1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="iam_v1.html">Google Identity and Access Management (IAM) API</a> . <a href="iam_v1.projects.html">projects</a> . <a href="iam_v1.projects.serviceAccounts.html">serviceAccounts</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="iam_v1.projects.serviceAccounts.keys.html">keys()</a></code> 79</p> 80<p class="firstline">Returns the keys Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="#create">create(name, body, x__xgafv=None)</a></code></p> 84<p class="firstline">Creates a ServiceAccount</p> 85<p class="toc_element"> 86 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 87<p class="firstline">Deletes a ServiceAccount.</p> 88<p class="toc_element"> 89 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 90<p class="firstline">Gets a ServiceAccount.</p> 91<p class="toc_element"> 92 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 93<p class="firstline">Returns the IAM access control policy for a</p> 94<p class="toc_element"> 95 <code><a href="#list">list(name, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p> 96<p class="firstline">Lists ServiceAccounts for a project.</p> 97<p class="toc_element"> 98 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 99<p class="firstline">Retrieves the next page of results.</p> 100<p class="toc_element"> 101 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 102<p class="firstline">Sets the IAM access control policy for a</p> 103<p class="toc_element"> 104 <code><a href="#signBlob">signBlob(name, body, x__xgafv=None)</a></code></p> 105<p class="firstline">Signs a blob using a service account's system-managed private key.</p> 106<p class="toc_element"> 107 <code><a href="#signJwt">signJwt(name, body, x__xgafv=None)</a></code></p> 108<p class="firstline">Signs a JWT using a service account's system-managed private key.</p> 109<p class="toc_element"> 110 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 111<p class="firstline">Tests the specified permissions against the IAM access control policy</p> 112<p class="toc_element"> 113 <code><a href="#update">update(name, body, x__xgafv=None)</a></code></p> 114<p class="firstline">Updates a ServiceAccount.</p> 115<h3>Method Details</h3> 116<div class="method"> 117 <code class="details" id="create">create(name, body, x__xgafv=None)</code> 118 <pre>Creates a ServiceAccount 119and returns it. 120 121Args: 122 name: string, Required. The resource name of the project associated with the service 123accounts, such as `projects/my-project-123`. (required) 124 body: object, The request body. (required) 125 The object takes the form of: 126 127{ # The service account create request. 128 "serviceAccount": { # A service account in the Identity and Access Management API. # The ServiceAccount resource to create. 129 # Currently, only the following values are user assignable: 130 # `display_name` . 131 # 132 # To create a service account, specify the `project_id` and the `account_id` 133 # for the account. The `account_id` is unique within the project, and is used 134 # to generate the service account email address and a stable 135 # `unique_id`. 136 # 137 # If the account already exists, the account's resource name is returned 138 # in util::Status's ResourceInfo.resource_name in the format of 139 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can 140 # use the name in other methods to access the account. 141 # 142 # All other methods can identify the service account using the format 143 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 144 # Using `-` as a wildcard for the project will infer the project from 145 # the account. The `account` value can be the `email` address or the 146 # `unique_id` of the service account. 147 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account. 148 # This is used in conjunction with the OAuth2 clientconfig API to make 149 # three legged OAuth2 (3LO) flows to access the data of Google users. 150 "displayName": "A String", # Optional. A user-specified description of the service account. Must be 151 # fewer than 100 UTF-8 bytes. 152 "name": "A String", # The resource name of the service account in the following format: 153 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 154 # 155 # Requests using `-` as a wildcard for the project will infer the project 156 # from the `account` and the `account` value can be the `email` address or 157 # the `unique_id` of the service account. 158 # 159 # In responses the resource name will always be in the format 160 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 161 "projectId": "A String", # @OutputOnly The id of the project that owns the service account. 162 "etag": "A String", # Used to perform a consistent read-modify-write. 163 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account. 164 "email": "A String", # @OutputOnly The email address of the service account. 165 }, 166 "accountId": "A String", # Required. The account id that is used to generate the service account 167 # email address and a stable unique id. It is unique within a project, 168 # must be 6-30 characters long, and match the regular expression 169 # `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035. 170 } 171 172 x__xgafv: string, V1 error format. 173 Allowed values 174 1 - v1 error format 175 2 - v2 error format 176 177Returns: 178 An object of the form: 179 180 { # A service account in the Identity and Access Management API. 181 # 182 # To create a service account, specify the `project_id` and the `account_id` 183 # for the account. The `account_id` is unique within the project, and is used 184 # to generate the service account email address and a stable 185 # `unique_id`. 186 # 187 # If the account already exists, the account's resource name is returned 188 # in util::Status's ResourceInfo.resource_name in the format of 189 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can 190 # use the name in other methods to access the account. 191 # 192 # All other methods can identify the service account using the format 193 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 194 # Using `-` as a wildcard for the project will infer the project from 195 # the account. The `account` value can be the `email` address or the 196 # `unique_id` of the service account. 197 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account. 198 # This is used in conjunction with the OAuth2 clientconfig API to make 199 # three legged OAuth2 (3LO) flows to access the data of Google users. 200 "displayName": "A String", # Optional. A user-specified description of the service account. Must be 201 # fewer than 100 UTF-8 bytes. 202 "name": "A String", # The resource name of the service account in the following format: 203 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 204 # 205 # Requests using `-` as a wildcard for the project will infer the project 206 # from the `account` and the `account` value can be the `email` address or 207 # the `unique_id` of the service account. 208 # 209 # In responses the resource name will always be in the format 210 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 211 "projectId": "A String", # @OutputOnly The id of the project that owns the service account. 212 "etag": "A String", # Used to perform a consistent read-modify-write. 213 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account. 214 "email": "A String", # @OutputOnly The email address of the service account. 215 }</pre> 216</div> 217 218<div class="method"> 219 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 220 <pre>Deletes a ServiceAccount. 221 222Args: 223 name: string, The resource name of the service account in the following format: 224`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 225Using `-` as a wildcard for the project will infer the project from 226the account. The `account` value can be the `email` address or the 227`unique_id` of the service account. (required) 228 x__xgafv: string, V1 error format. 229 Allowed values 230 1 - v1 error format 231 2 - v2 error format 232 233Returns: 234 An object of the form: 235 236 { # A generic empty message that you can re-use to avoid defining duplicated 237 # empty messages in your APIs. A typical example is to use it as the request 238 # or the response type of an API method. For instance: 239 # 240 # service Foo { 241 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 242 # } 243 # 244 # The JSON representation for `Empty` is empty JSON object `{}`. 245 }</pre> 246</div> 247 248<div class="method"> 249 <code class="details" id="get">get(name, x__xgafv=None)</code> 250 <pre>Gets a ServiceAccount. 251 252Args: 253 name: string, The resource name of the service account in the following format: 254`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 255Using `-` as a wildcard for the project will infer the project from 256the account. The `account` value can be the `email` address or the 257`unique_id` of the service account. (required) 258 x__xgafv: string, V1 error format. 259 Allowed values 260 1 - v1 error format 261 2 - v2 error format 262 263Returns: 264 An object of the form: 265 266 { # A service account in the Identity and Access Management API. 267 # 268 # To create a service account, specify the `project_id` and the `account_id` 269 # for the account. The `account_id` is unique within the project, and is used 270 # to generate the service account email address and a stable 271 # `unique_id`. 272 # 273 # If the account already exists, the account's resource name is returned 274 # in util::Status's ResourceInfo.resource_name in the format of 275 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can 276 # use the name in other methods to access the account. 277 # 278 # All other methods can identify the service account using the format 279 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 280 # Using `-` as a wildcard for the project will infer the project from 281 # the account. The `account` value can be the `email` address or the 282 # `unique_id` of the service account. 283 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account. 284 # This is used in conjunction with the OAuth2 clientconfig API to make 285 # three legged OAuth2 (3LO) flows to access the data of Google users. 286 "displayName": "A String", # Optional. A user-specified description of the service account. Must be 287 # fewer than 100 UTF-8 bytes. 288 "name": "A String", # The resource name of the service account in the following format: 289 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 290 # 291 # Requests using `-` as a wildcard for the project will infer the project 292 # from the `account` and the `account` value can be the `email` address or 293 # the `unique_id` of the service account. 294 # 295 # In responses the resource name will always be in the format 296 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 297 "projectId": "A String", # @OutputOnly The id of the project that owns the service account. 298 "etag": "A String", # Used to perform a consistent read-modify-write. 299 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account. 300 "email": "A String", # @OutputOnly The email address of the service account. 301 }</pre> 302</div> 303 304<div class="method"> 305 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 306 <pre>Returns the IAM access control policy for a 307ServiceAccount. 308 309Args: 310 resource: string, REQUIRED: The resource for which the policy is being requested. 311See the operation documentation for the appropriate value for this field. (required) 312 x__xgafv: string, V1 error format. 313 Allowed values 314 1 - v1 error format 315 2 - v2 error format 316 317Returns: 318 An object of the form: 319 320 { # Defines an Identity and Access Management (IAM) policy. It is used to 321 # specify access control policies for Cloud Platform resources. 322 # 323 # 324 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 325 # `members` to a `role`, where the members can be user accounts, Google groups, 326 # Google domains, and service accounts. A `role` is a named list of permissions 327 # defined by IAM. 328 # 329 # **Example** 330 # 331 # { 332 # "bindings": [ 333 # { 334 # "role": "roles/owner", 335 # "members": [ 336 # "user:mike@example.com", 337 # "group:admins@example.com", 338 # "domain:google.com", 339 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 340 # ] 341 # }, 342 # { 343 # "role": "roles/viewer", 344 # "members": ["user:sean@example.com"] 345 # } 346 # ] 347 # } 348 # 349 # For a description of IAM and its features, see the 350 # [IAM developer's guide](https://cloud.google.com/iam). 351 "bindings": [ # Associates a list of `members` to a `role`. 352 # Multiple `bindings` must not be specified for the same `role`. 353 # `bindings` with no members will result in an error. 354 { # Associates `members` with a `role`. 355 "role": "A String", # Role that is assigned to `members`. 356 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 357 # Required 358 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 359 # `members` can have the following values: 360 # 361 # * `allUsers`: A special identifier that represents anyone who is 362 # on the internet; with or without a Google account. 363 # 364 # * `allAuthenticatedUsers`: A special identifier that represents anyone 365 # who is authenticated with a Google account or a service account. 366 # 367 # * `user:{emailid}`: An email address that represents a specific Google 368 # account. For example, `alice@gmail.com` or `joe@example.com`. 369 # 370 # 371 # * `serviceAccount:{emailid}`: An email address that represents a service 372 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 373 # 374 # * `group:{emailid}`: An email address that represents a Google group. 375 # For example, `admins@example.com`. 376 # 377 # 378 # * `domain:{domain}`: A Google Apps domain name that represents all the 379 # users of that domain. For example, `google.com` or `example.com`. 380 # 381 "A String", 382 ], 383 }, 384 ], 385 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 386 # prevent simultaneous updates of a policy from overwriting each other. 387 # It is strongly suggested that systems make use of the `etag` in the 388 # read-modify-write cycle to perform policy updates in order to avoid race 389 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 390 # systems are expected to put that etag in the request to `setIamPolicy` to 391 # ensure that their change will be applied to the same version of the policy. 392 # 393 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 394 # policy is overwritten blindly. 395 "version": 42, # Version of the `Policy`. The default version is 0. 396 }</pre> 397</div> 398 399<div class="method"> 400 <code class="details" id="list">list(name, pageToken=None, x__xgafv=None, pageSize=None)</code> 401 <pre>Lists ServiceAccounts for a project. 402 403Args: 404 name: string, Required. The resource name of the project associated with the service 405accounts, such as `projects/my-project-123`. (required) 406 pageToken: string, Optional pagination token returned in an earlier 407ListServiceAccountsResponse.next_page_token. 408 x__xgafv: string, V1 error format. 409 Allowed values 410 1 - v1 error format 411 2 - v2 error format 412 pageSize: integer, Optional limit on the number of service accounts to include in the 413response. Further accounts can subsequently be obtained by including the 414ListServiceAccountsResponse.next_page_token 415in a subsequent request. 416 417Returns: 418 An object of the form: 419 420 { # The service account list response. 421 "nextPageToken": "A String", # To retrieve the next page of results, set 422 # ListServiceAccountsRequest.page_token 423 # to this value. 424 "accounts": [ # The list of matching service accounts. 425 { # A service account in the Identity and Access Management API. 426 # 427 # To create a service account, specify the `project_id` and the `account_id` 428 # for the account. The `account_id` is unique within the project, and is used 429 # to generate the service account email address and a stable 430 # `unique_id`. 431 # 432 # If the account already exists, the account's resource name is returned 433 # in util::Status's ResourceInfo.resource_name in the format of 434 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can 435 # use the name in other methods to access the account. 436 # 437 # All other methods can identify the service account using the format 438 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 439 # Using `-` as a wildcard for the project will infer the project from 440 # the account. The `account` value can be the `email` address or the 441 # `unique_id` of the service account. 442 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account. 443 # This is used in conjunction with the OAuth2 clientconfig API to make 444 # three legged OAuth2 (3LO) flows to access the data of Google users. 445 "displayName": "A String", # Optional. A user-specified description of the service account. Must be 446 # fewer than 100 UTF-8 bytes. 447 "name": "A String", # The resource name of the service account in the following format: 448 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 449 # 450 # Requests using `-` as a wildcard for the project will infer the project 451 # from the `account` and the `account` value can be the `email` address or 452 # the `unique_id` of the service account. 453 # 454 # In responses the resource name will always be in the format 455 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 456 "projectId": "A String", # @OutputOnly The id of the project that owns the service account. 457 "etag": "A String", # Used to perform a consistent read-modify-write. 458 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account. 459 "email": "A String", # @OutputOnly The email address of the service account. 460 }, 461 ], 462 }</pre> 463</div> 464 465<div class="method"> 466 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 467 <pre>Retrieves the next page of results. 468 469Args: 470 previous_request: The request for the previous page. (required) 471 previous_response: The response from the request for the previous page. (required) 472 473Returns: 474 A request object that you can call 'execute()' on to request the next 475 page. Returns None if there are no more items in the collection. 476 </pre> 477</div> 478 479<div class="method"> 480 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 481 <pre>Sets the IAM access control policy for a 482ServiceAccount. 483 484Args: 485 resource: string, REQUIRED: The resource for which the policy is being specified. 486See the operation documentation for the appropriate value for this field. (required) 487 body: object, The request body. (required) 488 The object takes the form of: 489 490{ # Request message for `SetIamPolicy` method. 491 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 492 # the policy is limited to a few 10s of KB. An empty policy is a 493 # valid policy but certain Cloud Platform services (such as Projects) 494 # might reject them. 495 # specify access control policies for Cloud Platform resources. 496 # 497 # 498 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 499 # `members` to a `role`, where the members can be user accounts, Google groups, 500 # Google domains, and service accounts. A `role` is a named list of permissions 501 # defined by IAM. 502 # 503 # **Example** 504 # 505 # { 506 # "bindings": [ 507 # { 508 # "role": "roles/owner", 509 # "members": [ 510 # "user:mike@example.com", 511 # "group:admins@example.com", 512 # "domain:google.com", 513 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 514 # ] 515 # }, 516 # { 517 # "role": "roles/viewer", 518 # "members": ["user:sean@example.com"] 519 # } 520 # ] 521 # } 522 # 523 # For a description of IAM and its features, see the 524 # [IAM developer's guide](https://cloud.google.com/iam). 525 "bindings": [ # Associates a list of `members` to a `role`. 526 # Multiple `bindings` must not be specified for the same `role`. 527 # `bindings` with no members will result in an error. 528 { # Associates `members` with a `role`. 529 "role": "A String", # Role that is assigned to `members`. 530 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 531 # Required 532 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 533 # `members` can have the following values: 534 # 535 # * `allUsers`: A special identifier that represents anyone who is 536 # on the internet; with or without a Google account. 537 # 538 # * `allAuthenticatedUsers`: A special identifier that represents anyone 539 # who is authenticated with a Google account or a service account. 540 # 541 # * `user:{emailid}`: An email address that represents a specific Google 542 # account. For example, `alice@gmail.com` or `joe@example.com`. 543 # 544 # 545 # * `serviceAccount:{emailid}`: An email address that represents a service 546 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 547 # 548 # * `group:{emailid}`: An email address that represents a Google group. 549 # For example, `admins@example.com`. 550 # 551 # 552 # * `domain:{domain}`: A Google Apps domain name that represents all the 553 # users of that domain. For example, `google.com` or `example.com`. 554 # 555 "A String", 556 ], 557 }, 558 ], 559 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 560 # prevent simultaneous updates of a policy from overwriting each other. 561 # It is strongly suggested that systems make use of the `etag` in the 562 # read-modify-write cycle to perform policy updates in order to avoid race 563 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 564 # systems are expected to put that etag in the request to `setIamPolicy` to 565 # ensure that their change will be applied to the same version of the policy. 566 # 567 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 568 # policy is overwritten blindly. 569 "version": 42, # Version of the `Policy`. The default version is 0. 570 }, 571 } 572 573 x__xgafv: string, V1 error format. 574 Allowed values 575 1 - v1 error format 576 2 - v2 error format 577 578Returns: 579 An object of the form: 580 581 { # Defines an Identity and Access Management (IAM) policy. It is used to 582 # specify access control policies for Cloud Platform resources. 583 # 584 # 585 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 586 # `members` to a `role`, where the members can be user accounts, Google groups, 587 # Google domains, and service accounts. A `role` is a named list of permissions 588 # defined by IAM. 589 # 590 # **Example** 591 # 592 # { 593 # "bindings": [ 594 # { 595 # "role": "roles/owner", 596 # "members": [ 597 # "user:mike@example.com", 598 # "group:admins@example.com", 599 # "domain:google.com", 600 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 601 # ] 602 # }, 603 # { 604 # "role": "roles/viewer", 605 # "members": ["user:sean@example.com"] 606 # } 607 # ] 608 # } 609 # 610 # For a description of IAM and its features, see the 611 # [IAM developer's guide](https://cloud.google.com/iam). 612 "bindings": [ # Associates a list of `members` to a `role`. 613 # Multiple `bindings` must not be specified for the same `role`. 614 # `bindings` with no members will result in an error. 615 { # Associates `members` with a `role`. 616 "role": "A String", # Role that is assigned to `members`. 617 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 618 # Required 619 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 620 # `members` can have the following values: 621 # 622 # * `allUsers`: A special identifier that represents anyone who is 623 # on the internet; with or without a Google account. 624 # 625 # * `allAuthenticatedUsers`: A special identifier that represents anyone 626 # who is authenticated with a Google account or a service account. 627 # 628 # * `user:{emailid}`: An email address that represents a specific Google 629 # account. For example, `alice@gmail.com` or `joe@example.com`. 630 # 631 # 632 # * `serviceAccount:{emailid}`: An email address that represents a service 633 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 634 # 635 # * `group:{emailid}`: An email address that represents a Google group. 636 # For example, `admins@example.com`. 637 # 638 # 639 # * `domain:{domain}`: A Google Apps domain name that represents all the 640 # users of that domain. For example, `google.com` or `example.com`. 641 # 642 "A String", 643 ], 644 }, 645 ], 646 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 647 # prevent simultaneous updates of a policy from overwriting each other. 648 # It is strongly suggested that systems make use of the `etag` in the 649 # read-modify-write cycle to perform policy updates in order to avoid race 650 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 651 # systems are expected to put that etag in the request to `setIamPolicy` to 652 # ensure that their change will be applied to the same version of the policy. 653 # 654 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 655 # policy is overwritten blindly. 656 "version": 42, # Version of the `Policy`. The default version is 0. 657 }</pre> 658</div> 659 660<div class="method"> 661 <code class="details" id="signBlob">signBlob(name, body, x__xgafv=None)</code> 662 <pre>Signs a blob using a service account's system-managed private key. 663 664Args: 665 name: string, The resource name of the service account in the following format: 666`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 667Using `-` as a wildcard for the project will infer the project from 668the account. The `account` value can be the `email` address or the 669`unique_id` of the service account. (required) 670 body: object, The request body. (required) 671 The object takes the form of: 672 673{ # The service account sign blob request. 674 "bytesToSign": "A String", # The bytes to sign. 675 } 676 677 x__xgafv: string, V1 error format. 678 Allowed values 679 1 - v1 error format 680 2 - v2 error format 681 682Returns: 683 An object of the form: 684 685 { # The service account sign blob response. 686 "keyId": "A String", # The id of the key used to sign the blob. 687 "signature": "A String", # The signed blob. 688 }</pre> 689</div> 690 691<div class="method"> 692 <code class="details" id="signJwt">signJwt(name, body, x__xgafv=None)</code> 693 <pre>Signs a JWT using a service account's system-managed private key. 694 695If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an 696an expiry time of one hour by default. If you request an expiry time of 697more than one hour, the request will fail. 698 699Args: 700 name: string, The resource name of the service account in the following format: 701`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 702Using `-` as a wildcard for the project will infer the project from 703the account. The `account` value can be the `email` address or the 704`unique_id` of the service account. (required) 705 body: object, The request body. (required) 706 The object takes the form of: 707 708{ # The service account sign JWT request. 709 "payload": "A String", # The JWT payload to sign, a JSON JWT Claim set. 710 } 711 712 x__xgafv: string, V1 error format. 713 Allowed values 714 1 - v1 error format 715 2 - v2 error format 716 717Returns: 718 An object of the form: 719 720 { # The service account sign JWT response. 721 "keyId": "A String", # The id of the key used to sign the JWT. 722 "signedJwt": "A String", # The signed JWT. 723 }</pre> 724</div> 725 726<div class="method"> 727 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 728 <pre>Tests the specified permissions against the IAM access control policy 729for a ServiceAccount. 730 731Args: 732 resource: string, REQUIRED: The resource for which the policy detail is being requested. 733See the operation documentation for the appropriate value for this field. (required) 734 body: object, The request body. (required) 735 The object takes the form of: 736 737{ # Request message for `TestIamPermissions` method. 738 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 739 # wildcards (such as '*' or 'storage.*') are not allowed. For more 740 # information see 741 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 742 "A String", 743 ], 744 } 745 746 x__xgafv: string, V1 error format. 747 Allowed values 748 1 - v1 error format 749 2 - v2 error format 750 751Returns: 752 An object of the form: 753 754 { # Response message for `TestIamPermissions` method. 755 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 756 # allowed. 757 "A String", 758 ], 759 }</pre> 760</div> 761 762<div class="method"> 763 <code class="details" id="update">update(name, body, x__xgafv=None)</code> 764 <pre>Updates a ServiceAccount. 765 766Currently, only the following fields are updatable: 767`display_name` . 768The `etag` is mandatory. 769 770Args: 771 name: string, The resource name of the service account in the following format: 772`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 773 774Requests using `-` as a wildcard for the project will infer the project 775from the `account` and the `account` value can be the `email` address or 776the `unique_id` of the service account. 777 778In responses the resource name will always be in the format 779`projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. (required) 780 body: object, The request body. (required) 781 The object takes the form of: 782 783{ # A service account in the Identity and Access Management API. 784 # 785 # To create a service account, specify the `project_id` and the `account_id` 786 # for the account. The `account_id` is unique within the project, and is used 787 # to generate the service account email address and a stable 788 # `unique_id`. 789 # 790 # If the account already exists, the account's resource name is returned 791 # in util::Status's ResourceInfo.resource_name in the format of 792 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can 793 # use the name in other methods to access the account. 794 # 795 # All other methods can identify the service account using the format 796 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 797 # Using `-` as a wildcard for the project will infer the project from 798 # the account. The `account` value can be the `email` address or the 799 # `unique_id` of the service account. 800 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account. 801 # This is used in conjunction with the OAuth2 clientconfig API to make 802 # three legged OAuth2 (3LO) flows to access the data of Google users. 803 "displayName": "A String", # Optional. A user-specified description of the service account. Must be 804 # fewer than 100 UTF-8 bytes. 805 "name": "A String", # The resource name of the service account in the following format: 806 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 807 # 808 # Requests using `-` as a wildcard for the project will infer the project 809 # from the `account` and the `account` value can be the `email` address or 810 # the `unique_id` of the service account. 811 # 812 # In responses the resource name will always be in the format 813 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 814 "projectId": "A String", # @OutputOnly The id of the project that owns the service account. 815 "etag": "A String", # Used to perform a consistent read-modify-write. 816 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account. 817 "email": "A String", # @OutputOnly The email address of the service account. 818} 819 820 x__xgafv: string, V1 error format. 821 Allowed values 822 1 - v1 error format 823 2 - v2 error format 824 825Returns: 826 An object of the form: 827 828 { # A service account in the Identity and Access Management API. 829 # 830 # To create a service account, specify the `project_id` and the `account_id` 831 # for the account. The `account_id` is unique within the project, and is used 832 # to generate the service account email address and a stable 833 # `unique_id`. 834 # 835 # If the account already exists, the account's resource name is returned 836 # in util::Status's ResourceInfo.resource_name in the format of 837 # projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. The caller can 838 # use the name in other methods to access the account. 839 # 840 # All other methods can identify the service account using the format 841 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 842 # Using `-` as a wildcard for the project will infer the project from 843 # the account. The `account` value can be the `email` address or the 844 # `unique_id` of the service account. 845 "oauth2ClientId": "A String", # @OutputOnly. The OAuth2 client id for the service account. 846 # This is used in conjunction with the OAuth2 clientconfig API to make 847 # three legged OAuth2 (3LO) flows to access the data of Google users. 848 "displayName": "A String", # Optional. A user-specified description of the service account. Must be 849 # fewer than 100 UTF-8 bytes. 850 "name": "A String", # The resource name of the service account in the following format: 851 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 852 # 853 # Requests using `-` as a wildcard for the project will infer the project 854 # from the `account` and the `account` value can be the `email` address or 855 # the `unique_id` of the service account. 856 # 857 # In responses the resource name will always be in the format 858 # `projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}`. 859 "projectId": "A String", # @OutputOnly The id of the project that owns the service account. 860 "etag": "A String", # Used to perform a consistent read-modify-write. 861 "uniqueId": "A String", # @OutputOnly The unique and stable id of the service account. 862 "email": "A String", # @OutputOnly The email address of the service account. 863 }</pre> 864</div> 865 866</body></html>