Identity and Access Management (IAM) API . roles

Instance Methods

close()

Close httplib2 connections.

get(name, x__xgafv=None)

Gets the definition of a Role.

list(pageSize=None, pageToken=None, parent=None, showDeleted=None, view=None, x__xgafv=None)

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

list_next()

Retrieves the next page of results.

queryGrantableRoles(body=None, x__xgafv=None)

Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.

queryGrantableRoles_next()

Retrieves the next page of results.

Method Details

close()
Close httplib2 connections.
get(name, x__xgafv=None)
Gets the definition of a Role.

Args:
  name: string, The `name` parameter's value depends on the target resource for the request, namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles) in IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [projects.roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [organizations.roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
  "deleted": True or False, # The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
  "description": "A String", # Optional. A human-readable description for the role.
  "etag": "A String", # Used to perform a consistent read-modify-write.
  "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
    "A String",
  ],
  "name": "A String", # The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/myRole` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/myRole` for project-level custom roles.
  "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
  "title": "A String", # Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
}
list(pageSize=None, pageToken=None, parent=None, showDeleted=None, view=None, x__xgafv=None)
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

Args:
  pageSize: integer, Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
  pageToken: string, Optional pagination token returned in an earlier ListRolesResponse.
  parent: string, The `parent` parameter's value depends on the target resource for the request, namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [roles.list](https://cloud.google.com/iam/docs/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles) in IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [projects.roles.list](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](https://cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [organizations.roles.list](https://cloud.google.com/iam/docs/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](https://cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.
  showDeleted: boolean, Include Roles that have been deleted.
  view: string, Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.
    Allowed values
      BASIC - Omits the `included_permissions` field. This is the default value.
      FULL - Returns all fields.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # The response containing the roles defined under a resource.
  "nextPageToken": "A String", # To retrieve the next page of results, set `ListRolesRequest.page_token` to this value.
  "roles": [ # The Roles defined on this resource.
    { # A role in the Identity and Access Management API.
      "deleted": True or False, # The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
      "description": "A String", # Optional. A human-readable description for the role.
      "etag": "A String", # Used to perform a consistent read-modify-write.
      "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
        "A String",
      ],
      "name": "A String", # The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/myRole` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/myRole` for project-level custom roles.
      "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
      "title": "A String", # Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
    },
  ],
}
list_next()
Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call 'execute()' on to request the next
          page. Returns None if there are no more items in the collection.
        
queryGrantableRoles(body=None, x__xgafv=None)
Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.

Args:
  body: object, The request body.
    The object takes the form of:

{ # The grantable role query request.
  "fullResourceName": "A String", # Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
  "pageSize": 42, # Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 2,000.
  "pageToken": "A String", # Optional pagination token returned in an earlier QueryGrantableRolesResponse.
  "view": "A String",
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # The grantable role query response.
  "nextPageToken": "A String", # To retrieve the next page of results, set `QueryGrantableRolesRequest.page_token` to this value.
  "roles": [ # The list of matching roles.
    { # A role in the Identity and Access Management API.
      "deleted": True or False, # The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
      "description": "A String", # Optional. A human-readable description for the role.
      "etag": "A String", # Used to perform a consistent read-modify-write.
      "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
        "A String",
      ],
      "name": "A String", # The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/myRole` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/myRole` for project-level custom roles.
      "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
      "title": "A String", # Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
    },
  ],
}
queryGrantableRoles_next()
Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call 'execute()' on to request the next
          page. Returns None if there are no more items in the collection.