Identity and Access Management (IAM) API . projects . roles

Instance Methods

create(parent, body, x__xgafv=None)

Creates a new Role.

delete(name, etag=None, x__xgafv=None)

Soft deletes a role. The role is suspended and cannot be used to create new

get(name, x__xgafv=None)

Gets a Role definition.

list(parent, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)

Lists the Roles defined on a resource.

list_next(previous_request, previous_response)

Retrieves the next page of results.

patch(name, body, updateMask=None, x__xgafv=None)

Updates a Role definition.

undelete(name, body, x__xgafv=None)

Undelete a Role, bringing it back in its previous state.

Method Details

create(parent, body, x__xgafv=None)
Creates a new Role.

Args:
  parent: string, The resource name of the parent resource in one of the following formats:
`organizations/{ORGANIZATION_ID}`
`projects/{PROJECT_ID}` (required)
  body: object, The request body. (required)
    The object takes the form of:

{ # The request to create a new role.
    "roleId": "A String", # The role id to use for this role.
    "role": { # A role in the Identity and Access Management API. # The Role resource to create.
      "description": "A String", # Optional.  A human-readable description for the role.
      "title": "A String", # Optional.  A human-readable title for the role.  Typically this
          # is limited to 100 UTF-8 bytes.
      "deleted": True or False, # The current deleted state of the role. This field is read only.
          # It will be ignored in calls to CreateRole and UpdateRole.
      "etag": "A String", # Used to perform a consistent read-modify-write.
      "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
        "A String",
      ],
      "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
          # selected for a role, the `stage` field will not be included in the
          # returned definition for the role.
      "name": "A String", # The name of the role.
          #
          # When Role is used in CreateRole, the role name must not be set.
          #
          # When Role is used in output and other input such as UpdateRole, the role
          # name is the complete path, e.g., roles/logging.viewer for curated roles
          # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
    },
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
    "description": "A String", # Optional.  A human-readable description for the role.
    "title": "A String", # Optional.  A human-readable title for the role.  Typically this
        # is limited to 100 UTF-8 bytes.
    "deleted": True or False, # The current deleted state of the role. This field is read only.
        # It will be ignored in calls to CreateRole and UpdateRole.
    "etag": "A String", # Used to perform a consistent read-modify-write.
    "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
      "A String",
    ],
    "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
        # selected for a role, the `stage` field will not be included in the
        # returned definition for the role.
    "name": "A String", # The name of the role.
        #
        # When Role is used in CreateRole, the role name must not be set.
        #
        # When Role is used in output and other input such as UpdateRole, the role
        # name is the complete path, e.g., roles/logging.viewer for curated roles
        # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
  }
delete(name, etag=None, x__xgafv=None)
Soft deletes a role. The role is suspended and cannot be used to create new
IAM Policy Bindings.
The Role will not be included in `ListRoles()` unless `show_deleted` is set
in the `ListRolesRequest`. The Role contains the deleted boolean set.
Existing Bindings remains, but are inactive. The Role can be undeleted
within 7 days. After 7 days the Role is deleted and all Bindings associated
with the role are removed.

Args:
  name: string, The resource name of the role in one of the following formats:
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
  etag: string, Used to perform a consistent read-modify-write.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
    "description": "A String", # Optional.  A human-readable description for the role.
    "title": "A String", # Optional.  A human-readable title for the role.  Typically this
        # is limited to 100 UTF-8 bytes.
    "deleted": True or False, # The current deleted state of the role. This field is read only.
        # It will be ignored in calls to CreateRole and UpdateRole.
    "etag": "A String", # Used to perform a consistent read-modify-write.
    "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
      "A String",
    ],
    "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
        # selected for a role, the `stage` field will not be included in the
        # returned definition for the role.
    "name": "A String", # The name of the role.
        #
        # When Role is used in CreateRole, the role name must not be set.
        #
        # When Role is used in output and other input such as UpdateRole, the role
        # name is the complete path, e.g., roles/logging.viewer for curated roles
        # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
  }
get(name, x__xgafv=None)
Gets a Role definition.

Args:
  name: string, The resource name of the role in one of the following formats:
`roles/{ROLE_NAME}`
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
    "description": "A String", # Optional.  A human-readable description for the role.
    "title": "A String", # Optional.  A human-readable title for the role.  Typically this
        # is limited to 100 UTF-8 bytes.
    "deleted": True or False, # The current deleted state of the role. This field is read only.
        # It will be ignored in calls to CreateRole and UpdateRole.
    "etag": "A String", # Used to perform a consistent read-modify-write.
    "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
      "A String",
    ],
    "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
        # selected for a role, the `stage` field will not be included in the
        # returned definition for the role.
    "name": "A String", # The name of the role.
        #
        # When Role is used in CreateRole, the role name must not be set.
        #
        # When Role is used in output and other input such as UpdateRole, the role
        # name is the complete path, e.g., roles/logging.viewer for curated roles
        # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
  }
list(parent, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.

Args:
  parent: string, The resource name of the parent resource in one of the following formats:
`` (empty string) -- this refers to curated roles.
`organizations/{ORGANIZATION_ID}`
`projects/{PROJECT_ID}` (required)
  pageSize: integer, Optional limit on the number of roles to include in the response.
  showDeleted: boolean, Include Roles that have been deleted.
  pageToken: string, Optional pagination token returned in an earlier ListRolesResponse.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format
  view: string, Optional view for the returned Role objects. When `FULL` is specified,
the `includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not
return the `includedPermissions` field.

Returns:
  An object of the form:

    { # The response containing the roles defined under a resource.
    "nextPageToken": "A String", # To retrieve the next page of results, set
        # `ListRolesRequest.page_token` to this value.
    "roles": [ # The Roles defined on this resource.
      { # A role in the Identity and Access Management API.
        "description": "A String", # Optional.  A human-readable description for the role.
        "title": "A String", # Optional.  A human-readable title for the role.  Typically this
            # is limited to 100 UTF-8 bytes.
        "deleted": True or False, # The current deleted state of the role. This field is read only.
            # It will be ignored in calls to CreateRole and UpdateRole.
        "etag": "A String", # Used to perform a consistent read-modify-write.
        "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
          "A String",
        ],
        "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
            # selected for a role, the `stage` field will not be included in the
            # returned definition for the role.
        "name": "A String", # The name of the role.
            #
            # When Role is used in CreateRole, the role name must not be set.
            #
            # When Role is used in output and other input such as UpdateRole, the role
            # name is the complete path, e.g., roles/logging.viewer for curated roles
            # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
      },
    ],
  }
list_next(previous_request, previous_response)
Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call 'execute()' on to request the next
  page. Returns None if there are no more items in the collection.
    
patch(name, body, updateMask=None, x__xgafv=None)
Updates a Role definition.

Args:
  name: string, The resource name of the role in one of the following formats:
`roles/{ROLE_NAME}`
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
  body: object, The request body. (required)
    The object takes the form of:

{ # A role in the Identity and Access Management API.
  "description": "A String", # Optional.  A human-readable description for the role.
  "title": "A String", # Optional.  A human-readable title for the role.  Typically this
      # is limited to 100 UTF-8 bytes.
  "deleted": True or False, # The current deleted state of the role. This field is read only.
      # It will be ignored in calls to CreateRole and UpdateRole.
  "etag": "A String", # Used to perform a consistent read-modify-write.
  "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
    "A String",
  ],
  "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
      # selected for a role, the `stage` field will not be included in the
      # returned definition for the role.
  "name": "A String", # The name of the role.
      # 
      # When Role is used in CreateRole, the role name must not be set.
      # 
      # When Role is used in output and other input such as UpdateRole, the role
      # name is the complete path, e.g., roles/logging.viewer for curated roles
      # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
}

  updateMask: string, A mask describing which fields in the Role have changed.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
    "description": "A String", # Optional.  A human-readable description for the role.
    "title": "A String", # Optional.  A human-readable title for the role.  Typically this
        # is limited to 100 UTF-8 bytes.
    "deleted": True or False, # The current deleted state of the role. This field is read only.
        # It will be ignored in calls to CreateRole and UpdateRole.
    "etag": "A String", # Used to perform a consistent read-modify-write.
    "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
      "A String",
    ],
    "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
        # selected for a role, the `stage` field will not be included in the
        # returned definition for the role.
    "name": "A String", # The name of the role.
        #
        # When Role is used in CreateRole, the role name must not be set.
        #
        # When Role is used in output and other input such as UpdateRole, the role
        # name is the complete path, e.g., roles/logging.viewer for curated roles
        # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
  }
undelete(name, body, x__xgafv=None)
Undelete a Role, bringing it back in its previous state.

Args:
  name: string, The resource name of the role in one of the following formats:
`organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
`projects/{PROJECT_ID}/roles/{ROLE_NAME}` (required)
  body: object, The request body. (required)
    The object takes the form of:

{ # The request to undelete an existing role.
    "etag": "A String", # Used to perform a consistent read-modify-write.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
    "description": "A String", # Optional.  A human-readable description for the role.
    "title": "A String", # Optional.  A human-readable title for the role.  Typically this
        # is limited to 100 UTF-8 bytes.
    "deleted": True or False, # The current deleted state of the role. This field is read only.
        # It will be ignored in calls to CreateRole and UpdateRole.
    "etag": "A String", # Used to perform a consistent read-modify-write.
    "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
      "A String",
    ],
    "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
        # selected for a role, the `stage` field will not be included in the
        # returned definition for the role.
    "name": "A String", # The name of the role.
        #
        # When Role is used in CreateRole, the role name must not be set.
        #
        # When Role is used in output and other input such as UpdateRole, the role
        # name is the complete path, e.g., roles/logging.viewer for curated roles
        # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
  }