Package admin

func DefaultAuthScopes ¶

func DefaultAuthScopes() []string

func IamKeyPath ¶

func IamKeyPath(project, serviceAccount, key string) string

IamKeyPath returns the path for the key resource.

func IamProjectPath ¶

func IamProjectPath(project string) string

IamProjectPath returns the path for the project resource.

func IamServiceAccountPath ¶

func IamServiceAccountPath(project, serviceAccount string) string

IamServiceAccountPath returns the path for the service account resource.

type IamCallOptions ¶

IamCallOptions contains the retry settings for each method of IamClient.

type IamCallOptions struct {
    ListServiceAccounts     []gax.CallOption
    GetServiceAccount       []gax.CallOption
    CreateServiceAccount    []gax.CallOption
    UpdateServiceAccount    []gax.CallOption
    DeleteServiceAccount    []gax.CallOption
    ListServiceAccountKeys  []gax.CallOption
    GetServiceAccountKey    []gax.CallOption
    CreateServiceAccountKey []gax.CallOption
    DeleteServiceAccountKey []gax.CallOption
    SignBlob                []gax.CallOption
    GetIamPolicy            []gax.CallOption
    SetIamPolicy            []gax.CallOption
    TestIamPermissions      []gax.CallOption
    QueryGrantableRoles     []gax.CallOption
}

type IamClient ¶

IamClient is a client for interacting with Google Identity and Access Management (IAM) API.

type IamClient struct {

    // The call options for this service.
    CallOptions *IamCallOptions
    // contains filtered or unexported fields
}

func NewIamClient ¶

func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error)

NewIamClient creates a new iam client.

Creates and manages service account objects.

Service account is an account that belongs to your project instead of to an individual end user. It is used to authenticate calls to a Google API.

To create a service account, specify the `project_id` and `account_id` for the account. The `account_id` is unique within the project, and used to generate the service account email address and a stable `unique_id`.

All other methods can identify accounts using the format `projects/{project}/serviceAccounts/{account}`. Using `-` as a wildcard for the project will infer the project from the account. The `account` value can be the `email` address or the `unique_id` of the service account.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use client.
_ = c

func (*IamClient) Close ¶

func (c *IamClient) Close() error

Close closes the connection to the API service. The user should invoke this when the client is no longer required.

func (*IamClient) Connection ¶

func (c *IamClient) Connection() *grpc.ClientConn

Connection returns the client's connection to the API service.

func (*IamClient) CreateServiceAccount ¶

func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)

CreateServiceAccount creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount] and returns it.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.CreateServiceAccountRequest{
// TODO: Fill request struct fields.
}
resp, err := c.CreateServiceAccount(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) CreateServiceAccountKey ¶

func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)

CreateServiceAccountKey creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] and returns it.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.CreateServiceAccountKeyRequest{
// TODO: Fill request struct fields.
}
resp, err := c.CreateServiceAccountKey(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) DeleteServiceAccount ¶

func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error

DeleteServiceAccount deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.DeleteServiceAccountRequest{
// TODO: Fill request struct fields.
}
err = c.DeleteServiceAccount(ctx, req)
if err != nil {
    // TODO: Handle error.
}

func (*IamClient) DeleteServiceAccountKey ¶

func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error

DeleteServiceAccountKey deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.DeleteServiceAccountKeyRequest{
// TODO: Fill request struct fields.
}
err = c.DeleteServiceAccountKey(ctx, req)
if err != nil {
    // TODO: Handle error.
}

func (*IamClient) GetIamPolicy ¶

func (c *IamClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest) (*iam.Policy, error)

GetIamPolicy returns the IAM access control policy for a ServiceAccount.

func (*IamClient) GetServiceAccount ¶

func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)

GetServiceAccount gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.GetServiceAccountRequest{
// TODO: Fill request struct fields.
}
resp, err := c.GetServiceAccount(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) GetServiceAccountKey ¶

func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)

GetServiceAccountKey gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] by key id.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.GetServiceAccountKeyRequest{
// TODO: Fill request struct fields.
}
resp, err := c.GetServiceAccountKey(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) ListServiceAccountKeys ¶

func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error)

ListServiceAccountKeys lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey].

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.ListServiceAccountKeysRequest{
// TODO: Fill request struct fields.
}
resp, err := c.ListServiceAccountKeys(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) ListServiceAccounts ¶

func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator

ListServiceAccounts lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.ListServiceAccountsRequest{
// TODO: Fill request struct fields.
}
it := c.ListServiceAccounts(ctx, req)
for {
    resp, err := it.Next()
    if err != nil {
        // TODO: Handle error.
        break
    }
    // TODO: Use resp.
    _ = resp
}

func (*IamClient) QueryGrantableRoles ¶

func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error)

QueryGrantableRoles queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.QueryGrantableRolesRequest{
// TODO: Fill request struct fields.
}
resp, err := c.QueryGrantableRoles(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) SetGoogleClientInfo ¶

func (c *IamClient) SetGoogleClientInfo(keyval ...string)

SetGoogleClientInfo sets the name and version of the application in the `x-goog-api-client` header passed on each request. Intended for use by Google-written clients.

func (*IamClient) SetIamPolicy ¶

func (c *IamClient) SetIamPolicy(ctx context.Context, req *SetIamPolicyRequest) (*iam.Policy, error)

SetIamPolicy sets the IAM access control policy for a ServiceAccount.

func (*IamClient) SignBlob ¶

func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error)

SignBlob signs a blob using a service account's system-managed private key.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.SignBlobRequest{
// TODO: Fill request struct fields.
}
resp, err := c.SignBlob(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) TestIamPermissions ¶

func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error)

TestIamPermissions tests the specified permissions against the IAM access control policy for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &iampb.TestIamPermissionsRequest{
// TODO: Fill request struct fields.
}
resp, err := c.TestIamPermissions(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*IamClient) UpdateServiceAccount ¶

func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)

UpdateServiceAccount updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].

Currently, only the following fields are updatable: `display_name` . The `etag` is mandatory.

ctx := context.Background()
c, err := admin.NewIamClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &adminpb.ServiceAccount{
// TODO: Fill request struct fields.
}
resp, err := c.UpdateServiceAccount(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

type ServiceAccountIterator ¶

ServiceAccountIterator manages a stream of *adminpb.ServiceAccount.

type ServiceAccountIterator struct {

    // InternalFetch is for use by the Google Cloud Libraries only.
    // It is not part of the stable interface of this package.
    //
    // InternalFetch returns results from a single call to the underlying RPC.
    // The number of results is no greater than pageSize.
    // If there are no more results, nextPageToken is empty and err is nil.
    InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error)
    // contains filtered or unexported fields
}

func (*ServiceAccountIterator) Next ¶

func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error)

Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

func (*ServiceAccountIterator) PageInfo ¶

func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See the google.golang.org/api/iterator package for details.

type SetIamPolicyRequest ¶

SetIamPolicyRequest is the request type for the SetIamPolicy method.

type SetIamPolicyRequest struct {
    Resource string
    Policy   *iam.Policy
}