `protobuf:"varint,5,opt,name=stage,proto3,enum=google.iam.admin.v1.Permission_PermissionLaunchStage" json:"stage,omitempty"`
	// The current custom role support level.
	CustomRolesSupportLevel Permission_CustomRolesSupportLevel `` /* 195-byte string literal not displayed */
	// The service API associated with the permission is not enabled.
	ApiDisabled bool `protobuf:"varint,7,opt,name=api_disabled,json=apiDisabled,proto3" json:"api_disabled,omitempty"`
	// The preferred name for this permission. If present, then this permission is
	// an alias of, and equivalent to, the listed primary_permission.
	PrimaryPermission string `protobuf:"bytes,8,opt,name=primary_permission,json=primaryPermission,proto3" json:"primary_permission,omitempty"`
	// contains filtered or unexported fields
}

A permission which can be included by a role.

func (*Permission) Descriptor deprecated 

func (*Permission) Descriptor() ([]byte, []int)

Deprecated: Use Permission.ProtoReflect.Descriptor instead.

func (*Permission) GetApiDisabled 

func (x *Permission) GetApiDisabled() bool

func (*Permission) GetCustomRolesSupportLevel 

func (x *Permission) GetCustomRolesSupportLevel() Permission_CustomRolesSupportLevel

func (*Permission) GetDescription 

func (x *Permission) GetDescription() string

func (*Permission) GetName 

func (x *Permission) GetName() string

func (*Permission) GetOnlyInPredefinedRoles deprecated 

func (x *Permission) GetOnlyInPredefinedRoles() bool

Deprecated: Do not use.

func (*Permission) GetPrimaryPermission 

func (x *Permission) GetPrimaryPermission() string

func (*Permission) GetStage 

func (x *Permission) GetStage() Permission_PermissionLaunchStage

func (*Permission) GetTitle 

func (x *Permission) GetTitle() string

func (*Permission) ProtoMessage 

func (*Permission) ProtoMessage()

func (*Permission) ProtoReflect 

func (x *Permission) ProtoReflect() protoreflect.Message

func (*Permission) Reset 

func (x *Permission) Reset()

func (*Permission) String 

func (x *Permission) String() string

type Permission_CustomRolesSupportLevel 

type Permission_CustomRolesSupportLevel int32

The state of the permission with regards to custom roles. 

const (
	// Permission is fully supported for custom role use.
	Permission_SUPPORTED Permission_CustomRolesSupportLevel = 0
	// Permission is being tested to check custom role compatibility.
	Permission_TESTING Permission_CustomRolesSupportLevel = 1
	// Permission is not supported for custom role use.
	Permission_NOT_SUPPORTED Permission_CustomRolesSupportLevel = 2
)

func (Permission_CustomRolesSupportLevel) Descriptor 

func (Permission_CustomRolesSupportLevel) Descriptor() protoreflect.EnumDescriptor

func (Permission_CustomRolesSupportLevel) Enum 

func (x Permission_CustomRolesSupportLevel) Enum() *Permission_CustomRolesSupportLevel

func (Permission_CustomRolesSupportLevel) EnumDescriptor deprecated 

func (Permission_CustomRolesSupportLevel) EnumDescriptor() ([]byte, []int)

Deprecated: Use Permission_CustomRolesSupportLevel.Descriptor instead.

func (Permission_CustomRolesSupportLevel) Number 

func (x Permission_CustomRolesSupportLevel) Number() protoreflect.EnumNumber

func (Permission_CustomRolesSupportLevel) String 

func (x Permission_CustomRolesSupportLevel) String() string

func (Permission_CustomRolesSupportLevel) Type 

func (Permission_CustomRolesSupportLevel) Type() protoreflect.EnumType

type Permission_PermissionLaunchStage 

type Permission_PermissionLaunchStage int32

A stage representing a permission's lifecycle phase. 

const (
	// The permission is currently in an alpha phase.
	Permission_ALPHA Permission_PermissionLaunchStage = 0
	// The permission is currently in a beta phase.
	Permission_BETA Permission_PermissionLaunchStage = 1
	// The permission is generally available.
	Permission_GA Permission_PermissionLaunchStage = 2
	// The permission is being deprecated.
	Permission_DEPRECATED Permission_PermissionLaunchStage = 3
)

func (Permission_PermissionLaunchStage) Descriptor 

func (Permission_PermissionLaunchStage) Descriptor() protoreflect.EnumDescriptor

func (Permission_PermissionLaunchStage) Enum 

func (x Permission_PermissionLaunchStage) Enum() *Permission_PermissionLaunchStage

func (Permission_PermissionLaunchStage) EnumDescriptor deprecated 

func (Permission_PermissionLaunchStage) EnumDescriptor() ([]byte, []int)

Deprecated: Use Permission_PermissionLaunchStage.Descriptor instead.

func (Permission_PermissionLaunchStage) Number 

func (x Permission_PermissionLaunchStage) Number() protoreflect.EnumNumber

func (Permission_PermissionLaunchStage) String 

func (x Permission_PermissionLaunchStage) String() string

func (Permission_PermissionLaunchStage) Type 

func (Permission_PermissionLaunchStage) Type() protoreflect.EnumType

type QueryAuditableServicesRequest 

type QueryAuditableServicesRequest struct {

	// Required. The full resource name to query from the list of auditable
	// services.
	//
	// The name follows the Google Cloud Platform resource format.
	// For example, a Cloud Platform project with id `my-project` will be named
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// contains filtered or unexported fields
}

A request to get the list of auditable services for a resource.

func (*QueryAuditableServicesRequest) Descriptor deprecated 

func (*QueryAuditableServicesRequest) Descriptor() ([]byte, []int)

Deprecated: Use QueryAuditableServicesRequest.ProtoReflect.Descriptor instead.

func (*QueryAuditableServicesRequest) GetFullResourceName 

func (x *QueryAuditableServicesRequest) GetFullResourceName() string

func (*QueryAuditableServicesRequest) ProtoMessage 

func (*QueryAuditableServicesRequest) ProtoMessage()

func (*QueryAuditableServicesRequest) ProtoReflect 

func (x *QueryAuditableServicesRequest) ProtoReflect() protoreflect.Message

func (*QueryAuditableServicesRequest) Reset 

func (x *QueryAuditableServicesRequest) Reset()

func (*QueryAuditableServicesRequest) String 

func (x *QueryAuditableServicesRequest) String() string

type QueryAuditableServicesResponse 

type QueryAuditableServicesResponse struct {

	// The auditable services for a resource.
	Services []*QueryAuditableServicesResponse_AuditableService `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
	// contains filtered or unexported fields
}

A response containing a list of auditable services for a resource.

func (*QueryAuditableServicesResponse) Descriptor deprecated 

func (*QueryAuditableServicesResponse) Descriptor() ([]byte, []int)

Deprecated: Use QueryAuditableServicesResponse.ProtoReflect.Descriptor instead.

func (*QueryAuditableServicesResponse) GetServices 

func (x *QueryAuditableServicesResponse) GetServices() []*QueryAuditableServicesResponse_AuditableService

func (*QueryAuditableServicesResponse) ProtoMessage 

func (*QueryAuditableServicesResponse) ProtoMessage()

func (*QueryAuditableServicesResponse) ProtoReflect 

func (x *QueryAuditableServicesResponse) ProtoReflect() protoreflect.Message

func (*QueryAuditableServicesResponse) Reset 

func (x *QueryAuditableServicesResponse) Reset()

func (*QueryAuditableServicesResponse) String 

func (x *QueryAuditableServicesResponse) String() string

type QueryAuditableServicesResponse_AuditableService 

type QueryAuditableServicesResponse_AuditableService struct {

	// Public name of the service.
	// For example, the service name for Cloud IAM is 'iam.googleapis.com'.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Contains information about an auditable service.

func (*QueryAuditableServicesResponse_AuditableService) Descriptor deprecated 

func (*QueryAuditableServicesResponse_AuditableService) Descriptor() ([]byte, []int)

Deprecated: Use QueryAuditableServicesResponse_AuditableService.ProtoReflect.Descriptor instead.

func (*QueryAuditableServicesResponse_AuditableService) GetName 

func (x *QueryAuditableServicesResponse_AuditableService) GetName() string

func (*QueryAuditableServicesResponse_AuditableService) ProtoMessage 

func (*QueryAuditableServicesResponse_AuditableService) ProtoMessage()

func (*QueryAuditableServicesResponse_AuditableService) ProtoReflect 

func (x *QueryAuditableServicesResponse_AuditableService) ProtoReflect() protoreflect.Message

func (*QueryAuditableServicesResponse_AuditableService) Reset 

func (x *QueryAuditableServicesResponse_AuditableService) Reset()

func (*QueryAuditableServicesResponse_AuditableService) String 

func (x *QueryAuditableServicesResponse_AuditableService) String() string

type QueryGrantableRolesRequest 

type QueryGrantableRolesRequest struct {

	// Required. The full resource name to query from the list of grantable roles.
	//
	// The name follows the Google Cloud Platform resource format.
	// For example, a Cloud Platform project with id `my-project` will be named
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	FullResourceName string   `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	View             RoleView `protobuf:"varint,2,opt,name=view,proto3,enum=google.iam.admin.v1.RoleView" json:"view,omitempty"`
	// Optional limit on the number of roles to include in the response.
	//
	// The default is 300, and the maximum is 1,000.
	PageSize int32 `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional pagination token returned in an earlier
	// QueryGrantableRolesResponse.
	PageToken string `protobuf:"bytes,4,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

The grantable role query request.

func (*QueryGrantableRolesRequest) Descriptor deprecated 

func (*QueryGrantableRolesRequest) Descriptor() ([]byte, []int)

Deprecated: Use QueryGrantableRolesRequest.ProtoReflect.Descriptor instead.

func (*QueryGrantableRolesRequest) GetFullResourceName 

func (x *QueryGrantableRolesRequest) GetFullResourceName() string

func (*QueryGrantableRolesRequest) GetPageSize 

func (x *QueryGrantableRolesRequest) GetPageSize() int32

func (*QueryGrantableRolesRequest) GetPageToken 

func (x *QueryGrantableRolesRequest) GetPageToken() string

func (*QueryGrantableRolesRequest) GetView 

func (x *QueryGrantableRolesRequest) GetView() RoleView

func (*QueryGrantableRolesRequest) ProtoMessage 

func (*QueryGrantableRolesRequest) ProtoMessage()

func (*QueryGrantableRolesRequest) ProtoReflect 

func (x *QueryGrantableRolesRequest) ProtoReflect() protoreflect.Message

func (*QueryGrantableRolesRequest) Reset 

func (x *QueryGrantableRolesRequest) Reset()

func (*QueryGrantableRolesRequest) String 

func (x *QueryGrantableRolesRequest) String() string

type QueryGrantableRolesResponse 

type QueryGrantableRolesResponse struct {

	// The list of matching roles.
	Roles []*Role `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
	// To retrieve the next page of results, set
	// `QueryGrantableRolesRequest.page_token` to this value.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

The grantable role query response.

func (*QueryGrantableRolesResponse) Descriptor deprecated 

func (*QueryGrantableRolesResponse) Descriptor() ([]byte, []int)

Deprecated: Use QueryGrantableRolesResponse.ProtoReflect.Descriptor instead.

func (*QueryGrantableRolesResponse) GetNextPageToken 

func (x *QueryGrantableRolesResponse) GetNextPageToken() string

func (*QueryGrantableRolesResponse) GetRoles 

func (x *QueryGrantableRolesResponse) GetRoles() []*Role

func (*QueryGrantableRolesResponse) ProtoMessage 

func (*QueryGrantableRolesResponse) ProtoMessage()

func (*QueryGrantableRolesResponse) ProtoReflect 

func (x *QueryGrantableRolesResponse) ProtoReflect() protoreflect.Message

func (*QueryGrantableRolesResponse) Reset 

func (x *QueryGrantableRolesResponse) Reset()

func (*QueryGrantableRolesResponse) String 

func (x *QueryGrantableRolesResponse) String() string

type QueryTestablePermissionsRequest 

type QueryTestablePermissionsRequest struct {

	// Required. The full resource name to query from the list of testable
	// permissions.
	//
	// The name follows the Google Cloud Platform resource format.
	// For example, a Cloud Platform project with id `my-project` will be named
	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
	FullResourceName string `protobuf:"bytes,1,opt,name=full_resource_name,json=fullResourceName,proto3" json:"full_resource_name,omitempty"`
	// Optional limit on the number of permissions to include in the response.
	//
	// The default is 100, and the maximum is 1,000.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional pagination token returned in an earlier
	// QueryTestablePermissionsRequest.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

A request to get permissions which can be tested on a resource.

func (*QueryTestablePermissionsRequest) Descriptor deprecated 

func (*QueryTestablePermissionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use QueryTestablePermissionsRequest.ProtoReflect.Descriptor instead.

func (*QueryTestablePermissionsRequest) GetFullResourceName 

func (x *QueryTestablePermissionsRequest) GetFullResourceName() string

func (*QueryTestablePermissionsRequest) GetPageSize 

func (x *QueryTestablePermissionsRequest) GetPageSize() int32

func (*QueryTestablePermissionsRequest) GetPageToken 

func (x *QueryTestablePermissionsRequest) GetPageToken() string

func (*QueryTestablePermissionsRequest) ProtoMessage 

func (*QueryTestablePermissionsRequest) ProtoMessage()

func (*QueryTestablePermissionsRequest) ProtoReflect 

func (x *QueryTestablePermissionsRequest) ProtoReflect() protoreflect.Message

func (*QueryTestablePermissionsRequest) Reset 

func (x *QueryTestablePermissionsRequest) Reset()

func (*QueryTestablePermissionsRequest) String 

func (x *QueryTestablePermissionsRequest) String() string

type QueryTestablePermissionsResponse 

type QueryTestablePermissionsResponse struct {

	// The Permissions testable on the requested resource.
	Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
	// To retrieve the next page of results, set
	// `QueryTestableRolesRequest.page_token` to this value.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

The response containing permissions which can be tested on a resource.

func (*QueryTestablePermissionsResponse) Descriptor deprecated 

func (*QueryTestablePermissionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use QueryTestablePermissionsResponse.ProtoReflect.Descriptor instead.

func (*QueryTestablePermissionsResponse) GetNextPageToken 

func (x *QueryTestablePermissionsResponse) GetNextPageToken() string

func (*QueryTestablePermissionsResponse) GetPermissions 

func (x *QueryTestablePermissionsResponse) GetPermissions() []*Permission

func (*QueryTestablePermissionsResponse) ProtoMessage 

func (*QueryTestablePermissionsResponse) ProtoMessage()

func (*QueryTestablePermissionsResponse) ProtoReflect 

func (x *QueryTestablePermissionsResponse) ProtoReflect() protoreflect.Message

func (*QueryTestablePermissionsResponse) Reset 

func (x *QueryTestablePermissionsResponse) Reset()

func (*QueryTestablePermissionsResponse) String 

func (x *QueryTestablePermissionsResponse) String() string

type Role 

type Role struct {

	// The name of the role.
	//
	// When Role is used in CreateRole, the role name must not be set.
	//
	// When Role is used in output and other input such as UpdateRole, the role
	// name is the complete path, e.g., roles/logging.viewer for predefined roles
	// and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. A human-readable title for the role.  Typically this
	// is limited to 100 UTF-8 bytes.
	Title string `protobuf:"bytes,2,opt,name=title,proto3" json:"title,omitempty"`
	// Optional. A human-readable description for the role.
	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions []string `protobuf:"bytes,7,rep,name=included_permissions,json=includedPermissions,proto3" json:"included_permissions,omitempty"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been
	// selected for a role, the `stage` field will not be included in the
	// returned definition for the role.
	Stage Role_RoleLaunchStage `protobuf:"varint,8,opt,name=stage,proto3,enum=google.iam.admin.v1.Role_RoleLaunchStage" json:"stage,omitempty"`
	// Used to perform a consistent read-modify-write.
	Etag []byte `protobuf:"bytes,9,opt,name=etag,proto3" json:"etag,omitempty"`
	// The current deleted state of the role. This field is read only.
	// It will be ignored in calls to CreateRole and UpdateRole.
	Deleted bool `protobuf:"varint,11,opt,name=deleted,proto3" json:"deleted,omitempty"`
	// contains filtered or unexported fields
}

A role in the Identity and Access Management API.

func (*Role) Descriptor deprecated 

func (*Role) Descriptor() ([]byte, []int)

Deprecated: Use Role.ProtoReflect.Descriptor instead.

func (*Role) GetDeleted 

func (x *Role) GetDeleted() bool

func (*Role) GetDescription 

func (x *Role) GetDescription() string

func (*Role) GetEtag 

func (x *Role) GetEtag() []byte

func (*Role) GetIncludedPermissions 

func (x *Role) GetIncludedPermissions() []string

func (*Role) GetName 

func (x *Role) GetName() string

func (*Role) GetStage 

func (x *Role) GetStage() Role_RoleLaunchStage

func (*Role) GetTitle 

func (x *Role) GetTitle() string

func (*Role) ProtoMessage 

func (*Role) ProtoMessage()

func (*Role) ProtoReflect 

func (x *Role) ProtoReflect() protoreflect.Message

func (*Role) Reset 

func (x *Role) Reset()

func (*Role) String 

func (x *Role) String() string

type RoleView 

type RoleView int32

A view for Role objects. 

const (
	// Omits the `included_permissions` field.
	// This is the default value.
	RoleView_BASIC RoleView = 0
	// Returns all fields.
	RoleView_FULL RoleView = 1
)

func (RoleView) Descriptor 

func (RoleView) Descriptor() protoreflect.EnumDescriptor

func (RoleView) Enum 

func (x RoleView) Enum() *RoleView

func (RoleView) EnumDescriptor deprecated 

func (RoleView) EnumDescriptor() ([]byte, []int)

Deprecated: Use RoleView.Descriptor instead.

func (RoleView) Number 

func (x RoleView) Number() protoreflect.EnumNumber

func (RoleView) String 

func (x RoleView) String() string

func (RoleView) Type 

func (RoleView) Type() protoreflect.EnumType

type Role_RoleLaunchStage 

type Role_RoleLaunchStage int32

A stage representing a role's lifecycle phase. 

const (
	// The user has indicated this role is currently in an Alpha phase. If this
	// launch stage is selected, the `stage` field will not be included when
	// requesting the definition for a given role.
	Role_ALPHA Role_RoleLaunchStage = 0
	// The user has indicated this role is currently in a Beta phase.
	Role_BETA Role_RoleLaunchStage = 1
	// The user has indicated this role is generally available.
	Role_GA Role_RoleLaunchStage = 2
	// The user has indicated this role is being deprecated.
	Role_DEPRECATED Role_RoleLaunchStage = 4
	// This role is disabled and will not contribute permissions to any members
	// it is granted to in policies.
	Role_DISABLED Role_RoleLaunchStage = 5
	// The user has indicated this role is currently in an EAP phase.
	Role_EAP Role_RoleLaunchStage = 6
)

func (Role_RoleLaunchStage) Descriptor 

func (Role_RoleLaunchStage) Descriptor() protoreflect.EnumDescriptor

func (Role_RoleLaunchStage) Enum 

func (x Role_RoleLaunchStage) Enum() *Role_RoleLaunchStage

func (Role_RoleLaunchStage) EnumDescriptor deprecated 

func (Role_RoleLaunchStage) EnumDescriptor() ([]byte, []int)

Deprecated: Use Role_RoleLaunchStage.Descriptor instead.

func (Role_RoleLaunchStage) Number 

func (x Role_RoleLaunchStage) Number() protoreflect.EnumNumber

func (Role_RoleLaunchStage) String 

func (x Role_RoleLaunchStage) String() string

func (Role_RoleLaunchStage) Type 

func (Role_RoleLaunchStage) Type() protoreflect.EnumType

type ServiceAccount 

type ServiceAccount struct {

	// The resource name of the service account.
	//
	// Use one of the following formats:
	//
	// * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}`
	// * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`
	//
	// As an alternative, you can use the `-` wildcard character instead of the
	// project ID:
	//
	// * `projects/-/serviceAccounts/{EMAIL_ADDRESS}`
	// * `projects/-/serviceAccounts/{UNIQUE_ID}`
	//
	// When possible, avoid using the `-` wildcard character, because it can cause
	// response messages to contain misleading error codes. For example, if you
	// try to get the service account
	// `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
	// response contains an HTTP `403 Forbidden` error instead of a `404 Not
	// Found` error.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The ID of the project that owns the service account.
	ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
	// Output only. The unique, stable numeric ID for the service account.
	//
	// Each service account retains its unique ID even if you delete the service
	// account. For example, if you delete a service account, then create a new
	// service account with the same name, the new service account has a different
	// unique ID than the deleted service account.
	UniqueId string `protobuf:"bytes,4,opt,name=unique_id,json=uniqueId,proto3" json:"unique_id,omitempty"`
	// Output only. The email address of the service account.
	Email string `protobuf:"bytes,5,opt,name=email,proto3" json:"email,omitempty"`
	// Optional. A user-specified, human-readable name for the service account. The maximum
	// length is 100 UTF-8 bytes.
	DisplayName string `protobuf:"bytes,6,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
	// Deprecated. Do not use.
	//
	// Deprecated: Do not use.
	Etag []byte `protobuf:"bytes,7,opt,name=etag,proto3" json:"etag,omitempty"`
	// Optional. A user-specified, human-readable description of the service account. The
	// maximum length is 256 UTF-8 bytes.
	Description string `protobuf:"bytes,8,opt,name=description,proto3" json:"description,omitempty"`
	// Output only. The OAuth 2.0 client ID for the service account.
	Oauth2ClientId string `protobuf:"bytes,9,opt,name=oauth2_client_id,json=oauth2ClientId,proto3" json:"oauth2_client_id,omitempty"`
	// Output only. Whether the service account is disabled.
	Disabled bool `protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
	// contains filtered or unexported fields
}

An IAM service account.

A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the [overview of service accounts](https://cloud.google.com/iam/help/service-accounts/overview).

When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.

func (*ServiceAccount) Descriptor deprecated 

func (*ServiceAccount) Descriptor() ([]byte, []int)

Deprecated: Use ServiceAccount.ProtoReflect.Descriptor instead.

func (*ServiceAccount) GetDescription 

func (x *ServiceAccount) GetDescription() string

func (*ServiceAccount) GetDisabled 

func (x *ServiceAccount) GetDisabled() bool

func (*ServiceAccount) GetDisplayName 

func (x *ServiceAccount) GetDisplayName() string

func (*ServiceAccount) GetEmail 

func (x *ServiceAccount) GetEmail() string

func (*ServiceAccount) GetEtag deprecated 

func (x *ServiceAccount) GetEtag() []byte

Deprecated: Do not use.

func (*ServiceAccount) GetName 

func (x *ServiceAccount) GetName() string

func (*ServiceAccount) GetOauth2ClientId 

func (x *ServiceAccount) GetOauth2ClientId() string

func (*ServiceAccount) GetProjectId 

func (x *ServiceAccount) GetProjectId() string

func (*ServiceAccount) GetUniqueId 

func (x *ServiceAccount) GetUniqueId() string

func (*ServiceAccount) ProtoMessage 

func (*ServiceAccount) ProtoMessage()

func (*ServiceAccount) ProtoReflect 

func (x *ServiceAccount) ProtoReflect() protoreflect.Message

func (*ServiceAccount) Reset 

func (x *ServiceAccount) Reset()

func (*ServiceAccount) String 

func (x *ServiceAccount) String() string

type ServiceAccountKey 

type ServiceAccountKey struct {

	// The resource name of the service account key in the following format
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The output format for the private key.
	// Only provided in `CreateServiceAccountKey` responses, not
	// in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
	//
	// Google never exposes system-managed private keys, and never retains
	// user-managed private keys.
	PrivateKeyType ServiceAccountPrivateKeyType `` /* 160-byte string literal not displayed */
	// Specifies the algorithm (and possibly key size) for the key.
	KeyAlgorithm ServiceAccountKeyAlgorithm `` /* 150-byte string literal not displayed */
	// The private key data. Only provided in `CreateServiceAccountKey`
	// responses. Make sure to keep the private key data secure because it
	// allows for the assertion of the service account identity.
	// When base64 decoded, the private key data can be used to authenticate with
	// Google API client libraries and with
	// <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud
	// auth activate-service-account</a>.
	PrivateKeyData []byte `protobuf:"bytes,3,opt,name=private_key_data,json=privateKeyData,proto3" json:"private_key_data,omitempty"`
	// The public key data. Only provided in `GetServiceAccountKey` responses.
	PublicKeyData []byte `protobuf:"bytes,7,opt,name=public_key_data,json=publicKeyData,proto3" json:"public_key_data,omitempty"`
	// The key can be used after this timestamp.
	ValidAfterTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=valid_after_time,json=validAfterTime,proto3" json:"valid_after_time,omitempty"`
	// The key can be used before this timestamp.
	// For system-managed key pairs, this timestamp is the end time for the
	// private key signing operation. The public key could still be used
	// for verification for a few hours after this time.
	ValidBeforeTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=valid_before_time,json=validBeforeTime,proto3" json:"valid_before_time,omitempty"`
	// The key origin.
	KeyOrigin ServiceAccountKeyOrigin `` /* 138-byte string literal not displayed */
	// The key type.
	KeyType ListServiceAccountKeysRequest_KeyType `` /* 147-byte string literal not displayed */
	// contains filtered or unexported fields
}

Represents a service account key.

A service account has two sets of key-pairs: user-managed, and system-managed.

User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.

System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.

If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.

Public keys for all service accounts are also published at the OAuth2 Service Account API.

func (*ServiceAccountKey) Descriptor deprecated 

func (*ServiceAccountKey) Descriptor() ([]byte, []int)

Deprecated: Use ServiceAccountKey.ProtoReflect.Descriptor instead.

func (*ServiceAccountKey) GetKeyAlgorithm 

func (x *ServiceAccountKey) GetKeyAlgorithm() ServiceAccountKeyAlgorithm

func (*ServiceAccountKey) GetKeyOrigin 

func (x *ServiceAccountKey) GetKeyOrigin() ServiceAccountKeyOrigin

func (*ServiceAccountKey) GetKeyType 

func (x *ServiceAccountKey) GetKeyType() ListServiceAccountKeysRequest_KeyType

func (*ServiceAccountKey) GetName 

func (x *ServiceAccountKey) GetName() string

func (*ServiceAccountKey) GetPrivateKeyData 

func (x *ServiceAccountKey) GetPrivateKeyData() []byte

func (*ServiceAccountKey) GetPrivateKeyType 

func (x *ServiceAccountKey) GetPrivateKeyType() ServiceAccountPrivateKeyType

func (*ServiceAccountKey) GetPublicKeyData 

func (x *ServiceAccountKey) GetPublicKeyData() []byte

func (*ServiceAccountKey) GetValidAfterTime 

func (x *ServiceAccountKey) GetValidAfterTime() *timestamppb.Timestamp

func (*ServiceAccountKey) GetValidBeforeTime 

func (x *ServiceAccountKey) GetValidBeforeTime() *timestamppb.Timestamp

func (*ServiceAccountKey) ProtoMessage 

func (*ServiceAccountKey) ProtoMessage()

func (*ServiceAccountKey) ProtoReflect 

func (x *ServiceAccountKey) ProtoReflect() protoreflect.Message

func (*ServiceAccountKey) Reset 

func (x *ServiceAccountKey) Reset()

func (*ServiceAccountKey) String 

func (x *ServiceAccountKey) String() string

type ServiceAccountKeyAlgorithm 

type ServiceAccountKeyAlgorithm int32

Supported key algorithms. 

const (
	// An unspecified key algorithm.
	ServiceAccountKeyAlgorithm_KEY_ALG_UNSPECIFIED ServiceAccountKeyAlgorithm = 0
	// 1k RSA Key.
	ServiceAccountKeyAlgorithm_KEY_ALG_RSA_1024 ServiceAccountKeyAlgorithm = 1
	// 2k RSA Key.
	ServiceAccountKeyAlgorithm_KEY_ALG_RSA_2048 ServiceAccountKeyAlgorithm = 2
)

func (ServiceAccountKeyAlgorithm) Descriptor 

func (ServiceAccountKeyAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (ServiceAccountKeyAlgorithm) Enum 

func (x ServiceAccountKeyAlgorithm) Enum() *ServiceAccountKeyAlgorithm

func (ServiceAccountKeyAlgorithm) EnumDescriptor deprecated 

func (ServiceAccountKeyAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use ServiceAccountKeyAlgorithm.Descriptor instead.

func (ServiceAccountKeyAlgorithm) Number 

func (x ServiceAccountKeyAlgorithm) Number() protoreflect.EnumNumber

func (ServiceAccountKeyAlgorithm) String 

func (x ServiceAccountKeyAlgorithm) String() string

func (ServiceAccountKeyAlgorithm) Type 

func (ServiceAccountKeyAlgorithm) Type() protoreflect.EnumType

type ServiceAccountKeyOrigin 

type ServiceAccountKeyOrigin int32

Service Account Key Origin. 

const (
	// Unspecified key origin.
	ServiceAccountKeyOrigin_ORIGIN_UNSPECIFIED ServiceAccountKeyOrigin = 0
	// Key is provided by user.
	ServiceAccountKeyOrigin_USER_PROVIDED ServiceAccountKeyOrigin = 1
	// Key is provided by Google.
	ServiceAccountKeyOrigin_GOOGLE_PROVIDED ServiceAccountKeyOrigin = 2
)

func (ServiceAccountKeyOrigin) Descriptor 

func (ServiceAccountKeyOrigin) Descriptor() protoreflect.EnumDescriptor

func (ServiceAccountKeyOrigin) Enum 

func (x ServiceAccountKeyOrigin) Enum() *ServiceAccountKeyOrigin

func (ServiceAccountKeyOrigin) EnumDescriptor deprecated 

func (ServiceAccountKeyOrigin) EnumDescriptor() ([]byte, []int)

Deprecated: Use ServiceAccountKeyOrigin.Descriptor instead.

func (ServiceAccountKeyOrigin) Number 

func (x ServiceAccountKeyOrigin) Number() protoreflect.EnumNumber

func (ServiceAccountKeyOrigin) String 

func (x ServiceAccountKeyOrigin) String() string

func (ServiceAccountKeyOrigin) Type 

func (ServiceAccountKeyOrigin) Type() protoreflect.EnumType

type ServiceAccountPrivateKeyType 

type ServiceAccountPrivateKeyType int32

Supported private key output formats. 

const (
	// Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.
	ServiceAccountPrivateKeyType_TYPE_UNSPECIFIED ServiceAccountPrivateKeyType = 0
	// PKCS12 format.
	// The password for the PKCS12 file is `notasecret`.
	// For more information, see https://tools.ietf.org/html/rfc7292.
	ServiceAccountPrivateKeyType_TYPE_PKCS12_FILE ServiceAccountPrivateKeyType = 1
	// Google Credentials File format.
	ServiceAccountPrivateKeyType_TYPE_GOOGLE_CREDENTIALS_FILE ServiceAccountPrivateKeyType = 2
)

func (ServiceAccountPrivateKeyType) Descriptor 

func (ServiceAccountPrivateKeyType) Descriptor() protoreflect.EnumDescriptor

func (ServiceAccountPrivateKeyType) Enum 

func (x ServiceAccountPrivateKeyType) Enum() *ServiceAccountPrivateKeyType

func (ServiceAccountPrivateKeyType) EnumDescriptor deprecated 

func (ServiceAccountPrivateKeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use ServiceAccountPrivateKeyType.Descriptor instead.

func (ServiceAccountPrivateKeyType) Number 

func (x ServiceAccountPrivateKeyType) Number() protoreflect.EnumNumber

func (ServiceAccountPrivateKeyType) String 

func (x ServiceAccountPrivateKeyType) String() string

func (ServiceAccountPrivateKeyType) Type 

func (ServiceAccountPrivateKeyType) Type() protoreflect.EnumType

type ServiceAccountPublicKeyType 

type ServiceAccountPublicKeyType int32

Supported public key output formats. 

const (
	// Unspecified. Returns nothing here.
	ServiceAccountPublicKeyType_TYPE_NONE ServiceAccountPublicKeyType = 0
	// X509 PEM format.
	ServiceAccountPublicKeyType_TYPE_X509_PEM_FILE ServiceAccountPublicKeyType = 1
	// Raw public key.
	ServiceAccountPublicKeyType_TYPE_RAW_PUBLIC_KEY ServiceAccountPublicKeyType = 2
)

func (ServiceAccountPublicKeyType) Descriptor 

func (ServiceAccountPublicKeyType) Descriptor() protoreflect.EnumDescriptor

func (ServiceAccountPublicKeyType) Enum 

func (x ServiceAccountPublicKeyType) Enum() *ServiceAccountPublicKeyType

func (ServiceAccountPublicKeyType) EnumDescriptor deprecated 

func (ServiceAccountPublicKeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use ServiceAccountPublicKeyType.Descriptor instead.

func (ServiceAccountPublicKeyType) Number 

func (x ServiceAccountPublicKeyType) Number() protoreflect.EnumNumber

func (ServiceAccountPublicKeyType) String 

func (x ServiceAccountPublicKeyType) String() string

func (ServiceAccountPublicKeyType) Type 

func (ServiceAccountPublicKeyType) Type() protoreflect.EnumType

type SignBlobRequest 

type SignBlobRequest struct {

	// Required. Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	//
	// Deprecated: Do not use.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The bytes to sign.
	//
	// Deprecated: Do not use.
	BytesToSign []byte `protobuf:"bytes,2,opt,name=bytes_to_sign,json=bytesToSign,proto3" json:"bytes_to_sign,omitempty"`
	// contains filtered or unexported fields
}

Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).

The service account sign blob request.

func (*SignBlobRequest) Descriptor deprecated 

func (*SignBlobRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignBlobRequest.ProtoReflect.Descriptor instead.

func (*SignBlobRequest) GetBytesToSign deprecated 

func (x *SignBlobRequest) GetBytesToSign() []byte

Deprecated: Do not use.

func (*SignBlobRequest) GetName deprecated 

func (x *SignBlobRequest) GetName() string

Deprecated: Do not use.

func (*SignBlobRequest) ProtoMessage 

func (*SignBlobRequest) ProtoMessage()

func (*SignBlobRequest) ProtoReflect 

func (x *SignBlobRequest) ProtoReflect() protoreflect.Message

func (*SignBlobRequest) Reset 

func (x *SignBlobRequest) Reset()

func (*SignBlobRequest) String 

func (x *SignBlobRequest) String() string

type SignBlobResponse 

type SignBlobResponse struct {

	// Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The id of the key used to sign the blob.
	//
	// Deprecated: Do not use.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The signed blob.
	//
	// Deprecated: Do not use.
	Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).

The service account sign blob response.

func (*SignBlobResponse) Descriptor deprecated 

func (*SignBlobResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignBlobResponse.ProtoReflect.Descriptor instead.

func (*SignBlobResponse) GetKeyId deprecated 

func (x *SignBlobResponse) GetKeyId() string

Deprecated: Do not use.

func (*SignBlobResponse) GetSignature deprecated 

func (x *SignBlobResponse) GetSignature() []byte

Deprecated: Do not use.

func (*SignBlobResponse) ProtoMessage 

func (*SignBlobResponse) ProtoMessage()

func (*SignBlobResponse) ProtoReflect 

func (x *SignBlobResponse) ProtoReflect() protoreflect.Message

func (*SignBlobResponse) Reset 

func (x *SignBlobResponse) Reset()

func (*SignBlobResponse) String 

func (x *SignBlobResponse) String() string

type SignJwtRequest 

type SignJwtRequest struct {

	// Required. Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	//
	// Deprecated: Do not use.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The JWT payload to sign. Must be a serialized JSON object that contains a
	// JWT Claims Set. For example: `{"sub": "user@example.com", "iat": 313435}`
	//
	// If the JWT Claims Set contains an expiration time (`exp`) claim, it must be
	// an integer timestamp that is not in the past and no more than 1 hour in the
	// future.
	//
	// If the JWT Claims Set does not contain an expiration time (`exp`) claim,
	// this claim is added automatically, with a timestamp that is 1 hour in the
	// future.
	//
	// Deprecated: Do not use.
	Payload string `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
	// contains filtered or unexported fields
}

Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).

The service account sign JWT request.

func (*SignJwtRequest) Descriptor deprecated 

func (*SignJwtRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignJwtRequest.ProtoReflect.Descriptor instead.

func (*SignJwtRequest) GetName deprecated 

func (x *SignJwtRequest) GetName() string

Deprecated: Do not use.

func (*SignJwtRequest) GetPayload deprecated 

func (x *SignJwtRequest) GetPayload() string

Deprecated: Do not use.

func (*SignJwtRequest) ProtoMessage 

func (*SignJwtRequest) ProtoMessage()

func (*SignJwtRequest) ProtoReflect 

func (x *SignJwtRequest) ProtoReflect() protoreflect.Message

func (*SignJwtRequest) Reset 

func (x *SignJwtRequest) Reset()

func (*SignJwtRequest) String 

func (x *SignJwtRequest) String() string

type SignJwtResponse 

type SignJwtResponse struct {

	// Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The id of the key used to sign the JWT.
	//
	// Deprecated: Do not use.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Deprecated. [Migrate to Service Account Credentials
	// API](https://cloud.google.com/iam/help/credentials/migrate-api).
	//
	// The signed JWT.
	//
	// Deprecated: Do not use.
	SignedJwt string `protobuf:"bytes,2,opt,name=signed_jwt,json=signedJwt,proto3" json:"signed_jwt,omitempty"`
	// contains filtered or unexported fields
}

Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api).

The service account sign JWT response.

func (*SignJwtResponse) Descriptor deprecated 

func (*SignJwtResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignJwtResponse.ProtoReflect.Descriptor instead.

func (*SignJwtResponse) GetKeyId deprecated 

func (x *SignJwtResponse) GetKeyId() string

Deprecated: Do not use.

func (*SignJwtResponse) GetSignedJwt deprecated 

func (x *SignJwtResponse) GetSignedJwt() string

Deprecated: Do not use.

func (*SignJwtResponse) ProtoMessage 

func (*SignJwtResponse) ProtoMessage()

func (*SignJwtResponse) ProtoReflect 

func (x *SignJwtResponse) ProtoReflect() protoreflect.Message

func (*SignJwtResponse) Reset 

func (x *SignJwtResponse) Reset()

func (*SignJwtResponse) String 

func (x *SignJwtResponse) String() string

type UndeleteRoleRequest 

type UndeleteRoleRequest struct {

	// The `name` parameter's value depends on the target resource for the
	// request, namely
	// [`projects`](/iam/reference/rest/v1/projects.roles) or
	// [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
	// resource type's `name` value format is described below:
	//
	// * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete):
	//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes
	//   only [custom roles](/iam/docs/understanding-custom-roles) that have been
	//   created at the project level. Example request URL:
	//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete):
	//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
	//   undeletes only [custom roles](/iam/docs/understanding-custom-roles) that
	//   have been created at the organization level. Example request URL:
	//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Used to perform a consistent read-modify-write.
	Etag []byte `protobuf:"bytes,2,opt,name=etag,proto3" json:"etag,omitempty"`
	// contains filtered or unexported fields
}

The request to undelete an existing role.

func (*UndeleteRoleRequest) Descriptor deprecated 

func (*UndeleteRoleRequest) Descriptor() ([]byte, []int)

Deprecated: Use UndeleteRoleRequest.ProtoReflect.Descriptor instead.

func (*UndeleteRoleRequest) GetEtag 

func (x *UndeleteRoleRequest) GetEtag() []byte

func (*UndeleteRoleRequest) GetName 

func (x *UndeleteRoleRequest) GetName() string

func (*UndeleteRoleRequest) ProtoMessage 

func (*UndeleteRoleRequest) ProtoMessage()

func (*UndeleteRoleRequest) ProtoReflect 

func (x *UndeleteRoleRequest) ProtoReflect() protoreflect.Message

func (*UndeleteRoleRequest) Reset 

func (x *UndeleteRoleRequest) Reset()

func (*UndeleteRoleRequest) String 

func (x *UndeleteRoleRequest) String() string

type UndeleteServiceAccountRequest 

type UndeleteServiceAccountRequest struct {

	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The service account undelete request.

func (*UndeleteServiceAccountRequest) Descriptor deprecated 

func (*UndeleteServiceAccountRequest) Descriptor() ([]byte, []int)

Deprecated: Use UndeleteServiceAccountRequest.ProtoReflect.Descriptor instead.

func (*UndeleteServiceAccountRequest) GetName 

func (x *UndeleteServiceAccountRequest) GetName() string

func (*UndeleteServiceAccountRequest) ProtoMessage 

func (*UndeleteServiceAccountRequest) ProtoMessage()

func (*UndeleteServiceAccountRequest) ProtoReflect 

func (x *UndeleteServiceAccountRequest) ProtoReflect() protoreflect.Message

func (*UndeleteServiceAccountRequest) Reset 

func (x *UndeleteServiceAccountRequest) Reset()

func (*UndeleteServiceAccountRequest) String 

func (x *UndeleteServiceAccountRequest) String() string

type UndeleteServiceAccountResponse 

type UndeleteServiceAccountResponse struct {

	// Metadata for the restored service account.
	RestoredAccount *ServiceAccount `protobuf:"bytes,1,opt,name=restored_account,json=restoredAccount,proto3" json:"restored_account,omitempty"`
	// contains filtered or unexported fields
}

func (*UndeleteServiceAccountResponse) Descriptor deprecated 

func (*UndeleteServiceAccountResponse) Descriptor() ([]byte, []int)

Deprecated: Use UndeleteServiceAccountResponse.ProtoReflect.Descriptor instead.

func (*UndeleteServiceAccountResponse) GetRestoredAccount 

func (x *UndeleteServiceAccountResponse) GetRestoredAccount() *ServiceAccount

func (*UndeleteServiceAccountResponse) ProtoMessage 

func (*UndeleteServiceAccountResponse) ProtoMessage()

func (*UndeleteServiceAccountResponse) ProtoReflect 

func (x *UndeleteServiceAccountResponse) ProtoReflect() protoreflect.Message

func (*UndeleteServiceAccountResponse) Reset 

func (x *UndeleteServiceAccountResponse) Reset()

func (*UndeleteServiceAccountResponse) String 

func (x *UndeleteServiceAccountResponse) String() string

type UnimplementedIAMServer 

type UnimplementedIAMServer struct {
}

UnimplementedIAMServer can be embedded to have forward compatible implementations.

func (*UnimplementedIAMServer) CreateRole 

func (*UnimplementedIAMServer) CreateRole(context.Context, *CreateRoleRequest) (*Role, error)

func (*UnimplementedIAMServer) CreateServiceAccount 

func (*UnimplementedIAMServer) CreateServiceAccount(context.Context, *CreateServiceAccountRequest) (*ServiceAccount, error)

func (*UnimplementedIAMServer) CreateServiceAccountKey 

func (*UnimplementedIAMServer) CreateServiceAccountKey(context.Context, *CreateServiceAccountKeyRequest) (*ServiceAccountKey, error)

func (*UnimplementedIAMServer) DeleteRole 

func (*UnimplementedIAMServer) DeleteRole(context.Context, *DeleteRoleRequest) (*Role, error)

func (*UnimplementedIAMServer) DeleteServiceAccount 

func (*UnimplementedIAMServer) DeleteServiceAccount(context.Context, *DeleteServiceAccountRequest) (*emptypb.Empty, error)

func (*UnimplementedIAMServer) DeleteServiceAccountKey 

func (*UnimplementedIAMServer) DeleteServiceAccountKey(context.Context, *DeleteServiceAccountKeyRequest) (*emptypb.Empty, error)

func (*UnimplementedIAMServer) DisableServiceAccount 

func (*UnimplementedIAMServer) DisableServiceAccount(context.Context, *DisableServiceAccountRequest) (*emptypb.Empty, error)

func (*UnimplementedIAMServer) EnableServiceAccount 

func (*UnimplementedIAMServer) EnableServiceAccount(context.Context, *EnableServiceAccountRequest) (*emptypb.Empty, error)

func (*UnimplementedIAMServer) GetIamPolicy 

func (*UnimplementedIAMServer) GetIamPolicy(context.Context, *v1.GetIamPolicyRequest) (*v1.Policy, error)

func (*UnimplementedIAMServer) GetRole 

func (*UnimplementedIAMServer) GetRole(context.Context, *GetRoleRequest) (*Role, error)

func (*UnimplementedIAMServer) GetServiceAccount 

func (*UnimplementedIAMServer) GetServiceAccount(context.Context, *GetServiceAccountRequest) (*ServiceAccount, error)

func (*UnimplementedIAMServer) GetServiceAccountKey 

func (*UnimplementedIAMServer) GetServiceAccountKey(context.Context, *GetServiceAccountKeyRequest) (*ServiceAccountKey, error)

func (*UnimplementedIAMServer) LintPolicy 

func (*UnimplementedIAMServer) LintPolicy(context.Context, *LintPolicyRequest) (*LintPolicyResponse, error)

func (*UnimplementedIAMServer) ListRoles 

func (*UnimplementedIAMServer) ListRoles(context.Context, *ListRolesRequest) (*ListRolesResponse, error)

func (*UnimplementedIAMServer) ListServiceAccountKeys 

func (*UnimplementedIAMServer) ListServiceAccountKeys(context.Context, *ListServiceAccountKeysRequest) (*ListServiceAccountKeysResponse, error)

func (*UnimplementedIAMServer) ListServiceAccounts 

func (*UnimplementedIAMServer) ListServiceAccounts(context.Context, *ListServiceAccountsRequest) (*ListServiceAccountsResponse, error)

func (*UnimplementedIAMServer) PatchServiceAccount 

func (*UnimplementedIAMServer) PatchServiceAccount(context.Context, *PatchServiceAccountRequest) (*ServiceAccount, error)

func (*UnimplementedIAMServer) QueryAuditableServices 

func (*UnimplementedIAMServer) QueryAuditableServices(context.Context, *QueryAuditableServicesRequest) (*QueryAuditableServicesResponse, error)

func (*UnimplementedIAMServer) QueryGrantableRoles 

func (*UnimplementedIAMServer) QueryGrantableRoles(context.Context, *QueryGrantableRolesRequest) (*QueryGrantableRolesResponse, error)

func (*UnimplementedIAMServer) QueryTestablePermissions 

func (*UnimplementedIAMServer) QueryTestablePermissions(context.Context, *QueryTestablePermissionsRequest) (*QueryTestablePermissionsResponse, error)

func (*UnimplementedIAMServer) SetIamPolicy 

func (*UnimplementedIAMServer) SetIamPolicy(context.Context, *v1.SetIamPolicyRequest) (*v1.Policy, error)

func (*UnimplementedIAMServer) SignBlob 

func (*UnimplementedIAMServer) SignBlob(context.Context, *SignBlobRequest) (*SignBlobResponse, error)

func (*UnimplementedIAMServer) SignJwt 

func (*UnimplementedIAMServer) SignJwt(context.Context, *SignJwtRequest) (*SignJwtResponse, error)

func (*UnimplementedIAMServer) TestIamPermissions 

func (*UnimplementedIAMServer) TestIamPermissions(context.Context, *v1.TestIamPermissionsRequest) (*v1.TestIamPermissionsResponse, error)

func (*UnimplementedIAMServer) UndeleteRole 

func (*UnimplementedIAMServer) UndeleteRole(context.Context, *UndeleteRoleRequest) (*Role, error)

func (*UnimplementedIAMServer) UndeleteServiceAccount 

func (*UnimplementedIAMServer) UndeleteServiceAccount(context.Context, *UndeleteServiceAccountRequest) (*UndeleteServiceAccountResponse, error)

func (*UnimplementedIAMServer) UpdateRole 

func (*UnimplementedIAMServer) UpdateRole(context.Context, *UpdateRoleRequest) (*Role, error)

func (*UnimplementedIAMServer) UpdateServiceAccount 

func (*UnimplementedIAMServer) UpdateServiceAccount(context.Context, *ServiceAccount) (*ServiceAccount, error)

func (*UnimplementedIAMServer) UploadServiceAccountKey 

func (*UnimplementedIAMServer) UploadServiceAccountKey(context.Context, *UploadServiceAccountKeyRequest) (*ServiceAccountKey, error)

type UpdateRoleRequest 

type UpdateRoleRequest struct {

	// The `name` parameter's value depends on the target resource for the
	// request, namely
	// [`projects`](/iam/reference/rest/v1/projects.roles) or
	// [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
	// resource type's `name` value format is described below:
	//
	// * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch):
	//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only
	//   [custom roles](/iam/docs/understanding-custom-roles) that have been
	//   created at the project level. Example request URL:
	//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch):
	//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
	//   updates only [custom roles](/iam/docs/understanding-custom-roles) that
	//   have been created at the organization level. Example request URL:
	//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
	//
	// Note: Wildcard (*) values are invalid; you must specify a complete project
	// ID or organization ID.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The updated role.
	Role *Role `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	// A mask describing which fields in the Role have changed.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

The request to update a role.

func (*UpdateRoleRequest) Descriptor deprecated 

func (*UpdateRoleRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateRoleRequest.ProtoReflect.Descriptor instead.

func (*UpdateRoleRequest) GetName 

func (x *UpdateRoleRequest) GetName() string

func (*UpdateRoleRequest) GetRole 

func (x *UpdateRoleRequest) GetRole() *Role

func (*UpdateRoleRequest) GetUpdateMask 

func (x *UpdateRoleRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateRoleRequest) ProtoMessage 

func (*UpdateRoleRequest) ProtoMessage()

func (*UpdateRoleRequest) ProtoReflect 

func (x *UpdateRoleRequest) ProtoReflect() protoreflect.Message

func (*UpdateRoleRequest) Reset 

func (x *UpdateRoleRequest) Reset()

func (*UpdateRoleRequest) String 

func (x *UpdateRoleRequest) String() string

type UploadServiceAccountKeyRequest 

type UploadServiceAccountKeyRequest struct {

	// The resource name of the service account in the following format:
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
	// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
	// the account. The `ACCOUNT` value can be the `email` address or the
	// `unique_id` of the service account.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// A field that allows clients to upload their own public key. If set,
	// use this public key data to create a service account key for given
	// service account.
	// Please note, the expected format for this field is X509_PEM.
	PublicKeyData []byte `protobuf:"bytes,2,opt,name=public_key_data,json=publicKeyData,proto3" json:"public_key_data,omitempty"`
	// contains filtered or unexported fields
}

The service account key upload request.

func (*UploadServiceAccountKeyRequest) Descriptor deprecated 

func (*UploadServiceAccountKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use UploadServiceAccountKeyRequest.ProtoReflect.Descriptor instead.

func (*UploadServiceAccountKeyRequest) GetName 

func (x *UploadServiceAccountKeyRequest) GetName() string

func (*UploadServiceAccountKeyRequest) GetPublicKeyData 

func (x *UploadServiceAccountKeyRequest) GetPublicKeyData() []byte

func (*UploadServiceAccountKeyRequest) ProtoMessage 

func (*UploadServiceAccountKeyRequest) ProtoMessage()

func (*UploadServiceAccountKeyRequest) ProtoReflect 

func (x *UploadServiceAccountKeyRequest) ProtoReflect() protoreflect.Message

func (*UploadServiceAccountKeyRequest) Reset 

func (x *UploadServiceAccountKeyRequest) Reset()

func (*UploadServiceAccountKeyRequest) String 

func (x *UploadServiceAccountKeyRequest) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.