create(parent, body, x__xgafv=None)
Creates a new Role.
delete(name, etag=None, x__xgafv=None)
Soft deletes a role. The role is suspended and cannot be used to create new
Gets a Role definition.
list(parent, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.
list_next(previous_request, previous_response)
Retrieves the next page of results.
patch(name, body, updateMask=None, x__xgafv=None)
Updates a Role definition.
undelete(name, body, x__xgafv=None)
Undelete a Role, bringing it back in its previous state.
create(parent, body, x__xgafv=None)
Creates a new Role.
Args:
parent: string, The resource name of the parent resource in one of the following formats:
`organizations/{ORGANIZATION_ID}`
`projects/{PROJECT_ID}` (required)
body: object, The request body. (required)
The object takes the form of:
{ # The request to create a new role.
"roleId": "A String", # The role id to use for this role.
"role": { # A role in the Identity and Access Management API. # The Role resource to create.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
}
delete(name, etag=None, x__xgafv=None)
Soft deletes a role. The role is suspended and cannot be used to create new
IAM Policy Bindings.
The Role will not be included in `ListRoles()` unless `show_deleted` is set
in the `ListRolesRequest`. The Role contains the deleted boolean set.
Existing Bindings remains, but are inactive. The Role can be undeleted
within 7 days. After 7 days the Role is deleted and all Bindings associated
with the role are removed.
Args:
name: string, The resource name of the role in one of the following formats:
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
etag: string, Used to perform a consistent read-modify-write.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
}
get(name, x__xgafv=None)
Gets a Role definition.
Args:
name: string, The resource name of the role in one of the following formats:
`roles/{ROLE_NAME}`
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
}
list(parent, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.
Args:
parent: string, The resource name of the parent resource in one of the following formats:
`` (empty string) -- this refers to curated roles.
`organizations/{ORGANIZATION_ID}`
`projects/{PROJECT_ID}` (required)
pageSize: integer, Optional limit on the number of roles to include in the response.
showDeleted: boolean, Include Roles that have been deleted.
pageToken: string, Optional pagination token returned in an earlier ListRolesResponse.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
view: string, Optional view for the returned Role objects. When `FULL` is specified,
the `includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not
return the `includedPermissions` field.
Returns:
An object of the form:
{ # The response containing the roles defined under a resource.
"nextPageToken": "A String", # To retrieve the next page of results, set
# `ListRolesRequest.page_token` to this value.
"roles": [ # The Roles defined on this resource.
{ # A role in the Identity and Access Management API.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
},
],
}
list_next(previous_request, previous_response)
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
patch(name, body, updateMask=None, x__xgafv=None)
Updates a Role definition.
Args:
name: string, The resource name of the role in one of the following formats:
`roles/{ROLE_NAME}`
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
body: object, The request body. (required)
The object takes the form of:
{ # A role in the Identity and Access Management API.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
}
updateMask: string, A mask describing which fields in the Role have changed.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
}
undelete(name, body, x__xgafv=None)
Undelete a Role, bringing it back in its previous state.
Args:
name: string, The resource name of the role in one of the following formats:
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
body: object, The request body. (required)
The object takes the form of:
{ # The request to undelete an existing role.
"etag": "A String", # Used to perform a consistent read-modify-write.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"description": "A String", # Optional. A human-readable description for the role.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for curated roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
}