Package admin is an auto-generated package for the Google Identity and Access Management (IAM) API.

    NOTE: This package is in alpha. It is not stable, and is likely to change.

    Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.




    This section is empty.


    This section is empty.


    func DefaultAuthScopes

    func DefaultAuthScopes() []string

      DefaultAuthScopes reports the default set of authentication scopes to use with this package.

      func IamKeyPath

      func IamKeyPath(project, serviceAccount, key string) string

        IamKeyPath returns the path for the key resource.

        func IamProjectPath

        func IamProjectPath(project string) string

          IamProjectPath returns the path for the project resource.

          func IamServiceAccountPath

          func IamServiceAccountPath(project, serviceAccount string) string

            IamServiceAccountPath returns the path for the service account resource.


            type IamCallOptions

            type IamCallOptions struct {
            	ListServiceAccounts     []gax.CallOption
            	GetServiceAccount       []gax.CallOption
            	CreateServiceAccount    []gax.CallOption
            	UpdateServiceAccount    []gax.CallOption
            	DeleteServiceAccount    []gax.CallOption
            	ListServiceAccountKeys  []gax.CallOption
            	GetServiceAccountKey    []gax.CallOption
            	CreateServiceAccountKey []gax.CallOption
            	DeleteServiceAccountKey []gax.CallOption
            	SignBlob                []gax.CallOption
            	GetIamPolicy            []gax.CallOption
            	SetIamPolicy            []gax.CallOption
            	TestIamPermissions      []gax.CallOption
            	QueryGrantableRoles     []gax.CallOption
            	SignJwt                 []gax.CallOption

              IamCallOptions contains the retry settings for each method of IamClient.

              type IamClient

              type IamClient struct {
              	// The call options for this service.
              	CallOptions *IamCallOptions
              	// contains filtered or unexported fields

                IamClient is a client for interacting with Google Identity and Access Management (IAM) API.

                Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

                func NewIamClient

                func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error)

                  NewIamClient creates a new iam client.

                  Creates and manages service account objects.

                  Service account is an account that belongs to your project instead of to an individual end user. It is used to authenticate calls to a Google API.

                  To create a service account, specify the project_id and account_id for the account. The account_id is unique within the project, and used to generate the service account email address and a stable unique_id.

                  All other methods can identify accounts using the format projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. Using - as a wildcard for the project will infer the project from the account. The account value can be the email address or the unique_id of the service account.


                  func (*IamClient) Close

                  func (c *IamClient) Close() error

                    Close closes the connection to the API service. The user should invoke this when the client is no longer required.

                    func (*IamClient) Connection

                    func (c *IamClient) Connection() *grpc.ClientConn

                      Connection returns the client's connection to the API service.

                      func (*IamClient) CreateServiceAccount

                      func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)

                        CreateServiceAccount creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount] and returns it.


                        func (*IamClient) CreateServiceAccountKey

                        func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)

                          CreateServiceAccountKey creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] and returns it.


                          func (*IamClient) DeleteServiceAccount

                          func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error

                            DeleteServiceAccount deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].


                            func (*IamClient) DeleteServiceAccountKey

                            func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error

                              DeleteServiceAccountKey deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].


                              func (*IamClient) GetIamPolicy

                              func (c *IamClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest) (*iam.Policy, error)

                                GetIamPolicy returns the IAM access control policy for a ServiceAccount.

                                func (*IamClient) GetServiceAccount

                                func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)

                                  GetServiceAccount gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].


                                  func (*IamClient) GetServiceAccountKey

                                  func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error)

                                    GetServiceAccountKey gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] by key id.


                                    func (*IamClient) ListServiceAccountKeys

                                      ListServiceAccountKeys lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey].


                                      func (*IamClient) ListServiceAccounts

                                        ListServiceAccounts lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project.


                                        func (*IamClient) QueryGrantableRoles

                                          QueryGrantableRoles queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.


                                          func (*IamClient) SetIamPolicy

                                          func (c *IamClient) SetIamPolicy(ctx context.Context, req *SetIamPolicyRequest) (*iam.Policy, error)

                                            SetIamPolicy sets the IAM access control policy for a ServiceAccount.

                                            func (*IamClient) SignBlob

                                              SignBlob signs a blob using a service account's system-managed private key.


                                              func (*IamClient) SignJwt

                                                SignJwt signs a JWT using a service account's system-managed private key.

                                                If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an an expiry time of one hour by default. If you request an expiry time of more than one hour, the request will fail.


                                                func (*IamClient) TestIamPermissions

                                                  TestIamPermissions tests the specified permissions against the IAM access control policy for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].


                                                  func (*IamClient) UpdateServiceAccount

                                                  func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error)

                                                    UpdateServiceAccount updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].

                                                    Currently, only the following fields are updatable: display_name . The etag is mandatory.


                                                    type ServiceAccountIterator

                                                    type ServiceAccountIterator struct {
                                                    	// InternalFetch is for use by the Google Cloud Libraries only.
                                                    	// It is not part of the stable interface of this package.
                                                    	// InternalFetch returns results from a single call to the underlying RPC.
                                                    	// The number of results is no greater than pageSize.
                                                    	// If there are no more results, nextPageToken is empty and err is nil.
                                                    	InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error)
                                                    	// contains filtered or unexported fields

                                                      ServiceAccountIterator manages a stream of *adminpb.ServiceAccount.

                                                      func (*ServiceAccountIterator) Next

                                                        Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

                                                        func (*ServiceAccountIterator) PageInfo

                                                        func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo

                                                          PageInfo supports pagination. See the package for details.

                                                          type SetIamPolicyRequest

                                                          type SetIamPolicyRequest struct {
                                                          	Resource string
                                                          	Policy   *iam.Policy

                                                            SetIamPolicyRequest is the request type for the SetIamPolicy method.